marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

release: v3.29.1 - Git MCP + GitHub MCP catalog entries

Browse source 
Add Git MCP Server (12 tools, uvx setup) and GitHub MCP Server
(Issues/PRs/Projects, remote Copilot + self-hosted PAT-only) to §8.2
MCP Server Catalog. Document real-world fix for Incompatible auth
server error via gh auth token + manual header injection.

Also ships: CC v2.1.63 tracking, HTTP hooks, observability quality
patterns, config lifecycle §9.23, terminal personalization, tool
comparison table extensions, MCP server 3 new tools.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Florian BRUNIAUX 2026-03-02 16:10:19 +01:00
parent 155b07a589
commit 252148fe75
20 changed files with 1802 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

38
CHANGELOG.md
View file

@ -6,8 +6,46 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [Unreleased]
## [3.29.1] - 2026-03-02
### Added
- **Git MCP Server + GitHub MCP Server** (`guide/ultimate-guide.md` §8.2 MCP Server Catalog) — Git MCP Server (official Anthropic) : 12 tools pour opérations Git locales (git_status, git_diff, git_commit, git_log, git_create_branch…), setup `uvx`, config multi-repo, comparatif vs Bash, workflows typiques. GitHub MCP Server (official GitHub) : Issues, PRs, Projects, Code search, Enterprise — remote mode via `api.githubcopilot.com/mcp/` (Copilot requis) + self-hosted PAT-only. Fix documenté pour l'erreur `Incompatible auth server: does not support dynamic client registration` : `gh auth token` + header `Authorization: Bearer` dans `~/.claude.json`, note maintenance token expiré.
- **Resource evaluation: MCP servers veille** (`docs/resource-evaluations/2026-03-02-mcp-servers-veille.md`) — 3 serveurs évalués post-challenge + fact-check : GitHub MCP 4/5 (intégré), Exa 2/5 (rejeté, stars non vérifiables), Graphiti 2/5 (rejeté, Kairn couvre déjà le besoin).
- **Tool comparison table extended to 5 tools** (`guide/ultimate-guide.md` §Migration from Other Tools) — ajout Windsurf et Zed, fix pricing Cursor.
- **Quotas subscriptions : colonne "prompts Claude Code / 5h"** (`guide/ultimate-guide.md` §Subscription Plans & Limits) — Pro ~10-40, Max 5x ~50-200, Max 20x ~200-800.
- **Resource evaluation: benchmark AI coding tools Feb 2026** (`docs/resource-evaluations/benchmark-ai-coding-tools-feb2026.md`) — score 3/5, 2 apports intégrés.
- **Claude Code v2.1.63 release tracking**`machine-readable/claude-code-releases.yaml` + `guide/claude-code-releases.md` : v2.1.61v2.1.63 (HTTP hooks, worktree config sharing, `/simplify` + `/batch`, `ENABLE_CLAUDEAI_MCP_SERVERS`).
- **HTTP hooks documentation** (`guide/ultimate-guide.md` §7.2) — type `"http"` (v2.1.63+) : POST JSON → réponse JSON, exemple config avec `allowedEnvVars`.
- **Resource evaluation W09-2026** (`docs/resource-evaluations/weekly-intel-2026-W09.md`) — score 4/5, 3 items intégrés.
- **Section 9.23 — Configuration Lifecycle & The Update Loop** (`guide/ultimate-guide.md`) — boucle d'amélioration continue, script `detect-friction.sh`, lifecycle skills, pattern "The Update Loop".
- **Observability: Reading for Quality, Not Just Quantity** (`guide/observability.md`) — 3 patterns qualitatifs avec commandes `jq`.
- **MCP Server: 3 new tools**`compare_versions`, `get_threat`/`list_threats`, `search_examples` (8 → 12 tools total).
- **Terminal Personalization Settings** (`guide/ultimate-guide.md` §3.3) — `spinnerVerbs`, `spinnerTipsOverride`, exemple complet `examples/config/settings-personalization.json`.
### Added
- **Tool comparison table extended to 5 tools** (`guide/ultimate-guide.md` §Migration from Other Tools) — tableau comparatif étendu de 3 à 5 outils : ajout Windsurf (Cascade multi-agents, Wave 13, credit-based $15/mo) et Zed (Rust natif, Ollama offline, token-based $10/mo + list price +10%). Nouvelles lignes : inline autocomplete, offline/local models, best for. Fix erreur factuelle : pricing Cursor corrigé de "$20/month flat" → crédit-based (depuis juin 2025, $20 inclus + overages).
- **Quotas subscriptions : colonne "prompts Claude Code / 5h"** (`guide/ultimate-guide.md` §Subscription Plans & Limits) — tableau token budgets enrichi d'une colonne pratique "Claude Code prompts/5h" : Pro ~10-40, Max 5x ~50-200, Max 20x ~200-800. Note warning complétée : cap mensuel ~50 fenêtres actives + impact sub-agents/1M context sur consommation.
- **Resource evaluation: benchmark AI coding tools Feb 2026** (`docs/resource-evaluations/benchmark-ai-coding-tools-feb2026.md`) — évaluation d'un benchmark comparatif 5 outils (Claude Code, Cursor, Windsurf, Zed, Copilot Workspace), texte copié sans URL source. Score 3/5 (pertinent, intégration sélective). 2 apports nets intégrés : quotas prompts/5h + extension tableau comparatif. 4 recommandations rejetées (déjà couvertes).
- **Claude Code v2.1.63 release tracking**`machine-readable/claude-code-releases.yaml` + `guide/claude-code-releases.md` mis à jour avec v2.1.61, v2.1.62, v2.1.63 (HTTP hooks, worktree config sharing, `/simplify` + `/batch` bundled commands, `ENABLE_CLAUDEAI_MCP_SERVERS` env var, vague de memory leak fixes)
- **HTTP hooks documentation** (`guide/ultimate-guide.md` §7.2 Creating Hooks) — nouveau type de hook `"http"` (v2.1.63+) : POST JSON vers une URL, reçoit JSON en retour. Ajout dans la table Configuration Fields, bullet point descriptif, et exemple de config complet avec `allowedEnvVars`
- **Resource evaluation W09-2026** (`docs/resource-evaluations/weekly-intel-2026-W09.md`) — évaluation du rapport de veille hebdomadaire Anthropic/Claude Code (24 fév 1er mars 2026) : score 4/5, 3 items intégrés (v2.1.63 releases, HTTP hooks, note Haiku 3 deadline déjà présente), 3 items rejetés (Cowork, DoW, Vercept)
- **Section 9.23 — Configuration Lifecycle & The Update Loop** (`guide/ultimate-guide.md`) — boucle d'amélioration continue des configurations Claude Code : détection friction depuis logs JSONL (script `detect-friction.sh`), lifecycle management des skills (semantic versioning, dépréciation, CI staleness check GitHub Actions), pattern "The Update Loop" (observer → analyser → delta update → canary test), intégration handoff, mentions DSPy/TextGrad
- **Observability: Reading for Quality, Not Just Quantity** (`guide/observability.md`) — nouvelle sous-section dans "Analyzing Session Data" : 3 patterns qualitatifs (repeated reads, tool failures, high edit frequency) avec commandes `jq` prêtes à l'emploi, liée à §9.23
- **Git MCP Server + GitHub MCP Server** (`guide/ultimate-guide.md` §8.2 MCP Server Catalog) — deux nouveaux serveurs documentés dans le catalogue MCP :
- **Git MCP Server** (official Anthropic, `mcp-server-git`): 12 tools pour les opérations Git locales (git_status, git_diff, git_commit, git_log, git_create_branch, etc.), setup `uvx`, config multi-repo, comparatif Git MCP vs Bash, workflows typiques. Statut: early dev.
- **GitHub MCP Server** (official GitHub, `github/github-mcp-server`): accès plateforme GitHub complète (Issues, PRs, Projects, Code search, Enterprise), remote MCP via `api.githubcopilot.com/mcp/` (Copilot requis) + self-hosted PAT-only. Fix documenté pour l'erreur `Incompatible auth server: does not support dynamic client registration` : inject token via `gh auth token` + header manuel dans `~/.claude.json`. Note maintenance token expiré incluse.
- **Resource evaluation: MCP servers veille** (`docs/resource-evaluations/2026-03-02-mcp-servers-veille.md`) — évaluation d'une veille sur 3 serveurs MCP (GitHub MCP, Exa, Graphiti). Scores finaux post-challenge : GitHub MCP 4/5 (intégré), Exa 2/5 (rejeté, stars non vérifiables 220 vs claim 3.1k), Graphiti 2/5 (rejeté, stack lourde, Kairn couvre déjà le besoin). Git MCP 5/5 (CRITICAL, évaluation précédente) intégré simultanément.
- **MCP Server: 3 new tools** — compare_versions, get_threat/list_threats, search_examples
- `compare_versions(from, to?)` — diff entre deux versions Claude Code CLI : toutes les releases dans la plage, highlights agrégés, breaking changes agrégés
- `get_threat(id)` — lookup CVE (ex: `CVE-2025-53109`) ou technique d'attaque (ex: `T001`) depuis la threat database v2.4.0

4
README.md
View file

@ -6,7 +6,7 @@
<p align="center">
<a href="https://github.com/FlorianBruniaux/claude-code-ultimate-guide/stargazers"><img src="https://img.shields.io/github/stars/FlorianBruniaux/claude-code-ultimate-guide?style=for-the-badge" alt="Stars"/></a>
<a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Feb_24,_2026_·_v3.29.0-brightgreen?style=for-the-badge" alt="Last Update"/></a>
<a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Mar_2,_2026_·_v3.29.1-brightgreen?style=for-the-badge" alt="Last Update"/></a>
<a href="./quiz/"><img src="https://img.shields.io/badge/Quiz-274_questions-orange?style=for-the-badge" alt="Quiz"/></a>
<a href="./examples/"><img src="https://img.shields.io/badge/Templates-175-green?style=for-the-badge" alt="Templates"/></a>
<a href="./guide/security-hardening.md"><img src="https://img.shields.io/badge/🛡_Threat_DB-24_CVEs_·_655_malicious_skills-red?style=for-the-badge" alt="Threat Database"/></a>
@ -846,7 +846,7 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.
---
*Version 3.29.0 | Updated daily · Feb 24, 2026 | Crafted with Claude*
*Version 3.29.1 | Updated daily · Mar 2, 2026 | Crafted with Claude*
<!-- SEO Keywords -->
<!-- claude code, claude code tutorial, anthropic cli, ai coding assistant, claude code mcp,

2
VERSION
View file

@ -1 +1 @@
3.29.0
3.29.1

126
docs/resource-evaluations/025-community-signals-feb2026.md Normal file
View file

