marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
353 commits 1 branch 0 tags 20 MiB
Commit graph

85 commits

Author SHA1 Message Date
Florian BRUNIAUX
92643c1a6b docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners 
New CVEs:
- CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet)
- SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox)

New entries:
- Attack technique T010: Agent-to-Agent Communication Injection
- 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai
- 1 new defensive resource: Anthropic Claude Code Security (2026-02-21)
- 4 new sources (Lakera, Penligent AI, Snyk, THN)

Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:14:34 +01:00
Florian BRUNIAUX
dbb62306d7 release: v3.28.1 - Visual Diagrams Series (40 Mermaid diagrams) 
guide/diagrams/: new directory with 40 interactive Mermaid diagrams
- 10 thematic files: foundations, context/sessions, configuration,
  architecture, MCP ecosystem, dev workflows, multi-agent patterns,
  security/production, cost/optimization, adoption/learning
- Each diagram: Mermaid (GitHub-native) + ASCII fallback + source link
- Bold Guy palette (6-color system) consistent across all diagrams
- README with index, visual palette legend, navigation by use case

Also includes (backlog from v3.28.0→v3.28.1):
- guide/ultimate-guide.md: Managing Large MCP Server Sets, AI Code
  Disclosure Policy, claude-mem Gemini alternative, observability
- guide/workflows/plan-driven.md: Boris Tane custom markdown plans (+172L)
- guide/security-hardening.md: Part 4 PR security review workflow
- examples/agents/security-patcher.md: new security agent
- examples/hooks/bash/security-gate.sh: PreToolUse security hook
- guide/observability.md: activity monitoring, external tools, proxying
- docs/resource-evaluations/: 4 new evaluations (Boris Cherny, Moigneu,
  Boris Tane, Aristote AI instructions)
- README.md: Visual Diagrams section in "What Makes This Guide Unique"

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:51:21 +01:00
Florian BRUNIAUX
9218ab37d6 feat: security scanning workflow (auditor + patcher + gate hook) 
- security-hardening.md Part 4: PR security review workflow
  3-agent pipeline: scan → data flow trace → patch
  Tableau par type de changement (auth, DB, upload, deps)
  Hook pre-push git pour alerter sur fichiers sensibles
- security-patcher agent: applique les findings du security-auditor
  Propose avant d'écrire, jamais en autonomie (human approval gate)
  Séparation nette detect vs patch
- security-gate.sh hook: PreToolUse, 7 patterns vulnérables bloqués
  SQLi, XSS innerHTML, secrets hardcodés, eval() dynamique,
  hash faible (MD5/SHA1 password), command injection, path traversal
  Complément de dangerous-actions-blocker.sh (ops système)
- Claude Code Security (research preview) documentée dans security-hardening.md
  Comparaison Security Auditor Agent vs feature Anthropic
- reference.yaml: 4 nouvelles entrées indexées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:21:35 +01:00
Florian BRUNIAUX
6049bd99c2 release: v3.28.0 - Section 2.5 Model Selection & Thinking Guide 
Section canonique consolidée pour le choix de modèle :
- Section 2.5 (decision table, effort levels avec prompts, model-per-agent patterns, thinking guide)
- 3 nouveaux agents : planner (Opus), implementer (Haiku), architecture-reviewer (Opus)
- 7 nouvelles questions quiz (09-037→09-043, intermediate→power)
- 3 tables redondantes remplacées par cross-refs vers Section 2.5

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-21 18:25:50 +01:00
Florian BRUNIAUX
00cb973bdb docs: add Talk Preparation Pipeline workflow + skill templates 
6-stage pipeline: raw material → conference talk → Kimi AI slides.

New files:
- guide/workflows/talk-pipeline.md — Full workflow guide (REX vs Concept
  modes, stage-by-stage breakdown, CHECKPOINT mechanics, Kimi handoff,
  real-world DevWithAI example, 5 design patterns documented)
- examples/skills/talk-pipeline/ — 7 SKILL.md files + orchestrator + 2
  templates (feedback-draft.md, kimi-prompt-template.md)

Updated:
- README.md — badges 164→172 templates, Feb 20 date, 13→14 skills
- guide/workflows/README.md — Talk Pipeline entry under Design & Content
- machine-readable/reference.yaml — 16 new entries for pipeline components
- CHANGELOG.md — [Unreleased] entry

Design patterns showcased: skill chaining + file-based state, tool
permission scoping (Bash only Stage 2), human-in-the-loop CHECKPOINT
(Stage 4), AI-to-AI handoff (Claude → Kimi), dual execution modes
(REX/Concept).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 15:51:29 +01:00
Florian BRUNIAUX
6d847d24de docs: add Profile-Based Module Assembly pattern (Section 3.5) 
- Section 3.5 "Team Configuration at Scale" in ultimate-guide.md:
  profiles YAML + shared modules + skeleton + assembler script;
  59% context token reduction measured on 5-dev production team;
  includes CI drift detection, 5-step replication guide, trade-offs
- New workflow: guide/workflows/team-ai-instructions.md (6 phases,
  scaling thresholds, troubleshooting table)
- New templates: examples/team-config/ (profile-template.yaml,
  claude-skeleton.md, sync-script.ts)
- reference.yaml: 9 new entries for team_ai_instructions_*
- README: templates count 161 → 164, date Feb 19 → Feb 20
- CHANGELOG [Unreleased]: resource evaluations (AGENTS.md ETH Zürich
  4/5, Sylvain Chabaud 3/5), spec-first Task Granularity section,
  methodologies ATDD expansion

