Tygart Media

Tag: AI Memory

  • The Exit Protocol: The Section of Your Digital Life You Haven’t Written Yet

    The Exit Protocol: The Section of Your Digital Life You Haven’t Written Yet

    Every tool you enter, you will someday leave. Most operators don’t plan the exit until the exit is already happening. This is the protocol written before the catastrophe, not after.

    Target keyword: digital exit protocol Secondary: tool exit strategy, digital legacy planning, AI tool offboarding, operator continuity planning Categories: AI Hygiene, AI Strategy, Notion Tags: exit-protocol, ai-hygiene, operator-playbook, continuity, digital-legacy

    Every tool you enter, you will someday leave.

    You don’t know which exit you’ll face first. The breach that ends a Tuesday. The policy change that ends a vendor relationship in thirty days. The voluntary migration to something better. The one nobody plans for — the terminal one, where you’re gone or incapacitated and someone else has to figure out how your digital life was organized.

    The cheapest time to plan any of those exits is at the moment of entry. The most expensive time is the moment the exit is already underway.

    Most operators never write this section of their digital life. They enter tools. They stack data. They accumulate credentials. They build automations that depend on twelve other automations that depend on accounts they don’t remember creating. And if you asked them today, “if this specific tool vanished tomorrow, what happens?” — the honest answer is usually I don’t know, I’ve never looked.

    That’s the section this article is about. The exit protocol. The will-and-testament layer of digital life, written before the catastrophe rather than after.

    I’m going to describe the four exits every operator faces, the runbook for each, and the pre-entry checklist that keeps the whole stack from becoming a trap you can’t get out of. None of this is theoretical — it’s the protocol I actually run, cleaned up enough to be useful to someone else building their own version.

    Why this matters more in 2026 than it did in 2020

    For most of the personal-computing era, “exit” meant closing a browser tab. You used a tool, you were done, you left. The consequences of not planning the exit were small because the surface was small.

    That’s not the shape of digital life in 2026. The operator running a real business now sits on top of a stack that typically includes:

    • A knowledge workspace (Notion, Obsidian, or similar) holding years of operational state
    • An AI layer (Claude, ChatGPT, or similar) with memory, projects, and connections to your workspace
    • A cloud provider account running compute, storage, and services
    • Web properties with published content and user data
    • Scheduling, CRM, and communication tools with their own data stores
    • A password manager sitting behind all of it
    • An identity root (usually a Google or Apple account) holding the keys

    Any one of these can end. By breach. By policy change. By price increase you can’t absorb. By vendor shutdown. By personal rupture that isn’t business at all. By death, which is the scenario nobody wants to write about and exactly the one that makes the planning most valuable.

    And every piece is entangled with the pieces above and below it. Your Notion workspace references your Gmail. Your Gmail authenticates your cloud provider. Your cloud provider runs the services your web properties depend on. Your password manager holds the recovery codes for everything. The stack is a single living system with many failure modes, and the only version of “exit planning” that works is the one that treats the stack as a whole.

    The seven questions

    Before you can plan an exit, you need to be able to answer seven questions about every tool in your stack. If you can’t answer them, the exit plan is a fiction.

    1. What lives there? Data, credentials, intellectual property. Not “everything” — specifically, what is in this tool that doesn’t exist anywhere else?

    2. Who else has access? Human collaborators. Service accounts. OAuth connections. API keys you gave out and forgot about. Every form of access is a potential inheritance path.

    3. How does it get out? The export surface. Format. Cadence. Whether the export includes everything or just some things. Whether the export requires the UI or has an API.

    4. What deletes on what trigger? Vendor retention policies. Your own rotation schedule. End-of-engagement deletion for client work. What happens to data if you stop paying.

    5. Who inherits what? Family. Team. Clients. The answer is usually “nobody, by default” — and that default is the whole problem.

    6. How do downstream systems keep working? If this tool ends, what else breaks? What continuity can be preserved without handing over live credentials to somebody who shouldn’t have them?

    7. How do I know the exit still works? Drill cadence. When was the last time you actually exported the data and opened the export on a clean machine to verify it was intact?

    If you answer these seven questions for every tool in your stack, you will find things that surprise you. Credentials that have been in live rotation for three years. Tools whose “export” button produces a file that can’t be opened by anything else. Dependencies on your Gmail that would make inheritance a nightmare. That’s fine — finding those things is the point. You can’t fix what you haven’t looked at.

    The four exit scenarios

    Every exit fits into one of four shapes. The shape determines the runbook. Getting this taxonomy right is what lets the rest of the protocol be specific.

    Sudden: breach or compromise

    The credential leaked. The account got taken over. A vendor breach exposed data you didn’t know was even there. Minutes matter. The goal is to contain the damage, not to plan the migration.

    Forced: policy or shutdown

    The vendor killed the product. The terms changed in a way you can’t live with. The price went up by an order of magnitude. Days to weeks, usually. The goal is to export cleanly and migrate to a successor before the window closes.

    Terminal: death or incapacity

    You are gone or can’t operate. Someone else has to keep things running or wind them down cleanly. This is the scenario most operators never plan for, and it’s the one with the highest cost if the plan doesn’t exist.

    Voluntary: better option or done

    You chose to leave. Migration to a new tool. End of a client engagement. Lifestyle change. Weeks to months of runway. The goal is a clean handoff with no orphan state left behind.

    Each of these has its own runbook. Running the wrong one for the situation is a common failure — treating a forced shutdown like a voluntary migration wastes the window; treating a breach like a forced shutdown fails to contain the damage.

    Runbook: Sudden

    The situation is: something leaked or got taken over. You find out either because a monitoring alert fired or because something visibly broke. Either way, the clock started before you noticed.

    1. Contain. Pull the compromised credential immediately. Rotate the key. Revoke every token you issued through that credential. Sign out of every active session. This is the first ten minutes.

    2. Scope. List every system the credential touched in the last thirty days. Assume the blast radius is wider than it looks — adjacent systems often share trust in ways you forgot about. The goal is to understand what the attacker could have done, not just what they did do.

    3. Notify. If client or customer data is in scope, notify according to your contracts and any applicable law. Today, not tomorrow. Breach disclosure windows are tight and getting tighter; the legal risk of delay is usually worse than the embarrassment of early notification.

    4. Rebuild. Issue a new credential. Scope it to minimum permissions. Never restore the old credential — the temptation to “reuse it once we figure out what happened” is how re-compromise works.

    5. Postmortem. Write it the same week. Not a blameless postmortem for PR purposes; a real one, for your own internal knowledge. What was the failure mode? What signal did you miss? What changes to the protocol would have caught it earlier? The postmortem is the only way the Sudden scenario makes the rest of the stack safer instead of just more anxious.

    Runbook: Forced

    A vendor is shutting down the product, changing the terms in an unacceptable way, or pricing you out. You have some window of runway — days to weeks — before the tool goes dark.

    1. Triage. How long until the tool goes dark? What is the critical-path data — the stuff that doesn’t exist anywhere else? Separate that from everything else.

    2. Export. Run the full export immediately, even before you’ve decided what to migrate to. A cold archive is cheap; a missed export window is permanent. This is the most common failure mode of the Forced scenario — operators wait until they’ve chosen a successor before exporting, and the window closes.

    3. Verify. Open the export on a clean machine. Not the one you usually work on. A clean machine, with no existing context, so you can confirm that the export is actually usable without the source system. Many “export” features produce files that look complete but reference data that only exists in the source system.

    4. Choose a successor. Match on data shape, not feature list. The data is the asset; the UI is rentable. A successor tool that imports your data cleanly but doesn’t have every feature you liked is a better choice than one with more features and a lossy import path.

    5. Cutover. Migrate. Run both systems in parallel for one full operational cycle. Then decommission the old one. The parallel cycle is where you discover what the export missed.

    Runbook: Terminal

    This is the runbook most operators never write. Writing it is the whole point of this article.

    If you are gone or can’t operate, someone else needs to know: what’s running, who depends on it, and how to either keep things going or wind them down cleanly. The default state — no plan — is a nightmare for whoever inherits the problem.

    The Terminal runbook has five components, and each one can be written in an evening. Don’t let the scope of the topic talk you out of writing the simple version now.

    Primary steward. One named person who becomes the point of contact if you can’t operate. Usually a spouse, partner, or trusted family member. They don’t need to understand how the stack works. They need to know where the instructions are and who the operational steward is.

    Operational steward. A named professional who can keep systems running during the transition. For technical infrastructure, this is typically a trusted developer or consultant who already knows your stack. For legal and financial, this is an attorney and accountant. Name them. Have the conversation with them before you need it.

    What the primary steward gets immediately. A one-page document describing the situation. Access to a password manager recovery kit. A list of active clients and the minimum needed to pause operations gracefully. Contact information for the operational steward. Nothing more than this. Specifically, they do not get live admin credentials to client systems, live cloud provider keys, or live AI project memory — those are inheritance paths that go through the operational steward or the attorney, not into a drawer.

    Trigger documents. A signed letter of instruction, stored with the attorney and copied to a trusted location at home. It references the operational runbook by URL or location. It names who is authorized to do what, under what conditions, for how long.

    Digital legacy settings. Most major platforms have inactive-account or legacy-contact features built in. Configure them. Google has Inactive Account Manager. Apple has Legacy Contact. Notion has workspace admin inheritance. Configuring these is fifteen minutes per platform and they do real work when they’re needed.

    Crucial: do not store live credentials in a will. Wills become public record in probate. The recovery path is a letter of instruction pointing at a password manager whose emergency kit is held by a trusted professional, not credentials written into a legal document.

    Runbook: Voluntary

    You chose to leave. Good. This is the least stressful exit because you have runway, you chose the timing, and the data is not under siege.

    1. Announce the exit window. To yourself. To your team. To any client whose work touches this tool. Set a specific date and commit to it.

    2. Freeze net-new. Stop adding data to the system being retired. New data goes to the successor; old data stays put until migration.

    3. Export and verify. Same as the Forced runbook. Full export, clean machine, integrity check.

    4. Migrate. Move data to the successor. Re-point automations, integrations, and any external references. Update documentation and internal links.

    5. Archive. Keep a cold copy of the old system’s export in durable storage, labeled with the exit date. Do not delete the original account for at least ninety days. Things you forgot about will surface during that window and you will want the ability to recover them.

    6. Decommission. Revoke remaining keys. Cancel billing. Close the account. Remove the tool from your password manager. Update any documentation that still mentioned it.

    The drill cadence (the thing that actually makes the protocol real)

    A protocol nobody practices is a protocol that doesn’t exist. The only way to know your exit plan works is to test it, repeatedly, on a schedule that makes failures cheap.

    Quarterly — thirty minutes. Pick one tool. Run its export. Open the export on a clean machine. Log the result. If the export is broken, fix it now, while there’s no emergency. Thirty minutes, four times a year. That’s two hours of investment to know your stack is actually recoverable.

    Semi-annual — two hours. Rotate every credential in the stack. Prune AI memory down to what’s actually load-bearing. Re-read the exit protocol end-to-end and update anything that’s drifted out of date. The credential rotation alone catches more problems than any other single practice in the hygiene layer.

    Annual — half a day. Run a full Terminal scenario dry run. Sit with your primary steward. Walk through the letter of instruction. Verify that your attorney has the current version. Update the digital legacy settings on every major platform. Confirm that the operational steward is still willing and available.

    These cadences add up to roughly eight hours of exit-related work per year. Eight hours against the cost of a stack that could otherwise catastrophically collapse on the worst day of your life. It’s a trade you want to make.

    The pre-entry checklist

    The most important protocol move is the one that happens before the tool enters the stack at all. Every new tool you adopt creates an exit you’ll eventually need. Planning it at entry is radically cheaper than planning it in crisis.

    Before adopting any new tool, answer these questions:

    What is the export format, and have you opened a sample export? If the vendor doesn’t offer export, or the export is a proprietary format nothing else reads, the tool is a data trap. Accept the tradeoff knowingly or pick a different tool.

    Is there an API that would let you back up without the UI? UI-only exports scale poorly. An API you can call on a schedule gives you durable backup without depending on the vendor to maintain the export feature.

    What is the vendor’s retention and deletion policy? How long does data stick around after you stop paying? What happens to the data if the vendor is acquired? What’s their policy on third-party data processing?

    What credentials or tokens will this tool hold, and where do they rotate? A tool that holds an OAuth token to your primary email is a very different risk profile from one that holds only its own password. Inventory the credentials at entry.

    If the vendor raises the price ten times, what is your Plan B? This question sounds paranoid. Vendors raise prices tenfold more often than you’d expect. Having a Plan B in mind at entry is very different from scrambling for one at the three-week mark of a forced migration.

    If you died tomorrow, how would someone downstream keep this working or shut it down cleanly? If the answer is “they couldn’t,” you haven’t finished adopting the tool. Keep this in mind particularly for anything where you’re the only person with access.

    Does this tool belong in your knowledge workspace, your compute layer, or neither? Not every new tool earns a place in the stack. Some are better rented briefly for a specific project and then left behind. The pre-entry moment is when you decide which tier this tool lives in.

    Seven questions. Fifteen minutes of thinking. The return on those fifteen minutes is everything you don’t have to untangle later.

    What this protocol is not

    Three clarifications to close the frame correctly.

    This isn’t paranoid. It’s ordinary due diligence applied to a category of risk that most operators have not caught up to yet. Every legal entity has a wind-down plan. Every serious business has a disaster recovery plan. The digital life of a one-human operator running a real business has the same obligations; it just hasn’t had them named before.

    This isn’t purely defensive. The exit protocol produces upside beyond catastrophe avoidance. The discipline of knowing what’s in every tool, who has access, and how to get data out makes the whole stack more coherent. Operators who run this protocol find themselves making cleaner choices about new tools, which means less sprawl, which means less hygiene debt. The protocol pays rent every month, not just when things break.

    This isn’t a one-time project. It’s a standing practice. The stack changes. Tools enter. Tools leave. Credentials rotate. Family situations evolve. The protocol is never finished; it’s maintained. That’s why the drill cadence matters. The one-time-project version of this decays into fiction within a year. The standing-practice version stays alive because it gets touched regularly.

    The one thing I’d want you to walk away with

    One sentence. If you only remember one, let it be this:

    Every tool you enter, you will someday leave — and the cheapest time to plan the leaving is at entry.

    If that sentence changes how you approach the next tool you consider adopting, it changed the shape of your stack. Not in a dramatic way. In the small, compounding way that good hygiene always works.

    The operators I know who have survived the roughest exits — the breaches, the vendor shutdowns, the personal emergencies — all share one thing in common. They planned the exit before they needed it. Not because they expected the catastrophe. Because they understood that the exit was coming, eventually, in some form, for every single thing they’d built, and that planning it in calm was radically cheaper than planning it in crisis.