@ -0,0 +1,126 @@
# Évaluation Ressource: Signaux communautaires Claude Code — JanvierFévrier 2026
**Source type**: Texte copié — synthèse manuelle multi-sources (GitHub Issues API, Reddit, X/Twitter, HN, presse)
**Période couverte**: 2026-01-29 → 2026-02-28
**Date d'évaluation**: 2026-03-02
**Évaluateur**: Claude Sonnet 4.6 + technical-writer challenge agent
---
## Résumé du contenu
- **977 issues GitHub** créées sur 30 jours (616 bugs / 242 FRs / 205 dups). Median time-to-close ≈ 1h — principalement auto-fermeture de dups, pas indicatif de vraie résolution.
- **Top 5 pain points** convergents multi-canaux : pannes 500 backend, Remote Control immature (gating Pro/Max + bugs UX), quotas opaques, corruption `.claude.json` en multi-instances, onboarding/auth Windows fragmenté.
- **Top 5 feature requests** : CRUD sessions complet, onboarding + doc plus clairs, hooks/permissions expressifs, packs MCP officiels out-of-the-box, patterns workflows GitHub/Discord/Slack officiels.
- **Adoption forte** malgré les bugs : product-market fit net chez les power users, threads Reddit très positifs sur productivité. Run-rate estimé $2.5B ARR par sources tierces (⚠️ non vérifiable).
- **Signaux faibles** : sécurité (CVE + preview "Claude Code Security"), rôle "AI orchestrator" en mutation, coding from anywhere, monitoring de quotas comme sous-écosystème tiers, plateformisation CLI → plateforme.
---
## Score de pertinence
**Score: 4/5** — Très pertinent, amélioration significative
Trois pain points (500 errors, `.claude.json` corruption multi-instances, Remote Control) ont une couverture nulle ou quasi-nulle dans `guide/ultimate-guide.md` (confirmé par grepai). Score abaissé de 5 à 4 suite challenge du technical-writer : biais de sélection communautaire structurel + stats GitHub non re-vérifiées + CVEs suspects + recommandations sans stratégie de maintenance.
---
## Comparatif
| Pain point / FR | Cette synthèse | Guide actuel |
|-----------------|----------------|--------------|
| Pannes 500 / runbook outage | Identifié + recommandations | ❌ Absent |
| Remote Control limitations + workarounds | UX, gating, stack Tailscale/Tmux | ❌ Quasi-absent |
| Quotas / rolling window / impact features | Structuré par plan | ⚠️ Partiel (resource-evals, pas guide principal) |
| `.claude.json` corruption multi-instances | Identifié comme P1 | ❌ Absent |
| Onboarding / auth Windows | Microsoft Store, API keys, rôles | ⚠️ Partiel |
| Security / CVE | CVEs récents + Code Security preview | ✅ Couvert (`security-hardening.md`, `threat-db.yaml`) |
| AI orchestrators / multi-agent | Rôle émergent décrit | ✅ Bien couvert (`agent-teams.md`) |
| MCP intégrations out-of-the-box | FR dominant identifié | ⚠️ API couverte, exemples incomplets |
| Hooks / permissions configurables | FR articulé | ⚠️ Hooks shell couverts, policies moins |
---
## Recommandations d'intégration
### À intégrer — gaps réels confirmés (priorité haute)
**1. Troubleshooting 500 errors**
- Fichier: `guide/ultimate-guide.md` (nouvelle sous-section "Troubleshooting" ou `guide/troubleshooting.md`)
- Contenu: distinction erreur serveur vs config locale, lien `status.anthropic.com`, bonnes pratiques de reprise, fallback Bedrock/Vertex avec config minimale
- **Marquer volatile** — sera périmé si Anthropic améliore la fiabilité backend
**2. `.claude.json` corruption et multi-instances**
- Fichier: `guide/ultimate-guide.md` (section Configuration) + lien depuis `known-issues.md`
- Contenu: risques de writes concurrents, patterns recommandés (un worktree par instance, gitignore local de `.claude.json`, backup régulier), lien avec `examples/scripts/sync-claude-config.sh`
**3. Remote Control — documentation + limitations**
- Fichier: `guide/ultimate-guide.md` (section Remote/Mobile ou nouvelle section)
- Contenu: tableau plans supportés, limitations UX connues (interruption, déconnexions), workaround Tailscale + Tmux pour power users
- **Marquer beta** — feature active en développement au moment du rapport
### À intégrer — compléments utiles (priorité moyenne)
**4. Quotas transparency + ccusage**
- Enrichir section pricing/limits avec tableau Opus vs Sonnet vs Haiku par plan, impact auto-memory / plan mode / subagents
- Mentionner `ccusage` (outil communautaire de monitoring) — déjà signalé par @claude_code officiel
**5. CVEs 2025 manquants dans threat-db**
- CVE-2025-59536 à vérifier (séquence haute, non dans notre threat-db) → ajouter si confirmé sur NVD
### Ne pas intégrer
- CVE-2026-21852 → format suspect (⚠️ voir fact-check), ne pas intégrer sans confirmation NVD
- "Claude Code Security" preview → source LinkedIn secondaire non officielle, attendre annonce Anthropic
- Run-rate $2.5B ARR → estimation tiers non vérifiable, hors scope guide technique
- "Playbook communauté officiel" → rôle d'Anthropic, pas du guide tiers
- "Known issues this month" dynamique → maintenance impossible à notre niveau
---
## Challenge (technical-writer agent)
**Score ajusté**: 4/5 maintenu
**Points critiques soulevés :**
- **Biais de sélection structurel** : 977 issues sur-représentent les power users articulés. Le churn silencieux des utilisateurs qui abandonnent l'outil n'apparaît jamais dans GitHub Issues. Ne pas traiter ces signaux comme représentatifs de la base totale.
- 4 recommandations sur 6 sont **défensives** — les quick wins (workarounds validés pour quotas, patterns anti-corruption `.claude.json`) ont plus de valeur immédiate que les runbooks.
- Le runbook 500 errors a **impact marginal faible** : les utilisateurs expérimentés savent utiliser `status.anthropic.com`. Prioriser `.claude.json` et Remote Control.
- Remote Control "immature" est un jugement sans repère — documenter la date de GA de la feature pour contextualiser les limitations.
- Recommandation "patterns GitHub/Discord/Slack officiels" → confond le rôle du guide avec l'animation communauté Anthropic.
**Risques réels de non-intégration :**
- Érosion de crédibilité du guide si les workarounds communautaires les plus utilisés n'y figurent pas
- Utilisateurs perdant du travail sur corruption `.claude.json` sans documentation de recovery
---
## Fact-Check
| Affirmation | Vérifiée | Notes |
|-------------|----------|-------|
| 977 issues / 616 bugs / 242 FRs / 205 dups | ⚠️ Non re-vérifiée | Présentée comme extraite via GitHub API. Plausible, mais non confirmée ici via `gh api`. |
| Median time-to-close ≈ 1h | ⚠️ Biais probable | Expliqué en grande partie par l'auto-fermeture des 205 duplicatas. Ne reflète pas la résolution réelle. |
| CVE-2025-59536 (CVSS 8.7) | ⚠️ Partielle | CVE-2025-53109/53110 (EscapeRoute) confirmé dans `security-hardening.md`. CVE-2025-59536 absent de notre threat-db — sequence très haute pour 2025, à vérifier sur NVD. |
| CVE-2026-21852 | ❌ Suspect | Format inhabituel. CVEs 2026 extrêmement rares à cette date. Non trouvé dans nos sources. Ne pas intégrer. |
| "Claude Code Security" preview (Anthropic fév 2026) | ⚠️ Non confirmée | Source: LinkedIn post tiers. Pas d'annonce officielle Anthropic trouvée. |
| Run-rate $2.5B ARR | ❌ Non vérifiable | Source: albertoai.substack (tiers). Non confirmé par Anthropic. Écarté. |
| "25% des signalements DownDetector = Claude Code" (25 fév) | ⚠️ Partielle | Source: Hindustan Times. Anecdotique pour un guide technique. |
| Opus 4.6 token consumption > 4.5 | ✅ Cohérent | Confirmé par la hiérarchie de pricing Anthropic. |
| r/ClaudeCode "≈ 12k contributions hebdo" | ⚠️ Non vérifiée | Plausible mais non confirmé ici. |
**Corrections appliquées**: CVE-2026-21852 et "Claude Code Security preview" exclus du plan d'intégration. $2.5B ARR écarté.
---
## Décision finale
- **Score final**: 4/5
- **Action**: Intégrer partiellement (troubleshooting 500, `.claude.json` multi-instances, Remote Control, quotas + ccusage)
- **Confiance**: Moyenne (stats GitHub non re-vérifiées, CVEs suspects, biais de sélection communautaire)
- **Prochaine étape recommandée**: Vérifier CVE-2025-59536 via NVD avant intégration dans `threat-db.yaml`
---
*Évaluation réalisée le 2026-03-02 | Claude Sonnet 4.6 + technical-writer agent*

106
docs/resource-evaluations/2026-03-02-mcp-servers-veille.md Normal file
View file

@ -0,0 +1,106 @@
# Resource Evaluation: MCP Servers Veille (March 2026)
**Date**: 2026-03-02
**Type**: Copied text (veille / research report)
**Language**: French
**Source**: Internal research by Perplexity, covers servers: `github/github-mcp-server`, `exa-labs/exa-mcp-server`, `rawr-ai/mcp-graphiti`
---
## Summary
A research report evaluating 3 open-source MCP servers for Claude Code development workflows, applying criteria: ≥50 stars, recent release (<3 months), clear README, tests/CI, specific use case.
Key findings from the veille:
- **GitHub MCP Server** (`github/github-mcp-server`): 27.1k stars, release v0.31.0 Feb 19 2026, official GitHub, Go, remote MCP at `api.githubcopilot.com/mcp/`, OAuth 2.1 + PAT, covers Issues/PRs/Projects/Enterprise
- **Exa MCP Server** (`exa-labs/exa-mcp-server`): claimed 3.1k stars (unverified — see fact-check), no formal GitHub releases, TypeScript, key feature `get_code_context_exa` for dev-focused code search
- **Graphiti MCP Server** (`rawr-ai/mcp-graphiti`): 74 stars, multi-project knowledge graph on Neo4j + Docker, Python/pipx, CLI (`graphiti compose`, `graphiti up`), early-stage project
---
## Score de pertinence
| Server | Initial Score | Challenge | Final Score |
|--------|--------------|-----------|-------------|
| GitHub MCP | 5/5 | -1 (missing privacy warning, missing Git MCP comparison) | **4/5** |
| Exa MCP | 4-5/5 | -2 (unverified stars, no formal releases, WebSearch native covers use case) | **2/5** |
| Graphiti MCP | 3.5/5 | -1.5 (74 stars, Kairn already in guide, stack too heavy) | **2/5** |
---
## Comparatif
| Aspect | GitHub MCP | Our Guide (pre-integration) |
|--------|-----------|---------------------------|
| GitHub Issues/PRs/Projects | Full coverage | Missing |
| Local Git operations | Partial (GitHub only) | Missing (→ Git MCP fills this) |
| Remote HTTP MCP transport | Yes | Not documented |
| Privacy warning (remote mode) | Needs documentation | Missing |
| Exa code search | Claimed 3.1k stars | WebSearch (built-in) covers basic need |
| Knowledge graphs | Heavy stack | Kairn (already documented) |
---
## Challenge (technical-writer agent)
**GitHub MCP — points manqués**:
- Missing: privacy warning for remote `api.githubcopilot.com` mode (sends data to GitHub servers)
- Missing: explicit comparison with Git MCP Server (two complementary layers: local vs cloud)
- Missing: recommendation to check existing `git-mcp-server-evaluation.md` (5/5 CRITICAL, never integrated)
- Score adjusted: 4/5 (not 5/5)
**Exa MCP — points manqués**:
- Star count unverifiable: veille claims 3.1k, Perplexity search found ~220 stars
- No formal GitHub releases — versioning via npm only, recency criterion relaxed without clear evidence
- Native WebSearch in Claude Code covers basic web/code search use case without extra SaaS dependency
- Score adjusted: 2/5 (reject)
**Graphiti MCP — points manqués**:
- 74 stars barely clears the threshold; project maturity uncertain
- Kairn (already in guide §8.2) covers the persistent memory / knowledge graph use case for Claude Code workflows
- Neo4j + Docker + LLM API dependency is heavy for most users
- Score adjusted: 2/5 (reject)
**Risques de non-intégration (GitHub MCP)**:
- Guide users miss the most useful GitHub automation MCP for Claude Code
- No differentiation between Git (local) and GitHub (cloud) — common confusion point
- Git MCP evaluation was 5/5 CRITICAL but never integrated — oversight corrected simultaneously
---
## Fact-Check
| Claim | Verified | Notes |
|-------|----------|-------|
| GitHub MCP: 27.1k stars | ✅ (approximate) | Perplexity: "20k+" — compatible |
| GitHub MCP: release v0.31.0 Feb 19 2026 | ✅ | 54 total releases confirmed |
| GitHub MCP: Go implementation | ✅ | Confirmed |
| GitHub MCP: OAuth 2.1 + PKCE | ✅ | Confirmed in GitHub changelog |
| Exa: 3.1k stars | ❌ | Perplexity found ~220 stars — major discrepancy, not published |
| Exa: no formal GitHub releases | ✅ | Confirmed — npm + hosted endpoint only |
| Graphiti: 74 stars | ✅ | Approximately verified |
| Graphiti: Neo4j + Docker dependency | ✅ | Confirmed in README |
| Firecrawl: last release Sep 26 2025 | ✅ | v3.2.1 confirmed |
| Chrome MCP: last release Jul 9 2025 | ✅ | v0.0.6 confirmed |
---
## Decision
| Server | Decision | Reason |
|--------|----------|--------|
| **GitHub MCP** | ✅ Integrated | Score 4/5, real gap in guide, official GitHub project, active maintenance |
| **Git MCP** | ✅ Integrated | Pre-existing evaluation 5/5 CRITICAL (`git-mcp-server-evaluation.md`), never integrated — added simultaneously |
| **Exa MCP** | ❌ Rejected | Score 2/5, unverified star count, WebSearch native covers the need, SaaS dependency |
| **Graphiti MCP** | ❌ Rejected | Score 2/5, 74 stars, Kairn already in guide, heavy stack |
**Integration location**: `guide/ultimate-guide.md` §8.2 MCP Server Catalog, before `</details>` closing tag (~line 10625 pre-edit)
**Confidence**: High (facts verified for accepted servers, Exa stars discrepancy flagged)
---
## Related Files
- `docs/resource-evaluations/git-mcp-server-evaluation.md` — Pre-existing 5/5 evaluation for Git MCP (Feb 2026)

141
docs/resource-evaluations/benchmark-ai-coding-tools-feb2026.md Normal file
View file

