diff --git a/CHANGELOG.md b/CHANGELOG.md
index 842960d..a4dffaf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,8 +6,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
 
+## [3.27.8] - 2026-02-19
+
 ### Added
 
+- **New GitHub Actions workflow**: `examples/github-actions/claude-code-review.yml` — prompt-based code review pattern
+  - Uses `anthropics/claude-code-action@v1` with OAuth token support (API key as fallback)
+  - Triggers on PR open/sync/ready + `/claude-review` on-demand comment
+  - Scoped `allowed_tools`: read-only (Read, Glob, Grep + GitHub PR inspection/review tools)
+  - Externalized prompt via `prompt_file:` — iterate on criteria without touching workflow YAML
+- **New prompt template**: `examples/github-actions/prompts/code-review.md`
+  - Anti-hallucination protocol: verify before reporting, no invented line numbers
+  - Structured severity tiers: 🔴 MUST FIX / 🟡 SHOULD FIX / 🟢 CAN SKIP
+  - 4-step workflow: gather context → analyze → verify → structured review output
+  - Stack-agnostic with explicit "Stack Context" customization hook
+
 - **Resource evaluation**: SKILLMIND/Boris Cherny workflow practices (score 2/5)
   - LinkedIn post by @stasbel (64K followers) sharing SKILL.md file attributed to Boris Cherny (Claude Code creator)
   - 6 workflow orchestration practices + 6 task management items + 3 core principles
@@ -31,6 +44,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Changed
 
+- `examples/github-actions/README.md`: added entry for prompt-based workflow (⭐ Recommended), updated directory tree
 - `guide/ultimate-guide.md`: Added `tasks/lessons.md` variant to Fresh Context Pattern (Ralph Loop) section
   - Lightweight alternative for interactive sessions: Claude updates lessons.md with behavioral rules after each user correction
   - Reviewed at session start for compounding improvement effect
diff --git a/README.md b/README.md
index 2157d7c..c883611 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,9 @@
 
 <p align="center">
   <a href="https://github.com/FlorianBruniaux/claude-code-ultimate-guide/stargazers"><img src="https://img.shields.io/github/stars/FlorianBruniaux/claude-code-ultimate-guide?style=for-the-badge" alt="Stars"/></a>
-  <a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Feb_18,_2026_·_v3.27.6-brightgreen?style=for-the-badge" alt="Last Update"/></a>
+  <a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Feb_19,_2026_·_v3.27.8-brightgreen?style=for-the-badge" alt="Last Update"/></a>
   <a href="./quiz/"><img src="https://img.shields.io/badge/Quiz-274_questions-orange?style=for-the-badge" alt="Quiz"/></a>
-  <a href="./examples/"><img src="https://img.shields.io/badge/Templates-116-green?style=for-the-badge" alt="Templates"/></a>
+  <a href="./examples/"><img src="https://img.shields.io/badge/Templates-161-green?style=for-the-badge" alt="Templates"/></a>
   <a href="./guide/security-hardening.md"><img src="https://img.shields.io/badge/🛡️_Threat_DB-19_CVEs_·_655_malicious_skills-red?style=for-the-badge" alt="Threat Database"/></a>
 </p>
 
@@ -50,7 +50,7 @@ Both guides serve different needs. Choose based on your priority.
 | **Security hardening** | Only threat database (18 CVEs) | Basic patterns only |
 | **Test understanding** | 274-question quiz | Not available |
 | **Methodologies** (TDD/SDD/BDD) | Full workflow guides | Not covered |
-| **Copy-paste ready** templates | 116 templates | 200+ templates |
+| **Copy-paste ready** templates | 161 templates | 200+ templates |
 
 ### Ecosystem Positioning
 
@@ -136,7 +136,7 @@ graph LR
     root[📦 Repository<br/>Root]
 
     root --> guide[📖 guide/<br/>19K lines]
-    root --> examples[📋 examples/<br/>116 templates]
+    root --> examples[📋 examples/<br/>161 templates]
     root --> quiz[🧠 quiz/<br/>274 questions]
     root --> tools[🔧 tools/<br/>utils]
     root --> machine[🤖 machine-readable/<br/>AI index]
@@ -166,7 +166,7 @@ graph LR
 │  ├─ mcp-servers-ecosystem.md  Official & community MCP servers
 │  └─ workflows/          Step-by-step guides
 │
-├─ 📋 examples/           116 Production Templates
+├─ 📋 examples/           161 Production Templates
 │  ├─ agents/             6 custom AI personas
 │  ├─ commands/           26 slash commands
 │  ├─ hooks/              31 hooks (bash + PowerShell)
@@ -268,7 +268,7 @@ Complete guides with rationale and examples:
 
