docs: complete factual audit pass 2 — 90+ corrections

Second 10-agent parallel audit covering all remaining sections:
ultimate-guide.md (ch1-ch11), workflows/ (17 files), quiz/ (12 files),
examples/agents+skills+commands. Source of truth: official Anthropic docs.

Key corrections:

Hook system (+8 missing events):
- Complete 17-event list: PermissionRequest, PostToolUseFailure, SubagentStart,
  TeammateIdle, TaskCompleted, WorktreeCreate, WorktreeRemove, SessionEnd
- SessionStart confirmed valid (previous audit wrongly doubted it)
- Hook output format: hookSpecificOutput.permissionDecision (not {"decision":"block"})
- Missing common input fields added: transcript_path, cwd, permission_mode

Agent YAML frontmatter (13 valid fields restored/added):
- Restored: disallowedTools, memory, background, isolation, skills, permissionMode, hooks
- Added new: maxTurns, mcpServers
- Fixed: tools format is comma-separated (not space-separated)

Plan Mode (12 occurrences fixed):
- Ctrl+G = "open plan in text editor" (NOT "enter plan mode")
- Plan Mode = Shift+Tab × 2 (Normal → acceptEdits → plan)

Commands table (10.1) + built-in commands (6.1):
- Added 18+ missing commands: /copy, /doctor, /hooks, /memory, /model,
  /config, /permissions, /remote-control, /rename, /resume, /sandbox, etc.

Workflow files:
- agent-teams.md: removed fake --experimental-agent-teams flag
- hooks.yaml + post_edit event → settings.json + PostToolUse (2 files)
- TodoWrite → TaskCreate/TaskUpdate (3 files)
- task-management.md: removed fake "failed" task status

Quiz / examples:
- 01-010: Esc stops mid-action (not Ctrl+C)
- refactoring-specialist.md: removed MultiEdit (not a valid tool)
- ast-grep-patterns.md: name field (not title)
- validate-changes.md, diagnose.md: field name fixes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

examples/agents/refactoring-specialist.md

@@ -2,7 +2,7 @@
 name: refactoring-specialist
 description: Use for clean code refactoring following SOLID principles and best practices
 model: sonnet
-tools: Read, Write, Edit, MultiEdit, Grep, Glob
+tools: Read, Write, Edit, Grep, Glob
 ---
 
 # Refactoring Specialist Agent

examples/commands/diagnose.md

@@ -204,8 +204,8 @@ which mcp-server-sequential
 **Diagnosis**: Hook file naming or location issue.
 
 **Solution**:
-1. Verify hook is in `.claude/hooks/` or `~/.claude/hooks/`
-2. Check filename matches event: `PreToolUse.sh`, `PostToolUse.sh`
-3. Ensure hook is executable: `chmod +x hook.sh`
+1. Verify hooks are configured in `.claude/settings.json` or `~/.claude/settings.json`
+2. Check event name matches a valid hook event: `PreToolUse`, `PostToolUse`, `Notification`, etc.
+3. Ensure the command referenced in the hook exists and is executable
 
 $ARGUMENTS

examples/commands/security-check.md

@@ -49,15 +49,15 @@ ls -la ~/.claude/skills/ 2>/dev/null
 ls -la .claude/agents/ 2>/dev/null
 ls -la ~/.claude/agents/ 2>/dev/null
 
-# Check agent allowed-tools
-grep -r "allowed-tools" .claude/agents/ 2>/dev/null
-grep -r "allowed-tools" ~/.claude/agents/ 2>/dev/null
+# Check agent tools field
+grep -r "^tools:" .claude/agents/ 2>/dev/null
+grep -r "^tools:" ~/.claude/agents/ 2>/dev/null
 ```
 
 **Check against threat-db.yaml:**
 - [ ] Any skill/agent name matching `malicious_skills` entries? → CRITICAL
 - [ ] Any skill/agent author matching `malicious_authors` entries? → CRITICAL
-- [ ] Any agent with `allowed-tools: ["Bash"]` only? → HIGH
+- [ ] Any agent with `tools: Bash` only? → HIGH
 - [ ] Any agent with overly broad tool access + vague description? → MEDIUM
 
 ### Phase 4: Hook Security

examples/commands/validate-changes.md

@@ -1,7 +1,6 @@
 ---
 name: validate-changes
 description: Evaluate staged changes using LLM-as-a-Judge before committing
-allowed-tools: Bash, Read, Grep, Glob, Task
 ---
 
 # Validate Changes Before Commit

examples/hooks/README.md

@@ -48,13 +48,23 @@ Hooks are scripts that execute automatically on Claude Code events. They enable
 
 | Event | When | Typical Use Cases |
 |-------|------|-------------------|
+| `SessionStart` | Session begins or resumes | Initialization, environment setup, config scanning |
+| `UserPromptSubmit` | User sends a message | Context enrichment, preprocessing |
 | `PreToolUse` | Before a tool executes | Validation, blocking dangerous operations |
-| `PostToolUse` | After a tool executes | Formatting, logging, cleanup |
-| `UserPromptSubmit` | When user sends a message | Context enrichment, preprocessing |
-| `Notification` | When Claude sends a notification | Sound alerts, external notifications |
-| `SessionStart` | At session start | Initialization, environment setup |
-| `SessionEnd` | At session end | Cleanup, session summary |
+| `PermissionRequest` | Permission dialog appears | Custom approval logic |
+| `PostToolUse` | After a tool succeeds | Formatting, logging, cleanup |
+| `PostToolUseFailure` | After a tool fails | Error logging, recovery actions |
+| `Notification` | Claude sends a notification | Sound alerts, external notifications |
+| `SubagentStart` | Sub-agent spawns | Subagent initialization |
+| `SubagentStop` | Sub-agent finishes | Subagent cleanup |
 | `Stop` | Claude finishes responding | Post-response actions, state saving |
+| `TeammateIdle` | Agent teammate goes idle | Team coordination |
+| `TaskCompleted` | Task marked completed | Workflow triggers |
+| `ConfigChange` | Config file changes during session | Enterprise audit, block unauthorized changes |
+| `WorktreeCreate` | Agent worktree created | Set up DB branch, install deps |
+| `WorktreeRemove` | Agent worktree torn down | Clean up DB branch, temp credentials |
+| `PreCompact` | Before context compaction | Save state before compaction |
+| `SessionEnd` | Session terminates | Cleanup, session summary |
 
 ## Advanced Guardrails (NEW in v3.3.0)
 

examples/skills/ast-grep-patterns.md

@@ -1,7 +1,6 @@
 ---
-title: "ast-grep Patterns for Claude Code"
+name: ast-grep-patterns
 description: "Skill teaching Claude when and how to use ast-grep for structural code searches"
-tags: [skill, search, architecture]
 ---
 
 # ast-grep Patterns for Claude Code