marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
432 commits 1 branch 0 tags 20 MiB
Commit graph

111 commits

Author SHA1 Message Date
Florian BRUNIAUX
da8bc09f2d feat: smart-suggest ROI script + hook tuning + guide updates (Mar 16) 
- Add examples/scripts/smart-suggest-roi.py: stdlib-only analyzer correlating
  suggestion log with session JSONL files to measure command acceptance rate.
  4 acceptance signals, tier breakdown, daily trend, --json/--since/--no-sessions CLI.
- Tune Aristote smart-suggest hook: tighten 5 over-firing triggers (/tech:commit,
  /tech:sonarqube, /tech:dupes, /check-conventions a11y, /tech:worktree)
- Guide: identity re-injection hook, context engineering maturity grid, code review
  workflow, 1M context window GA update, Spring Break promo, security audit patterns
- Resource evaluations: Nick Tune hooks (3/5), VicKayro security audit (2/5),
  Karl Mazier CLAUDE.md templates, Paul Rayner ContextFlow, Siddhant agent trace,
  Andrew Yng context hub, JP Caparas 1M context window

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-16 12:20:40 +01:00
Florian BRUNIAUX
b0698bfb39 docs: add GitHub Actions workflow guide + desloppify + threat-db v2.7.0 
- guide/workflows/github-actions.md (new): 5 production patterns with
  claude-code-action (on-demand @claude, auto push review, issue triage,
  security review, scheduled maintenance), auth alternatives, cost control
- guide/ultimate-guide.md: GitHub Actions cross-ref + desloppify tool
  (vibe code quality fix-loop, community tool, ~2K stars, Feb 2026)
- examples/commands/resources/threat-db.yaml: v2.7.0, +5 threat sources
  (Azure MCP SSRF CVE-2026-26118, OpenClaw, Taskflow, Codex Security,
  DryRun Security 87% vulnerability stat)
- CLAUDE.md: Behavioral Rules section (5 rules from observed friction)
- guide/workflows/README.md: github-actions entry + quick selection row
- IDEAS.md: CI/CD Workflows Gallery marked complete
- CHANGELOG.md: [Unreleased] entries for all items

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-13 17:19:18 +01:00
Florian BRUNIAUX
aafb412fa4 feat(examples): add prompt caching test script 
Standalone TypeScript script (zero deps, native fetch) to verify
Anthropic prompt caching is active. Documents 4 production gotchas
not in official docs: beta header required for Claude 4.x, effective
threshold ~2048+ tokens, cached tokens excluded from input_tokens,
new nested cache_creation response format.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-13 17:17:31 +01:00
Florian BRUNIAUX
b6ce1ef72f docs: add RPI workflow, changelog fragments, smart-suggest hook + LLM variance 
- guide/workflows/rpi.md (new): Research → Plan → Implement, 3-phase pattern
  with explicit GO gates, slash command templates, worked example
- guide/workflows/changelog-fragments.md (new): per-PR YAML fragment enforcement,
  3-layer system (CLAUDE.md rule + UserPromptSubmit hook + CI gate)
- examples/hooks/bash/smart-suggest.sh (new): UserPromptSubmit behavioral coach,
  3-tier priority (enforcement/discovery/contextual), ROI logging
- guide/core/known-issues.md: LLM Day-to-Day Performance Variance section,
  4 root causes (probabilistic inference, MoE routing, infra, context sensitivity)
- guide/workflows/README.md: added RPI entry + quick selection row
- machine-readable/reference.yaml: added entries for changelog_fragments, smart_suggest
- CHANGELOG.md: [Unreleased] entries for all 4 new items
- IDEAS.md: prompt-caching MCP plugin research note (testing in progress)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-13 16:22:57 +01:00
Florian BRUNIAUX
13efb5a774 docs: add cc-sessions discover + GitHub repo (v1.0.0) 
- New subsection "Session Pattern Discovery" in §2.x (Session Management):
  n-gram mode, --llm mode via claude --print, example output, 20% rule framework
- Cross-reference added after the 20% rule callout in §5.1 Skills
- examples/scripts/cc-sessions.py synced: 498 → 1225 lines (full discover subcommand)
- examples/scripts/README.md: discover examples + curl install + GitHub link
- machine-readable/reference.yaml: cc_sessions_github + cc_sessions_discover entries
- GitHub repo created: https://github.com/FlorianBruniaux/cc-sessions (v1.0.0 released)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-13 15:28:31 +01:00
Florian BRUNIAUX
1728b6de39 docs: add Cognitive Mode Switching workflow + gstack integration (v3.34.9) 
- guide/workflows/gstack-workflow.md (new): Cognitive Mode Switching
  pattern — 6 gears table, pre-implementation strategic gate concept,
  /browse non-MCP native Chromium daemon architecture (~100ms/cmd),
  full ship cycle demo. Reference impl: gstack by Garry Tan (YC CEO).
- examples/commands/plan-ceo-review.md (new): strategic product gate
  template with 3 modes (SCOPE EXPANSION / HOLD SCOPE / REDUCTION)
- examples/commands/plan-eng-review.md (new): engineering architecture
  gate template with Mermaid diagrams, failure modes, test matrix
- guide/workflows/README.md: add entry + 2 Quick Selection Guide rows
- guide/ecosystem/third-party-tools.md: gstack in Plugin Ecosystem
- machine-readable/reference.yaml: v3.34.9, 11 new gstack entries

