diff --git a/CLAUDE.md b/CLAUDE.md
index 34ce8dd..c2ef779 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -10,7 +10,7 @@ This is **n8n-install**, a Docker Compose-based installer that provides a compre
 
 - **Profile-based service management**: Services are activated via Docker Compose profiles (e.g., `n8n`, `flowise`, `monitoring`). Profiles are stored in the `.env` file's `COMPOSE_PROFILES` variable.
 - **No exposed ports**: Services do NOT publish ports directly. All external HTTPS access is routed through Caddy reverse proxy on ports 80/443.
-- **Shared secrets**: Core services (Postgres, Redis/Valkey, Caddy) are always included. Other services are optional and selected during installation.
+- **Shared secrets**: Core services (Postgres, Valkey (Redis-compatible, container named `redis` for backward compatibility), Caddy) are always included. Other services are optional and selected during installation.
 - **Queue-based n8n**: n8n runs in `queue` mode with Redis, Postgres, and dynamically scaled workers (`N8N_WORKER_COUNT`).
 
 ### Key Files
@@ -45,6 +45,8 @@ This is **n8n-install**, a Docker Compose-based installer that provides a compre
 
 **Project Name**: All docker-compose commands use `-p localai` (defined in Makefile as `PROJECT_NAME := localai`).
 
+**Version**: Stored in `VERSION` file at repository root.
+
 ### Installation Flow
 
 `scripts/install.sh` orchestrates the installation by running numbered scripts in sequence:
@@ -60,6 +62,8 @@ This is **n8n-install**, a Docker Compose-based installer that provides a compre
 
 The update flow (`scripts/update.sh`) similarly orchestrates: git fetch + reset → service selection → `apply_update.sh` → restart.
 
+**Git update modes**: Default is `reset` (hard reset to origin). Set `GIT_MODE=merge` in `.env` for fork workflows (merges from upstream instead of hard reset). The `make git-pull` command uses merge mode.
+
 ## Common Development Commands
 
 ### Makefile Commands
@@ -158,6 +162,7 @@ This project uses [Semantic Versioning](https://semver.org/). When updating `CHA
   - Configuration stored in `docker-compose.n8n-workers.yml` (auto-generated, gitignored)
   - Runner connects to its worker via `network_mode: "service:n8n-worker-N"` (localhost:5679)
   - Runner image `n8nio/runners` must match n8n version
+- **Template profile pattern**: `docker-compose.yml` defines `n8n-worker-template` and `n8n-runner-template` with `profiles: ["n8n-template"]` (never activated directly). `generate_n8n_workers.sh` uses these as templates to generate `docker-compose.n8n-workers.yml` with the actual worker/runner services.
 - **Scaling**: Change `N8N_WORKER_COUNT` in `.env` and run `bash scripts/generate_n8n_workers.sh`
 - **Code node libraries**: Configured via `n8n/n8n-task-runners.json` and `n8n/Dockerfile.runner`:
   - JS packages installed via `pnpm add` in Dockerfile.runner
@@ -172,6 +177,16 @@ This project uses [Semantic Versioning](https://semver.org/). When updating `CHA
 - Hostnames are passed via environment variables (e.g., `N8N_HOSTNAME`, `FLOWISE_HOSTNAME`)
 - Basic auth uses bcrypt hashes generated by `scripts/03_generate_secrets.sh` via Caddy's hash command
 - Never add `ports:` to services in docker-compose.yml; let Caddy handle all external access
+- **Caddy Addons** (`caddy-addon/`): Extend Caddy config without modifying the main Caddyfile. Files matching `site-*.conf` are auto-imported. TLS is controlled via `tls-snippet.conf` (all service blocks use `import service_tls`). See `caddy-addon/README.md` for details.
+
+### External Compose Files (Supabase/Dify)
+
+Complex services like Supabase and Dify maintain their own upstream docker-compose files:
+- `start_services.py` handles cloning repos, preparing `.env` files, and starting services
+- Each external service needs: `is_*_enabled()`, `clone_*_repo()`, `prepare_*_env()`, `start_*()` functions in `start_services.py`
+- `scripts/utils.sh` provides `get_*_compose()` getter functions and `build_compose_files_array()` includes them
+- `stop_all_services()` in `start_services.py` checks compose file existence (not profile) to ensure cleanup when a profile is removed
+- All external compose files use the same project name (`-p localai`) so containers appear together
 
 ### Secret Generation
 
@@ -278,6 +293,8 @@ healthcheck:
   test: ["CMD-SHELL", "http_proxy= https_proxy= HTTP_PROXY= HTTPS_PROXY= wget -qO- http://localhost:8080/health || exit 1"]
 ```
 
+**GOST_NO_PROXY**: ALL service container names must be listed in `GOST_NO_PROXY` in `.env.example`. This prevents internal Docker network traffic from routing through the proxy. This applies to every service, not just those using `<<: *proxy-env`.
+
 ### Welcome Page Dashboard
 
 The welcome page (`welcome/`) provides a post-install dashboard showing all active services: