marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
440 commits 1 branch 0 tags 20 MiB
Commit graph

440 commits

This branch
This branch
All branches
Author SHA1 Message Date
Florian BRUNIAUX
7e26dc45ad docs: update Claude Code releases (v2.1.70, v2.1.71) 
- v2.1.71: /loop command + cron scheduling tools for recurring prompts
- v2.1.70: VSCode spark icon + API 400 fixes + perf (−74% re-renders, −426KB startup)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-08 17:43:07 +01:00
Florian BRUNIAUX
7ffd8413fb feat(v3.32.1): auto-rename-session hook + guide section update 
- Add examples/hooks/bash/auto-rename-session.sh template (SessionEnd hook,
  Haiku-generated titles, JSONL-based context extraction, /dev/tty output)
- Rewrite "Session Auto-Rename" guide section: two complementary approaches
  (CLAUDE.md behavioral + SessionEnd hook), remove outdated "Why not a hook?"
- Update CHANGELOG.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-08 17:27:55 +01:00
Florian BRUNIAUX
7bda706da2 feat(v3.32.0): Plan-Validate-Execute Pipeline — 3-command AI-first workflow 
New workflow for production teams: dynamic agent teams, ADR learning loop,
automated execution from PRD to merged PR.

Added:
- guide/workflows/plan-pipeline.md — complete workflow guide (philosophy,
  non-prescriptive AI-first, No Bandaids first principles, ADR learning loop,
  CLAUDE.md 120-line discipline, /clear context reset, cost profile)
- examples/commands/plan-start.md — 5-phase planning with 12-agent dynamic
  pool (trigger-based selection, Tier 0 Solo → Tier 4 Full Spectrum,
  planning-coordinator synthesis, auto-transition to validate)
- examples/commands/plan-validate.md — 2-layer validation (structural inline +
  8 specialist agents), ADR-aware auto-fix (Bucket A ~95% auto-resolve,
  Bucket B human input → new rule), issue persistence in metrics JSON
- examples/commands/plan-execute.md — worktree → TDD scaffold → level-based
  parallel agents → drift detection → quality gate → smoke test → PR squash
  merge → post-merge metrics → cleanup
- examples/agents/planning-coordinator.md — Opus synthesis agent: merges
  multi-agent reports into coherent task graph, resolves conflicts via ADR
  precedence, verifies plan completeness before output
- examples/agents/integration-reviewer.md — Opus runtime validator: connection
  params, async/sync consistency, env var completeness, library API
  correctness (WebFetch), OTEL pipeline validation

Updated:
- machine-readable/reference.yaml — 16 new indexed keys
- CHANGELOG.md — v3.32.0 entry with 6 detailed items
- VERSION, README.md, guide/cheatsheet.md, guide/ultimate-guide.md — bumped to 3.32.0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-06 17:24:26 +01:00
Florian BRUNIAUX
07c3c42b03 release: v3.31.0 — Skills 2.0 taxonomy, evals, lifecycle 
- §5.0 Two Kinds of Skills: Capability Uplift vs Encoded Preference
- §5.X Skill Lifecycle & Retirement: Catch Regressions + Spot Outgrowth
- §5.Y Skill Evals: Benchmark Mode, A/B Testing, Trigger Tuning
- Vitals + SE-CoVe community plugins documented (§8.5)
- Memory system: 3 corrections (Auto-Memories v2.1.59+, thresholds, WHAT/WHY/HOW)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-06 15:53:45 +01:00
Florian BRUNIAUX
a37f8b6aba docs(cheatsheet): update ultrathink note — re-introduced in v2.1.68 
ultrathink now forces high effort for next turn (no longer cosmetic).
Opus 4.6 defaults to medium effort since v2.1.68.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 18:16:50 +01:00
Florian BRUNIAUX
52d12a28b7 release: v3.30.2 — issue-triage skill, design-reference-file, Conductor docs 
New templates:
- examples/skills/issue-triage/ — 3-phase issue backlog management with
  Jaccard duplicate detection, risk classification, and validated actions
- examples/claude-md/design-reference-file.md — brand-book + ui-kit
  pattern for consistent UI generation across sessions

Resource evaluation:
- docs/resource-evaluations/075-paillard-design-system-first-website.md
  (Boris Paillard, mixt.care, score 3/5)

Docs update:
- guide/third-party-tools.md — Conductor section enriched with verified
  features (Next Workspace, Manual Mode, GitHub CI integration, BMAD pattern)

