docs(claude): live instance details, migration status, and drift notes

[bakerboy448]

Summary

• Documents live qui.internal instance details in CLAUDE.md (hetzner, port 7476, OIDC-only auth)
• Confirms scripts/export.sh FILE_MAP IDs match the live instance (verified 2026-06-21 via SQLite inspection)
• Records that bakerboy448/qui-automations is archived and this repo is canonical
• Documents two known live-vs-repo drift items found during consolidation audit

Consolidation audit findings (PART A)

Both bakerboy448/qui-automations (archived predecessor) and baker-scripts/qui_workflows have the same 21 automations with the same names. No unique content existed in the predecessor — qui_workflows was already the canonical, more advanced version with newer qui schema fields (dryRun, trackerDomains, trackerPattern) and improved logic. No automation JSON migration was needed.

bakerboy448/qui-automations was already archived before this session.

Live export findings (PART B)

Exported live automations directly from the qui SQLite DB (/.config/qui/qui.db on hetzner) since the live instance uses OIDC-only auth (QUI__OIDC_DISABLE_BUILT_IN_LOGIN=true) and no plain API key was available via sanctioned means.

Live instance has 21 automations, last modified 2026-03-09. Comparing to repo (ignoring schema-only fields added in newer qui):

Automation	Live	Repo	Action
HL-remove-limits	intervalSeconds: null	field omitted	None — equivalent (both = qui default interval)
Recheck: missing files	explicit forceRecheck condition (STATE = missingFiles)	intentionally empty conditions	Live should be updated to match repo
All others	Match	Match	None

The repo is more correct than live for Recheck: missing files. The empty-conditions form is the correct newer representation (documented in README: "Built-in qui action — empty conditions is intentional").

Test plan

• Verify FILE_MAP IDs by running scripts/export.sh against live instance after generating an API key via qui Settings → API Keys
• Update live Recheck: missing files automation to remove the explicit condition (empty conditions is correct)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Updated internal documentation with live deployment instance details, including authentication configuration and API requirements.
  • Added documentation of known differences between the live instance and repository codebase.

[coderabbitai]

Walkthrough

CLAUDE.md gains two new sections: "Live Instance" documenting container location, port, OIDC-only auth mode, QUI_API_KEY requirement for the export script, and FILE_MAP ID verification; and "Known Live Drift" cataloguing two automation differences between the live instance and the repo, one marked no-action and one flagged for a future update.

Changes

Live Instance and Drift Documentation

Layer / File(s)	Summary
Live Instance and Known Drift sections CLAUDE.md	Adds a "Live Instance" section with deployment, auth, and export-script details, and a "Known Live Drift" section documenting two automation mismatches—one equivalent (no action) and one outdated recheck condition to be updated later.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description provides a comprehensive summary and detailed findings, but does not follow the required template structure with Category and Checklist sections.	Add required template sections: Category (select Documentation), and Checklist items (validate JSON, verify sort order, check conditions, update README, verify no secrets).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: documentation updates about live instance details, migration status, and drift notes in CLAUDE.md.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch consolidate/migrate-and-live-export

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CLAUDE.md`:
- Around line 18-25: The Auth line in the Live Instance section uses ambiguous
wording with "no plain API key" which could be misread as "no API keys available
at all." Clarify this line to explicitly state that OIDC authentication is
required first, and then API keys can be generated via the UI Settings after
successful OIDC login. Reword the Auth description to avoid the confusing
phrasing and make it clear that API keys do exist but are UI-generated
post-OIDC-login, not available through built-in login mechanisms.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 89ea3635-3e46-4840-bc63-b07b58a45ac7

📥 Commits

Reviewing files that changed from the base of the PR and between 5564f7c and 11980c9.

📒 Files selected for processing (1)

• CLAUDE.md

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | 💤 Low value

Clarify API key availability in OIDC-only mode.

Line 21 states "no plain API key," which is technically correct but could be misread as "no API keys at all." In OIDC-only mode, users authenticate via OIDC first, then can generate API keys from the ui Settings. Consider rewording to "OIDC-only authentication required; API keys generated via UI after OIDC login" to avoid confusion.

📝 Proposed clarification

 - Auth: OIDC-only (`QUI__OIDC_DISABLE_BUILT_IN_LOGIN=true`) — no built-in login, no plain API key
+ - Auth: OIDC-only (`QUI__OIDC_DISABLE_BUILT_IN_LOGIN=true`); API keys generated via UI after OIDC authentication

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CLAUDE.md` around lines 18 - 25, The Auth line in the Live Instance section
uses ambiguous wording with "no plain API key" which could be misread as "no API
keys available at all." Clarify this line to explicitly state that OIDC
authentication is required first, and then API keys can be generated via the UI
Settings after successful OIDC login. Reword the Auth description to avoid the
confusing phrasing and make it clear that API keys do exist but are UI-generated
post-OIDC-login, not available through built-in login mechanisms.