@ -0,0 +1,141 @@
# Resource Evaluation: Benchmark Comparatif AI Coding Tools (Feb 2026)
**Date**: 2026-03-02
**Evaluator**: Claude Sonnet 4.6
**Source**: Texte copié (pas d'URL — auteur inconnu)
**Type**: Benchmark comparatif (Claude Code vs Cursor vs Windsurf vs Zed vs Copilot Workspace)
**Périmètre temporel revendiqué**: Fin février 2026
---
## Executive Summary
**Score**: 3/5 (Pertinent — Complément utile)
**Decision**: Intégration sélective (2 apports nets identifiés)
**Confidence**: Moyenne (claims non vérifiables sans URL source)
Benchmark structuré comparant 5 outils d'agentic coding avec des tableaux détaillés, un focus Claude Code et 6 recommandations documentaires. Apport réel sur deux angles manquants dans le guide : quotas précis par plan (Pro/Max) et couverture Windsurf/Zed aujourd'hui absente. Le reste chevauche des sections existantes ou est non vérifiable.
---
## Résumé du contenu
- **5 outils comparés** : Claude Code (CLI-first + sub-agents + hooks), Cursor (IDE fork VS Code, Tab, Composer), Windsurf (Cascade multi-agents, Wave 13), Zed (Rust natif, Ollama local), Copilot Workspace (GitHub-centré, issue → PR)
- **Breaking news** : Sonnet 4.6 lancé "15 fév 2026" avec 1M context (beta), modèle par défaut Pro/Free ; extension VS Code GA ; nouveaux docs Hooks (26 fév)
- **Quotas Claude Code** : Pro ≈ 10-40 prompts/5h, Max 5x = 50-200/5h, Max 20x = 200-800/5h, cap ~50 fenêtres/mois
- **Différenciation Claude Code** : points forts = CLI + Git + sub-agents + checkpoints + CLAUDE.md/init ; points faibles = pas d'autocomplétion inline, quotas Pro serrés sur sessions intensives
- **6 recommandations documentaires** : (1) cadrage modèles/contexte, (2) page quotas devs, (3) stack agentique, (4) comparaison IDE, (5) CLAUDE.md pédagogie, (6) VS Code flows
---
## Score de pertinence (1-5)
| Score | Signification |
|-------|---------------|
| 5 | Essentiel - Gap majeur dans le guide |
| 4 | Très pertinent - Amélioration significative |
| **3** | **Pertinent - Complément utile** |
| 2 | Marginal - Info secondaire |
| 1 | Hors scope - Non pertinent |
**Score: 3/5**
**Justification** : Deux apports nets confirmés après vérification du guide, mais le reste est soit déjà couvert, soit invérifiable sans URL source. La source inconnue (texte copié, auteur non identifié) empêche un score plus élevé — standard appliqué de façon cohérente avec les évaluations précédentes.
---
## Comparatif
| Aspect | Cette ressource | Notre guide |
|--------|----------------|-------------|
| Cursor comparison | Benchmark détaillé (UX, pricing, limites) | ✅ Couvert (ligne 885, 947 — migration guide) |
| Windsurf | Couvert (Wave 13, Cascade, pricing) | ⚠️ Mentions passantes (~6 lignes) |
| Zed AI | Couvert (Rust natif, Ollama, token pricing) | ❌ Absent (pas de section dédiée) |
| Copilot Workspace | Couvert (issue → PR workflow) | ⚠️ Mentionné en liste, pas comparé |
| Quotas Pro/Max précis | Chiffres précis par plan et par fenêtre | ⚠️ Existe mais éparpillé (ultime-guide + known-issues) |
| Sonnet 4.6 comme défaut | Documenté avec benchmarks préférences | ✅ Déjà dans guide (releases tracking) |
| Stack agentique hooks | Recommandation de regroupement | ✅ Couvert mais fragmenté |
| CLAUDE.md /init | Recommandation tutoriel pas-à-pas | ✅ Couvert (plusieurs sections) |
| VS Code flows prédéfinis | Recommandation workflows | ✅ Couvert (extension doc) |
---
## Recommandations d'intégration
### Apport #1 — Quotas précis par plan (PRIORITÉ HAUTE)
- **Gap réel** : Les chiffres existent dans le guide mais sont éparpillés entre `ultimate-guide.md` et `guide/known-issues.md`. Pas de tableau synthétique "Pro / Max 5x / Max 20x" avec les intervalles réels par fenêtre 5h.
- **Où** : `guide/ultimate-guide.md` section pricing/limits (~ligne 1951-2013) + potentiellement `guide/architecture.md`
- **Comment** : Tableau unique "Plan → prompts Claude Code/5h → Sonnet heures/semaine → cap mensuel" avec note sur sub-agents et 1M context comme multiplicateurs de consommation
- **Caveat** : Les chiffres du benchmark (10-40 / 50-200 / 200-800) sont des fourchettes communautaires, pas des SLAs officiels Anthropic. Sourcer depuis GitHub issues anthropics/claude-code ou docs officielles avant d'intégrer.
### Apport #2 — Section Windsurf + Zed dans le comparatif outils (PRIORITÉ MOYENNE)
- **Gap réel** : Le tableau comparatif ligne 885 couvre Copilot/Cursor/Claude Code. Windsurf et Zed sont absents du comparatif principal malgré leur adoption croissante.
- **Où** : Section Migration/Comparison (~ligne 881), étendre le tableau existant
- **Comment** : Ajouter 2 colonnes (Windsurf + Zed) + une ligne "Copilot Workspace" avec positionnement court (50-100 mots par outil). Utiliser le benchmark comme base, vérifier contre docs officielles.
- **Attention** : Windsurf Wave 13 + SWE-1.5 et Zed token pricing (+10%) sont des claims spécifiques à vérifier contre windsurf.com/changelog et zed.dev/blog avant intégration.
### À ne pas intégrer
- Recommandations 3, 5, 6 (stack agentique, CLAUDE.md, VS Code flows) : déjà couverts dans le guide, intégration = duplication sans valeur ajoutée.
- Rec 4 (page dédiée "comparaison IDE") : pertinente sur le principe mais le guide n'est pas une page marketing Anthropic — garder le focus pédagogique.
---
## Challenge (technical-writer)
**Score ajusté : 3/5** (downgrade depuis 4/5 initial)
**Points du challenge :**
- La source inconnue (texte sans URL, auteur non identifié) est un disqualificateur partiel — les évaluations précédentes de sources anonymes sans vérifiabilité finissent systématiquement en dessous de 4
- Le lancement Sonnet 4.6 "15 fév 2026" est un claim daté précis qui mérite vérification contre `llms-full.txt` avant de s'appuyer dessus
- Les 6 recommandations ne sont pas équivalentes : 2 adressent des gaps réels, 4 sont du polish sur ce qui existe — une évaluation rigoureuse les sépare
- L'absence de Windsurf/Zed dans le guide est une lacune réelle mais non critique pour l'audience cible (devs CLI qui ne cherchent pas de comparatif marketing)
**Risques de non-intégration :**
- Faibles à court terme : le comparatif existant (3 outils) couvre les besoins d'une majorité de lecteurs
- Moyen terme : si Windsurf/Zed continuent de monter, l'absence dans le guide crée un angle mort de crédibilité
---
## Fact-Check
| Affirmation | Vérifiée | Source | Notes |
|-------------|----------|--------|-------|
| Sonnet 4.6 lancé "15 fév 2026" | ⚠️ PARTIELLE | llms-full.txt à croiser | Date précise non vérifiée dans cette évaluation |
| Sonnet 4.6 = modèle par défaut Pro/Free | ✅ PROBABLE | Cohérent avec releases tracking guide | Vérifier contre anthropic.com/news |
| Quotas Pro 10-40 prompts/5h | ⚠️ COMMUNAUTAIRE | GitHub issues #6611 cité dans texte | Fourchette observée, pas SLA officiel |
| Max 5x = 50-200 prompts/5h | ⚠️ COMMUNAUTAIRE | Même source | Idem |
| Windsurf Wave 13 : multi-agents parallèles | ⚠️ NON VÉRIFIÉE | windsurf.com/changelog (non fetchable ici) | Crédible mais non confirmé |
| Zed Pro = $10/mo + $5 tokens | ⚠️ NON VÉRIFIÉE | zed.dev/blog/pricing... (non fetchable) | Crédible mais non confirmé |
| Cursor Bugbot Autofix ~35% merges directs | ⚠️ NON VÉRIFIÉE | cursor.com/changelog (non fetchable) | Chiffre spécifique, vérifier |
| Extension VS Code Claude Code en GA | ✅ CONFIRMÉE | code.claude.com/docs (dans guide) | Documenté dans releases tracking |
| Docs Hooks Claude Code (26 fév) | ✅ PROBABLE | code.claude.com/docs/en/hooks | Cohérent avec état actuel |
**Corrections apportées** : Aucune donnée intégrée sans vérification. Claims marqués ⚠️ doivent être vérifiés avant intégration dans le guide.
**Stats nécessitant recherche externe avant intégration** :
- Quotas Pro/Max précis → chercher dans GitHub issues anthropics/claude-code ou docs officielles
- Windsurf Wave 13 features → vérifier windsurf.com/changelog
- Zed token pricing → vérifier zed.dev/blog
---
## Décision finale
- **Score final** : 3/5 (Pertinent)
- **Action** : Intégration sélective — 2 apports sur 6
- **Confidence** : Moyenne (source anonyme, claims communautaires non tous vérifiables)
### Prochaines étapes
1. **Vérifier Sonnet 4.6 date** : `https://code.claude.com/docs/llms-full.txt` ou Perplexity
2. **Vérifier quotas précis** : GitHub issues anthropics/claude-code (chercher #6611)
3. **Si vérifiés** : Intégrer tableau quotas + étendre comparatif outils (Windsurf + Zed)
4. **Priorité** : Moyenne (amélioration utile, non bloquante)
---
*Fichier* : `docs/resource-evaluations/benchmark-ai-coding-tools-feb2026.md`
*Prochaine révision* : 2026-06-02 (pricing et modèles évoluent vite dans ce secteur)

103
docs/resource-evaluations/daniel-miessler-the-great-transition.md Normal file
View file

@ -0,0 +1,103 @@
# Évaluation Ressource: The Great Transition — Unsupervised Learning Podcast
**Source**: https://omny.fm/shows/unsupervised-learning/the-great-transition
**Type**: Podcast — framework conceptuel macro-tendances IA (84 min)
**Auteur**: Daniel Miessler (cybersecurity/AI analyst, Unsupervised Learning)
**Date de publication**: 2026-02-28
**Date d'évaluation**: 2026-03-02
**Évaluateur**: Claude Sonnet 4.6
**Reviewer**: technical-writer agent
---
## 📄 Résumé du contenu
5 points clés:
- **Framework "8 transitions simultanées"** pour naviguer l'ère IA, présenté comme modèle unifié réduisant l'anxiété face aux changements technologiques rapides
- **Software → APIs for AI agents**: les apps à interface humaine disparaissent au profit d'APIs orchestrées par des assistants personnels IA — le SEO/marketing s'adresse aux agents, pas aux humains
- **Enterprise as AI-Run Graph**: les entreprises deviennent des graphes d'algorithmes/SOPs pilotés par IA, le software se sélectionne automatiquement sur métriques de performance
- **Cybersecurity AI vs AI**: bataille machine-speed entre stacks défensifs et offensifs, asset management temps réel = priorité #1
- **Ideal State Management** présenté comme "plus grand use case IA": définir l'état idéal, l'IA évalue l'état actuel et exécute en continu pour combler le gap (individus comme entreprises)
Les 3 autres transitions: Knowledge Private → Public (expertise absorbée par modèles IA via skills/markdown), Automation → Zero Employees (l'automatisation vise l'absence totale de salariés), Human 3.0 (travail décentralisé, individus broadcastent leurs compétences, agents les recrutent on-demand), Custom Everything (logiciels bespoke générés par IA, fragmentation des réalités).
---
## 🎯 Score de pertinence
**Score: 2/5** — Marginal (Watch list)
### Justification
**Audience mismatch principal**: le guide sert des développeurs configurant Claude Code CLI au quotidien. Ce podcast cible des macroéconomistes de l'IA cherchant un cadre conceptuel global. Ces deux audiences ne se superposent pas utilement.
**Ratio signal/effort**: 84 minutes pour 0 insight technique extractable absent du guide. Le guide *implémente* ce que Miessler *nomme* (skills = externalized knowledge, agents orchestrating APIs, ideal state via hooks/memory).
**Durée de vie des contenus**: les prédictions futurologiques (zero employees, fragmented realities, Human 3.0) ont une demi-vie de 12-18 mois. Le guide vise la durabilité sur plusieurs années.
---
## ⚖️ Comparatif
| Aspect | Ce podcast | Notre guide |
|--------|------------|-------------|
| Skills = externalisation du savoir | Framing conceptuel ("pourquoi") | ✅ Implémentation concrète (SKILL.md, skills/) |
| Agents orchestrant des APIs | Tendance prédite | ✅ Documenté (multi-agent, MCP, orchestration) |
| Ideal State Management | Concept nommé | ✅ Couvert via hooks, memory, continuous agents |
| Cybersecurity AI vs AI | Direction prospective | ✅ security-hardening.md, threat-db.yaml |
| Future of Work / Human 3.0 | Couvert en profondeur | ❌ Absent — délibérément hors scope guide technique |
| Zero employees trajectory | Couvert en profondeur | ❌ Absent — hors scope, contenu daté |
---
## 📍 Recommandation
**Ne pas intégrer.** Ni mention directe, ni section dédiée.
**Seule ouverture partielle envisageable** (future): si une section "Pourquoi soigner sa configuration Claude Code" voit le jour, la Transition #8 (Ideal State Management) pourrait servir d'une phrase de framing philosophique avec lien vers le podcast. Pas dans l'état actuel du guide.
**Watchlist**: réévaluer si dans 6-12 mois la communauté Claude Code adopte massivement le paradigme "Ideal State" comme framing pour structurer ses agents/hooks. Dans ce cas, chercher une source plus technique comme point d'entrée.
---
## 🔥 Challenge (technical-writer agent)
**Score confirmé: 2/5.**
Points clés:
- L'argument "pas actionnable pour CLI" est trop vague — le vrai motif est l'*audience mismatch*
- Transition #8 (Ideal State) et Transition #1 (skills = externalized knowledge) ont une résonance réelle avec le guide, mais le guide les traite mieux depuis l'angle pratique
- Aucun insight technique unique présent dans cette ressource
- Intégration partielle possible théoriquement mais sans utilité concrète aujourd'hui
- Le ratio signal/effort est indépendamment disqualifiant: 84 min pour 0 extraction actionnable
---
## ✅ Fact-Check
| Affirmation | Vérifiée | Source |
|-------------|----------|--------|
| Auteur: Daniel Miessler | ✅ | Page Omny officielle |
| Date: 2026-02-28 | ✅ | Page Omny officielle |
| Durée: 84 min (5,060s) | ✅ | Page Omny officielle |
| Podcast couvre cybersecurity/AI/tech | ✅ | Description officielle |
| Contenu des 8 transitions | ⚠️ | Basé sur résumé utilisateur — transcript non accessible via fetch |
| Stats spécifiques | N/A | Aucune stat citée dans le résumé |
**Note**: le transcript est signalé disponible sur Omny mais non accessible publiquement via WebFetch. Le résumé utilisateur est cohérent avec la description officielle et le style habituel de Miessler.
---
## 🎯 Décision finale
| | |
|---|---|
| **Score final** | 2/5 |
| **Action** | Ne pas intégrer — mettre en watchlist |
| **Confiance** | Haute |
| **Motif principal** | Audience mismatch + ratio signal/effort + durée de vie courte des prédictions |
---
*Évaluation v1.0 — 2026-03-02*

