chore: move code_guidelines and security under docs/

Keeps repo root lean: CLAUDE.md is the only doc at root. All
reference/architecture material lives under docs/.

Also updates all cross-references in CLAUDE.md, docs/README.md,
and the FastAPI override note in code_guidelines.md so links stay
valid after the move.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-21 14:24:54 -05:00
parent 5f3bd69e95
commit a376207243
4 changed files with 11 additions and 11 deletions

View File

@@ -2,7 +2,7 @@
Small farm website for **Chicken Babies R Us** (Morrison TN — address is intentionally **not** displayed publicly). Public brochure site with a blog-style home, About, Contact, and a disabled "Shop (coming soon)" placeholder. The owner's wife, **Head Hen**, edits all content through an admin area protected by email magic-link authentication. Small farm website for **Chicken Babies R Us** (Morrison TN — address is intentionally **not** displayed publicly). Public brochure site with a blog-style home, About, Contact, and a disabled "Shop (coming soon)" placeholder. The owner's wife, **Head Hen**, edits all content through an admin area protected by email magic-link authentication.
> This file is authoritative for *this project*. Where it conflicts with `code_guidelines.md`, this file wins. > This file is authoritative for *this project*. Where it conflicts with `docs/code_guidelines.md`, this file wins.
--- ---
@@ -11,7 +11,7 @@ Small farm website for **Chicken Babies R Us** (Morrison TN — address is inten
| Layer | Choice | | Layer | Choice |
|---|---| |---|---|
| Language | Python 3.12 | | Language | Python 3.12 |
| Web framework | **FastAPI** (overrides the Flask default in `code_guidelines.md`) | | Web framework | **FastAPI** (overrides the Flask default in `docs/code_guidelines.md`) |
| Templates | Jinja2 | | Templates | Jinja2 |
| ASGI server | Uvicorn, behind Caddy reverse proxy | | ASGI server | Uvicorn, behind Caddy reverse proxy |
| Database | SQLite (WAL mode) — single-writer is fine at this scale | | Database | SQLite (WAL mode) — single-writer is fine at this scale |
@@ -52,6 +52,8 @@ The app MUST trust `X-Forwarded-For` / `X-Forwarded-Proto` **only from Caddy's I
├── docs/ business + architecture docs (NO application code) ├── docs/ business + architecture docs (NO application code)
│ ├── README.md │ ├── README.md
│ ├── ROADMAP.md │ ├── ROADMAP.md
│ ├── code_guidelines.md
│ ├── security.md
│ └── MANUAL_TESTING.md (added in Phase 1) │ └── MANUAL_TESTING.md (added in Phase 1)
├── tests/ pytest ├── tests/ pytest
├── Logo/ brand assets (source) ├── Logo/ brand assets (source)
@@ -60,12 +62,10 @@ The app MUST trust `X-Forwarded-For` / `X-Forwarded-Proto` **only from Caddy's I
├── requirements.txt ├── requirements.txt
├── .env.example ├── .env.example
├── .gitignore ├── .gitignore
── CLAUDE.md ── CLAUDE.md
├── code_guidelines.md
└── security.md
``` ```
## Security Must-Haves (in addition to `security.md`) ## Security Must-Haves (in addition to `docs/security.md`)
- **SQL**: parameterized statements only (sqlite3 `?` placeholders or SQLAlchemy Core bind params). Never f-string a query. - **SQL**: parameterized statements only (sqlite3 `?` placeholders or SQLAlchemy Core bind params). Never f-string a query.
- **Markdown**: hardened pipeline `markdown-it-py``bleach` allowlist. No raw HTML pass-through. - **Markdown**: hardened pipeline `markdown-it-py``bleach` allowlist. No raw HTML pass-through.
@@ -110,7 +110,7 @@ docker compose up --build
## Pointers ## Pointers
- Generic Python standards: `code_guidelines.md` (FastAPI overrides its Flask default) - Generic Python standards: `docs/code_guidelines.md` (FastAPI overrides its Flask default)
- Security baseline: `security.md` - Security baseline: `docs/security.md`
- Phased roadmap, dataclasses, SQL schema, visual design: `docs/ROADMAP.md` - Phased roadmap, dataclasses, SQL schema, visual design: `docs/ROADMAP.md`
- Docs folder guide: `docs/README.md` - Docs folder guide: `docs/README.md`

View File

@@ -9,6 +9,8 @@ This folder contains business planning, architecture decisions, and documentatio
| Document | Purpose | | Document | Purpose |
|----------|---------| |----------|---------|
| `ROADMAP.md` | Phased build plan, data model (dataclasses), SQL schema, visual design, env-var contract | | `ROADMAP.md` | Phased build plan, data model (dataclasses), SQL schema, visual design, env-var contract |
| `code_guidelines.md` | Generic Python coding standards (FastAPI overrides its Flask default for this project) |
| `security.md` | Python security baseline (OWASP-aligned) |
| `MANUAL_TESTING.md` *(added in Phase 1)* | Manual test checklist for the public site + admin | | `MANUAL_TESTING.md` *(added in Phase 1)* | Manual test checklist for the public site + admin |
## Related Docs (in repo root) ## Related Docs (in repo root)
@@ -16,8 +18,6 @@ This folder contains business planning, architecture decisions, and documentatio
| Document | Purpose | | Document | Purpose |
|----------|---------| |----------|---------|
| `../CLAUDE.md` | Project instructions — stack, topology, security must-haves, git flow | | `../CLAUDE.md` | Project instructions — stack, topology, security must-haves, git flow |
| `../code_guidelines.md` | Generic Python coding standards (FastAPI overrides its Flask default for this project) |
| `../security.md` | Python security baseline (OWASP-aligned) |
## Guidelines ## Guidelines

View File

@@ -35,7 +35,7 @@
- Logging: Structlog - Logging: Structlog
- Scheduling: APScheduler - Scheduling: APScheduler
> **Per-project override:** the `chicken_babies_site` project uses **FastAPI** (not Flask). See `CLAUDE.md` for the full authoritative stack for that project. > **Per-project override:** the `chicken_babies_site` project uses **FastAPI** (not Flask). See `../CLAUDE.md` for the full authoritative stack for that project.
### Error Handling ### Error Handling
- Custom exception classes for domain-specific errors - Custom exception classes for domain-specific errors