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 15:04:29 +01:00
Florian BRUNIAUX
46b5f39f52 docs: update examples README and reference.yaml for claude-code-review.yml 
- examples/README.md: github-actions count 3→4, add new workflow row
- machine-readable/reference.yaml: 6 new entries (workflow, prompt, pattern, tools, auth, cost)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 14:58:27 +01:00
Florian BRUNIAUX
9b75b5125e release: v3.27.8 - prompt-based GitHub Actions code review workflow 
New examples/github-actions/claude-code-review.yml with externalized prompt,
anti-hallucination protocol, /claude-review on-demand trigger. Templates 116→161.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 14:23:15 +01:00
Florian BRUNIAUX
267ce0ba86 chore: update guide content and add new examples 
- Update ultimate guide and cheatsheet
- Update llms.txt and reference YAML
- Add velocity-governor hook and cc-sessions script

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 18:48:19 +01:00
Florian BRUNIAUX
c3da456d3a release: v3.27.6 - Sonnet 4.6 default + 200K vs 1M context guide 
- Pricing table: Sonnet 4.6 now default (Feb 2026)
- New section: 200K vs 1M context decision guide (MRCR bench, cost table, use cases)
- threat-db.yaml v2.1.0: CVE-2026-23744, Slopsquatting T009, OWASP Agentic AI Top 10

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 09:33:55 +01:00
Florian BRUNIAUX
0d6a0c656e docs: add git-worktree suite, security kill switch, update reference.yaml + CC releases 
- Git worktree commands: overhauled main + 3 new (status, remove, clean)
- Security hardening: AI Kill Switch & Containment Architecture (§3.5)
- DevOps SRE: cross-reference to security-hardening for AI incidents
- CC releases: v2.1.43-v2.1.44 tracking
- reference.yaml: 12 new entries, evaluations count 67 → 74

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 10:20:57 +01:00
Florian BRUNIAUX
7d43b67bcd docs: add review-plan command + rules templates (inspired by Garry Tan) 
Structured plan review across 4 axes (architecture, code quality, tests,
performance) as a reusable custom command with separate rules files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 20:34:33 +01:00
Florian BRUNIAUX
c955098cc7 docs: add plugin marketplace install for session-summary 
Link to FlorianBruniaux/claude-code-plugins in ecosystem section
and hooks README. Plugin system auto-wires hooks, no manual config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:58:58 +01:00
Florian BRUNIAUX
9075b966ab fix: make session-summary-config.sh compatible with Bash 3.2+ (macOS) 
Replace all `declare -A` (associative arrays, Bash 4+ only) with simple
variables and helper functions. Fixes crash on macOS default Bash 3.2:
- "operand expected" at line 40
- "meta: unbound variable" at line 43

Reported by community user (Slack).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:42:20 +01:00
Florian BRUNIAUX
66ebec567a docs: add SkillHub badge and update skills listing to 13 
- Add SkillHub badge (9 skills) to README header
- Update examples/README.md with 5 new skill entries
- Link to SkillHub profile for installable skills

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 21:24:17 +01:00
Florian BRUNIAUX
52d76411e3 feat(skills): publish 5 new skills to SkillHub 
Add skill-creator, landing-page-generator, ccboard, guide-recap,
and release-notes-generator with genericized content (no personal
refs, FR→EN translation, placeholder URLs/paths).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 21:10:09 +01:00
Florian BRUNIAUX
e504f0d1bf feat: add session summary screenshot, skills, and GitHub templates 
- Add session-summary-v3.png screenshot for hook documentation
- Add GitHub issue templates (bug report, feature request, question)
- Add new skills: ccboard, guide-recap, landing-page-generator,
  release-notes-generator, skill-creator

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 20:55:16 +01:00
Florian BRUNIAUX
e60b24d27c docs(examples): add YAML frontmatter to 19 miscellaneous example files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:21:00 +01:00
Florian BRUNIAUX
9170095320 docs(examples): add YAML frontmatter to 7 README files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:57 +01:00
Florian BRUNIAUX
3029d1d3b8 docs(examples): add YAML frontmatter to 5 claude-md templates 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:37 +01:00
Florian BRUNIAUX
91d36f00dd docs(examples): add YAML frontmatter to 20 command templates 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:36 +01:00
Florian BRUNIAUX
d1182af4cf docs: v3.27.1 — fact-check corrections, grepai docs, RTK overhaul 
Fact-check (README positioning):
- Template count: 120/123 → 108 (ground truth recount)
- Ratio: 14× → 24× (19,000 ÷ 784 = 24.2×)
- everything-cc stars: 31.9k → 45k+ (verified Feb 15)
- Commands count: 20 → 23, hooks: 30 → 31

Added:
- Grepai MCP documentation (semantic search, call graphs)
- 3 hook templates (rtk-baseline, session-summary, session-summary-config)
- 2 resource evaluations (system-prompts update, qmd token savings)

