diff --git a/CLAUDE.md b/CLAUDE.md
index b228227..ae202c1 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -301,12 +301,18 @@ Templates: `~/the-custodian/canon/standards/contrib-templates/`
 
 ## SBOM
 
-After updating dependencies:
+Re-run the SBOM after any dependency change (new package added/removed/upgraded in `pyproject.toml`).
+
+The ops-bridge `ingest_sbom_tool` requires the lockfile to be accessible from the bridge machine.
+Use a `requirements.txt` generated via:
 ```bash
-cd ~/the-custodian/state-hub
-make ingest-sbom REPO=marki-docx SCAN=1 REPO_PATH=/home/tegwick/marki-docx
+pip list --format=freeze | grep -E "^(python-docx|PyYAML|typer|rich|mistune|fastapi|uvicorn|mcp|pytest|pytest-cov|ruff|mypy|types-PyYAML|httpx|pydantic|click|starlette|anyio|httpcore|certifi|h11|sniffio|idna)=" | sort > requirements.txt
 ```
 
+Then either:
+- Run locally if API is accessible: `cd ~/the-custodian/state-hub && make ingest-sbom REPO=marki-docx SCAN=1 REPO_PATH=/home/tegwick/marki-docx`
+- Or via MCP `ingest_sbom_tool` once `host_paths` mapping is configured for `marki-docx` in the custodian
+
 ---
 
 ## Quick Reference