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-13 10:34:51 +01:00
Florian BRUNIAUX
2f83320bc7 docs: add OG image generation workflow + Astro template 
New workflow guide covering Satori + resvg pattern for dynamic social
preview images. Includes production template, gotchas (font format,
static file shadowing), design variants, and testing approach.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-11 11:53:50 +01:00
Florian BRUNIAUX
fe28f89574 feat(context): Context Engineering Configurator + consolidated guide (v3.34.0) 
New: interactive configurator at cc.bruniaux.com/context/ that generates a
personalized CLAUDE.md starter kit based on team size, stack, and current setup.
Multi-step flow (profile, current state, stack, results) with maturity scoring
(Level 1-5), copy-to-clipboard artifacts, localStorage persistence.

Guide content:
- guide/core/context-engineering.md (1,188 lines, 8 sections): context budget,
  150-instruction ceiling, modular architecture, team assembly, ACE pipeline,
  quality measurement, context reduction techniques
- examples/context-engineering/ (10 templates): assembler.ts, profile-template.yaml,
  skeleton-template.md, canary-check.sh, ci-drift-check.yml, eval-questions.yaml,
  context-budget-calculator.sh, rules/knowledge-feeding.md, rules/update-loop-retro.md
- tools/context-audit-prompt.md (543 lines): 8-dimension scoring /100

Navigation: guide/README.md, machine-readable/reference.yaml (24 new entries)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-11 11:18:04 +01:00
Florian BRUNIAUX
77b48db01b docs(security): add enterprise AI governance guide + templates 
New section for org-level Claude Code governance — fills the gap
between individual dev security (security-hardening.md) and what
engineering managers actually need when deploying at scale.

New files:
- guide/security/enterprise-governance.md (1117 lines)
  6 sections: local/shared split, usage charter, MCP approval
  workflow, 4 guardrail tiers (Starter/Standard/Strict/Regulated),
  policy enforcement at scale, SOC2/ISO27001 compliance guide
- examples/scripts/mcp-registry-template.yaml
  Org-level MCP registry with approved/pending/denied tracking
- examples/hooks/bash/governance-enforcement-hook.sh
  SessionStart hook validating MCPs against approved registry
- examples/scripts/ai-usage-charter-template.md
  Full charter template with data classification, use case rules,
  compliance mapping (SOC2/ISO27001/HIPAA/PCI DSS/GDPR)

Enriched sections:
- adoption-approaches.md: enterprise rollout (50+ devs) with
  3-phase approach and common mistakes
- observability.md: manager audit checklist, compliance reporting
- ai-traceability.md: evidence collection table for auditors
- production-safety.md + security-hardening.md: cross-references
  with explicit scope boundaries

Integration: guide/README.md, reference.yaml (22 new entries),
CHANGELOG.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 11:05:21 +01:00
Florian BRUNIAUX
8f1dcecfa2 docs: update guide content, examples, tools, and reference files 
- guide/ultimate-guide.md — content updates
- guide/workflows/README.md, guide/README.md — navigation improvements
- guide/diagrams/ — diagram updates (context/sessions, config, MCP ecosystem)
- guide/third-party-tools.md — additions
- examples/README.md, hooks/README.md, scripts/README.md — examples updates
- examples/skills/pr-triage/SKILL.md — expanded skill
- machine-readable/reference.yaml — reference sync
- tools/audit-prompt.md, tools/onboarding-prompt.md — tooling updates
- docs/for-cto.md, docs/for-tech-leads.md, docs/resource-evaluations/README.md — doc updates
- .gitignore — gitignore update

