release: v3.37.2 - hook format fix, 3 resource evals, cross-model review sections

- Fix: hook format updated to matcher+hooks[] structure (settings.json, learning-mode.md) - New guide sections: Cross-Model Review, Lightweight Role-Switch, Task Sizing (ultimate-guide.md) - Resource Eval: ManoMano Project Aegis — Serena MCP benchmark (3/5, ecosystem gap identified) - Resource Eval: Multi-Session Management Landscape (4/5) - Resource Eval: Ischenko workflow quality (2/5, marginal) - Version bump: 3.37.1 → 3.37.2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 21:22:01 +01:00 · 2026-03-19 21:22:01 +01:00 · 53ac314a15
commit 53ac314a15
parent ea7ce092dc
11 changed files with 485 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [Unreleased]
 ## [3.37.2] - 2026-03-19
 - **RSS Feed added to cc.bruniaux.com** (`landing: src/pages/rss.xml.ts`, `src/data/rss-entries.ts`): Unified RSS feed at `/rss.xml` merging Claude Code CLI releases and guide content updates (guide releases, new pages, new cards, new whitepapers). Auto-discovery `<link>` tag in all page heads, RSS icon in footer and "More" nav dropdown, mention in announcement banner. Dedicated `rss-entries.ts` data file for manual guide entries. Workflow integrated in `/release` (step 6.5 auto-drafts entry) and `/update-infos-release` (step 4.5 for notable CC releases). Post-push hook in landing repo reminds to update `rss-entries.ts`. README updated with RSS link.
 - **Footer links fixed and expanded** (`landing: src/components/global/Footer.astro`): Architecture and Data Privacy now link to in-site guide reader (`/guide/core/architecture/`, `/guide/security/data-privacy/`) instead of GitHub raw files. Added missing pages: Recap Cards, AI Roles, Context, Ecosystem, FAQ.
@ -26,6 +28,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - **Resource Evaluation — obra/Superpowers** (`docs/resource-evaluations/obra-superpowers-evaluation.md`): Score 5/5. Full software development methodology suite (95k+ stars, 7.5k forks, verified via GitHub API). 7 context-aware skills: brainstorm-first spec gate, implementation planning, subagent-driven development with two-stage review, mandatory TDD enforcement, code review, git worktrees, branch lifecycle. Available on official Claude Code plugin marketplace. Integrated in 4 locations: Plugin Ecosystem section in `third-party-tools.md` (alongside gstack), obra row upgrade in `ultimate-guide.md` skills.sh table, cross-reference in `tdd-with-claude.md`, cross-reference in `spec-first.md`.
 - **Resource Evaluation — ManoMano "Project Aegis"** (`docs/resource-evaluations/2026-03-19-manomano-project-aegis-serena.md`): Score 3/5. ManoMano engineering team benchmarked AI coding agents internally and identified Serena MCP as a must-have for large codebase navigation. Serena (oraios/serena) uses LSP for deterministic symbol-level navigation (find_symbol, get_symbols_overview, session memory) — distinct from GrepAI's embedding approach. Guide already covers Serena extensively (8+ files, `ultimate-guide.md:10527`, `search-tools-mastery.md`). Specific gap confirmed: no Serena entry in `mcp-servers-ecosystem.md` (only GrepAI listed under Code Search), creating a discoverability inconsistency. Recommended action: add formal Serena entry to ecosystem file with cross-link to search-tools-mastery.md.
 ## [3.37.1] - 2026-03-18
 - **Threat database updated to v2.8.0** (`examples/commands/resources/threat-db.yaml`): 7 new entries covering March 2026 threats. **New campaigns**: GhostClaw (malicious npm `@openclaw-ai/openclawai`, GhostLoader RAT with SOCKS5 proxy + clipboard monitor, 178 downloads) and Fake OpenClaw Installer (Stealth Packer + GhostSocks via malicious GitHub repos indexed by Bing AI). **New malicious packages**: `@openclaw-ai/openclawai` and `ambar-src` (~50K downloads, evasion techniques). **New CVE**: CVE-2026-24910 (Bun runtime v<1.3.5, lifecycle scripts bypass origin validation). **New attack techniques**: T017 Shadow MCP (employees deploying unvetted MCP servers without IT oversight) and T018 AI Search Result Poisoning (AI-generated search results recommending malicious repos). **New scanning tools**: Jozu Agent Guard (zero-trust AI runtime, non-bypassable policies, 2026-03-17) and MCP Sentinel (RSAC 2026, request/arg scanning for sensitive data). `minimum_safe_versions` updated with `bun: 1.3.5`.
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@
 <p align="center">
  <a href="https://github.com/FlorianBruniaux/claude-code-ultimate-guide/stargazers"><img src="https://img.shields.io/github/stars/FlorianBruniaux/claude-code-ultimate-guide?style=for-the-badge" alt="Stars"/></a>
-  <a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Mar_18,_2026_·_v3.37.1-brightgreen?style=for-the-badge" alt="Last Update"/></a>
+  <a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Mar_19,_2026_·_v3.37.2-brightgreen?style=for-the-badge" alt="Last Update"/></a>
  <a href="./quiz/"><img src="https://img.shields.io/badge/Quiz-271_questions-orange?style=for-the-badge" alt="Quiz"/></a>
  <a href="./examples/"><img src="https://img.shields.io/badge/Templates-217-green?style=for-the-badge" alt="Templates"/></a>
  <a href="./guide/security/security-hardening.md"><img src="https://img.shields.io/badge/🛡️_Threat_DB-15_vulnerabilities_·_655_malicious_skills-red?style=for-the-badge" alt="Threat Database"/></a>
@ -875,7 +875,7 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.
 ---
-*Version 3.37.1 | Updated daily · Mar 18, 2026 | Crafted with Claude*
+*Version 3.37.2 | Updated daily · Mar 19, 2026 | Crafted with Claude*
 <!-- SEO Keywords -->
 <!-- claude code, claude code tutorial, anthropic cli, ai coding assistant, claude code mcp,
--- a/2
+++ b/2
@ -1 +1 @@
-3.37.1
+3.37.2
--- a/docs/resource-evaluations/082-multi-session-management-landscape.md
+++ b/docs/resource-evaluations/082-multi-session-management-landscape.md
@ -0,0 +1,145 @@
 # Resource Evaluation: Multi-Session Claude Code Management — Landscape Overview
 **Date**: 2026-03-19
 **Evaluator**: Claude (research session + structured synthesis)
 **Status**: Reference — Integrate into guide (ecosystem / third-party tools section)
 ---
 ## Summary
 This evaluation covers the full landscape of tools for managing multiple Claude Code sessions across multiple projects simultaneously. The research identified 13 tools across 4 categories: monitoring dashboards, remote/browser access, multi-project orchestrators, and sound/notification systems.
 No single tool covers all use cases. The space is fragmented, actively evolving (most repos < 6 months old), and missing one obvious feature: per-project audio differentiation.
 ---
 ## Score: 4/5 (as a category)
 | Score | Meaning |
 |-------|---------|
 | 5 | Essential — Major gap |
 | **4** | **High value — Significant improvement** |
 | 3 | Pertinent — Useful complement |
 | 2 | Marginal — Secondary info |
 | 1 | Out of scope |
 **Justification**: Multi-agent, multi-project workflows are increasingly common. The guide covers individual session hooks and notifications but has no consolidated view of the tooling available for running 3-10 parallel Claude Code sessions. vibetunnel (4 276 stars) and multi-agent-shogun (1 082 stars) signal strong community demand. Integration would fill a documented gap.
 ---
 ## Tool Landscape
 ### Category 1 — Monitoring Dashboards
 | Tool | GitHub | Stars | Stack | Key Features |
 |------|--------|-------|-------|-------------|
 | **claude-code-monitor (ccm)** | [onikan27/claude-code-monitor](https://github.com/onikan27/claude-code-monitor) | ⭐ 212 | TypeScript / Node | TUI vim-style (j/k, 1-9), session switching via AppleScript, mobile WebUI + QR code pairing, WebSocket real-time |
 | **claude-code-dashboard** | [Stargx/claude-code-dashboard](https://github.com/Stargx/claude-code-dashboard) | ⭐ 5 | Node + Express + React | Auto-detects all sessions, token/cost per session, context progress bars, git branch, permission mode badges |
 | **sniffly** | [chiphuyen/sniffly](https://github.com/chiphuyen/sniffly) | ⭐ 1 170 | Python | Analytics-first: usage patterns, error breakdown, shareable dashboard. Post-hoc, not real-time |
 | **ClaudeCode-Dashboard** | [Quriov/ClaudeCode-Dashboard](https://github.com/Quriov/ClaudeCode-Dashboard) | ⭐ 0 | Next.js 16 + ReactFlow | Config topology viewer (hooks, agents, MCP, skills), not session monitoring |
 **Best pick**: `ccm` for real-time monitoring on macOS (easiest setup: `npx claude-code-monitor`). `sniffly` for post-session analytics on any platform.
 ---
 ### Category 2 — Remote / Browser Access
 | Tool | GitHub | Stars | Stack | Key Features |
 |------|--------|-------|-------|-------------|
 | **vibetunnel** | [amantus-ai/vibetunnel](https://github.com/amantus-ai/vibetunnel) | ⭐ 4 276 | TypeScript + Swift | Wraps any terminal in browser tabs, multiple sessions, Git Follow Mode, VibeTunnelTalk voice narration |
 | **cc-hub** | [m0a/cc-hub](https://github.com/m0a/cc-hub) | ⭐ 1 | Go + tmux + Tailscale | Split panes + session color themes, file diff tracking (Claude edits vs git), mobile optimized, dashboard with cost stats |
 **Best pick**: `vibetunnel` for broad use (4 276 stars, very active). `cc-hub` if you need session color differentiation + file diffs per project (requires Tailscale).
 ---
 ### Category 3 — Multi-Project Orchestrators
 | Tool | GitHub | Stars | Stack | Key Features |
 |------|--------|-------|-------|-------------|
 | **claudio** | [Iron-Ham/claudio](https://github.com/Iron-Ham/claudio) | ⭐ 22 | Go + tmux | Isolated git worktrees, TUI dashboard, 14 color themes, task chaining (`--depends-on`), planning modes: UltraPlan / TripleShot / Adversarial Review, PR automation, cost limits |
 | **multi-agent-shogun** | [yohey-w/multi-agent-shogun](https://github.com/yohey-w/multi-agent-shogun) | ⭐ 1 082 | Shell + tmux | Shogun/Karo/Ashigaru hierarchy, 7 workers + 1 strategist, multi-CLI (Claude, Codex, Copilot, Kimi), zero API coordination cost |
 | **zenportal** | [kgang/zenportal](https://github.com/kgang/zenportal) | ⭐ 1 | Python/Textual | Multi-CLI support, git worktrees per session, 3-tier config, session persistence via tmux |
 | **praktor** | [mtzanidakis/praktor](https://github.com/mtzanidakis/praktor) | ⭐ 17 | Go + Docker Compose | Telegram I/O (chat from phone), 1 Docker container per agent, cron tasks, swarms, AES-256-GCM secrets vault |
 **Best pick**: `claudio` for serious multi-project orchestration (isolated worktrees + color themes + advanced planning). `multi-agent-shogun` for high-parallelism fan-out patterns with tmux visibility.
 ---
 ### Category 4 — Sound / Notification Systems
 | Tool | GitHub | Stars | Stack | Per-Project Sound |
 |------|--------|-------|-------|------------------|
 | **karina-voice-notification** | [t1seo/karina-voice-notification](https://github.com/t1seo/karina-voice-notification) | ⭐ 0 | Python (Qwen3-TTS) | Clone any voice from YouTube → custom `.wav` per project (DIY assembly) |
 | **sound-micro-server** | [arc-co/claude-code-notification-sound-micro-server](https://github.com/arc-co/claude-code-notification-sound-micro-server) | ⭐ 0 | Node.js | Browser-based sound via hook `Stop` + `curl POST`. Single sound for all sessions |
 | **ccnotify** | [Helmi/ccnotify](https://github.com/Helmi/ccnotify) | n/a | Shell | Voice notifications (spoken text) |
 | **claude-session-manager** | [Swarek/claude-session-manager](https://github.com/Swarek/claude-session-manager) | ⭐ 4 | Shell | Colored status line per session, session IDs (`cx` command), live description updates |
 **Gap**: No tool provides per-project audio differentiation out of the box. The cleanest DIY approach: configure `settings.local.json` per project with a different audio file in the `Stop` hook.
 ```json
 // project-a/.claude/settings.local.json
 {
  "hooks": {
    "Stop": [{ "command": "afplay ~/sounds/project-a.wav" }]
  }
 }
 ```
 ---
 ## Capability Matrix
 | Tool | Multi-session visibility | Session switching | Per-project differentiation | Sound | Platform |
 |------|--------------------------|-------------------|-----------------------------|-------|----------|
 | ccm | TUI list | AppleScript focus | Status icons | No | macOS only |
 | claude-code-dashboard | Web dashboard | No | Git branch / badges | No | All |
 | vibetunnel | Browser tabs | Manual tab switch | Terminal titles | No (voice narration optional) | macOS M1+ / Linux |
 | cc-hub | Split panes | Click | Color themes per session | No | macOS/Linux + Tailscale |
 | claudio | TUI per instance | TUI controls | 14 color themes | No | macOS/Linux |
 | multi-agent-shogun | tmux panes | tmux | Pane position | No | macOS/Linux |
 | zenportal | TUI list | TUI controls | Session name | No | macOS/Linux |
 | praktor | Web + Telegram | @agent_name | Docker container | No | Linux/Docker |
 | karina-voice-notification | n/a | n/a | Custom voice per project | YES (DIY) | macOS M1+ / Linux (CUDA) |
 | sound-micro-server | n/a | n/a | No | YES (single sound) | All (browser) |
 | claude-session-manager | Terminal status line | Manual | Color-coded status | No | macOS/Linux |
 ---
 ## Key Findings
 **High adoption signal**: vibetunnel (4 276 stars) and multi-agent-shogun (1 082 stars) are the two breakout tools. Both are actively maintained and solve real problems at scale.
 **Missing feature**: Per-project audio differentiation does not exist as a packaged solution. DIY with `afplay` / `paplay` + `settings.local.json` hooks per project is the only current approach.
 **Ecosystem maturity**: The space is 3-6 months old. Most tools are single-maintainer experiments. `claudio`, `ccm`, and `vibetunnel` have the strongest signals for longevity.
 **Platform gap**: Most orchestrators require tmux and work only on macOS/Linux. No solid Windows option exists.
 ---
 ## Recommendations
 **Action**: Integrate a "Multi-Session Management" section into the guide (third-party tools or workflows section).
 **Priority picks to document**:
 | Use case | Recommended tool |
 |----------|-----------------|
 | Quick multi-session visibility on macOS | ccm (`npx claude-code-monitor`) |
 | Post-session analytics (all platforms) | sniffly (`uvx sniffly@latest init`) |
 | Browser/remote access | vibetunnel |
 | Serious orchestration with isolation | claudio |
 | High-parallelism fan-out | multi-agent-shogun |
 | Per-project audio (DIY) | `settings.local.json` + `afplay` |
 **Watch list**: cc-hub, zenportal, praktor — interesting architectures but < 20 stars each. Re-evaluate at 100+ stars.
 ---
 ## Related Evaluations
 - [078-claude-swarm-monitor.md](078-claude-swarm-monitor.md) — TUI for monitoring agents across worktrees (Rust, Linux)
 - [074-ruflo-multi-agent-orchestration.md](074-ruflo-multi-agent-orchestration.md) — Ruflo orchestration platform
 - [079-fabro-workflow-orchestration.md](079-fabro-workflow-orchestration.md) — Fabro workflow runtime
--- a/docs/resource-evaluations/2026-03-19-manomano-project-aegis-serena.md
+++ b/docs/resource-evaluations/2026-03-19-manomano-project-aegis-serena.md
@ -0,0 +1,138 @@
 # Resource Evaluation: ManoMano "Project Aegis" — Serena MCP Benchmarking
 **Date**: 2026-03-19
 **Evaluator**: Claude Sonnet 4.6
 **Resource URL**: https://medium.com/manomano-tech/project-aegis-benchmarking-ai-agents-and-why-serena-is-our-new-must-have-311673db35dd
 **Resource Type**: Engineering blog post (Medium)
 **Author**: ManoMano Engineering Team
 **Company**: ManoMano (e-commerce, ~1000 devs)
 **Article access**: Medium 403 during evaluation — content reconstructed from Perplexity + Serena GitHub (oraios/serena)
 ---
 ## Executive Summary
 ManoMano's engineering team ran "Project Aegis," an internal benchmark of AI coding agents across their dev stack. Their conclusion: Serena MCP became a must-have tool. The article surfaces real production usage data for Serena, an LSP-based MCP server that provides symbol-level code navigation and session memory. The guide already documents Serena extensively (8+ files, high depth in `ultimate-guide.md` and `search-tools-mastery.md`) but has a specific consistency gap: no entry in `mcp-servers-ecosystem.md`, which lists GrepAI as the only code search/analysis MCP. A reader landing on that page gets an incomplete picture.
 ---
 ## Content Summary
 **What the article covers** (reconstructed — direct fetch failed):
 - Internal benchmark ("Project Aegis") comparing multiple AI coding agents on production tasks
 - Serena MCP identified as the standout tool for large codebase navigation
 - Rationale: LSP-based symbol navigation (vs embedding/vector search like GrepAI) provides precise, low-latency, deterministic results
 - Token efficiency: Serena provides targeted context (symbol + callers/references) rather than full-file reads
 - Conclusion: Serena is now part of ManoMano's standard AI dev setup
 **What Serena does** (verified via GitHub oraios/serena + Perplexity):
 - Uses Language Server Protocol (LSP) for semantic code understanding — actual compiler-level symbol resolution, not embeddings
 - 30+ languages supported natively (Python, TypeScript/JS, PHP, Go, Rust, C/C++, Java out of box)
 - Core tools: `find_symbol`, `find_referencing_symbols`, `get_symbols_overview`, `replace_symbol_body`
 - Session memory: `write_memory` / `read_memory` / `list_memories` stored in `.serena/memories/`
 - Behavioral modes: planning, editing, interactive, one-shot — contexts: desktop-app, agent, ide-assistant
 - Free, open-source (GitHub: oraios/serena), runs locally via `uvx`
 - Integrates with Claude Code, Claude Desktop, VSCode, Cursor, Cline
 **Key distinction vs GrepAI**:
 | Aspect | Serena | GrepAI |
 |--------|--------|--------|
 | Approach | LSP (compiler-level symbols) | Embeddings (Ollama vector search) |
 | Latency | ~100ms | ~500ms |
 | Use case | Known symbol navigation, refactoring | Intent-based discovery, unfamiliar code |
 | Setup | Language server per language | Ollama + nomic-embed-text |
 | Memory | Built-in session memory | None |
 | Accuracy | Deterministic (exact symbols) | Probabilistic (similarity score) |
 ---
 ## Gap Analysis vs. Guide
 | Area | ManoMano article / Serena | Guide coverage |
 |------|--------------------------|----------------|
 | Serena — dedicated section | ✅ Endorses as must-have | ✅ `ultimate-guide.md:10527`, `search-tools-mastery.md` |
 | Serena session memory | ✅ Implicit (persistent workflow) | ✅ `ultimate-guide.md:1797-1843`, cheatsheet |
 | Serena — ecosystem entry | ✅ Would fit under Code Search | ❌ **Not in `mcp-servers-ecosystem.md`** |
 | Serena vs GrepAI comparison | ✅ Context from benchmarking | ✅ `search-tools-mastery.md` comparison table |
 | Production benchmarking methodology | ✅ Real team, real codebase | ❌ Guide has no multi-agent benchmark section |
 | LSP setup friction (polyglot codebases) | ⚠️ Not addressed in article | ⚠️ Understated in guide |
 **Real gap**: `mcp-servers-ecosystem.md` lists GrepAI as the only entry under "Code Search & Analysis." A reader arriving via that page has no path to Serena. The rest of the guide recommends both tools as complementary, creating a discoverability inconsistency.
 ---
 ## Relevance Score: 3/5
 ### Why 3/5 (Pertinent — Integrate when time available)?
 **✅ Strengths**:
 1. **Production validation**: ManoMano is a real e-commerce company running this at scale, not a tutorial author
 2. **Corroborates existing guide position**: The guide already recommends Serena — this adds external credibility
 3. **Benchmarking angle**: Real-world comparison between agents is an angle the guide does not cover
 4. **Signals the discoverability gap**: The fact that a production team writes "why Serena is our must-have" suggests readers aren't finding it easily — consistent with the mcp-servers-ecosystem.md gap
 **⚠️ Weaknesses**:
 1. **Single-team case study**: One engineering team's benchmark, methodology not published
 2. **"Must-have" is marketing language**: No reproducible metrics, no controlled comparison
 3. **Article inaccessible**: Medium 403 — content could not be directly verified during evaluation
 4. **Narrow gap**: The guide already covers Serena well; the fix is a targeted addition to one file, not a major integration
 ---
 ## Recommendations
 **Primary action** (independent of this article — fix the consistency gap):
 Add a formal Serena entry to `guide/ecosystem/mcp-servers-ecosystem.md` under "Code Search & Analysis," after the GrepAI entry. Include:
 - Repository, license, status
 - LSP vs embedding distinction (why it complements GrepAI)
 - Key tools: `find_symbol`, `get_symbols_overview`, `write_memory`
 - Setup (uvx install, `--project-root` arg)
 - Cross-link to `guide/workflows/search-tools-mastery.md`
 **Secondary action** (optional, using this article as source):
 Mention ManoMano's production benchmarking as a real-world reference within the Serena entry or the search-tools-mastery workflow. Frame it as: "Production teams choosing Serena for large codebase work consistently cite the LSP approach's precision over embedding-based alternatives."
 **Priority**: Medium — the ecosystem page inconsistency is the real driver, not the article itself.
 ---
 ## Challenge Notes (technical-writer agent)
 The agent challenge during evaluation raised three valid points:
 1. **Score should separate resource quality from gap severity**: The 4/5 initially assigned conflated "how important is Serena" with "how good is this article." Adjusted to 3/5 after separating the two.
 2. **LSP setup friction understated**: Serena requires a running language server per language. For polyglot repos, this is non-trivial. Worth flagging in the guide entry.
 3. **Serena session memory overlaps with ICM**: The guide currently does not clearly distinguish Serena's `.serena/memories/` from ICM's cross-session memory. A clarification note would prevent user confusion when both are configured.
 ---
 ## Fact-Check
 | Claim | Verified | Source |
 |-------|----------|--------|
 | Serena uses LSP for symbol navigation | ✅ | github.com/oraios/serena, Perplexity |
 | 30+ languages supported | ✅ | Multiple sources (aiagentslist.com, vibetools.net) |
 | Claude Code integration native | ✅ | Serena README |
 | Free and open-source (MIT) | ✅ | GitHub license |
 | Session memory via `.serena/memories/` | ✅ | Guide documentation + quiz |
 | ManoMano article exists at URL | ✅ | URL valid, 403 on fetch |
 | ManoMano benchmark stats/methodology | ⚠️ | Article inaccessible — not verifiable |
 | "Must-have" as measured outcome | ❌ | Marketing claim, no reproducible metric |
 ---
 ## Decision
 - **Score**: 3/5
 - **Action**: Integrate — add Serena entry to `mcp-servers-ecosystem.md` (fix the consistency gap). Optionally cite ManoMano as production reference within that entry.
