marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
406 commits 1 branch 0 tags 20 MiB
Commit graph

103 commits

Author SHA1 Message Date
Florian BRUNIAUX
77b48db01b docs(security): add enterprise AI governance guide + templates 
New section for org-level Claude Code governance — fills the gap
between individual dev security (security-hardening.md) and what
engineering managers actually need when deploying at scale.

New files:
- guide/security/enterprise-governance.md (1117 lines)
  6 sections: local/shared split, usage charter, MCP approval
  workflow, 4 guardrail tiers (Starter/Standard/Strict/Regulated),
  policy enforcement at scale, SOC2/ISO27001 compliance guide
- examples/scripts/mcp-registry-template.yaml
  Org-level MCP registry with approved/pending/denied tracking
- examples/hooks/bash/governance-enforcement-hook.sh
  SessionStart hook validating MCPs against approved registry
- examples/scripts/ai-usage-charter-template.md
  Full charter template with data classification, use case rules,
  compliance mapping (SOC2/ISO27001/HIPAA/PCI DSS/GDPR)

Enriched sections:
- adoption-approaches.md: enterprise rollout (50+ devs) with
  3-phase approach and common mistakes
- observability.md: manager audit checklist, compliance reporting
- ai-traceability.md: evidence collection table for auditors
- production-safety.md + security-hardening.md: cross-references
  with explicit scope boundaries

Integration: guide/README.md, reference.yaml (22 new entries),
CHANGELOG.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 11:05:21 +01:00
Florian BRUNIAUX
8f1dcecfa2 docs: update guide content, examples, tools, and reference files 
- guide/ultimate-guide.md — content updates
- guide/workflows/README.md, guide/README.md — navigation improvements
- guide/diagrams/ — diagram updates (context/sessions, config, MCP ecosystem)
- guide/third-party-tools.md — additions
- examples/README.md, hooks/README.md, scripts/README.md — examples updates
- examples/skills/pr-triage/SKILL.md — expanded skill
- machine-readable/reference.yaml — reference sync
- tools/audit-prompt.md, tools/onboarding-prompt.md — tooling updates
- docs/for-cto.md, docs/for-tech-leads.md, docs/resource-evaluations/README.md — doc updates
- .gitignore — gitignore update

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 15:32:33 +01:00
Florian BRUNIAUX
8c06d47a80 docs(security): update threat-db v2.6.0 — ClawJacked + Wave2 + 3 defensive tools 
New entries:
- T014: WebSocket Localhost Gateway Hijacking (ClawJacked pattern, Oasis Security)
- T015: Log Poisoning via WebSocket for Prompt Injection (OpenClaw v2026.2.13 fix)
- Campaign: ClawHub Wave 2 — 71 additional malicious skills (2026-02-28)
- Scanning tool: Verify Security Scanner (Claude Code skill, 1000+ bug patterns)
- Defensive: GitHub MCP Server secret scanning integration (2026-02-27)
- Defensive: Cycode AI Guardrails for MCP real-time secret interception
- Sources: Oasis Security + THN ClawJacked articles

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 11:22:56 +01:00
Florian BRUNIAUX
7ffd8413fb feat(v3.32.1): auto-rename-session hook + guide section update 
- Add examples/hooks/bash/auto-rename-session.sh template (SessionEnd hook,
  Haiku-generated titles, JSONL-based context extraction, /dev/tty output)
- Rewrite "Session Auto-Rename" guide section: two complementary approaches
  (CLAUDE.md behavioral + SessionEnd hook), remove outdated "Why not a hook?"
- Update CHANGELOG.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-08 17:27:55 +01:00
Florian BRUNIAUX
7bda706da2 feat(v3.32.0): Plan-Validate-Execute Pipeline — 3-command AI-first workflow 
New workflow for production teams: dynamic agent teams, ADR learning loop,
automated execution from PRD to merged PR.

Added:
- guide/workflows/plan-pipeline.md — complete workflow guide (philosophy,
  non-prescriptive AI-first, No Bandaids first principles, ADR learning loop,
  CLAUDE.md 120-line discipline, /clear context reset, cost profile)
- examples/commands/plan-start.md — 5-phase planning with 12-agent dynamic
  pool (trigger-based selection, Tier 0 Solo → Tier 4 Full Spectrum,
  planning-coordinator synthesis, auto-transition to validate)
- examples/commands/plan-validate.md — 2-layer validation (structural inline +
  8 specialist agents), ADR-aware auto-fix (Bucket A ~95% auto-resolve,
  Bucket B human input → new rule), issue persistence in metrics JSON
- examples/commands/plan-execute.md — worktree → TDD scaffold → level-based
  parallel agents → drift detection → quality gate → smoke test → PR squash
  merge → post-merge metrics → cleanup
- examples/agents/planning-coordinator.md — Opus synthesis agent: merges
  multi-agent reports into coherent task graph, resolves conflicts via ADR
  precedence, verifies plan completeness before output
- examples/agents/integration-reviewer.md — Opus runtime validator: connection
  params, async/sync consistency, env var completeness, library API
  correctness (WebFetch), OTEL pipeline validation

Updated:
- machine-readable/reference.yaml — 16 new indexed keys
- CHANGELOG.md — v3.32.0 entry with 6 detailed items
- VERSION, README.md, guide/cheatsheet.md, guide/ultimate-guide.md — bumped to 3.32.0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-06 17:24:26 +01:00
Florian BRUNIAUX
52d12a28b7 release: v3.30.2 — issue-triage skill, design-reference-file, Conductor docs 
New templates:
- examples/skills/issue-triage/ — 3-phase issue backlog management with
  Jaccard duplicate detection, risk classification, and validated actions
- examples/claude-md/design-reference-file.md — brand-book + ui-kit
  pattern for consistent UI generation across sessions

Resource evaluation:
- docs/resource-evaluations/075-paillard-design-system-first-website.md
  (Boris Paillard, mixt.care, score 3/5)

Docs update:
- guide/third-party-tools.md — Conductor section enriched with verified
  features (Next Workspace, Manual Mode, GitHub CI integration, BMAD pattern)

Version bump: 3.30.1 → 3.30.2 (synced across README, cheatsheet, guide, reference.yaml)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 16:18:24 +01:00
Florian BRUNIAUX
0bdb34b2a4 docs: external orchestration frameworks, pr-triage skill, GitHub Actions templates 
Added:
- guide/third-party-tools.md: External Orchestration Frameworks section
  (Ruflo + Athena Flow) with architectural distinction from multi-instance tools
- examples/skills/pr-triage/: 3-phase PR backlog management skill
  (audit, deep review via parallel agents, validated comment posting)
- examples/github-actions/: claude-code-review.yml + .coderabbit.yaml +
  prompts/code-review.md — AI-powered PR review GitHub Actions workflow
- docs/resource-evaluations/073-athena-flow-workflow-runtime.md (2/5 Watch)
- docs/resource-evaluations/074-ruflo-multi-agent-orchestration.md (3/5 Pertinent)

Updated:
- examples/README.md + examples/github-actions/README.md: new templates indexed
- machine-readable/reference.yaml: new entries for github-actions + pr-triage

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:47:16 +01:00
Florian BRUNIAUX
18a6e0ce5c docs(security): update threat-db v2.5.0 + security-hardening CVE table 
threat-db.yaml:
- 6 new CVEs: CVE-2026-25253 (OpenClaw 1-click RCE, CVSS 8.8),
  CVE-2026-25725 (Claude Code sandbox escape), CVE-2026-3484
  (nmap-mcp-server cmd injection), CVE-2025-35028 (HexStrike critical
  9.1, no patch), CVE-2025-15061 (Figma MCP critical 9.8),
  CVE-2026-0757 (MCP Manager sandbox escape)
- T013: Autonomous Safety Control Bypass (Ona research, 2026-03-03)
- openclaw v2026.1.29 added to minimum_safe_versions
- 10 new sources, version bump 2.4.0 → 2.5.0

security-hardening.md:
- CVE table extended from 9 to 15 entries
- Callouts added for 4 critical/unpatched CVEs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:08:32 +01:00
Florian BRUNIAUX
37d9d70ea2 docs: tech leads section, straude, session-naming, cowork updates 
- guide/learning-with-ai.md: §12 For Tech Leads & Engineering Managers
  (onboarding 4 semaines, métriques croissance réelle, mentoring scalable,
  warning signs équipe, template politique AI)
- guide/third-party-tools.md: fiche straude (dashboard social CC, analyse sécu)
- examples/claude-md/session-naming.md: template auto-rename sessions
- guide/cowork.md: mise à jour contenu et comparaisons
- docs/resource-evaluations/: +2 évaluations (eveillard, straude)
- README.md + examples/README.md: compteurs templates 175→176
- machine-readable/reference.yaml: nouvelles entrées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-04 17:29:06 +01:00
Florian BRUNIAUX
d9187ba17b release: v3.30.0 - 10 advanced patterns documentation 
5 new files (plan-challenger, adr-writer, audit-codebase, first-principles, event-driven-agents),
4 workflow files enriched (iterative-refinement, agent-teams, ultimate-guide x3 sections),
reference.yaml updated with 9 new entries. Fact-checked via 9 Perplexity searches (March 2026).

