diff --git a/journal/2026-07-08.md b/journal/2026-07-08.md index 12fb9f2..4819cff 100644 --- a/journal/2026-07-08.md +++ b/journal/2026-07-08.md @@ -359,3 +359,10 @@ tags: [scope/global, type/log] **Reason:** prompt_input_exit **Vault notes touched:** (none) + +## Session — 2026-07-08T17:21:37Z + +**Project:** /home/jared/servers/ovh-prod +**Reason:** clear +**Vault notes touched:** +(none) diff --git a/reference/claude-code-setting-sources-silent-plugin-drop.md b/reference/claude-code-setting-sources-silent-plugin-drop.md new file mode 100644 index 0000000..dc32272 --- /dev/null +++ b/reference/claude-code-setting-sources-silent-plugin-drop.md @@ -0,0 +1,43 @@ +--- +summary: Claude Code's --setting-sources flag silently disables ALL plugins and hooks if "user" is omitted, because plugin enablement and hook wiring live only in ~/.claude/settings.json. +tags: + - type/reference + - tool/claude-code +scope: global +type: reference +source: cc-os docs/plans/c3-spike-findings.md (spike a, 2026-07-08) +date: 2026-07-08 +last_updated: 2026-07-08 +--- + +# Claude Code `--setting-sources` silently drops all plugins without "user" + +Verified 2026-07-08 via transcript-level inspection of headless runs (model self-report is +unreliable for this — check the session JSONL for `hook_additional_context` / +`skill_listing` entries instead). + +- `--setting-sources` picks which settings files load: `user` (`~/.claude/settings.json`), + `project` (`.claude/settings.json`), `local`. +- **Plugin enablement (`enabledPlugins`) and all hook wiring live in the `user` file.** + Any invocation whose source list omits `user` (e.g. `--setting-sources ""` or + `project,local`) starts a session with ZERO plugins and ZERO hooks — no error, no + warning. Memory capture, vault sync, ADR reminders, orchestration injection: all + silently absent for that session. +- Symlinked local plugins and absolute-path hooks are NOT the issue — the only failure + axis is whether `user` is in the list. + +## `--settings ` deep-merges `enabledPlugins` (verified 2026-07-08) + +An overlay file passed via `--settings` merges `enabledPlugins` key-by-key into the user +settings — only plugins explicitly set `false` are disabled; unlisted plugins and all +hooks are untouched. Diff-only profile overlays (e.g. `~/.claude/profiles/*.json`) are +therefore safe. Measured caveat: disabling plugins saves almost no context +(−32 to −632 tokens for 5–9 plugins, post-ToolSearch) — the win is focus, not tokens. + +## Rule + +Any wrapper, profile, or script that passes `--setting-sources` MUST include `user`. +To slim a session, subtract via a `--settings ` file (e.g. an +`enabledPlugins` diff in `~/.claude/profiles/`) — never by dropping the user source. + +Related: [[cc-os-hub]], [[memsearch-sessionstart-injection-hardcoded]] diff --git a/reference/memsearch-sessionstart-injection-hardcoded.md b/reference/memsearch-sessionstart-injection-hardcoded.md new file mode 100644 index 0000000..970ebb9 --- /dev/null +++ b/reference/memsearch-sessionstart-injection-hardcoded.md @@ -0,0 +1,34 @@ +--- +summary: memsearch's SessionStart "Recent Memory" injection size is hardcoded in its hook script — no config knob controls it, and the documented TOML surface doesn't cover it. +tags: + - type/reference + - tool/memsearch +scope: global +type: reference +source: cc-os docs/plans/b3-memsearch-injection-review.md +date: 2026-07-08 +last_updated: 2026-07-08 +--- + +# memsearch SessionStart injection is hardcoded (no cap knob) + +Verified on memsearch v0.4.6 and the v0.4.11 plugin cache (2026-07-08). + +- The SessionStart `# Recent Memory` injection is produced by `hooks/session-start.sh`, + which hardcodes `head -2` daily memory files × `head -40` heading/bullet lines each. +- **No user-facing config knob controls this.** The documented TOML surface (the + `memory-config` skill: summarize / project_review / user_profile / memory_to_skill / + prompts) does not touch the injection size — don't waste time looking for a cap there. +- Measured cost across 61 real sessions (cc-os, 7 days): min ~6.0 KB / median ~11.7 KB / + max ~15.4 KB per session (~1.5k–3.9k tokens), injected every SessionStart. + +## Levers (in order of durability) + +1. Upstream fix: a memsearch config option for injection size (doesn't exist yet; would be + the only durable cap). +2. Reduce bullet density at the source via the Stop-hook summarizer prompts/config — fewer, + denser bullets in the daily files shrink what `head -40` captures. +3. Unsupported stopgap: hand-edit the cached hook's `head -2`/`head -40` constants + (~75% reduction) — **any plugin cache refresh silently reverts it**. + +Related: [[cc-os-hub]] diff --git a/reference/planka-v2-api-gotchas.md b/reference/planka-v2-api-gotchas.md new file mode 100644 index 0000000..8fd20b9 --- /dev/null +++ b/reference/planka-v2-api-gotchas.md @@ -0,0 +1,36 @@ +--- +summary: "Planka v2.1.1 API and Docker behaviors that differ from or are absent in its docs — auth/PAT limits, first-login terms flow, card-move and project-delete quirks, container uid." +tags: + - type/reference + - tool/planka + - project/backlog-pilot + - domain/self-hosting +scope: global +source: ovh-prod Planka deploy, 2026-07-08 +date: 2026-07-08 +last_updated: 2026-07-08 +--- + +# Planka v2 API Gotchas (verified on v2.1.1) + +Discovered during the ovh-prod deploy (2026-07-08), verified against a live v2.1.1 instance. +Directly relevant to the `backlog` CLI in `~/dev/ruby-gems` and any Planka automation. + +1. **No scoped API keys / PATs.** Only `POST /api/access-tokens` with + `{emailOrUsername, password}` → bearer JWT. Upstream issue + [#945](https://github.com/plankanban/planka/issues/945) still open as of v2.1.1. + Automation must hold real user credentials; a scoped-token proxy is the workaround. +2. **First-ever login requires terms acceptance.** The first `POST /api/access-tokens` + returns `E_FORBIDDEN` with a `pendingToken` and `step: "accept-terms"`. Flow: + `GET /api/terms` → take `item.signature` → `POST /api/access-tokens/accept-terms` + with `{pendingToken, signature}` → real token. Subsequent logins are normal. +3. **Card move needs both fields.** `PATCH /api/cards/:id` requires **both** `listId` + and `position`; `listId` alone returns `E_MISSING_OR_INVALID_PARAMS`. +4. **Project delete is not cascading.** `DELETE /api/projects/:id` returns 422 + `"Must not have boards"` — delete each board first. +5. **Container uid.** The `ghcr.io/plankanban/planka` image runs as uid 1000 (`node`). + A bind-mounted `/app/data` must be `chown 1000` or attachment/avatar uploads fail + (container starts healthy either way — the failure is silent until first upload). + +Deploy as-built details live in the repo: `ovh-prod/docs/planka-deploy-prd.md`. +Related: [[vault-backlog-pilot-plan]], [[backlog-system-options-research]].