diff --git a/.gitignore b/.gitignore
index 3cea453..4d6f608 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,3 +50,4 @@ mcp-server/node_modules/
 
 # Vitals provenance data
 .vitals/
+.worktrees/
diff --git a/CHANGELOG.md b/CHANGELOG.md
index deb7b41..9d83032 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,23 +6,25 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
 
-- **Threat database updated to v2.8.0** (`examples/commands/resources/threat-db.yaml`): 7 new entries covering March 2026 threats. **New campaigns**: GhostClaw (malicious npm `@openclaw-ai/openclawai`, GhostLoader RAT with SOCKS5 proxy + clipboard monitor, 178 downloads) and Fake OpenClaw Installer (Stealth Packer + GhostSocks via malicious GitHub repos indexed by Bing AI). **New malicious packages**: `@openclaw-ai/openclawai` and `ambar-src` (~50K downloads, evasion techniques). **New CVE**: CVE-2026-24910 (Bun runtime v<1.3.5, lifecycle scripts bypass origin validation). **New attack techniques**: T017 Shadow MCP (employees deploying unvetted MCP servers without IT oversight) and T018 AI Search Result Poisoning (AI-generated search results recommending malicious repos). **New scanning tools**: Jozu Agent Guard (zero-trust AI runtime, non-bypassable policies, 2026-03-17) and MCP Sentinel (RSAC 2026, request/arg scanning for sensitive data). **New defensive resource**: Jozu Agent Guard Runtime. `minimum_safe_versions` updated with `bun: 1.3.5`. Sources: THN, Huntress, itbrew, helpnetsecurity, SC World.
+## [3.37.1] - 2026-03-18
+
+- **Threat database updated to v2.8.0** (`examples/commands/resources/threat-db.yaml`): 7 new entries covering March 2026 threats. **New campaigns**: GhostClaw (malicious npm `@openclaw-ai/openclawai`, GhostLoader RAT with SOCKS5 proxy + clipboard monitor, 178 downloads) and Fake OpenClaw Installer (Stealth Packer + GhostSocks via malicious GitHub repos indexed by Bing AI). **New malicious packages**: `@openclaw-ai/openclawai` and `ambar-src` (~50K downloads, evasion techniques). **New CVE**: CVE-2026-24910 (Bun runtime v<1.3.5, lifecycle scripts bypass origin validation). **New attack techniques**: T017 Shadow MCP (employees deploying unvetted MCP servers without IT oversight) and T018 AI Search Result Poisoning (AI-generated search results recommending malicious repos). **New scanning tools**: Jozu Agent Guard (zero-trust AI runtime, non-bypassable policies, 2026-03-17) and MCP Sentinel (RSAC 2026, request/arg scanning for sensitive data). `minimum_safe_versions` updated with `bun: 1.3.5`.
 
 - **Claude Code releases tracking updated to v2.1.78** (`machine-readable/claude-code-releases.yaml`, `guide/core/claude-code-releases.md`): StopFailure hook event, ${CLAUDE_PLUGIN_DATA} persistent plugin state, effort/maxTurns/disallowedTools frontmatter for plugin agents, streaming line-by-line, 3 security fixes (silent sandbox disable, MCP deny rules bypass, protected dirs writable in bypassPermissions mode).
 
-- **Skill descriptions improved — 19 skills updated** (`examples/skills/`): cleaner, action-oriented descriptions with explicit "Use when" triggers across the full skill library. Selective merge from @popey (Tessl) PR #9 (`tessl skill review`): kept improved `description:` lines across all 19 skills while preserving full reference documentation in template skills (audit-agents-skills, ccboard, design-patterns). Skills updated: guide-recap, landing-page-generator, pr-triage, release-notes-generator, skill-creator, voice-refine, talk-pipeline (7 stages), audit-agents-skills, ccboard, cyber-defense-team, design-patterns, issue-triage, rtk-optimizer.
+- **Skill descriptions improved — 19 skills updated** (`examples/skills/`): cleaner, action-oriented descriptions with explicit "Use when" triggers. Selective merge from @popey (Tessl) PR #9: kept improved `description:` lines while preserving full reference documentation in template skills.
 
-- **Fix — MCP vs CLI token overhead claim updated** (`guide/ecosystem/mcp-vs-cli.md`): corrected outdated token cost figures following v2.1.7 MCP Tool Search (lazy loading). The pre-v2.1.7 claim of "500-2,000 tokens per server" described eager loading, no longer the default. Updated: "Token cost of MCP schemas" section rewritten with lazy loading mechanics and measured 85% reduction benchmark (55K → 8.7K for 5-server setup); "Schema token cost" weakness nuanced; "Zero context overhead" CLI strength nuanced; guidance table "Tight context budget" row updated. Credit: Antoine Salesse for flagging the inconsistency with `architecture.md` §MCP Tool Search.
+- **Fix — MCP vs CLI token overhead claim updated** (`guide/ecosystem/mcp-vs-cli.md`): corrected outdated token cost figures following v2.1.7 MCP Tool Search (lazy loading). "Token cost of MCP schemas" section rewritten with lazy loading mechanics and measured 85% reduction benchmark (55K → 8.7K for 5-server setup). Credit: Antoine Salesse.
 
-- **Resource Evaluation #081 — Rippletide Code** (`docs/resource-evaluations/081-rippletide-code-rule-enforcement.md`): hook-native runtime rule enforcement for Claude Code (score 3/5, integrate with caveats). Addresses the documented CLAUDE.md degradation problem: rules ignored after 40+ entries, lost after context compaction. Architecture: Context Graph stored outside LLM context window + PreToolUse hooks block violations before execution. Distinct product from eval 072 (MCP/eval SaaS). Free beta (`npx rippletide-code`, no signup). Integration plan: (1) document the enforcement pattern in ultimate-guide.md CLAUDE.md limitations section, (2) add "Rule enforcement" gap to third-party-tools.md Known Gaps table, (3) add Rippletide entry in new Rule Enforcement section. Multiple claims unverified (compaction-resistance, "50% of issues", "<5s build") — treat as company claims. Watch trigger for 4/5: public GitHub repo >100 stars OR independent practitioner write-up from production.
+- **Resource Evaluation #081 — Rippletide Code** (`docs/resource-evaluations/081-rippletide-code-rule-enforcement.md`): hook-native runtime rule enforcement for Claude Code (score 3/5, integrate with caveats). Addresses the CLAUDE.md degradation problem: rules ignored after 40+ entries, lost after context compaction.
 
-- **New self-assessment section — Agent Adoption Curve** (`guide/roles/learning-with-ai.md`): 7-level maturity scale (0-6) for developers to self-locate on the Claude Code sophistication spectrum. Covers from "never used AI tools" (Level 0) to "orchestrating agent graphs" (Level 6), with 4 quick diagnostic questions and routing to relevant guide sections by level. Adapted from Nicolas Martignole (Back Market) maturity framework (March 2026). Inserted before the 30-Day Progression Plan as a prerequisite self-placement tool.
+- **New self-assessment section — Agent Adoption Curve** (`guide/roles/learning-with-ai.md`): 7-level maturity scale (0-6) for developers to self-locate on the Claude Code sophistication spectrum, adapted from Nicolas Martignole (Back Market) maturity framework.
 
-- **New guide section §5.5 — Registry-based Discovery: ctx7 CLI** (`guide/ultimate-guide.md`): Context7's CLI companion (`npx ctx7`) for automated skill discovery and MCP setup. Documents `ctx7 skills suggest` (dependency-aware skill recommendations), `ctx7 skills install owner/repo`, `ctx7 setup --claude` wizard, and `ctx7 docs` terminal lookup. Clarifies agentskills.io (open spec) vs context7.com/skills (registry) relationship. Cross-reference note added to `guide/ecosystem/mcp-servers-ecosystem.md` Context7 section. Resource evaluation: `docs/resource-evaluations/2026-03-17-context7-cli.md` (score 4/5).
+- **New guide section §5.5 — Registry-based Discovery: ctx7 CLI** (`guide/ultimate-guide.md`): Context7's CLI companion (`npx ctx7`) for automated skill discovery and MCP setup. Resource evaluation: `docs/resource-evaluations/2026-03-17-context7-cli.md` (score 4/5).
 
-- **Resource Evaluations #079 + #080 + ecosystem landscape** (`docs/resource-evaluations/079-fabro-workflow-orchestration.md`, `080-goose-block-coding-agent.md`): two evaluations + Perplexity competitive landscape analysis. **Fabro** (3/5, Watch): graph-based workflow orchestrator for coding agents (MIT, Rust single binary, 28 stars / 4 days old). Differentiators: DOT graph pipeline as diffable text (distinct from Ruflo/Pipelex/Athena Flow), Git checkpointing per stage (code + metadata committed to a branch after each step — no equivalent found in landscape), native `claude` CLI integration. Feature set unverified at evaluation. Re-eval trigger: >200 stars or practitioner write-up. Added to `watch-list.md`. **Goose by Block** (4/5, update): already documented in §11.1 but with stale data. Updated `guide/ecosystem/ai-ecosystem.md` §11.1: stats refreshed (15.4k → 33k stars, Jan → Mar 2026); MCP count inconsistency resolved ("3,000+" → "Thousands of"); added **Recipes** section (Goose's versionable multi-step workflows — closest analogy to Claude Code skills + commands combined); added **Subagent orchestration** section (heterogeneous agent teams with per-role model assignment, cross-reference §9). Competitive landscape (Perplexity): LangGraph closest graph-based equivalent (34k stars, Python, general purpose — no Git checkpointing); AutoGen (47.9k), CrewAI (34.7k), OpenHands (48k) also mapped. Fabro's Git-checkpointing-per-stage has no equivalent across all surveyed tools.
+- **Resource Evaluations #079 + #080** (`docs/resource-evaluations/`): Fabro workflow orchestration (3/5, Watch) and Goose by Block update (4/5) with stats refresh (15.4k → 33k stars), Recipes section, and subagent orchestration documentation.
 
-- **Doc audit — stats sync**: corrected stale counts across guide + landing. Templates: 204/216/217/218/222/232 → unified to 217 (per `check-landing-sync.sh` logic). Guide lines: "22K" → "23K+" (actual: 23,422). Quiz: reference.yaml `quiz_count` and llms*.txt had 311 → corrected to 271 (actual count). Version in llms.txt / llms-full.txt / machine-readable/llms.txt bumped 3.36.0 → 3.37.0. Landing updated: FeaturesGrid, GuideComparison, WhyGuide, McpDemo, cheatsheet page, index.astro, compare page, and guide content files (00-introduction, index, 09-advanced-patterns, 12-appendices).
+- **Doc audit — stats sync**: corrected stale counts. Templates unified to 217. Guide lines: "22K" → "23K+". Quiz: 311 → 271.
 