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 15:32:33 +01:00
Florian BRUNIAUX
8c06d47a80 docs(security): update threat-db v2.6.0 — ClawJacked + Wave2 + 3 defensive tools 
New entries:
- T014: WebSocket Localhost Gateway Hijacking (ClawJacked pattern, Oasis Security)
- T015: Log Poisoning via WebSocket for Prompt Injection (OpenClaw v2026.2.13 fix)
- Campaign: ClawHub Wave 2 — 71 additional malicious skills (2026-02-28)
- Scanning tool: Verify Security Scanner (Claude Code skill, 1000+ bug patterns)
- Defensive: GitHub MCP Server secret scanning integration (2026-02-27)
- Defensive: Cycode AI Guardrails for MCP real-time secret interception
- Sources: Oasis Security + THN ClawJacked articles

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 11:22:56 +01:00
Florian BRUNIAUX
7ffd8413fb feat(v3.32.1): auto-rename-session hook + guide section update 
- Add examples/hooks/bash/auto-rename-session.sh template (SessionEnd hook,
  Haiku-generated titles, JSONL-based context extraction, /dev/tty output)
- Rewrite "Session Auto-Rename" guide section: two complementary approaches
  (CLAUDE.md behavioral + SessionEnd hook), remove outdated "Why not a hook?"
- Update CHANGELOG.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-08 17:27:55 +01:00
Florian BRUNIAUX
7bda706da2 feat(v3.32.0): Plan-Validate-Execute Pipeline — 3-command AI-first workflow 
New workflow for production teams: dynamic agent teams, ADR learning loop,
automated execution from PRD to merged PR.

Added:
- guide/workflows/plan-pipeline.md — complete workflow guide (philosophy,
  non-prescriptive AI-first, No Bandaids first principles, ADR learning loop,
  CLAUDE.md 120-line discipline, /clear context reset, cost profile)
- examples/commands/plan-start.md — 5-phase planning with 12-agent dynamic
  pool (trigger-based selection, Tier 0 Solo → Tier 4 Full Spectrum,
  planning-coordinator synthesis, auto-transition to validate)
- examples/commands/plan-validate.md — 2-layer validation (structural inline +
  8 specialist agents), ADR-aware auto-fix (Bucket A ~95% auto-resolve,
  Bucket B human input → new rule), issue persistence in metrics JSON
- examples/commands/plan-execute.md — worktree → TDD scaffold → level-based
  parallel agents → drift detection → quality gate → smoke test → PR squash
  merge → post-merge metrics → cleanup
- examples/agents/planning-coordinator.md — Opus synthesis agent: merges
  multi-agent reports into coherent task graph, resolves conflicts via ADR
  precedence, verifies plan completeness before output
- examples/agents/integration-reviewer.md — Opus runtime validator: connection
  params, async/sync consistency, env var completeness, library API
  correctness (WebFetch), OTEL pipeline validation

Updated:
- machine-readable/reference.yaml — 16 new indexed keys
- CHANGELOG.md — v3.32.0 entry with 6 detailed items
- VERSION, README.md, guide/cheatsheet.md, guide/ultimate-guide.md — bumped to 3.32.0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-06 17:24:26 +01:00
Florian BRUNIAUX
52d12a28b7 release: v3.30.2 — issue-triage skill, design-reference-file, Conductor docs 
New templates:
- examples/skills/issue-triage/ — 3-phase issue backlog management with
  Jaccard duplicate detection, risk classification, and validated actions
- examples/claude-md/design-reference-file.md — brand-book + ui-kit
  pattern for consistent UI generation across sessions

Resource evaluation:
- docs/resource-evaluations/075-paillard-design-system-first-website.md
  (Boris Paillard, mixt.care, score 3/5)

Docs update:
- guide/third-party-tools.md — Conductor section enriched with verified
  features (Next Workspace, Manual Mode, GitHub CI integration, BMAD pattern)