    The exit is coming. For every tool. For every account. For every service. For every credential. Eventually.

    Plan it now.

    FAQ

    What’s the most important piece of this protocol if I only have an hour to spend?

    Write the one-page Terminal scenario letter. Name your primary steward. Name your operational steward. Put the password manager emergency kit in a place they can find. That one hour, invested now, is the highest-leverage thing in the entire protocol.

    I’m a solo operator with no family. Does the Terminal runbook still apply?

    Yes, and it’s more important for you than for operators with a family who would step in by default. You need an operational steward — a professional or trusted peer — who can wind things down if you can’t. Without that named person, client work will orphan in a way that creates real harm for people who depended on you.

    How often should I rotate credentials?

    Every six months at a minimum for anything load-bearing, immediately on any suspected compromise, and whenever someone with access leaves a collaboration. The Quarterly drill cadence catches stale credentials on a regular rhythm; full rotation on Semi-annual catches the long-tail.

    What about AI-specific exits — Claude, ChatGPT, Notion’s AI?

    Treat AI memory as a liability to be pruned, not an asset to be preserved. Export what’s genuinely valuable (artifacts, specific conversations you want as reference), then prune aggressively. AI memory that sits around accumulating is increasing your blast radius in every other exit scenario. The hygiene move is minimal memory, not maximum memory.

    Do I need an attorney for this?

    For the Terminal scenario specifically, yes. The letter of instruction and any trigger documents that grant authority in your absence are legal documents and should be reviewed by a professional. The rest of the protocol (exports, credential rotation, drill cadence) doesn’t need legal help.

    What about my password manager? What happens if I lose access to it?

    Every major password manager has an emergency access feature — a trusted contact who can request access to your vault after a waiting period. Configure it. It’s the single most important configuration item in the entire protocol, because the password manager is the root of recovery for everything else.

    How do I know when my export is actually complete?

    Open it on a different machine, in a different tool, and try to answer three specific questions using only the export: “What was the state of X project?”, “Who had access to Y?”, “When did Z happen?” If you can answer all three, the export is usable. If any question requires reaching back to the source system, the export is incomplete.

    What if my spouse or partner isn’t technical? Can they still be the primary steward?

    Yes. The primary steward’s job is not to operate the systems. Their job is to know where the instructions are and who to call. If you write the operational runbook clearly enough that a non-technical person can follow it to the operational steward, the division of responsibility works.

    Closing note

    The section of your digital life you haven’t written yet is the exit. Almost nobody writes it until they need it, and the moment you need it is the worst moment to write it.

    Write it now, in calm, with time to think. Don’t try to write it perfectly. A rough version that exists is infinitely better than a perfect version that doesn’t. The drill cadence will improve the rough version over years; the blank document never improves at all.

    If this article leads you to spend a single evening on a single runbook — even just the Terminal scenario, even just the one-page letter to your primary steward — it has done its job. The rest of the protocol can build from there.

    Every tool you enter, you will someday leave. Leave on purpose.

    Sources and further reading

    Related pieces from this body of work:

    On the Terminal scenario specifically, the Google Inactive Account Manager and Apple Legacy Contact features are both worth configuring today. Fifteen minutes apiece. Search your account settings for “inactive” or “legacy.”

  • Archive vs Execution Layer: The Second Brain Mistake Most Operators Make

    Archive vs Execution Layer: The Second Brain Mistake Most Operators Make

    I owe Tiago Forte a thank-you note. His book and the frame he popularized saved a lot of people — including a younger version of me — from living entirely inside their email inbox. The second brain concept was the right idea for the era it emerged in. It taught a generation of knowledge workers that their thinking deserved a system, that notes were worth taking seriously, that personal knowledge management was a discipline and not a character flaw.

    But the era changed.

    Most operators still building second brains in April 2026 are investing in the wrong thing. Not because the second brain was ever a bad idea, but because the goal it was built around — archive your knowledge so you can retrieve it later — has been quietly eclipsed by a different goal that the same operators actually need. They haven’t noticed the eclipse yet, so they’re spending evenings tagging notes and building elaborate retrieval systems while the job underneath them has shifted.

    This article is about the shift. What the second brain was for, what it isn’t for anymore, and what it should be replaced with — or rather, what it should be promoted to, because the new goal isn’t the opposite of the second brain; it’s the next version.

    I’m going to use a single distinction that has saved me more architecture mistakes than any other in the last year: archive versus execution layer. Once you can tell them apart, most of the confusion about knowledge systems resolves itself.

    What the second brain actually was (and why it worked)

    Before the critique, credit where credit is due.

    The second brain frame, as Tiago Forte articulated it starting around 2019 and formalized in his 2022 book, was a response to a specific problem. Knowledge workers were drowning in information — articles to read, books to remember, meetings to process, ideas to capture. The brain, the original one, is not great at holding all of that. Things slipped. Valuable thinking got lost. The second brain proposed a systematic external memory: capture widely, organize intentionally (the PARA method — Projects, Areas, Resources, Archives), distill progressively, express creatively.

    It worked because it named the problem correctly. For someone whose job required integrating lots of information into creative output — writers, researchers, analysts, knowledge workers — the capture-organize-distill-express loop produced real leverage. Over 25,000 people took the course. The book was a bestseller. An entire productivity-content ecosystem grew up around it. Notion became popular partly because it was a good place to build a second brain. Obsidian and Roam Research exploded for the same reason.

    I want to be unambiguous: the second brain frame was a good idea, correctly articulated, in the right moment. If you built one between 2019 and 2023 and it served you, it served you. You weren’t wrong to do it.

    You just might be wrong to still be doing it the same way in 2026.

    The thing that quietly changed

    Here’s what shifted between the era the second brain frame emerged and now.

    In 2019, the bottleneck was retrieval. If you had captured a piece of information — an article, a quote, an insight — the question was whether you could find it again when you needed it. Your system had to help the future-you pull the right thing out of the archive at the right time. Tagging mattered. Folder structure mattered. Search mattered. The whole architecture was designed to solve the retrieval bottleneck.

    In 2026, retrieval is no longer a meaningful bottleneck. Claude can read your entire workspace in seconds. Notion’s AI can search across everything you’ve ever put in the system. Semantic search finds things your tagging couldn’t. If you captured it, you can find it — without ever having to think about where you put it or what you called it.

    The retrieval problem got solved.

    So now the question is: what is the knowledge system actually for?

    If its job was to help you retrieve things, and retrieval is a solved problem, then the whole architecture of a second brain — the capture discipline, the PARA hierarchy, the progressive summarization — is solving a problem that is no longer the binding constraint on your productivity.

    The new bottleneck, the one that actually determines whether an operator ships meaningful work, is not retrieval. It’s execution. Can you actually act on what you know? Can your system not just surface information but drive action? Can the thing you built help you run the operation, not just remember it?

    That’s a different job. And a system optimized for the first job is not automatically good at the second job. In fact, it’s often actively bad at it.

    Archive vs execution layer: the distinction

    Let me name the distinction clearly, because the whole article depends on it.

    An archive is a system whose primary job is to hold information faithfully so that it can be retrieved later. Libraries are archives. Filing cabinets are archives. A well-organized Google Drive is an archive. A second brain, in its classical formulation, is an archive — a carefully indexed personal library of captured thought.

    An execution layer is a system whose primary job is to drive the work actually happening right now. It holds the state of what’s in flight, what’s decided, what’s next. It surfaces what matters for current action. It interfaces with the humans and AI teammates who are doing the work. An operations console is an execution layer. A well-designed ticketing system is an execution layer. A Notion workspace set up as a control plane (which I’ve written about elsewhere in this body of work) is an execution layer.

    Both have their place. They are not competing for the same real estate. You need some archive capability — legal records, signed contracts, historical decisions worth preserving. You need some execution layer — for the actual work in motion.

    The mistake most operators make in 2026 is treating their entire knowledge system like an archive, when their bottleneck has become execution. They pour energy into capture, organization, and retrieval. They get very little back because those activities no longer compound into leverage the way they used to. Meanwhile, their execution layer — the thing that would actually move their work forward — is underbuilt, undertooled, and starved of attention.

    The shift isn’t abandoning archiving. It’s recognizing that archiving is now the boring, solved utility layer underneath, and the real system design question is about the execution layer above it.

    Why the second brain architecture actively gets in the way

    This is the part that’s going to be uncomfortable for some readers, and I want to name it directly.

    The classical second-brain architecture doesn’t just fail to produce leverage for operators. It actively fights against what you actually need your system to do.

    Capture everything becomes capture too much. The core discipline of a second brain is wide capture — save anything that might be useful, sort it out later. In a retrieval-bound world this was fine because the downside of over-capture was only disk space. In an AI-read world, over-capture has a new cost: the AI you’ve wired into your workspace now has to reason across a corpus full of things you shouldn’t have saved. Old half-formed ideas. Articles that turned out not to matter. Drafts of thinking you would never let see daylight. Your AI teammate is seeing all of it, weighting it in responses, occasionally surfacing it in ways that are embarrassing.

    PARA optimizes for archive navigation, not current action. Projects, Areas, Resources, Archives. It’s a taxonomy for finding things. A taxonomy for doing things looks different: what’s active, what’s on deck, what’s blocked, what’s decided, what’s watching. Many people’s PARA systems silently morph into graveyards where active projects die because the structure doesn’t surface them — it files them.

    Progressive summarization trains the wrong reflex. The Forte method of progressively bolding, highlighting, and distilling notes is brilliant for a future-retrieval world. The reflex it trains — “I’ll process this later, the value is in the distillation” — is poisonous for an execution world. The value now is in doing the work, not in preparing the notes for the work.

    The system becomes the job. The most common failure mode I’ve watched play out is operators who spend more time tending their second brain than they spend on actual output. Tagging. Reorganizing. Restructuring their PARA hierarchy for the fourth time this year. The second brain becomes a hobby that feels productive because it’s complicated, but produces nothing the world actually sees. This has always been a risk of personal knowledge management, but it compounds dramatically in 2026 because the system-tending is now competing with a different, higher-leverage use of the same time: building the execution layer.

    I am not saying these failure modes are inherent to Tiago’s teaching. He’s explicit that the system should serve the work, not become the work. But the architecture makes the wrong path easier than the right one, and a lot of practitioners take it.

    What an execution layer actually looks like

    If you’ve followed the rest of my writing this month, you’ve seen pieces of it. Let me name it directly now.

    An execution layer is a workspace organized around the actual objects of your business — projects, clients, decisions, open loops, deliverables — rather than around categories of knowledge. Each object has a status, an owner, a next action, and a surface where it lives. The system exists to drive those objects forward, not to hold them for contemplation.

    A functioning execution layer has:

    A Control Center. One page you open first every working day that surfaces the live state — what’s on fire, what’s moving, what needs your call. Not a dashboard in the BI sense. A living summary updated continuously, readable in ninety seconds.

    An object-oriented database spine. Projects, Tasks, Decisions, People (external), Deliverables, Open Loops. Each one a real operational entity. Each one with a clear status taxonomy. Each one answerable to the question “what changed recently and what does that mean I should do?”

    Rhythms embedded in the system itself. A daily brief that writes itself. A weekly review that drafts itself. A triage that sorts itself. The system does the operational rhythm work so the human can do the judgment work.

    A small, deliberate archive underneath. Yes, you still need to preserve some things. Completed project records. Signed contracts. Important decisions for the historical record. But the archive is the sub-basement of the execution layer, not the whole building. You visit it occasionally. You don’t live there.

    Wired-in intelligence. Claude, Notion AI, or whatever intelligence layer you’ve chosen, reading from and writing to the execution layer so it can actually participate in the work rather than just answering questions about your notes.

    Compare that to what a classical second brain prioritizes — capture discipline, PARA hierarchy, progressive summarization — and you can see the difference immediately. The second brain is a library. The execution layer is a workshop.

    Operators need workshops, not libraries. Libraries are lovely. Workshops get things built.

    The migration path (how to change without blowing up what you have)

    If this article has landed and you’re looking at your own carefully-built second brain and realizing it’s mostly an archive, here’s how I’d approach the transition. I’ve done this in my own system, so this isn’t theoretical.

    Don’t delete anything yet. The worst move is to blow up the existing structure and rebuild from scratch. You have years of context in there. You’ll lose some of it even if you try to be careful. The right move is a layered transition, where you build the execution layer above the archive while leaving the archive intact underneath.

    Build the Control Center first. Before you touch any existing content, create the new anchor. One page. Two screens long. Links to the databases you actually work from. Live state at the top. This is the new front door to your workspace.

    Identify the active objects. What are you actually working on? Which clients, projects, deliverables, decisions? Make clean new databases for those, separate from whatever PARA folders you’ve accumulated. Move live work into those new databases. Let dead work stay in the archive where it already is.

    Install one rhythm agent. Pick the one operational rhythm that costs you the most attention — usually the morning context-gathering. Build a Custom Agent that handles it. See what it changes. Add another agent only after the first one is actually working.

    Gradually migrate what matters, archive what doesn’t. Over time, anything in your old second-brain structure that you actually reference will reveal itself by showing up in searches and references. Move those into the execution layer. Anything that doesn’t come up in a year genuinely belongs in the archive, not in your working system.

    Accept that the archive will shrink in importance over time. Not because it’s useless, but because its role changes from “primary workspace” to “occasional reference.” That’s fine. The archive was never the point. You just thought it was because the frame you were working from told you so.

    The whole transition can happen over a month of evenings. It doesn’t require a weekend rebuild. It requires a mental shift from “the system is a library” to “the system is a workshop with a small library attached.”

    What this is not

    A few clarifications before the critique side of this article leaves the wrong impression.

    I’m not saying don’t take notes. Taking notes is still valuable. Capturing thinking is still valuable. The shift isn’t away from writing things down; it’s away from treating the collection of written-down things as the system’s point.

    I’m not saying Tiago Forte was wrong. He was right for the era. He’s also shifted with the era — his AI Second Brain announcement in March 2026 is an explicit acknowledgment that the frame needs to evolve. Anyone still teaching the pure 2022 version of second-brain methodology without integrating what AI changed is the one not keeping up. Tiago himself is keeping up.

    I’m not saying archives are obsolete. Some things deserve archiving. Legal records, contracts, finished projects you might revisit, historical decisions, creative work you’ve produced. Archives are still a useful subcomponent of a functioning operator system. They just aren’t the system anymore.

    I’m not saying everyone who built a second brain made a mistake. If yours is working for you, keep it. The question is whether, if you sat down to design a knowledge system from scratch in April 2026 knowing what you now know about AI-as-teammate, you would build the same thing. My guess is most operators honestly answering that question would say no. If that’s your answer, this article is for you. If it isn’t, you can ignore me and carry on.