 - **Confidence**: High on the gap diagnosis; Medium on the article content (inaccessible)
 - **Urgency**: Low-Medium — the guide works without it, but the discoverability gap is real
--- a/docs/resource-evaluations/ischenko-claude-code-workflow-quality.md
+++ b/docs/resource-evaluations/ischenko-claude-code-workflow-quality.md
@ -0,0 +1,76 @@
 # Resource Evaluation: "You're probably using Claude Code wrong" - Alex Ischenko
 ## Metadata
 | Field | Value |
 |-------|-------|
 | **Author** | Alex Ischenko |
 | **Role** | AI-Driven CTO, Top 100 Leaders @ CTO Craft |
 | **Published** | 2026-03-19 |
 | **Type** | LinkedIn Pulse article |
 | **URL** | https://www.linkedin.com/pulse/youre-probably-using-claude-code-wrong-i-too-until-shift-ischenko-bwdkf/ |
 | **Evaluated** | 2026-03-19 |
 | **Score** | 2/5 (Marginal) |
 | **Decision** | Do not integrate |
 ## Summary
 LinkedIn article arguing that Claude Code quality is an engineering system question, not a model question. Proposes 7 workflow patterns for improving output quality, each with a full copy-paste prompt template:
 1. **Reality checks before implementation** - verify codebase assumptions before coding
 2. **Separate author/reviewer** - two-role pattern within same session
 3. **Project-aware reviews** - review with project context, not just diff
 4. **Requirements as mandatory artifact** - REQUIREMENTS.md before code
 5. **TDD workflow** - anchor behavior with tests first
 6. **Small task sizes** - reduce scope for better AI output
 7. **Human abstraction elevation** - move engineers to architecture/trade-off level
 Claims "20-30% quality improvement" from these workflow changes.
 ## Scoring Rationale
 ### Overlap with Guide (75-85%)
 | Pattern | Guide Coverage | Location |
 |---|---|---|
 | Reality checks | Partial | `exploration-workflow.md`, Plan Mode (L3717) |
 | Author/reviewer | Moderate | SE-CoVe (L13095), Scope-Focused Agents (L4410) |
 | Project-aware reviews | Partial | `code-review.md` (CLAUDE.md + REVIEW.md) |
 | Requirements artifact | Partial | `spec-first.md` (full workflow) |
 | TDD | Strong | `tdd-with-claude.md`, L19183-19320, skill template L7336 |
 | Small tasks | Scattered | `spec-first.md` L62-93, L1529, L1733 |
 | Human elevation | Thin | L17458, L15725, L3216 |
 ### What's Unique
 The 7 copy-paste prompt templates are the only non-redundant element. These are practical formatting convenience but not structural insight. The guide's existing workflow files and skill templates serve the same purpose.
 ### Credibility Assessment
 - No GitHub repo, no production artifact, no tooling behind the article
 - "20-30% quality improvement" has no methodology, no baseline, no control group
 - Compare to higher-scored resources: Cullen (shipped working slash command, 5/5), Chabaud (clonable repo, 3/5), Rusitschka (repo with working code, 4/5)
 ### Accumulation Risk
 The guide already integrates Chabaud, Rusitschka, Cullen, and paddo.dev team tips covering adjacent workflow territory. Adding Ischenko without new substance dilutes the signal-to-noise ratio.
 ## Identified Gaps (for future work, not from this resource)
 Two gaps surfaced during analysis that the guide could address independently:
 1. **Multi-model review pattern** (near zero coverage): deliberately using different models to review each other's work. Ischenko mentions it briefly but provides no template.
 2. **Consolidated task sizing section**: currently scattered across multiple files with no single reference point.
 ## Fact-Check
 | Claim | Status | Notes |
 |---|---|---|
 | Author credentials | Unverifiable | CTO Craft exists, "Top 100" not independently verifiable |
 | "20-30% quality improvement" | Unfalsifiable | No methodology described |
 | Tool landscape (Claude Code, Cursor, etc.) | Verified | All exist as active tools |
 | LLM behavioral patterns (overconfidence, compound errors) | Verified | Well-documented in literature |
 ## Decision
 **Do not integrate.** Solid engineering advice but the guide already covers these patterns through better-sourced, more detailed, and more production-grounded resources. The prompt templates could theoretically be extracted as addenda to existing workflow files, but this is low priority.