Version bump: 3.30.1 → 3.30.2 (synced across README, cheatsheet, guide, reference.yaml)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 16:18:24 +01:00
Florian BRUNIAUX
0bdb34b2a4 docs: external orchestration frameworks, pr-triage skill, GitHub Actions templates 
Added:
- guide/third-party-tools.md: External Orchestration Frameworks section
  (Ruflo + Athena Flow) with architectural distinction from multi-instance tools
- examples/skills/pr-triage/: 3-phase PR backlog management skill
  (audit, deep review via parallel agents, validated comment posting)
- examples/github-actions/: claude-code-review.yml + .coderabbit.yaml +
  prompts/code-review.md — AI-powered PR review GitHub Actions workflow
- docs/resource-evaluations/073-athena-flow-workflow-runtime.md (2/5 Watch)
- docs/resource-evaluations/074-ruflo-multi-agent-orchestration.md (3/5 Pertinent)

Updated:
- examples/README.md + examples/github-actions/README.md: new templates indexed
- machine-readable/reference.yaml: new entries for github-actions + pr-triage

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:47:16 +01:00
Florian BRUNIAUX
18a6e0ce5c docs(security): update threat-db v2.5.0 + security-hardening CVE table 
threat-db.yaml:
- 6 new CVEs: CVE-2026-25253 (OpenClaw 1-click RCE, CVSS 8.8),
  CVE-2026-25725 (Claude Code sandbox escape), CVE-2026-3484
  (nmap-mcp-server cmd injection), CVE-2025-35028 (HexStrike critical
  9.1, no patch), CVE-2025-15061 (Figma MCP critical 9.8),
  CVE-2026-0757 (MCP Manager sandbox escape)
- T013: Autonomous Safety Control Bypass (Ona research, 2026-03-03)
- openclaw v2026.1.29 added to minimum_safe_versions
- 10 new sources, version bump 2.4.0 → 2.5.0

security-hardening.md:
- CVE table extended from 9 to 15 entries
- Callouts added for 4 critical/unpatched CVEs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:08:32 +01:00
Florian BRUNIAUX
37d9d70ea2 docs: tech leads section, straude, session-naming, cowork updates 
- guide/learning-with-ai.md: §12 For Tech Leads & Engineering Managers
  (onboarding 4 semaines, métriques croissance réelle, mentoring scalable,
  warning signs équipe, template politique AI)
- guide/third-party-tools.md: fiche straude (dashboard social CC, analyse sécu)
- examples/claude-md/session-naming.md: template auto-rename sessions
- guide/cowork.md: mise à jour contenu et comparaisons
- docs/resource-evaluations/: +2 évaluations (eveillard, straude)
- README.md + examples/README.md: compteurs templates 175→176
- machine-readable/reference.yaml: nouvelles entrées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-04 17:29:06 +01:00
Florian BRUNIAUX
d9187ba17b release: v3.30.0 - 10 advanced patterns documentation 
5 new files (plan-challenger, adr-writer, audit-codebase, first-principles, event-driven-agents),
4 workflow files enriched (iterative-refinement, agent-teams, ultimate-guide x3 sections),
reference.yaml updated with 9 new entries. Fact-checked via 9 Perplexity searches (March 2026).

Patterns covered: modular CLAUDE.md architecture, session invariants, auto-ADR, adversarial
plan review, worktree dependency coordination, auto-fix loops (Ralph Loop), Linear/Kanban
event-driven agents, codebase audit scoring, deployment automation (Vercel + Infisical).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-03 06:27:28 +01:00
Florian BRUNIAUX
01283fafec docs: SonnetPlan hack — budget Sonnet+Haiku hybrid via env var remap 
- guide/ultimate-guide.md §OpusPlan: new "Budget Variant: SonnetPlan"
  section with shell function, Plan/Act routing table, caveat on
  unreliable model self-report, link to GitHub issue #9749
- examples/scripts/sonnetplan.sh: new ready-to-use shell function
  with installation instructions and verification guidance

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 17:58:25 +01:00
Florian BRUNIAUX
252148fe75 release: v3.29.1 - Git MCP + GitHub MCP catalog entries 
Add Git MCP Server (12 tools, uvx setup) and GitHub MCP Server
(Issues/PRs/Projects, remote Copilot + self-hosted PAT-only) to §8.2
MCP Server Catalog. Document real-world fix for Incompatible auth
server error via gh auth token + manual header injection.

