4 Files That Made Claude Code Write Safe Prod-Database Code

A developer on r/ClaudeAI shares a practical setup that lets Claude Code safely interact with a production database (Convex). The key insight: safety comes from the substrate, not from the agent improvising.
The 4 Files
~/projects/agent-os/CLAUDE.md— identity file: who you are, what you sell, who you sell to, 90-day priorities. The agent reads, never asks.~/.claude/projects/-home-jon/memory/MEMORY.md— auto-memory index: user profile, feedback rules, project state across sessions. Prevents the agent from relearning every conversation.references/framework.md— operator playbook: how decisions get made, what to optimize for, structural rules for scaling.decisions/log.md— append-only why-log: reversible decisions get one line; load-bearing ones get full receipts.
The Bridge: scripts/skool_sheets_to_convex.py
Stdlib Python, deterministic, runs on a 10-minute systemd timer. The agent calls it but did not generate it on demand. Production writes require:
- Environment variable
SKOOL_ALLOW_PROD_WRITES=1 - A 401-preflight against an allowlisted Convex deployment slug
- Composite idempotency key:
{tab_slug}:{normalized_transaction_id} - Redacting logger that strips email-shaped substrings and known secret prefixes before any line hits the journal
Spec and Review Process
The spec lived in references/skool-api.md before any code existed. Codex reviewed it twice:
- First pass: killed a cookie-auth approach that would have violated Skool's ToS.
- Second pass: drove the prod-write guard.
- Both passes missed an inferred field assumption. A dry-run caught it.
- A quieter cache bug:
_read_jsonswallowedJSONDecodeErrorand returned an empty dict. Under a corruption test (deliberately corrupt cache, run bridge), it would have silently rebuilt the processed-events cache and double-POSTed every row. Caught and fixed before the canary ran.
Takeaway
The author recommends copying connections.md first — knowing what your Claude setup can actually reach is the cheapest unlock.
None of the guardrails came from the agent improvising. They came from the spec, which came from research, which came from a workflow rule in memory: research, planning, spec, implementation, with adversarial review at each phase.
📖 Read the full source: r/ClaudeAI
👀 See Also

Stop Claude's Em Dashes with One Line in Preferences or Claude.md
Add a specific sentence to your Claude.ai profile preferences or Claude.md to reduce em dashes by ~98%. This is a practical tweak tested by the community.

Worker Agents Shouldn't Write Memory Directly: A Curator-Agent Pattern
A Reddit post details a Memory Curator pattern that prevents worker agents from writing directly to shared memory, routing events through a validation and scoping layer.

Short system prompts improve Claude's adherence and reduce token waste
A developer discovered that replacing a 3,847-word system prompt with several tiny focused prompts (total ~200 words) eliminated Claude's drift and forgotten instructions.

Claude AI Users Getting Better Results by Providing Context Instead of Generic Prompts
A Reddit discussion highlights that users getting real work done with Claude AI provide specific context about their situation, what they've tried, what good looks like, and what to avoid, rather than treating it like a search engine.