Patterns covered: modular CLAUDE.md architecture, session invariants, auto-ADR, adversarial
plan review, worktree dependency coordination, auto-fix loops (Ralph Loop), Linear/Kanban
event-driven agents, codebase audit scoring, deployment automation (Vercel + Infisical).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-03 06:27:28 +01:00
Florian BRUNIAUX
01283fafec docs: SonnetPlan hack — budget Sonnet+Haiku hybrid via env var remap 
- guide/ultimate-guide.md §OpusPlan: new "Budget Variant: SonnetPlan"
  section with shell function, Plan/Act routing table, caveat on
  unreliable model self-report, link to GitHub issue #9749
- examples/scripts/sonnetplan.sh: new ready-to-use shell function
  with installation instructions and verification guidance

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 17:58:25 +01:00
Florian BRUNIAUX
252148fe75 release: v3.29.1 - Git MCP + GitHub MCP catalog entries 
Add Git MCP Server (12 tools, uvx setup) and GitHub MCP Server
(Issues/PRs/Projects, remote Copilot + self-hosted PAT-only) to §8.2
MCP Server Catalog. Document real-world fix for Incompatible auth
server error via gh auth token + manual header injection.

Also ships: CC v2.1.63 tracking, HTTP hooks, observability quality
patterns, config lifecycle §9.23, terminal personalization, tool
comparison table extensions, MCP server 3 new tools.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 16:10:19 +01:00
Florian BRUNIAUX
155b07a589 feat: threat-db v2.4.0 + MCP guide section + resource evals + ci 
## threat-db v2.4.0
- CVE-2026-27735: path traversal in mcp-server-git git_add (CVSS 6.4)
- Campaign: Clinejection (Cline CLI 2.3.0 supply chain, 4000 downloads)
- T012: AI Recommendation Poisoning (Microsoft research, 50+ prompts)
- 3 new sources (NVD, Snyk, Microsoft Security Blog, Hacker News)

## guide/ultimate-guide.md
- New section "This Guide as an MCP Server" (§10) — installation,
  tools list, dev mode, usage examples, slash commands

## docs/resource-evaluations
- eval #070: claude-code-best-practice .claude/ config (score 4/5)
- eval #071: Steven Ge technical writing workflow (score TBD)
- eval #072: Rippletide AI reliability platform (score 2/5, watch only)
- 2026-02-26: boristane SDLC dead post evaluation
- README: count 60→72 evals, add #072 entry

## ci + config
- .github/workflows/trigger-landing-deploy.yml — auto-trigger landing
  rebuild on push to main (guide content changes)
- .gitignore: add .claude/agents/ exception + mcp-server/dist/ ignore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 21:35:03 +01:00
Florian BRUNIAUX
e62af76767 docs: spinner verbs + tips personalization — new example + guide section 
- New section §3.3 Terminal Personalization Settings (ultimate-guide.md:4978)
  spinnerVerbs (mode replace/add) + spinnerTipsOverride (excludeDefault)
- New examples/config/settings-personalization.json — 19 verbs, 113+ tips, 13 categories
- reference.yaml: new spinner_personalization entry + line number fix
- CHANGELOG updated

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 10:00:58 +01:00
Florian BRUNIAUX
4a0a0bf30e docs: complete factual audit pass 2 — 90+ corrections 
Second 10-agent parallel audit covering all remaining sections:
ultimate-guide.md (ch1-ch11), workflows/ (17 files), quiz/ (12 files),
examples/agents+skills+commands. Source of truth: official Anthropic docs.

Key corrections:

Hook system (+8 missing events):
- Complete 17-event list: PermissionRequest, PostToolUseFailure, SubagentStart,
  TeammateIdle, TaskCompleted, WorktreeCreate, WorktreeRemove, SessionEnd
- SessionStart confirmed valid (previous audit wrongly doubted it)
- Hook output format: hookSpecificOutput.permissionDecision (not {"decision":"block"})
- Missing common input fields added: transcript_path, cwd, permission_mode

Agent YAML frontmatter (13 valid fields restored/added):
- Restored: disallowedTools, memory, background, isolation, skills, permissionMode, hooks
- Added new: maxTurns, mcpServers
- Fixed: tools format is comma-separated (not space-separated)

Plan Mode (12 occurrences fixed):
- Ctrl+G = "open plan in text editor" (NOT "enter plan mode")
- Plan Mode = Shift+Tab × 2 (Normal → acceptEdits → plan)

Commands table (10.1) + built-in commands (6.1):
- Added 18+ missing commands: /copy, /doctor, /hooks, /memory, /model,
  /config, /permissions, /remote-control, /rename, /resume, /sandbox, etc.