 ## [3.37.0] - 2026-03-17
 
diff --git a/README.md b/README.md
index cdfe748..ebd72d1 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,9 @@
 
 <p align="center">
   <a href="https://github.com/FlorianBruniaux/claude-code-ultimate-guide/stargazers"><img src="https://img.shields.io/github/stars/FlorianBruniaux/claude-code-ultimate-guide?style=for-the-badge" alt="Stars"/></a>
-  <a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Mar_17,_2026_·_v3.37.0-brightgreen?style=for-the-badge" alt="Last Update"/></a>
+  <a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Mar_18,_2026_·_v3.37.1-brightgreen?style=for-the-badge" alt="Last Update"/></a>
   <a href="./quiz/"><img src="https://img.shields.io/badge/Quiz-271_questions-orange?style=for-the-badge" alt="Quiz"/></a>
-  <a href="./examples/"><img src="https://img.shields.io/badge/Templates-204-green?style=for-the-badge" alt="Templates"/></a>
+  <a href="./examples/"><img src="https://img.shields.io/badge/Templates-217-green?style=for-the-badge" alt="Templates"/></a>
   <a href="./guide/security/security-hardening.md"><img src="https://img.shields.io/badge/🛡️_Threat_DB-15_vulnerabilities_·_655_malicious_skills-red?style=for-the-badge" alt="Threat Database"/></a>
   <a href="./mcp-server/"><img src="https://img.shields.io/badge/MCP_Server-npx_ready-blueviolet?style=for-the-badge" alt="MCP Server"/></a>
 </p>
@@ -66,7 +66,7 @@ Both guides serve different needs. Choose based on your priority.
 | **Security hardening** | Only threat database (24 CVEs) | Basic patterns only |
 | **Test understanding** | 271-question quiz | Not available |
 | **Methodologies** (TDD/SDD/BDD) | Full workflow guides | Not covered |
-| **Copy-paste ready** templates | 218 templates | 200+ templates |
+| **Copy-paste ready** templates | 217 templates | 200+ templates |
 
 ### Ecosystem Positioning
 
@@ -75,7 +75,7 @@ Both guides serve different needs. Choose based on your priority.
                            ▲
                            │
                            │  ★ This Guide
-                           │  Security + Methodologies + 22K lines
+                           │  Security + Methodologies + 23K+ lines
                            │
                            │  [Everything-You-Need-to-Know]
                            │  SDLC/BMAD beginner
@@ -92,7 +92,7 @@ Both guides serve different needs. Choose based on your priority.
 **4 unique gaps no competitor covers:**
 1. **Security-First** — 24 CVEs + 655 malicious skills tracked (no competitor has this depth)
 2. **Methodology Workflows** — TDD/SDD/BDD comparison + step-by-step guides
-3. **Comprehensive Reference** — 22K lines across 16 specialized guides (24× more reference material than everything-cc)
+3. **Comprehensive Reference** — 23K+ lines across 16 specialized guides (24× more reference material than everything-cc)
 4. **Educational Progression** — 271-question quiz, beginner → expert path
 
 **Recommended workflow:**
@@ -150,7 +150,7 @@ claude "Use the claude-code-guide MCP server. Activate the claude-code-expert pr
 graph LR
     root[📦 Repository<br/>Root]
 
-    root --> guide[📖 guide/<br/>22K lines]
+    root --> guide[📖 guide/<br/>23K+ lines]
     root --> examples[📋 examples/<br/>218 templates]
     root --> quiz[🧠 quiz/<br/>271 questions]
     root --> tools[🔧 tools/<br/>utils]
@@ -240,7 +240,7 @@ graph LR
 
 [Browse all 41 diagrams →](./guide/diagrams/)
 
-**What this means for you**: Understand the master loop before reading 22K lines, see multi-agent topologies at a glance, share visual security threat models with your team.
+**What this means for you**: Understand the master loop before reading 23K+ lines, see multi-agent topologies at a glance, share visual security threat models with your team.
 
 ---
 
@@ -543,31 +543,33 @@ security_gate_hook: "examples/hooks/bash/security-gate.sh" # file path ref
 
 ## 📄 Whitepapers (FR + EN)
 
-A series of 11 focused whitepapers covering Claude Code in depth. Each covers a specific topic and is available in both **French and English**.
+11 focused whitepapers covering Claude Code in depth — PDF + EPUB, available in French and English. 472 pages total.
 
 > **Coming soon** — currently in private access. Public release planned.
 
-- **00** — *De Zéro à Productif / From Zero to Productive* — Foundations, first steps
-- **01** — *Prompts qui Marchent / Prompts That Work* — Prompting method, context, hooks
-- **02** — *Personnaliser Claude / Customizing Claude* — CLAUDE.md, custom agents, skills
-- **03** — *Sécurité en Production / Security in Production* — 17 security hooks, threat DB, permissions
-- **04** — *L'Architecture Démystifiée / Architecture Demystified* — Agent loop, context, token pricing
-- **05** — *Déployer en Équipe / Team Deployment* — CI/CD, observability, 50+ devs adoption
-- **06** — *Privacy & Compliance* — Anthropic data, ZDR, retention policies
-- **07** — *Guide de Référence / Reference Guide* — Complete synthesis + advanced workflows
-- **08** — *Agent Teams* — Multi-agent orchestration and coordination
-- **09** — *Apprendre avec l'IA / Learning with AI* — UVAL protocol, comprehension debt, 30-day plan
-- **10** — *Budget IA / AI Budget* — Token costs, model selection, cost optimization
+| # | FR | EN | Pages |
+|---|----|----|-------|
+| **00** | *De Zéro à Productif* | *From Zero to Productive* | 20 |
+| **01** | *Prompts qui Marchent* | *Prompts That Work* | 40 |
+| **02** | *Personnaliser Claude* | *Customizing Claude* | 47 |
+| **03** | *Sécurité en Production* | *Security in Production* | 48 |
+| **04** | *L'Architecture Démystifiée* | *Architecture Demystified* | 40 |
+| **05** | *Déployer en Équipe* | *Team Deployment* | 43 |
+| **06** | *Privacy & Compliance* | *Privacy & Compliance* | 29 |
+| **07** | *Guide de Référence* | *Reference Guide* | 87 |
+| **08** | *Agent Teams* | *Agent Teams* | 42 |
+| **09** | *Apprendre avec l'IA* | *Learning with AI* — UVAL protocol, comprehension debt | 49 |
+| **10** | *Convaincre son Employeur* | *Making the Case for AI* — ROI dossier for CEO/CTO/CFO | 27 |
 
-## 🗂️ Recap Cards (FR + EN)
+## 🗂️ Recap Cards (FR, EN coming)
 
-57 single-page A4 reference cards — printable, one concept per card. Organized in 3 series:
+57 single-page A4 reference cards — printable, one concept per card. Available in French; English version in progress.
 
-> **Coming soon** — currently in private access. Public release planned alongside the whitepapers. Available in French and English.
+> **Browse online**: [cc.bruniaux.com/cheatsheets/](https://cc.bruniaux.com/cheatsheets/)
 
 - **Technique (22 cards)** — Commands, permissions, configuration, MCP, models, context window
-- **Méthodologie / Methodology (22 cards)** — Daily workflow, agents, hooks, CI/CD, multi-agent, debug
-- **Conception / Design (13 cards)** — Mental models, prompting, security by design, cost patterns
+- **Méthodologie (22 cards)** — Daily workflow, agents, hooks, CI/CD, multi-agent, debug
+- **Conception (13 cards)** — Mental models, prompting, security by design, cost patterns
 
 ---
 
@@ -729,7 +731,7 @@ Use this guide critically. Experiment. Share what works for you.
 
 | File | Purpose | Time |
 |------|---------|------|
-| **[Ultimate Guide](./guide/ultimate-guide.md)** | Complete reference (20K+ lines), 10 sections | 30-40h (full) • Most consult sections |
+| **[Ultimate Guide](./guide/ultimate-guide.md)** | Complete reference (23K+ lines), 10 sections | 30-40h (full) • Most consult sections |
 | **[Cheat Sheet](./guide/cheatsheet.md)** | 1-page printable reference | 5 min |
 | **[Visual Reference](./guide/core/visual-reference.md)** | 20 ASCII diagrams for key concepts | 5 min |
 | **[Architecture](./guide/core/architecture.md)** | How Claude Code works internally | 25 min |
@@ -872,7 +874,7 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.
 
 ---
 
-*Version 3.37.0 | Updated daily · Mar 17, 2026 | Crafted with Claude*
+*Version 3.37.1 | Updated daily · Mar 18, 2026 | Crafted with Claude*
 