    The generalization: every layer eventually gets demoted

    There’s a broader pattern here worth naming because it keeps happening and most operators don’t see it coming.

    Every system that was load-bearing in one era gets demoted to a utility layer in the next. This isn’t a failure of the old system; it’s evidence that something else got built on top.

    Filing cabinets were a primary interface to knowledge work in the mid-20th century. They’re now a sub-basement of most offices. Email was a revolution in the 1990s. It’s now a backchannel for notifications from actual productivity systems. Spreadsheets were the original personal computing killer app. They’re now mostly a data-plumbing layer underneath dashboards and applications.

    The second brain is on the same arc. In 2019 it was revolutionary. In 2026 it’s becoming the quiet plumbing underneath the actual workspace. The frame that wanted it to be the whole system is going to age badly. The frame that treats archiving as a useful utility layer under something more alive is going to age well.

    The prediction that matters: five years from now, the operators who get the most leverage will be running execution layers with archives attached, not archives with execution layers grafted on. The architecture will be inverted from the second-brain orientation, and the second-brain era will look like the phase where people learned they needed a system — before the system learned what it was for.

    The one thing I want you to walk away with

    If you only remember one sentence from this article, let it be this:

    Your system’s job is to drive action, not to preserve context.

    Preserving context is a useful secondary function. The whole point of the system — the thing that justifies the time, the maintenance, the architectural decisions, the discipline — is that it helps you act. Not remember. Not retrieve. Not feel organized. Act.

    Every design decision you make about your knowledge system should be tested against that criterion. Does this help me act on what matters? If yes, keep it. If no, archive it or remove it. The discipline is ruthless about what earns its place, because everything that doesn’t earn its place is stealing attention from the thing that would.

    Most second brains I see in 2026 fail that test for most of their bulk. That’s the polite version. The honest version is that many operators have built elaborate systems that feel productive to maintain but produce nothing measurable in the world.

    The execution layer is the fix. Not as a replacement for archiving, but as the shift in orientation: from “preserve knowledge” to “drive work,” from library to workshop, from the discipline of capture to the discipline of action.

    If you take one evening this week and spend it rebuilding your workspace around that question, you will get more leverage from that evening than from a month of tagging.

    FAQ

    Is the second brain dead? No. The frame — “build a system that serves as external memory for your thinking” — is still useful. What’s changed is that the architecture Tiago Forte taught was optimized for a retrieval-bound world, and retrieval is no longer the binding constraint. The concept lives on; the implementation has evolved.

    What about Tiago’s new AI Second Brain course? It’s an honest update to the frame. Tiago announced his AI Second Brain program in March 2026 as a response to the same shift this article describes — Claude Code, agent harnesses, and AI that can actually read and act on your files. His version and mine may differ in emphasis, but we’re pointing at the same underlying change.

    Should I delete my existing second brain? No. Build the execution layer on top of it, migrate what matters, let the rest stay archived. Deleting your historical work is a loss you can’t undo. Reorienting what you focus on going forward is a gain that doesn’t require destroying what you have.

    What if I’m not an operator? What if I’m a student, writer, or creative? The archive-versus-execution-layer distinction still applies but weights differently. Students and creatives may still benefit from an archive orientation because their work actually does involve deep research and synthesis that’s retrieval-bound. Operators running businesses have a different bottleneck. Match the system to the actual bottleneck in your specific work.

    What do you use for your own execution layer? Notion, with Claude wired in via MCP, and a handful of operational agents running in the background. The specific stack is described in my earlier articles in this series; the pattern is tool-independent. Any capable workspace plus a capable AI layer can implement it.

    What about systems like Obsidian, Roam, or Logseq? All excellent archives. Less suited to the execution-layer role because they were designed around the knowledge-graph-and-retrieval use case. You can build execution layers in them, but you’re fighting the grain of the tool. Notion’s database-and-template orientation is a better fit for the operator pattern.

    Isn’t this just reinventing project management? Partially, yes. The execution layer shares DNA with project management systems. The difference is that project management systems are typically built for teams coordinating across many people, while the operator execution layer is built for one human (or a very small team) leveraged by AI. The priorities and design choices differ accordingly.

    How long does this transition take? The minimum viable version — Control Center, object-oriented databases, one rhythm agent — is a week of part-time work. The full transition from a classical second brain to a working execution layer is usually two to three months of gradual iteration. You don’t have to do it all at once.

    Closing note

    I wrote this knowing some readers will push back, and pushback on this one will be easier to dismiss than to engage with. That’s worth flagging up front.

    The easy dismissal: “You’re attacking Tiago Forte.” I’m not. I’m updating the frame he built, using tools he didn’t have access to, for problems that weren’t the binding constraint when he built it. If he’s updated his own frame — and he has — then updating mine is just keeping honest.

    The harder dismissal: “My second brain works for me.” Great. Keep it. If it actually produces leverage you can measure, the article doesn’t apply to you. If you’re being defensive because you’ve invested time in something you suspect isn’t paying rent, sit with that honestly before rejecting the argument.

    The operators I most want to reach with this piece are the ones who have a working second brain but feel a quiet sense that it isn’t quite delivering what they thought it would. That feeling is signal. It’s telling you the bottleneck has moved. The system you built was right for the problem it was solving; the problem has shifted underneath it.

    Promote the archive to a utility. Build the execution layer above. Let the system drive the work instead of holding it for review. That’s the whole move.

    Thanks for reading. If this one lands for you, the rest of this body of work goes deeper into how to actually build what I’m describing. If it doesn’t, no harm — there are plenty of places to read the traditional frame, and I’m not trying to convert anyone who’s still getting value from that version.

    The point is to have the argument out loud, because most operators haven’t heard it yet, and knowing what the argument is gives you the ability to decide for yourself.

    Sources and further reading

    Related pieces from this body of work:

  • How to Wire Claude Into Your Notion Workspace (Without Giving It the Keys to Everything)

    How to Wire Claude Into Your Notion Workspace (Without Giving It the Keys to Everything)

    Last refreshed: May 15, 2026

    Update — May 15, 2026: On May 13, 2026, Notion shipped the Notion Developer Platform (version 3.5), with Claude as a launch partner. The platform adds Workers, database sync, an External Agents API, and a Notion CLI. The patterns described in this article still work, but there is now a native, sanctioned alternative for some of what previously required custom MCP wiring or third-party automation. For the full breakdown of what changed and what it means for the Notion + Claude stack, see Notion Developer Platform Launch (May 13, 2026). For the underlying operating philosophy, see The Three-Legged Stack.

    The step most tutorials skip is the one that actually matters.

    Every guide to connecting Claude to Notion walks you through the same mechanical sequence — OAuth flow, authentication, running claude mcp add, and done. It works. The connection lights up, Claude can read your pages, write to your databases, and suddenly your AI has the run of your workspace. The tutorials stop there and congratulate you.

    Here’s the part they don’t mention: according to Notion’s own documentation, MCP tools act with your full Notion permissions — they can access everything you can access. Not the pages you meant to share. Everything. Every client folder. Every private note. Every credential you ever pasted into a page. Every weird thing you wrote about a coworker in 2022 and forgot was there.

    In most setups the blast radius is enormous, the visibility is low, and the decision to lock it down happens after something goes wrong instead of before.

    This is the guide that takes the extra hour. Wiring Claude into your Notion workspace is straightforward. Wiring Claude into your Notion workspace without giving it the keys to everything takes a few additional decisions, a handful of specific configuration choices, and a mental model for what should and shouldn’t flow across the connection. That’s the hour worth spending.

    I run this setup across a real production workspace with dozens of active properties, real client work, and data I genuinely don’t want an AI to have unbounded access to. The pattern below is what works. It is also honest about what doesn’t.

    Why Notion + Claude is worth doing carefully

    Before the mechanics, it’s worth being clear about what you get when you wire this up correctly.

    Claude with access to Notion is not Claude with a better search function. It is a Claude that can read the state of your business — briefs, decisions, project status, open loops — and reason across them to help you run the operation. It can draft follow-ups to conversations it finds in your notes. It can pull together summaries across projects. It can take a decision you’re weighing, find every related piece of context in the workspace, and give you a grounded opinion instead of a generic one.

    That’s the version most operator-grade users want. And it’s only valuable if the trust boundary is drawn correctly. A Claude that has access to your relevant context is a superpower. A Claude that has access to everything you’ve ever written is a liability waiting to catch up with you.

    The whole article is about drawing that boundary on purpose.

    The two connection options (and which one you actually want)

    There are two ways to connect Claude to Notion in April 2026, and the right one depends on what you’re doing.

    Option 1: Remote MCP (Notion’s hosted server). You connect Claude — whether that’s Claude Desktop, Claude Code, or Claude.ai — to Notion’s hosted MCP endpoint at https://mcp.notion.com/mcp. You authenticate through OAuth, which opens a browser window, you approve the connection, and it’s live. Claude can now read from and write to your workspace based on your access and permissions.

    This is the officially-supported path. Notion’s own documentation explicitly calls remote MCP the preferred option, and the older open-source local server package is being deprecated in favor of it. For most operators, this is the right answer.

    Option 2: Local MCP (the legacy / open-source package). You install @notionhq/notion-mcp-server locally via npm, create an internal Notion integration to get an API token, and configure Claude to talk to the local server with your token. You then have to manually share each Notion page with the integration one by one — the integration only sees pages you explicitly grant access to.

    This path is more work and is being phased out. But there’s one genuine reason to still use it: the local path uses a token and the remote path uses OAuth, which means the local path works for headless automation where a human isn’t around to click OAuth buttons. Notion MCP requires user-based OAuth authentication and does not support bearer token authentication. This means a user must complete the OAuth flow to authorize access, which may not be suitable for fully automated workflows.

    For 95% of setups, remote MCP is the right answer. For the 5% running true headless agents, the local package is still the pragmatic choice even though it’s on its way out.

    The rest of this guide assumes remote MCP. I’ll flag the places the advice differs for local.

    The quiet part Notion tells you out loud

    Before we get to the setup, one more thing you need to internalize because it shapes every decision below.

    From Notion’s own help center: MCP tools act with your full Notion permissions — they can access everything you can access.

    Read that sentence twice.

    If you are a workspace member with access to 140 pages across 12 databases, your Claude connection can access 140 pages across 12 databases. Not the 15 you’re working on today. All of them. OAuth doesn’t scope you down to “this project.” It says yes or no to “can Claude see your workspace.”

    This is fine when your workspace is already organized the way you’d want an AI to see it. It is catastrophic when it isn’t, because most workspaces have accumulated years of drift, private notes, credential-adjacent content, sensitive client data, and old experiments that nobody bothered to clean up.

    So before you connect anything, you do the workspace audit. Not because Notion says so. Because your future self will thank you.

    The pre-connection audit (the step tutorials skip)

    Fifteen minutes with the workspace, before you click the OAuth button. Here’s the checklist I run through:

    Find anything that looks like a credential. Search your workspace for the words: password, API key, token, secret, bearer, private key, credentials. Read the results. Move anything sensitive to a credential manager (1Password, Bitwarden, a password-protected vault — not Notion). Delete the Notion copies.

    Find anything you wouldn’t want an AI to read. Search for: divorce, legal, lawsuit, personal, venting, complaint, therapist. Yes, really. People put things in Notion they’ve forgotten are in Notion. An AI that has access to everything you can access will find those things and occasionally surface them in responses. This is embarrassing at best and career-ending at worst.

    Look at your database of clients or contacts. Is there anything in there that shouldn’t travel through an AI provider’s servers? Notion processes MCP requests through Notion’s infrastructure, not yours. Sensitive legal matters, medical information, financial details about third parties — these may deserve a workspace or sub-page that stays outside of what Claude is allowed to see.

    Identify what Claude actually needs. Make a short list: your active projects, your working databases, your briefs page, your daily/weekly notes. This is what you actually want Claude to have context on. The rest is noise.

    Decide your posture. Two options here. You can run Claude against your main workspace and accept the blast radius, or you can create a separate workspace (or a teamspace) that contains only the pages and databases you want Claude to see, and connect Claude to that one. The second option is more work upfront. It is also the only version that actually draws the boundary.

    I run the second option. My Claude-facing workspace is genuinely a subset of what I work with, and the rest of my Notion is on a different membership. It took an hour to set up. It was worth it.

    Connecting remote MCP to Claude Desktop

    Now the mechanics. Starting with Claude Desktop because it’s the simplest.

    Claude Desktop gets Notion MCP through Settings → Connectors (not the older claude_desktop_config.json file, which is being phased out for remote MCP). This is available on Pro, Max, Team, and Enterprise plans.

    Open Claude Desktop. Settings → Connectors. Find Notion (or add a custom MCP server with the URL https://mcp.notion.com/mcp). Click Connect. A browser window opens, Notion asks you to authenticate, you approve. Done.

    The connection now lives in your Claude Desktop. You can start a new conversation and ask Claude to read a specific page, summarize a database, or draft something based on workspace content, and it will.

    One hygiene note: Claude Desktop connections are per-account. If you have multiple Claude accounts (say, a personal Pro and a work Max), each one needs its own connection to Notion. The good news is you can point each one at a different Notion workspace — personal Claude at personal Notion, work Claude at work Notion. This is the operator pattern I recommend for anyone running more than one business context through Claude.

    Connecting remote MCP to Claude Code

    Claude Code is the path most operators actually run at depth, because it’s the version of Claude that lives in your terminal and can compose MCP calls into real workflows.

    The command is one line:

    claude mcp add --transport http notion https://mcp.notion.com/mcp

    Need this set up for your team?

    I set up Claude integrations, GCP infrastructure, and AI workflows for businesses. If you’d rather ship than configure — will@tygartmedia.com

    Then authenticate by running /mcp inside Claude Code and following the OAuth flow. Browser opens, Notion asks you to authorize, you approve, and the connection is live.

    A few options worth knowing about at setup time:

    Scope. The --scope flag controls who gets access to the MCP server on your machine. Three options: local (default, just you in the current project), project (shared with your team via a .mcp.json file), and user (available to you across all projects). For Notion, user scope is usually right — you’ll want Claude to reach Notion from any project you’re working in, not just the current one.

    The richer integration. Notion also ships a plugin for Claude Code that bundles the MCP server along with pre-built Skills and slash commands for common Notion workflows. If you’re doing this seriously, install the plugin. It adds commands like generating briefs from templates and opening pages by name, and saves you from writing your own.