Workflow files:
- agent-teams.md: removed fake --experimental-agent-teams flag
- hooks.yaml + post_edit event → settings.json + PostToolUse (2 files)
- TodoWrite → TaskCreate/TaskUpdate (3 files)
- task-management.md: removed fake "failed" task status

Quiz / examples:
- 01-010: Esc stops mid-action (not Ctrl+C)
- refactoring-specialist.md: removed MultiEdit (not a valid tool)
- ast-grep-patterns.md: name field (not title)
- validate-changes.md, diagnose.md: field name fixes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 18:21:28 +01:00
Florian BRUNIAUX
8e63d84b47 docs: factual audit + reference sync — 260 findings corrected 
Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 12:10:14 +01:00
Florian BRUNIAUX
ad735dfff4 docs(security): update threat-db v2.3.0 — CVE-2025-59536, CVE-2026-21852, +2 CVEs, T011 
New CVEs (4):
- CVE-2025-59536: Claude Code RCE via enableAllProjectMcpServers config (fixed 1.0.111)
- CVE-2026-21852: Claude Code API key theft via ANTHROPIC_BASE_URL redirect (fixed 2.0.65)
- CVE-2026-26029: sf-mcp-server command injection via child_process.exec
- CVE-2026-27203: eBay API MCP Server env variable injection

New attack technique:
- T011: Project Configuration Hijacking (.claude/settings.json / .mcp.json as attack surface)

New defensive resources:
- GuardFive AI Agent Security Scanner
- Palo Alto AI Runtime Security MCP Threat Detection

New sources (7): Check Point Research, The Hacker News, Trend Micro, 1Password, Red Hat, NVD x2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:59:03 +01:00
Florian BRUNIAUX
97f9167a61 docs: add Kairn memory MCP + resource evaluations + guide updates 
- guide/ultimate-guide.md §10.2: Add Kairn (knowledge graph memory with biological decay)
  - Typed relationships (depends-on, resolves, causes), 18 MCP tools
  - Updated comparison table: Serena / grepai / doobidoo / Kairn
  - Added decision routing for long-term memory + causality tracking
- guide/ultimate-guide.md §5.1: Add real-world CLAUDE.md migration example (Avo, 600-line → 15 path-scoped files)
- guide/ai-ecosystem.md: Minor update
- machine-readable/reference.yaml: Add Kairn entries
- examples/config/mcp.json: Add Kairn MCP config
- docs/resource-evaluations/: Add 2 new evaluations (context-evaluator-packmind, kairn-memory-mcp)
- docs/resource-evaluations/agents-md-empirical-study: Add community reception section
- docs/resource-evaluations/2026-02-23-agentsview: Minor fix

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 17:39:20 +01:00
Florian BRUNIAUX
92643c1a6b docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners 
New CVEs:
- CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet)
- SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox)

New entries:
- Attack technique T010: Agent-to-Agent Communication Injection
- 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai
- 1 new defensive resource: Anthropic Claude Code Security (2026-02-21)
- 4 new sources (Lakera, Penligent AI, Snyk, THN)

Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:14:34 +01:00
Florian BRUNIAUX
dbb62306d7 release: v3.28.1 - Visual Diagrams Series (40 Mermaid diagrams) 
guide/diagrams/: new directory with 40 interactive Mermaid diagrams
- 10 thematic files: foundations, context/sessions, configuration,
  architecture, MCP ecosystem, dev workflows, multi-agent patterns,
  security/production, cost/optimization, adoption/learning
- Each diagram: Mermaid (GitHub-native) + ASCII fallback + source link
- Bold Guy palette (6-color system) consistent across all diagrams
- README with index, visual palette legend, navigation by use case

Also includes (backlog from v3.28.0→v3.28.1):
- guide/ultimate-guide.md: Managing Large MCP Server Sets, AI Code
  Disclosure Policy, claude-mem Gemini alternative, observability
- guide/workflows/plan-driven.md: Boris Tane custom markdown plans (+172L)
- guide/security-hardening.md: Part 4 PR security review workflow
- examples/agents/security-patcher.md: new security agent
- examples/hooks/bash/security-gate.sh: PreToolUse security hook
- guide/observability.md: activity monitoring, external tools, proxying
- docs/resource-evaluations/: 4 new evaluations (Boris Cherny, Moigneu,
  Boris Tane, Aristote AI instructions)
- README.md: Visual Diagrams section in "What Makes This Guide Unique"

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:51:21 +01:00
Florian BRUNIAUX
9218ab37d6 feat: security scanning workflow (auditor + patcher + gate hook) 
- security-hardening.md Part 4: PR security review workflow
  3-agent pipeline: scan → data flow trace → patch
  Tableau par type de changement (auth, DB, upload, deps)
  Hook pre-push git pour alerter sur fichiers sensibles
- security-patcher agent: applique les findings du security-auditor
  Propose avant d'écrire, jamais en autonomie (human approval gate)
  Séparation nette detect vs patch
- security-gate.sh hook: PreToolUse, 7 patterns vulnérables bloqués
  SQLi, XSS innerHTML, secrets hardcodés, eval() dynamique,
  hash faible (MD5/SHA1 password), command injection, path traversal
  Complément de dangerous-actions-blocker.sh (ops système)
- Claude Code Security (research preview) documentée dans security-hardening.md
  Comparaison Security Auditor Agent vs feature Anthropic
- reference.yaml: 4 nouvelles entrées indexées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:21:35 +01:00
Florian BRUNIAUX
6049bd99c2 release: v3.28.0 - Section 2.5 Model Selection & Thinking Guide 
Section canonique consolidée pour le choix de modèle :
- Section 2.5 (decision table, effort levels avec prompts, model-per-agent patterns, thinking guide)
- 3 nouveaux agents : planner (Opus), implementer (Haiku), architecture-reviewer (Opus)
- 7 nouvelles questions quiz (09-037→09-043, intermediate→power)
- 3 tables redondantes remplacées par cross-refs vers Section 2.5