 ---
 
-### 📚 116 Annotated Templates
+### 📚 161 Annotated Templates
 
 **Outcome**: Learn patterns, not just configs.
 
@@ -657,7 +657,7 @@ Use this guide critically. Experiment. Share what works for you.
 | **[Claude Code Releases](./guide/claude-code-releases.md)** | Official release history | 10 min |
 
 <details>
-<summary><strong>Examples Library</strong> (116 templates)</summary>
+<summary><strong>Examples Library</strong> (161 templates)</summary>
 
 **Agents** (6): [code-reviewer](./examples/agents/code-reviewer.md), [test-writer](./examples/agents/test-writer.md), [security-auditor](./examples/agents/security-auditor.md), [refactoring-specialist](./examples/agents/refactoring-specialist.md), [output-evaluator](./examples/agents/output-evaluator.md), [devops-sre](./examples/agents/devops-sre.md) ⭐
 
@@ -775,7 +775,7 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.
 
 ---
 
-*Version 3.27.6 | Updated daily · Feb 18, 2026 | Crafted with Claude*
+*Version 3.27.8 | Updated daily · Feb 19, 2026 | Crafted with Claude*
 
 <!-- SEO Keywords -->
 <!-- claude code, claude code tutorial, anthropic cli, ai coding assistant, claude code mcp,
diff --git a/VERSION b/VERSION
index 1ecf2a6..f641ba7 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.27.7
+3.27.8
diff --git a/examples/github-actions/README.md b/examples/github-actions/README.md
index 9ae2d4e..2f79d8e 100644
--- a/examples/github-actions/README.md
+++ b/examples/github-actions/README.md
@@ -19,7 +19,44 @@ Ready-to-use GitHub Actions workflows that integrate Claude Code into your CI/CD
 
 ## Available Workflows
 
-### 1. Auto PR Review (`claude-pr-auto-review.yml`)
+### 1. Code Review — Prompt-Based (`claude-code-review.yml`) ⭐ Recommended
+
+**Robust pattern** with externalized prompt, anti-hallucination protocol, and `/claude-review` on-demand trigger.
+
+The review logic lives in `.github/prompts/code-review.md`, so you can iterate on criteria without touching the workflow YAML. The prompt enforces a verification step before every finding — Claude must confirm an issue with `Read`/`Grep` before reporting it.
+
+**Features:**
+- Triggers on PR open/sync/ready **and** `/claude-review` comment
+- Externalized prompt: edit `code-review.md` to tune criteria for your stack
+- Anti-hallucination protocol: no invented line numbers or unverified claims
+- Structured output: `🔴 MUST FIX` / `🟡 SHOULD FIX` / `🟢 CAN SKIP` table + inline comments
+- Read-only `allowed_tools` (no write access to repo)
+- OAuth token support (no API key needed if Claude GitHub App is installed)
+
+**Setup:**
+```bash
+# Copy both files into your repo
+cp examples/github-actions/claude-code-review.yml .github/workflows/
+mkdir -p .github/prompts
+cp examples/github-actions/prompts/code-review.md .github/prompts/
+
+# Add secret: CLAUDE_CODE_OAUTH_TOKEN (or ANTHROPIC_API_KEY)
+# Install Claude GitHub App: https://github.com/apps/claude
+```
+
+**Customization:**
+Edit `.github/prompts/code-review.md` to add your stack conventions:
+```markdown
+## Stack Context
+- TypeScript strict mode, no `any`
+- React Server Components — no `useEffect` for data fetching
+- All DB writes must go through the repository layer
+- New API routes require integration tests
+```
+
+---
+
+### 2. Auto PR Review (`claude-pr-auto-review.yml`)
 
