From 55a9fa34cf4cdd6cd765f01bd632100ccc553cea Mon Sep 17 00:00:00 2001
From: Florian BRUNIAUX <florian@bruniaux.com>
Date: Thu, 15 Jan 2026 07:18:56 +0100
Subject: [PATCH] docs: add missing security-hardening.md to navigation

- README.md: add to Core Documentation, Not Sure Where to Start?, Power User path
- guide/README.md: add to Contents table
- CHANGELOG.md: update Unreleased section

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 CHANGELOG.md    |  9 ++++++---
 README.md       | 11 +++++++----
 guide/README.md |  1 +
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17e3148..35c9c11 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,13 +12,16 @@ Documentation alignment and navigation improvements.
 
 #### README.md Updates
 - **Repository Structure**: Added guide/workflows/, examples/modes/, examples/config/, examples/memory/
-- **Core Documentation**: Added 4 entries (methodologies.md, workflows/, data-privacy.md, observability.md)
+- **Core Documentation**: Added 5 entries (methodologies.md, workflows/, data-privacy.md, security-hardening.md, observability.md)
 - **Slash Commands**: Added 4 commands (generate-tests, review-pr, git-worktree, validate-changes)
 - **Security Hooks**: Added 2 hooks + link to complete catalog
-- **🧭 Not Sure Where to Start?**: Added 5 navigation entries (Workflows, Methodologies, Architecture, Data Privacy, Observability)
-- **By Role Paths**: Enhanced all 4 paths with new resources
+- **🧭 Not Sure Where to Start?**: Added 6 navigation entries (Workflows, Methodologies, Architecture, Data Privacy, Security Hardening, Observability)
+- **By Role Paths**: Enhanced all 4 paths with new resources (Power User +1: Security Hardening)
 - **SEO Keywords**: Added 9 keywords (tdd ai, sdd, bdd, methodologies, architecture, workflows, data privacy, ai coding workflows)
 
+#### guide/README.md Updates
+- Added security-hardening.md to Contents table
+
 ---
 
 ## [3.5.0] - 2026-01-14
diff --git a/README.md b/README.md
index 5782412..10570bd 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,7 @@
 | Need a dev methodology reference | [Methodologies](./guide/methodologies.md) | Reference |
 | Want to understand internals | [Architecture](./guide/architecture.md) | Deep dive |
 | Need data privacy guidance | [Data Privacy](./guide/data-privacy.md) | Quick read |
+| Need security hardening | [Security Hardening](./guide/security-hardening.md) | Essential |
 | Want to track costs & sessions | [Observability](./guide/observability.md) | Monitoring |
 | Choosing turnkey vs. autonomous approach | [Adoption Guide](./guide/adoption-approaches.md) | Quick read |
 | Want to check your current setup | [Audit Your Setup](#-audit-your-setup) | Quick scan |
@@ -282,10 +283,11 @@ Weak Areas (< 75%):
 
 1. [Complete Guide](./guide/ultimate-guide.md) — End-to-end
 2. [Architecture](./guide/architecture.md) — How Claude Code works
-3. [MCP Servers](./guide/ultimate-guide.md#8-mcp-servers) — Extended capabilities
-4. [Trinity Pattern](./guide/ultimate-guide.md#91-the-trinity) — Advanced workflows
-5. [Observability](./guide/observability.md) — Monitor costs & sessions
-6. [Examples](./examples/) — Production templates
+3. [Security Hardening](./guide/security-hardening.md) — MCP vetting, injection defense
+4. [MCP Servers](./guide/ultimate-guide.md#8-mcp-servers) — Extended capabilities
+5. [Trinity Pattern](./guide/ultimate-guide.md#91-the-trinity) — Advanced workflows
+6. [Observability](./guide/observability.md) — Monitor costs & sessions
+7. [Examples](./examples/) — Production templates
 
 </td>
 <td width="50%">
@@ -316,6 +318,7 @@ Weak Areas (< 75%):
 | **[Methodologies](./guide/methodologies.md)** | 15 development methodologies reference | ~20 minutes |
 | **[Workflows](./guide/workflows/)** | Practical guides (TDD, SDD, Plan-Driven) | ~30 minutes |
 | **[Data Privacy](./guide/data-privacy.md)** | Data retention and privacy guide | ~10 minutes |
+| **[Security Hardening](./guide/security-hardening.md)** | MCP vetting, injection defense, CVEs | ~25 minutes |
 | **[Observability](./guide/observability.md)** | Session monitoring and cost tracking | ~15 minutes |
 | **[LLM Reference](./machine-readable/reference.yaml)** | Machine-optimized index (~2K tokens) | For Claude/AI assistants |
 | **[Setup Audit](./tools/audit-prompt.md)** | Optimize your configuration | ~10 minutes |
diff --git a/guide/README.md b/guide/README.md
index ba701c1..b262f55 100644
--- a/guide/README.md
+++ b/guide/README.md
@@ -13,6 +13,7 @@ Core documentation for mastering Claude Code.
 | [data-privacy.md](./data-privacy.md) | Data retention and privacy guide | 10 min |
 | [observability.md](./observability.md) | Session monitoring and cost tracking | 15 min |
 | [methodologies.md](./methodologies.md) | 15 development methodologies reference (TDD, SDD, BDD, etc.) | 20 min |
+| [security-hardening.md](./security-hardening.md) | Security threats, MCP vetting, injection defense | 25 min |
 | [workflows/](./workflows/) | Practical workflow guides for Claude Code | 30 min |
 
 ### Workflows