docs: factual audit + reference sync — 260 findings corrected

Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

examples/hooks/bash/learning-capture.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Hook: Stop - Capture one learning insight at session end
-# Event: Stop (when user ends session or interrupts)
+# Event: Stop (when Claude finishes responding)
 # Purpose: Build a learning journal with minimal friction
 #
 # Exit codes:

examples/hooks/bash/mcp-config-integrity.sh

@@ -6,7 +6,7 @@
 # Purpose: Verify MCP configuration has not been tampered with
 #
 # This hook addresses CVE-2025-54135 and CVE-2025-54136 by:
-#   - Computing hash of ~/.claude/mcp.json
+#   - Computing hash of ~/.claude.json (MCP config location)
 #   - Comparing against stored baseline
 #   - Alerting on unauthorized modifications
 #   - Checking project-level .mcp.json for suspicious content
@@ -22,7 +22,7 @@
 #   }
 #
 # Initial setup (run once to create baseline):
-#   sha256sum ~/.claude/mcp.json > ~/.claude/.mcp-baseline.sha256
+#   sha256sum ~/.claude.json > ~/.claude/.mcp-baseline.sha256
 #
 # Exit codes:
 #   0 = allow (config unchanged or no baseline)
@@ -36,7 +36,7 @@
 set -euo pipefail
 
 # Configuration paths
-MCP_CONFIG="${HOME}/.claude/mcp.json"
+MCP_CONFIG="${HOME}/.claude.json"
 MCP_BASELINE="${HOME}/.claude/.mcp-baseline.sha256"
 PROJECT_MCP=".mcp.json"
 
@@ -51,11 +51,11 @@ if [[ -f "$MCP_CONFIG" ]]; then
         BASELINE_HASH=$(awk '{print $1}' "$MCP_BASELINE" 2>/dev/null || echo "")
 
         if [[ -n "$CURRENT_HASH" && -n "$BASELINE_HASH" && "$CURRENT_HASH" != "$BASELINE_HASH" ]]; then
-            WARNINGS+=("MCP config modified since baseline was created. Review ~/.claude/mcp.json for unauthorized changes. Run 'sha256sum ~/.claude/mcp.json > ~/.claude/.mcp-baseline.sha256' to update baseline if changes are legitimate.")
+            WARNINGS+=("MCP config modified since baseline was created. Review ~/.claude.json for unauthorized changes. Run 'sha256sum ~/.claude.json > ~/.claude/.mcp-baseline.sha256' to update baseline if changes are legitimate.")
         fi
     else
         # No baseline - suggest creating one
-        WARNINGS+=("No MCP config baseline found. Consider running: sha256sum ~/.claude/mcp.json > ~/.claude/.mcp-baseline.sha256")
+        WARNINGS+=("No MCP config baseline found. Consider running: sha256sum ~/.claude.json > ~/.claude/.mcp-baseline.sha256")
     fi
 
     # === CHECK FOR SUSPICIOUS MCP SERVERS ===