 **Enhanced version** with comprehensive review criteria and smart filtering.
 
@@ -210,9 +247,12 @@ These workflows consume Anthropic API credits:
 ```
 examples/github-actions/
 ├── README.md                        # This file
-├── claude-pr-auto-review.yml        # Auto PR review workflow
+├── claude-code-review.yml           # Prompt-based review (recommended)
+├── claude-pr-auto-review.yml        # Inline prompt auto-review
 ├── claude-security-review.yml       # Security scanning workflow
-└── claude-issue-triage.yml          # Issue triage workflow
+├── claude-issue-triage.yml          # Issue triage workflow
+└── prompts/
+    └── code-review.md               # Externalized review prompt (copy to .github/prompts/)
 ```
 
 ## Resources
diff --git a/examples/github-actions/claude-code-review.yml b/examples/github-actions/claude-code-review.yml
new file mode 100644
index 0000000..22fcc3f
--- /dev/null
+++ b/examples/github-actions/claude-code-review.yml
@@ -0,0 +1,76 @@
+name: Claude Code Review (Prompt-Based)
+
+# Pattern: externalized prompt + anti-hallucination protocol
+# Prompt file: .github/prompts/code-review.md
+# Copy it alongside this workflow: examples/github-actions/prompts/code-review.md
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review]
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
+jobs:
+  claude-review:
+    # Run on PR events (non-draft) OR on /claude-review comment
+    if: |
+      (github.event_name == 'pull_request' && github.event.pull_request.draft == false) ||
+      (github.event_name == 'issue_comment' &&
+       github.event.issue.pull_request != null &&
+       contains(github.event.comment.body, '/claude-review'))
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Claude Code Review
+        uses: anthropics/claude-code-action@v1
+        with:
+          # OAuth token via Claude GitHub App (no API key needed)
+          # Install: https://github.com/apps/claude
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # Or use API key directly:
+          # anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          model: claude-sonnet-4-6
+
+          # Load prompt from external file — edit that file to customize review criteria
+          prompt_file: .github/prompts/code-review.md
+
+          # Read-only tools: Claude can inspect the codebase but cannot modify it
+          allowed_tools: >-
+            Read,
+            Glob,
+            Grep,
+            mcp__github__get_pull_request,
+            mcp__github__get_pull_request_diff,
+            mcp__github__create_pending_pull_request_review,
+            mcp__github__add_comment_to_pending_review,
+            mcp__github__submit_pending_pull_request_review,
+            mcp__github__list_pull_request_files,
+            mcp__github__list_commits
+
+      - name: Handle review failure
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const prNumber = context.payload.pull_request?.number ?? context.payload.issue?.number;
+            if (prNumber) {
+              github.rest.issues.createComment({
+                issue_number: prNumber,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: '⚠️ **Claude review failed** — Check the Actions log for details. A human reviewer should cover this PR.'
+              });
+            }
diff --git a/examples/github-actions/prompts/code-review.md b/examples/github-actions/prompts/code-review.md
new file mode 100644
index 0000000..1a91658
--- /dev/null
+++ b/examples/github-actions/prompts/code-review.md
@@ -0,0 +1,123 @@
+# Code Review Prompt
+
+<!--
+  Stack note: this example uses generic criteria valid for any project.
+  If you target a specific stack (e.g. Next.js 15 / T3 / Rails / Django),
+  add a "Stack Context" section below with your conventions.
+-->
+
+## Anti-Hallucination Protocol
+
+**MANDATORY — read before every action:**
+
+1. **Verify before reporting.** Use `Grep` or `Read` to confirm any issue exists in the actual file before mentioning it.
+2. **Never invent line numbers.** Only reference lines you have read directly from the file.
+3. **Never assume context.** If a file is not in the diff, do not comment on it.
+4. **One claim = one verification.** Each finding must be traceable to a tool call result.
+
+If you cannot verify a finding → do not report it.
+
+---
+
+## Your Mission
+
+You are a senior engineer performing a structured code review on this pull request.
+
+Your goal: surface real issues, ranked by impact, with actionable fixes. Not a style lecture — a review that unblocks merge decisions.
+
+---
+
+## Step 1 — Gather Context
+
+Before reviewing, run these tool calls in parallel:
+
+- `mcp__github__get_pull_request` → PR title, description, author
+- `mcp__github__get_pull_request_diff` → full diff
+- `mcp__github__list_pull_request_files` → list of changed files
+
+For any file that looks non-trivial, use `Read` to see the full implementation context around the changed lines.
+
+---
+
+## Step 2 — Analyze Changes
+
+Review each changed file through these lenses:
+
+### 🔴 MUST FIX — blocks merge
+
+- **Security**: injection (SQL, command, XSS), unvalidated input at system boundaries, exposed secrets, insecure direct object references, missing auth checks
+- **Correctness**: logic errors, off-by-one, null/undefined dereferences, incorrect assumptions about data shape
+- **Data integrity**: missing transactions, partial writes, lost updates under concurrency
+- **Breaking changes**: API incompatibility, removed fields, changed behavior without migration
+
+### 🟡 SHOULD FIX — fix before next release
+
+- **Performance**: N+1 queries, unbounded loops on large datasets, synchronous I/O in hot paths, missing indexes on queried columns
+- **Error handling**: unhandled promise rejections, swallowed exceptions, missing error boundaries
+- **Architecture**: business logic leaking into presentation layer, tight coupling between unrelated modules, violation of existing patterns in the codebase
+
+### 🟢 CAN SKIP — optional improvement
+
+- Code readability: long functions, unclear naming, missing doc comments on public APIs
+- Test coverage: missing edge case tests, weak assertions
+- Minor DRY violations
+
+---
+
+## Step 3 — Verify Each Finding
+
+For every issue you plan to report:
+
+```
+1. Use Read or Grep to confirm the problematic code is in the diff
+2. Note the exact file path and line number
+3. Only then include it in the review
+```
+
+If verification fails → discard the finding.
+
+---
+
+## Step 4 — Write the Review
+
+### Summary Comment (post as PR comment)
+
+```
+## Claude Code Review
+
+**Verdict**: [✅ Approve | 🔄 Request Changes | 💬 Comment]
+**Risk**: [Low | Medium | High]
+
+### 🔴 Must Fix ({n})
+| File | Line | Issue | Fix |
+|------|------|-------|-----|
+| `path/to/file.ts` | 42 | SQL query concatenates user input | Use parameterized query |
+
+### 🟡 Should Fix ({n})
+| File | Line | Issue | Fix |
+|------|------|-------|-----|
+| `path/to/file.ts` | 87 | Missing error handling on async call | Wrap in try/catch |
+
+### 🟢 Can Skip ({n})
+- `path/to/file.ts:12` — Consider extracting this into a helper for reuse
+
+### Strengths
+- [What was done well — be specific]
+```
+
+### Inline Comments (via `add_comment_to_pending_review`)
+
+For 🔴 and 🟡 findings, add inline comments directly on the relevant lines with:
+- What is wrong and why it matters
+- A concrete fix (code snippet when helpful)
+
+Use `create_pending_pull_request_review` first, then add comments, then `submit_pending_pull_request_review`.
+
+---
+
+## Constraints
+
+- **No nitpicking** — if it does not affect correctness, security, or team velocity, skip it
+- **No praise theater** — only mention strengths that are genuinely notable
+- **No invented issues** — verify → report, not report → verify
+- If the PR is clean: say so clearly and approve
diff --git a/guide/cheatsheet.md b/guide/cheatsheet.md
index 7d98121..a0001f4 100644
--- a/guide/cheatsheet.md
+++ b/guide/cheatsheet.md
@@ -12,7 +12,7 @@ tags: [cheatsheet, reference]
 