    Checking what’s connected. Inside Claude Code, /mcp lists every MCP server you’ve configured. /context tells you how many tokens each one is consuming in your current session. For Notion specifically, this is useful because MCP servers have non-zero context cost even when you’re not actively using them — every tool exposed by the server sits in Claude’s context, eating tokens. Running /context occasionally is how you notice when an MCP connection is heavier than you expected.

    The permissions pattern that actually protects you

    Now we’re past the mechanics and into the hygiene layer — the part that most guides don’t cover.

    Once Claude is connected to your Notion workspace, there are three specific configuration moves worth making. None of them are hard. All of them pay rent.

    1. Scope the workspace, don’t scope the connection

    The OAuth connection doesn’t let you say “Claude can see these pages but not those.” It lets you say “Claude can see this workspace.” So the place to draw the boundary is at the workspace level, not at the connection level.

    If you have sensitive content in your main workspace, move it. Create a separate workspace for Claude-facing content and keep the sensitive stuff out. Or use Notion’s teamspace feature (Business and Enterprise) to isolate access at the teamspace level.

    This feels like over-engineering until the first time Claude surfaces something in a response that you had forgotten was in your workspace. After that, it doesn’t feel like over-engineering.

    2. For Enterprise: turn on MCP Governance

    If you’re on the Enterprise plan, there’s an admin-level control worth enabling even if you trust your team. From Notion’s docs: with MCP Governance, Enterprise admins can approve specific AI tools and MCP clients that can connect to Notion MCP — for example Cursor, Claude, or ChatGPT. The approved-list pattern is opt-in: Settings → Connections → Permissions tab, set “Restrict AI tools members can connect to” to “Only from approved list.”

    Even if you only approve Claude today, the control gives you the ability to see every AI tool anyone on your team has connected, and to disconnect everything at once with the “Disconnect All Users” button if you ever need to. That’s the kind of control you want to have configured before you need it, not after.

    3. For local MCP: use a read-only integration token

    If you’re using the local path (the open-source @notionhq/notion-mcp-server), you have more granular control than the remote path gives you. Specifically: when you create the integration in Notion’s developer settings, you can set it to “Read content” only — no write access, no comment access, nothing but reads.

    A read-only integration is the right default for anything exploratory. If you want Claude to be able to write too, enable write access later when you’ve decided you trust the specific workflow. Don’t give write access by default just because the integration setup screen presents it as an option.

    This is the one place the local path is actually stronger than remote — you can shape the integration’s capabilities before you grant it access, and the integration only sees the specific pages you share with it. For high-sensitivity setups, this granularity is worth the tradeoff of running the legacy package.

    Prompt injection: the risk nobody wants to talk about

    One more thing before we leave the hygiene section. It’s the thing the industry is least comfortable being direct about.

    When Claude has access to your Notion workspace, Claude also reads whatever is in your Notion workspace. Including pages that came from outside. Including meeting notes that were imported from a transcript service. Including documents shared with you by clients. Including anything you pasted from the web.

    Every one of those is a potential vector for prompt injection — hidden instructions buried in content that, when Claude reads the content, hijack what Claude does next.

    This is not theoretical. Anthropic itself flags prompt injection risk in the MCP documentation: be especially careful when using MCP servers that could fetch untrusted content, as these can expose you to prompt injection risk. Notion has shipped detection for hidden instructions in uploaded files and flags suspicious links for user approval, but the attack surface is larger than any detection system can fully cover.

    The practical operator response is three-part:

    Don’t give Claude access to content you didn’t write, without reading it first. If a client sends you a document and you paste it into Notion and Claude has access to that database, you have effectively given Claude the ability to be instructed by your client’s document. This might be fine. It might be a problem. Read the document before it goes into a Claude-accessible location.

    Be suspicious of workflows that chain untrusted content into actions. A workflow where Claude reads a web-scraped summary and then uses that summary to decide which database row to update is a prompt injection target. If the scraped content can shape Claude’s action, the scraped content can be weaponized.

    Use write protections for anything consequential. Anything where the cost of Claude doing the wrong thing is real — sending an email, deleting a record, updating a client-facing page — belongs behind a human-approval gate. Claude Code supports “Always Ask” behavior per-tool; use it for writes.

    This sounds paranoid. It’s not paranoid. It’s the appropriate level of caution for a class of attack that is genuinely live and that the industry has not yet figured out how to fully defend against.

    What this actually enables (the payoff section)

    Once you’ve done the setup and the hygiene work, here’s what you now have.

    You can sit down at Claude and ask it questions that require real workspace context. What’s the status of the three projects I touched last week? Pull together everything we’ve decided about pricing across the client work this quarter. Draft a response to this incoming email using context from our ongoing conversation with this client. Claude reads the relevant pages, synthesizes across them, and responds with actual grounding — not a generic answer shaped by whatever prompt you happen to type.

    You can run Claude Code against your workspace for development-adjacent operations. Generate a technical spec from our product page notes. Create release notes from the changelog and feature pages. Find every page where we’ve documented this API endpoint and reconcile the inconsistencies.

    You can set up workflows that flow across tools. Claude reads from Notion, acts on another system via a different MCP server, writes results back to Notion. This is the agentic pattern the industry keeps talking about — and with the right permissions hygiene, it actually becomes usable instead of scary.

    None of this is theoretical. I use this pattern every working day. The value is real. The hygiene discipline is what keeps the value from turning into a liability.

    When this setup goes wrong (troubleshooting honestly)

    Five failure modes I’ve seen, in order of frequency.

    Claude doesn’t see the page you asked about. For remote MCP, this almost always means the page is in a workspace you’re not a member of, or in a teamspace you don’t have access to. For local MCP, it means the integration hasn’t been granted access to that specific page — you have to go to the page, click the three-dot menu, and add the integration manually.

    OAuth flow doesn’t complete. Usually a browser issue — popup blocker, wrong Notion account signed in, session expired. Clear auth, try again. If Claude Desktop, disconnect the connector entirely and re-add.

    The connection succeeds but Claude doesn’t seem to be using it. Run /mcp in Claude Code to verify the server is listed and connected. If it’s there and Claude still isn’t invoking it, the issue is usually in how you’re asking — Claude won’t reach for MCP tools just because they exist; you need to phrase the request in a way that makes it obvious the tool is relevant. Find the page about X in Notion works better than tell me about X.

    MCP server crashes or returns errors. For remote, this is rare and usually resolves itself — Notion’s hosted server has the standard cloud-reliability profile. For local, check your Node version (the server requires Node 18 or later), your config file syntax (JSON is unforgiving about trailing commas), and your token format.

    Context token budget goes through the roof. Every MCP server in your connected list contributes tools to Claude’s context on every request. If you have five MCP servers configured, that’s five sets of tool descriptions being loaded into every conversation. Run /context in Claude Code to see the cost. If it’s painful, disconnect the servers you’re not actively using.

    The mental model that keeps you sane

    Here’s the mental model I use for the whole setup. It’s short.

    Claude plus Notion is like giving a new, very capable employee access to your business. You wouldn’t hand a new hire every password, every file, every client record, every private note on day one. You’d give them access to the specific things they need to do the job, watch how they use that access, and expand trust over time based on track record.

    The MCP connection works exactly that way. You decide what Claude gets to see. You decide what Claude gets to write. You watch how it uses that access. You expand the boundary as trust earns itself.

    The operators who get hurt by this kind of setup are the ones who skip the first step and give Claude everything on day one. The operators who get the real value out of it are the ones who treat the connection the way they’d treat any other employee — with deliberate scope, real oversight, and the willingness to revoke access if something goes wrong.

    That’s the discipline. That’s the whole thing.

    FAQ

    Do I need to install anything to connect Claude to Notion? For remote MCP (the recommended path), no installation is required — you connect via OAuth through Claude Desktop’s Settings → Connectors or Claude Code’s claude mcp add command. For local MCP (legacy), you install @notionhq/notion-mcp-server via npm and create an internal Notion integration.

    What’s the URL for Notion’s remote MCP server? https://mcp.notion.com/mcp. Use HTTP transport (not the deprecated SSE transport).

    Can Claude see my entire Notion workspace by default? Yes. MCP tools act with your full Notion permissions — they can access everything you can access. The boundary is set by your workspace membership and teamspace access, not by the MCP connection itself. If you need finer-grained control, isolate Claude-facing content into a separate workspace or teamspace.

    Can I use Notion MCP with automated, headless agents? Remote Notion MCP requires OAuth authentication and doesn’t support bearer tokens, which makes it unsuitable for fully automated or headless workflows. For those cases, the legacy @notionhq/notion-mcp-server with an API token still works, but it’s being phased out.

    What plans support Notion MCP? Notion MCP works with all plans for connecting AI tools via MCP. Enterprise plans get admin-level MCP Governance controls (approved AI tool list, disconnect-all). Claude Desktop MCP connectors are available on Pro, Max, Team, and Enterprise plans.

    Can my company’s admins control which AI tools connect to our Notion workspace? Yes, on the Enterprise plan. Admins can restrict AI tool connections to an approved list through Settings → Connections → Permissions tab. Only admin-approved tools can connect.

    Is Notion MCP secure for confidential business data? The MCP protocol itself respects Notion’s permissions — it can’t bypass what you have access to. However, content flowing through MCP is processed by the AI tool you’ve connected (Claude, ChatGPT, etc.), which has its own data handling policies. For highly sensitive content, the right move is to isolate it in a workspace that Claude doesn’t have access to, rather than relying on the protocol alone to contain it.

    What about prompt injection attacks through Notion content? Real risk. Anthropic explicitly flags it in their MCP documentation. Notion has shipped detection for hidden instructions and flags suspicious links, but no detection system catches everything. The operator response: don’t give Claude access to content you didn’t write without reviewing it first, be suspicious of workflows where untrusted content shapes Claude’s actions, and put human-approval gates on anything consequential.

    What’s the difference between Notion’s built-in AI and connecting Claude via MCP? Notion’s built-in AI (Notion Agent and Custom Agents) runs inside Notion and uses Notion’s integration with frontier models. Connecting Claude via MCP brings Claude — your chosen model, in your chosen interface, with its full capability — to your workspace as an external client. The built-in option is simpler; the MCP option is more powerful and composable across other tools.

    Closing note

    Most tutorials treat the connection as the goal. The connection is the easy part. The hygiene is the part that matters.

    If you wire Claude into your Notion workspace thoughtlessly, you’ve given a capable AI access to every corner of your operational history, and you’ll be surprised how much of what’s in there you’d forgotten. If you wire it in deliberately — with a scoped workspace, with the permissions you’ve thought about, with the posture of giving a new employee measured access — you’ve built something that pays rent every day without ever becoming the liability it could have been.

    One hour of setup. One hour of cleanup. And then one of the most useful AI configurations currently possible in April 2026.

    The intersection of Notion and Claude is where the operator work actually happens now. Worth setting up right.

    Sources and further reading

  • The CLAUDE.md Playbook: How to Actually Guide Claude Code Across a Real Project (2026)

    The CLAUDE.md Playbook: How to Actually Guide Claude Code Across a Real Project (2026)

    Last refreshed: May 15, 2026

    Most writing about CLAUDE.md gets one thing wrong in the first paragraph, and once you notice it, you can’t unsee it. People describe it as configuration. A “project constitution.” Rules Claude has to follow.

    It isn’t any of those things, and Anthropic is explicit about it.

    CLAUDE.md content is delivered as a user message after the system prompt, not as part of the system prompt itself. Claude reads it and tries to follow it, but there’s no guarantee of strict compliance, especially for vague or conflicting instructions. — Anthropic, Claude Code memory docs

    That one sentence is the whole game. If you write a CLAUDE.md as if you’re programming a machine, you’ll get frustrated when the machine doesn’t comply. If you write it as context — the thing a thoughtful new teammate would want to read on day one — you’ll get something that works.

    This is the playbook I wish someone had handed me the first time I set one up across a real codebase. It’s grounded in Anthropic’s current documentation (linked throughout), layered with patterns I’ve used across a network of production repos, and honest about where community practice has outrun official guidance.

    If any of this ages out, the docs are the source of truth. Start there, come back here for the operator layer.

    The memory stack in 2026 (what CLAUDE.md actually is, and isn’t)

    Claude Code’s memory system has three parts. Most people know one of them, and the other two change how you use the first.

    CLAUDE.md files are markdown files you write by hand. Claude reads them at the start of every session. They contain instructions you want Claude to carry across conversations — build commands, coding standards, architectural decisions, “always do X” rules. This is the part people know.

    Auto memory is something Claude writes for itself. Introduced in Claude Code v2.1.59, it lets Claude save notes across sessions based on your corrections — build commands it discovered, debugging insights, preferences you kept restating. It lives at ~/.claude/projects/<project>/memory/ with a MEMORY.md entrypoint. You can audit it with /memory, edit it, or delete it. It’s on by default. (Anthropic docs.)

    .claude/rules/ is a directory of smaller, topic-scoped markdown files — code-style.md, testing.md, security.md — that can optionally be scoped to specific file paths via YAML frontmatter. A rule with paths: ["src/api/**/*.ts"] only loads when Claude is working with files matching that pattern. (Anthropic docs.)

    The reason this matters for how you write CLAUDE.md: once you understand what the other two are for, you stop stuffing CLAUDE.md with things that belong somewhere else. A 600-line CLAUDE.md isn’t a sign of thoroughness. It’s usually a sign the rules directory doesn’t exist yet and auto memory is disabled.

    Anthropic’s own guidance is explicit: target under 200 lines per CLAUDE.md file. Longer files consume more context and reduce adherence.

    Hold that number. We’ll come back to it.

    Where CLAUDE.md lives (and why scope matters)

    CLAUDE.md files can live in four different scopes, each with a different purpose. More specific scopes take precedence over broader ones. (Full precedence table in Anthropic docs.)

    Managed policy CLAUDE.md lives at the OS level — /Library/Application Support/ClaudeCode/CLAUDE.md on macOS, /etc/claude-code/CLAUDE.md on Linux and WSL, C:\Program Files\ClaudeCode\CLAUDE.md on Windows. Organizations deploy it via MDM, Group Policy, or Ansible. It applies to every user on every machine it’s pushed to, and individual settings cannot exclude it. Use it for company-wide coding standards, security posture, and compliance reminders.

    Project CLAUDE.md lives at ./CLAUDE.md or ./.claude/CLAUDE.md. It’s checked into source control and shared with the team. This is the one you’re writing when someone says “set up CLAUDE.md for this repo.”

    User CLAUDE.md lives at ~/.claude/CLAUDE.md. It’s your personal preferences across every project on your machine — favorite tooling shortcuts, how you like code styled, patterns you want applied everywhere.

    Local CLAUDE.md lives at ./CLAUDE.local.md in the project root. It’s personal-to-this-project and gitignored. Your sandbox URLs, preferred test data, notes Claude should know that your teammates shouldn’t see.