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-21 18:25:50 +01:00
Florian BRUNIAUX
00cb973bdb docs: add Talk Preparation Pipeline workflow + skill templates 
6-stage pipeline: raw material → conference talk → Kimi AI slides.

New files:
- guide/workflows/talk-pipeline.md — Full workflow guide (REX vs Concept
  modes, stage-by-stage breakdown, CHECKPOINT mechanics, Kimi handoff,
  real-world DevWithAI example, 5 design patterns documented)
- examples/skills/talk-pipeline/ — 7 SKILL.md files + orchestrator + 2
  templates (feedback-draft.md, kimi-prompt-template.md)

Updated:
- README.md — badges 164→172 templates, Feb 20 date, 13→14 skills
- guide/workflows/README.md — Talk Pipeline entry under Design & Content
- machine-readable/reference.yaml — 16 new entries for pipeline components
- CHANGELOG.md — [Unreleased] entry

Design patterns showcased: skill chaining + file-based state, tool
permission scoping (Bash only Stage 2), human-in-the-loop CHECKPOINT
(Stage 4), AI-to-AI handoff (Claude → Kimi), dual execution modes
(REX/Concept).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 15:51:29 +01:00
Florian BRUNIAUX
6d847d24de docs: add Profile-Based Module Assembly pattern (Section 3.5) 
- Section 3.5 "Team Configuration at Scale" in ultimate-guide.md:
  profiles YAML + shared modules + skeleton + assembler script;
  59% context token reduction measured on 5-dev production team;
  includes CI drift detection, 5-step replication guide, trade-offs
- New workflow: guide/workflows/team-ai-instructions.md (6 phases,
  scaling thresholds, troubleshooting table)
- New templates: examples/team-config/ (profile-template.yaml,
  claude-skeleton.md, sync-script.ts)
- reference.yaml: 9 new entries for team_ai_instructions_*
- README: templates count 161 → 164, date Feb 19 → Feb 20
- CHANGELOG [Unreleased]: resource evaluations (AGENTS.md ETH Zürich
  4/5, Sylvain Chabaud 3/5), spec-first Task Granularity section,
  methodologies ATDD expansion

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 15:04:29 +01:00
Florian BRUNIAUX
46b5f39f52 docs: update examples README and reference.yaml for claude-code-review.yml 
- examples/README.md: github-actions count 3→4, add new workflow row
- machine-readable/reference.yaml: 6 new entries (workflow, prompt, pattern, tools, auth, cost)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 14:58:27 +01:00
Florian BRUNIAUX
9b75b5125e release: v3.27.8 - prompt-based GitHub Actions code review workflow 
New examples/github-actions/claude-code-review.yml with externalized prompt,
anti-hallucination protocol, /claude-review on-demand trigger. Templates 116→161.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 14:23:15 +01:00
Florian BRUNIAUX
267ce0ba86 chore: update guide content and add new examples 
- Update ultimate guide and cheatsheet
- Update llms.txt and reference YAML
- Add velocity-governor hook and cc-sessions script

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 18:48:19 +01:00
Florian BRUNIAUX
c3da456d3a release: v3.27.6 - Sonnet 4.6 default + 200K vs 1M context guide 
- Pricing table: Sonnet 4.6 now default (Feb 2026)
- New section: 200K vs 1M context decision guide (MRCR bench, cost table, use cases)
- threat-db.yaml v2.1.0: CVE-2026-23744, Slopsquatting T009, OWASP Agentic AI Top 10

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 09:33:55 +01:00
Florian BRUNIAUX
0d6a0c656e docs: add git-worktree suite, security kill switch, update reference.yaml + CC releases 
- Git worktree commands: overhauled main + 3 new (status, remove, clean)
- Security hardening: AI Kill Switch & Containment Architecture (§3.5)
- DevOps SRE: cross-reference to security-hardening for AI incidents
- CC releases: v2.1.43-v2.1.44 tracking
- reference.yaml: 12 new entries, evaluations count 67 → 74

