llm-wiki-kit 0.1.0 → 0.1.1

package/README.md

@@ -60,7 +60,7 @@ llm-wiki/
 └── procedures/
 ```
 
-`raw/` is the immutable or redacted evidence layer. `wiki/` is the LLM-maintained knowledge layer. `outputs/` stores live Q&A and requested reports. `.kit-state.json` records which runtime version last applied managed templates to the project.
+`raw/` is the immutable or redacted evidence layer. `wiki/` is the LLM-maintained knowledge layer. `outputs/` stores live Q&A and requested reports. `.kit-state.json` records which runtime version last applied managed templates to the project. Text written by the kit is normalized to NFC so Korean filenames and content stay composed.
 
 ## Normal Use
 
@@ -71,6 +71,7 @@ The installed hooks:
 - inject relevant wiki context at session start and prompt submit time
 - record redacted turn summaries
 - capture decision points, debugging findings, changed files, and verification notes
+- allow tool calls to proceed without secret/PII-based hook blocking
 - update `llm-wiki/outputs/questions/YYYY-MM-DD-live-qa.md`
 - promote useful answers into `llm-wiki/wiki/queries/`
 - promote decision-like turns into `llm-wiki/wiki/decisions/`
@@ -107,9 +108,10 @@ llm-wiki hook claude Stop
 ## Security Defaults
 
 - Full raw transcript capture is disabled by default.
-- `.env`, tokens, private keys, credentials, `raw_private/`, and `secrets/` are blocked or redacted.
+- Tool calls are not blocked only because inputs look sensitive.
+- Authentication values such as tokens, passwords, and private keys are redacted before durable summaries are written.
 - Hook payloads are stored only as redacted event envelopes.
-- Store customer or personal data only after explicit sanitization.
+- Phone numbers, emails, dates, and business identifiers are preserved by default so the wiki remains useful for local work.
 
 ## Development Notes
 

package/docs/integrations/claude-code.md

@@ -38,6 +38,8 @@ Claude Code reads `CLAUDE.md`. For project compatibility, the kit creates a `CLA
 
 when no project `CLAUDE.md` exists. Existing `CLAUDE.md` files are not overwritten.
 
+The hook records redacted turn summaries but does not deny tool calls only because an input looks sensitive.
+
 After installation or update, run:
 
 ```bash

package/docs/integrations/codex.md

@@ -31,7 +31,7 @@ Expected behavior:
 
 - `SessionStart` injects `llm-wiki/wiki/index.md`, recent log context, and operating rules.
 - `UserPromptSubmit` searches project wiki pages and injects the smallest useful context set.
-- `PreToolUse` blocks secret-looking paths or payloads.
+- `PreToolUse` records redacted tool summaries without blocking tool calls.
 - `PostToolUse` records redacted tool summaries in a turn buffer.
 - `Stop` writes live Q&A and durable wiki pages.
 

package/docs/operations.md

@@ -6,14 +6,14 @@
 
 - inject context
 - record redacted summaries
-- block secret-looking tool access
+- allow tool calls while redacting authentication values before storage
 - write live Q&A and wiki pages
 
 `strict` is reserved for future stronger enforcement:
 
 - fail closed when hooks are disabled
 - require successful stop/session-end recording
-- block raw/wiki boundary violations more aggressively
+- enforce project-specific storage policies more aggressively
 
 ## Install
 

package/docs/security.md

@@ -1,27 +1,14 @@
 # Security
 
-The default policy is conservative.
+The default policy favors a useful local work wiki over aggressive blocking.
 
-Do not store:
+The runtime does not deny tool calls only because an input looks sensitive. It preserves operational context by default, including phone numbers, emails, dates, and business identifiers.
 
-- credentials
-- tokens
-- private keys
-- `.env` contents
-- customer identifiers
-- personal data
-- contracts, invoices, or financial details
-- private raw transcripts unless the project explicitly opts in
+Before writing durable summaries, the runtime redacts authentication values such as:
 
-The runtime redacts common secret patterns and blocks secret-looking tool paths such as:
-
-- `.env`
-- `*.pem`
-- `*.key`
-- `id_rsa`
-- `secrets/`
-- `credentials/`
-- `raw_private/`
-
-Full transcript capture is intentionally not implemented as a default. If a project needs it, add a project-local policy and a redaction path first.
+- token-like values
+- password-like assignments
+- private key blocks
+- bearer credentials
 
+Hook payloads are stored as small event envelopes, not full raw transcripts. Full transcript capture is intentionally not implemented as a default. If a project needs it, add a project-local policy and a redaction path first.

package/docs/troubleshooting.md

@@ -39,6 +39,38 @@ llm-wiki install --workspace /path/to/project --profile standard
 
 Real registry-based update checks will work only after `npm view llm-wiki-kit version` succeeds.
 