Changed:
- RTK documentation overhaul (v0.7.0 → v0.16.0, rtk-ai org)
- Exports deprecated (kimi.pdf, notebooklm.pdf → deprecated/)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 18:41:45 +01:00
Florian BRUNIAUX
971a297db3 feat(security): add threat intelligence DB, security commands, and cheatsheet audit fixes (v3.26.0) 
- Add threat-db.yaml v2.0.0 with 63 malicious skills, 22 CVEs, 4 campaigns
- Add /security-check, /security-audit, /update-threat-db slash commands
- Add Snyk ToxicSkills evaluation (58th resource evaluation)
- Fix cheatsheet: add Alt+T to keyboard shortcuts table, add /fast and /debug commands
- Update Features Meconnues table with Agent Teams and Auto-Memories
- Clean up cheatsheet.md.bak
- Bump version to 3.26.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-11 16:12:36 +01:00
Florian BRUNIAUX
deb518ceff fix(security): fact-check corrections across threat-db and hardening guide 
- CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate)
- CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD)
- CVE-2026-25536: add missing fixed_in 1.26.0
- CVE-2026-25546: add missing fixed_in 0.1.1
- Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001
- Fix Flatt Security URL to specific blog post
- Fix SentinelOne URL to specific CVE page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-11 15:11:13 +01:00
Florian BRUNIAUX
ef7cdd899e release: v3.24.0 - Agent Evaluation Framework 
Major addition: Complete agent evaluation framework with production-ready template.

## Added

- **Resource Evaluation**: nao framework (score 3/5)
  - Identified critical gap: agent evaluation not documented
  - Technical challenge adjusted score 2/5 → 3/5
  - All claims fact-checked (TypeScript 58.9%, Python 38.5%)

- **Guide Section**: Agent Evaluation (guide/agent-evaluation.md, ~3K tokens)
  - Metrics: response quality, tool usage, performance, satisfaction
  - Patterns: logging hooks, unit tests, A/B testing, feedback loops
  - Example: analytics agent with built-in metrics
  - Tools: nao framework reference, Claude Code hooks integration

- **AI Ecosystem**: Section 8.2 Domain-Specific Agent Frameworks
  - nao (Analytics Agents): Database-agnostic, built-in evaluation
  - Transposable patterns: context builder, evaluation hooks, DB integrations

- **Template**: Analytics Agent with Evaluation (5 files, ~1K lines)
  - README: setup, usage, troubleshooting
  - Agent: SQL generator with evaluation criteria, safety rules
  - Hook: automated metrics logging (safety, performance, errors)
  - Script: analysis with stats, safety reports, recommendations
  - Report template: monthly evaluation format

## Changed

- Agent Evaluation Guide: updated template references, verified links
- Landing Site: templates count 110 → 114
- Version: 3.23.5 → 3.24.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 11:52:13 +01:00
Florian BRUNIAUX
d0320f3e30 docs: add memory stack integration workflow example 
Real-world 5-day sprint example showing claude-mem + Serena + grepai integration.

Scenario: JWT migration across e-commerce API (50k lines, 200+ files)

Demonstrates:
- Day 1: Discovery with grepai + architectural decisions in Serena
- Day 2: Implementation with auto-capture via claude-mem
- Day 3: Integration with context retention across sessions
- Day 4: Testing with full memory stack
- Day 5: Deployment with comprehensive handoff docs

Key metrics:
- 85% reduction in file re-reads (1000 → 150)
- 90% token savings via progressive disclosure
- 4 Serena memories (arch decisions preserved)
- 312 observations captured automatically
- $4.68 total cost for 5 days of perfect memory
- Net ROI: $0.43 cost vs 425k tokens saved

Shows practical usage:
- When to use auto vs manual memory
- Progressive disclosure in action
- Memory search queries
- Handoff documentation generation
- Cost analysis and ROI

File: examples/workflows/memory-stack-integration.md

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 09:36:37 +01:00
Florian BRUNIAUX
d5c3a82cac docs: add claude-mem plugin documentation (automatic session memory) 
Integrate claude-mem (thedotmack/claude-mem) into the guide as Section 8.2.5.
Score: 4/5 (High Value - automatic session capture fills documentation gap).

Added:
- Section 8.2.5: claude-mem plugin (automatic session memory)
  * Automatic capture via lifecycle hooks
  * AI compression + progressive disclosure (10x tokens)
  * Web dashboard at localhost:37777
  * Natural language search
  * Privacy controls (<private> tags)
  * Cost analysis ($0.15/100 obs)
  * AGPL-3.0 licensing considerations

- Memory Tools Decision Matrix (claude-mem vs Serena vs grepai)
  * 4-layer memory stack pattern
  * Integrated workflow examples
  * When to use automatic vs manual memory

- Plugin template: examples/plugins/claude-mem.md
  * Installation, configuration, troubleshooting
  * Advanced features (progressive disclosure, endless mode)
  * Export/import, cost optimization

- Resource evaluation: docs/resource-evaluations/claude-mem-evaluation.md
  * Technical analysis (fact-checked stats)
  * Comparison to existing tools
  * Integration recommendations

- reference.yaml: 14 new claude-mem entries

Changed:
- Updated search tools comparison (5 tools: rg, grepai, Serena, ast-grep, claude-mem)
- Extended feature matrix with "Auto capture" and "Web dashboard" rows

