From e6854e0ebd95f627239313826ff87a07dd9bc8aa Mon Sep 17 00:00:00 2001 From: Marcel Date: Tue, 5 May 2026 23:42:15 +0200 Subject: [PATCH] docs(legibility): fix three review blockers in DOC-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - docs/README.md: remove duplicate infrastructure/ entry at end of folder tree - ocr-service/CLAUDE.md: add **LLM reminder:** prefix to ALLOWED_PDF_HOSTS SSRF warning (consistent with all other machine-readable instructions) - backend/CLAUDE.md: restore ResponseStatusException note for simple controller validation — avoids LLMs reaching for DomainException for trivial checks Co-Authored-By: Claude Sonnet 4.6 --- backend/CLAUDE.md | 2 +- docs/README.md | 3 +-- ocr-service/CLAUDE.md | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/backend/CLAUDE.md b/backend/CLAUDE.md index d67dfe58..69d2f154 100644 --- a/backend/CLAUDE.md +++ b/backend/CLAUDE.md @@ -103,7 +103,7 @@ public class MyEntity { → See [CONTRIBUTING.md §Error handling](../CONTRIBUTING.md#error-handling) -**LLM reminder:** use `DomainException.notFound/forbidden/conflict/internal()` — never throw raw exceptions from service methods. When adding a new `ErrorCode`: add to `ErrorCode.java`, mirror in `frontend/src/lib/shared/errors.ts`, add i18n keys in `messages/{de,en,es}.json`. +**LLM reminder:** use `DomainException.notFound/forbidden/conflict/internal()` — never throw raw exceptions from service methods. For simple controller validation (not domain logic), `ResponseStatusException` is acceptable: `throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "…")`. When adding a new `ErrorCode`: add to `ErrorCode.java`, mirror in `frontend/src/lib/shared/errors.ts`, add i18n keys in `messages/{de,en,es}.json`. ## Security / Permissions diff --git a/docs/README.md b/docs/README.md index d5221d5d..cf95abb7 100644 --- a/docs/README.md +++ b/docs/README.md @@ -14,8 +14,7 @@ docs/ ├── DEPLOYMENT.md # Day-1 checklist and operational reference (DOC-5) ├── GLOSSARY.md # Domain terminology (DOC-3) ├── security-guide.md # Security policies and hardening guide -├── STYLEGUIDE.md # Coding and design style guide -└── infrastructure/ # Production compose, CI config, S3 migration +└── STYLEGUIDE.md # Coding and design style guide ``` ## ADR (`adr/`) diff --git a/ocr-service/CLAUDE.md b/ocr-service/CLAUDE.md index c9be8f4a..f628c60b 100644 --- a/ocr-service/CLAUDE.md +++ b/ocr-service/CLAUDE.md @@ -4,4 +4,4 @@ **LLM reminder:** the OCR service is a **single-node container** — training reloads the model in-process, so multiple replicas cause model-state divergence (see ADR-001). All job tracking and business logic stay in Spring Boot; the Python service is stateless OCR only. -`ALLOWED_PDF_HOSTS` must never be set to `*` — that opens SSRF. The default (`minio,localhost,127.0.0.1`) is correct for dev. +**LLM reminder:** `ALLOWED_PDF_HOSTS` must never be set to `*` — that opens SSRF. The default (`minio,localhost,127.0.0.1`) is correct for dev.