Also ships: CC v2.1.63 tracking, HTTP hooks, observability quality
patterns, config lifecycle §9.23, terminal personalization, tool
comparison table extensions, MCP server 3 new tools.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 16:10:19 +01:00
Florian BRUNIAUX
155b07a589 feat: threat-db v2.4.0 + MCP guide section + resource evals + ci 
## threat-db v2.4.0
- CVE-2026-27735: path traversal in mcp-server-git git_add (CVSS 6.4)
- Campaign: Clinejection (Cline CLI 2.3.0 supply chain, 4000 downloads)
- T012: AI Recommendation Poisoning (Microsoft research, 50+ prompts)
- 3 new sources (NVD, Snyk, Microsoft Security Blog, Hacker News)

## guide/ultimate-guide.md
- New section "This Guide as an MCP Server" (§10) — installation,
  tools list, dev mode, usage examples, slash commands

## docs/resource-evaluations
- eval #070: claude-code-best-practice .claude/ config (score 4/5)
- eval #071: Steven Ge technical writing workflow (score TBD)
- eval #072: Rippletide AI reliability platform (score 2/5, watch only)
- 2026-02-26: boristane SDLC dead post evaluation
- README: count 60→72 evals, add #072 entry

## ci + config
- .github/workflows/trigger-landing-deploy.yml — auto-trigger landing
  rebuild on push to main (guide content changes)
- .gitignore: add .claude/agents/ exception + mcp-server/dist/ ignore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 21:35:03 +01:00
Florian BRUNIAUX
e62af76767 docs: spinner verbs + tips personalization — new example + guide section 
- New section §3.3 Terminal Personalization Settings (ultimate-guide.md:4978)
  spinnerVerbs (mode replace/add) + spinnerTipsOverride (excludeDefault)
- New examples/config/settings-personalization.json — 19 verbs, 113+ tips, 13 categories
- reference.yaml: new spinner_personalization entry + line number fix
- CHANGELOG updated

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 10:00:58 +01:00
Florian BRUNIAUX
4a0a0bf30e docs: complete factual audit pass 2 — 90+ corrections 
Second 10-agent parallel audit covering all remaining sections:
ultimate-guide.md (ch1-ch11), workflows/ (17 files), quiz/ (12 files),
examples/agents+skills+commands. Source of truth: official Anthropic docs.

Key corrections:

Hook system (+8 missing events):
- Complete 17-event list: PermissionRequest, PostToolUseFailure, SubagentStart,
  TeammateIdle, TaskCompleted, WorktreeCreate, WorktreeRemove, SessionEnd
- SessionStart confirmed valid (previous audit wrongly doubted it)
- Hook output format: hookSpecificOutput.permissionDecision (not {"decision":"block"})
- Missing common input fields added: transcript_path, cwd, permission_mode

Agent YAML frontmatter (13 valid fields restored/added):
- Restored: disallowedTools, memory, background, isolation, skills, permissionMode, hooks
- Added new: maxTurns, mcpServers
- Fixed: tools format is comma-separated (not space-separated)

Plan Mode (12 occurrences fixed):
- Ctrl+G = "open plan in text editor" (NOT "enter plan mode")
- Plan Mode = Shift+Tab × 2 (Normal → acceptEdits → plan)

Commands table (10.1) + built-in commands (6.1):
- Added 18+ missing commands: /copy, /doctor, /hooks, /memory, /model,
  /config, /permissions, /remote-control, /rename, /resume, /sandbox, etc.

Workflow files:
- agent-teams.md: removed fake --experimental-agent-teams flag
- hooks.yaml + post_edit event → settings.json + PostToolUse (2 files)
- TodoWrite → TaskCreate/TaskUpdate (3 files)
- task-management.md: removed fake "failed" task status

Quiz / examples:
- 01-010: Esc stops mid-action (not Ctrl+C)
- refactoring-specialist.md: removed MultiEdit (not a valid tool)
- ast-grep-patterns.md: name field (not title)
- validate-changes.md, diagnose.md: field name fixes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 18:21:28 +01:00
Florian BRUNIAUX
8e63d84b47 docs: factual audit + reference sync — 260 findings corrected 
Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 12:10:14 +01:00
Florian BRUNIAUX
ad735dfff4 docs(security): update threat-db v2.3.0 — CVE-2025-59536, CVE-2026-21852, +2 CVEs, T011 
New CVEs (4):
- CVE-2025-59536: Claude Code RCE via enableAllProjectMcpServers config (fixed 1.0.111)
- CVE-2026-21852: Claude Code API key theft via ANTHROPIC_BASE_URL redirect (fixed 2.0.65)
- CVE-2026-26029: sf-mcp-server command injection via child_process.exec
- CVE-2026-27203: eBay API MCP Server env variable injection