Stats (verified 2026-02-10):
- 26.5k GitHub stars, 1.8k forks
- 181 releases, 46 contributors
- Latest: v9.1.1 (Feb 7, 2026)
- License: AGPL-3.0 + PolyForm Noncommercial

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 08:47:17 +01:00
Florian BRUNIAUX
191ff42741 release: v3.23.4 - Agent Anti-Patterns & Scope-Focused Refactoring 
Major conceptual refactoring based on Dex Horty's principle:
"Subagents are not for anthropomorphizing roles, they are for controlling context"

### Added (1 new section)
- Agent Anti-Patterns section (§9.17, line 3662)
  - Wrong vs Right table (anthropomorphizing vs context control)
  - When to use agents (context isolation, parallel processing, scope limitation)
  - When NOT to use agents (fake teams, roleplaying, mimicking org structure)

### Changed (18 files, 200+ lines)
- Section rename: "Split-Role Sub-Agents" → "Scope-Focused Agents"
- Agent definitions: "Specialized role" → "Context isolation tool"
- 8 custom agent examples refactored (guide + examples/agents/)
- 10+ prompt examples with explicit scope boundaries
- 4 workflow files updated (agent-teams, TDD, iterative refinement)
- Terminology replacements:
  * "Specialized agents" → "Scope-focused agents"
  * "Expert personas" → "Context boundaries"
  * "Multi-domain expertise" → "Multi-scope analysis"

### Fixed
- Methodologies: Clarification note for BMAD role-based naming

Breaking change: Conceptual shift from role-based to scope-based agent usage.
All examples now demonstrate context isolation instead of persona simulation.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 10:29:59 +01:00
Florian BRUNIAUX
9805b615c5 docs: correct Agent Teams architecture + add session handoff template 
## Agent Teams Architecture Corrections

Based on official sources (Addy Osmani blog, Feb 2026):

**Major changes**:
- Add mailbox system documentation (peer-to-peer messaging)
- Correct communication model: not only team lead synthesis
- Update diagrams to show peer-to-peer arrows
- Clarify context isolation vs message sharing
- Add 7 sections with source attribution
- Add documentation update note (2026-02-09)

**Key correction**: Agents communicate via mailbox system (direct
peer-to-peer + team lead synthesis), not only hierarchical reporting.

**Files modified**:
- guide/workflows/agent-teams.md (+72 -19): 7 major corrections
- CHANGELOG.md: Document session handoff template addition
- guide/architecture.md: Architecture clarifications
- guide/ultimate-guide.md: Cross-references updates

**Sources**:
- https://addyosmani.com/blog/claude-code-agent-teams/
- Perplexity research (sonar-reasoning-pro, Feb 2026)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 09:23:41 +01:00
Florian BRUNIAUX
b48d95c024 feat: add agent/skill quality audit tooling + Grenier evaluation 
AUDIT TOOLING (3 templates):
- Command: /audit-agents-skills (quick project audits)
  - 16-criteria framework (Identity 3x, Prompt 2x, Validation 1x, Design 2x)
  - Weighted scoring: 32 pts (agents/skills), 20 pts (commands)
  - Production grading (A-F, 80% threshold)
  - Fix mode with actionable suggestions
- Skill: audit-agents-skills (advanced audits)
  - 3 modes: Quick (top-5), Full (all 16), Comparative (vs templates)
  - JSON + Markdown output for CI/CD
- Scoring grids: criteria.yaml (externalized for reuse)

EVALUATION:
- Grenier agent/skill quality (3/5 - Moderate Value)
  - Gap: 29.5% deploy without evaluation (LangChang 2026)
  - Integration: Created audit command + skill + criteria
  - Industry context: 18% cite agent bugs as top challenge

DOCUMENTATION:
- Guide refs: 2 strategic call-outs (after Agent/Skill validation)
- CHANGELOG: New "Added" section + evaluation details
- README: Templates 106→107, Evaluations 49→24 (count corrections)
- reference.yaml: 10 new audit entries + updated counts

SYNC:
- Landing index.html: Templates 107, Evals 24, Quiz 257
- Landing examples/index.html: Templates 107

FILES: 14 changed, 4148 insertions (+1250 lines new audit content)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-07 15:40:18 +01:00
Florian BRUNIAUX
975b8019ac feat: add 4 ClaudeKit-inspired hooks (checkpoint, validation, file-guard) 
- Add auto-checkpoint.sh (Stop event, git stash automation)
- Add typecheck-on-save.sh (PostToolUse, TypeScript validation)
- Add test-on-change.sh (PostToolUse, smart test detection)
- Add file-guard.sh (PreToolUse, unified file protection)
- Add ClaudeKit evaluation (3/5, patterns extracted)
- Version bump 3.21.0 → 3.21.1 (sync across all docs)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 21:50:48 +01:00
Florian BRUNIAUX
6910c06981 docs: add Native Sandboxing comprehensive documentation (v3.21.1) 
Integration of official Anthropic sandboxing docs (5/5 CRITICAL):

