CLAUDE.md After an Audit: 296 to 142 Lines, and My Agent Codes Better Than Before

Last article in this series on the audit of a Go authentication service. After covering security patterns, mTLS infrastructure, CQRS architecture, and audit methodology, one question remains: how do you document all this for AI agents that will touch the code after you?

The project's CLAUDE.md was 296 lines. After the audit, it's 142. Minus 52%. And the agent codes better than before.

The "document everything" reflex

The natural pattern: every time the agent makes a mistake, you add a line to CLAUDE.md. "Don't forget the dummy hash on login." "CSRF middleware must come after session-load." "CRLs are checked in two places."

Result: a file that grows monotonically, never cleaned up. Each addition is individually legitimate. But collectively, the signal-to-noise ratio drops with every line.