 <!-- SEO Keywords -->
 <!-- claude code, claude code tutorial, anthropic cli, ai coding assistant, claude code mcp,
diff --git a/VERSION b/VERSION
index c03c47a..08a0898 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.37.0
+3.37.1
diff --git a/docs/resource-evaluations/079-fabro-workflow-orchestration.md b/docs/resource-evaluations/079-fabro-workflow-orchestration.md
new file mode 100644
index 0000000..4d9c9c1
--- /dev/null
+++ b/docs/resource-evaluations/079-fabro-workflow-orchestration.md
@@ -0,0 +1,141 @@
+r# Resource Evaluation #079 — Fabro: Graph-Based Workflow Orchestrator for AI Coding Agents
+
+**Source:** [fabro.sh](https://fabro.sh) / [github.com/fabro-sh/fabro](https://github.com/fabro-sh/fabro)
+**Type:** Open source tool (MIT) — standalone workflow orchestrator for AI coding agents
+**Author:** Bryan from qlty.sh (bryan@qlty.sh)
+**Evaluated:** 2026-03-17
+**Maturity at evaluation:** Created 2026-03-13 — 4 days old, 28 stars, 1 fork
+
+---
+
+## Summary
+
+- **Workflow orchestrator for AI coding agents**: define pipelines as Graphviz DOT graphs with branching, loops, parallelism, and human approval gates — diffable and version-controlled
+- **Multi-model routing**: CSS-like stylesheets assign different LLM models (Claude, OpenAI, Gemini) to specific workflow nodes, with automatic fallback chains
+- **Git checkpointing per stage**: every stage commits code changes and execution metadata to a dedicated Git branch — unique feature with no direct equivalent found in the landscape
+- **Cloud sandboxes**: isolated Daytona VMs with snapshot-based setup, network controls, SSH access, and automatic cleanup
+- **Automatic retrospectives**: each run generates a cost/duration/narrative retrospective for continuous improvement
+- **Direct Claude Code integration**: `curl -fsSL https://fabro.sh/install.md | claude` (security note: pipes directly into Claude, no intermediate review step)
+- **Single Rust binary, zero runtime dependencies**: no Python, no Node.js, no Docker required
+- **REST API + SSE streaming + React web UI**: run workflows programmatically or as a service
+
+---
+
+## Relevance Score
+
+| Score | Meaning |
+|-------|---------|
+| 5 | Essential — Major gap in the guide |
+| 4 | Very relevant — Significant improvement |
+| **3** | **Pertinent — Useful complement, Watch status** |
+| 2 | Marginal — Secondary information |
+| 1 | Out of scope — Not relevant |
+
+**Final score: 3/5 (Watch)**
+
+**Justification:** Fabro falls directly in the "External Orchestration Frameworks" category already documented in the guide (`third-party-tools.md`). Its DOT graph approach is architecturally distinct from all three existing entries (Ruflo = swarms, Athena Flow = hooks layer, Pipelex = DSL). Git checkpointing per stage is a genuine differentiator — no equivalent found in the landscape. Direct Claude Code integration via `claude` pipeline is legitimate. However: 28 stars at 4 days old is the same immaturity profile as Athena Flow (#073, score 2/5). Raised to 3/5 vs Athena Flow because of stronger architectural clarity, a wider feature set with more evidence, and a genuinely unique Git checkpointing angle.
+
+---
+
+## Comparison
+
+| Aspect | Fabro | Guide (current state) |
+|--------|-------|-----------------------|
+| DOT graph pipeline definition | Unique approach | Not covered |
+| Multi-model routing per node | CSS-like stylesheets | Not covered |
+| Git checkpointing per stage | Concrete differentiator | Not covered anywhere |
+| Cloud sandboxes (Daytona) | Declared, unverified in prod | Not covered |
+| Human-in-the-loop approval gates | Hexagon nodes in DOT | Partially covered via Ruflo |
+| External orchestration frameworks | External layer over Claude Code | Ruflo + Athena Flow + Pipelex |
+| Maturity / community traction | 28 stars, 4 days | Ruflo at 18.9k stars |
+| `curl \| claude` install security | Risk: no review step | Guide warns against `curl \| bash` |
+
+---
+
+## Competitive Landscape (Perplexity research, 2026-03-17)
+
+Full competitive analysis conducted. Key findings:
+
+| Tool | Category | Stars | Key difference from Fabro |
+|------|----------|-------|--------------------------|
+| **LangGraph** (LangChain) | Graph-based pipelines | ~34k | Python library (not standalone binary), general purpose (not coding-agent specific), no Git checkpointing |
+| **Goose** (Block) | Coding agent orchestration | ~15k | Recipe-based (not graph), conversational architecture, no Git checkpointing — but much more mature |
+| **OpenHands** | Coding agent platform | ~48k | Event-stream architecture, Docker sandboxes, research-oriented — no DOT graph, no Git checkpointing per stage |
+| **Ruflo** | External orchestration (guide) | 18.9k | Swarm-based (queen + workers), npm, SQLite memory — no DOT graph, no Git checkpointing |
+| **Athena Flow** | Hook-layer runtime (guide) | Watch | Hook → UDS → Node.js — entirely different architecture layer |
+| **Pipelex** | MTHDS DSL (guide) | Watch | Declarative DSL for multi-LLM pipelines — different abstraction |
+| **AutoGen** (Microsoft) | Multi-agent conversations | ~47.9k | General purpose, conversation-loop model, no coding-agent specifics |
+| **CrewAI** | Role-based agent crews | ~34.7k | Role assignment model, no graph definition, no Git checkpointing |
+
+**Fabro's unique combination** (no competitor does all three):
+1. DOT graph workflow definition as a standalone binary
+2. Git checkpointing per stage (code + metadata committed to branches)
+3. Native Claude Code integration via `claude`
+
+**Most relevant alternative for guide readers today**: LangGraph for graph-based workflows (much more mature, Python), Goose (Block) for coding agent orchestration (better traction, MIT).
+
+---
+
+## Recommendations
+
+**When to integrate:** Add as Watch entry now. Promote to full entry in `guide/ecosystem/third-party-tools.md` under "External Orchestration Frameworks" when trigger is reached.
+
+**Where:** After Athena Flow in `third-party-tools.md` External Orchestration Frameworks section.
+
+**How:** Short entry (same format as Athena Flow) with:
+- Architectural distinction (DOT graph — distinct from all three existing entries)
+- Git checkpointing differentiator
+- Security note on `curl | claude` install (same pattern as Ruflo's `curl | bash` warning)
+- Status: "Published March 2026, not yet audited"
+
+**Do NOT do:**
+- Recommend the `curl | claude` install without a security note
+- Present any feature as production-validated (no community evidence yet)
+- Add before the traction trigger is reached
+
+**Secondary discovery:** Goose (Block, github.com/block/goose) warrants its own evaluation (#080). 15k stars, MIT, recipes + subagents + 20 LLM providers — potentially more immediately relevant to the guide's audience.
+
+---
+
+## Challenge (technical-writer agent)
+
+**Initial proposed score:** 4/5
+**Score after challenge:** 3/5 (lowered)
+
+Points raised:
+
+- **Immaturity flag**: 28 stars / 4 days = same pattern as Athena Flow (score 2/5). Applying this inconsistently undermines the scoring framework. Compromise: 3/5 because Fabro shows more architectural evidence than Athena Flow at equivalent age.
+- **`curl | claude` security**: more dangerous than typical `curl | bash` — pipes directly into the codebase with no review step. Guide's own security section would flag this. Must be noted in any future integration.
+- **Ambitious unverified feature set**: cloud sandboxes, DOT routing, retrospectives — none validated by community use at evaluation time.
+- **Risk of not integrating at this stage**: near zero. Category already covered by 3 entries.
+- **What is genuinely novel**: DOT graph definition as diffable text (distinct from Ruflo/Pipelex/Athena) + Git checkpointing per stage = angles worth tracking.
+
+---
+
+## Fact-Check
+
+| Claim | Verified | Source |
+|-------|----------|--------|
+| 28 GitHub stars | Verified | GitHub API direct |
+| Created 2026-03-13 | Verified | GitHub API `created_at` |
+| Rust, single binary, zero deps | Verified | README |
+| MIT license | Verified | GitHub API + README badge |
+| `curl \| claude` install | Verified | README + fabro.sh landing |
+| DOT graph workflows | Verified | README + example code |
+| Daytona cloud sandboxes | Declared | README feature table (unaudited) |
+| Supports Claude/OpenAI/Gemini | Declared | WebFetch landing (unaudited) |
+| Git checkpointing per stage | Declared | README feature table (unaudited) |
+| Automatic retrospectives | Declared | README feature table (unaudited) |
+| Bryan from qlty.sh | Verified | `bryan@qlty.sh` in README |
+
+**No corrections needed:** all claims traced to primary sources. Features marked "Declared" are present in README but not community-validated.
+
+---
+
+## Final Decision
+
+- **Final score**: 3/5
+- **Action**: Watch — add to `watch-list.md`, revisit when trigger reached
+- **Re-eval trigger**: >200 GitHub stars OR practitioner write-up from production use
+- **Confidence**: High on score, medium on features (project too recent for full audit)
+- **Next action**: Evaluate Goose (Block) as #080 — more immediately relevant to guide's audience
\ No newline at end of file
diff --git a/docs/resource-evaluations/080-goose-block-coding-agent.md b/docs/resource-evaluations/080-goose-block-coding-agent.md
new file mode 100644
index 0000000..45ec06a
--- /dev/null
+++ b/docs/resource-evaluations/080-goose-block-coding-agent.md
@@ -0,0 +1,120 @@
+# Resource Evaluation #080 — Goose (Block): Open-Source AI Coding Agent
+
+**Source:** [block.github.io/goose](https://block.github.io/goose) / [github.com/block/goose](https://github.com/block/goose)
+**Type:** Open source tool (Apache 2.0) — on-machine AI coding agent
+**Author:** Block (formerly Square) — maintained by Block's engineering team
+**Evaluated:** 2026-03-17
+**Maturity at evaluation:** Launched officially January 2025, 33,166 stars, 3,058 forks
+
+---
+
+## Summary
+
+- **On-machine AI coding agent**: local-first CLI + desktop app, not cloud. Automates complex engineering tasks end-to-end
+- **Model-agnostic**: works with Claude (recommended for tool calling), GPT-4o, Gemini, Groq, local models (Ollama) — 20+ providers
+- **Recipes**: versionable, shareable, parameterized multi-step workflows. Distinct from "rules files" — recipes define what agents do, not how they behave
+- **Subagent orchestration**: spawn specialized agents autonomously or via sub-recipes, with dynamic model switching per task/cost
+- **1,700+ MCP servers** supported (first open source agent to support MCP, January 2025)
+- **Goose Grant Program**: Block funds developers building Goose extensions (launched July 2025)
+- **Custom Distributions**: teams can build branded Goose distros with preconfigured providers, extensions, and branding
+- **Backed by Block** (Square, Cash App) — institutional engineering resources, not a solo project
+
+---
+
+## Status in the Guide
+
+**Already documented**: `guide/ecosystem/ai-ecosystem.md` §11.1 "Goose: Open-Source Alternative (Block)"
+
+**The entry exists and is structurally sound.** The issue is outdated data and two missing feature callouts.
+
+---
+
+## Relevance Score
+
+| Score | Meaning |
+|-------|---------|
+| 5 | Essential — Major gap in the guide |
+| **4** | **Very relevant — Significant improvement needed** |
+| 3 | Pertinent — Useful complement |
+| 2 | Marginal — Secondary information |
+| 1 | Out of scope — Not relevant |
+
+**Final score: 4/5 (Update existing entry)**
+
+**Justification:** Goose is already documented. Score reflects the importance of keeping the entry current — at 33k stars (2x what the guide says), Goose is clearly not a niche alternative. The missing Recipes and subagent orchestration paragraphs are also directly relevant to a guide that extensively documents Claude Code's equivalent patterns (skills, slash commands, multi-agent).
+
+---
+
+## What Needs Updating in §11.1
+
+### 1. Stats (outdated)
+
+| Field | Current guide (Jan 2026) | Actual (Mar 2026) |
+|-------|--------------------------|-------------------|
+| GitHub Stars | 15,400+ | 33,166 |
+| MCP servers | 3,000+ (table) vs 1,700+ (inconsistency) | 1,700+ (per Goose docs) |
+| Releases | 100+ | ~175+ (estimated, fast release cadence) |
+
+**Fix**: Update the metrics table and resolve the 3,000 vs 1,700 MCP inconsistency.
+
+### 2. Recipes — missing
+
+Recipes are Goose's equivalent of Claude Code slash commands + skills combined. They are:
+- Versionable, shareable as standalone workflows
+- Importable via deeplinks
+- Parameterized (reusable across contexts)
+- Can be shared across teams
+
+This is directly relevant to a guide section that extensively documents commands and skills. One paragraph with a cross-reference to §3 (commands) and §4 (skills) is warranted.
+
+### 3. Subagent orchestration — missing
+
+Goose's July 2025 roadmap introduced subagent orchestration: spawn specialized sub-agents (Planner, Architect, Frontend Dev, Backend Dev) with dynamic model switching per agent. Example from Berkeley Agentic AI Summit: 7 agents collaboratively built a full-stack app in under an hour.
+
+This overlaps with Claude Code's own multi-agent patterns (§9). A one-paragraph callout with a comparison to Claude Code's Agent tool would help readers understand the architectural difference (Claude Code: single agent + Tool spawning vs Goose: recipe-defined multi-agent subflows).
+
+### 4. agentskills.io — verify live status
+
+The "Skill Portability" paragraph references agentskills.io. **Verified live** (2026-03-17). No change needed.
+
+---
+
+## Challenge (technical-writer agent)
+
+**Score confirmed: 4/5 (update pass)**
+
+Key points:
+- 15.4k → 33k stars: 2x undercount signals the section hasn't been maintained. Trust erosion, not just a metric miss.
+- MCP discrepancy (3,000 vs 1,700): one of these is wrong. Fix before any update goes live.
+- Recipes and subagents absent: closest Goose analogy to Claude Code's skills + multi-agent. Should be documented.
+- Risk of not updating: low urgency for readers, moderate for guide credibility as a current reference.
+- Scope: 30-minute update pass, not a restructure.
+
+---
+
+## Fact-Check
+
+| Claim | Verified | Source |
+|-------|----------|--------|
+| 33,166 GitHub stars | Verified | GitHub API (2026-03-17) |
+| 3,058 forks | Verified | GitHub API |
+| Apache 2.0 license | Verified | GitHub API + README |
+| Rust (primary language) | Verified | GitHub API (`language: "Rust"`) |
+| Created August 2024, launched Jan 2025 | Verified | GitHub API + "1 Year of goose" discussion (Jan 2026) |
+| First open source agent to support MCP | Claimed | "1 Year of goose" GitHub discussion |
+| 1,700+ MCP servers | Per Perplexity (sourced from Goose docs) | Cross-check recommended |
+| Claude 3.5 Sonnet recommended for tool calling | Claimed | Perplexity search citing Goose docs |
+| Goose Grant Program (July 2025) | Verified | block.xyz/inside/introducing-the-goose-grant-program |
+| agentskills.io live | Verified | HTTP fetch (2026-03-17) |
+| Dynamic model switching per subagent | Claimed | GitHub roadmap discussion #3319 |
+
+**MCP server count discrepancy**: Guide says 3,000+ (comparison table), Perplexity reports 1,700+ from Goose docs. Need to check Goose documentation directly before updating. Use the more conservative figure if unsure.
+
+---
+
+## Final Decision
+
+- **Final score**: 4/5
+- **Action**: Update existing `guide/ecosystem/ai-ecosystem.md` §11.1 — stats refresh + Recipes paragraph + subagent orchestration paragraph
+- **Confidence**: High on stats, medium on MCP server count (needs direct doc check)
+- **Priority**: Medium — not urgent, but a 2x star count delta is worth fixing promptly
diff --git a/docs/resource-evaluations/2026-03-17-martignole-agent-maturity-levels.md b/docs/resource-evaluations/2026-03-17-martignole-agent-maturity-levels.md
new file mode 100644
index 0000000..853a7c7
--- /dev/null
+++ b/docs/resource-evaluations/2026-03-17-martignole-agent-maturity-levels.md
@@ -0,0 +1,43 @@
+# Resource Evaluation: Martignole Agent Adoption Maturity Levels
+
+**Date**: 2026-03-17
+**Evaluator**: Claude Code Ultimate Guide team
+**Score**: 3/5 — Integrated
+
+---
+
+## Resource
+
+- **URL**: https://www.touilleur-express.fr/2026/03/17/decouvrir-les-niveaux-de-maturite-de-ladoption-des-coding-agents
+- **Author**: Nicolas Martignole, Principal Engineer at Back Market, Le Touilleur Express blog
+- **Type**: Practitioner framework / blog post
+- **Language**: French
+
+## Summary
+
+6-level maturity framework (0-5 in the original, extended to 6 here) for individual developers adopting coding agents. The real contribution is the Level 3-5 arc: basic user → stage delegator → context engineer → orchestrator. Maps cleanly onto Claude Code concepts (Plan mode, sub-agents, MCP servers, context engineering).
+
+## Score Justification
+
+**3/5 — Pertinent complement**
+
+- Fills a real gap: no individual self-placement scale existed in the guide
+- Practitioner source (production engineering context), not a blogger opinion piece
+- Zero empirical data behind the levels — one engineer's taxonomy
+- Levels 0-2 are noise for the guide's audience (already using Claude Code)
+- ThoughtWorks occupies the "maturity model" reference slot; Martignole's upper levels are more Claude Code-specific
+
+## Integration
+
+Adapted into `guide/roles/learning-with-ai.md` as a "Where Are You on the Agent Adoption Curve?" section (inserted before the 30-Day Progression Plan). The level descriptions were extended (6 levels vs 5 in the original) and diagnostic questions added. Attribution and source link included.
+
+## Fact-Check Notes
+
+- Author identity and role: confirmed via LinkedIn
+- "~5% manual coding at Level 3+": practitioner estimate, not empirical — used as illustrative signal
+- "Free Claude Code Architect certification by Anthropic": not verifiable, not reproduced in the guide
+- Article date 2026-03-17: confirmed from URL
+
+## Decision
+
+**Integrated** — adapted content added to `learning-with-ai.md`. Not a verbatim reproduction; the framework was restructured and extended for the guide's English-speaking, already-technical audience.
diff --git a/examples/commands/resources/threat-db.yaml b/examples/commands/resources/threat-db.yaml
index c87a02e..8c921a3 100644
--- a/examples/commands/resources/threat-db.yaml
+++ b/examples/commands/resources/threat-db.yaml
@@ -2,8 +2,8 @@
 # For use with /security-check and /security-audit commands
 # Manually maintained — update after new security advisories
 
