claude-code-ultimate-guide

marketing-shibata50/claude-code-ultimate-guide

Fork 0

Commit graph

Author	SHA1	Message	Date
Florian BRUNIAUX	c84c56bfbd	docs: add AI Traceability & Attribution guide Comprehensive documentation on AI code attribution and disclosure: - New guide: guide/ai-traceability.md (~640 lines) - LLVM "Human-in-the-Loop" policy (Assisted-by trailer) - Ghostty mandatory disclosure pattern - Fedora contributor accountability framework - git-ai tool documentation - PromptPwnd security vulnerability - Four-level disclosure spectrum - Implementation guides (solo, team, enterprise) - Templates: examples/config/ - CONTRIBUTING-ai-disclosure.md - PULL_REQUEST_TEMPLATE-ai.md - Cross-references added to: - ultimate-guide.md (after Co-Authored-By section) - learning-with-ai.md (after Vibe Coding Trap) - security-hardening.md (See Also) - guide/README.md (table of contents) - reference.yaml: 14 new entries for AI traceability topics Source: Vibe coding needs git blame (Piotr Migdał, Jan 2026) + Perplexity research on LLVM, Ghostty, Fedora policies Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-24 20:11:53 +01:00
Florian BRUNIAUX	46c5862c4e	fix(docs): critical factual corrections v3.6.1 Major audit correcting misleading documentation about Claude Code behavior: ### Fixed - `--add-dir`: permissions (not context loading) - `excludePatterns` → `permissions.deny` (never existed) - `.claudeignore` removed (not an official feature) - "selective loading" myth → lazy loading reality - Invented CLI flags (`--think`, `--headless`, `--learn`) → prompt keywords - `@` file reference: "loads automatically" → "reads on-demand" ### Added - Session Search Tool (`cs`) - zero-dep bash script for finding sessions - Security section: Known limitations of permissions.deny 15 files modified, 516 insertions, 200 deletions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-15 09:16:53 +01:00
Florian BRUNIAUX	34b2ca7200	feat(security): add security hardening guide and hooks v3.6.0 - Add guide/security-hardening.md (~10K) covering: - MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136 - Prompt injection evasion techniques (Unicode, ANSI, null bytes) - Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian) - Incident response procedures - Add 3 new security hooks: - unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection - repo-integrity-scanner.sh: scan README/package.json for injection - mcp-config-integrity.sh: verify MCP config hash - Update existing hooks: - prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd - output-secrets-scanner.sh: +env leakage, +generic tokens - Update cross-references in ultimate-guide.md (§7.4, §8.6) - Move MCP Security Hardening to Done in IDEAS.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-15 07:39:53 +01:00

Author

SHA1

Message

Date

Florian BRUNIAUX

c84c56bfbd

docs: add AI Traceability & Attribution guide

Comprehensive documentation on AI code attribution and disclosure:

- New guide: guide/ai-traceability.md (~640 lines)
  - LLVM "Human-in-the-Loop" policy (Assisted-by trailer)
  - Ghostty mandatory disclosure pattern
  - Fedora contributor accountability framework
  - git-ai tool documentation
  - PromptPwnd security vulnerability
  - Four-level disclosure spectrum
  - Implementation guides (solo, team, enterprise)

- Templates: examples/config/
  - CONTRIBUTING-ai-disclosure.md
  - PULL_REQUEST_TEMPLATE-ai.md

- Cross-references added to:
  - ultimate-guide.md (after Co-Authored-By section)
  - learning-with-ai.md (after Vibe Coding Trap)
  - security-hardening.md (See Also)
  - guide/README.md (table of contents)

- reference.yaml: 14 new entries for AI traceability topics

Source: Vibe coding needs git blame (Piotr Migdał, Jan 2026)
+ Perplexity research on LLVM, Ghostty, Fedora policies

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-24 20:11:53 +01:00

Florian BRUNIAUX

46c5862c4e

fix(docs): critical factual corrections v3.6.1

Major audit correcting misleading documentation about Claude Code behavior:

### Fixed
- `--add-dir`: permissions (not context loading)
- `excludePatterns` → `permissions.deny` (never existed)
- `.claudeignore` removed (not an official feature)
- "selective loading" myth → lazy loading reality
- Invented CLI flags (`--think`, `--headless`, `--learn`) → prompt keywords
- `@` file reference: "loads automatically" → "reads on-demand"

### Added
- Session Search Tool (`cs`) - zero-dep bash script for finding sessions
- Security section: Known limitations of permissions.deny

15 files modified, 516 insertions, 200 deletions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-15 09:16:53 +01:00

Florian BRUNIAUX

34b2ca7200

feat(security): add security hardening guide and hooks v3.6.0

- Add guide/security-hardening.md (~10K) covering:
  - MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136
  - Prompt injection evasion techniques (Unicode, ANSI, null bytes)
  - Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian)
  - Incident response procedures

- Add 3 new security hooks:
  - unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection
  - repo-integrity-scanner.sh: scan README/package.json for injection
  - mcp-config-integrity.sh: verify MCP config hash

- Update existing hooks:
  - prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd
  - output-secrets-scanner.sh: +env leakage, +generic tokens

- Update cross-references in ultimate-guide.md (§7.4, §8.6)
- Move MCP Security Hardening to Done in IDEAS.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-15 07:39:53 +01:00

3 commits