marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
363 commits 1 branch 0 tags 20 MiB
Commit graph

21 commits

Author SHA1 Message Date
Florian BRUNIAUX
4a0a0bf30e docs: complete factual audit pass 2 — 90+ corrections 
Second 10-agent parallel audit covering all remaining sections:
ultimate-guide.md (ch1-ch11), workflows/ (17 files), quiz/ (12 files),
examples/agents+skills+commands. Source of truth: official Anthropic docs.

Key corrections:

Hook system (+8 missing events):
- Complete 17-event list: PermissionRequest, PostToolUseFailure, SubagentStart,
  TeammateIdle, TaskCompleted, WorktreeCreate, WorktreeRemove, SessionEnd
- SessionStart confirmed valid (previous audit wrongly doubted it)
- Hook output format: hookSpecificOutput.permissionDecision (not {"decision":"block"})
- Missing common input fields added: transcript_path, cwd, permission_mode

Agent YAML frontmatter (13 valid fields restored/added):
- Restored: disallowedTools, memory, background, isolation, skills, permissionMode, hooks
- Added new: maxTurns, mcpServers
- Fixed: tools format is comma-separated (not space-separated)

Plan Mode (12 occurrences fixed):
- Ctrl+G = "open plan in text editor" (NOT "enter plan mode")
- Plan Mode = Shift+Tab × 2 (Normal → acceptEdits → plan)

Commands table (10.1) + built-in commands (6.1):
- Added 18+ missing commands: /copy, /doctor, /hooks, /memory, /model,
  /config, /permissions, /remote-control, /rename, /resume, /sandbox, etc.

Workflow files:
- agent-teams.md: removed fake --experimental-agent-teams flag
- hooks.yaml + post_edit event → settings.json + PostToolUse (2 files)
- TodoWrite → TaskCreate/TaskUpdate (3 files)
- task-management.md: removed fake "failed" task status

Quiz / examples:
- 01-010: Esc stops mid-action (not Ctrl+C)
- refactoring-specialist.md: removed MultiEdit (not a valid tool)
- ast-grep-patterns.md: name field (not title)
- validate-changes.md, diagnose.md: field name fixes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 18:21:28 +01:00
Florian BRUNIAUX
8e63d84b47 docs: factual audit + reference sync — 260 findings corrected 
Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 12:10:14 +01:00
Florian BRUNIAUX
9218ab37d6 feat: security scanning workflow (auditor + patcher + gate hook) 
- security-hardening.md Part 4: PR security review workflow
  3-agent pipeline: scan → data flow trace → patch
  Tableau par type de changement (auth, DB, upload, deps)
  Hook pre-push git pour alerter sur fichiers sensibles
- security-patcher agent: applique les findings du security-auditor
  Propose avant d'écrire, jamais en autonomie (human approval gate)
  Séparation nette detect vs patch
- security-gate.sh hook: PreToolUse, 7 patterns vulnérables bloqués
  SQLi, XSS innerHTML, secrets hardcodés, eval() dynamique,
  hash faible (MD5/SHA1 password), command injection, path traversal
  Complément de dangerous-actions-blocker.sh (ops système)
- Claude Code Security (research preview) documentée dans security-hardening.md
  Comparaison Security Auditor Agent vs feature Anthropic
- reference.yaml: 4 nouvelles entrées indexées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:21:35 +01:00
Florian BRUNIAUX
267ce0ba86 chore: update guide content and add new examples 
- Update ultimate guide and cheatsheet
- Update llms.txt and reference YAML
- Add velocity-governor hook and cc-sessions script

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 18:48:19 +01:00
Florian BRUNIAUX
c955098cc7 docs: add plugin marketplace install for session-summary 
Link to FlorianBruniaux/claude-code-plugins in ecosystem section
and hooks README. Plugin system auto-wires hooks, no manual config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:58:58 +01:00
Florian BRUNIAUX
9075b966ab fix: make session-summary-config.sh compatible with Bash 3.2+ (macOS) 
Replace all `declare -A` (associative arrays, Bash 4+ only) with simple
variables and helper functions. Fixes crash on macOS default Bash 3.2:
- "operand expected" at line 40
- "meta: unbound variable" at line 43

Reported by community user (Slack).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:42:20 +01:00
Florian BRUNIAUX
9170095320 docs(examples): add YAML frontmatter to 7 README files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:57 +01:00
Florian BRUNIAUX
d1182af4cf docs: v3.27.1 — fact-check corrections, grepai docs, RTK overhaul 
Fact-check (README positioning):
- Template count: 120/123 → 108 (ground truth recount)
- Ratio: 14× → 24× (19,000 ÷ 784 = 24.2×)
- everything-cc stars: 31.9k → 45k+ (verified Feb 15)
- Commands count: 20 → 23, hooks: 30 → 31