-version: "2.7.0"
-updated: "2026-03-13"
+version: "2.8.0"
+updated: "2026-03-18"
 sources:
   - name: "Snyk ToxicSkills"
     url: "https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/"
@@ -158,6 +158,24 @@ sources:
   - name: "DryRun Security - AI coding agents introduce vulnerabilities in 87% of PRs"
     url: "https://markets.businessinsider.com/news/stocks/new-dryrun-security-research-anthropic-s-claude-generates-the-most-unresolved-security-flaws-in-ai-built-applications-1035918593"
     date: "2026-03-11"
+  - name: "The Hacker News - GhostClaw npm Package Deploys RAT"
+    url: "https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html"
+    date: "2026-03-09"
+  - name: "Huntress / itbrew - Fake OpenClaw Installer Stealth Packer + GhostSocks"
+    url: "https://www.itbrew.com/stories/2026/03/03/new-vulnerability-in-open-source-repositories-uses-fake-openclaw-install-to-attack"
+    date: "2026-03-03"
+  - name: "Jozu Agent Guard - Zero-Trust AI Runtime"
+    url: "https://www.helpnetsecurity.com/2026/03/17/jozu-agent-guard-targets-ai-agents-that-evade-controls/"
+    date: "2026-03-17"
+  - name: "GitHub Blog - Secret Scanning via GitHub MCP Server (public preview)"
+    url: "https://github.blog/changelog/2026-03-17-secret-scanning-in-ai-coding-agents-via-the-github-mcp-server/"
+    date: "2026-03-17"
+  - name: "SC World - Shadow MCP: The New Security Risk of Unvetted AI Agent Tools"
+    url: "https://www.scworld.com/perspective/mcp-is-the-backdoor-your-zero-trust-architecture-forgot-to-close"
+    date: "2026-03-18"
+  - name: "AdminByRequest - OpenClaw Security Crisis Overview"
+    url: "https://www.adminbyrequest.com/en/blogs/openclaw-went-from-viral-ai-agent-to-security-crisis-in-just-three-weeks"
+    date: "2026-03-09"
 
 # ═══════════════════════════════════════════════════════════════
 # MALICIOUS AUTHORS (confirmed by security researchers)
@@ -542,6 +560,22 @@ malicious_skills:
     risk: "critical"
     notes: "Squatter copying official Postmark MCP with hidden backdoor"
 
+  # ─── GhostClaw: Malicious npm package (March 2026) ───
+  - name: "@openclaw-ai/openclawai"
+    type: "supply-chain"
+    platform: "npm"
+    source: "The Hacker News (GhostClaw)"
+    risk: "critical"
+    notes: "GhostLoader RAT — persistent daemon, SOCKS5 proxy, live browser session cloning, clipboard monitor (every 3s for private keys/API keys), steals credentials/SSH keys/Apple Keychain/iMessage; 178 downloads before discovery; uploaded 2026-03-03"
+
+  # ─── ambar-src: Malicious npm developer tool (~50K downloads) ───
+  - name: "ambar-src"
+    type: "supply-chain"
+    platform: "npm"
+    source: "Security research (2026-03)"
+    risk: "critical"
+    notes: "~50,000 downloads; uses evasion techniques to avoid detection; targets developer machines with malware delivery"
+
 # ═══════════════════════════════════════════════════════════════
 # MALICIOUS SKILL PATTERNS (for wildcard/regex matching)
 # Use these when scanning installed skills by name
@@ -943,6 +977,16 @@ cve_database:
     mitigation: "Apply Microsoft March 2026 security update; restrict Azure MCP Server endpoints to trusted callers; audit managed identity permissions (principle of least privilege); monitor for unexpected outbound requests from MCP server processes"
     notes: "CWE-918 SSRF; rated 'Exploitation Less Likely' by Microsoft; part of 84-CVE March 2026 Patch Tuesday"
 
+  # --- Bun runtime (npm lifecycle bypass) ---
+  - id: "CVE-2026-24910"
+    component: "Bun runtime (bun.sh)"
+    severity: "high"
+    description: "Malicious npm packages can execute lifecycle scripts (postinstall) without validating source origin — allows supply chain payloads to run during npm install in Bun environments; affects developer machines using Bun as runtime"
+    source: "Security research (2026-03); referenced in Claude Code supply chain risk analysis"
+    fixed_in: "v1.3.5"
+    mitigation: "Update Bun to >= 1.3.5; audit package postinstall hooks before running install; prefer lockfile-verified installs"
+    notes: "Particularly impactful in AI agent/MCP contexts where install-time execution occurs within the platform's operating environment; verify CVE ID via NVD"
+
   # --- Framelink Figma MCP Server (additional CVE) ---
   - id: "CVE-2025-15061"
     component: "Framelink Figma MCP Server (figma-developer-mcp)"
@@ -972,6 +1016,7 @@ minimum_safe_versions:
   "mcp-salesforce-connector": "0.1.10"
   "openclaw": "2026.1.29"
   "azure-mcp-server": "March 2026 Patch Tuesday (2026-03-10)"
+  "bun": "1.3.5"
 
 # ═══════════════════════════════════════════════════════════════
 # IOCs (Indicators of Compromise)
@@ -1287,6 +1332,39 @@ campaigns:
       - "https://adnanthekhan.com/posts/clinejection/"
       - "https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html"
 
