chore: consolidate IDEAS.md and bump version to 3.3.1

- IDEAS.md: Reduce from 12 to 4 actionable research topics
- Unified "MCP Security Hardening" (merged 3 overlapping topics)
- Expanded Discarded section (3 → 16 entries with justifications)
- Technical writer agent validation against reference.yaml
- Version bump: 3.3.0 → 3.3.1 across all docs

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CHANGELOG.md

@@ -6,6 +6,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
 
+## [3.3.1] - 2026-01-14
+
+### Changed
+- **IDEAS.md** - Consolidated and curated research topics
+  - High Priority: Unified "MCP Security Hardening" (merged 3 overlapping topics)
+  - Medium Priority: Kept CI/CD Workflows Gallery + MCP Server Catalog
+  - Lower Priority: CLAUDE.md Patterns Library (templates by stack)
+  - Discarded: Added 6 topics already covered in guide (prompt engineering, context optimization, task decomposition, agent architecture, case studies, tool comparisons)
+  - Technical writer agent validation of all ideas against reference.yaml
+
+### Stats
+- IDEAS.md reduced from 12 research topics to 4 actionable items
+- Discarded section expanded from 3 to 16 entries with clear justifications
+- Focus on actionable research vs theoretical exploration
+
+---
+
 ## [3.3.0] - 2026-01-14
 
 ### Added - LLM Handbook Integration + Google Agent Whitepaper

IDEAS.md

@@ -0,0 +1,114 @@
+# Ideas to Dig
+
+> Research topics for future guide improvements. Curated and validated.
+
+## High Priority
+
+### MCP Security Hardening
+Unified security research covering MCP vulnerabilities, prompt injection, and secret detection.
+
+**Topics:**
+- Real-world Tool Shadowing and Confused Deputy incidents
+- Prompt injection bypass techniques (Unicode, encoding, obfuscation)
+- Secret detection regex patterns (compare GitHub, Gitleaks, TruffleHog)
+- Supply chain risks in MCP server ecosystem
+
+**Perplexity Query:**
+```
+MCP Model Context Protocol security vulnerabilities 2024-2025:
+- Tool shadowing attacks
+- Prompt injection bypass techniques for coding assistants
+- Secret detection regex patterns comparison (GitHub vs Gitleaks vs TruffleHog)
+Include real incidents if documented.
+```
+
+---
+
+## Medium Priority
+
+### CI/CD Workflows Gallery
+Concrete GitHub Actions examples for Claude Code integration.
+
+**Topics:**
+- Automated PR review workflows
+- Test generation pipelines
+- Cost optimization patterns for API calls in CI
+- Pre-commit hooks integration
+
+**Perplexity Query:**
+```
+GitHub Actions workflows for AI coding assistants 2024-2025:
+- Automated code review with Claude/GPT
+- Cost optimization for API calls in CI/CD
+- Real examples from open source projects
+```
+
+### MCP Server Catalog
+Exhaustive list of MCP servers with real-world use cases.
+
+**Topics:**
+- Available servers by category (dev tools, databases, APIs)
+- Performance benchmarks vs native tools
+- Security trust levels per server
+- Custom server development patterns
+
+**Perplexity Query:**
+```
+MCP Model Context Protocol servers catalog 2024-2025:
+- Most useful servers for developers
+- Performance comparison MCP vs native tools
+- How to build custom MCP servers
+```
+
+---
+
+## Lower Priority
+
+### CLAUDE.md Patterns Library
+Stack-specific templates for common project types.
+
+**Topics:**
+- React/Next.js optimized configurations
+- Python/FastAPI patterns
+- Go project conventions
+- Monorepo configurations
+
+**Perplexity Query:**
+```
+CLAUDE.md configuration examples by framework:
+- React, Next.js, Vue patterns
+- Python, FastAPI, Django patterns
+- Best practices from GitHub repositories
+```
+
+---
+
+## Discarded Ideas
+
+| Idea | Reason Discarded |
+|------|------------------|
+| LLM Fine-tuning guide | Out of scope - users don't control model training |
+| Model architecture internals | Too theoretical, not actionable |
+| Token pricing optimization | Changes too frequently, use official docs |
+| A2A Protocol (Agent-to-Agent) | Claude Code is single-agent with sub-agents, not true multi-agent |
+| AgentOps Enterprise Dashboard | Infrastructure doesn't exist for CLI tool |
+| LLM-as-a-Judge evaluation | Overkill for CLI, adds latency without proportional value |
+| Decision Trajectory logging | No access to internal traces (black box) |
+| 4 Pillars formal framework | Too academic - guide already covers symptoms pragmatically |
+| Canary/Blue-Green deployments | Infrastructure patterns, not relevant for CLI |
+| Memory Poisoning defenses | Theoretical risk requiring prior system compromise |
+| Prompt Engineering for Code Gen | Already well covered (xml_prompting, prompt_formula) |
+| Context Window Optimization | Already well covered (context_management, context_triage) |
+| Task Decomposition Patterns | Covered via plan_mode, interaction_loop |
+| Agent Architecture Comparisons | Out of scope - not multi-agent theory |
+| Real-World Case Studies | Non-verifiable metrics, marketing-prone |
+| Comparison with Other Tools | Out of scope, rapid obsolescence |
+
+---
+
+## Contributing
+
+Found something interesting? Add it with:
+1. Topic name and why it matters
+2. Specific research questions
+3. Perplexity query to start

README.md

@@ -517,7 +517,7 @@ If this guide saved you time, helped you master Claude Code, or inspired your wo
 
 ---
 
-*Version 3.3.0 | January 2026 | Crafted with Claude*
+*Version 3.3.1 | January 2026 | Crafted with Claude*
 
 <!-- SEO Keywords -->
 <!-- claude code, claude code tutorial, anthropic cli, ai coding assistant, claude code mcp,

guide/cheatsheet.md

@@ -6,7 +6,7 @@
 
 **Written with**: Claude (Anthropic)
 
-**Version**: 3.2.0 | **Last Updated**: January 2026
+**Version**: 3.3.1 | **Last Updated**: January 2026
 
 ---
 

guide/ultimate-guide.md

@@ -10,7 +10,7 @@
 
 **Last updated**: January 2026
 
-**Version**: 3.2.0
+**Version**: 3.3.1
 
 ---