    Claude walks up the directory tree from wherever you launched it, concatenating every CLAUDE.md and CLAUDE.local.md it finds. Subdirectories load on demand — they don’t hit context at launch, but get pulled in when Claude reads files in those subdirectories. (Anthropic docs.)

    A practical consequence most teams miss: in a monorepo, your parent CLAUDE.md gets loaded when a teammate runs Claude Code from inside a nested package. If that parent file contains instructions that don’t apply to their work, Claude will still try to follow them. That’s what the claudeMdExcludes setting is for — it lets individuals skip CLAUDE.md files by glob pattern at the local settings layer.

    If you’re running Claude Code across more than one repo, decide now whether your standards belong in project CLAUDE.md (team-shared) or user CLAUDE.md (just you). Writing the same thing in both is how you get drift.

    The 200-line discipline

    This is the rule I see broken most often, and it’s the rule Anthropic is most explicit about. From the docs: “target under 200 lines per CLAUDE.md file. Longer files consume more context and reduce adherence.”

    Two things are happening in that sentence. One, CLAUDE.md eats tokens — every session, every time, whether Claude needed those tokens or not. Two, longer files don’t actually produce better compliance. The opposite. When instructions are dense and undifferentiated, Claude can’t tell which ones matter.

    The 200-line ceiling isn’t a hard cap. You can write a 400-line CLAUDE.md and Claude will load the whole thing. It just won’t follow it as well as a 180-line file would.

    Three moves to stay under:

    1. Use @imports to pull in specific files when they’re relevant. CLAUDE.md supports @path/to/file syntax (relative or absolute). Imported files expand inline at session launch, up to five hops deep. This is how you reference your README, your package.json, or a standalone workflow guide without pasting them into CLAUDE.md.

    See @README.md for architecture and @package.json for available scripts.

# Git Workflow
- @docs/git-workflow.md

    2. Move path-scoped rules into .claude/rules/. Anything that only matters when working with a specific part of the codebase — API patterns, testing conventions, frontend style — belongs in .claude/rules/api.md or .claude/rules/testing.md with a paths: frontmatter. They only load into context when Claude touches matching files.

    ---
paths:
  - "src/api/**/*.ts"
---
# API Development Rules

- All API endpoints must include input validation
- Use the standard error response format
- Include OpenAPI documentation comments

    3. Move task-specific procedures into skills. If an instruction is really a multi-step workflow — “when you’re asked to ship a release, do these eight things” — it belongs in a skill, which only loads when invoked. CLAUDE.md is for the facts Claude should always hold in context; skills are for procedures Claude should run when the moment calls for them.

    If you follow these three moves, a CLAUDE.md rarely needs to exceed 150 lines. At that size, Claude actually reads it.

    What belongs in CLAUDE.md (the signal test)

    Anthropic’s own framing for when to add something is excellent, and it’s worth quoting directly because it captures the whole philosophy in four lines:

    Add to it when:

    • Claude makes the same mistake a second time
    • A code review catches something Claude should have known about this codebase
    • You type the same correction or clarification into chat that you typed last session
    • A new teammate would need the same context to be productive — Anthropic docs

    The operator version of the same principle: CLAUDE.md is the place you write down what you’d otherwise re-explain. It’s not the place you write down everything you know. If you find yourself writing “the frontend is built in React and uses Tailwind,” ask whether Claude would figure that out by reading package.json (it would). If you find yourself writing “when a user asks for a new endpoint, always add input validation and write a test,” that’s the kind of thing Claude won’t figure out on its own — it’s a team convention, not an inference from the code.

    The categories I’ve found actually earn their place in a project CLAUDE.md:

    Build and test commands. The exact string to run the dev server, the test suite, the linter, the type checker. Every one of these saves Claude a round of “let me look for a package.json script.”

    Architectural non-obvious. The thing a new teammate would need someone to explain. “This repo uses event sourcing — don’t write direct database mutations, emit events instead.” “We have two API surfaces, /public/* and /internal/*, and they have different auth requirements.”

    Naming conventions and file layout. “API handlers live in src/api/handlers/.” “Test files go next to the code they test, named *.test.ts.” Specific enough to verify.

    Coding standards that matter. Not “write good code” — “use 2-space indentation,” “prefer const over let,” “always export types separately from values.”

    Recurring corrections. The single most valuable category. Every time you find yourself re-correcting Claude about the same thing, that correction belongs in CLAUDE.md.

    What usually doesn’t belong:

    • Long lists of library choices (Claude can read package.json)
    • Full architecture diagrams (link to them instead)
    • Step-by-step procedures (skills)
    • Path-specific rules that only matter in one part of the repo (.claude/rules/ with a paths: field)
    • Anything that would be true of any project (that goes in user CLAUDE.md)

    Writing instructions Claude will actually follow

    Anthropic’s own guidance on effective instructions comes down to three principles, and every one of them is worth taking seriously:

    Specificity. “Use 2-space indentation” works better than “format code nicely.” “Run npm test before committing” works better than “test your changes.” “API handlers live in src/api/handlers/” works better than “keep files organized.” If the instruction can’t be verified, it can’t be followed reliably.

    Consistency. If two rules contradict each other, Claude may pick one arbitrarily. This is especially common in projects that have accumulated CLAUDE.md files across multiple contributors over time — one file says to prefer async/await, another says to use .then() for performance reasons, and nobody remembers which was right. Do a periodic sweep.

    Structure. Use markdown headers and bullets. Group related instructions. Dense paragraphs are harder to scan, and Claude scans the same way you do. A CLAUDE.md with clear section headers — ## Build Commands, ## Coding Style, ## Testing — outperforms the same content run together as prose.

    One pattern I’ve found useful that isn’t in the docs: write CLAUDE.md in the voice of a teammate briefing another teammate. Not “use 2-space indentation” but “we use 2-space indentation.” Not “always include input validation” but “every endpoint needs input validation — we had a security incident last year and this is how we prevent the next one.” The “why” is optional but it improves adherence because Claude treats the rule as something with a reason behind it, not an arbitrary preference.

    Community patterns worth knowing (flagged as community, not official)

    The following are patterns I’ve seen in operator circles and at industry events like AI Engineer Europe 2026, where practitioners share how they’re running Claude Code in production. None of these are in Anthropic’s documentation as official guidance. I’ve included them because they’re useful; I’m flagging them because they’re community-origin, not doctrine. Your mileage may vary, and Anthropic’s official behavior could change in ways that affect these patterns.

    The “project constitution” framing. Community shorthand for treating CLAUDE.md as the living document of architectural decisions — the thing new contributors read to understand how the project thinks. The framing is useful even though Anthropic doesn’t use the word. It captures the right posture: CLAUDE.md is the place for the decisions you want to outlast any individual conversation.

    Prompt-injecting your own codebase via custom linter errors. Reported at AI Engineer Europe 2026: some teams embed agent-facing prompts directly into their linter error messages, so when an automated tool catches a mistake, the error text itself tells the agent how to fix it. Example: instead of a test failing with “type mismatch,” the error reads “You shouldn’t have an unknown type here because we parse at the edge — use the parsed type from src/schemas/.” This is not documented Anthropic practice; it’s a community pattern that works because Claude Code reads tool output and tool output flows into context. Use with judgment.

    File-size lint rules as context-efficiency guards. Some teams enforce file-size limits (commonly cited: 350 lines max) via their linters, with the explicit goal of keeping files small enough that Claude can hold meaningful ones in context without waste. Again, community practice. The number isn’t magic; the discipline is.

    Token Leverage as a team metric. The idea that teams should track token spend ÷ human labor spend as a ratio and try to scale it. This is business-strategy content, not engineering guidance, and it’s emerging community discourse rather than settled practice. Take it as a thought experiment, not a KPI to implement by Monday.

    I’d rather flag these honestly than pretend they’re settled. If something here graduates from community practice to official recommendation, I’ll update.

    Enterprise: managed-policy CLAUDE.md (and when to use settings instead)

    For organizations deploying Claude Code across teams, there’s a managed-policy CLAUDE.md that applies to every user on a machine and cannot be excluded by individual settings. It lives at /Library/Application Support/ClaudeCode/CLAUDE.md (macOS), /etc/claude-code/CLAUDE.md (Linux and WSL), or C:\Program Files\ClaudeCode\CLAUDE.md (Windows), and is deployed via MDM, Group Policy, Ansible, or similar.

    The distinction that matters most for enterprise: managed CLAUDE.md is guidance, managed settings are enforcement. Anthropic is clear about this. From the docs:

    Settings rules are enforced by the client regardless of what Claude decides to do. CLAUDE.md instructions shape Claude’s behavior but are not a hard enforcement layer. — Anthropic docs

    If you need to guarantee that Claude Code can’t read .env files or write to /etc, that’s a managed settings concern (permissions.deny). If you want Claude to be reminded of your company’s code review standards, that’s managed CLAUDE.md. If you confuse the two and put your security policy in CLAUDE.md, you have a strongly-worded suggestion where you needed a hard wall.

    Building With Claude?

    I’ll send you the CLAUDE.md cheat sheet personally.

    If you’re in the middle of a real project and this playbook is helping — or raising more questions — just email me. I read every message.

    Email Will → will@tygartmedia.com

    The right mental model:

    Concern Configure in
    Block specific tools, commands, or file paths Managed settings (permissions.deny)
    Enforce sandbox isolation Managed settings (sandbox.enabled)
    Authentication method, organization lock Managed settings
    Environment variables, API provider routing Managed settings
    Code style and quality guidelines Managed CLAUDE.md
    Data handling and compliance reminders Managed CLAUDE.md
    Behavioral instructions for Claude Managed CLAUDE.md

    (Full table in Anthropic docs.)

    One practical note: managed CLAUDE.md ships to developer machines once, so it has to be right. Review it, version it, and treat changes to it the way you’d treat changes to a managed IDE configuration — because that’s what it is.

    The living document problem: auto memory, CLAUDE.md, and drift

    The thing that changed most in 2026 is that Claude now writes memory for itself when auto memory is enabled (on by default since Claude Code v2.1.59). It saves build commands it discovered, debugging insights, preferences you expressed repeatedly — and loads the first 200 lines (or 25KB) of its MEMORY.md at every session start. (Anthropic docs.)

    This changes how you think about CLAUDE.md in two ways.

    First, you don’t need to write CLAUDE.md entries for everything Claude could figure out on its own. If you tell Claude once that the build command is pnpm run build --filter=web, auto memory might save that, and you won’t need to codify it in CLAUDE.md. The role of CLAUDE.md becomes more specifically about what the team has decided, rather than what the tool needs to know to function.

    Second, there’s a new audit surface. Run /memory in a session and you can see every CLAUDE.md, CLAUDE.local.md, and rules file being loaded, plus a link to open the auto memory folder. The auto memory files are plain markdown. You can read, edit, or delete them.

    A practical auto-memory hygiene pattern I’ve landed on:

    • Once a month, open /memory and skim the auto memory folder. Anything stale or wrong gets deleted.
    • Quarterly, review the CLAUDE.md itself. Has anything changed in how the team works? Are there rules that used to matter but don’t anymore? Conflicting instructions accumulate faster than you think.
    • Whenever a rule keeps getting restated in conversation, move it from conversation to CLAUDE.md. That’s the signal Anthropic’s own docs describe, and it’s the right one.

    CLAUDE.md files are living documents or they’re lies. A CLAUDE.md from six months ago that references libraries you’ve since replaced will actively hurt you — Claude will try to follow instructions that no longer apply.

    A representative CLAUDE.md template

    What follows is a synthetic example, clearly not any specific project. It demonstrates the shape, scope, and discipline of a good project CLAUDE.md. Adapt it to your codebase. Keep it under 200 lines.

    # Project: [Name]

## Overview
Brief one-paragraph description of what this project is and who uses it.
Link to deeper architecture docs rather than duplicating them here.

See @README.md for full architecture.

## Build and Test Commands
- Install: `pnpm install`
- Dev server: `pnpm run dev`
- Build: `pnpm run build`
- Test: `pnpm test`
- Type check: `pnpm run typecheck`
- Lint: `pnpm run lint`

Run `pnpm run typecheck` and `pnpm test` before committing. Both must pass.

## Tech Stack
(Only list the non-obvious choices. Claude can read package.json.)
- We use tRPC, not REST, for internal APIs.
- Styling is Tailwind with a custom token file at `src/styles/tokens.ts`.
- Database migrations via Drizzle, not Prisma (migrated in Q1 2026).

## Directory Layout
- `src/api/` — tRPC routers, grouped by domain
- `src/components/` — React components, one directory per component
- `src/lib/` — shared utilities, no React imports allowed here
- `src/server/` — server-only code, never imported from client
- `tests/` — integration tests (unit tests live next to source)

## Coding Conventions
- TypeScript strict mode. No `any` without a comment explaining why.
- Functional components only. No class components.
- Imports ordered: external, internal absolute, relative.
- 2-space indentation. Prettier config in `.prettierrc`.

## Conventions That Aren't Obvious
- Every API endpoint validates input with Zod. No exceptions.
- Database queries go through the repository layer in `src/server/repos/`. 
  Never import Drizzle directly from route handlers.
- Errors surfaced to the UI use the `AppError` class from `src/lib/errors.ts`.
  This preserves error codes for the frontend to branch on.

## Common Corrections
- Don't add new top-level dependencies without discussing first.
- Don't create new files in `src/lib/` without checking if a similar 
  utility already exists.
- Don't write tests that hit the real database. Use the test fixtures 
  in `tests/fixtures/`.

## Further Reading
- API design rules: @.claude/rules/api.md
- Testing conventions: @.claude/rules/testing.md
- Security: @.claude/rules/security.md

    That’s roughly 70 lines. Notice what it doesn’t include: no multi-step procedures, no duplicated information from package.json, no universal-best-practice lectures. Every line is either a command you’d otherwise re-type, a convention a new teammate would need briefed, or a pointer to a more specific document.

    When CLAUDE.md still isn’t being followed

    This happens to everyone eventually. Three debugging steps, in order:

    1. Run /memory and confirm your file is actually loaded. If CLAUDE.md isn’t in the list, Claude isn’t reading it. Check the path — project CLAUDE.md can live at ./CLAUDE.md or ./.claude/CLAUDE.md, not both, not a subdirectory (unless Claude happens to be reading files in that subdirectory).

    2. Make the instruction more specific. “Write clean code” is not an instruction Claude can verify. “Use 2-space indentation” is. “Handle errors properly” is not an instruction. “All errors surfaced to the UI must use the AppError class from src/lib/errors.ts” is.

