marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
389 commits 1 branch 0 tags 20 MiB
Commit graph

15 commits

Author SHA1 Message Date
Florian BRUNIAUX
2b9c654f0f docs(entire-cli): enrich 4 guide files with production diagrams from issue #802 
6 additions across ai-traceability, ai-ecosystem, third-party-tools, security-hardening.

- ai-traceability.md: full hook architecture diagram (sans/avec Entire),
  real checkpoint structure (entire/checkpoints/v1/ tree), orphan branch
  diagram, Go/No-Go thresholds table with 2h spike commands
- ai-ecosystem.md: agent handoffs flow diagram (Claude → Gemini, no cold start)
- third-party-tools.md: delta table vs existing setups (JSONL, attribution,
  handoffs) + evaluation stop criteria
- security-hardening.md: approval gate flow diagram (policy check →
  low/high risk → approve/reject → audit trail)

Source: github.com/methode-aristote/app/issues/802

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 15:11:32 +01:00
Florian BRUNIAUX
18a6e0ce5c docs(security): update threat-db v2.5.0 + security-hardening CVE table 
threat-db.yaml:
- 6 new CVEs: CVE-2026-25253 (OpenClaw 1-click RCE, CVSS 8.8),
  CVE-2026-25725 (Claude Code sandbox escape), CVE-2026-3484
  (nmap-mcp-server cmd injection), CVE-2025-35028 (HexStrike critical
  9.1, no patch), CVE-2025-15061 (Figma MCP critical 9.8),
  CVE-2026-0757 (MCP Manager sandbox escape)
- T013: Autonomous Safety Control Bypass (Ona research, 2026-03-03)
- openclaw v2026.1.29 added to minimum_safe_versions
- 10 new sources, version bump 2.4.0 → 2.5.0

security-hardening.md:
- CVE table extended from 9 to 15 entries
- Callouts added for 4 critical/unpatched CVEs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:08:32 +01:00
Florian BRUNIAUX
8e63d84b47 docs: factual audit + reference sync — 260 findings corrected 
Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 12:10:14 +01:00
Florian BRUNIAUX
5e893f3ccd docs: add Remote Control (§9.22) — mobile access feature documentation 
- New section 9.22 in ultimate-guide.md with full Remote Control coverage
- Cheatsheet: dedicated section + Features Méconnues + slash commands
- security-hardening.md: Part 7 Remote Control Security threat model
- machine-readable/reference.yaml: /rc, /remote-control, /mobile, subcommand
- Resource evaluation: 2026-02-25 (score 4/5, community feedback included)

Key original content vs official Anthropic docs:
- Slash commands (/new, /compact) broken in remote UI — undocumented
- tmux multi-session workaround for 1-session limit
- Community security analysis (RCE surface, CISO implications)

Research Preview — Pro/Max plans only (v2.1.51+)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:45:41 +01:00
Florian BRUNIAUX
92643c1a6b docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners 
New CVEs:
- CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet)
- SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox)

New entries:
- Attack technique T010: Agent-to-Agent Communication Injection
- 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai
- 1 new defensive resource: Anthropic Claude Code Security (2026-02-21)
- 4 new sources (Lakera, Penligent AI, Snyk, THN)

Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:14:34 +01:00
Florian BRUNIAUX
9218ab37d6 feat: security scanning workflow (auditor + patcher + gate hook) 
- security-hardening.md Part 4: PR security review workflow
  3-agent pipeline: scan → data flow trace → patch
  Tableau par type de changement (auth, DB, upload, deps)
  Hook pre-push git pour alerter sur fichiers sensibles
- security-patcher agent: applique les findings du security-auditor
  Propose avant d'écrire, jamais en autonomie (human approval gate)
  Séparation nette detect vs patch
- security-gate.sh hook: PreToolUse, 7 patterns vulnérables bloqués
  SQLi, XSS innerHTML, secrets hardcodés, eval() dynamique,
  hash faible (MD5/SHA1 password), command injection, path traversal
  Complément de dangerous-actions-blocker.sh (ops système)
- Claude Code Security (research preview) documentée dans security-hardening.md
  Comparaison Security Auditor Agent vs feature Anthropic
- reference.yaml: 4 nouvelles entrées indexées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:21:35 +01:00
Florian BRUNIAUX
0d6a0c656e docs: add git-worktree suite, security kill switch, update reference.yaml + CC releases 
- Git worktree commands: overhauled main + 3 new (status, remove, clean)
- Security hardening: AI Kill Switch & Containment Architecture (§3.5)
- DevOps SRE: cross-reference to security-hardening for AI incidents
- CC releases: v2.1.43-v2.1.44 tracking
- reference.yaml: 12 new entries, evaluations count 67 → 74