New attack technique:
- T011: Project Configuration Hijacking (.claude/settings.json / .mcp.json as attack surface)

New defensive resources:
- GuardFive AI Agent Security Scanner
- Palo Alto AI Runtime Security MCP Threat Detection

New sources (7): Check Point Research, The Hacker News, Trend Micro, 1Password, Red Hat, NVD x2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:59:03 +01:00
Florian BRUNIAUX
97f9167a61 docs: add Kairn memory MCP + resource evaluations + guide updates 
- guide/ultimate-guide.md §10.2: Add Kairn (knowledge graph memory with biological decay)
  - Typed relationships (depends-on, resolves, causes), 18 MCP tools
  - Updated comparison table: Serena / grepai / doobidoo / Kairn
  - Added decision routing for long-term memory + causality tracking
- guide/ultimate-guide.md §5.1: Add real-world CLAUDE.md migration example (Avo, 600-line → 15 path-scoped files)
- guide/ai-ecosystem.md: Minor update
- machine-readable/reference.yaml: Add Kairn entries
- examples/config/mcp.json: Add Kairn MCP config
- docs/resource-evaluations/: Add 2 new evaluations (context-evaluator-packmind, kairn-memory-mcp)
- docs/resource-evaluations/agents-md-empirical-study: Add community reception section
- docs/resource-evaluations/2026-02-23-agentsview: Minor fix

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 17:39:20 +01:00
Florian BRUNIAUX
92643c1a6b docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners 
New CVEs:
- CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet)
- SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox)

New entries:
- Attack technique T010: Agent-to-Agent Communication Injection
- 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai
- 1 new defensive resource: Anthropic Claude Code Security (2026-02-21)
- 4 new sources (Lakera, Penligent AI, Snyk, THN)

Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:14:34 +01:00
Florian BRUNIAUX
dbb62306d7 release: v3.28.1 - Visual Diagrams Series (40 Mermaid diagrams) 
guide/diagrams/: new directory with 40 interactive Mermaid diagrams
- 10 thematic files: foundations, context/sessions, configuration,
  architecture, MCP ecosystem, dev workflows, multi-agent patterns,
  security/production, cost/optimization, adoption/learning
- Each diagram: Mermaid (GitHub-native) + ASCII fallback + source link
- Bold Guy palette (6-color system) consistent across all diagrams
- README with index, visual palette legend, navigation by use case

Also includes (backlog from v3.28.0→v3.28.1):
- guide/ultimate-guide.md: Managing Large MCP Server Sets, AI Code
  Disclosure Policy, claude-mem Gemini alternative, observability
- guide/workflows/plan-driven.md: Boris Tane custom markdown plans (+172L)
- guide/security-hardening.md: Part 4 PR security review workflow
- examples/agents/security-patcher.md: new security agent
- examples/hooks/bash/security-gate.sh: PreToolUse security hook
- guide/observability.md: activity monitoring, external tools, proxying
- docs/resource-evaluations/: 4 new evaluations (Boris Cherny, Moigneu,
  Boris Tane, Aristote AI instructions)
- README.md: Visual Diagrams section in "What Makes This Guide Unique"

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:51:21 +01:00
Florian BRUNIAUX
9218ab37d6 feat: security scanning workflow (auditor + patcher + gate hook) 
- security-hardening.md Part 4: PR security review workflow
  3-agent pipeline: scan → data flow trace → patch
  Tableau par type de changement (auth, DB, upload, deps)
  Hook pre-push git pour alerter sur fichiers sensibles
- security-patcher agent: applique les findings du security-auditor
  Propose avant d'écrire, jamais en autonomie (human approval gate)
  Séparation nette detect vs patch
- security-gate.sh hook: PreToolUse, 7 patterns vulnérables bloqués
  SQLi, XSS innerHTML, secrets hardcodés, eval() dynamique,
  hash faible (MD5/SHA1 password), command injection, path traversal
  Complément de dangerous-actions-blocker.sh (ops système)
- Claude Code Security (research preview) documentée dans security-hardening.md
  Comparaison Security Auditor Agent vs feature Anthropic
- reference.yaml: 4 nouvelles entrées indexées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:21:35 +01:00
Florian BRUNIAUX
6049bd99c2 release: v3.28.0 - Section 2.5 Model Selection & Thinking Guide 
Section canonique consolidée pour le choix de modèle :
- Section 2.5 (decision table, effort levels avec prompts, model-per-agent patterns, thinking guide)
- 3 nouveaux agents : planner (Opus), implementer (Haiku), architecture-reviewer (Opus)
- 7 nouvelles questions quiz (09-037→09-043, intermediate→power)
- 3 tables redondantes remplacées par cross-refs vers Section 2.5

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-21 18:25:50 +01:00
Florian BRUNIAUX
00cb973bdb docs: add Talk Preparation Pipeline workflow + skill templates 
6-stage pipeline: raw material → conference talk → Kimi AI slides.