    3. Look for conflicting instructions. A project CLAUDE.md saying “prefer async/await” and a .claude/rules/performance.md saying “use raw promises for hot paths” will cause Claude to pick one arbitrarily. In monorepos this is especially common — an ancestor CLAUDE.md from a different team can contradict yours. Use claudeMdExcludes to skip irrelevant ancestors.

    If you need guarantees rather than guidance — “Claude cannot, under any circumstances, delete this directory” — that’s a settings-level permissions concern, not a CLAUDE.md concern. Write the rule in settings.json under permissions.deny and the client enforces it regardless of what Claude decides.

    FAQ

    What is CLAUDE.md? A markdown file Claude Code reads at the start of every session to get persistent instructions for a project. It lives in a project’s source tree (usually at ./CLAUDE.md or ./.claude/CLAUDE.md), gets loaded into the context window as a user message after the system prompt, and contains coding standards, build commands, architectural decisions, and other team-level context. Anthropic is explicit that it’s guidance, not enforcement. (Source.)

    How long should a CLAUDE.md be? Under 200 lines. Anthropic’s own guidance is that longer files consume more context and reduce adherence. If you’re over that, split with @imports or move topic-specific rules into .claude/rules/.

    Where should CLAUDE.md live? Project-level: ./CLAUDE.md or ./.claude/CLAUDE.md, checked into source control. Personal-global: ~/.claude/CLAUDE.md. Personal-project (gitignored): ./CLAUDE.local.md. Organization-wide (enterprise): /Library/Application Support/ClaudeCode/CLAUDE.md (macOS), /etc/claude-code/CLAUDE.md (Linux/WSL), or C:\Program Files\ClaudeCode\CLAUDE.md (Windows).

    What’s the difference between CLAUDE.md and auto memory? CLAUDE.md is instructions you write for Claude. Auto memory is notes Claude writes for itself across sessions, stored at ~/.claude/projects/<project>/memory/. Both load at session start. CLAUDE.md is for team standards; auto memory is for build commands and preferences Claude picks up from your corrections. Auto memory requires Claude Code v2.1.59 or later.

    Can Claude ignore my CLAUDE.md? Yes. CLAUDE.md is loaded as a user message and Claude “reads it and tries to follow it, but there’s no guarantee of strict compliance.” For hard enforcement (blocking file access, sandbox isolation, etc.) use settings, not CLAUDE.md.

    Does AGENTS.md work for Claude Code? Claude Code reads CLAUDE.md, not AGENTS.md. If your repo already uses AGENTS.md for other coding agents, create a CLAUDE.md that imports it with @AGENTS.md at the top, then append Claude-specific instructions below.

    What’s .claude/rules/ and when should I use it? A directory of smaller, topic-scoped markdown files that can optionally be scoped to specific file paths via YAML frontmatter. Use it when your CLAUDE.md is getting long or when instructions only matter in part of the codebase. Rules without a paths: field load at session start with the same priority as .claude/CLAUDE.md; rules with a paths: field only load when Claude works with matching files.

    How do I generate a starter CLAUDE.md? Run /init inside Claude Code. It analyzes your codebase and produces a starting file with build commands, test instructions, and conventions it discovers. Refine from there with instructions Claude wouldn’t discover on its own.

    A closing note

    The biggest mistake I see people make with CLAUDE.md isn’t writing it wrong — it’s writing it once and forgetting it exists. Six months later it references libraries they’ve since replaced, conventions that have since shifted, and a team structure that has since reorganized. Claude dutifully tries to follow instructions that no longer apply, and the team wonders why the tool seems to have gotten worse.

    CLAUDE.md is a living document or it’s a liability. Treat it the way you’d treat a critical piece of onboarding documentation, because functionally that’s exactly what it is — onboarding for the teammate who shows up every session and starts from zero.

    Write it for that teammate. Keep it short. Update it when reality shifts. And remember the part nobody likes to admit: it’s guidance, not enforcement. For anything that has to be guaranteed, reach for settings instead.

    Sources and further reading

    Community patterns referenced in this piece were reported at AI Engineer Europe 2026 and captured in a session recap. They represent emerging practice, not Anthropic doctrine.

  • The Clean Tool: Why I Keep My Claude Empty of the People I Love

    The Clean Tool: Why I Keep My Claude Empty of the People I Love

    A flagship essay on AI hygiene: what to store, what to keep out, and how to have the conversation about it with the people in your life.

    “What do you know about my girlfriend?”

    Last night my partner Stef asked me a question she had a right to ask. She wanted to know what my AI knew about her.

    I use Claude for hours a day. I run an agency on top of it. I have knowledge bases, project contexts, client stacks, and conversation histories going back years. She watched me work on the thing enough to assume that by now, surely, the AI had a rich picture of her — her sense of humor, her work, the shape of our relationship, the running jokes, the small details a partner remembers. She handed me her phone as a test of it. Let it tell me what it knows.

    The answer was almost nothing.

    My name for her. That she lives here. A few passing references to a Notion chat room she once set up, a voice memo she sent me that we extracted some thinking from. No sense of who she is as a person. No running joke the model could finish. No model of her at all, really.

    She was hurt in a flash, the way you get hurt by something that isn’t an injury but is still information. I was quietly proud, in a way I didn’t know how to explain in the moment. Both reactions were correct. That’s the thing I want to write about here — that the gap between her hurt and my pride is the shape of a whole category of questions almost nobody is asking out loud yet, and it is only going to get bigger.

    We talked about it for a while. I tried to explain why the tool was empty of her on purpose. She let me try. And what came out of the conversation was the argument I’m about to make, which I’ll phrase in one sentence up front so you can decide whether to keep reading:

    Keeping the people you love out of your AI is not forgetting them. It’s a specific kind of care. And the conversation you have about why they’re not in there is how you close the gap between what the tool knows and what the relationship deserves.

    If that sentence lands at all, the rest of this is the why, the how, and the honest version of what I’m still getting wrong.

    AI Memory Is Nuclear Power

    Here’s the frame that has organized my thinking on this for the last year.

    AI memory is nuclear power. Real civilization-scale utility on one side, real civilization-scale danger on the other, and almost nobody I’ve met is running a containment protocol worthy of the payload they’re storing.

    The analogy holds all the way down. The fuel is useful because it’s concentrated — that’s the whole point of a persistent memory that remembers your business, your family, your finances, your health, your history. Concentration is what makes the tool powerful. Concentration is also exactly what makes a spill catastrophic. And the people celebrating the new reactor are almost never the people thinking about the waste.

    The honest position on this, I’ve come to believe, is neither abstinence nor maximalism. It’s containment engineering. You build the reactor and the shielding. You use the tool and you design the protocol for when the tool fails. Pro-AI and pro-guardrail are the same position. Anyone telling you to choose one is selling you something.

    What makes this hard is that the stakes are asymmetric in a way most people never sit with directly. For the platform, your memory is one row in a table of billions — a single unit of risk distributed across a huge population. For you, your memory is a map of your life. The platform’s worst-case scenario is a rough quarter, a settlement, a bad headline. Your worst-case scenario is a destroyed marriage, a leaked client list, a legal catastrophe, a career-ending screenshot. These are not remotely comparable events, and they don’t scale the same way, and they do not reach any kind of equilibrium where the platform’s good-faith security policy protects the individual worst case. The platform is optimizing for its risk profile. Its risk profile is not yours. You are the only person whose worst-case scenario is your worst-case scenario.

    That asymmetry is why individual hygiene matters even when platform security is genuinely excellent. It’s why I don’t think this conversation is paranoid and I don’t think it’s solved and I don’t think you can outsource it.

    Three Failure Modes. Which One Are You?

    Most people running AI at any real depth fall into one of three failure modes, and most of them don’t know which one they’re in. Before I tell you what any of them are, I want you to place yourself while you read.

    The over-loader. This is the person who treats the AI as a second brain and dumps everything into it — credentials, relationships, grievances, client details, medical history, the long rambling voice-memo of what happened at Thanksgiving. It feels like investment. It feels like the tool getting smarter about them. It mostly is. But it also means one breach, one nosy partner, one subpoena, one bad exit from the platform turns the tool into a weapon pointed directly at the user. The over-loader’s failure mode is invisible until it isn’t.

    The under-loader. This is the person who keeps the tool so sterile it never reaches its potential — which is fine as far as it goes, except the humans in their life often discover, usually by accident, that they aren’t in the context at all. That discovery doesn’t land as safety. It lands as erasure. The under-loader’s failure mode is relational, not technical. The tool stays clean, and the relationships pay the cost the tool should have paid.

    The unaware. This is, honestly, most people. No mental model of what’s stored, where, for how long, or under whose policy. They’re making operational decisions — business decisions, relationship decisions, identity decisions — on top of a foundation they have never inspected. They don’t know their AI has memory in six places, not one. They don’t know where the off switch is. They assume chat history is the whole story when chat history is maybe 20 percent of it.

    The first hygiene move is always the same: figure out which mode you default to. Over-loaders need to prune. Under-loaders need to have a conversation with the humans they’ve been quietly protecting without telling them. The unaware need to spend thirty minutes mapping what they’ve actually agreed to.

    I’ve been all three at different points. Most operators I respect have been too. The point of the diagnostic isn’t to shame. It’s to make the failure mode visible enough that you can actually work on it.

    Clean Tool vs. Second Brain: The Choice You Might Not Know You’re Making

    There are two coherent philosophies for how to use AI at depth, and they are genuinely in tension.

    The Clean Tool approach says: the AI is an instrument. You keep it sharp by keeping it empty of identity. You bring the context you need into each session, do the work, and let the session close without leaving a permanent residue of who you were that day. The AI is like a great chef’s knife — it serves you best when it is exactly what it is, not a repository of everything you’ve ever cut with it.

    The Second Brain approach says: the AI is an extension of cognition. The more of you it holds, the more it can do for you. The payoff scales with the investment. Loading your thinking, your projects, your relationships, your patterns into the model is not a liability — it’s the whole point. You are building a partner that knows you well enough to anticipate you. The AI is like a lifelong collaborator who has read every note you ever took.

    Both are legitimate. Both have failure modes. The failure mode of the Clean Tool is that you never reach the depth of partnership that made you interested in AI in the first place — you end up with a very sharp instrument and no deep relationship with the work it enables. The failure mode of the Second Brain is that you build something you cannot leave, cannot audit, and cannot defend if it ever gets read by the wrong person.

    I run Clean Tool. I should say that plainly. I do not believe it is the only right answer. I believe it is the right answer for how I work, what I work on, and who the people around me are. My work touches client data, confidential business strategy, and a personal life I want to keep intact. The cost of a Second Brain leak, for me, is catastrophic in a way I cannot price. The cost of the Clean Tool is friction — I reload context more often, I carry more of my own thinking in my own head, I refuse some of the tool’s offers of recall. That friction is the price of sleeping well.

    I know thoughtful people who run Second Brain and run it well. They’ve built containment around it. They accept different tradeoffs. The worst place to be is the one most users actually occupy, which is a confused middle — enough invested that the data layer has weight, not enough discipline that the containment is real. You get the downsides of both and the upsides of neither.

    So if you take one frame from this piece: the choice isn’t which philosophy is correct. The choice is which one you are running, consciously, with the guardrails appropriate to that choice. Drifting into either by accident is what produces the failure modes nobody wants.

    The People Not in the Memory

    I want to go back to Stef, because this is the part of the piece that matters most to me and I’m not sure I’d trust anyone else to write it the way I need to write it.

    When Stef was hurt that the AI didn’t know her, I understood what she was feeling. The intuition beneath the hurt is simple and very human: you spend hours every day with this thing. It’s your work, your thinking, your hours. If you cared about me the way you care about the work, surely some of that care would show up in the tool. That intuition is not wrong in its values. It’s wrong in its mechanics.

    AI proximity is not relational proximity. Time-on-tool is the worst possible proxy for trust. A person can spend ten hours a day with an AI and share less of themselves with it than they share in a two-minute phone call with their sister. The tool is near you. It is not close to you. These words are not synonyms and they never have been, and the confusion of them is producing a whole new species of interpersonal hurt that our language doesn’t have good words for yet.

    Here is what I believe about the people in my life and my AI’s memory. Stef is not in the tool because she does not need to be in the tool for the tool to do its job. She matters because she is a person, not because the system has modeled her. Putting her in the context would not deepen my relationship with her. It would reduce her to a row in a store I don’t fully control, governed by a policy I did not write, subject to a retention schedule I did not negotiate, accessible to whoever eventually gets to see my session — a partner who leaves, a discovery motion, a breach, a curious kid, a future version of the platform with different terms. None of those futures are certain. All of them are possible. The cost of her being in there, in any of those futures, is hers to pay, not mine.

    And I love her. So she is not in there. That is the mechanism.

    The thing I couldn’t explain to her in the moment, but want to say here, is that the emptiness isn’t neglect. It’s restraint. It’s the same impulse that makes me not tell certain stories at parties even when they’d get a laugh, because they are hers to tell. It’s the same impulse that makes me lock my phone when I step away, even though the odds that anything bad happens in the next ninety seconds are vanishingly small. It’s the practice of treating the people you love as if their information is theirs, which is the simplest expression of respect I know.

    The conversation we had after her hurt was the actual repair. I told her why the tool was empty of her. I told her what was in the tool and what wasn’t. I offered to show her my memory settings, my projects, my contexts — not as a defensive move, but as a matter of domestic transparency. She didn’t take me up on it. The offer was enough. What closed the gap wasn’t the tool changing. It was me being able to say, out loud, you are not in there because I love you, and here is what I mean by that.

    If you use AI at the depth I do and you have people in your life, I think you owe them some version of that conversation. It is not a hard conversation. It is mostly just a clarifying one. But it has to actually happen. The gap between what your tool contains and what your relationship deserves does not close on its own.

    The Containment You Can Install Tonight

    After five sections of framing, you deserve something to do. Here are five moves. None takes more than fifteen minutes. All five together take about an hour. If this is the only section of the piece you act on, you will be meaningfully safer tonight than you were this morning.

    Read your memory. Open whatever interface your AI gives you for stored memories — Claude’s memory settings, ChatGPT’s memory panel, whichever surface your platform exposes. Read every entry top to bottom. For each one, ask three questions: is this still true, is this still relevant, would I be comfortable if this leaked tomorrow? Anything that fails any of the three gets deleted or rewritten. Most people have never read their own AI memory end to end. Doing it once is often the moment the rest of this starts to feel real.

    Map the six surfaces. The chat history is not the whole memory. The whole memory is scattered across at least six surfaces: conversation history, persistent memory features, project knowledge bases, custom instructions, system prompts, and connected integrations (Drive, email, Notion, Slack). Each has a different retention policy. Each has a different surface for deletion. No single UI shows you the total picture. Sit down once and write out, for your specific AI stack, where all six surfaces live for you. This is a twenty-minute exercise that will clarify more than any article could.