+## npm install -g Fails With ECONNRESET
+
+`ECONNRESET` means npm reached the network path but the connection was reset while reading from the registry. This is usually a proxy, firewall, TLS inspection, DNS, or WSL/network issue on the installing server. It is different from `E404`, which means the package or registry entry was not found.
+
+First confirm the registry and package from the same shell:
+
+```bash
+npm view llm-wiki-kit version --registry=https://registry.npmjs.org/
+curl -Iv https://registry.npmjs.org/llm-wiki-kit
+```
+
+When installing with `sudo`, check root's npm config too because it may not match the current user's config:
+
+```bash
+npm config get registry
+sudo npm config get registry
+sudo npm config get proxy
+sudo npm config get https-proxy
+sudo npm ping --registry=https://registry.npmjs.org/
+```
+
+If the server is behind an HTTP proxy, configure it for root npm:
+
+```bash
+sudo npm config set proxy http://proxy-host:proxy-port
+sudo npm config set https-proxy http://proxy-host:proxy-port
+sudo npm config set registry https://registry.npmjs.org/
+sudo npm install -g llm-wiki-kit@latest
+```
+
+If the proxy performs TLS inspection, install the organization's CA and set `cafile` instead of disabling TLS verification. As a temporary diagnostic only, `sudo npm config set strict-ssl false` can confirm that the failure is CA-related, but do not keep that setting in production.
+
 ## npm install -g Fails With EACCES
 
 If npm tries to write under `/usr` and fails with `EACCES`, use sudo when the server policy allows system-wide global packages:
@@ -86,9 +118,9 @@ Check:
 - project `CLAUDE.md` exists or imports `@AGENTS.md`
 - the session was restarted after install
 
-## A Secret Was Detected
+## Authentication Values Were Redacted
 
-The hook blocks or redacts secret-like content. Move sensitive material out of the project wiki path and use sanitized source notes.
+The hook does not block tool calls only because inputs look sensitive. Durable summaries redact authentication values before writing, while ordinary work context such as dates, phone numbers, emails, and business identifiers is preserved by default.
 
 ## Duplicate Pages Appear
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "llm-wiki-kit",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Hook-first living LLM Wiki runtime for Codex and Claude Code.",
   "type": "module",
   "files": [

package/src/cli.js

@@ -27,6 +27,8 @@ function parseOptions(args) {
       options.check = true;
     } else if (arg === '--dry-run') {
       options.dryRun = true;
+    } else if (arg === '--replace-hooks') {
+      options.replaceHooks = true;
     } else if (arg === '--json') {
       options.json = true;
     } else {

package/src/fs-utils.js

@@ -14,6 +14,7 @@ import {
 } from 'fs/promises';
 import { dirname, join, parse, resolve } from 'path';
 import { PROJECT_MARKERS } from './constants.js';
+import { normalizeForStorage } from './redaction.js';
 
 export function homeDir() {
   return process.env.HOME || process.env.USERPROFILE || process.cwd();
@@ -63,18 +64,18 @@ export async function readText(path, fallback = '') {
 export async function writeTextIfMissing(path, content) {
   if (await exists(path)) return false;
   await ensureDir(dirname(path));
-  await writeFile(path, content, 'utf8');
+  await writeFile(path, normalizeForStorage(content), 'utf8');
   return true;
 }
 
 export async function writeText(path, content) {
   await ensureDir(dirname(path));
-  await writeFile(path, content, 'utf8');
+  await writeFile(path, normalizeForStorage(content), 'utf8');
 }
 
 export async function appendText(path, content) {
   await ensureDir(dirname(path));
-  await appendFile(path, content, 'utf8');
+  await appendFile(path, normalizeForStorage(content), 'utf8');
 }
 
 export async function readJson(path, fallback = null) {
@@ -87,7 +88,7 @@ export async function readJson(path, fallback = null) {
 