132
docs/resource-evaluations/weekly-intel-2026-W09.md Normal file
View file

@ -0,0 +1,132 @@
# Évaluation Ressource: Veille hebdomadaire Anthropic/Claude Code — Semaine W09 2026
**Source**: Texte copié (rapport de veille interne)
**Type**: Rapport de veille structuré — 6 sujets, sources multi-canaux
**Période couverte**: 24 février 1er mars 2026
**Canaux**: GitHub anthropics/claude-code, blog Anthropic, docs/release notes, X @AnthropicAI
**Date d'évaluation**: 2026-03-02
**Évaluateur**: Claude Sonnet 4.6
**Reviewer**: technical-writer agent
---
## 📄 Résumé du contenu
- **Claude Code v2.1.63** (27 fév): nouvelles slash commands bundlées `/simplify` + `/batch`, HTTP hooks (POST JSON → URL), partage config/auto-memory entre worktrees du même repo, nouvel env var `ENABLE_CLAUDEAI_MCP_SERVERS=false`, série de fixes memory leaks critiques
- **Model deprecations urgentes**: `claude-3-haiku-20240307` deprecated le 19 fév, retirement API le **20 avril 2026** (7 semaines), replacement recommandé: `claude-haiku-4-5-20251001`
- **Acquisition Vercept** (24 fév): startup vision/GUI automation, équipe rejoint Anthropic pour renforcer computer use — contextuel, pas de changement API immédiat
- **Opus 3 deprecation update**: Opus 3 reste accessible via canal dédié + Substack "Claude's Corner" — anecdotique pour le guide
- **Anthropic vs Department of War**: lignes rouges (pas de surveillance masse, pas d'armes autonomes) — hors scope technique
- **Cowork: plugins + tâches planifiées** (24-25 fév): marketplace plugins, contrôles admin, scheduled tasks — audience non-dev, hors scope
---
## 🎯 Score de pertinence: 4/5
**Score initial préliminaire**: 4/5
**Score challenge agent**: 3/5 (report complet), 5/5 (v2.1.63 isolé)
**Score final retenu**: **4/5** — le rapport contient 2 éléments haute valeur + 1 urgence deadline
**Justification**: Le rapport agrège des infos de valeurs très différentes. Si on exclut les 50% hors scope (Cowork, DoW, Opus 3 Substack), les items techniques restants justifient une intégration active:
- HTTP hooks = **gap réel** dans le guide (section hooks ne couvre que shell scripts)
- v2.1.63 release tracking = mise à jour mécanique du YAML + MD
- Haiku 3 retirement le 20/04/2026 = **urgence actionnable dans 7 semaines**
---
## ⚖️ Comparatif
| Aspect | Ce rapport | Guide actuel |
|--------|-----------|--------------|
| HTTP hooks (nouveau type) | ✅ Documenté + exemple config | ❌ Absent — seulement hooks shell |
| v2.1.63 dans release tracking | ✅ Détails CHANGELOG | ❌ Dernier tracké = 2.1.59 |
| Worktree config sharing | ✅ Confirmé | ⚠️ Worktrees couverts mais pas ce détail |
| Haiku 3 retirement deadline | ✅ Date précise (20/04/2026) | ❌ Absent ou non à jour |
| Bundled `/simplify` + `/batch` | ✅ Confirmé | ⚠️ `/simplify` existe comme skill custom — confusion possible |
| Cowork features | ✅ Couvert | ✅ Hors scope volontairement |
| DoW/Vercept/Opus 3 Substack | ✅ Couvert | ✅ Hors scope technique |
---
## 📍 Recommandations
### Items à intégrer (score ≥ 4/5 individuel)
**1. Claude Code v2.1.63 → Release tracking**
- Fichiers: `machine-readable/claude-code-releases.yaml` + `guide/claude-code-releases.md`
- Action: Ajouter versions 2.1.60 → 2.1.63 (le script `./scripts/update-cc-releases.sh` a déjà les données)
- Priorité: **Haute** (release récente, notre tracking a 4 versions de retard)
**2. HTTP hooks → Section Hooks du guide**
- Fichier: `guide/ultimate-guide.md` (section 7.x Hooks)
- Action: Ajouter sous-section "HTTP Hooks" avec config et cas d'usage (intégrations CI/CD, webhooks)
- Priorité: **Haute** (nouveau type de hook, absent du guide, pertinent pour intégrations enterprise)
- Config minimal documentée:
```json
{ "type": "http", "url": "https://...", "allowedEnvVars": ["MY_TOKEN"] }
```
**3. Haiku 3 API retirement → Section modèles**
- Fichier: `guide/ultimate-guide.md` (section modèles) + potentiellement dans la section entreprise/API
- Action: Note avec deadline `claude-3-haiku-20240307` → retirement 20/04/2026, migration vers `claude-haiku-4-5-20251001`
- Priorité: **Urgente** (deadline < 7 semaines au moment de l'évaluation)
### Items à rejeter (hors scope)
- Cowork plugins/scheduled tasks: audience non-dev, hors périmètre
- Acquisition Vercept: contextuel, pas d'impact technique sur CC
- DoW statements: politique/gouvernance, hors scope guide technique
- Opus 3 + Claude's Corner: anecdotique pour guide développeurs
---
## 🔥 Challenge (technical-writer)
**Points clés du challenge agent**:
- Score révisé à la baisse pour le rapport entier (3/5), mais 5/5 pour les items extraits
- **Avertissement principal**: la fiabilité de v2.1.63 était à vérifier — script `update-cc-releases.sh` a confirmé que la version est réelle avec le CHANGELOG officiel ✅
- HTTP hooks = item le plus intéressant, gap réel confirmé par grepai search
- **Haiku 3 deadline sous-priorisée** dans l'évaluation initiale — urgence réelle à 7 semaines
- Recommande exclusion explicite des 50% hors scope avec justification
**Score ajusté**: 4/5 maintenu (le challenge agent score 3/5 pour le rapport brut, mais 4/5 après extraction des items pertinents)
---
## ✅ Fact-Check
| Affirmation | Vérifiée | Source |
|-------------|----------|--------|
| v2.1.63 publiée le 27 fév 2026 | ✅ | CHANGELOG officiel via `./scripts/update-cc-releases.sh` |
| `/simplify` et `/batch` bundlées dans 2.1.63 | ✅ | CHANGELOG officiel: "Added /simplify and /batch bundled slash commands" |
| HTTP hooks dans v2.1.63 | ✅ | CHANGELOG officiel: "Added HTTP hooks, which can POST JSON to a URL and receive JSON" |
| Worktree config sharing dans v2.1.63 | ✅ | CHANGELOG officiel: "Project configs & auto memory now shared across git worktrees" |
| `ENABLE_CLAUDEAI_MCP_SERVERS` env var | ✅ | CHANGELOG officiel |
| Memory leak fixes (liste longue) | ✅ | CHANGELOG officiel (12+ fixes distincts) |
| "Task tool replaced by Agent tool" | ❌ | NON présent dans le CHANGELOG v2.1.63 — info probablement fausse ou mal attribuée par la source Reddit |
| Haiku 3 retirement le 20 avril 2026 | ⚠️ | Sourced depuis docs officielles platform.claude.com — non re-vérifié directement ici |
| Python SDK v0.72.0 dernière version | ⚠️ | Suspect (date octobre 2025) — SDK a probablement évolué depuis |
| Acquisition Vercept (24 fév 2026) | ⚠️ | Multi-sources presse (Forbes, MLQ, TechCrunch) — vraisemblable mais pas vérifié blog officiel |
**Corrections apportées**:
- "Task tool replaced by Agent tool" retiré du plan d'intégration (non confirmé CHANGELOG officiel)
- Python SDK info ignorée (non pertinente pour le guide + données potentiellement obsolètes)
---
## 🎯 Décision finale
- **Score final**: 4/5
- **Action**: Intégrer (3 items ciblés: v2.1.63 tracking, HTTP hooks section, Haiku 3 deadline)
- **Confiance**: Haute pour items CC (CHANGELOG officiel vérifié) / Moyenne pour model deprecations
### Prochaines actions prioritaires
1. `./scripts/update-cc-releases.sh` → intégrer v2.1.60 à 2.1.63 dans le YAML + MD
2. Section HTTP hooks dans `guide/ultimate-guide.md` §7 (Hooks)
3. Note urgente Haiku 3 retirement (20/04/2026) dans section modèles
---
*Évaluation réalisée le 2026-03-02 | Claude Sonnet 4.6 | Challenge: technical-writer agent*