    Scope your projects. Stop running one giant context that holds everything. Split into scoped projects — one for client work, one for personal writing, one for household, one for finance if you use it that way. Each project holds only the context it needs. The blast radius of any single compromise stays inside that one project. This is the same least-privilege principle engineers use for software access, applied to context.

    Lock the handoff. The threat model that matters for most individual users is not a sophisticated hacker. It’s the moment someone else touches your unlocked device — a partner borrowing the phone, a kid looking for the calculator, a colleague glancing at your screen, a support agent on a screenshare. Install a short, specific protocol: screen lock by default, session close on context switch, and a named practice for what happens when someone else uses your device. The worst leaks come from the most ordinary moments. Plan for those, not for the movie villain.

    Rotate what the AI has seen. Every credential that has ever appeared in an AI context — API key, password, token, connection string — goes on a rotation schedule the moment it enters. A ninety-day calendar reminder at minimum. Ideally, credentials never enter the AI directly at all; they live in a secrets manager and the AI calls through a proxy that holds the secret. Moving from the first version to the second is one afternoon of plumbing, and it is the single highest-leverage hygiene move an operator can make.

    These are not the whole practice. They are the starter kit. The practice compounds from here.

    The Harder Layer: What I’m Still Getting Wrong

    I want to write this section honestly because the alternative is writing it dishonestly, and there is no version of this piece that earns its argument if I pretend Tygart Media has this figured out.

    So. Here are some real mistakes.

    Earlier this month, the AI stack I use to automate WordPress work made an edit to a client site page without the kind of per-page human confirmation the situation deserved. The edit broke three live pages. The client was patient about it. The rollback worked. No business was lost. But the near-miss had the exact shape of the failure mode this whole piece warns about — capability ran ahead of containment, and a system I trusted made a change faster than my judgment could intervene. The lesson was immediate and I installed the guardrail that afternoon: any live-system action on a high-risk surface now requires explicit per-action confirmation. Read-only actions can run free. Destructive or irreversible actions cannot. The rule sounds obvious stated plainly. It was not in place before the near-miss, and that is on me.

    I have also, at various points, let credentials linger in AI contexts longer than I should have. Not dramatically. Not catastrophically. But in the honest audit I did after the incident above, there were tokens in project files older than the rotation schedule I would tell a client to use. I rotated them. I built the proxy pattern I should have built a year ago. I am closer to clean than I was, and I am not fully there yet.

    There is a reason most operators don’t write sections like this one. The near-miss is pedagogically priceless and professionally embarrassing at the same time. The embarrassment is why the field learns slowly. The honesty, when someone offers it, is the most valuable content in the space — and it is almost never offered, because the incentive structure rewards the polished version over the useful one.

    I am publishing this section anyway because I think the embarrassment is a smaller cost than the slow-learning tax the whole field pays when operators hide their misses. And because an article about hygiene that pretends its author doesn’t sweat is not an article I’d trust from anyone else. If you run AI at operator depth long enough, you will produce near-misses. Whether you learn publicly or privately is the only variable. I’d rather learn where it helps someone else avoid the same move.

    The 2030 View

    If everything in this piece feels a little optional in 2026, project the variables forward and see if the math still works.

    Memory depth is going up, not down — meaningfully, as context windows expand and persistence shifts from opt-in to default. Cross-app memory is already arriving; by 2030 your AI will know what’s in your email and your calendar and your files and your shopping history and your health app, not as separate silos but as a fused picture. Agent autonomy is arriving faster than most people realize — the AI is moving from a thing you consult to a thing that acts on your behalf, which means the containment question shifts from “what does it know” to “what can it do.” Shared household AI layers are arriving, with multiple family members on the same account already common enough that the consent problem stops being individual and becomes governance. And the legal system will catch up to all of this, unevenly, painfully, and in ways you will not want to be the test case for.

    Every problem in this article compounds under those conditions. The over-loader’s blast radius grows. The under-loader’s relational gap widens. The unaware’s foundation gets shakier. The recipes that take an hour now will take a day then. The containment practices that feel precious today will feel obvious in five years, the way locking your front door and not leaving your wallet in the car feel obvious now.

    There will be a public catastrophe. I don’t know whose. I don’t know whether it will be a major breach, a lurid divorce, a criminal discovery, or a platform failure that rewrites retention terms mid-flight. I know it will happen and I know it will reorganize how the rest of us think about this overnight. The people who built the practice before that moment will look prescient. They won’t have been prescient. They’ll have been paying attention.

    I would rather pay attention now, while the stakes are small and the mistakes are cheap, than learn after the public catastrophe when the mistakes are not.

    The Close

    Everything in this piece argues for one small idea.

    The tool is a tool. The person is a person. The hygiene is what keeps those two categories from collapsing into each other.

    When the tool becomes a stand-in for cognition, memory, identity, or intimacy, it has exceeded what it was ever built to do, and the human pays the cost. When the person becomes a user-of-tools who still owns their own thinking, relationships, and responsibility, the tool does what tools are supposed to do — extend capacity without replacing character.

    Every practical move in this article is a local case of that single principle. Every hygiene conversation in your life is an application of it. Every guardrail you install is the same principle, written down.

    And the practice compounds or decays. Six months of deliberate attention makes the moves automatic. Six months of neglect means the muscle memory isn’t there when you need it. This is not a project you complete. It is a standing practice you keep, like locking the door, like reviewing your accounts, like calling the people you love.

    Do one thing tonight. Read your memory. Map your surfaces. Call the person in your life your AI doesn’t know about and tell them why you kept it that way. Any of those. Whichever one feels least comfortable is probably the right one to do first.

    The tool is a tool. The person is a person. The hygiene is what keeps them from becoming each other.

    Start there.

  • What Belfair’s Community AI Layer Actually Knows: A North Mason Resident’s Guide

    What Belfair’s Community AI Layer Actually Knows: A North Mason Resident’s Guide

    Most people in Belfair have had the same experience at least once. You look something up on Google — what time the post office closes, whether a local restaurant is still open, how long the Hood Canal Bridge closure will last — and the answer is wrong, outdated, or so generic it’s useless. National AI systems are worse: ask one about Belfair and you’ll get something that’s technically about a town in Mason County but couldn’t tell you which road floods first after a hard rain, or what the current shellfish closure status is on Hood Canal, or when the construction on the SR-3 bypass actually starts affecting your drive.

    That problem has a name now: the local knowledge gap. And there’s a community-built answer taking shape right here in North Mason.

    What the Belfair Community AI Layer Is

    The Belfair community AI layer is a purpose-built knowledge base covering the specific, practical, hyperlocal information that national platforms don’t carry accurately. It’s not a general-purpose AI that knows everything about everywhere. It’s an AI that knows Belfair — the way a well-connected longtime resident knows Belfair, not the way a data center in another state optimized for broad audiences knows it.

    Think of it as the difference between asking a neighbor who’s lived on Hood Canal for twenty years and asking a stranger with a smartphone. The neighbor knows that the Hood Canal Bridge closes without public notice for submarine transits from Bangor Naval Base, that SR-3 gets dicey near the bypass corridor after a sustained rain event, that the ferry schedule shifts meaningfully in October, and that the Mason County planning department’s actual turnaround on variance applications is different from what the county website suggests. The stranger with the smartphone has none of that.

    The community AI layer is being built to replicate the neighbor — at scale, and accessible to everyone in North Mason.

    What It Actually Covers

    The knowledge base is structured around the categories that matter most to daily life in Belfair and North Mason:

    Infrastructure and transportation. SR-3 is the artery that connects Belfair to Bremerton, Gorst, and everything north. The SR-3 Freight Corridor New Alignment — the long-planned Belfair Bypass — begins construction in Spring 2026 and is projected to open in 2028. Once built, it will route approximately 25 to 30 percent of the current 18,000-plus daily vehicles around Belfair rather than through it. Until then, the existing corridor through town is the commute. The community AI tracks conditions, construction updates, and closure patterns on SR-3 that don’t make it into Google Maps in useful time.

    Hood Canal ecology and seasonal patterns. Hood Canal shellfish harvesting follows WDFW regulations that change annually and mid-season. Closures can come from biotoxin testing, fecal coliform readings, or enforcement actions — and the information is publicly available but scattered across WDFW and DOH databases that most residents don’t know how to query. The community AI consolidates this. If you want to know whether Potlatch or Twanoh beaches are open before you drive out, that’s the kind of question the knowledge layer can answer. (For the current 2026 shellfish season rules, see our Hood Canal shellfish guide.)

    Local business and institutional knowledge. The gap between a business’s Google listing hours and its actual hours is a running frustration in communities like Belfair, where many small businesses update their website irregularly. The community AI is designed to carry current, verified business information — including which businesses have opened, closed, or changed their model in the last quarter, something no national data provider maintains accurately for a town of Belfair’s size.

    Civic and government processes. How does the Mason County building permit process actually work for a small addition? What does the Belfair Water District cover, and where does it hand off? What’s the current status of the Belfair Urban Growth Area planning process? These are questions that matter enormously to North Mason residents and that no national AI carries accurately. The community layer does.

    Schools and community institutions. North Mason School District bus routes, program calendars, and board decisions. The North Mason Timberland Library’s current service hours during and after its remodel. The North Mason Chamber calendar. The Mary E. Theler Wetlands boardwalk and interpretive programs. The community AI treats these as core knowledge, not footnotes.

    Why It Has to Be Built from Inside

    The reason a community AI layer for Belfair can’t be built from outside is not a technology problem — it’s a relationship problem. The knowledge required to make it genuinely useful lives in people: longtime residents, local business owners, county employees, fishing guides, and school administrators who carry institutional knowledge about this specific place. That knowledge gets shared with people who are part of the community. It doesn’t get shared with a data company optimizing for national scale.

    That’s also why access is designed to be free for North Mason residents. The knowledge came from the community. Charging for access would convert infrastructure into a product — and that would change who benefits from it in ways that undermine the entire premise.

    What This Means for Your Day-to-Day

    In practical terms: less time driving to a business that turned out to be closed, less guesswork about Hood Canal conditions before loading the truck, faster answers to Mason County process questions that currently require multiple phone calls, and a commute resource for the SR-3/Gorst corridor that reflects what’s actually happening on the road this morning. For an overview of the infrastructure vision behind the project, see The Internet That Knows Your Town. For the latest on Gorst and ferry conditions, our SR-3 and ferry update is a good starting point for what the community AI will replace with real-time depth.

    The community AI layer for Belfair is under active development. Monthly workshops are planned at the library and community center once the knowledge base reaches minimum useful coverage. The goal is simple: an AI that knows your town, built by people who live here, free for everyone who calls North Mason home.

    Frequently Asked Questions

    What specific questions can Belfair’s community AI answer that national AI cannot?

    Belfair’s community AI is designed to answer hyperlocal questions that national platforms don’t carry accurately — including current Hood Canal shellfish closure status by specific beach, real-time SR-3 and Gorst corridor conditions, Hood Canal Bridge closure patterns, local business hours verified against actual operating schedules, Mason County permit process specifics, North Mason School District calendars and bus routes, Belfair Water District service boundaries, and current Belfair Urban Growth Area planning status. These questions have no accurate answer in any national AI system.

    Does the Belfair community AI know about the SR-3 Belfair Bypass construction?

    Yes. The SR-3 Freight Corridor New Alignment — the Belfair Bypass — is one of the most significant infrastructure events in North Mason in decades. Construction begins Spring 2026 with an estimated 2028 opening. The 6-mile bypass will route traffic around Belfair rather than through it and is expected to redirect 25 to 30 percent of the approximately 18,000 to 19,000 daily vehicles currently traveling through the Belfair corridor. The community AI tracks construction progress, lane closure schedules, and commute impacts as they develop.

    Will the Belfair community AI know about Hood Canal shellfish closures?

    Yes. Hood Canal shellfish closures are one of the highest-demand local knowledge categories in North Mason. The community AI aggregates information from WDFW and DOH monitoring to give residents current status on specific harvest areas — Potlatch, Twanoh, Belfair State Park tidelands, and other Hood Canal beaches — rather than requiring residents to navigate multiple state agency websites. Closures from biotoxin testing, fecal coliform readings, or enforcement actions will be reflected as quickly as the underlying agency data is updated.

    How does the Belfair community AI stay current?

    The knowledge base is maintained through a combination of structured data feeds from public agencies (WDFW, WSDOT, Mason County), regular verification cycles by community contributors, and monthly workshops at which residents can correct errors and contribute knowledge the system doesn’t yet have. The maintenance model is community-first: local knowledge keepers, not outside data vendors, are the ground truth.

    Is the Belfair community AI free for North Mason residents?

    Yes. Free access for Belfair and Mason County residents is a foundational design commitment, not a promotional offer. The knowledge was built from community relationships and community data. Charging for it would limit access to those who can afford it rather than serving the whole community. Operational costs are covered through a cross-subsidy model in which commercial knowledge verticals — restoration, radon, asset appraisal — built on the same technical infrastructure pay for the community-facing layer.

    How does someone contribute local knowledge to the Belfair AI?

    Monthly workshops are the primary contribution pathway. Held at the North Mason Timberland Library and community venues in Belfair, the workshops teach residents how to use the AI and how to flag errors or add knowledge the system doesn’t yet have. Longtime residents with specific expertise — county process knowledge, Hood Canal ecology, local business history, North Mason School District operations — are particularly valuable contributors. No technical background is required.

    Read the Full Belfair Community AI Series

    This is one of three articles in the Belfair Bugle’s community AI knowledge series. For perspective tailored to your situation:


  • Books for Bots — The Complete GA4 Intelligence Series

    Books for Bots — The Complete GA4 Intelligence Series

    TYGART MEDIA

    Books for Bots

    Six GA4 intelligence kits built around Claude-in-Chrome. Each extracts a different layer of behavioral data from your Google Analytics property using query architectures developed on live sites.

    6
    Kits in series
    70+
    Copy-paste queries
    Free
    Tool required

    What you need: Claude-in-Chrome (free from Anthropic) and Editor or Analyst access to a GA4 property with Analytics Advisor enabled. No SQL, no BigQuery, no data analyst.

    The Complete Series

    GA4 AI Referral Audit Kit

    BOOK 01

    GA4 AI Referral Audit Kit

    Which AI sends you traffic, to which pages, and how engaged those users actually are. 4 sessions, 26 queries, content variant framework included.

    $27 PDF DownloadVIEW KIT
    GA4 Time Intelligence Kit

    BOOK 02

    GA4 Time Intelligence Kit

    When your best traffic arrives. Peak windows by day and hour, dead zones, and the hidden late-night audience averaging 15 minutes on page.