Created (5 files):
- guide/sandbox-native.md (~3K words): Complete technical reference
  * OS primitives (Seatbelt/bubblewrap), filesystem/network isolation
  * Sandbox modes, escape hatch, security limitations
  * Decision trees, config examples, troubleshooting
- docs/resource-evaluations/native-sandbox-official-docs.md (5/5 score)
- examples/config/sandbox-native.json (production config)
- examples/commands/sandbox-status.md (sandbox inspection)
- examples/hooks/bash/sandbox-validation.sh (prod validation)

Updated (5 files):
- guide/sandbox-isolation.md: Section 4 "Native Claude Code Sandbox"
  * Comparison Native vs Docker (process-level vs microVM)
  * Updated TL;DR, comparison matrix, decision tree
- guide/architecture.md: Native Sandbox sub-section in Security Model
- machine-readable/reference.yaml: +24 sandbox entries
- VERSION: 3.21.0 → 3.21.1
- README.md: Templates 100→103, Evaluations 44→45
- CHANGELOG.md: v3.21.1 entry

Closes critical security documentation gap (~1800 words missing).
Fact-checked 100%, agent-challenged (technical-writer), production-ready.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 20:24:17 +01:00
Florian BRUNIAUX
0630fcd883 feat: add configuration management and MCP secrets workflows (closes #16204) 
Major additions to address critical gaps in Claude Code configuration:

## New Documentation Sections

1. Section 3.2.1 "Version Control & Backup" (guide/ultimate-guide.md:4085)
   - Configuration hierarchy: global → project → local
   - Git strategy for ~/.claude (symlinks approach)
   - Backup strategies: Git remote, cloud sync, cron
   - Multi-machine sync workflows
   - Disaster recovery procedures
   - Documented .claude/settings.local.json (previously undocumented)

2. Section 8.3.1 "MCP Secrets Management" (guide/ultimate-guide.md:8113)
   - Three practical approaches: OS Keychain, .env, Secret Vaults
   - Secrets rotation workflow
   - Pre-commit secret detection
   - Verification checklist
   - Best practices summary

## New Templates

1. sync-claude-config.sh (examples/scripts/)
   - Commands: setup, sync, backup, restore, validate
   - .env parsing + envsubst for variable substitution
   - Git repo creation with symlinks
   - Validation checks (secrets not in Git)

2. pre-commit-secrets.sh (examples/hooks/bash/)
   - Detects 10+ secret patterns (OpenAI, GitHub, AWS, etc.)
   - Whitelist system for false positives
   - Clear error messages with remediation steps

3. settings.local.json.example (examples/config/)
   - Machine-specific overrides template
   - Example use cases and patterns

## Resource Evaluation

- Added docs/resource-evaluations/ratinaud-config-management-evaluation.md
- Score: 5/5 (CRITICAL)
- Validated via 3 Perplexity searches + technical-writer agent challenge
- Community demand: GitHub #16204 + brianlovin/claude-config

## Updated References

- machine-readable/reference.yaml: 22 new entries
- Configuration management sections
- MCP secrets workflows
- Community resources (Ratinaud, brianlovin, GitHub issue)

## Impact

- Security: Pre-commit hook prevents secret leaks
- Productivity: Multi-machine sync reduces manual reconfig
- Team coordination: Onboarding workflow for ~/.claude setup
- Disaster recovery: Backup/restore strategies documented

Credits:
- Martin Ratinaud (504 sessions, LinkedIn post)
- brianlovin/claude-config (community example)
- GitHub Issue #16204 (community request)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 18:17:42 +01:00
Florian BRUNIAUX
fd4550cbd3 release: v3.20.0 - Multi-Agent Code Review Automation 
Integration of production-grade PR review patterns from Pat Cullen + Méthode Aristote.

New Features:
- Resource evaluation: Pat Cullen Final Review (5/5 - Critical)
- Enhanced /review-pr: +150 lines with Advanced Multi-Agent Review section
- Enhanced code-reviewer agent: +219 lines with anti-hallucination rules
- New workflow: Review Auto-Correction Loop in iterative-refinement.md
- Production example: Multi-Agent Code Review in ultimate-guide.md
- Reference updates: +3 entries (review_pr_advanced, review_anti_hallucination, review_auto_fix_loop)

Key Patterns:
- 3 specialized agents: Consistency, SOLID, Defensive Code Auditor
- Pre-flight check: git log Co-Authored-By detection
- Anti-hallucination: Grep/Glob verification before suggestions
- Severity classification: 🔴 Must Fix / 🟡 Should Fix / 🟢 Can Skip
- Convergence loop: review → fix → re-review (max 3 iterations)
- Conditional context loading: stack-agnostic decision table

Design Principles:
- Enrich existing files (no fragmentation)
- No breaking changes (review-pr.md template simple preserved)
- Complete attribution (Pat Cullen + Méthode Aristote with links)
- Audience-aware (beginner → advanced progression)

Files Modified:
- CHANGELOG.md, VERSION: bumped to 3.20.0
- docs/resource-evaluations/017-pat-cullen-final-review.md: NEW (120 lines)
- examples/commands/review-pr.md: 80 → 230 lines (+150)
- examples/agents/code-reviewer.md: 72 → 291 lines (+219)
- guide/workflows/iterative-refinement.md: 389 → 522 lines (+133)
- guide/ultimate-guide.md: +28 lines (Production Example section)
- machine-readable/reference.yaml: +3 entries
- README.md, guide/cheatsheet.md: version sync