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 10:20:57 +01:00
Florian BRUNIAUX
ac9b07a837 docs(guide): add YAML frontmatter to 24 top-level guide files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:31 +01:00
Florian BRUNIAUX
d72905e9ba docs: integrate Entire CLI across guide (v3.27.0) 
Major integration of Entire CLI, an agent-native platform launched
Feb 2026 by Thomas Dohmke (ex-GitHub CEO) with $60M funding. Provides
rewindable checkpoints, approval gates, and audit trails for AI sessions.

## Added (7 guide files + 3 meta files)

- **ai-traceability.md**: Replace git-ai 404 with Entire CLI (section 5.1)
- **third-party-tools.md**: Fill "Session replay" gap + add tool section
- **observability.md**: Add session portability alternative
- **ai-ecosystem.md**: Add governance-first orchestration (section 8.1.5)
- **ultimate-guide.md**: Enrich multi-instance section 9.17
- **security-hardening.md**: Add compliance audit trails (section 3.4)
- **cheatsheet.md**: Add Community Tools quick reference
- **README.md**: Update structure tree with third-party-tools mention
- **CHANGELOG.md**: Document v3.27.0 release
- **docs/resource-evaluations/entire-cli.md**: Formal evaluation (5/5)

## Fixed

- git-ai references (404 repo) replaced with working alternative
- "Session replay" Known Gap now marked as  FILLED

## Key Features Documented

- Rewindable checkpoints (prompts + reasoning + tool usage)
- Governance layer (approval gates, permissions, audit trails)
- Multi-agent handoffs (Claude → Gemini with context)
- Compliance-ready (SOC2, HIPAA, FedRAMP)
- Session portability (path-agnostic vs native --resume)

## Positioning

- vs git-ai: Replaces non-existent tool (404)
- vs claude-code-viewer: Active replay vs read-only history
- vs Gas Town: Governance sequential vs parallel coordination

Files modified: 10 (7 content + 3 meta)
Words added: ~2,500
Version: 3.26.0 → 3.27.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-12 23:33:16 +01:00
Florian BRUNIAUX
deb518ceff fix(security): fact-check corrections across threat-db and hardening guide 
- CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate)
- CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD)
- CVE-2026-25536: add missing fixed_in 1.26.0
- CVE-2026-25546: add missing fixed_in 0.1.1
- Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001
- Fix Flatt Security URL to specific blog post
- Fix SentinelOne URL to specific CVE page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-11 15:11:13 +01:00
Florian BRUNIAUX
17846b1179 docs: complete Wasp fullstack essentials integration 
Complete all 4 action items from wasp-fullstack-essentials-eval.md resource
evaluation (score 3/5). Framework-agnostic insights only, promotional content
excluded.

Changes (3 sections):

1. Background tasks workflow (Section 9.5)
   - New subsection: "Background Tasks for Fullstack Development"
   - When to background tasks (5 scenarios table)
   - Fullstack workflow pattern with examples
   - Context rot prevention strategies
   - Limitations and workarounds
   - Integration with teleportation
   - /tasks monitoring guide
   - ~100 lines added to Section 9.5 "Tight Feedback Loops"

2. Chrome DevTools MCP (mcp-servers-ecosystem.md)
   - New server entry in "Browser Automation" section
   - Official Anthropic server (not community)
   - Comparison table vs Playwright MCP (debugging vs testing)
   - Setup and configuration
   - Use cases and limitations
   - Updated stats: 3 browser servers (was 2), 6 official servers (was 5)
   - ~60 lines added to Browser Automation section