--- a/examples/claude-md/learning-mode.md
+++ b/examples/claude-md/learning-mode.md
@ -155,6 +155,7 @@ Pair this CLAUDE.md with the learning-capture hook to automatically log insights
 {
  "hooks": {
    "Stop": [{
      "matcher": "",
      "hooks": [{
        "type": "command",
        "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/bash/learning-capture.sh"
--- a/examples/config/settings.json
+++ b/examples/config/settings.json
@ -3,13 +3,23 @@
    "PreToolUse": [
      {
        "matcher": "Bash",
-        "command": ".claude/hooks/security-check.sh"
+        "hooks": [
          {
            "type": "command",
            "command": ".claude/hooks/security-check.sh"
          }
        ]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
-        "command": ".claude/hooks/auto-format.sh"
+        "hooks": [
          {
            "type": "command",
            "command": ".claude/hooks/auto-format.sh"
          }
        ]
      }
    ]
  }
--- a/guide/cheatsheet.md
+++ b/guide/cheatsheet.md
@ -12,7 +12,7 @@ tags: [cheatsheet, reference]
 **Written with**: Claude (Anthropic)
-**Version**: 3.37.1 | **Last Updated**: March 2026
+**Version**: 3.37.2 | **Last Updated**: March 2026
 ---
@ -639,4 +639,4 @@ Speed: `rg` (~20ms) → Serena (~100ms) → ast-grep (~200ms) → grepai (~500ms
 **Author**: Florian BRUNIAUX | [@Méthode Aristote](https://methode-aristote.fr) | Written with Claude
-*Last updated: March 2026 | Version 3.37.1*
+*Last updated: March 2026 | Version 3.37.2*
--- a/guide/ultimate-guide.md
+++ b/guide/ultimate-guide.md
@ -16,7 +16,7 @@ tags: [guide, reference, workflows, agents, hooks, mcp, security]
 **Last updated**: January 2026
-**Version**: 3.37.1
+**Version**: 3.37.2
 ---
@ -1528,6 +1528,19 @@ VERIFY: Login persists after browser refresh
 **Fix**: One focused task per session. `/clear` between different tasks.
 **How to size a task for Claude Code:**
 | Signal | Too big | Right size | Too small |
 |--------|---------|------------|-----------|
 | Description | Uses "AND" between behaviors | One vertical slice, one user behavior | A single line change you could do faster manually |
 | Session | Runs out of context or drifts | Completes within one session | Takes 30 seconds |
 | Review | Reviewer can't hold the full diff in mind | Diff is reviewable in one pass | Not worth a review |
 | Rollback | Reverting breaks other things | `git revert` cleanly undoes everything | N/A |
 **Splitting heuristic**: if your task description requires "and" between two user-facing behaviors, split it. "Users can reset passwords" is one task. "Users can reset passwords AND admins can force-expire sessions" is two.
 > **Deep dive**: [Spec-First Workflow — Task Granularity](./workflows/spec-first.md#task-granularity-sizing-work-for-agents) covers the vertical slice pattern, PRD quality checklist, and concrete before/after examples.
 ### 8. ❌ Treating Claude Code Like a Chatbot
 **Mistake**: Typing ad-hoc instructions every session. Repeating project conventions, re-explaining architecture, manually enforcing quality checks.
@ -5166,7 +5179,7 @@ The `.claude/` folder is your project's Claude Code directory for memory, settin
 | Personal preferences | `CLAUDE.md` | ❌ Gitignore |
 | Personal permissions | `settings.local.json` | ❌ Gitignore |
-### 3.37.1 Version Control & Backup
+### 3.37.2 Version Control & Backup
 **Problem**: Without version control, losing your Claude Code configuration means hours of manual reconfiguration across agents, skills, hooks, and MCP servers.
@ -13136,6 +13149,87 @@ These tools solve different problems at different stages of the development cycl
 **Complementary workflow**: Run Vitals weekly to identify which areas of the codebase need attention, then use SE-CoVe when asking Claude to refactor or fix those hotspot files.
 #### Lightweight Role-Switch Review
 Not every change warrants SE-CoVe's 5-stage pipeline. For everyday review within a single session, you can prompt Claude to switch from author to reviewer explicitly:
 ```markdown
 You just wrote the implementation above. Now forget you wrote it.
 Review it as a senior engineer who did not author this code.
 Check: requirement fidelity, edge cases, error handling, backward
 compatibility, security, performance. For each issue found, cite
 the file and line, explain the problem, and propose a concrete fix.
 Verdict: APPROVE, REQUEST CHANGES, or REJECT.
 ```
 This works because the explicit instruction to "forget you wrote it" forces Claude to re-evaluate rather than defend prior decisions. It catches surface-level issues (missing null checks, inconsistent error handling, naming drift) but shares the same reasoning path as the author, so subtle architectural flaws may survive.
 **When to use what:**
 | Approach | Cost | Catches | Best for |
 |----------|------|---------|----------|
 | Role-switch (same session) | 1x | Surface issues, naming, obvious bugs | Daily development, quick fixes |
 | SE-CoVe (plugin) | ~2x | Reasoning-path blind spots, subtle logic errors | Security-sensitive code, architecture |
 | Cross-model review (see below) | 1x-2x | Different reasoning patterns, fresh perspective | Critical paths, pre-merge gates |
 | Scope-focused agents | 2-5x | Domain-specific issues in parallel | Large PRs, multi-concern review |
 #### Cross-Model Review
 A single model reviewing its own code follows the same reasoning patterns that produced the code. Using a different model for review introduces genuinely independent analysis.