Total: +537 insertions, 0 deletions (no breaking changes)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-30 16:07:09 +01:00
Florian BRUNIAUX
c28161dca8 docs: enrich RTK evaluation with T3 Stack production testing 
Real-World Testing Results (Méthode Aristote - T3 Stack):
- Project: Next.js 15 + tRPC + Prisma + pnpm
- Commands tested: 12 (git, pnpm, Vitest, TypeScript, Prisma)
- Git workflows validated: 85.6% avg reduction (up from 72.6%)

Critical Bug Discovered:
- git argument parsing broken (`--oneline`, `--graph` blocked)
- Workaround: `rtk git log -- -20` (works)
- Impact: CRITICAL - affects ALL git users

Modern Stack Gaps Identified:
- pnpm support MISSING (80-90% reduction possible, CRITICAL impact)
- Vitest support MISSING (90% reduction possible, HIGH impact)
- TypeScript support MISSING (70% reduction possible, MEDIUM impact)

ROI Analysis:
- Current v0.2.0: 40% command coverage, 55% token reduction
- Proposed v0.3.0 (pnpm + Vitest): 85% coverage, 80% reduction
- Dev effort: 1 week (7 days)

New Deliverables:
- Benchmark script: examples/scripts/rtk-benchmark.sh (reproductible tests)
- Test results: claudedocs/rtk-test-results-aristote.md (53KB, gitignored)
- Updated PR proposals: claudedocs/rtk-pr-proposals.md (P0-P2 ranking)
- GitHub issues: claudedocs/rtk-github-issue-template.md (ready for upstream)

Updated Evaluation:
- Score: Still 4/5 (GOOD) but clearer path to 5/5 (CRITICAL)
- Blockers: git args bug + pnpm/Vitest gaps
- Strength: 85.6% git reduction validated on production codebase

Full report: claudedocs/rtk-test-results-aristote.md (23K detailed analysis)
 2026-01-28 14:01:37 +01:00
Florian BRUNIAUX
1000cb6e85 docs: add RTK integration templates and evaluation 
- Evaluation: docs/resource-evaluations/rtk-evaluation.md (4/5 score, comprehensive benchmarks)
- CLAUDE.md template: examples/claude-md/rtk-optimized.md (manual usage instructions)
- Skill template: examples/skills/rtk-optimizer/SKILL.md (auto-suggestion)
- Hook template: examples/hooks/bash/rtk-auto-wrapper.sh (PreToolUse auto-wrapper)
- PR proposals: claudedocs/rtk-pr-proposals.md (7 upstream improvements)

These templates enable 3 RTK integration strategies referenced in guide:10478
 2026-01-28 13:03:10 +01:00
Florian BRUNIAUX
edf74b38c5 docs: add missing hook events from official CHANGELOG (v2.1.9-v2.1.10) 
- Add 3 missing events to Section 7.1: Setup, PermissionRequest, SubagentStop
- Document PreToolUse additionalContext feature (v2.1.9+)
- Create 3 production-ready hook templates (setup, permission, subagent)
- Add resource evaluation documenting rejection of secondary source

Source: Official Claude Code CHANGELOG, not external blog posts
Closes gap identified during resource evaluation process

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-27 12:45:47 +01:00
Florian BRUNIAUX
3a7671ac5e docs: update $ARGUMENTS syntax for v2.1.19 breaking change + evaluation 
Updated all documentation and examples to reflect Claude Code v2.1.19
breaking change: $ARGUMENTS.0 → $ARGUMENTS[0] (bracket syntax).

Changes:
- guide/ultimate-guide.md: 7 occurrences updated to bracket/shorthand syntax
- guide/cheatsheet.md: Command template updated
- Added migration note in § 6.2 Variable Interpolation
- Created migration scripts: migrate-arguments-syntax.{sh,ps1}
  • Automated detection + conversion with backups
  • Dry-run mode, cross-platform (macOS/Linux/Windows)
- Added formal evaluation: eval-claude-code-releases-jan2026.md
  • Score: 5/5 (Critical - Integrate Immediately)
  • Covers releases 2.1.0 to 2.1.19 (January 2026)
  • Technical accuracy verified against GitHub CHANGELOG

Files:
- guide/ultimate-guide.md (+23 lines, 7 occurrences fixed)
- guide/cheatsheet.md (+1 line)
- examples/scripts/migrate-arguments-syntax.sh (+152 lines)
- examples/scripts/migrate-arguments-syntax.ps1 (+143 lines)
- docs/resource-evaluations/eval-claude-code-releases-jan2026.md (+273 lines)
- CHANGELOG.md (+12 lines, Unreleased section)

Total: +605 lines

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-26 17:37:49 +01:00
Florian BRUNIAUX
257f2ff65d docs: add search tools guides and ast-grep patterns 
New documentation:
- guide/search-tools-cheatsheet.md: Quick reference for Grep/Glob/Read tools
- guide/workflows/README.md: Workflows directory index
- examples/skills/ast-grep-patterns.md: AST-based code search patterns