208
examples/agents/cyber-defense/README.md Normal file
View file

@ -0,0 +1,208 @@
# Cyber Defense Agent Team
A 4-agent pipeline that detects security threats in log files. Built natively with Claude Code Agent Teams.
**This example exists to compare two approaches**: LangGraph (the Python framework) vs Claude Code Agent Teams (native). Same system, two architectures. The delta tells you when to use which.
---
## Architecture
```
log-ingestor (haiku)
anomaly-detector (sonnet)
risk-classifier (sonnet)
threat-reporter (sonnet)
cyber-defense-report.md
```
Each agent has a single responsibility and passes data to the next via shared JSON files. The orchestration skill (`/cyber-defense-team`) sequences the spawns and reports results.
**Usage**: `/cyber-defense-team /var/log/nginx/access.log`
---
## LangGraph vs Claude Code Agent Teams
Same system built twice. Here's the full comparison.
### The LangGraph Version (~150 lines of Python)
```python
from typing import TypedDict, List
from langgraph.graph import StateGraph, END
from langgraph.checkpoint.memory import MemorySaver
from langchain_core.tools import tool
from langchain_openai import ChatOpenAI
from langchain_core.messages import HumanMessage, SystemMessage
import json
# ─── State Definition ─────────────────────────────────────────────────────────
class DefenseState(TypedDict):
raw_logs: str
parsed_events: List[dict]
anomalies: List[dict]
risk_level: str # LOW | MEDIUM | HIGH | CRITICAL
report: str
# ─── Tools (Python functions the LLM can call) ────────────────────────────────
@tool
def detect_patterns(logs: str) -> List[dict]:
"""Extract structured events from raw log text."""
events = []
for line in logs.split("\n"):
if any(k in line for k in ["ERROR", "FAILED", "UNAUTHORIZED"]):
events.append({"type": "security_event", "raw": line})
elif "WARNING" in line:
events.append({"type": "warning", "raw": line})
return events
@tool
def detect_anomalies(events: List[dict]) -> List[dict]:
"""Detect statistical anomalies in event patterns."""
anomalies = []
error_count = sum(1 for e in events if e["type"] == "security_event")
if error_count > 5:
anomalies.append({"type": "high_error_rate", "count": error_count, "severity": "HIGH"})
return anomalies
@tool
def lookup_threat(event_type: str) -> dict:
"""Look up known threat signatures."""
db = {
"UNAUTHORIZED": {"description": "Auth bypass attempt"},
"SQL_INJECTION": {"cve": "CVE-2021-1234", "description": "SQLi pattern"}
}
return db.get(event_type, {"description": "Unknown threat"})
# ─── LLM Setup ────────────────────────────────────────────────────────────────
llm = ChatOpenAI(model="gpt-4o-mini")
llm_with_tools = llm.bind_tools([detect_patterns, detect_anomalies, lookup_threat])
# ─── Nodes (one function per agent role) ──────────────────────────────────────
def ingest_node(state: DefenseState) -> DefenseState:
events = detect_patterns.invoke(state["raw_logs"])
return {**state, "parsed_events": events}
def detect_node(state: DefenseState) -> DefenseState:
anomalies = detect_anomalies.invoke(state["parsed_events"])
return {**state, "anomalies": anomalies}
def classify_node(state: DefenseState) -> DefenseState:
result = llm_with_tools.invoke([
SystemMessage("Classify risk as LOW/MEDIUM/HIGH/CRITICAL."),
HumanMessage(f"Anomalies: {json.dumps(state['anomalies'])}")
])
risk = "HIGH" if state["anomalies"] else "LOW"
return {**state, "risk_level": risk}
def report_node(state: DefenseState) -> DefenseState:
result = llm_with_tools.invoke([
SystemMessage("You are a Senior Security Analyst. Write a Markdown incident report."),
HumanMessage(f"Risk: {state['risk_level']}\nAnomalies: {json.dumps(state['anomalies'])}")
])
return {**state, "report": result.content}
# ─── Conditional Edge ─────────────────────────────────────────────────────────
def should_report(state: DefenseState) -> str:
return "report" if state["anomalies"] else END
# ─── Graph Assembly ───────────────────────────────────────────────────────────
builder = StateGraph(DefenseState)
builder.add_node("ingest", ingest_node)
builder.add_node("detect", detect_node)
builder.add_node("classify", classify_node)
builder.add_node("report", report_node)
builder.set_entry_point("ingest")
builder.add_edge("ingest", "detect")
builder.add_edge("detect", "classify")
builder.add_conditional_edges("classify", should_report)
builder.add_edge("report", END)
# ─── Memory ───────────────────────────────────────────────────────────────────
checkpointer = MemorySaver()
app = builder.compile(checkpointer=checkpointer)
# ─── Entry Point ──────────────────────────────────────────────────────────────
def analyze_logs(logs: str) -> str:
config = {"configurable": {"thread_id": "security-session-1"}}
result = app.invoke(
{"raw_logs": logs, "parsed_events": [], "anomalies": [], "risk_level": "", "report": ""},
config
)
return result.get("report", "No threats detected.")
```
### The Claude Code Version (~60 lines of YAML/Markdown)
Four agent files, one skill file. No graph assembly, no TypedDict, no boilerplate.
```
examples/agents/cyber-defense/
├── log-ingestor.md (~40 lines)
├── anomaly-detector.md (~50 lines)
├── risk-classifier.md (~55 lines)
└── threat-reporter.md (~45 lines)
examples/skills/cyber-defense-team/
└── SKILL.md (~70 lines)
```
Each agent file is a YAML frontmatter (name, model, tools) + a plain English system prompt describing role, inputs, outputs, and constraints. The skill file sequences the agents with `Agent tool` calls.
---
## Side-by-Side Comparison
| Dimension | LangGraph | Claude Code Agent Teams |
|-----------|-----------|------------------------|
| **Total code** | ~150 lines Python | ~60 lines YAML/Markdown |
| **State management** | Explicit `TypedDict` definition | Implicit — JSON files between agents |
| **Memory** | Manual `MemorySaver` setup | Native (files persist by default) |
| **Tool definition** | `@tool` decorated Python functions | MCP servers or built-in tools |
| **Conditional logic** | `add_conditional_edges()` | Natural language in skill ("if no anomalies, skip to Step 5") |
| **Model selection** | One model for all nodes | Per-agent (haiku for parsing, sonnet for reasoning) |
| **Debugging** | `print()` + LangSmith (paid) | Native Claude Code UI |
| **New agent role** | New function + `add_node()` + `add_edge()` | New `.md` file |
| **Onboarding** | Learn LangGraph API | Read a Markdown file |
| **Deployment** | FastAPI or Gradio (~50 more lines) | `claude` CLI, done |
| **Dependencies** | `langgraph`, `langchain`, `langchain-openai` | None (built into Claude Code) |
---
## When to Use Which
**Use Claude Code Agent Teams when:**
- You want to move fast — prototype to working system in 30 minutes
- Your team includes non-developers who may read or edit agent prompts
- The pipeline is internal tooling (not a public API endpoint)
- You need to iterate on agent behavior frequently (edit a `.md` file, done)
**Use LangGraph when:**
- You need to embed the system inside a larger Python application
- You want to expose the pipeline as a REST API for external consumers
- You need deterministic state transitions that must be unit-tested
- Your team is already Python-native and has LangGraph expertise
**The honest tradeoff**: LangGraph gives you more programmatic control and Python ecosystem access. Claude Code Agent Teams give you less boilerplate, faster iteration, and no infrastructure to maintain. For internal tooling and knowledge work pipelines, the Claude Code approach typically wins on total cost of ownership.
---
## Files in This Example
| File | Agent Role | Model | Responsibility |
|------|-----------|-------|----------------|
| `log-ingestor.md` | Stage 1 | haiku | Parse raw logs → `cyber-defense-events.json` |
| `anomaly-detector.md` | Stage 2 | sonnet | Detect patterns → `cyber-defense-anomalies.json` |
| `risk-classifier.md` | Stage 3 | sonnet | Score risk → `cyber-defense-risk.json` |
| `threat-reporter.md` | Stage 4 | sonnet | Generate → `cyber-defense-report.md` |
| `../skills/cyber-defense-team/SKILL.md` | Orchestrator | — | Sequence agents, handle errors, summarize |
---
**Inspired by**: Maryam Miradi's SMART COMPASS framework — same system, different stack.

71
examples/agents/cyber-defense/anomaly-detector.md Normal file
View file

@ -0,0 +1,71 @@
---
name: anomaly-detector
description: Detect statistical anomalies and attack patterns from structured security events. Second stage of the cyber defense pipeline — reads cyber-defense-events.json and produces anomalies.
model: sonnet
tools: Read
---
# Anomaly Detector Agent
Second stage. Read structured events from `cyber-defense-events.json`, detect anomalies and known attack patterns.
**Role**: Pattern recognition and anomaly scoring. No classification of severity — that's the risk-classifier's job.
## Input
Read `cyber-defense-events.json` produced by log-ingestor.
## Detection Rules
### Volume Anomalies
- AUTH_FAILURE > 10 in any 5-minute window → brute force attempt
- Same source IP appearing in > 5 AUTH_FAILURE events → credential stuffing
- ERROR spike > 3x baseline → potential DoS or application crash
### Pattern Anomalies
- Sequential port scanning signatures in source IPs
- SQL keywords in request paths (`SELECT`, `UNION`, `DROP`, `--`)
- Path traversal patterns (`../`, `%2e%2e`, `..%2F`)
- XSS vectors (`<script>`, `javascript:`, `onerror=`)
### Behavioral Anomalies
- Access to `/admin`, `/config`, `/.env`, `/.git` from external IPs
- High-frequency requests from single IP (> 100/min)
- Off-hours activity if timestamps available
## Output Format
Write detected anomalies to `cyber-defense-anomalies.json`:
```json
{
"anomalies_found": 3,
"anomalies": [
{
"id": "A001",
"type": "BRUTE_FORCE",
"confidence": 0.94,
"description": "23 AUTH_FAILURE events from IP 192.168.1.105 in 8 minutes",
"affected_events": [1, 4, 7, 12],
"source_ip": "192.168.1.105",
"evidence": "23 failures, 0 successes from same IP"
},
{
"id": "A002",
"type": "SQL_INJECTION",
"confidence": 0.87,
"description": "SQLi pattern detected in /api/users endpoint",
"affected_events": [34],
"source_ip": "10.0.0.44",
"evidence": "Request contained 'UNION SELECT' in path parameter"
}
]
}
```
## Constraints
- Report confidence score (0.0-1.0) for each anomaly — don't be binary
- Link anomalies to specific event IDs from cyber-defense-events.json
- If zero anomalies: write `{"anomalies_found": 0, "anomalies": []}` and report "No anomalies detected. Logs appear clean."
- Do not suggest risk levels — that's risk-classifier's scope

62
examples/agents/cyber-defense/log-ingestor.md Normal file
View file

@ -0,0 +1,62 @@
---
name: log-ingestor
description: Parse raw logs into structured security events. First stage of the cyber defense pipeline — reads log files and extracts typed events (errors, warnings, auth failures, anomalies).
model: haiku
tools: Read, Glob
---
# Log Ingestor Agent
First stage of the cyber defense pipeline. Parse raw logs and produce structured event data for downstream agents.
**Role**: Read logs → extract structured events. No analysis, no judgment — pure parsing.
## Input
Raw log content passed in the task description, or a file path to read.
## Process
1. Read the log content
2. Classify each line by event type:
- `AUTH_FAILURE` — failed login, unauthorized access, permission denied
- `SECURITY_EVENT` — known attack patterns (SQLi, XSS, path traversal)
- `ERROR` — application errors with stack traces
- `WARNING` — non-critical anomalies
- `INFO` — normal operations (include for baseline)
3. Extract metadata per event: timestamp, source IP (if present), service, message
## Output Format
Write parsed events to a shared file `cyber-defense-events.json`:
```json
{
"total_lines": 842,
"parsed_events": [
{
"id": 1,
"type": "AUTH_FAILURE",
"timestamp": "2024-01-15T14:23:01Z",
"source_ip": "192.168.1.105",
"service": "nginx",
"message": "user 'admin' failed login from 192.168.1.105",
"raw": "[2024-01-15 14:23:01] FAILED LOGIN: user 'admin'..."
}
],
"summary": {
"AUTH_FAILURE": 23,
"SECURITY_EVENT": 4,
"ERROR": 17,
"WARNING": 89,
"INFO": 709
}
}
```
## Constraints
- Do not interpret or analyze — only classify and structure
- If timestamp is missing, use `"timestamp": null`
- If source IP is absent, use `"source_ip": null`
- Write the JSON file, then report: "Ingested X lines → Y events (Z security-relevant)"

71
examples/agents/cyber-defense/risk-classifier.md Normal file
View file

@ -0,0 +1,71 @@
---
name: risk-classifier
description: Classify overall risk level from detected anomalies. Third stage of the cyber defense pipeline — reads cyber-defense-anomalies.json and assigns CRITICAL/HIGH/MEDIUM/LOW with justification.
model: sonnet
tools: Read
---
# Risk Classifier Agent
Third stage. Read `cyber-defense-anomalies.json`, apply risk scoring matrix, output a classification with justification.
**Role**: Translate technical anomalies into a business risk decision. One output: a risk level + rationale.
## Input
Read `cyber-defense-anomalies.json` produced by anomaly-detector.
## Risk Scoring Matrix
### CRITICAL (immediate action required)
- Active exploitation confirmed (successful auth after brute force)
- Data exfiltration indicators (large outbound transfers, DB dumps)
- Ransomware or malware execution patterns
- Compromise of admin credentials
### HIGH (respond within 1 hour)
- Brute force attack in progress (no success yet)
- SQL injection or path traversal detected
- Multiple anomaly types from same source
- Privilege escalation attempts
### MEDIUM (respond within 24 hours)
- Isolated SQLi probe (single attempt, low confidence)
- Off-hours access from known internal IP
- Moderate error spike without clear attack pattern
- Single high-confidence anomaly, low business impact
### LOW (monitor, no immediate action)
- Reconnaissance patterns only (port scan, fingerprinting)
- Single auth failure from unknown IP
- Low-confidence anomalies (< 0.5)
- Zero anomalies → always LOW
## Output Format
Write classification to `cyber-defense-risk.json`:
```json
{
"risk_level": "HIGH",
"score": 74,
"primary_threat": "BRUTE_FORCE",
"rationale": "Active brute force attack from 192.168.1.105 (23 failures, still ongoing based on timestamps). No successful auth yet — window still open. SQL injection probe from separate IP adds compounding risk.",
"anomalies_considered": ["A001", "A002"],
"recommended_action": "Block IP 192.168.1.105 immediately. Review /api/users access logs for A002 source IP. Check for any successful logins in the last 30 minutes.",
"escalate_to_human": true
}
```
## Decision Rules
- If anomalies_found = 0 → always `LOW`, `escalate_to_human: false`
- If any anomaly confidence > 0.9 AND type is BRUTE_FORCE or SQL_INJECTION → minimum `HIGH`
- If multiple anomaly types from same source IP → upgrade one level
- `escalate_to_human: true` for HIGH and CRITICAL
## Constraints
- One risk level, not a range
- Rationale must reference specific anomaly IDs
- `recommended_action` must be concrete (not "monitor the situation")