 export async function writeJson(path, value) {
   await ensureDir(dirname(path));
-  await writeFile(path, `${JSON.stringify(value, null, 2)}\n`, 'utf8');
+  await writeFile(path, normalizeForStorage(`${JSON.stringify(value, null, 2)}\n`), 'utf8');
 }
 
 export async function backupFile(path, label) {

package/src/hook.js

@@ -1,6 +1,6 @@
 import { findProjectRoot } from './fs-utils.js';
 import { bootstrapProject, appendContextNote, appendLiveQa, appendSessionEnvelope, appendWikiLog, buildContextBrief, writeDecisionPage, writeQueryPage } from './project.js';
-import { extractPathsFromText, hasSecretLikeText, isSensitivePath, summarizeForStorage } from './redaction.js';
+import { summarizeForStorage } from './redaction.js';
 import { buildEntryFromState, rememberQuestion, rememberTool } from './state.js';
 
 async function readStdinJson() {
@@ -27,11 +27,6 @@ function toolSummary(payload) {
   return `${toolName}: ${summarizeForStorage(input, 1200)}`;
 }
 
-function toolInputText(payload) {
-  const input = payload.tool_input || payload.toolInput || payload.input || payload.arguments || payload.tool?.input || {};
-  return typeof input === 'string' ? input : JSON.stringify(input);
-}
-
 function contextOutput(eventName, context) {
   if (!context) return {};
   return {
@@ -42,37 +37,6 @@ function contextOutput(eventName, context) {
   };
 }
 
-function blockOutput(provider, reason) {
-  if (provider === 'claude') {
-    return {
-      permissionDecision: 'deny',
-      permissionDecisionReason: reason,
-      decision: 'block',
-      reason,
-    };
-  }
-  return {
-    decision: 'block',
-    reason,
-    hookSpecificOutput: {
-      hookEventName: 'PreToolUse',
-      additionalContext: reason,
-    },
-  };
-}
-
-function shouldBlockTool(payload) {
-  const input = toolInputText(payload);
-  const paths = extractPathsFromText(input);
-  if (paths.some(isSensitivePath)) {
-    return 'llm-wiki-kit blocked access to a secret-looking path. Do not read or store .env, keys, token files, credentials, raw_private, or secrets.';
-  }
-  if (hasSecretLikeText(input)) {
-    return 'llm-wiki-kit blocked a tool call containing secret-like text. Redact secrets before continuing.';
-  }
-  return null;
-}
-
 export async function handleHook(provider, explicitEvent) {
   const payload = await readStdinJson();
   payload.__provider = provider;
@@ -91,15 +55,10 @@ export async function handleHook(provider, explicitEvent) {
     const prompt = promptText(payload);
     await rememberQuestion(projectRoot, payload, prompt);
     const context = await buildContextBrief(projectRoot, eventName, prompt);
-    const warning = hasSecretLikeText(prompt)
-      ? '\n\nSecurity note: the prompt appears to contain secret-like text. Do not persist raw secret values; store only redacted summaries.'
-      : '';
-    return contextOutput(eventName, `${context}${warning}`);
+    return contextOutput(eventName, context);
   }
 
   if (eventName === 'PreToolUse') {
-    const reason = shouldBlockTool(payload);
-    if (reason) return blockOutput(provider, reason);
     await rememberTool(projectRoot, payload, `pre ${toolSummary(payload)}`);
     return {};
   }

package/src/project.js

@@ -10,7 +10,7 @@ import {
   writeTextIfMissing,
 } from './fs-utils.js';
 import { LLM_WIKI_DIRS } from './constants.js';
-import { redactText, summarizeForStorage } from './redaction.js';
+import { normalizeForStorage, redactText, summarizeForStorage } from './redaction.js';
 import { gitignore, indexPage, llmWikiAgents, logPage, procedure, rootAgentsPolicy } from './templates.js';
 import { recordManagedTemplates } from './project-state.js';
 