Updated:
- guide/architecture.md: MCP architecture visual diagram section

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-25 18:47:29 +01:00
Florian BRUNIAUX
96da6ebd7e feat: add bridge script for Claude Code → LM Studio execution (v3.12.1) 
Bridge script enables local execution of Claude Code plans via LM Studio:
- Python CLI with 5 components (DoobidooReader, LMStudioClient, Validator, StepExecutor, PlanExecutor)
- JSON Schema for plan validation (bridge-plan-schema.json)
- Cost optimization: Plan with Opus (~$0.50-2), execute free locally (80-90% savings)
- 4 validation types: json, syntax_check, contains_keys, non_empty
- CLI: --health, --list, --plan ID, -v verbose mode

Documentation:
- New section "Local Execution Bridge" in ultimate-guide.md §11.2
- scripts/README.md with full usage documentation
- machine-readable/reference.yaml entries for discoverability

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-25 18:43:05 +01:00
Florian BRUNIAUX
c84c56bfbd docs: add AI Traceability & Attribution guide 
Comprehensive documentation on AI code attribution and disclosure:

- New guide: guide/ai-traceability.md (~640 lines)
  - LLVM "Human-in-the-Loop" policy (Assisted-by trailer)
  - Ghostty mandatory disclosure pattern
  - Fedora contributor accountability framework
  - git-ai tool documentation
  - PromptPwnd security vulnerability
  - Four-level disclosure spectrum
  - Implementation guides (solo, team, enterprise)

- Templates: examples/config/
  - CONTRIBUTING-ai-disclosure.md
  - PULL_REQUEST_TEMPLATE-ai.md

- Cross-references added to:
  - ultimate-guide.md (after Co-Authored-By section)
  - learning-with-ai.md (after Vibe Coding Trap)
  - security-hardening.md (See Also)
  - guide/README.md (table of contents)

- reference.yaml: 14 new entries for AI traceability topics

Source: Vibe coding needs git blame (Piotr Migdał, Jan 2026)
+ Perplexity research on LLVM, Ghostty, Fedora policies

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-24 20:11:53 +01:00
Florian BRUNIAUX
ee5791668a docs: add SE-CoVe plugin example + resource evaluation workflow (v3.11.6) 
- First plugin example: SE-CoVe (Chain-of-Verification, Meta AI ACL 2024)
- Academic approach: cite paper metrics, not marketing claims
- Performance table: +23-112% accuracy (task-dependent, trade-offs disclosed)
- Resource evaluation template established (Perplexity fact-check workflow)
- Curation policy: Academic validation + Claims verified + Costs transparent
- Templates count: 82 → 83
- Architecture diagram added (visual overview of Claude Code internals)

Files:
- examples/plugins/se-cove.md (new plugin documentation)
- claudedocs/resource-evaluations/2026-01-24-se-cove-plugin.md (evaluation report)
- README.md, CHANGELOG.md, VERSION, reference.yaml (version bump 3.11.5 → 3.11.6)
- guide/architecture.md + image (visual overview)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-24 17:40:54 +01:00
Florian BRUNIAUX
f7e1254b06 docs: enrich Remotion quickstart with curated resources 
Add comprehensive "Resources Complémentaires" section (115 lines):
- Top 3 essentials (Official Resources, Fireship, Discord)
- Written tutorials by level (ClipCat, Prismic, SitePoint)
- Video tutorials by objective (beginner, deep-dive, Claude Code)
- Templates & examples (Hello World, Audiogram, GitHub Unwrapped)
- Success stories ($5M ARR Icon.me, $1M ARR Revid.ai)
- Community support (Discord 5.6K+ members, bot AI)
- Advanced resources (performance, AI skills, deployment)
- Useful packages (@remotion/shapes, transitions, subtitle)
- 3-week learning roadmap (fundamentals → practice → production)

Research source: Perplexity Pro (50+ URLs verified, 95% confidence)

Rationale: Users requested learning resources. Now have complete
learning path from installation to production.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-24 16:09:40 +01:00
Florian BRUNIAUX
341d1b1c01 docs: add Remotion skills + quickstart tutorial 
- Add remotion-best-practices to skills.sh table (line 5202)
- Create comprehensive Remotion + Claude Code quickstart tutorial
  - 15-min setup guide for first video
  - Step-by-step: install → preview → render → iterate
  - Troubleshooting section
  - Example prompts and use cases
  - Success metrics ($5M-8M ARR products)

Rationale: Post fact-check (80+ sources), Remotion validated as
legitimate tool (27K GitHub stars, verified success stories).
Score upgraded from 2/5 → 3/5 (Moderate).

Tutorial location: examples/workflows/remotion-quickstart.md

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-24 10:55:39 +01:00
Florian BRUNIAUX
09ac9d381d docs: add doobidoo/mcp-memory-service documentation (semantic memory) 
- Add comprehensive section in ultimate-guide.md (L.6385-6523)
- Document 3 backends: sqlite_vec, cloudflare, hybrid
- List 12 MCP tools with descriptions
- Add environment variables reference
- Include multi-client sync patterns (same machine vs multi-device)
- Add disclaimer: under testing, not yet validated in production
- Update reference.yaml with 8 new entries
- Add to cheatsheet.md and mcp.json template

Complements Serena (key-value) with semantic search capabilities.

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-23 14:25:35 +01:00
Florian BRUNIAUX
5fbea061d5 docs: add Agent Vibes TTS integration documentation (v3.11.1) 
Added comprehensive documentation for text-to-speech integration via Agent Vibes MCP server.