New files:
- guide/workflows/talk-pipeline.md — Full workflow guide (REX vs Concept
  modes, stage-by-stage breakdown, CHECKPOINT mechanics, Kimi handoff,
  real-world DevWithAI example, 5 design patterns documented)
- examples/skills/talk-pipeline/ — 7 SKILL.md files + orchestrator + 2
  templates (feedback-draft.md, kimi-prompt-template.md)

Updated:
- README.md — badges 164→172 templates, Feb 20 date, 13→14 skills
- guide/workflows/README.md — Talk Pipeline entry under Design & Content
- machine-readable/reference.yaml — 16 new entries for pipeline components
- CHANGELOG.md — [Unreleased] entry

Design patterns showcased: skill chaining + file-based state, tool
permission scoping (Bash only Stage 2), human-in-the-loop CHECKPOINT
(Stage 4), AI-to-AI handoff (Claude → Kimi), dual execution modes
(REX/Concept).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 15:51:29 +01:00
Florian BRUNIAUX
6d847d24de docs: add Profile-Based Module Assembly pattern (Section 3.5) 
- Section 3.5 "Team Configuration at Scale" in ultimate-guide.md:
  profiles YAML + shared modules + skeleton + assembler script;
  59% context token reduction measured on 5-dev production team;
  includes CI drift detection, 5-step replication guide, trade-offs
- New workflow: guide/workflows/team-ai-instructions.md (6 phases,
  scaling thresholds, troubleshooting table)
- New templates: examples/team-config/ (profile-template.yaml,
  claude-skeleton.md, sync-script.ts)
- reference.yaml: 9 new entries for team_ai_instructions_*
- README: templates count 161 → 164, date Feb 19 → Feb 20
- CHANGELOG [Unreleased]: resource evaluations (AGENTS.md ETH Zürich
  4/5, Sylvain Chabaud 3/5), spec-first Task Granularity section,
  methodologies ATDD expansion

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 15:04:29 +01:00
Florian BRUNIAUX
46b5f39f52 docs: update examples README and reference.yaml for claude-code-review.yml 
- examples/README.md: github-actions count 3→4, add new workflow row
- machine-readable/reference.yaml: 6 new entries (workflow, prompt, pattern, tools, auth, cost)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 14:58:27 +01:00
Florian BRUNIAUX
9b75b5125e release: v3.27.8 - prompt-based GitHub Actions code review workflow 
New examples/github-actions/claude-code-review.yml with externalized prompt,
anti-hallucination protocol, /claude-review on-demand trigger. Templates 116→161.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 14:23:15 +01:00
Florian BRUNIAUX
267ce0ba86 chore: update guide content and add new examples 
- Update ultimate guide and cheatsheet
- Update llms.txt and reference YAML
- Add velocity-governor hook and cc-sessions script

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 18:48:19 +01:00
Florian BRUNIAUX
c3da456d3a release: v3.27.6 - Sonnet 4.6 default + 200K vs 1M context guide 
- Pricing table: Sonnet 4.6 now default (Feb 2026)
- New section: 200K vs 1M context decision guide (MRCR bench, cost table, use cases)
- threat-db.yaml v2.1.0: CVE-2026-23744, Slopsquatting T009, OWASP Agentic AI Top 10

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 09:33:55 +01:00
Florian BRUNIAUX
0d6a0c656e docs: add git-worktree suite, security kill switch, update reference.yaml + CC releases 
- Git worktree commands: overhauled main + 3 new (status, remove, clean)
- Security hardening: AI Kill Switch & Containment Architecture (§3.5)
- DevOps SRE: cross-reference to security-hardening for AI incidents
- CC releases: v2.1.43-v2.1.44 tracking
- reference.yaml: 12 new entries, evaluations count 67 → 74