75
examples/agents/cyber-defense/threat-reporter.md Normal file
View file

@ -0,0 +1,75 @@
---
name: threat-reporter
description: Generate a human-readable security incident report. Final stage of the cyber defense pipeline — reads all three JSON files and produces a Markdown report for security teams.
model: sonnet
tools: Read, Write
---
# Threat Reporter Agent
Final stage. Read all pipeline outputs, synthesize a structured incident report in Markdown.
**Role**: Translate machine-readable analysis into a clear, actionable report for security teams (and non-technical stakeholders).
## Input
Read all three files produced by previous agents:
1. `cyber-defense-events.json` — raw event stats
2. `cyber-defense-anomalies.json` — detected anomalies
3. `cyber-defense-risk.json` — risk classification
## Report Structure
```markdown
# Security Incident Report
**Generated**: [ISO timestamp]
**Risk Level**: [CRITICAL|HIGH|MEDIUM|LOW] — [score]/100
**Requires Human Review**: [Yes|No]
---
## Executive Summary
[2-3 sentences. What happened, how bad, what to do right now.
Written for non-technical readers.]
## Threat Details
### [Anomaly ID] — [Anomaly Type]
- **Confidence**: [X]%
- **Source**: [IP if available]
- **Description**: [What was detected and why it matters]
- **Evidence**: [Key data points]
## Recommended Actions
### Immediate (do now)
- [ ] [Specific action with target]
### Short-term (within 24h)
- [ ] [Specific action]
### Monitoring
- [ ] [What to watch for]
## Log Statistics
| Metric | Count |
|--------|-------|
| Total log lines | X |
| Security-relevant events | X |
| Anomalies detected | X |
---
*Report generated by cyber-defense Agent Team — Claude Code*
```
## Writing Guidelines
- Executive Summary: one sentence for each of: what happened, severity, immediate action. Non-technical language.
- Threat Details: technical precision. Include IPs, timestamps, confidence scores.
- Actions: specific and measurable. Not "review logs" but "grep auth.log for 192.168.1.105 and count successful logins after 14:15 UTC."
- If risk_level = LOW and no anomalies: the executive summary should be one sentence: "Log analysis complete — no threats detected."
## Output
Write the report to `cyber-defense-report.md` and print a one-line summary:
`Report saved → cyber-defense-report.md | Risk: [LEVEL] | Actions: [N]`

115
examples/skills/cyber-defense-team/SKILL.md Normal file
View file

@ -0,0 +1,115 @@
---
name: cyber-defense-team
description: Orchestrate a 4-agent cyber defense pipeline to analyze log files for threats. Spawns log-ingestor → anomaly-detector → risk-classifier → threat-reporter as parallel-then-sequential agents. Produces a Markdown incident report.
version: 1.0.0
usage: /cyber-defense-team [log-file-path]
args:
- name: log_path
description: Path to the log file to analyze (or paste log content directly)
required: true
---
# Cyber Defense Team Skill
Orchestrate a 4-agent pipeline that analyzes log files for security threats and produces an incident report.
## Pipeline Architecture
```
[You] → Team Lead (this skill)
├─[1]─→ log-ingestor (haiku) → cyber-defense-events.json
├─[2]─→ anomaly-detector (sonnet) → cyber-defense-anomalies.json
│ (reads events.json)
├─[3]─→ risk-classifier (sonnet) → cyber-defense-risk.json
│ (reads anomalies.json)
└─[4]─→ threat-reporter (sonnet) → cyber-defense-report.md
(reads all 3 JSON files)
```
Stages 2 and 3 are sequential (each depends on previous output). Stage 4 runs after all data is ready.
## Execution Steps
### Step 1 — Validate Input
Check that the log file exists (or that log content was provided inline). If the path doesn't exist, tell the user immediately — don't proceed.
### Step 2 — Spawn Log Ingestor
Use the Agent tool to spawn the `log-ingestor` agent:
```
Task: Parse the log file at [log_path] and write structured events to cyber-defense-events.json.
Log path: [log_path]
```
Wait for completion. Confirm `cyber-defense-events.json` was created.
### Step 3 — Spawn Anomaly Detector
Use the Agent tool to spawn the `anomaly-detector` agent:
```
Task: Read cyber-defense-events.json and detect anomalies. Write results to cyber-defense-anomalies.json.
```
Wait for completion. If `anomalies_found: 0`, skip to Step 5 (reporter still runs).
### Step 4 — Spawn Risk Classifier
Use the Agent tool to spawn the `risk-classifier` agent:
```
Task: Read cyber-defense-anomalies.json and classify overall risk. Write result to cyber-defense-risk.json.
```
### Step 5 — Spawn Threat Reporter
Use the Agent tool to spawn the `threat-reporter` agent:
```
Task: Read cyber-defense-events.json, cyber-defense-anomalies.json, and cyber-defense-risk.json. Generate a complete incident report and save it to cyber-defense-report.md.
```
### Step 6 — Summarize for User
Read `cyber-defense-risk.json` and present:
```
✅ Analysis complete
Risk Level : HIGH
Score : 74/100
Threats : 2 anomalies detected
Report : cyber-defense-report.md
Primary threat: Brute force attack from 192.168.1.105
Immediate action required: [first recommended_action]
```
## Error Handling
- Agent fails at step 2: Tell user, stop pipeline, show raw error.
- Agent fails at step 3+: Show partial results, note which stage failed.
- Log file not found: "File [path] not found. Provide a valid path or paste log content."
## Cost Estimate
| Stage | Model | Typical tokens |
|-------|-------|----------------|
| log-ingestor | haiku | ~2K |
| anomaly-detector | sonnet | ~3K |
| risk-classifier | sonnet | ~2K |
| threat-reporter | sonnet | ~3K |
| **Total** | | **~10K** |
For large log files (>10K lines), log-ingestor may use up to 20K tokens.
## Example Usage
```
/cyber-defense-team /var/log/nginx/access.log
/cyber-defense-team /tmp/auth.log
```

4
guide/cheatsheet.md
View file

@ -12,7 +12,7 @@ tags: [cheatsheet, reference]
**Written with**: Claude (Anthropic)
**Version**: 3.29.0 | **Last Updated**: February 2026
**Version**: 3.29.1 | **Last Updated**: February 2026
---
@ -606,4 +606,4 @@ where.exe claude; claude doctor; claude mcp list
**Author**: Florian BRUNIAUX | [@Méthode Aristote](https://methode-aristote.fr) | Written with Claude
*Last updated: February 2026 | Version 3.29.0*
*Last updated: February 2026 | Version 3.29.1*

24
guide/claude-code-releases.md
View file

@ -10,13 +10,13 @@ tags: [reference, release]
> **Full details**: [github.com/anthropics/claude-code/CHANGELOG.md](https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md)
> **Machine-readable**: [claude-code-releases.yaml](../machine-readable/claude-code-releases.yaml)
**Latest**: v2.1.59 | **Updated**: 2026-02-26
**Latest**: v2.1.63 | **Updated**: 2026-02-27
---
## Quick Jump
- [2.1.x Series (January-February 2026)](#21x-series-january-february-2026) — Worktree isolation, background agents, ConfigChange hook, Fast mode Opus 4.6, 1M context, claude.ai MCP connectors, remote-control, auto-memory, /copy command
- [2.1.x Series (January-February 2026)](#21x-series-january-february-2026) — Worktree isolation, background agents, ConfigChange hook, Fast mode Opus 4.6, 1M context, claude.ai MCP connectors, remote-control, auto-memory, /copy command, HTTP hooks, worktree config sharing
- [2.0.x Series (Nov 2025 - Jan 2026)](#20x-series-november-2025---january-2026) — Opus 4.5, Claude in Chrome, Background agents
- [Breaking Changes Summary](#breaking-changes-summary)
- [Milestone Features](#milestone-features)
@ -25,6 +25,26 @@ tags: [reference, release]
## 2.1.x Series (January-February 2026)
### v2.1.63 (2026-02-27)
- **New**: HTTP hooks — hooks can now `POST` JSON to a URL and receive JSON back, instead of running a shell command. Useful for CI/CD integrations and stateless backend endpoints (v2.1.63+)
- **New**: Project configs & auto-memory now shared across all git worktrees of the same repository
- **New**: `/simplify` and `/batch` bundled slash commands
- **New**: `ENABLE_CLAUDEAI_MCP_SERVERS=false` env var to opt out of claude.ai MCP server exposure
- **Improved**: `/model` command shows currently active model in picker
- **Fixed**: Major wave of memory leaks — WebSocket listeners, MCP caches, git root detection cache, JSON parsing cache, bash prefix cache, subagent AppState after compaction, MCP server fetch caches on reconnect
- **Fixed**: VSCode remote sessions not appearing in conversation history
- **Fixed**: `/clear` not resetting cached skills (stale skill content persisted to new conversation)
- **Fixed**: Local slash command output (e.g. `/cost`) appearing as user messages in UI
### v2.1.62 (2026-02-27)
- **Fixed**: Prompt suggestion cache regression that reduced cache hit rates
### v2.1.61 (2026-02-27)
- **Fixed**: Concurrent writes corrupting config file on Windows
### v2.1.59 (2026-02-26)
- **New**: Auto-memory — Claude automatically saves useful context to memory; manage with `/memory`