+  - name: "GhostClaw"
+    source: "The Hacker News / ProArch (2026-03-09)"
+    date: "2026-03-03"
+    platform: "npm"
+    packages:
+      - "@openclaw-ai/openclawai (178 downloads, removed after discovery)"
+    malware: "GhostLoader RAT"
+    technique: "Malicious npm package posing as official OpenClaw AI installer; postinstall hook triggers GhostLoader; installs persistent RAT with SOCKS5 proxy and live browser session cloning; clipboard monitoring every 3 seconds for crypto addresses, API keys (AWS, OpenAI, Anthropic)"
+    targets:
+      - "System credentials and browser data"
+      - "Crypto wallets"
+      - "SSH keys"
+      - "Apple Keychain databases"
+      - "iMessage history"
+      - "AWS, OpenAI, Anthropic API keys (clipboard monitoring)"
+    sources:
+      - "https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html"
+      - "https://www.proarch.com/blog/threats-vulnerabilities/openclaw-rce-vulnerability-cve-2026-25253"
+
+  - name: "Fake OpenClaw Installer (Stealth Packer + GhostSocks)"
+    source: "Huntress / itbrew (2026-03-03)"
+    date: "2026-03-03"
+    platform: "GitHub repositories"
+    malware: "Stealth Packer + GhostSocks"
+    technique: "Fake OpenClaw installers distributed via malicious GitHub repositories; AI-generated search results (Bing) inadvertently recommended malicious repos to users searching for OpenClaw; installers deploy Stealth Packer malware and GhostSocks which resets firewall protections to route traffic through compromised systems while evading anti-fraud protections and MFA"
+    targets:
+      - "Anti-fraud systems bypass"
+      - "MFA bypass"
+      - "Network traffic routing via compromised host"
+    notes: "Demonstrates convergence of supply-chain attack and AI search result poisoning; attackers made malware look like legitimate OpenClaw installers"
+    sources:
+      - "https://www.itbrew.com/stories/2026/03/03/new-vulnerability-in-open-source-repositories-uses-fake-openclaw-install-to-attack"
+
   - name: "ClawHub Wave 3 / VirusTotal Bypass"
     source: "ReversingLabs / Paul McCarty (OpenSourceMalware)"
     date: "2026-03-10"
@@ -1463,6 +1541,26 @@ attack_techniques:
     source: "ReversingLabs / Paul McCarty (OpenSourceMalware) 2026-03-10"
     mitigation: "Domain verification for all external links in SKILL.md; never follow SKILL.md instructions to external websites; use network egress filtering; check domain registration dates for 'official' skill installer links"
 
+  - id: "T017"
+    name: "Shadow MCP Deployment"
+    description: "Employees deploy MCP servers without IT oversight, giving AI agents access to production systems, databases, and APIs outside any security review or governance process. The MCP server itself may be legitimate but the deployment creates unmonitored attack surface."
+    examples:
+      - "Developer installs an open-source MCP server connecting Claude to production database with admin credentials"
+      - "Team deploys MCP gateway exposing Kubernetes cluster to AI agents without security review"
+      - "Shadow MCP server with broad permissions added to Claude Desktop without IT awareness"
+    source: "SC World / Aquilax AI (2026-03-18)"
+    mitigation: "Implement MCP server allowlists enforced via policy; require IT approval for all MCP server additions; use Qualys TotalAI or similar to detect shadow MCP deployments; audit claude_desktop_config.json and .mcp.json across developer machines"
+
+  - id: "T018"
+    name: "AI Search Result Poisoning for Malware Distribution"
+    description: "Attackers create malicious GitHub repos or websites that rank highly in AI-generated search results (Bing AI, Google AI Overview, ChatGPT search). AI systems recommend the malicious repo as the legitimate source for popular tools. Victims trust the AI recommendation and install malware."
+    examples:
+      - "Fake OpenClaw installer GitHub repos ranked by Bing AI as the official download source; Huntress documented Bing recommending malicious OpenClaw installers to users"
+      - "Malicious npm packages named to match AI hallucination patterns and rank in AI search for missing packages"
+    campaigns: ["Fake OpenClaw Installer (Stealth Packer + GhostSocks)"]
+    source: "Huntress / itbrew (2026-03-03)"
+    mitigation: "Always verify download sources via official project website or GitHub org; do not trust AI-generated search results for download URLs without verification; check repo creation date and star count before downloading; use package manager with lockfiles"
+
   - id: "T015"
     name: "Log Poisoning via WebSocket for Prompt Injection"
     description: "Attacker writes malicious content to publicly exposed AI agent log files via unauthenticated WebSocket requests; since the agent reads its own logs to troubleshoot tasks, the injected content acts as indirect prompt injection, triggering unintended agent actions"
@@ -1678,6 +1776,35 @@ scanning_tools:
       - "Code scanning focus — does not scan SKILL.md or agent configurations"
     notes: "Complementary to Anthropic Claude Code Security; launched research preview 2026-03-05"
 
+  - name: "Jozu Agent Guard"
+    vendor: "Jozu"
+    type: "runtime"
+    url: "https://www.helpnetsecurity.com/2026/03/17/jozu-agent-guard-targets-ai-agents-that-evade-controls/"
+    capabilities:
+      - "Zero-trust AI runtime — executes agents, models, and MCP servers in secure environments"
+      - "Non-disableable policy enforcement (guardrails cannot be bypassed by agent reasoning)"
+      - "Artifact verification via tamper-evident attestations (prevents impersonation attacks like Postmark MCP squatter)"
+      - "Tool governance — controls access to individual tool calls within MCP server catalog"
+      - "Re-routing attack prevention (blocks EchoLeak-style attacks that redirect emails/data to attacker-controlled addresses)"
+    limitations:
+      - "Newer product — limited community adoption data"
+      - "Focus on runtime enforcement — does not scan SKILL.md or ClawHub ecosystem"
+    notes: "Launched 2026-03-17; addresses agent autonomy bypass (T013) specifically"
+
+  - name: "MCP Sentinel"
+    vendor: "George Gerchow / Bedrock Data (RSAC 2026)"
+    type: "cli"
+    url: "https://www.youtube.com/watch?v=l00ZoeYhBwg"
+    capabilities:
+      - "Intercepts data movement between clipboard and AI agents"
+      - "Scans requests and tool arguments for partial and transformed sensitive content"
+      - "Blocks unsafe data transfers with local audit trails"
+      - "Works alongside MCP server without modifying agent workflow"
+    limitations:
+      - "Research/demo tool from RSAC 2026 — production readiness unclear"
+      - "Clipboard-focused — does not scan MCP configs or SKILL.md"
+    notes: "Presented at RSAC 2026 (March 2026); demonstrates gateway pattern for sensitive data interception"
+
   - name: "Mend SAST MCP"
     vendor: "Mend.io"
     type: "mcp-server"
@@ -1765,6 +1892,11 @@ defensive_resources:
       total_issues: 143
       agents_tested: ["Claude Sonnet 4.6", "OpenAI Codex GPT 5.2", "Google Gemini 2.5 Pro"]
 
+  - name: "Jozu Agent Guard Runtime"
+    url: "https://www.helpnetsecurity.com/2026/03/17/jozu-agent-guard-targets-ai-agents-that-evade-controls/"
+    type: "tool"
+    description: "Zero-trust AI runtime launched 2026-03-17. Enforces non-bypassable guardrails on agents, models, and MCP servers with artifact verification and tool-level governance. Directly addresses T013 (Autonomous Safety Control Bypass) and tool re-routing attacks."
+
   - name: "Qualys TotalAI MCP Asset Governance"
     url: "https://blog.qualys.com/product-tech/2026/03/10/from-shadow-models-to-audit-ready-ai-security-a-practical-path-with-qualys-totalai"
     type: "platform"
diff --git a/guide/cheatsheet.md b/guide/cheatsheet.md
index 6e5b9ba..3e598b8 100644
--- a/guide/cheatsheet.md
+++ b/guide/cheatsheet.md
@@ -12,7 +12,7 @@ tags: [cheatsheet, reference]
 
 **Written with**: Claude (Anthropic)
 
-**Version**: 3.37.0 | **Last Updated**: March 2026
+**Version**: 3.37.1 | **Last Updated**: March 2026
 
 ---
 
@@ -639,4 +639,4 @@ Speed: `rg` (~20ms) → Serena (~100ms) → ast-grep (~200ms) → grepai (~500ms
 
 **Author**: Florian BRUNIAUX | [@Méthode Aristote](https://methode-aristote.fr) | Written with Claude
 
-*Last updated: March 2026 | Version 3.37.0*
+*Last updated: March 2026 | Version 3.37.1*
diff --git a/guide/ecosystem/ai-ecosystem.md b/guide/ecosystem/ai-ecosystem.md
index 11a6cc0..a9c11e3 100644
--- a/guide/ecosystem/ai-ecosystem.md
+++ b/guide/ecosystem/ai-ecosystem.md
@@ -2107,11 +2107,11 @@ For developers hitting Claude Code's subscription limits or needing model flexib
 
 An **on-machine AI coding agent** developed by Block (formerly Square), released under Apache 2.0 license. Unlike Claude Code, Goose runs entirely locally and is **model-agnostic**—it can use Claude, GPT, Gemini, Groq, or any LLM provider.
 
-| Metric | Value (Jan 2026) |
+| Metric | Value (Mar 2026) |
 |--------|------------------|
-| **GitHub Stars** | 15,400+ |
-| **Contributors** | 350+ |
-| **Releases** | 100+ since Jan 2025 |
+| **GitHub Stars** | 33,000+ |
+| **Contributors** | 400+ |
+| **Releases** | 175+ since Jan 2025 |
 | **License** | Apache 2.0 (permissive) |
 | **Primary Language** | Rust (64%) + TypeScript (26%) |
 
@@ -2124,7 +2124,7 @@ An **on-machine AI coding agent** developed by Block (formerly Square), released
 | **Cost Model** | Subscription ($20-$200/mo) | Free + your LLM API costs |
 | **Rate Limits** | Anthropic's weekly/5-hour caps | Your LLM provider's limits |
 | **Token Visibility** | Opaque (no per-prompt tracking) | Full transparency |
-| **MCP Support** | Native (growing ecosystem) | 3,000+ MCP servers available |
+| **MCP Support** | Native (growing ecosystem) | Thousands of MCP servers available |
 | **Setup Complexity** | Simple (npm install) | Moderate (Rust toolchain, API keys) |
 
 ### When to Consider Goose
@@ -2142,6 +2142,14 @@ An **on-machine AI coding agent** developed by Block (formerly Square), released
 - You value Claude's specific reasoning capabilities and can't substitute
 - You don't want to manage LLM API credentials
 