Added:
- Grepai MCP documentation (semantic search, call graphs)
- 3 hook templates (rtk-baseline, session-summary, session-summary-config)
- 2 resource evaluations (system-prompts update, qmd token savings)

Changed:
- RTK documentation overhaul (v0.7.0 → v0.16.0, rtk-ai org)
- Exports deprecated (kimi.pdf, notebooklm.pdf → deprecated/)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 18:41:45 +01:00
Florian BRUNIAUX
975b8019ac feat: add 4 ClaudeKit-inspired hooks (checkpoint, validation, file-guard) 
- Add auto-checkpoint.sh (Stop event, git stash automation)
- Add typecheck-on-save.sh (PostToolUse, TypeScript validation)
- Add test-on-change.sh (PostToolUse, smart test detection)
- Add file-guard.sh (PreToolUse, unified file protection)
- Add ClaudeKit evaluation (3/5, patterns extracted)
- Version bump 3.21.0 → 3.21.1 (sync across all docs)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 21:50:48 +01:00
Florian BRUNIAUX
6910c06981 docs: add Native Sandboxing comprehensive documentation (v3.21.1) 
Integration of official Anthropic sandboxing docs (5/5 CRITICAL):

Created (5 files):
- guide/sandbox-native.md (~3K words): Complete technical reference
  * OS primitives (Seatbelt/bubblewrap), filesystem/network isolation
  * Sandbox modes, escape hatch, security limitations
  * Decision trees, config examples, troubleshooting
- docs/resource-evaluations/native-sandbox-official-docs.md (5/5 score)
- examples/config/sandbox-native.json (production config)
- examples/commands/sandbox-status.md (sandbox inspection)
- examples/hooks/bash/sandbox-validation.sh (prod validation)

Updated (5 files):
- guide/sandbox-isolation.md: Section 4 "Native Claude Code Sandbox"
  * Comparison Native vs Docker (process-level vs microVM)
  * Updated TL;DR, comparison matrix, decision tree
- guide/architecture.md: Native Sandbox sub-section in Security Model
- machine-readable/reference.yaml: +24 sandbox entries
- VERSION: 3.21.0 → 3.21.1
- README.md: Templates 100→103, Evaluations 44→45
- CHANGELOG.md: v3.21.1 entry

Closes critical security documentation gap (~1800 words missing).
Fact-checked 100%, agent-challenged (technical-writer), production-ready.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 20:24:17 +01:00
Florian BRUNIAUX
0630fcd883 feat: add configuration management and MCP secrets workflows (closes #16204) 
Major additions to address critical gaps in Claude Code configuration:

## New Documentation Sections

1. Section 3.2.1 "Version Control & Backup" (guide/ultimate-guide.md:4085)
   - Configuration hierarchy: global → project → local
   - Git strategy for ~/.claude (symlinks approach)
   - Backup strategies: Git remote, cloud sync, cron
   - Multi-machine sync workflows
   - Disaster recovery procedures
   - Documented .claude/settings.local.json (previously undocumented)

2. Section 8.3.1 "MCP Secrets Management" (guide/ultimate-guide.md:8113)
   - Three practical approaches: OS Keychain, .env, Secret Vaults
   - Secrets rotation workflow
   - Pre-commit secret detection
   - Verification checklist
   - Best practices summary

## New Templates

1. sync-claude-config.sh (examples/scripts/)
   - Commands: setup, sync, backup, restore, validate
   - .env parsing + envsubst for variable substitution
   - Git repo creation with symlinks
   - Validation checks (secrets not in Git)

2. pre-commit-secrets.sh (examples/hooks/bash/)
   - Detects 10+ secret patterns (OpenAI, GitHub, AWS, etc.)
   - Whitelist system for false positives
   - Clear error messages with remediation steps

3. settings.local.json.example (examples/config/)
   - Machine-specific overrides template
   - Example use cases and patterns

## Resource Evaluation

- Added docs/resource-evaluations/ratinaud-config-management-evaluation.md
- Score: 5/5 (CRITICAL)
- Validated via 3 Perplexity searches + technical-writer agent challenge
- Community demand: GitHub #16204 + brianlovin/claude-config

## Updated References

- machine-readable/reference.yaml: 22 new entries
- Configuration management sections
- MCP secrets workflows
- Community resources (Ratinaud, brianlovin, GitHub issue)