Version bump: 3.30.1 → 3.30.2 (synced across README, cheatsheet, guide, reference.yaml)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 16:18:24 +01:00
Florian BRUNIAUX
4d829ff47d docs(third-party-tools): enrich Conductor section with verified features 
Rewrote from 5 generic bullets to 6 structured subsections, verified
against official conductor.build changelog. Added Next Workspace button
(v0.36.4), workspace status system (v0.35.0), turn-by-turn diff viewer
(v0.22.0), Manual Mode editor (v0.37.0), full GitHub/CI integration,
Linear deeplinks, Codex support, Melty Labs attribution, and community
BMAD workflow pattern (user-reported, marked as unverified).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 16:13:53 +01:00
Florian BRUNIAUX
d444721bda docs: update Claude Code releases to v2.1.69 
- Update latest tracked version: 2.1.66 → 2.1.69
- v2.1.69: InstructionsLoaded hook, 4 security fixes (nested skills/symlink/trust dialog/sandbox), ${CLAUDE_SKILL_DIR}, /reload-plugins, Voice STT 20 languages, 15+ memory fixes, Sonnet 4.5 → 4.6 migration
- v2.1.68: ultrathink keyword re-introduced, Opus 4.6 medium effort default, Opus 4/4.1 removed from first-party API
- Updated milestones and breaking_summary sections
- Updated dates: 2026-03-05

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 16:03:04 +01:00
Florian BRUNIAUX
2b9c654f0f docs(entire-cli): enrich 4 guide files with production diagrams from issue #802 
6 additions across ai-traceability, ai-ecosystem, third-party-tools, security-hardening.

- ai-traceability.md: full hook architecture diagram (sans/avec Entire),
  real checkpoint structure (entire/checkpoints/v1/ tree), orphan branch
  diagram, Go/No-Go thresholds table with 2h spike commands
- ai-ecosystem.md: agent handoffs flow diagram (Claude → Gemini, no cold start)
- third-party-tools.md: delta table vs existing setups (JSONL, attribution,
  handoffs) + evaluation stop criteria
- security-hardening.md: approval gate flow diagram (policy check →
  low/high risk → approve/reject → audit trail)

Source: github.com/methode-aristote/app/issues/802

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 15:11:32 +01:00
Florian BRUNIAUX
0bdb34b2a4 docs: external orchestration frameworks, pr-triage skill, GitHub Actions templates 
Added:
- guide/third-party-tools.md: External Orchestration Frameworks section
  (Ruflo + Athena Flow) with architectural distinction from multi-instance tools
- examples/skills/pr-triage/: 3-phase PR backlog management skill
  (audit, deep review via parallel agents, validated comment posting)
- examples/github-actions/: claude-code-review.yml + .coderabbit.yaml +
  prompts/code-review.md — AI-powered PR review GitHub Actions workflow
- docs/resource-evaluations/073-athena-flow-workflow-runtime.md (2/5 Watch)
- docs/resource-evaluations/074-ruflo-multi-agent-orchestration.md (3/5 Pertinent)

Updated:
- examples/README.md + examples/github-actions/README.md: new templates indexed
- machine-readable/reference.yaml: new entries for github-actions + pr-triage

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:47:16 +01:00
Florian BRUNIAUX
18a6e0ce5c docs(security): update threat-db v2.5.0 + security-hardening CVE table 
threat-db.yaml:
- 6 new CVEs: CVE-2026-25253 (OpenClaw 1-click RCE, CVSS 8.8),
  CVE-2026-25725 (Claude Code sandbox escape), CVE-2026-3484
  (nmap-mcp-server cmd injection), CVE-2025-35028 (HexStrike critical
  9.1, no patch), CVE-2025-15061 (Figma MCP critical 9.8),
  CVE-2026-0757 (MCP Manager sandbox escape)
- T013: Autonomous Safety Control Bypass (Ona research, 2026-03-03)
- openclaw v2026.1.29 added to minimum_safe_versions
- 10 new sources, version bump 2.4.0 → 2.5.0