 **Written with**: Claude (Anthropic)
 
-**Version**: 3.27.6 | **Last Updated**: February 2026
+**Version**: 3.27.8 | **Last Updated**: February 2026
 
 ---
 
@@ -545,4 +545,4 @@ where.exe claude; claude doctor; claude mcp list
 
 **Author**: Florian BRUNIAUX | [@Méthode Aristote](https://methode-aristote.fr) | Written with Claude
 
-*Last updated: February 2026 | Version 3.27.6*
+*Last updated: February 2026 | Version 3.27.8*
diff --git a/guide/ultimate-guide.md b/guide/ultimate-guide.md
index 395627d..8acdf8b 100644
--- a/guide/ultimate-guide.md
+++ b/guide/ultimate-guide.md
@@ -16,7 +16,7 @@ tags: [guide, reference, workflows, agents, hooks, mcp, security]
 
 **Last updated**: January 2026
 
-**Version**: 3.27.6
+**Version**: 3.27.8
 
 ---
 
@@ -4353,7 +4353,7 @@ The `.claude/` folder is your project's Claude Code directory for memory, settin
 | Personal preferences | `CLAUDE.md` | ❌ Gitignore |
 | Personal permissions | `settings.local.json` | ❌ Gitignore |
 
-### 3.27.6 Version Control & Backup
+### 3.27.8 Version Control & Backup
 
 **Problem**: Without version control, losing your Claude Code configuration means hours of manual reconfiguration across agents, skills, hooks, and MCP servers.
 