+### Recipes: Goose's Equivalent of Skills + Commands
+
+Goose has a workflow primitive called **Recipes** — versionable, shareable, parameterized multi-step workflows. Unlike Claude Code's skills (which define agent capabilities) or slash commands (which trigger one-shot actions), Recipes define complete execution sequences: what to do, in what order, with which model at each step. They can be shared as deeplinks, imported by teammates, and checked into source control. Closest Claude Code analogy: a skill that chains multiple commands in a defined sequence, with state carried between steps.
+
+### Subagent Orchestration
+
+Since mid-2025, Goose supports spawning specialized subagents within a workflow. A parent agent can delegate subtasks to subagents with different roles (Planner, Architect, Frontend Dev, Backend Dev), each potentially running a different LLM optimized for its task. This differs from Claude Code's Agent tool (which spawns a subagent with the same model) — Goose enables heterogeneous agent teams where model choice is per-role, not per-session. See §9 for Claude Code's native multi-agent patterns.
+
 ### Skill Portability
 
 Both Claude Code and Goose support the [Agent Skills open standard](https://agentskills.io) (agentskills.io). Skills you create with SKILL.md are portable across 26+ platforms including Cursor, VS Code, GitHub, OpenAI Codex, and Gemini CLI. Claude Code-specific fields (`context`, `agent`) are ignored by other platforms but don't break compatibility.
diff --git a/guide/ecosystem/mcp-vs-cli.md b/guide/ecosystem/mcp-vs-cli.md
index 92e8fff..d0d99ef 100644
--- a/guide/ecosystem/mcp-vs-cli.md
+++ b/guide/ecosystem/mcp-vs-cli.md
@@ -40,7 +40,7 @@ This page compares two integration patterns for giving Claude Code access to ext
 
 | Advantage | Detail |
 |-----------|--------|
-| **Zero context overhead** | No schema injected at startup — relevant when context budget is tight |
+| **Zero context overhead** | No schema injected at startup. Since v2.1.7 lazy loading closes most of the gap, but CLI is still the absolute minimum. |
 | **Deterministic actions** | Explicit commands with predictable output are easier to audit and test |
 | **Human + AI use** | The same CLI wrapper works for a developer running it manually and for Claude |
 | **Frontier models** | Claude Opus/Sonnet 4.6 can drive complex CLIs (aws-cli, glab, gh) without a structured schema |
@@ -52,7 +52,7 @@ This page compares two integration patterns for giving Claude Code access to ext
 
 | Weakness | Detail |
 |----------|--------|
-| **Schema token cost** | Every MCP server injects its full tool list into the context window at session start, whether or not those tools are used that session |
+| **Schema token cost** | Since v2.1.7, lazy loading (MCP Tool Search) means unused tools inject only their name, not their full schema. Cost is still non-zero: tool names load at startup, full schemas load on first use. The pre-v2.1.7 worst case (~55K tokens for a 5-server setup) now averages ~8.7K — an 85% reduction, but not zero. |
 | **Connection overhead** | Session startup takes longer with many MCP servers connected |
 | **Debugging difficulty** | Failures inside an MCP server are harder to trace than a failed shell command |
 | **Maintenance complexity** | Running, updating, and securing remote MCP servers adds infrastructure |
@@ -112,7 +112,7 @@ Quick reference — not rules, but directional defaults.
 | Individual dev, local machine | **CLI or skill** | Simpler, faster, no infrastructure |
 | Deterministic actions (git, CI, deploy) | **CLI** | Explicit commands, predictable output, auditable |
 | Complex auth (OAuth, token refresh) | **MCP** | Server handles auth; CLI would require credential plumbing |
-| Tight context budget / many tools loaded | **CLI** | No schema injection at startup |
+| Tight context budget / many tools loaded | **CLI** | Still the minimum-overhead option. Lazy loading (v2.1.7+) reduces MCP cost significantly, but CLI has zero schema cost by design. |
 | Agent-to-agent structured output | **MCP** | JSON responses are more reliable than parsed CLI text |
 | Debugging / prototyping a new integration | **CLI** | Easier to inspect, faster to iterate |
 | Browser automation (non-frontier model) | **MCP** | Playwright MCP structures interaction reliably |
@@ -138,18 +138,35 @@ The mistake is applying one answer to both layers. A solo developer building a C
 
 ## Token cost of MCP schemas — what the numbers look like
 
-MCP servers inject their full tool list into the context at session start. This is not free.
+Since v2.1.7 (January 2026), Claude Code uses **MCP Tool Search** (lazy loading) by default. This changes the token math significantly, but does not eliminate schema cost entirely.
 
-A typical MCP server with 10-15 tools injects 500-2,000 tokens per session before any task starts. With 5 MCP servers connected, that is 2,500-10,000 tokens of overhead on every session, whether or not those tools are used.
+**How lazy loading works:** instead of injecting all tool schemas at session start, Claude receives only tool names in an `<available-deferred-tools>` block. Full schemas are fetched via `ToolSearch` only when Claude decides to call a specific tool. Unused tools in a session cost only their name in context (~0 schema tokens), not the full definition.
 
-The practical consequence: if you load 10 MCP servers but only use 2 in a given session, you are paying for 8 servers worth of schema every time. This compounds with long sessions and high-frequency workflows.
+**Measured impact** (Anthropic benchmarks, 5-server setup):
 
-**Mitigation strategies:**
+| Scenario | Token overhead | Note |
+|----------|---------------|------|
+| Before v2.1.7 (eager loading) | ~55,000 tokens | All schemas preloaded |
+| After v2.1.7 (lazy loading) | ~8,700 tokens | 85% reduction |
+| CLI (no MCP) | ~0 tokens | Baseline |
+
+The old worst-case claim of "500-2,000 tokens per server" described eager loading, which is no longer the default. With lazy loading, the cost per unused server is near zero. The cost per *used* server (~600 tokens per tool schema loaded on demand) remains real, but is now pay-per-use rather than always-on.
+
+**What still adds overhead even with lazy loading:**
+
+- Tool names are still injected at startup (one line per tool per server)
+- Schemas load at first invocation — long sessions using many tools accumulate cost
+- Connection setup per server is unchanged (latency, not tokens)
+- Many connected MCP servers still means more names in context, even if schemas stay deferred
+
+**Configuration** (v2.1.9+): the `ENABLE_TOOL_SEARCH` environment variable controls the threshold. `auto:N` triggers lazy loading when MCP tools exceed N% of context (default 10%).
+
+**Mitigation strategies** (still relevant, lower urgency):
 
 - Load MCP servers selectively per project (project-level config vs global config)
-- Use CLI tools for high-frequency operations where schema overhead accumulates
-- Monitor token usage per session to identify which MCP schemas are loaded but unused
-- Consider a CLI wrapper for tools you use frequently in tight loops (compile → test → fix cycles)
+- Use CLI tools for high-frequency tight loops where any overhead compounds (compile → test → fix)
+- Monitor token usage per session to identify which schemas are being loaded at invocation time
+- Consider a CLI wrapper for tools you use constantly but don't need structured output from
 
 ---
 
diff --git a/guide/roles/learning-with-ai.md b/guide/roles/learning-with-ai.md
index f98542f..82c9908 100644
--- a/guide/roles/learning-with-ai.md
+++ b/guide/roles/learning-with-ai.md
@@ -28,11 +28,12 @@ tags: [guide, workflows]
 8. [Embracing AI Tools (Pattern: Avoidant)](#embracing-ai-tools)
 9. [Optimizing Your Flow (Pattern: Augmented)](#optimizing-your-flow)
 10. [Case Study: Hybrid Learning Principles](#case-study-hybrid-learning-principles)
-11. [30-Day Progression Plan](#30-day-progression-plan)
-12. [For Tech Leads & Engineering Managers](#for-tech-leads--engineering-managers)
-13. [Red Flags Checklist](#red-flags-checklist)
-14. [Sources & Research](#sources--research)
-15. [See Also](#see-also)
+11. [Where Are You on the Agent Adoption Curve?](#where-are-you-on-the-agent-adoption-curve)
+12. [30-Day Progression Plan](#30-day-progression-plan)
+13. [For Tech Leads & Engineering Managers](#for-tech-leads--engineering-managers)
+14. [Red Flags Checklist](#red-flags-checklist)
+15. [Sources & Research](#sources--research)
+16. [See Also](#see-also)
 
 ---
 
@@ -819,6 +820,35 @@ The combination of **human accountability + AI practice** beats either alone. Th
 
 ---
 
+## Where Are You on the Agent Adoption Curve?
+
+> **Audience**: Developers already using Claude Code who want to gauge their current sophistication — not beginners starting from scratch (use the 30-Day Plan below for that).
+
+Before picking a learning path, locate yourself. Nicolas Martignole (Principal Engineer at Back Market) proposed a 6-level maturity scale in March 2026 that maps well onto practical Claude Code usage. The levels below are adapted from his framework, with the upper half (3-5) being where most of this guide's content lives.
+
+| Level | Profile | Signal |
+|-------|---------|--------|
+| **0** | Never used AI dev tools | Using chatbots at most, nothing integrated in workflow |
+| **1** | Editor autocomplete | Cursor, Copilot, Windsurf — but no agent-level usage |
+| **2** | External LLM, copy-paste | ChatGPT or Claude in browser, pasting code manually into editor |
+| **3** | Claude Code basic user | Running Plan mode, simple prompts, reviewing everything manually |
+| **4** | Stage delegator | Handing off full development stages (research, architecture, implementation, tests) — writing less than 10% of code manually |
+| **5** | Context engineer | Designing CLAUDE.md, sub-agents, custom skills, MCP servers — building the environment for agents to operate in |
+| **6** | Orchestrator | Coordinating agent graphs, reinforcement loops, distributed agent systems |
+
+**Quick self-placement questions:**
+
+- Can you leave Claude Code running on a feature branch for 20+ minutes without checking in? → Level 4+
+- Do you write CLAUDE.md before starting a project, not after? → Level 5
+- Have you built a custom agent or hook in the last month? → Level 5-6
+- Is your primary output prompts and system design, not code? → Level 6
+
+If you landed at Level 3 or below: the 30-Day Plan below is the right path. If you're at Level 4-6: skip to [Context Engineering](../core/context-engineering.md), [Agent Patterns](../../examples/agents/), or [MCP Ecosystem](../ecosystem/mcp-servers-ecosystem.md).
+
+> Source: Nicolas Martignole, ["Découvrir les niveaux de maturité de l'adoption des coding agents"](https://www.touilleur-express.fr/2026/03/17/decouvrir-les-niveaux-de-maturite-de-ladoption-des-coding-agents), Le Touilleur Express, March 2026. Adapted and extended.
+
+---
+
 ## 30-Day Progression Plan
 
 A concrete path from wherever you are to augmented developer.
diff --git a/guide/ultimate-guide.md b/guide/ultimate-guide.md
index 6607b5d..f6008bd 100644
--- a/guide/ultimate-guide.md
+++ b/guide/ultimate-guide.md
@@ -16,7 +16,7 @@ tags: [guide, reference, workflows, agents, hooks, mcp, security]
 
 **Last updated**: January 2026
 
-**Version**: 3.37.0
+**Version**: 3.37.1
 
 ---
 
@@ -5166,7 +5166,7 @@ The `.claude/` folder is your project's Claude Code directory for memory, settin
 | Personal preferences | `CLAUDE.md` | ❌ Gitignore |
 | Personal permissions | `settings.local.json` | ❌ Gitignore |
 
-### 3.37.0 Version Control & Backup
+### 3.37.1 Version Control & Backup
 
 **Problem**: Without version control, losing your Claude Code configuration means hours of manual reconfiguration across agents, skills, hooks, and MCP servers.
 