security-hardening.md:
- CVE table extended from 9 to 15 entries
- Callouts added for 4 critical/unpatched CVEs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:08:32 +01:00
Florian BRUNIAUX
bc7f4654b3 docs: add Claude Code Desktop (Code tab) section to installation 
Document the Code tab in Claude Desktop app as a terminal-free
alternative to the CLI — visual diff, live preview, parallel sessions,
GitHub PR monitoring. Includes CLI vs Desktop comparison table and
shared config notes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 08:59:28 +01:00
Florian BRUNIAUX
37d9d70ea2 docs: tech leads section, straude, session-naming, cowork updates 
- guide/learning-with-ai.md: §12 For Tech Leads & Engineering Managers
  (onboarding 4 semaines, métriques croissance réelle, mentoring scalable,
  warning signs équipe, template politique AI)
- guide/third-party-tools.md: fiche straude (dashboard social CC, analyse sécu)
- examples/claude-md/session-naming.md: template auto-rename sessions
- guide/cowork.md: mise à jour contenu et comparaisons
- docs/resource-evaluations/: +2 évaluations (eveillard, straude)
- README.md + examples/README.md: compteurs templates 175→176
- machine-readable/reference.yaml: nouvelles entrées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-04 17:29:06 +01:00
Florian BRUNIAUX
3788369839 docs: add Compound Engineering patterns + guide-reviewer agent 
4 patterns issus du plugin compound-engineering d'Every.to intégrés
dans le guide (Named Perspective Agents, Swarm vs Sequential, Skill
Quality Gates, Brainstorm-before-planning). Évaluation formelle 4/5.

- guide/ultimate-guide.md: +~90 lignes (4 insertions)
- docs/resource-evaluations/2026-03-04-compound-engineering-every-to.md
- .claude/agents/guide-reviewer.md: audit accuracy/style guide content
- CLAUDE.md: command naming conventions section
- CHANGELOG.md: entrée [Unreleased] documentant les changements

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-04 17:25:02 +01:00
Florian BRUNIAUX
6e1f7a3e3b docs: add agent-browser + Compound Engineering patterns 
- agent-browser (Vercel Labs): AI-native browser CLI, 12K+ stars, ~82.5% token
  reduction vs Playwright MCP. Section in §MCP Browser Tools, eval file added.
- Compound Engineering philosophy (Every.to): Plan→Work→Review→Compound loop,
  docs/solutions/ pattern for cross-PR memory. Section in §CLAUDE.md Memory.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-04 10:14:58 +01:00
Florian BRUNIAUX
29e8b62679 docs: update Claude Code releases to v2.1.66 (v3.30.1) 
- Update latest tracked version: 2.1.63 → 2.1.66
- Add v2.1.66: reduced spurious error logging
- Add v2.1.63: HTTP hooks, worktree config sharing, /simplify & /batch, memory leaks wave
- Add v2.1.62/61: prompt cache + Windows config fixes
- Bump guide: 3.30.0 → 3.30.1
- Update 2.1.x series date range (January-March 2026)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-04 09:30:52 +01:00
Florian BRUNIAUX
d9187ba17b release: v3.30.0 - 10 advanced patterns documentation 
5 new files (plan-challenger, adr-writer, audit-codebase, first-principles, event-driven-agents),
4 workflow files enriched (iterative-refinement, agent-teams, ultimate-guide x3 sections),
reference.yaml updated with 9 new entries. Fact-checked via 9 Perplexity searches (March 2026).

Patterns covered: modular CLAUDE.md architecture, session invariants, auto-ADR, adversarial
plan review, worktree dependency coordination, auto-fix loops (Ralph Loop), Linear/Kanban
event-driven agents, codebase audit scoring, deployment automation (Vercel + Infisical).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-03 06:27:28 +01:00
Florian BRUNIAUX
01283fafec docs: SonnetPlan hack — budget Sonnet+Haiku hybrid via env var remap 
- guide/ultimate-guide.md §OpusPlan: new "Budget Variant: SonnetPlan"
  section with shell function, Plan/Act routing table, caveat on
  unreliable model self-report, link to GitHub issue #9749
- examples/scripts/sonnetplan.sh: new ready-to-use shell function
  with installation instructions and verification guidance

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 17:58:25 +01:00
Florian BRUNIAUX
16e3275240 docs: fix /batch description - parallel worktree agents, not just batch processing 
/batch orchestrates 5-30 parallel worktree agents for large-scale
codebase changes (migrations, refactors, bulk annotations), each
opening its own PR. Source: Volvox/Discord official.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 17:41:36 +01:00
Florian BRUNIAUX
2195622b50 release: v3.29.2 - /simplify + /batch commands documentation 
Added dedicated sections for the two bundled slash commands
introduced in Claude Code v2.1.63: /simplify (over-engineering
detection) and /batch (batch processing). Built-in Commands
table updated in §1.3 and §6.1.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 17:30:58 +01:00
Florian BRUNIAUX
252148fe75 release: v3.29.1 - Git MCP + GitHub MCP catalog entries 
Add Git MCP Server (12 tools, uvx setup) and GitHub MCP Server
(Issues/PRs/Projects, remote Copilot + self-hosted PAT-only) to §8.2
MCP Server Catalog. Document real-world fix for Incompatible auth
server error via gh auth token + manual header injection.