3. Convention-over-config for AI (Section 9.18.1)
   - New subsection: "Convention-Over-Configuration for AI Agents"
   - Why opinionated frameworks reduce agent cognitive load
   - Comparison table: custom vs opinionated architectures
   - Examples: Next.js, Rails, Phoenix, Django
   - Real-world impact on agent productivity
   - Trade-offs analysis
   - Connection to CLAUDE.md sizing (token reduction)
   - ~60 lines added to Section 9.18.1

Total additions: ~220 lines (workflow patterns + MCP server + AX framework)

Source evaluation: docs/resource-evaluations/wasp-fullstack-essentials-eval.md
Primary sources: llmstxt.org (llms.txt), official docs (background tasks, Chrome
DevTools MCP), existing Section 9.18 (Marmelab/AX framework)

Related commits:
- 783c43b: llms.txt conceptual documentation (completed earlier)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 10:00:53 +01:00
Florian BRUNIAUX
bc86c8ed7f release: v3.20.6 - agentskills.io integration + 4 resource evaluations 
- agentskills.io open standard: frontmatter table, skills-ref CLI, portability section
- Agent Skills supply chain risks (security-hardening.md §1.2)
- anthropics/skills (60K+★) added to complementary resources
- 16 new reference.yaml entries
- Resource evaluations: agentskills.io (4/5), Skill Doctor (2/5), dclaude (new), paddo (new)
- Sandbox isolation + README updates

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 16:49:33 +01:00
Florian BRUNIAUX
c84c56bfbd docs: add AI Traceability & Attribution guide 
Comprehensive documentation on AI code attribution and disclosure:

- New guide: guide/ai-traceability.md (~640 lines)
  - LLVM "Human-in-the-Loop" policy (Assisted-by trailer)
  - Ghostty mandatory disclosure pattern
  - Fedora contributor accountability framework
  - git-ai tool documentation
  - PromptPwnd security vulnerability
  - Four-level disclosure spectrum
  - Implementation guides (solo, team, enterprise)

- Templates: examples/config/
  - CONTRIBUTING-ai-disclosure.md
  - PULL_REQUEST_TEMPLATE-ai.md

- Cross-references added to:
  - ultimate-guide.md (after Co-Authored-By section)
  - learning-with-ai.md (after Vibe Coding Trap)
  - security-hardening.md (See Also)
  - guide/README.md (table of contents)

- reference.yaml: 14 new entries for AI traceability topics

Source: Vibe coding needs git blame (Piotr Migdał, Jan 2026)
+ Perplexity research on LLVM, Ghostty, Fedora policies

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-24 20:11:53 +01:00
Florian BRUNIAUX
46c5862c4e fix(docs): critical factual corrections v3.6.1 
Major audit correcting misleading documentation about Claude Code behavior:

### Fixed
- `--add-dir`: permissions (not context loading)
- `excludePatterns` → `permissions.deny` (never existed)
- `.claudeignore` removed (not an official feature)
- "selective loading" myth → lazy loading reality
- Invented CLI flags (`--think`, `--headless`, `--learn`) → prompt keywords
- `@` file reference: "loads automatically" → "reads on-demand"

### Added
- Session Search Tool (`cs`) - zero-dep bash script for finding sessions
- Security section: Known limitations of permissions.deny

15 files modified, 516 insertions, 200 deletions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-15 09:16:53 +01:00
Florian BRUNIAUX
34b2ca7200 feat(security): add security hardening guide and hooks v3.6.0 
- Add guide/security-hardening.md (~10K) covering:
  - MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136
  - Prompt injection evasion techniques (Unicode, ANSI, null bytes)
  - Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian)
  - Incident response procedures

- Add 3 new security hooks:
  - unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection
  - repo-integrity-scanner.sh: scan README/package.json for injection
  - mcp-config-integrity.sh: verify MCP config hash

- Update existing hooks:
  - prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd
  - output-secrets-scanner.sh: +env leakage, +generic tokens

- Update cross-references in ultimate-guide.md (§7.4, §8.6)
- Move MCP Security Hardening to Done in IDEAS.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-15 07:39:53 +01:00