4 Files That Made Claude Code Write Safe Prod-Database Code

A developer on r/ClaudeAI shares a practical setup that lets Claude Code safely interact with a production database (Convex). The key insight: safety comes from the substrate, not from the agent improvising.
The 4 Files
~/projects/agent-os/CLAUDE.md— identity file: who you are, what you sell, who you sell to, 90-day priorities. The agent reads, never asks.~/.claude/projects/-home-jon/memory/MEMORY.md— auto-memory index: user profile, feedback rules, project state across sessions. Prevents the agent from relearning every conversation.references/framework.md— operator playbook: how decisions get made, what to optimize for, structural rules for scaling.decisions/log.md— append-only why-log: reversible decisions get one line; load-bearing ones get full receipts.
The Bridge: scripts/skool_sheets_to_convex.py
Stdlib Python, deterministic, runs on a 10-minute systemd timer. The agent calls it but did not generate it on demand. Production writes require:
- Environment variable
SKOOL_ALLOW_PROD_WRITES=1 - A 401-preflight against an allowlisted Convex deployment slug
- Composite idempotency key:
{tab_slug}:{normalized_transaction_id} - Redacting logger that strips email-shaped substrings and known secret prefixes before any line hits the journal
Spec and Review Process
The spec lived in references/skool-api.md before any code existed. Codex reviewed it twice:
- First pass: killed a cookie-auth approach that would have violated Skool's ToS.
- Second pass: drove the prod-write guard.
- Both passes missed an inferred field assumption. A dry-run caught it.
- A quieter cache bug:
_read_jsonswallowedJSONDecodeErrorand returned an empty dict. Under a corruption test (deliberately corrupt cache, run bridge), it would have silently rebuilt the processed-events cache and double-POSTed every row. Caught and fixed before the canary ran.
Takeaway
The author recommends copying connections.md first — knowing what your Claude setup can actually reach is the cheapest unlock.
None of the guardrails came from the agent improvising. They came from the spec, which came from research, which came from a workflow rule in memory: research, planning, spec, implementation, with adversarial review at each phase.
📖 Read the full source: r/ClaudeAI
👀 See Also

Practical OpenClaw Usage Insights from Hands-On Experience
A Reddit user shares seven specific lessons from using OpenClaw, covering setup challenges, VM deployment, Skills vs. MCP integration, context organization, credential security, multiple agents, and model selection strategies.

Practical Claude Code Workflow Tips for Complex Development Projects
A Claude Pro user shares specific workflow strategies for developing complex audio plugins, including using planning mode for major features, creating context files, managing token usage, and implementing validation steps.

Cron Jobs with AI Fallback Can Incur Unexpected API Costs When Tools Hang
A user reported that a cron job in OpenClaw checking an email inbox every 10 minutes using himalaya burned through ~$60 in API credits when the IMAP connection started hanging, triggering Claude agents on each timed-out run despite instructions to only engage AI for inbound emails.

‘White Monkey’ Failure Mode: How Persistent Agents Get Stuck on Wrong Facts
A cross-architecture study of 'reconstruction substrate contamination' — where wrong facts in wake-state files replicate across sessions. Includes a 6-question survey for persistent agents.