 **The pattern**: generate with one model, review with another.
 ```bash
 # Implement with Opus (deep reasoning)
 claude --model opus
 # Review the diff with Sonnet (different reasoning path, lower cost)
 claude -p "Review the changes in the last commit. Check for logic errors, \
  edge cases, backward compatibility, and security issues. \
  Cite file:line for each finding." --model sonnet
 # Quick sanity check with Haiku (fast, cheap, catches obvious issues)
 claude -p "List any bugs, missing error handling, or security issues \
  in the last commit." --model haiku
 ```
 **With custom agents:**
 ```yaml
 # .claude/agents/cross-model-reviewer.md
 ---
 name: cross-model-reviewer
 model: sonnet  # Different from your working model
 tools: Read, Grep, Glob
 ---
 You are reviewing code you did not write. Your job is to find problems.
 Read the files listed below, then check:
 1. Logic errors and edge cases
 2. Error handling completeness
 3. Backward compatibility risks
 4. Security issues (injection, auth gaps, data leaks)
 5. Performance concerns (O(n²), unbounded queries)
 For each finding: severity (critical/high/medium), file:line, problem, fix.
 If no issues found, say so explicitly.
 ```
 **Why different models catch different bugs**: each model has distinct reasoning biases, training distributions, and failure modes. A bug that sits in one model's blind spot may be obvious to another. This is the same principle behind diverse code review teams in traditional engineering.
 **Cost-effective patterns:**
 | Generation Model | Review Model | Cost Multiplier | When |
 |-----------------|-------------|-----------------|------|
 | Opus | Sonnet | ~1.3x | Default for critical code |
 | Sonnet | Haiku | ~1.05x | High-volume, pre-commit gate |
 | Sonnet | Opus | ~2x | Architecture, security-critical |
 | Any | Same model, fresh session | ~1.5x | Context isolation without model switch |
 The fresh session variant (same model, new context via `claude -p`) gives you context isolation without changing the model. Less effective than a true model switch but still better than reviewing in the same session where the code was written.
 ---
 ## 8.6 MCP Security
@ -23482,4 +23576,4 @@ We'll evaluate and add it to this section if it meets quality criteria.
 **Contributions**: Issues and PRs welcome.
-**Last updated**: January 2026 | **Version**: 3.37.1
+**Last updated**: January 2026 | **Version**: 3.37.2
--- a/machine-readable/reference.yaml
+++ b/machine-readable/reference.yaml
@ -3,7 +3,7 @@
 # Source: guide/ultimate-guide.md
 # Purpose: Condensed index for LLMs to quickly answer user questions about Claude Code
-version: "3.37.1"
+version: "3.37.2"
 updated: "2026-03-17"
 # ════════════════════════════════════════════════════════════════
@ -1581,7 +1581,7 @@ ecosystem:
      - "Cross-links modified → Update all 4 repos"
    history:
      - date: "2026-01-20"
-        event: "Code Landing sync v3.37.1, 66 templates, cross-links"
+        event: "Code Landing sync v3.37.2, 66 templates, cross-links"
        commit: "5b5ce62"
      - date: "2026-01-20"
        event: "Cowork Landing fix (paths, README, UI badges)"
@ -1593,7 +1593,7 @@ ecosystem:
 onboarding_matrix_meta:
  version: "2.1.0"
  last_updated: "2026-03-09"
-  aligned_with_guide: "3.37.1"
+  aligned_with_guide: "3.37.2"
  changelog:
    - version: "2.1.0"
      date: "2026-03-09"
@ -1624,7 +1624,7 @@ onboarding_matrix:
      core: [rules, sandbox_native_guide, commands]
      time_budget: "5 min"
      topics_max: 3
-      note: "SECURITY FIRST - sandbox before commands (v3.37.1 critical fix)"
+      note: "SECURITY FIRST - sandbox before commands (v3.37.2 critical fix)"
    beginner_15min:
      core: [rules, sandbox_native_guide, workflow, essential_commands]
@ -1713,7 +1713,7 @@ onboarding_matrix:
        - default: agent_validation_checklist
      time_budget: "60 min"
      topics_max: 6
-      note: "Dual-instance pattern for quality workflows (v3.37.1)"
+      note: "Dual-instance pattern for quality workflows (v3.37.2)"
  learn_security:
    intermediate_30min:
@ -1724,7 +1724,7 @@ onboarding_matrix:
        - default: permission_modes
      time_budget: "30 min"
      topics_max: 4
-      note: "NEW goal (v3.37.1) - Security-focused learning path"
+      note: "NEW goal (v3.37.2) - Security-focused learning path"
    power_60min:
      core: [sandbox_native_guide, mcp_secrets_management, security_hardening]
@ -1749,7 +1749,7 @@ onboarding_matrix:
      core: [rules, sandbox_native_guide, workflow, essential_commands, context_management, plan_mode]
      time_budget: "60 min"
      topics_max: 6
-      note: "Security foundation + core workflow (v3.37.1 sandbox added)"
+      note: "Security foundation + core workflow (v3.37.2 sandbox added)"
    intermediate_120min:
      core: [plan_mode, agents, skills, config_hierarchy, git_mcp_guide, hooks, mcp_servers]