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 10:20:57 +01:00
Florian BRUNIAUX
7d43b67bcd docs: add review-plan command + rules templates (inspired by Garry Tan) 
Structured plan review across 4 axes (architecture, code quality, tests,
performance) as a reusable custom command with separate rules files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 20:34:33 +01:00
Florian BRUNIAUX
c955098cc7 docs: add plugin marketplace install for session-summary 
Link to FlorianBruniaux/claude-code-plugins in ecosystem section
and hooks README. Plugin system auto-wires hooks, no manual config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:58:58 +01:00
Florian BRUNIAUX
9075b966ab fix: make session-summary-config.sh compatible with Bash 3.2+ (macOS) 
Replace all `declare -A` (associative arrays, Bash 4+ only) with simple
variables and helper functions. Fixes crash on macOS default Bash 3.2:
- "operand expected" at line 40
- "meta: unbound variable" at line 43

Reported by community user (Slack).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:42:20 +01:00
Florian BRUNIAUX
66ebec567a docs: add SkillHub badge and update skills listing to 13 
- Add SkillHub badge (9 skills) to README header
- Update examples/README.md with 5 new skill entries
- Link to SkillHub profile for installable skills

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 21:24:17 +01:00
Florian BRUNIAUX
52d76411e3 feat(skills): publish 5 new skills to SkillHub 
Add skill-creator, landing-page-generator, ccboard, guide-recap,
and release-notes-generator with genericized content (no personal
refs, FR→EN translation, placeholder URLs/paths).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 21:10:09 +01:00
Florian BRUNIAUX
e504f0d1bf feat: add session summary screenshot, skills, and GitHub templates 
- Add session-summary-v3.png screenshot for hook documentation
- Add GitHub issue templates (bug report, feature request, question)
- Add new skills: ccboard, guide-recap, landing-page-generator,
  release-notes-generator, skill-creator

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 20:55:16 +01:00
Florian BRUNIAUX
e60b24d27c docs(examples): add YAML frontmatter to 19 miscellaneous example files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:21:00 +01:00
Florian BRUNIAUX
9170095320 docs(examples): add YAML frontmatter to 7 README files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:57 +01:00
Florian BRUNIAUX
3029d1d3b8 docs(examples): add YAML frontmatter to 5 claude-md templates 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:37 +01:00
Florian BRUNIAUX
91d36f00dd docs(examples): add YAML frontmatter to 20 command templates 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:36 +01:00
Florian BRUNIAUX
d1182af4cf docs: v3.27.1 — fact-check corrections, grepai docs, RTK overhaul 
Fact-check (README positioning):
- Template count: 120/123 → 108 (ground truth recount)
- Ratio: 14× → 24× (19,000 ÷ 784 = 24.2×)
- everything-cc stars: 31.9k → 45k+ (verified Feb 15)
- Commands count: 20 → 23, hooks: 30 → 31

Added:
- Grepai MCP documentation (semantic search, call graphs)
- 3 hook templates (rtk-baseline, session-summary, session-summary-config)
- 2 resource evaluations (system-prompts update, qmd token savings)

Changed:
- RTK documentation overhaul (v0.7.0 → v0.16.0, rtk-ai org)
- Exports deprecated (kimi.pdf, notebooklm.pdf → deprecated/)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 18:41:45 +01:00
Florian BRUNIAUX
971a297db3 feat(security): add threat intelligence DB, security commands, and cheatsheet audit fixes (v3.26.0) 
- Add threat-db.yaml v2.0.0 with 63 malicious skills, 22 CVEs, 4 campaigns
- Add /security-check, /security-audit, /update-threat-db slash commands
- Add Snyk ToxicSkills evaluation (58th resource evaluation)
- Fix cheatsheet: add Alt+T to keyboard shortcuts table, add /fast and /debug commands
- Update Features Meconnues table with Agent Teams and Auto-Memories
- Clean up cheatsheet.md.bak
- Bump version to 3.26.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-11 16:12:36 +01:00
Florian BRUNIAUX
deb518ceff fix(security): fact-check corrections across threat-db and hardening guide 
- CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate)
- CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD)
- CVE-2026-25536: add missing fixed_in 1.26.0
- CVE-2026-25546: add missing fixed_in 0.1.1
- Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001
- Fix Flatt Security URL to specific blog post
- Fix SentinelOne URL to specific CVE page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-11 15:11:13 +01:00
Florian BRUNIAUX
ef7cdd899e release: v3.24.0 - Agent Evaluation Framework 
Major addition: Complete agent evaluation framework with production-ready template.