@@ -79,13 +79,19 @@ export async function appendSessionEnvelope(projectRoot, eventName, payload) {
 }
 
 export function slugify(value, fallback = 'note') {
-  const ascii = String(value || '')
-    .normalize('NFKD')
+  const slug = normalizeForStorage(value || '')
+    .replace(/\[REDACTED:[^\]]+\]/g, '')
+    .replace(/\[TRUNCATED:[^\]]+\]/g, '')
     .replace(/[^\p{Letter}\p{Number}]+/gu, '-')
     .replace(/^-+|-+$/g, '')
     .toLowerCase()
-    .slice(0, 80);
-  return ascii || fallback;
+    .slice(0, 72)
+    .replace(/-+$/g, '');
+  return slug || fallback;
+}
+
+function hasCapturedQuestion(entry) {
+  return Boolean(entry.question && entry.question !== '(not captured)' && entry.question.trim().length >= 8);
 }
 
 export async function appendLiveQa(projectRoot, entry) {
@@ -117,7 +123,7 @@ export async function appendLiveQa(projectRoot, entry) {
 }
 
 export async function writeQueryPage(projectRoot, entry) {
-  if (!entry.question || entry.question.length < 8) return null;
+  if (!hasCapturedQuestion(entry)) return null;
   const day = todayKst();
   const slug = slugify(entry.question, 'query');
   const path = join(projectRoot, 'llm-wiki', 'wiki', 'queries', `${day}-${slug}.md`);
@@ -128,6 +134,7 @@ export async function writeQueryPage(projectRoot, entry) {
 }
 
 export async function writeDecisionPage(projectRoot, entry) {
+  if (!hasCapturedQuestion(entry)) return null;
   const text = `${entry.question || ''}\n${entry.result || ''}`;
   if (!/(decision|decided|결정|선택|채택|확정)/i.test(text)) return null;
   const day = todayKst();

package/src/redaction.js

@@ -1,4 +1,4 @@
-const SECRET_PATTERNS = [
+const AUTH_PATTERNS = [
   {
     name: 'private-key',
     pattern: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g,
@@ -6,22 +6,16 @@ const SECRET_PATTERNS = [
   {
     name: 'env-assignment-secret',
     pattern: /\b([A-Z0-9_]*(?:TOKEN|SECRET|PASSWORD|PASSWD|API_KEY|PRIVATE_KEY|ACCESS_KEY)[A-Z0-9_]*)\s*=\s*([^\s"'`]{6,}|["'`][^"'`]{6,}["'`])/gi,
+    replacement: '$1=[REDACTED:env-assignment-secret]',
   },
   {
     name: 'bearer-token',
     pattern: /\bBearer\s+[A-Za-z0-9._~+/=-]{16,}/g,
+    replacement: 'Bearer [REDACTED:bearer-token]',
   },
   {
     name: 'generic-token',
-    pattern: /\b(?:sk|pk|ghp|gho|github_pat|xoxb|xoxp|AKIA)[A-Za-z0-9._-]{16,}\b/g,
-  },
-  {
-    name: 'email',
-    pattern: /\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi,
-  },
-  {
-    name: 'phone',
-    pattern: /(?<![\w])(?!(?:\d{4}-\d{2}-\d{2})(?!\d))(?:\+?\d(?:[\d .()-]*\d){9,})(?![\w])/g,
+    pattern: /\b(?:sk|pk|ghp|gho|github_pat|npm_|xoxb|xoxp|AKIA)[A-Za-z0-9._-]{16,}\b/g,
   },
 ];
 
@@ -34,19 +28,19 @@ const SENSITIVE_PATH_PATTERNS = [
 ];
 
 export function redactText(value, maxLength = 6000) {
-  let text = typeof value === 'string' ? value : JSON.stringify(value ?? '');
-  for (const rule of SECRET_PATTERNS) {
-    text = text.replace(rule.pattern, `[REDACTED:${rule.name}]`);
+  let text = normalizeForStorage(typeof value === 'string' ? value : JSON.stringify(value ?? ''));
+  for (const rule of AUTH_PATTERNS) {
+    text = text.replace(rule.pattern, rule.replacement || `[REDACTED:${rule.name}]`);
   }
   if (text.length > maxLength) {
     text = `${text.slice(0, maxLength)}\n[TRUNCATED:${text.length - maxLength}]`;
   }
-  return text;
+  return normalizeForStorage(text);
 }
 
 export function hasSecretLikeText(value) {
-  const text = typeof value === 'string' ? value : JSON.stringify(value ?? '');
-  return SECRET_PATTERNS.some((rule) => {
+  const text = normalizeForStorage(typeof value === 'string' ? value : JSON.stringify(value ?? ''));
+  return AUTH_PATTERNS.some((rule) => {
     rule.pattern.lastIndex = 0;
     return rule.pattern.test(text);
   });
@@ -61,6 +55,10 @@ export function summarizeForStorage(value, maxLength = 1200) {
   return redactText(value, maxLength).replace(/\r/g, '').trim();
 }
 