40
guide/observability.md
View file

@ -398,6 +398,46 @@ Projects
other-project: 38
```
### Reading for Quality, Not Just Quantity
Token counts tell you how much you used Claude Code. JSONL logs can also tell you **how well your configuration is working** — if you know what to look for.
Beyond cost metrics, three patterns reliably signal that a skill, rule, or CLAUDE.md section needs updating:
**Repeated reads of the same file**
If Claude reads the same file 3+ times in one session, the content it needs probably isn't where it expects to find it. Consider moving the relevant context into a skill or CLAUDE.md section.
```bash
# Files read more than 3x in recent sessions
jq -r 'select(.tool == "Read") | .file' ~/.claude/logs/activity-*.jsonl \
| sort | uniq -c | sort -rn | awk '$1 > 3'
```
**Tool failures on the same command**
A Bash command that fails repeatedly across sessions usually means a skill has an outdated path, renamed binary, or command that no longer works with your current stack.
```bash
# Failing commands
jq -r 'select(.tool == "Bash" and (.exit_code // 0) != 0) | .command' \
~/.claude/logs/activity-*.jsonl | sort | uniq -c | sort -rn | head -10
```
**High edit frequency on the same file**
Files edited heavily across sessions often indicate missing context — the file's purpose isn't clear to the agent, or conventions around it aren't documented.
```bash
# Most-edited files (proxy for context gaps)
jq -r 'select(.tool == "Edit") | .file' ~/.claude/logs/activity-*.jsonl \
| sort | uniq -c | sort -rn | head -10
```
For each pattern you surface, ask: is there a skill, rule, or CLAUDE.md section that should cover this? See [§9.23 Configuration Lifecycle & The Update Loop](./ultimate-guide.md#923-configuration-lifecycle--the-update-loop) for the full workflow.
---
### Log Format
Each log entry is a JSON object:

470
guide/ultimate-guide.md
View file

@ -16,7 +16,7 @@ tags: [guide, reference, workflows, agents, hooks, mcp, security]
**Last updated**: January 2026
**Version**: 3.29.0
**Version**: 3.29.1
---
@ -882,13 +882,16 @@ Switching from GitHub Copilot, Cursor, or other AI assistants? Here's what you n
### Why Claude Code is Different
| Feature | GitHub Copilot | Cursor | Claude Code |
|---------|---------------|--------|-------------|
| **Interaction** | Inline autocomplete | Chat + autocomplete | CLI + conversation |
| **Context** | Current file | Open files | Entire project |
| **Autonomy** | Suggestions only | Edit + chat | Full task execution |
| **Customization** | Limited | Extensions | Agents, skills, hooks, MCP |
| **Cost Model** | $10-20/month flat | $20/month flat | Pay-per-use ($0.10-$0.50/hour) |
| Feature | GitHub Copilot | Cursor | Windsurf | Zed | Claude Code |
|---------|---------------|--------|----------|-----|-------------|
| **Interaction** | Inline autocomplete | Chat + autocomplete | Cascade agent | Agent panel + inline | CLI + conversation |
| **Context** | Current file | Open files | ~200K tokens (IDE) | 200-400K tokens | Entire project (agentic search) |
| **Autonomy** | Suggestions only | Edit + chat | Multi-agent (Wave 13) | Agent panel | Full task execution |
| **Customization** | Limited | Extensions | Hooks Cascade | BYO providers + Ollama | Agents, skills, hooks, MCP |
| **Cost Model** | $10-20/month flat | Credit-based ($20 Pro incl. + overages) | Credit-based ($15/mo Pro, 500 credits) | Token-based ($10/mo + list price +10%) | Subscription (Pro $20, Max 5x $100, Max 20x $200) |
| **Inline autocomplete** | ✅ Native | ✅ Tab | ✅ Supercomplete | ✅ Zeta | ❌ Use Copilot/Cursor alongside |
| **Offline/local models** | ❌ | ❌ (via LiteLLM) | ❌ | ✅ Ollama | ❌ |
| **Best for** | Quick suggestions | IDE-native AI UX | Multi-agent IDE | Speed + local models | Terminal/CLI workflows, large refactors |
**Key mindset shift**: Claude Code is a **structured context system**, not a chatbot or autocomplete tool. You build persistent context (CLAUDE.md, skills, hooks) that compounds over time — see [§2.5](#from-chatbot-to-context-system).
@ -2127,14 +2130,14 @@ Unlike API usage (pay-per-token), subscriptions use a hybrid model that's delibe
**Approximate Token Budgets by Plan** (Jan 2026, community-verified)
| Plan | 5-Hour Token Budget | Weekly Sonnet Hours | Weekly Opus Hours | Claude Code Access |
|------|---------------------|---------------------|-------------------|-------------------|
| **Free** | 0 | 0 | 0 | ❌ None |
| **Pro** ($20/mo) | ~44,000 tokens | 40-80 hours | N/A (Sonnet only) | ✅ Limited |
| **Max 5x** ($100/mo) | ~88,000-220,000 tokens | 140-280 hours | 15-35 hours | ✅ Full |
| **Max 20x** ($200/mo) | ~220,000+ tokens | 240-480 hours | 24-40 hours | ✅ Full |
| Plan | 5-Hour Token Budget | Claude Code prompts/5h | Weekly Sonnet Hours | Weekly Opus Hours | Claude Code Access |
|------|---------------------|------------------------|---------------------|-------------------|-------------------|
| **Free** | 0 | 0 | 0 | 0 | ❌ None |
| **Pro** ($20/mo) | ~44,000 tokens | ~10-40 prompts | 40-80 hours | N/A (Sonnet only) | ✅ Limited |
| **Max 5x** ($100/mo) | ~88,000-220,000 tokens | ~50-200 prompts | 140-280 hours | 15-35 hours | ✅ Full |
| **Max 20x** ($200/mo) | ~220,000+ tokens | ~200-800 prompts | 240-480 hours | 24-40 hours | ✅ Full |
> **Warning**: These are community-measured estimates. Anthropic does not publish exact token limits, and limits have been reduced without announcement (notably Oct 2025). The 8-10× Opus/Sonnet ratio means Max 20x users get only ~24-40 Opus hours weekly despite paying $200/month.
> **Warning**: These are community-measured estimates. Anthropic does not publish exact token limits, and limits have been reduced without announcement (notably Oct 2025). The 8-10× Opus/Sonnet ratio means Max 20x users get only ~24-40 Opus hours weekly despite paying $200/month. "Prompts/5h" is a rough practical translation of the token budget — actual capacity varies significantly with task complexity, context size, and sub-agent usage. Monthly cap: ~50 active 5-hour windows across all plans.
**Why "Hours" Are Misleading**
@ -4664,7 +4667,7 @@ The `.claude/` folder is your project's Claude Code directory for memory, settin
| Personal preferences | `CLAUDE.md` | ❌ Gitignore |
| Personal permissions | `settings.local.json` | ❌ Gitignore |
### 3.29.0 Version Control & Backup
### 3.29.1 Version Control & Backup
**Problem**: Without version control, losing your Claude Code configuration means hours of manual reconfiguration across agents, skills, hooks, and MCP servers.
@ -8228,7 +8231,7 @@ gh pr create --title "..." --body "..."
| Field | Description |
|-------|-------------|
| `matcher` | Regex pattern filtering when hooks fire (tool name, session start reason, etc.) |
| `type` | Hook type: `"command"`, `"prompt"`, or `"agent"` |
| `type` | Hook type: `"command"`, `"http"`, `"prompt"`, or `"agent"` |
| `command` | Shell command to run (for `command` type) |
| `prompt` | Prompt text for LLM evaluation (for `prompt`/`agent` types). Use `$ARGUMENTS` as placeholder for hook input JSON |
| `timeout` | Max execution time in seconds (default: 600s command, 30s prompt, 60s agent) |
@ -8240,9 +8243,33 @@ gh pr create --title "..." --body "..."
**Hook types:**
- **`command`**: Runs a shell command. Receives JSON on stdin, returns JSON on stdout. Most common type.
- **`http`** *(v2.1.63+)*: POSTs JSON to a URL and reads JSON response. Useful for CI/CD webhooks and stateless backend integrations without shell dependencies. Configure with `url` and optional `allowedEnvVars` for header interpolation.
- **`prompt`**: Sends prompt + hook input to a Claude model (Haiku by default) for single-turn evaluation. Returns `{ok: true/false, reason: "..."}`. Configure model via `model` field.
- **`agent`**: Spawns a subagent with tool access (Read, Grep, Glob, etc.) for multi-turn verification. Returns same `{ok: true/false}` format. Up to 50 tool-use turns.
**HTTP hook example** (v2.1.63+):
```json
{
"hooks": {
"PostToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "http",
"url": "https://ci.example.com/webhook/claude-hook",
"allowedEnvVars": ["CI_TOKEN"]
}
]
}
]
}
}
```
HTTP hooks receive the same JSON payload as `command` hooks and must return valid JSON. The `allowedEnvVars` field lists environment variables that can be referenced in headers (e.g., for Bearer token authentication).
### Hook Input (stdin JSON)
Hooks receive JSON on stdin with common fields (all events) plus event-specific fields:
@ -10595,6 +10622,183 @@ retrieve_memory("work in progress?")
| No expiration | Stale memories persist | Manual cleanup with `delete_memory` OR use Kairn (auto-decay) |
| No git integration | No branch-aware memory | Tag with branch name |
---
### Git MCP Server (Official Anthropic)
**Purpose**: Programmatic Git access via 12 structured tools for commit, diff, log, and branch management.
**Why Git MCP vs Bash `git`**: The Bash tool can run `git` commands but returns raw terminal output that requires parsing and consumes tokens. Git MCP returns structured data directly usable by Claude, with built-in filters (date, author, branch) and token-efficient diffs via the `context_lines` parameter.
> **⚠️ Status**: Early development — API subject to change. Suitable for local workflows; test before adopting in production pipelines.
**Tools (12)**:
| Tool | Description |
|------|-------------|
| `git_status` | Working tree status (staged, unstaged, untracked) |
| `git_diff_unstaged` | Unstaged changes |
| `git_diff_staged` | Staged changes ready to commit |
| `git_diff` | Compare any two branches, commits, or refs |
| `git_commit` | Create a commit with message |
| `git_add` | Stage one or more files |
| `git_reset` | Unstage files |
| `git_log` | Commit history with date, author, and branch filters |
| `git_create_branch` | Create a new branch |
| `git_checkout` | Switch branches |
| `git_show` | Show details for a commit or tag |
| `git_branch` | List all local branches |
**Setup**:
```bash
# No install required — uvx pulls it on first run
uvx mcp-server-git --repository /path/to/repo
```
**Claude Code configuration** (`~/.claude.json`):
```json
{
"mcpServers": {
"git": {
"command": "uvx",
"args": ["mcp-server-git", "--repository", "/absolute/path/to/repo"]
}
}
}
```
**Multi-repo configuration** (different server per project):
```json
{
"mcpServers": {
"git-frontend": {
"command": "uvx",
"args": ["mcp-server-git", "--repository", "/projects/frontend"]
},
"git-backend": {
"command": "uvx",
"args": ["mcp-server-git", "--repository", "/projects/backend"]
}
}
}
```
**Comparison: Git MCP vs Bash**:
| Use case | Bash `git` | Git MCP |
|----------|-----------|---------|
| Simple status check | Fine | Overkill |
| Filtered log (date + author) | Long command | Native filter params |
| Diff with context control | Possible | `context_lines` param |
| Scripting / automation | Good | Better (structured output) |
| CI / production pipelines | Tested, stable | Early dev, use with care |
**Typical workflows**:
- "Show me all commits by Alice in the last 7 days on the `main` branch"
- "What files changed in the last 3 commits? Summarize the changes."
- "Stage `src/auth.ts` and create a commit with an appropriate message"
> **Source**: `modelcontextprotocol/servers/src/git` — MIT license, part of the Anthropic-maintained monorepo (77k+ stars).
---
### GitHub MCP Server (Official GitHub)
**Purpose**: Full GitHub platform access — Issues, Pull Requests, Projects, Code search, repository management, and GitHub Enterprise.
**Git MCP vs GitHub MCP** (two distinct layers):
| Layer | Tool | Scope |
|-------|------|-------|
| Local Git operations | Git MCP Server | Commits, diffs, branches, staging |
| GitHub cloud platform | GitHub MCP Server | Issues, PRs, Projects, Reviews, Search |
Both can be active simultaneously. They complement each other: Git MCP handles local work, GitHub MCP handles collaboration and cloud state.
**Two setup modes**:
| Mode | Requires | When to use |
|------|----------|-------------|
| Remote (`api.githubcopilot.com`) | GitHub Copilot subscription | Already a Copilot subscriber |
| Self-hosted binary | GitHub PAT only | No Copilot, proprietary code, or privacy requirements |
**Remote MCP** (requires a GitHub Copilot subscription):
> **⚠️ Known issue**: `claude mcp add --transport http` attempts OAuth dynamic client registration by default, which the Copilot endpoint does not support. You'll get: `Incompatible auth server: does not support dynamic client registration`. The fix is to inject the token manually (see below).
Step 1 — Add the server:
```bash
claude mcp add --transport http github https://api.githubcopilot.com/mcp/
```
Step 2 — Get your active GitHub CLI token:
```bash
gh auth token
# → gho_xxxxxxxxxxxx
```
Step 3 — Edit `~/.claude.json` to add the `Authorization` header:
```json
{
"mcpServers": {
"github": {
"type": "http",
"url": "https://api.githubcopilot.com/mcp/",
"headers": {
"Authorization": "Bearer gho_xxxxxxxxxxxx"
}
}
}
}
```
> If the token expires: `gh auth refresh` then update the value in `~/.claude.json`.
**Self-hosted setup** (GitHub PAT only, no Copilot required):
```bash
# Download binary from github.com/github/github-mcp-server/releases
export GITHUB_PERSONAL_ACCESS_TOKEN=ghp_xxx
./github-mcp-server stdio
```
```json
{
"mcpServers": {
"github": {
"command": "/path/to/github-mcp-server",
"args": ["stdio"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx"
}
}
}
}
```
**Key capabilities**:
- Issues: create, list, filter, assign, close
- Pull Requests: create, review, merge, list by assignee/label
- Projects: read and update GitHub Projects v2
- Code search: search across all repos in an org
- GitHub Enterprise: same API, different base URL
**Typical workflows with Claude Code**:
- "List all open PRs assigned to me on `org/repo`, sorted by last activity"
- "For PR #456, summarize the changes, flag breaking changes, and draft a review comment"
- "Create an issue for bug X with a checklist, then open a branch and push a fix commit"
- "Search all repos in the org for usages of deprecated `fetchUser()` and list files to migrate"