## Added

- **Resource Evaluation**: nao framework (score 3/5)
  - Identified critical gap: agent evaluation not documented
  - Technical challenge adjusted score 2/5 → 3/5
  - All claims fact-checked (TypeScript 58.9%, Python 38.5%)

- **Guide Section**: Agent Evaluation (guide/agent-evaluation.md, ~3K tokens)
  - Metrics: response quality, tool usage, performance, satisfaction
  - Patterns: logging hooks, unit tests, A/B testing, feedback loops
  - Example: analytics agent with built-in metrics
  - Tools: nao framework reference, Claude Code hooks integration

- **AI Ecosystem**: Section 8.2 Domain-Specific Agent Frameworks
  - nao (Analytics Agents): Database-agnostic, built-in evaluation
  - Transposable patterns: context builder, evaluation hooks, DB integrations

- **Template**: Analytics Agent with Evaluation (5 files, ~1K lines)
  - README: setup, usage, troubleshooting
  - Agent: SQL generator with evaluation criteria, safety rules
  - Hook: automated metrics logging (safety, performance, errors)
  - Script: analysis with stats, safety reports, recommendations
  - Report template: monthly evaluation format

## Changed

- Agent Evaluation Guide: updated template references, verified links
- Landing Site: templates count 110 → 114
- Version: 3.23.5 → 3.24.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 11:52:13 +01:00
Florian BRUNIAUX
d0320f3e30 docs: add memory stack integration workflow example 
Real-world 5-day sprint example showing claude-mem + Serena + grepai integration.

Scenario: JWT migration across e-commerce API (50k lines, 200+ files)

Demonstrates:
- Day 1: Discovery with grepai + architectural decisions in Serena
- Day 2: Implementation with auto-capture via claude-mem
- Day 3: Integration with context retention across sessions
- Day 4: Testing with full memory stack
- Day 5: Deployment with comprehensive handoff docs

Key metrics:
- 85% reduction in file re-reads (1000 → 150)
- 90% token savings via progressive disclosure
- 4 Serena memories (arch decisions preserved)
- 312 observations captured automatically
- $4.68 total cost for 5 days of perfect memory
- Net ROI: $0.43 cost vs 425k tokens saved

Shows practical usage:
- When to use auto vs manual memory
- Progressive disclosure in action
- Memory search queries
- Handoff documentation generation
- Cost analysis and ROI

File: examples/workflows/memory-stack-integration.md

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 09:36:37 +01:00
Florian BRUNIAUX
d5c3a82cac docs: add claude-mem plugin documentation (automatic session memory) 
Integrate claude-mem (thedotmack/claude-mem) into the guide as Section 8.2.5.
Score: 4/5 (High Value - automatic session capture fills documentation gap).

Added:
- Section 8.2.5: claude-mem plugin (automatic session memory)
  * Automatic capture via lifecycle hooks
  * AI compression + progressive disclosure (10x tokens)
  * Web dashboard at localhost:37777
  * Natural language search
  * Privacy controls (<private> tags)
  * Cost analysis ($0.15/100 obs)
  * AGPL-3.0 licensing considerations

- Memory Tools Decision Matrix (claude-mem vs Serena vs grepai)
  * 4-layer memory stack pattern
  * Integrated workflow examples
  * When to use automatic vs manual memory

- Plugin template: examples/plugins/claude-mem.md
  * Installation, configuration, troubleshooting
  * Advanced features (progressive disclosure, endless mode)
  * Export/import, cost optimization

- Resource evaluation: docs/resource-evaluations/claude-mem-evaluation.md
  * Technical analysis (fact-checked stats)
  * Comparison to existing tools
  * Integration recommendations

- reference.yaml: 14 new claude-mem entries

Changed:
- Updated search tools comparison (5 tools: rg, grepai, Serena, ast-grep, claude-mem)
- Extended feature matrix with "Auto capture" and "Web dashboard" rows

Stats (verified 2026-02-10):
- 26.5k GitHub stars, 1.8k forks
- 181 releases, 46 contributors
- Latest: v9.1.1 (Feb 7, 2026)
- License: AGPL-3.0 + PolyForm Noncommercial

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 08:47:17 +01:00
Florian BRUNIAUX
191ff42741 release: v3.23.4 - Agent Anti-Patterns & Scope-Focused Refactoring 
Major conceptual refactoring based on Dex Horty's principle:
"Subagents are not for anthropomorphizing roles, they are for controlling context"

### Added (1 new section)
- Agent Anti-Patterns section (§9.17, line 3662)
  - Wrong vs Right table (anthropomorphizing vs context control)
  - When to use agents (context isolation, parallel processing, scope limitation)
  - When NOT to use agents (fake teams, roleplaying, mimicking org structure)

### Changed (18 files, 200+ lines)
- Section rename: "Split-Role Sub-Agents" → "Scope-Focused Agents"
- Agent definitions: "Specialized role" → "Context isolation tool"
- 8 custom agent examples refactored (guide + examples/agents/)
- 10+ prompt examples with explicit scope boundaries
- 4 workflow files updated (agent-teams, TDD, iterative refinement)
- Terminology replacements:
  * "Specialized agents" → "Scope-focused agents"
  * "Expert personas" → "Context boundaries"
  * "Multi-domain expertise" → "Multi-scope analysis"