+export function normalizeForStorage(value) {
+  return String(value ?? '').normalize('NFC');
+}
+
 export function extractPathsFromText(text) {
   if (!text || typeof text !== 'string') return [];
   const matches = text.match(/(?:^|\s)([.~\/A-Za-z0-9_@:-][^\s"'`<>|;]{1,220})/g) || [];

package/src/templates.js

@@ -1,11 +1,11 @@
 import { runtimeVersion } from './version.js';
 
 export function rootAgentsPolicy() {
-  return `\n<!-- llm-wiki-kit:start -->\n## LLM Wiki Policy\n\nThis repository uses llm-wiki-kit as a hook-first living Markdown wiki for Codex and Claude Code.\n\n- This block supersedes older OMX/OMC/\`omx_wiki/\` LLM Wiki instructions for this repository.\n- Treat chat memory as temporary; durable project knowledge belongs in \`llm-wiki/\`.\n- \`llm-wiki/raw/\` stores immutable or redacted source material. Do not edit raw source files.\n- \`llm-wiki/wiki/\` stores LLM-maintained knowledge pages such as decisions, architecture, debugging, context, concepts, and queries.\n- Before non-trivial work, use the injected LLM Wiki context and consult \`llm-wiki/wiki/index.md\` when present.\n- Capture reusable decisions, debugging findings, verification commands, and open questions into the wiki.\n- Never store credentials, tokens, private keys, \`.env\` contents, customer identifiers, or private personal data.\n- Mark inference explicitly and preserve contradictions instead of silently overwriting them.\n\n<!-- llm-wiki-kit:end -->\n`;
+  return `\n<!-- llm-wiki-kit:start -->\n## LLM Wiki Policy\n\nThis repository uses llm-wiki-kit as a hook-first living Markdown wiki for Codex and Claude Code.\n\n- This block supersedes older OMX/OMC/\`omx_wiki/\` LLM Wiki instructions for this repository.\n- Treat chat memory as temporary; durable project knowledge belongs in \`llm-wiki/\`.\n- \`llm-wiki/raw/\` stores immutable or redacted source material. Do not edit raw source files.\n- \`llm-wiki/wiki/\` stores LLM-maintained knowledge pages such as decisions, architecture, debugging, context, concepts, and queries.\n- Before non-trivial work, use the injected LLM Wiki context and consult \`llm-wiki/wiki/index.md\` when present.\n- Capture reusable decisions, debugging findings, verification commands, and open questions into the wiki.\n- Preserve useful work context, but do not store raw authentication values such as tokens, passwords, or private keys.\n- Mark inference explicitly and preserve contradictions instead of silently overwriting them.\n\n<!-- llm-wiki-kit:end -->\n`;
 }
 