    $27 PDF DownloadVIEW KIT
    GA4 Exit Intelligence Kit

    BOOK 03

    GA4 Exit Intelligence Kit

    Distinguish satisfied exits from abandoned ones. Dead-end page audit and an Advisor-generated internal link opportunity map.

    $27 PDF DownloadVIEW KIT
    GA4 Referral Quality Audit

    BOOK 04

    GA4 Referral Quality Audit

    Rank referral sources by quality not volume. Find the hidden gem sending 8 sessions at 74% engagement that you have been ignoring.

    $27 PDF DownloadVIEW KIT
    GA4 New vs Returning Kit

    BOOK 05

    GA4 New vs Returning Kit

    What brings people back. Identify your loyalty anchor pages, best retention channel, and returning user retention baseline.

    $27 PDF DownloadVIEW KIT
    GA4 Search Intent Alignment Kit

    BOOK 06

    GA4 Search Intent Alignment Kit

    Surface intent mismatch. Extract internal search gaps and get a baseline alignment score to track quarterly.

    $27 PDF DownloadVIEW KIT

    BUNDLE

    The Complete Books for Bots Library

    All six kits. AI referral, time, exit, referral quality, loyalty, and intent alignment.

    $162 separately$97

    Save $65 — all six PDFs instant download

    COMING SOON

    Developed on live GA4 properties. April 2026.
    Read the methodology story

  • External Working Memory Architecture: How the Second Brain Replaces What ADHD Working Memory Can’t Hold

    External Working Memory Architecture: How the Second Brain Replaces What ADHD Working Memory Can’t Hold

    Tygart Media Strategy
    Volume Ⅰ · Issue 04Quarterly Position
    By Will Tygart
    Long-form Position
    Practitioner-grade

    Working memory is the cognitive function that holds information in active use while you’re doing something with it. It’s the mental scratchpad that tracks where you are in a process, holds the three things you need to remember before the next step, and connects what you’re doing now to what you decided five minutes ago.

    ADHD working memory is genuinely limited — not as a motivation problem, not as a character flaw, but as a documented neurological difference. The scratchpad is smaller and less reliable. Information that a neurotypical person holds effortlessly while working falls off the edge of the working memory before it’s been acted on.

    The conventional response to limited working memory is compensatory systems: elaborate note-taking, reminders everywhere, checklists for everything, accountability structures that provide external memory scaffolding. These help. They also have their own overhead. Setting up the note-taking system takes working memory. Maintaining it takes working memory. Navigating it when you need something takes working memory. The compensation costs some of the resource it’s trying to protect.

    An AI-native Second Brain takes a different approach. It doesn’t ask the operator to maintain a memory system — it captures memory as a byproduct of work, and retrieves it conversationally without requiring the operator to navigate a folder structure built when they organized information differently than they think about it now.

    What External Working Memory Actually Means in Practice

    Internal working memory holds: what you just decided, where you are in a multi-step process, what the relevant constraints are, what happened last session that affects this one, what you meant to do but haven’t done yet.

    When internal working memory drops something, it’s gone unless there’s an external system that caught it. Most of the time there isn’t. The thing that was dropped shows up later as a mistake, a re-decision of something already decided, a missed dependency, or simply work that needed to happen and didn’t.

    The Second Brain as external working memory means: decisions land in Notion with the context of why they were made. Session outcomes are logged automatically so the next session doesn’t have to reconstruct them. The claude_delta metadata on every knowledge node captures what was built and when, so “where were we” is answerable by querying the system rather than trying to remember.

    Critically — and this is what separates it from a traditional notes system — retrieval is conversational. “What did we decide about the 247RS WAF situation?” produces an answer without requiring the operator to remember which folder, which page, or which date the decision was made. The AI searches the Second Brain and surfaces the relevant context. The working memory doesn’t have to hold the navigation path to the information — just the question.

    The Context Window as Temporary Working Memory

    Within a session, the AI’s context window functions as an extremely high-capacity working memory extension. Everything in the conversation — decisions made, context established, outputs generated, constraints named — is held in active context for the duration of the session without any effort from the operator.

    This is why session length matters in an AI-native operation. A long, well-developed session builds up context that makes late-session work better than early-session work — the AI has accumulated more information about what you’re doing and what you need. The operator doesn’t have to re-explain things established twenty messages ago. The working memory is in the context window, not in the operator’s head.

    The failure mode is context loss at session boundaries — when a session ends, the context window empties. This is why the Second Brain and the cockpit session work together. The Second Brain persists what the context window holds temporarily. The cockpit re-loads the most important pieces of what was persisted so the next session can start where the last one ended.

    The architecture is: context window (active session working memory) → Second Brain (persistent external working memory) → cockpit (selective re-loading for the next session). Each layer serves a different temporal scale. Together, they produce a working memory system that doesn’t depend on the operator’s internal working memory for anything more than the current moment.

    Why This Architecture Is Better for Everyone

    The design was built around ADHD constraints. The result is an architecture that outperforms standard approaches for any operator with a complex, multi-client operation.

    Internal working memory degrades with cognitive load for neurotypical operators too. Running 27 client websites across multiple verticals simultaneously exceeds what any human working memory can hold reliably — ADHD or not. The operator who externalizes that memory to a queryable Second Brain is not compensating for a deficit. They’re making a sensible architectural choice about where information is most reliably held.

    The ADHD constraints forced the design earlier than a neurotypical operator might have chosen it. The design works for the same structural reasons regardless of the operator’s neurology: external systems store information more reliably than human memory for complex multi-domain operations, and AI-mediated retrieval is faster and more accurate than manual navigation of a notes system.

    The compensation became the architecture. The architecture works universally.

    ADHD and AI-Native Operations Cluster

    The ADHD Operator: Why Neurodiversity Is an Asymmetric Advantage (Pillar)

    Related: Build the System Around the Behavior, Not the Tool — the design philosophy this cluster applies.

  • Books for Bots: What a Knowledge Concentrate Actually Is and How It’s Built

    Books for Bots: What a Knowledge Concentrate Actually Is and How It’s Built

    Tygart Media Strategy
    Volume Ⅰ · Issue 04Quarterly Position
    By Will Tygart
    Long-form Position
    Practitioner-grade

    A transcript is not a knowledge artifact. Neither is a summary. Both are containers for words. Neither is optimized for the thing that needs to consume them.

    When you capture an expert’s knowledge and then feed the transcript to an AI system, the AI gets the words. It does not get the structure. It does not know which claims are firsthand vs. secondhand. It cannot distinguish a confident assertion from a hedged one. It has no way to chain the decision logic — the “when X, do Y because Z” sequences that constitute the operational core of what the expert knows. It just has a long document full of things that may or may not be true, with no metadata to tell it which is which.

    This is why most knowledge capture projects fail to deliver on their promise. The content is there. The structure that makes it usable isn’t.

    A knowledge concentrate is the alternative. It is the distilled, structured artifact produced by the Human Distillery extraction protocol — smaller than a transcript, denser than any summary, and specifically formatted for the AI systems that will consume it.

    The Five Components of a Knowledge Concentrate

    1. The Entity Graph

    Every named concept, process, role, piece of equipment, regulation, and decision point that surfaces in extraction gets represented as a node. The edges between nodes are typed: causal, conditional, hierarchical, associative. The graph is not a list — it’s a map of relationships, and the relationships are the knowledge.

    An AI system with a list of entities knows vocabulary. An AI system with an entity graph knows how the domain works — how a change in one thing propagates to another, which concepts are upstream of which decisions, which relationships are conditional and which are structural.

    For a water damage restoration operation: the graph connects moisture readings to drying equipment selection to drying time estimates to invoice amounts to adjuster response patterns. None of those connections are in the documentation. All of them are in the head of a senior project manager who has run 400 jobs.

    2. Decision Logic

    The most directly usable component of the concentrate. Every when-then-because statement extracted from the session, structured as:

    • Condition: When this situation is present
    • Action: This is what we do
    • Because: This is why (the reasoning, not just the rule)
    • Exceptions: The cases where this breaks down
    • Confidence score: 0.0–1.0, based on how many independent sources confirmed it

    The “because” is what makes this different from a policy. A policy says do Y. A knowledge concentrate says do Y because Z, which means an AI system can recognize when Z is absent and adjust accordingly — rather than applying the rule in cases where the underlying condition that made the rule sensible doesn’t apply.

    The exceptions are equally important. Expert judgment is largely the accumulation of exceptions — the cases where the standard answer is wrong. Capturing those is the whole point of Layer 2 extraction.

    3. Benchmarks

    Every number that surfaces in extraction: thresholds, timelines, costs, rates, ratios, counts. Stored with context, source count, and variance.

    A benchmark from a single extraction session has low confidence. The same benchmark confirmed by six independent subjects in the same domain and market has high confidence and is ready to be used as ground truth in an AI system’s reasoning. The concentrate tracks the difference.

    This is the component that makes the concentrate valuable as a competitive intelligence product. The numbers in an industry that everyone knows but nobody has published — the real margin thresholds, the actual response time expectations, the price per square foot that experienced operators actually charge vs. what appears in public pricing guides — these exist only in people’s heads. The concentrate captures them with provenance.

    4. Tacit Signatures

    The things that are hard to explain. Captured as best as they can be verbalized, with a confidence flag.

    A tacit signature sounds like: “The drywall feels wrong before the moisture meter confirms it.” Or: “You can tell within the first five minutes of a call whether the adjuster is going to be cooperative or difficult, and it’s not anything specific they say.” These are not mysticism. They are pattern recognition operating below the level of conscious articulation — real knowledge that has never been verbalized because no one asked slowly enough.

    The confidence flag on tacit signatures signals to the consuming AI: this is approximate. This is the residue of knowledge the extraction process got close to but couldn’t fully surface. Don’t treat it as ground truth. Treat it as a signal that this is where human judgment is concentrated, and flag it for human review when it’s relevant.

    5. Provenance

    Traceable but anonymized. For every claim in the concentrate: how many independent sources confirmed it, what their roles were, what domain and market the data came from, and whether the claim is individual knowledge or cross-validated pattern.

    Provenance is what makes the concentrate auditable. An AI system that gives an answer based on a knowledge concentrate should be able to say: this answer comes from claim X, which was confirmed by three independent subjects with 10+ years of experience in this domain. That’s a very different epistemic standing than “I was trained on this.”

    The Density Test

    A useful heuristic for evaluating whether you have a transcript, a summary, or a true knowledge concentrate:

    A transcript contains everything that was said. It’s large, raw, and unstructured. An AI can search it but cannot reason from it efficiently.

    A summary contains the main points. It’s smaller. It has lost specificity, exceptions, confidence information, and relationships. It’s optimized for human reading, not AI consumption.

    A knowledge concentrate is smaller than the summary in tokens but larger in information. It contains relationships the summary dropped. It contains confidence scores the summary didn’t capture. It contains decision logic the summary flattened into assertions. An AI system can reason from it, not just retrieve from it.

    If what you have could be produced by someone reading a transcript and taking notes, it’s a summary. A knowledge concentrate requires the extraction protocol — it can only be produced from a session where the tacit layer was deliberately surfaced.

    Human Distillery Knowledge Cluster

    Related: Build the System Around the Behavior, Not the Tool — the design philosophy this methodology embodies.

  • Four-Layer Data Architecture: Building Around Behaviors, Not Tools

    Four-Layer Data Architecture: Building Around Behaviors, Not Tools

    Tygart Media Strategy
    Volume Ⅰ · Issue 04Quarterly Position
    By Will Tygart
    Long-form Position
    Practitioner-grade

    The instinct, when building a complex operation, is to find one tool that can hold everything. One source of truth. One dashboard. One system of record for all data types.

    This instinct is wrong, and it produces exactly the kind of system it’s trying to avoid: a single tool that does everything poorly, a migration project that costs more than the original implementation, and a team that has learned to distrust the data because the tool was never designed for the behaviors it was forced to support.

    The behavior-first alternative for data architecture doesn’t start with “what tool can hold everything.” It starts with: what are the distinct behaviors this data needs to support, and which tool is genuinely best suited for each one?

    The Four Data Behaviors

    In a multi-site AI-native content operation, four distinct data behaviors emerge:

    Machine-generated operational data needs to be written and read by automated systems at high speed. Batch job results, embedding vectors, image processing logs, Cloud Run execution histories. No human looks at this data directly. It needs to be fast, cheap, and structured for programmatic access. GCP serves this behavior — Firestore for structured operational state, Cloud Storage for large artifacts, BigQuery for analytical queries across the full dataset.

    Human-actionable signals need to be displayed clearly enough that a person can take action without wading through noise. Site health alerts, content gaps, client status changes, task assignments. This data needs to be readable, filterable, and connected to the people who need to act on it. Notion serves this behavior — not because it’s the most powerful database, but because it’s the most human-readable one, with views that can surface exactly the signal each role needs.

    Published content needs to be delivered to web visitors and search engines at performance standards those audiences require. WordPress serves this behavior. It was designed for it. The mistake is asking WordPress to also serve as the storage layer for unpublished content, the analytics layer for content performance, or the task management layer for content production. It wasn’t designed for those behaviors and it’s not good at them.

    Files and documents need to be stored, versioned, and shared across tools and collaborators. Google Drive serves this behavior. Skills, SOPs, brand guidelines, exported data — anything that exists as a file rather than as structured data belongs in Drive, not in a database trying to handle file attachments as a secondary feature.

    Why Separation Produces Better Systems

    A four-layer architecture feels like more complexity than a single-tool approach. In practice it produces less complexity, because each tool is operating within its design constraints instead of being stretched beyond them.

    The signal-to-noise problem in most dashboards comes from forcing machine-generated data and human-actionable signals into the same view. The machine data overwhelms the human signals. The solution is usually “better filtering” — which is the wrong answer. The right answer is storing machine data where machines can read it and surfacing human signals where humans can act on them.

    The performance problem in most content operations comes from asking WordPress to be a content management system when it’s a content delivery system. The content that belongs in a CMS — drafts, revisions, briefs, research notes — should be in Notion. The content that belongs in a CDS — published articles, page templates, media files — should be in WordPress. When you separate these, both tools perform their actual function better.

    The data loss problem in most operations comes from treating the most convenient tool as the system of record. When content lives only in WordPress, a site failure is a data failure. When operational state lives only in a Cloud Run service, a deployment change is a state failure. The four-layer architecture ensures that each data type has a permanent home in the tool designed to hold it — and that the tools interact through APIs rather than through manual migration.

    Behavior-First System Design — Knowledge Cluster

    Related: CRM Community Framework for Restoration Companies — the live proof of concept for behavior-first system design.