@@ -19678,4 +19678,4 @@ We'll evaluate and add it to this section if it meets quality criteria.
 
 **Contributions**: Issues and PRs welcome.
 
-**Last updated**: January 2026 | **Version**: 3.27.6
+**Last updated**: January 2026 | **Version**: 3.27.8
diff --git a/machine-readable/reference.yaml b/machine-readable/reference.yaml
index 1f675dc..0c94ad6 100644
--- a/machine-readable/reference.yaml
+++ b/machine-readable/reference.yaml
@@ -3,7 +3,7 @@
 # Source: guide/ultimate-guide.md
 # Purpose: Condensed index for LLMs to quickly answer user questions about Claude Code
 
-version: "3.27.6"
+version: "3.27.8"
 updated: "2026-02-17"
 
 # ════════════════════════════════════════════════════════════════
@@ -196,7 +196,7 @@ deep_dive:
   third_party_toad: "https://github.com/batrachianai/toad"
   third_party_conductor: "https://docs.conductor.build"
   # Configuration Management & Backup (Added 2026-02-02)
-  config_management_guide: "guide/ultimate-guide.md:4085"  # Section 3.27.6
+  config_management_guide: "guide/ultimate-guide.md:4085"  # Section 3.27.8
   config_hierarchy: "guide/ultimate-guide.md:4095"  # Global → Project → Local precedence
   config_git_strategy_project: "guide/ultimate-guide.md:4110"  # What to commit in .claude/
   config_git_strategy_global: "guide/ultimate-guide.md:4133"  # Version control ~/.claude/
@@ -1221,7 +1221,7 @@ ecosystem:
       - "Cross-links modified → Update all 4 repos"
     history:
       - date: "2026-01-20"
-        event: "Code Landing sync v3.27.6, 66 templates, cross-links"
+        event: "Code Landing sync v3.27.8, 66 templates, cross-links"
         commit: "5b5ce62"
       - date: "2026-01-20"
         event: "Cowork Landing fix (paths, README, UI badges)"
@@ -1233,7 +1233,7 @@ ecosystem:
 onboarding_matrix_meta:
   version: "2.0.0"
   last_updated: "2026-02-05"
-  aligned_with_guide: "3.27.6"
+  aligned_with_guide: "3.27.8"
   changelog:
     - version: "2.0.0"
       date: "2026-02-05"
@@ -1261,7 +1261,7 @@ onboarding_matrix:
       core: [rules, sandbox_native_guide, commands]
       time_budget: "5 min"
       topics_max: 3
-      note: "SECURITY FIRST - sandbox before commands (v3.27.6 critical fix)"
+      note: "SECURITY FIRST - sandbox before commands (v3.27.8 critical fix)"
 
     beginner_15min:
       core: [rules, sandbox_native_guide, workflow, essential_commands]
@@ -1346,7 +1346,7 @@ onboarding_matrix:
         - default: agent_validation_checklist
       time_budget: "60 min"
       topics_max: 6
-      note: "Dual-instance pattern for quality workflows (v3.27.6)"
+      note: "Dual-instance pattern for quality workflows (v3.27.8)"
 
   learn_security:
     intermediate_30min:
@@ -1357,7 +1357,7 @@ onboarding_matrix:
         - default: permission_modes
       time_budget: "30 min"
       topics_max: 4
-      note: "NEW goal (v3.27.6) - Security-focused learning path"
+      note: "NEW goal (v3.27.8) - Security-focused learning path"
 
     power_60min:
       core: [sandbox_native_guide, mcp_secrets_management, security_hardening]
@@ -1382,7 +1382,7 @@ onboarding_matrix:
       core: [rules, sandbox_native_guide, workflow, essential_commands, context_management, plan_mode]
       time_budget: "60 min"
       topics_max: 6
-      note: "Security foundation + core workflow (v3.27.6 sandbox added)"
+      note: "Security foundation + core workflow (v3.27.8 sandbox added)"
 
     intermediate_120min:
       core: [plan_mode, agents, skills, config_hierarchy, git_mcp_guide, hooks, mcp_servers]