## Impact

- Security: Pre-commit hook prevents secret leaks
- Productivity: Multi-machine sync reduces manual reconfig
- Team coordination: Onboarding workflow for ~/.claude setup
- Disaster recovery: Backup/restore strategies documented

Credits:
- Martin Ratinaud (504 sessions, LinkedIn post)
- brianlovin/claude-config (community example)
- GitHub Issue #16204 (community request)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 18:17:42 +01:00
Florian BRUNIAUX
1000cb6e85 docs: add RTK integration templates and evaluation 
- Evaluation: docs/resource-evaluations/rtk-evaluation.md (4/5 score, comprehensive benchmarks)
- CLAUDE.md template: examples/claude-md/rtk-optimized.md (manual usage instructions)
- Skill template: examples/skills/rtk-optimizer/SKILL.md (auto-suggestion)
- Hook template: examples/hooks/bash/rtk-auto-wrapper.sh (PreToolUse auto-wrapper)
- PR proposals: claudedocs/rtk-pr-proposals.md (7 upstream improvements)

These templates enable 3 RTK integration strategies referenced in guide:10478
 2026-01-28 13:03:10 +01:00
Florian BRUNIAUX
edf74b38c5 docs: add missing hook events from official CHANGELOG (v2.1.9-v2.1.10) 
- Add 3 missing events to Section 7.1: Setup, PermissionRequest, SubagentStop
- Document PreToolUse additionalContext feature (v2.1.9+)
- Create 3 production-ready hook templates (setup, permission, subagent)
- Add resource evaluation documenting rejection of secondary source

Source: Official Claude Code CHANGELOG, not external blog posts
Closes gap identified during resource evaluation process

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-27 12:45:47 +01:00
Florian BRUNIAUX
5fbea061d5 docs: add Agent Vibes TTS integration documentation (v3.11.1) 
Added comprehensive documentation for text-to-speech integration via Agent Vibes MCP server.

New files (8):
- examples/integrations/agent-vibes/README.md - Quick start guide
- examples/integrations/agent-vibes/installation.md - 18-minute setup procedure
- examples/integrations/agent-vibes/voice-catalog.md - 15 voices (4 FR models, 128 speakers)
- examples/integrations/agent-vibes/troubleshooting.md - 7 common issues solved
- guide/workflows/tts-setup.md - Step-by-step workflow
- examples/hooks/bash/tts-selective.sh - Custom selective TTS hook
- examples/claude-md/tts-enabled.md - Project template

Documentation:
- guide/ai-ecosystem.md (section 5.1) - TTS tools overview
- guide/README.md - Added TTS workflow reference
- machine-readable/reference.yaml - 8 TTS entries

Version updates:
- VERSION: 3.11.0 → 3.11.1
- README.md: Template count 71 → 83
- CHANGELOG.md: Added v3.11.1 entry
- Synced version across all docs (cheatsheet, ultimate-guide, reference.yaml)

Other:
- .gitignore: Added audio file exclusions (*.wav, *.mp3, *.onnx)

Context: Tested Agent Vibes v3.0.0 + Piper TTS with French voices. Works offline, no cloud dependency.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-22 16:08:32 +01:00
Florian BRUNIAUX
7fd4048d5e feat: add learning guide & website badge 
- Add "Visit Website" badge to README.md (prominent, top position)
- Add learning-with-ai.md guide for junior developers (~900 lines)
  - UVAL Protocol, dependency patterns, 30-day progression plan
- Add 3 learning templates (55 total):
  - examples/claude-md/learning-mode.md
  - examples/commands/quiz.md
  - examples/hooks/bash/learning-capture.sh
- Fix template count: 52 → 55 (was incorrectly showing 56)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 18:42:34 +01:00
Florian BRUNIAUX
34b2ca7200 feat(security): add security hardening guide and hooks v3.6.0 
- Add guide/security-hardening.md (~10K) covering:
  - MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136
  - Prompt injection evasion techniques (Unicode, ANSI, null bytes)
  - Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian)
  - Incident response procedures

- Add 3 new security hooks:
  - unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection
  - repo-integrity-scanner.sh: scan README/package.json for injection
  - mcp-config-integrity.sh: verify MCP config hash

- Update existing hooks:
  - prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd
  - output-secrets-scanner.sh: +env leakage, +generic tokens

- Update cross-references in ultimate-guide.md (§7.4, §8.6)
- Move MCP Security Hardening to Done in IDEAS.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-15 07:39:53 +01:00
Florian BRUNIAUX
8a4d116e2e feat(docs): add LLM Handbook + Google Whitepaper integration v3.3.0 
Advanced Guardrails:
- prompt-injection-detector.sh (PreToolUse)
- output-validator.sh (PostToolUse heuristics)
- claudemd-scanner.sh (SessionStart injection detection)
- output-secrets-scanner.sh (PostToolUse secrets leak prevention)