### Fixed
- Methodologies: Clarification note for BMAD role-based naming

Breaking change: Conceptual shift from role-based to scope-based agent usage.
All examples now demonstrate context isolation instead of persona simulation.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 10:29:59 +01:00
Florian BRUNIAUX
9805b615c5 docs: correct Agent Teams architecture + add session handoff template 
## Agent Teams Architecture Corrections

Based on official sources (Addy Osmani blog, Feb 2026):

**Major changes**:
- Add mailbox system documentation (peer-to-peer messaging)
- Correct communication model: not only team lead synthesis
- Update diagrams to show peer-to-peer arrows
- Clarify context isolation vs message sharing
- Add 7 sections with source attribution
- Add documentation update note (2026-02-09)

**Key correction**: Agents communicate via mailbox system (direct
peer-to-peer + team lead synthesis), not only hierarchical reporting.

**Files modified**:
- guide/workflows/agent-teams.md (+72 -19): 7 major corrections
- CHANGELOG.md: Document session handoff template addition
- guide/architecture.md: Architecture clarifications
- guide/ultimate-guide.md: Cross-references updates

**Sources**:
- https://addyosmani.com/blog/claude-code-agent-teams/
- Perplexity research (sonar-reasoning-pro, Feb 2026)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 09:23:41 +01:00
Florian BRUNIAUX
b48d95c024 feat: add agent/skill quality audit tooling + Grenier evaluation 
AUDIT TOOLING (3 templates):
- Command: /audit-agents-skills (quick project audits)
  - 16-criteria framework (Identity 3x, Prompt 2x, Validation 1x, Design 2x)
  - Weighted scoring: 32 pts (agents/skills), 20 pts (commands)
  - Production grading (A-F, 80% threshold)
  - Fix mode with actionable suggestions
- Skill: audit-agents-skills (advanced audits)
  - 3 modes: Quick (top-5), Full (all 16), Comparative (vs templates)
  - JSON + Markdown output for CI/CD
- Scoring grids: criteria.yaml (externalized for reuse)

EVALUATION:
- Grenier agent/skill quality (3/5 - Moderate Value)
  - Gap: 29.5% deploy without evaluation (LangChang 2026)
  - Integration: Created audit command + skill + criteria
  - Industry context: 18% cite agent bugs as top challenge

DOCUMENTATION:
- Guide refs: 2 strategic call-outs (after Agent/Skill validation)
- CHANGELOG: New "Added" section + evaluation details
- README: Templates 106→107, Evaluations 49→24 (count corrections)
- reference.yaml: 10 new audit entries + updated counts

SYNC:
- Landing index.html: Templates 107, Evals 24, Quiz 257
- Landing examples/index.html: Templates 107

FILES: 14 changed, 4148 insertions (+1250 lines new audit content)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-07 15:40:18 +01:00
Florian BRUNIAUX
975b8019ac feat: add 4 ClaudeKit-inspired hooks (checkpoint, validation, file-guard) 
- Add auto-checkpoint.sh (Stop event, git stash automation)
- Add typecheck-on-save.sh (PostToolUse, TypeScript validation)
- Add test-on-change.sh (PostToolUse, smart test detection)
- Add file-guard.sh (PreToolUse, unified file protection)
- Add ClaudeKit evaluation (3/5, patterns extracted)
- Version bump 3.21.0 → 3.21.1 (sync across all docs)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 21:50:48 +01:00
Florian BRUNIAUX
6910c06981 docs: add Native Sandboxing comprehensive documentation (v3.21.1) 
Integration of official Anthropic sandboxing docs (5/5 CRITICAL):

Created (5 files):
- guide/sandbox-native.md (~3K words): Complete technical reference
  * OS primitives (Seatbelt/bubblewrap), filesystem/network isolation
  * Sandbox modes, escape hatch, security limitations
  * Decision trees, config examples, troubleshooting
- docs/resource-evaluations/native-sandbox-official-docs.md (5/5 score)
- examples/config/sandbox-native.json (production config)
- examples/commands/sandbox-status.md (sandbox inspection)
- examples/hooks/bash/sandbox-validation.sh (prod validation)

Updated (5 files):
- guide/sandbox-isolation.md: Section 4 "Native Claude Code Sandbox"
  * Comparison Native vs Docker (process-level vs microVM)
  * Updated TL;DR, comparison matrix, decision tree
- guide/architecture.md: Native Sandbox sub-section in Security Model
- machine-readable/reference.yaml: +24 sandbox entries
- VERSION: 3.21.0 → 3.21.1
- README.md: Templates 100→103, Evaluations 44→45
- CHANGELOG.md: v3.21.1 entry

Closes critical security documentation gap (~1800 words missing).
Fact-checked 100%, agent-challenged (technical-writer), production-ready.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 20:24:17 +01:00