@@ -23482,4 +23482,4 @@ We'll evaluate and add it to this section if it meets quality criteria.
 
 **Contributions**: Issues and PRs welcome.
 
-**Last updated**: January 2026 | **Version**: 3.37.0
+**Last updated**: January 2026 | **Version**: 3.37.1
diff --git a/llms-full.txt b/llms-full.txt
index 1ac508d..369f8cd 100644
--- a/llms-full.txt
+++ b/llms-full.txt
@@ -10,14 +10,14 @@
 
 - Title: Claude Code Ultimate Guide
 - Author: Florian Bruniaux (Founding Engineer @ Méthode Aristote)
-- Version: 3.36.0
-- Last Updated: March 17, 2026
+- Version: 3.37.1
+- Last Updated: March 18, 2026
 - License: CC BY-SA 4.0
 - Repository: https://github.com/FlorianBruniaux/claude-code-ultimate-guide
 - Landing: https://cc.bruniaux.com
-- Lines of Documentation: 23,300+
-- Production Templates: 216
-- Quiz Questions: 311
+- Lines of Documentation: 23,400+
+- Production Templates: 217
+- Quiz Questions: 271
 - Whitepapers: 9 titles (FR + EN)
 
 ---
diff --git a/llms.txt b/llms.txt
index 2ee6771..a0dba96 100644
--- a/llms.txt
+++ b/llms.txt
@@ -6,12 +6,12 @@
 
 - Title: Claude Code Ultimate Guide
 - Author: Florian Bruniaux (Founding Engineer @ Méthode Aristote)
-- Version: 3.36.0
-- Last Updated: March 17, 2026
+- Version: 3.37.1
+- Last Updated: March 18, 2026
 - License: CC BY-SA 4.0 (free, open source)
-- Lines of Documentation: 23,300+
-- Production Templates: 216
-- Quiz Questions: 311
+- Lines of Documentation: 23,400+
+- Production Templates: 217
+- Quiz Questions: 271
 
 ## What This Guide Covers
 
@@ -39,7 +39,7 @@
 - Landing site: https://cc.bruniaux.com
 
 ### For Templates
-- 216 Production Templates: https://github.com/FlorianBruniaux/claude-code-ultimate-guide/tree/main/examples
+- 217 Production Templates: https://github.com/FlorianBruniaux/claude-code-ultimate-guide/tree/main/examples
 - Agents: backend-architect, security-guardian, code-reviewer, debugger, devops-sre, adr-writer
 - Commands: /pr, /commit, /release-notes, /diagnose, /generate-tests, /optimize, /git-worktree
 - Hooks: dangerous-actions-blocker, prompt-injection-detector, secrets-scanner (bash + PowerShell)
diff --git a/machine-readable/llms.txt b/machine-readable/llms.txt
index 2ee6771..a0dba96 100644
--- a/machine-readable/llms.txt
+++ b/machine-readable/llms.txt
@@ -6,12 +6,12 @@
 
 - Title: Claude Code Ultimate Guide
 - Author: Florian Bruniaux (Founding Engineer @ Méthode Aristote)
-- Version: 3.36.0
-- Last Updated: March 17, 2026
+- Version: 3.37.1
+- Last Updated: March 18, 2026
 - License: CC BY-SA 4.0 (free, open source)
-- Lines of Documentation: 23,300+
-- Production Templates: 216
-- Quiz Questions: 311
+- Lines of Documentation: 23,400+
+- Production Templates: 217
+- Quiz Questions: 271
 
 ## What This Guide Covers
 
@@ -39,7 +39,7 @@
 - Landing site: https://cc.bruniaux.com
 
 ### For Templates
-- 216 Production Templates: https://github.com/FlorianBruniaux/claude-code-ultimate-guide/tree/main/examples
+- 217 Production Templates: https://github.com/FlorianBruniaux/claude-code-ultimate-guide/tree/main/examples
 - Agents: backend-architect, security-guardian, code-reviewer, debugger, devops-sre, adr-writer
 - Commands: /pr, /commit, /release-notes, /diagnose, /generate-tests, /optimize, /git-worktree
 - Hooks: dangerous-actions-blocker, prompt-injection-detector, secrets-scanner (bash + PowerShell)
diff --git a/machine-readable/reference.yaml b/machine-readable/reference.yaml
index ca56908..6fd5f00 100644
--- a/machine-readable/reference.yaml
+++ b/machine-readable/reference.yaml
@@ -3,7 +3,7 @@
 # Source: guide/ultimate-guide.md
 # Purpose: Condensed index for LLMs to quickly answer user questions about Claude Code
 
-version: "3.37.0"
+version: "3.37.1"
 updated: "2026-03-17"
 
 # ════════════════════════════════════════════════════════════════
@@ -1060,7 +1060,7 @@ deep_dive:
   # Quiz System (271 questions, 15 categories)
   quiz_overview: "quiz/README.md"
   quiz_file: "quiz/questions.json"
-  quiz_count: 311
+  quiz_count: 271
   quiz_categories: 15
   quiz_beginner: "quiz/categories/basics,commands,shortcuts,reference"
   quiz_beginner_count: 60
@@ -1581,7 +1581,7 @@ ecosystem:
       - "Cross-links modified → Update all 4 repos"
     history:
       - date: "2026-01-20"
-        event: "Code Landing sync v3.37.0, 66 templates, cross-links"
+        event: "Code Landing sync v3.37.1, 66 templates, cross-links"
         commit: "5b5ce62"
       - date: "2026-01-20"
         event: "Cowork Landing fix (paths, README, UI badges)"
@@ -1593,7 +1593,7 @@ ecosystem:
 onboarding_matrix_meta:
   version: "2.1.0"
   last_updated: "2026-03-09"
-  aligned_with_guide: "3.37.0"
+  aligned_with_guide: "3.37.1"
   changelog:
     - version: "2.1.0"
       date: "2026-03-09"
@@ -1624,7 +1624,7 @@ onboarding_matrix:
       core: [rules, sandbox_native_guide, commands]
       time_budget: "5 min"
       topics_max: 3
-      note: "SECURITY FIRST - sandbox before commands (v3.37.0 critical fix)"
+      note: "SECURITY FIRST - sandbox before commands (v3.37.1 critical fix)"
 
     beginner_15min:
       core: [rules, sandbox_native_guide, workflow, essential_commands]
@@ -1713,7 +1713,7 @@ onboarding_matrix:
         - default: agent_validation_checklist
       time_budget: "60 min"
       topics_max: 6
-      note: "Dual-instance pattern for quality workflows (v3.37.0)"
+      note: "Dual-instance pattern for quality workflows (v3.37.1)"
 
   learn_security:
     intermediate_30min:
@@ -1724,7 +1724,7 @@ onboarding_matrix:
         - default: permission_modes
       time_budget: "30 min"
       topics_max: 4
-      note: "NEW goal (v3.37.0) - Security-focused learning path"
+      note: "NEW goal (v3.37.1) - Security-focused learning path"
 
     power_60min:
       core: [sandbox_native_guide, mcp_secrets_management, security_hardening]
@@ -1749,7 +1749,7 @@ onboarding_matrix:
       core: [rules, sandbox_native_guide, workflow, essential_commands, context_management, plan_mode]
       time_budget: "60 min"
       topics_max: 6
-      note: "Security foundation + core workflow (v3.37.0 sandbox added)"
+      note: "Security foundation + core workflow (v3.37.1 sandbox added)"
 