New files (8):
- examples/integrations/agent-vibes/README.md - Quick start guide
- examples/integrations/agent-vibes/installation.md - 18-minute setup procedure
- examples/integrations/agent-vibes/voice-catalog.md - 15 voices (4 FR models, 128 speakers)
- examples/integrations/agent-vibes/troubleshooting.md - 7 common issues solved
- guide/workflows/tts-setup.md - Step-by-step workflow
- examples/hooks/bash/tts-selective.sh - Custom selective TTS hook
- examples/claude-md/tts-enabled.md - Project template

Documentation:
- guide/ai-ecosystem.md (section 5.1) - TTS tools overview
- guide/README.md - Added TTS workflow reference
- machine-readable/reference.yaml - 8 TTS entries

Version updates:
- VERSION: 3.11.0 → 3.11.1
- README.md: Template count 71 → 83
- CHANGELOG.md: Added v3.11.1 entry
- Synced version across all docs (cheatsheet, ultimate-guide, reference.yaml)

Other:
- .gitignore: Added audio file exclusions (*.wav, *.mp3, *.onnx)

Context: Tested Agent Vibes v3.0.0 + Piper TTS with French voices. Works offline, no cloud dependency.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-22 16:08:32 +01:00
Florian BRUNIAUX
be91799dcf feat: add cc-copilot-bridge reference in examples 
- Created multi-provider/ directory with redirect to dedicated repo
- Added cc-copilot-bridge in examples index table
- Added Multi-Provider Bridge section with link to github.com/FlorianBruniaux/cc-copilot-bridge

Related: github.com/FlorianBruniaux/cc-copilot-bridge v1.2.0

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-22 11:25:40 +01:00
Florian BRUNIAUX
8c93c31b90 feat(guide): add Product Designer learning path and design-to-code workflow 
Add comprehensive resources for Product Designers working with Claude Code via Figma MCP:

- New workflow: guide/workflows/design-to-code.md (700 lines)
  - Documented metrics: 62% reduction in design inconsistencies, 78% workflow efficiency improvement
  - 4 core workflows: Frame→Component, Design System Audit, Token Automation, Visual Iteration
  - 3-tier token hierarchy (base/composite/semantic)
  - Team adoption patterns for designers, developers, PMs
  - Implementation roadmap (Foundation → Scaling → Orchestration)
  - Sources: builder.io, parallelhq.com, composio.dev, vladimirsiedykh.com

- New template: examples/claude-md/product-designer.md (400 lines)
  - Complete CLAUDE.md configuration for design-to-code projects
  - Figma MCP commands reference
  - Design handoff checklist
  - Token conventions and implementation constraints

- Updated README.md: Added "Product Designer" learning path (5 steps)
  - Positioned after DevOps/SRE, before main content
  - Links to image analysis, wireframing, Figma MCP, new workflow, cheatsheet

- Updated machine-readable/reference.yaml: Added 4 new entries
  - product_designer_workflow, product_designer_claudemd
  - design_system_handoff, figma_make_integration

Templates count: 72 → 73 (examples/claude-md/product-designer.md)
Guide workflows: 6 → 7 (guide/workflows/design-to-code.md)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-22 09:15:16 +01:00
Florian BRUNIAUX
fcc6f2dba3 feat(skills): add design-patterns analyzer skill 
Comprehensive GoF design patterns analyzer with stack-aware suggestions.

**Features**:
- Detects 23 GoF patterns (Creational, Structural, Behavioral)
- Stack detection (React, Angular, NestJS, Vue, Express, RxJS, Redux, ORMs)
- Code smell detection with pattern suggestions
- Quality evaluation (5 criteria scoring)
- Prefers stack-native alternatives (e.g., React Context over Singleton)

**Structure**:
- 9 files: SKILL.md + reference docs + detection rules + evaluation checklists
- 3 operating modes: Detection, Suggestion, Evaluation
- Pattern-specific documentation for all 23 GoF patterns

**Documentation**:
- Added comprehensive example in guide section 5.4
- Updated examples/README.md with skill entry
- Updated template count: 65 → 66

**Use cases**:
- Analyze existing patterns in codebase
- Suggest refactoring with stack-native patterns
- Evaluate pattern implementation quality

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-21 13:46:20 +01:00
Florian BRUNIAUX
00df38d318 feat: add DevOps & SRE Guide with FIRE Framework (v3.9.9) 
New files:
- guide/devops-sre.md: FIRE Framework for infrastructure diagnosis (~870 lines)
- examples/agents/devops-sre.md: DevOps/SRE agent persona
- examples/claude-md/devops-sre.md: CLAUDE.md template for infra projects

Guide includes:
- Kubernetes troubleshooting prompts by symptom
- Solo incident response workflow (3 AM design)
- IaC patterns (Terraform, Ansible, GitOps)
- Claude limitations table (transparency)
- Team adoption checklist

Updated:
- README.md: Added DevOps/SRE learning path, templates count → 69
- ultimate-guide.md: Added reference after Section 5.4
- reference.yaml: Added 11 DevOps/SRE entries
- examples/README.md: Added to indexes

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-20 22:09:31 +01:00