Observability & Monitoring:
- session-logger.sh (JSONL activity logging)
- session-stats.sh (cost tracking & analysis)
- guide/observability.md (full documentation)

LLM-as-a-Judge Evaluation:
- output-evaluator.md agent (Haiku)
- /validate-changes command
- pre-commit-evaluator.sh (opt-in git hook)

Google Agent Whitepaper Integration:
- Context Triage Guide (Section 2.2.4)
- CLAUDE.md Injection Warning (Section 3.1.3)
- Agent Validation Checklist (Section 4.2.4)
- MCP Security: Tool Shadowing & Confused Deputy (Section 8.6)
- Session vs Memory patterns (Section 3.3.3)

Stats: 10 new files, 8 modified, 5 new guide sections

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-14 21:00:49 +01:00
Florian BRUNIAUX
19110eba22 feat(docs): add comprehensive data privacy documentation v3.2.0 
- Create guide/data-privacy.md with retention policies (5y/30d/0)
- Add privacy notice to README.md
- Add section 2.6 "Data Flow & Privacy" to ultimate-guide.md
- Add Golden Rule #7 to cheatsheet.md (know what's sent)
- Add Phase 0.5 Privacy Awareness to onboarding-prompt.md
- Add privacy checks to audit-prompt.md
- Add PRIVACY CHECK section to audit-scan.sh (human + JSON)
- Add privacy reminder to check-claude.sh
- Create privacy-warning.sh SessionStart hook

Addresses user awareness of Anthropic data retention and opt-out options.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-14 20:42:19 +01:00
Florian BRUNIAUX
bc07651cdf refactor: restructure repo into thematic directories v3.1.0 
Major repository reorganization for improved navigation:

New directory structure:
- guide/ - Core documentation (ultimate-guide, cheatsheet, adoption)
- tools/ - Interactive utilities (audit, onboarding, mobile-access)
- machine-readable/ - LLM/AI consumption (reference.yaml, llms.txt)
- exports/ - Generated outputs (PDFs)

Changes:
- Move 10 files to thematic directories with cleaner names
- Create README.md index for each new directory
- Update 150+ internal links across all documentation
- Add "Repository Structure" section to main README
- Remove redundant npm install command from README header
- Remove unverified cost estimate from prerequisites
- Fix broken anchor link (#-quick-start-15-minutes)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-13 15:30:02 +01:00
Florian BRUNIAUX
96f0435291 feat(examples): add production-ready commands, hooks, and comprehensive documentation 
Added 3 production slash commands:
- /pr: PR creation with complexity scoring and scope analysis
- /release-notes: Generate release notes in 3 formats with migration detection
- /sonarqube: Analyze SonarCloud quality issues for PRs

Added 2 production hooks:
- dangerous-actions-blocker.sh: PreToolUse security hook blocking destructive operations
- notification.sh: Contextual macOS alerts with sound mappings

Created comprehensive hooks documentation (examples/hooks/README.md)

Improved README discoverability:
- Moved "What's Inside" to line 24 for immediate visibility
- Added DeepWiki interactive documentation explorer section
- Added "Ready-to-Use Examples" section with command/hook tables

Extended guide documentation:
- Expanded bash mode (!) with 9 concrete examples
- Documented file references (@) with usage patterns
- Updated statistics: guide now 8,505 lines (+837 lines, +10.9%)

All templates are fully generic with no project-specific references.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-10 17:30:30 +01:00
Florian BRUNIAUX
b2acc9b115 feat: add Learning Paths, examples, and project governance files 
### New Content
- Learning Paths section in README (Junior/Senior/Power User/PM tracks)
- examples/ folder with 18 ready-to-use templates:
  - 4 agents (code-reviewer, test-writer, security-auditor, refactoring)
  - 2 skills (TDD workflow, security checklist)
  - 3 commands (commit, review-pr, generate-tests)
  - 4 hooks (bash + PowerShell for security, formatting)
  - 3 config templates (settings, MCP, gitignore)
  - 2 memory templates (project + personal CLAUDE.md)

### Governance
- CHANGELOG.md: Version history (1.0.0 → 1.1.0 → Unreleased)
- CONTRIBUTING.md: Contribution guidelines for community

### Documentation
- llms.txt: Updated structure with new files/folders

This update makes the guide more actionable with concrete templates
and provides clear learning paths for different skill levels.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-10 14:25:22 +01:00