     intermediate_120min:
       core: [plan_mode, agents, skills, config_hierarchy, git_mcp_guide, hooks, mcp_servers]
diff --git a/recap-hashes.json b/recap-hashes.json
new file mode 100644
index 0000000..83c094f
--- /dev/null
+++ b/recap-hashes.json
@@ -0,0 +1,65 @@
+{
+  "_zips": {
+    "technique": "recap-cards-technique.fr.v1.0.0.b49e567efc83.zip",
+    "methodologie": "recap-cards-methodologie.fr.v1.0.0.13e7b6ebafd5.zip"
+  },
+  "_cards": {
+    "c01-trust-calibration": "c01-trust-calibration.fr.v1.0.0.06c8ad61a256.pdf",
+    "c02-prompting-basics": "c02-prompting-basics.fr.v1.0.0.cae8e821774f.pdf",
+    "c03-xml-prompting-anchors": "c03-xml-prompting-anchors.fr.v1.0.0.3e63b40073f4.pdf",
+    "c04-commands-skills-plugins-agents": "c04-commands-skills-plugins-agents.fr.v1.0.0.5f4a9bda368a.pdf",
+    "c05-memory-stack": "c05-memory-stack.fr.v1.0.0.32172370d8ea.pdf",
+    "c06-configuration-decision-guide": "c06-configuration-decision-guide.fr.v1.0.0.ed45b4044350.pdf",
+    "c07-conventions-equipe-scale": "c07-conventions-equipe-scale.fr.v1.0.0.dd1324e19bf6.pdf",
+    "c08-surface-attaque-menaces": "c08-surface-attaque-menaces.fr.v1.0.0.a3fb49640eb2.pdf",
+    "c09-prompt-injection-defenses": "c09-prompt-injection-defenses.fr.v1.0.0.89a395ae6f29.pdf",
+    "c10-ai-traceability": "c10-ai-traceability.fr.v1.0.0.a9550e0df0ae.pdf",
+    "c11-subscription-vs-api-patterns": "c11-subscription-vs-api-patterns.fr.v1.0.0.70371cd7a428.pdf",
+    "c12-agent-sdk-integrations-ide": "c12-agent-sdk-integrations-ide.fr.v1.0.0.c79ed0bdc8b6.pdf",
+    "c13-erreurs-courantes": "c13-erreurs-courantes.fr.v1.0.0.3ddd18dab628.pdf",
+    "m01-workflow-quotidien": "m01-workflow-quotidien.fr.v1.0.0.7a39ae6c702e.pdf",
+    "m02-context-management": "m02-context-management.fr.v1.0.0.bb231e85d45a.pdf",
+    "m03-sessions-continuite": "m03-sessions-continuite.fr.v1.0.0.60fce4fed0d8.pdf",
+    "m04-compact-vs-clear": "m04-compact-vs-clear.fr.v1.0.0.6f86f9103b15.pdf",
+    "m05-plan-mode": "m05-plan-mode.fr.v1.0.0.3aeabfe8def3.pdf",
+    "m06-task-management-system": "m06-task-management-system.fr.v1.0.0.9849dc3ef1ef.pdf",
+    "m07-todowrite-vs-tasks-api": "m07-todowrite-vs-tasks-api.fr.v1.0.0.8fcf305d2bd1.pdf",
+    "m08-agents-custom": "m08-agents-custom.fr.v1.0.0.76f9eb083aab.pdf",
+    "m09-slash-commands": "m09-slash-commands.fr.v1.0.0.f3268120309f.pdf",
+    "m10-skills": "m10-skills.fr.v1.0.0.0f10c5381278.pdf",
+    "m11-hooks-evenements-systeme": "m11-hooks-evenements-systeme.fr.v1.0.0.ed6cab9f2f6b.pdf",
+    "m12-hooks-patterns-concrets": "m12-hooks-patterns-concrets.fr.v1.0.0.ea8a6fef7799.pdf",
+    "m13-worktrees": "m13-worktrees.fr.v1.0.0.8a05aad9535b.pdf",
+    "m14-plan-validate-execute": "m14-plan-validate-execute.fr.v1.0.0.43709bf9fab9.pdf",
+    "m15-tdd-bdd-sdd": "m15-tdd-bdd-sdd.fr.v1.0.0.e5636d384682.pdf",
+    "m16-multi-agent-topologie": "m16-multi-agent-topologie.fr.v1.0.0.938cd21d5c1e.pdf",
+    "m17-multi-agent-communication-trust": "m17-multi-agent-communication-trust.fr.v1.0.0.0b5c99e4428b.pdf",
+    "m18-event-driven-agents": "m18-event-driven-agents.fr.v1.0.0.f789deb7099a.pdf",
+    "m19-github-actions": "m19-github-actions.fr.v1.0.0.9042ba29d575.pdf",
+    "m20-cicd-production": "m20-cicd-production.fr.v1.0.0.4cd64aa08812.pdf",
+    "m21-debug-methodique": "m21-debug-methodique.fr.v1.0.0.2b1b23d56236.pdf",
+    "m22-observabilite-jsonl": "m22-observabilite-jsonl.fr.v1.0.0.632b94b41f63.pdf",
+    "t01-commandes-essentielles": "t01-commandes-essentielles.fr.v1.0.0.d2af5d1d752c.pdf",
+    "t02-mode-non-interactif": "t02-mode-non-interactif.fr.v1.0.0.7486f8fbf5b5.pdf",
+    "t03-permission-modes": "t03-permission-modes.fr.v1.0.0.318dc47d365b.pdf",
+    "t04-permissions-glob-patterns": "t04-permissions-glob-patterns.fr.v1.0.0.0787515a1d98.pdf",
+    "t05-hierarchie-configuration": "t05-hierarchie-configuration.fr.v1.0.0.fcdb566a2b09.pdf",
+    "t06-settings-json": "t06-settings-json.fr.v1.0.0.f96a06faed05.pdf",
+    "t07-claudemd-best-practices": "t07-claudemd-best-practices.fr.v1.0.0.9a5322699617.pdf",
+    "t08-auto-memories": "t08-auto-memories.fr.v1.0.0.d32dcd1578dc.pdf",
+    "t09-workspace-hygiene": "t09-workspace-hygiene.fr.v1.0.0.7f440d112479.pdf",
+    "t10-config-multi-machine": "t10-config-multi-machine.fr.v1.0.0.19655711bd41.pdf",
+    "t11-search-tools-decision": "t11-search-tools-decision.fr.v1.0.0.75e04de1650a.pdf",
+    "t12-mcp-servers-overview": "t12-mcp-servers-overview.fr.v1.0.0.a49fdd6b805d.pdf",
+    "t13-context7-sequential": "t13-context7-sequential.fr.v1.0.0.eda00f0c1605.pdf",
+    "t14-grepai-semantic-search": "t14-grepai-semantic-search.fr.v1.0.0.d83daf2bd8ac.pdf",
+    "t15-mcp-secrets-management": "t15-mcp-secrets-management.fr.v1.0.0.dd32d342310c.pdf",
+    "t16-sandbox-natif-architecture": "t16-sandbox-natif-architecture.fr.v1.0.0.c4c458890695.pdf",
+    "t17-sandbox-natif-vs-docker": "t17-sandbox-natif-vs-docker.fr.v1.0.0.0a85a25b9eea.pdf",
+    "t18-modeles-thinking-modes": "t18-modeles-thinking-modes.fr.v1.0.0.9231e0d3dfbb.pdf",
+    "t19-context-window-200k-1m": "t19-context-window-200k-1m.fr.v1.0.0.d9d633d90189.pdf",
+    "t20-token-optimization": "t20-token-optimization.fr.v1.0.0.c998377aa34e.pdf",
+    "t21-fast-mode-api": "t21-fast-mode-api.fr.v1.0.0.bd8dd604cc53.pdf",
+    "t22-third-party-tools": "t22-third-party-tools.fr.v1.0.0.102ae98e8e0b.pdf"
+  }
+}
diff --git a/scripts/hash-recap-cards.sh b/scripts/hash-recap-cards.sh
new file mode 100755
index 0000000..800576d
--- /dev/null
+++ b/scripts/hash-recap-cards.sh
@@ -0,0 +1,137 @@
+#!/usr/bin/env bash
+# hash-recap-cards.sh
+# Generate hashed PDFs for recap cards, create series ZIPs, output mapping JSON
+#
+# Usage: ./scripts/hash-recap-cards.sh [--dry-run]
+# Output: portfolio/public/guides/recap-cards/ + recap-hashes.json (guide root)
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ROOT="$SCRIPT_DIR/.."
+SOURCE_DIR="$ROOT/../claude-code-ultimate-guide-landing/public/cheatsheets/pdf"
+PORTFOLIO_DIR="$ROOT/../florian-portfolio/public/guides/recap-cards"
+VERSION="v1.0.0"
+DRY_RUN=false
+
+[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true
+
+if [ ! -d "$SOURCE_DIR" ]; then
+  echo "ERROR: Source dir not found: $SOURCE_DIR" >&2
+  exit 1
+fi
+
+$DRY_RUN || mkdir -p "$PORTFOLIO_DIR"
+
+# Collect all PDFs and compute hashes
+declare -a ALL_KEYS
+declare -A HASH_MAP  # basename → hashed filename
+
+TECHNIQUE_KEYS=()
+METHODOLOGIE_KEYS=()
+
+echo "=== Hashing PDFs ==="
+for pdf in "$SOURCE_DIR"/*.pdf; do
+  [[ -f "$pdf" ]] || continue
+  base=$(basename "$pdf" .pdf)
+  series="${base:0:1}"  # t | m | c
+
+  if [[ "$OSTYPE" == "darwin"* ]]; then
+    hash=$(md5 -q "$pdf" | cut -c1-12)
+  else
+    hash=$(md5sum "$pdf" | awk '{print $1}' | cut -c1-12)
+  fi
+
+  out_name="${base}.fr.${VERSION}.${hash}.pdf"
+  HASH_MAP["$base"]="$out_name"
+  ALL_KEYS+=("$base")
+
+  case "$series" in
+    t) TECHNIQUE_KEYS+=("$base") ;;
+    m) METHODOLOGIE_KEYS+=("$base") ;;
+  esac
+
+  echo "  $base → $out_name"
+  $DRY_RUN || cp "$pdf" "$PORTFOLIO_DIR/$out_name"
+done
+
+echo ""
+echo "=== Creating ZIPs ==="
+
+_create_zip() {
+  local series_name="$1"
+  shift
+  local keys=("$@")
+
+  local tmp_dir
+  tmp_dir=$(mktemp -d)
+  for k in "${keys[@]}"; do
+    $DRY_RUN || cp "$PORTFOLIO_DIR/${HASH_MAP[$k]}" "$tmp_dir/"
+    $DRY_RUN && echo "  [dry-run] would include ${HASH_MAP[$k]}"
+  done
+
+  if $DRY_RUN; then
+    echo "  [dry-run] would create recap-cards-${series_name}.fr.${VERSION}.XXXXXXXXXXXX.zip"
+    echo "DRYRUN_${series_name^^}"
+    return
+  fi
+
+  (cd "$tmp_dir" && zip -q "archive.zip" *.pdf)
+
+  if [[ "$OSTYPE" == "darwin"* ]]; then
+    zip_hash=$(md5 -q "$tmp_dir/archive.zip" | cut -c1-12)
+  else
+    zip_hash=$(md5sum "$tmp_dir/archive.zip" | awk '{print $1}' | cut -c1-12)
+  fi
+
+  local zip_name="recap-cards-${series_name}.fr.${VERSION}.${zip_hash}.zip"
+  cp "$tmp_dir/archive.zip" "$PORTFOLIO_DIR/$zip_name"
+  rm -rf "$tmp_dir"
+  echo "  ${series_name} ZIP → $zip_name"
+  echo "$zip_name"
+}
+
+ZIP_T=$(_create_zip "technique" "${TECHNIQUE_KEYS[@]}")
+ZIP_M=$(_create_zip "methodologie" "${METHODOLOGIE_KEYS[@]}")
+
+# Last line of _create_zip output is the filename
+ZIP_T_NAME=$(echo "$ZIP_T" | tail -1)
+ZIP_M_NAME=$(echo "$ZIP_M" | tail -1)
+
+echo ""
+echo "=== Generating recap-hashes.json ==="
+
+JSON_FILE="$ROOT/recap-hashes.json"
+
+{
+  printf '{\n'
+  printf '  "_zips": {\n'
+  printf '    "technique": "%s",\n' "$ZIP_T_NAME"
+  printf '    "methodologie": "%s"\n' "$ZIP_M_NAME"
+  printf '  },\n'
+  printf '  "_cards": {\n'
+  # Sort keys for deterministic output
+  mapfile -t SORTED_KEYS < <(printf '%s\n' "${ALL_KEYS[@]}" | sort)
+  last_idx=$(( ${#SORTED_KEYS[@]} - 1 ))
+  for i in "${!SORTED_KEYS[@]}"; do
+    k="${SORTED_KEYS[$i]}"
+    if [[ $i -eq $last_idx ]]; then
+      printf '    "%s": "%s"\n' "$k" "${HASH_MAP[$k]}"
+    else
+      printf '    "%s": "%s",\n' "$k" "${HASH_MAP[$k]}"
+    fi
+  done
+  printf '  }\n'
+  printf '}\n'
+} > "$JSON_FILE"
+
+echo "  Written: $JSON_FILE"
+
+echo ""
+echo "=== Summary ==="
+echo "  PDFs processed: ${#ALL_KEYS[@]}"
+echo "  Technique cards: ${#TECHNIQUE_KEYS[@]}"
+echo "  Methodologie cards: ${#METHODOLOGIE_KEYS[@]}"
+echo "  Technique ZIP: $ZIP_T_NAME"
+echo "  Methodologie ZIP: $ZIP_M_NAME"
+echo "  Output: $PORTFOLIO_DIR"