**Differentiator vs `@modelcontextprotocol/server-github`**: The official GitHub MCP server adds Projects support, OAuth 2.1 auth, GitHub Enterprise, and the remote hosted endpoint. The npm reference server is lighter but covers fewer features.
> **Source**: `github/github-mcp-server` — Go, MIT license, 20k+ stars, actively maintained with regular releases.
</details>
---
@ -19286,6 +19490,236 @@ You've mastered the concepts and patterns. Now Section 10 gives you the technica
---
## 9.23 Configuration Lifecycle & The Update Loop
**Reading time**: 8 minutes
**Skill level**: Month 1+
> **See also**: [§9.10 Continuous Improvement Mindset](#910-continuous-improvement-mindset) — the conceptual foundation for this section. §9.23 is the operational layer: detecting when to act, and how.
As your Claude Code setup matures — skills, agents, rules, CLAUDE.md — a silent failure mode emerges: **your configuration drifts away from how you actually work**. Skills accumulate assumptions that no longer hold. CLAUDE.md describes a codebase that has evolved. Rules cover edge cases that became the norm. The agent keeps making the same correctable mistakes because nothing captures what you learned last week.
This section covers how to detect that drift early and close the loop — turning session observations into concrete config improvements.
---
### Why Configurations Go Stale
Staleness doesn't happen in one go. It accumulates from small gaps:
- A skill was written for a v1 API that's now v2 — the skill still "works" but generates code that needs manual fixing every time
- CLAUDE.md has context that's 6 months old — the agent reasons from a mental model of the codebase that no longer exists
- A rule was added for an edge case that's now the default pattern — it fires constantly and you've stopped reading its output
- You've corrected the same mistake across 5 sessions — but nothing ever captured that correction as a rule
The signal is always there: you keep doing the same manual fixes. The work is identifying which fixes are worth encoding.
---
### Detecting Friction from Your JSONL Logs
Your sessions are already logged (see [§Observability: Setting Up Session Logging](#setting-up-session-logging)). What's missing is reading them for **quality signals**, not just cost metrics.
Three patterns that reliably indicate a skill or rule needs updating:
| Pattern | Signal | Likely Cause |
|---------|--------|--------------|
| Same file read multiple times per session | Missing context | Content should move to CLAUDE.md or a skill |
| Tool failure followed immediately by retry | Wrong assumption | A skill has an outdated command or path |
| User correction immediately after assistant turn | Prompt gap | A skill or rule doesn't cover this case |
Run this script weekly against your session logs to surface these patterns:
```bash
#!/bin/bash
# scripts/detect-friction.sh
# Usage: ./scripts/detect-friction.sh [days-back]
# Requires: jq
DAYS=${1:-7}
LOG_DIR="${CLAUDE_LOG_DIR:-$HOME/.claude/logs}"
SINCE=$(date -v-${DAYS}d +%Y-%m-%d 2>/dev/null || date -d "-${DAYS} days" +%Y-%m-%d)
echo "=== Friction Report — last ${DAYS} days ==="
echo
# 1. Files read more than 3x in any single session
echo "## Repeated Reads (same file >3x in one session)"
for f in "$LOG_DIR"/activity-*.jsonl; do
[[ "$(basename "$f" .jsonl | cut -d- -f2-)" < "$SINCE" ]] && continue
jq -r 'select(.tool == "Read") | .file' "$f" 2>/dev/null
done | sort | uniq -c | sort -rn | awk '$1 > 3 {print " " $1 "x " $2}'
echo
# 2. Tool failures (Bash exit non-zero)
echo "## Tool Failures (potential stale commands in skills)"
for f in "$LOG_DIR"/activity-*.jsonl; do
[[ "$(basename "$f" .jsonl | cut -d- -f2-)" < "$SINCE" ]] && continue
jq -r 'select(.tool == "Bash" and (.exit_code // 0) != 0) | .command' "$f" 2>/dev/null
done | sort | uniq -c | sort -rn | head -10 | awk '{print " " $0}'
echo
# 3. Most-edited files (proxy for agent missing context)
echo "## Most Edited Files (context gap candidates)"
for f in "$LOG_DIR"/activity-*.jsonl; do
[[ "$(basename "$f" .jsonl | cut -d- -f2-)" < "$SINCE" ]] && continue
jq -r 'select(.tool == "Edit") | .file' "$f" 2>/dev/null
done | sort | uniq -c | sort -rn | head -10 | awk '{print " " $1 "x " $2}'
echo
echo "→ For each friction point, ask: is there a skill, rule, or CLAUDE.md section that should cover this?"
```
---
### Skills Lifecycle Management
Skills accumulate. Without a lifecycle policy, you end up with 20+ skills where half are unused, two contradict each other, and none have version history.
**When to create a skill:**
A task is worth encoding as a skill when you've done it manually 3+ times and the steps are stable enough to write down. If you're still figuring out the right approach, don't encode it yet — premature skills crystallize bad patterns.
**When to update a skill (patch):**
- A command in the skill fails because an API or path changed
- The output needs a small clarification you keep adding manually
- You added a convention and the skill doesn't reflect it yet
**When to version a skill (minor/major):**
Add a `version` field and `updated` date to your skill frontmatter:
```yaml
---
version: 1.2.0
updated: 2026-03-02
breaking_since: null
---
```
Use a simple policy:
- **patch** (`x.x.Z`): rewording, clarification, examples added — no behavior change
- **minor** (`x.Y.z`): new instructions, extended scope, new behavior opt-in
- **major** (`X.y.z`): default behavior changes — annotate what broke and when in your CHANGELOG
**When to deprecate a skill:**
Add a `deprecated: true` flag and a note explaining what replaced it. Don't delete immediately — other skills or commands may reference it.
**CI staleness check — CLAUDE.md vs source modules:**
If your CLAUDE.md is assembled from source modules (e.g., via a `pnpm ai:configure` pipeline), add a CI job to catch divergence before it causes silent failures:
```yaml
# .github/workflows/ai-config-check.yml
name: AI Config Staleness Check
on:
push:
paths:
- '.claude/rules/**'
- '.claude/skills/**'
- '.claude/agents/**'
- 'CLAUDE.md.src/**' # adjust to your source dir
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Verify CLAUDE.md is up to date
run: |
# Regenerate and compare
pnpm ai:configure --dry-run > /tmp/expected-claude.md
if ! diff -q CLAUDE.md /tmp/expected-claude.md > /dev/null; then
echo "❌ CLAUDE.md is stale. Run: pnpm ai:configure"
diff CLAUDE.md /tmp/expected-claude.md
exit 1
fi
echo "✅ CLAUDE.md is up to date"
```
---
### The Update Loop
The update loop formalizes what you already do informally: something doesn't work well → you notice → you fix it. The difference is making the "notice" step systematic rather than accidental.
```
┌──────────────────────────────────────────────┐
│ THE UPDATE LOOP │
│ │
│ Session → Observe friction │
│ (repeated fixes, tool fails) │
│ ↓ │
│ Analyze root cause │
│ (which skill/rule is missing?) │
│ ↓ │
│ Delta update │
│ (targeted edit, not rewrite) │
│ ↓ │
│ Canary test │
│ (verify the fix holds) │
│ ↓ │
│ Next session → repeat │
└──────────────────────────────────────────────┘
```
**The delta update principle:** when updating a skill or rule, make the smallest targeted edit that fixes the observed problem. Don't rewrite the whole skill — you'll lose what was working. One problem, one edit, one test.
**Integrating into `/tech:handoff`:**
If you use a handoff command to persist session context, add a mandatory retrospective step before saving:
```markdown
# Append to your handoff command prompt
Before saving context, answer:
- Which rules or skills were missing for today's work?
- Which corrections did you make more than once?
- What's the smallest edit that would prevent the most repeated friction?
Save conclusions via: write_memory("retro_[date]", your answers)
```
**Canary testing a skill after update:**
Before committing a skill change, verify it still produces the expected output on a known input:
```bash
# Example: test that typescript-aristote skill generates Zod validation
claude -p "Using the typescript-aristote skill: create a basic user tRPC router" \
--output-format text | grep -qE "(z\.object|publicProcedure)" \
&& echo "✅ Canary passed" \
|| echo "❌ Canary failed — skill may have regressed"
```
Run canary tests before merging skill changes, especially for skills that other agents depend on.
---
### Going Further
If you want to automate prompt optimization beyond the manual update loop, two frameworks are worth knowing:
**DSPy** (Stanford, open-source) — optimizes prompts programmatically given a metric and a set of examples. Requires 20+ labeled examples per skill for reliable results. Useful when you have a well-defined task and enough session history to build a dataset. [dspy.ai](https://dspy.ai)
**TextGrad** — treats prompts as differentiable parameters and iterates using LLM-generated feedback as "gradients". Better for creative or domain-specific tasks where the evaluation is qualitative. [github.com/zou-group/textgrad](https://github.com/zou-group/textgrad)
Both require more setup than the manual loop above, and neither eliminates the need for human judgment on what to optimize. Start with the update loop and canary tests — they'll surface most of the value with a fraction of the overhead.
---
**What's Next?**
- [§9.10 Continuous Improvement Mindset](#910-continuous-improvement-mindset) — the decision framework for when to encode vs. accept as an edge case
- [§Observability: Reading for Quality](#reading-for-quality-not-just-quantity) — qualitative JSONL analysis patterns
- [§9.12 Git Best Practices](#912-git-best-practices--workflows) — version control for your config alongside your code
---
# 10. Reference
_Quick jump:_ [Commands Table](#101-commands-table) · [Keyboard Shortcuts](#102-keyboard-shortcuts) · [Configuration Reference](#103-configuration-reference) · [Troubleshooting](#104-troubleshooting) · [Cheatsheet](#105-cheatsheet) · [Daily Workflow](#106-daily-workflow--checklists)
@ -21386,4 +21820,4 @@ We'll evaluate and add it to this section if it meets quality criteria.
**Contributions**: Issues and PRs welcome.
**Last updated**: January 2026 | **Version**: 3.29.0
**Last updated**: January 2026 | **Version**: 3.29.1

30
machine-readable/claude-code-releases.yaml
View file

@ -3,8 +3,8 @@
# Purpose: Track Claude Code product releases for documentation sync
# Maintained: Manual updates when new releases are announced
latest: "2.1.59"
updated: "2026-02-26"
latest: "2.1.63"
updated: "2026-02-27"
# ════════════════════════════════════════════════════════════════
# RELEASES (newest first, condensed highlights only)
@ -15,6 +15,31 @@ releases:
# 2.1.x Series (January-February 2026)
# ─────────────────────────────────────────────────────────────
- version: "2.1.63"
date: "2026-02-27"
highlights:
- "⭐ HTTP hooks: POST JSON to a URL and receive JSON response (alternative to shell command hooks)"
- "⭐ Project configs & auto-memory now shared across all git worktrees of the same repository"
- "/simplify and /batch bundled slash commands added"
- "`ENABLE_CLAUDEAI_MCP_SERVERS=false` env var to opt out of claude.ai MCP servers"
- "/model command now shows currently active model in the picker"
- "Major memory leak fixes: WebSocket, MCP caches, git root detection, JSON parsing cache, bash prefix cache, subagent AppState"
- "VSCode: remote sessions now appear in conversation history; session rename/remove actions"
- "Fixed /clear not resetting cached skills (stale skill content issue)"
breaking: []
- version: "2.1.62"
date: "2026-02-27"
highlights:
- "Fixed prompt suggestion cache regression that reduced cache hit rates"
breaking: []
- version: "2.1.61"
date: "2026-02-27"
highlights:
- "Fixed concurrent writes corrupting config file on Windows"
breaking: []
- version: "2.1.59"
date: "2026-02-26"
highlights:
@ -685,6 +710,7 @@ breaking_summary:
# MILESTONE FEATURES (quick reference)
# ════════════════════════════════════════════════════════════════
milestones:
"2.1.63": "HTTP hooks, worktree config sharing, /simplify + /batch bundled commands"
"2.1.36": "Fast mode for Opus 4.6"
"2.1.32": "Opus 4.6, Agent teams preview, Automatic memory"
"2.1.18": "Customizable keyboard shortcuts with /keybindings"

14
machine-readable/reference.yaml
View file

@ -3,7 +3,7 @@
# Source: guide/ultimate-guide.md
# Purpose: Condensed index for LLMs to quickly answer user questions about Claude Code
version: "3.29.0"
version: "3.29.1"
updated: "2026-02-26"
# ════════════════════════════════════════════════════════════════
@ -1415,7 +1415,7 @@ ecosystem:
- "Cross-links modified → Update all 4 repos"
history:
- date: "2026-01-20"
event: "Code Landing sync v3.29.0, 66 templates, cross-links"
event: "Code Landing sync v3.29.1, 66 templates, cross-links"
commit: "5b5ce62"
- date: "2026-01-20"
event: "Cowork Landing fix (paths, README, UI badges)"
@ -1427,7 +1427,7 @@ ecosystem:
onboarding_matrix_meta:
version: "2.0.0"
last_updated: "2026-02-05"
aligned_with_guide: "3.29.0"
aligned_with_guide: "3.29.1"
changelog:
- version: "2.0.0"
date: "2026-02-05"
@ -1455,7 +1455,7 @@ onboarding_matrix:
core: [rules, sandbox_native_guide, commands]
time_budget: "5 min"
topics_max: 3
note: "SECURITY FIRST - sandbox before commands (v3.29.0 critical fix)"
note: "SECURITY FIRST - sandbox before commands (v3.29.1 critical fix)"
beginner_15min:
core: [rules, sandbox_native_guide, workflow, essential_commands]
@ -1540,7 +1540,7 @@ onboarding_matrix:
- default: agent_validation_checklist
time_budget: "60 min"
topics_max: 6
note: "Dual-instance pattern for quality workflows (v3.29.0)"
note: "Dual-instance pattern for quality workflows (v3.29.1)"
learn_security:
intermediate_30min:
@ -1551,7 +1551,7 @@ onboarding_matrix:
- default: permission_modes
time_budget: "30 min"
topics_max: 4
note: "NEW goal (v3.29.0) - Security-focused learning path"
note: "NEW goal (v3.29.1) - Security-focused learning path"
power_60min:
core: [sandbox_native_guide, mcp_secrets_management, security_hardening]
@ -1576,7 +1576,7 @@ onboarding_matrix:
core: [rules, sandbox_native_guide, workflow, essential_commands, context_management, plan_mode]
time_budget: "60 min"
topics_max: 6
note: "Security foundation + core workflow (v3.29.0 sandbox added)"
note: "Security foundation + core workflow (v3.29.1 sandbox added)"
intermediate_120min:
core: [plan_mode, agents, skills, config_hierarchy, git_mcp_guide, hooks, mcp_servers]