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 10:20:57 +01:00
Florian BRUNIAUX
7d43b67bcd docs: add review-plan command + rules templates (inspired by Garry Tan) 
Structured plan review across 4 axes (architecture, code quality, tests,
performance) as a reusable custom command with separate rules files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 20:34:33 +01:00
Florian BRUNIAUX
c955098cc7 docs: add plugin marketplace install for session-summary 
Link to FlorianBruniaux/claude-code-plugins in ecosystem section
and hooks README. Plugin system auto-wires hooks, no manual config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:58:58 +01:00
Florian BRUNIAUX
9075b966ab fix: make session-summary-config.sh compatible with Bash 3.2+ (macOS) 
Replace all `declare -A` (associative arrays, Bash 4+ only) with simple
variables and helper functions. Fixes crash on macOS default Bash 3.2:
- "operand expected" at line 40
- "meta: unbound variable" at line 43

Reported by community user (Slack).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:42:20 +01:00
Florian BRUNIAUX
66ebec567a docs: add SkillHub badge and update skills listing to 13 
- Add SkillHub badge (9 skills) to README header
- Update examples/README.md with 5 new skill entries
- Link to SkillHub profile for installable skills

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 21:24:17 +01:00
Florian BRUNIAUX
52d76411e3 feat(skills): publish 5 new skills to SkillHub 
Add skill-creator, landing-page-generator, ccboard, guide-recap,
and release-notes-generator with genericized content (no personal
refs, FR→EN translation, placeholder URLs/paths).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 21:10:09 +01:00
Florian BRUNIAUX
e504f0d1bf feat: add session summary screenshot, skills, and GitHub templates 
- Add session-summary-v3.png screenshot for hook documentation
- Add GitHub issue templates (bug report, feature request, question)
- Add new skills: ccboard, guide-recap, landing-page-generator,
  release-notes-generator, skill-creator

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 20:55:16 +01:00
Florian BRUNIAUX
e60b24d27c docs(examples): add YAML frontmatter to 19 miscellaneous example files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:21:00 +01:00
Florian BRUNIAUX
9170095320 docs(examples): add YAML frontmatter to 7 README files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:57 +01:00
Florian BRUNIAUX
3029d1d3b8 docs(examples): add YAML frontmatter to 5 claude-md templates 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:37 +01:00
Florian BRUNIAUX
91d36f00dd docs(examples): add YAML frontmatter to 20 command templates 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:36 +01:00
Florian BRUNIAUX
d1182af4cf docs: v3.27.1 — fact-check corrections, grepai docs, RTK overhaul 
Fact-check (README positioning):
- Template count: 120/123 → 108 (ground truth recount)
- Ratio: 14× → 24× (19,000 ÷ 784 = 24.2×)
- everything-cc stars: 31.9k → 45k+ (verified Feb 15)
- Commands count: 20 → 23, hooks: 30 → 31

Added:
- Grepai MCP documentation (semantic search, call graphs)
- 3 hook templates (rtk-baseline, session-summary, session-summary-config)
- 2 resource evaluations (system-prompts update, qmd token savings)

Changed:
- RTK documentation overhaul (v0.7.0 → v0.16.0, rtk-ai org)
- Exports deprecated (kimi.pdf, notebooklm.pdf → deprecated/)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 18:41:45 +01:00
Florian BRUNIAUX
971a297db3 feat(security): add threat intelligence DB, security commands, and cheatsheet audit fixes (v3.26.0) 
- Add threat-db.yaml v2.0.0 with 63 malicious skills, 22 CVEs, 4 campaigns
- Add /security-check, /security-audit, /update-threat-db slash commands
- Add Snyk ToxicSkills evaluation (58th resource evaluation)
- Fix cheatsheet: add Alt+T to keyboard shortcuts table, add /fast and /debug commands
- Update Features Meconnues table with Agent Teams and Auto-Memories
- Clean up cheatsheet.md.bak
- Bump version to 3.26.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-11 16:12:36 +01:00
Florian BRUNIAUX
deb518ceff fix(security): fact-check corrections across threat-db and hardening guide 
- CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate)
- CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD)
- CVE-2026-25536: add missing fixed_in 1.26.0
- CVE-2026-25546: add missing fixed_in 0.1.1
- Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001
- Fix Flatt Security URL to specific blog post
- Fix SentinelOne URL to specific CVE page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-11 15:11:13 +01:00