 export function llmWikiAgents() {
-  return `# LLM Wiki Agent Rules\n\nGenerated by llm-wiki-kit ${runtimeVersion()}.\n\n## Purpose\nMaintain a living Markdown LLM Wiki from immutable source files and redacted Codex/Claude Code session events.\nThese rules supersede older OMX/OMC/\`omx_wiki/\` LLM Wiki rules for this project.\n\n## Directories\n- \`raw/\`: immutable or redacted source material. Never edit original source captures.\n- \`wiki/\`: AI-maintained knowledge pages.\n- \`outputs/\`: live Q&A summaries, reports, and generated briefs.\n- \`procedures/\`: detailed operating rules for ingest, query, lint, and security.\n\n## Core Rules\n- Never modify \`raw/\` source material except to append redacted session envelopes generated by hooks.\n- Do not state unsupported claims as facts.\n- Mark inference explicitly.\n- Add \`source_ids\` or file references for important claims.\n- Update \`wiki/index.md\` and \`wiki/log.md\` whenever new durable knowledge is created.\n- Preserve contradictions in \`Contradictions\` or \`Open Questions\` instead of overwriting them.\n- Ask before reading private or secret-looking files.\n\n## Page Format\nUse YAML frontmatter when creating wiki pages:\n\n\`\`\`yaml\n---\ntitle: \"\"\ntype: \"source | concept | entity | decision | architecture | debugging | context | query | session-log | convention\"\nsource_ids: []\nstatus: \"draft | reviewed | stale\"\nlast_updated: \"YYYY-MM-DD\"\nconfidence: \"high | medium | low\"\n---\n\`\`\`\n\n## Operations\n- ingest: read new raw files, create or update wiki pages, then update \`wiki/index.md\` and \`wiki/log.md\`.\n- query: start from \`wiki/index.md\`, read relevant wiki pages, answer with source references, and save reusable answers.\n- lint: find stale pages, orphan pages, broken wiki links, missing sources, duplicate concepts, contradictions, and missing links.\n`;
+  return `# LLM Wiki Agent Rules\n\nGenerated by llm-wiki-kit ${runtimeVersion()}.\n\n## Purpose\nMaintain a living Markdown LLM Wiki from immutable source files and redacted Codex/Claude Code session events.\nThese rules supersede older OMX/OMC/\`omx_wiki/\` LLM Wiki rules for this project.\n\n## Directories\n- \`raw/\`: immutable or redacted source material. Never edit original source captures.\n- \`wiki/\`: AI-maintained knowledge pages.\n- \`outputs/\`: live Q&A summaries, reports, and generated briefs.\n- \`procedures/\`: detailed operating rules for ingest, query, lint, and security.\n\n## Core Rules\n- Never modify \`raw/\` source material except to append redacted session envelopes generated by hooks.\n- Do not state unsupported claims as facts.\n- Mark inference explicitly.\n- Add \`source_ids\` or file references for important claims.\n- Update \`wiki/index.md\` and \`wiki/log.md\` whenever new durable knowledge is created.\n- Preserve contradictions in \`Contradictions\` or \`Open Questions\` instead of overwriting them.\n- Preserve useful work context and redact authentication values before writing durable notes.\n\n## Page Format\nUse YAML frontmatter when creating wiki pages:\n\n\`\`\`yaml\n---\ntitle: \"\"\ntype: \"source | concept | entity | decision | architecture | debugging | context | query | session-log | convention\"\nsource_ids: []\nstatus: \"draft | reviewed | stale\"\nlast_updated: \"YYYY-MM-DD\"\nconfidence: \"high | medium | low\"\n---\n\`\`\`\n\n## Operations\n- ingest: read new raw files, create or update wiki pages, then update \`wiki/index.md\` and \`wiki/log.md\`.\n- query: start from \`wiki/index.md\`, read relevant wiki pages, answer with source references, and save reusable answers.\n- lint: find stale pages, orphan pages, broken wiki links, missing sources, duplicate concepts, contradictions, and missing links.\n`;
 }
 
 export function indexPage() {
@@ -21,7 +21,7 @@ export function procedure(name) {
     'ingest.md': `# Ingest Procedure\n\n1. Read \`wiki/index.md\` first.\n2. Inspect new material under \`raw/inbox/\` or \`raw/sources/\`.\n3. Create or update \`wiki/sources/<slug>.md\` for each source.\n4. Update related concept, entity, decision, architecture, debugging, or context pages.\n5. Prefer updating existing pages over creating duplicates.\n6. Add source references and confidence.\n7. Update \`wiki/index.md\` and append to \`wiki/log.md\`.\n`,
     'query.md': `# Query Procedure\n\n1. Start from \`wiki/index.md\`.\n2. Search \`wiki/\` for relevant pages.\n3. Read the smallest useful set of pages first.\n4. Use raw sources only when exact evidence matters.\n5. Separate verified facts from inference.\n6. Save reusable answers into \`wiki/queries/\` and link them from related pages.\n`,
     'lint.md': `# Lint Procedure\n\nCheck for stale pages, orphan pages, broken wiki links, missing sources, duplicate concepts, unsupported claims, and unresolved contradictions. Prefer producing a review report before automatic edits.\n`,
-    'security.md': `# Security Procedure\n\n- Never store credentials, tokens, private keys, \`.env\` contents, customer identifiers, or private personal data.\n- Redact before writing hook payloads or summaries.\n- Full raw transcript capture is disabled by default and must be explicitly enabled by project policy.\n- If a file or prompt looks secret-bearing, do not persist it and ask for confirmation before reading further.\n`,
+    'security.md': `# Security Procedure\n\n- Preserve useful work context for the local project wiki.\n- Do not block reads or tool calls only because they look sensitive.\n- Redact authentication values such as tokens, passwords, and private keys before writing hook payloads or summaries.\n- Full raw transcript capture is disabled by default and must be explicitly enabled by project policy.\n`,
   };
   return procedures[name] || '';
 }