Also ships: CC v2.1.63 tracking, HTTP hooks, observability quality
patterns, config lifecycle §9.23, terminal personalization, tool
comparison table extensions, MCP server 3 new tools.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-02 16:10:19 +01:00
Florian BRUNIAUX
155b07a589 feat: threat-db v2.4.0 + MCP guide section + resource evals + ci 
## threat-db v2.4.0
- CVE-2026-27735: path traversal in mcp-server-git git_add (CVSS 6.4)
- Campaign: Clinejection (Cline CLI 2.3.0 supply chain, 4000 downloads)
- T012: AI Recommendation Poisoning (Microsoft research, 50+ prompts)
- 3 new sources (NVD, Snyk, Microsoft Security Blog, Hacker News)

## guide/ultimate-guide.md
- New section "This Guide as an MCP Server" (§10) — installation,
  tools list, dev mode, usage examples, slash commands

## docs/resource-evaluations
- eval #070: claude-code-best-practice .claude/ config (score 4/5)
- eval #071: Steven Ge technical writing workflow (score TBD)
- eval #072: Rippletide AI reliability platform (score 2/5, watch only)
- 2026-02-26: boristane SDLC dead post evaluation
- README: count 60→72 evals, add #072 entry

## ci + config
- .github/workflows/trigger-landing-deploy.yml — auto-trigger landing
  rebuild on push to main (guide content changes)
- .gitignore: add .claude/agents/ exception + mcp-server/dist/ ignore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 21:35:03 +01:00
Florian BRUNIAUX
314f872f1f docs: update reference.yaml + CHANGELOG for mcp v1.0.3 
- reference.yaml: add 4 missing tools to mcp_server.tools list
  (compare_versions, search_examples, get_threat, list_threats)
  + correct bundle_size 123KB→132KB
- CHANGELOG [Unreleased] Fixed: document content path bug fix (1.0.3)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 21:32:43 +01:00
Florian BRUNIAUX
67ea720d63 fix(mcp): correct content path + publish 1.0.3 
Fix ENOENT on production install: CONTENT_DIR resolved 2 levels up
from dist/ instead of 1, reaching node_modules/ instead of package
root where content/ lives. ../content is the correct relative path.

Publié : claude-code-ultimate-guide-mcp@1.0.3

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 21:26:57 +01:00
Florian BRUNIAUX
7236362c1e feat(mcp): add 4 new tools — compare_versions, get_threat, list_threats, search_examples 
New tools (8 → 12 total):
- compare_versions(from, to): diff Claude Code releases between two versions,
  aggregating highlights and breaking changes across the range
- get_threat(id): look up any CVE or attack technique (T-code) with full details,
  severity, mitigation, and source references
- list_threats(category?): browse the threat database — summary table or
  detailed view by section (cves, authors, skills, techniques, mitigations, sources)
- search_examples(query, limit?): semantic search across 199 templates with
  token-aware scoring and get_example() hints

Infrastructure:
- content.ts: add loadThreatDb() with memory cache and dual-mode loading
  (GUIDE_ROOT filesystem in dev, GitHub fetch in production)
- Threat DB interface with correct Record<string, string> type for minimum_safe_versions

Docs:
- mcp-server/README.md: document all 12 tools with usage examples
- mcp-server/IDEAS.md: future ideas (quiz, methodology, workflow, diff resource)
- CHANGELOG.md: [Unreleased] entry for all 4 tools
- README.md: promote MCP section to standalone ## after Quick Start (was ### inside Quick Start)
- guide/architecture.md: add MCP server to Extended Tool Ecosystem

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 19:22:20 +01:00
Florian BRUNIAUX
e62af76767 docs: spinner verbs + tips personalization — new example + guide section 
- New section §3.3 Terminal Personalization Settings (ultimate-guide.md:4978)
  spinnerVerbs (mode replace/add) + spinnerTipsOverride (excludeDefault)
- New examples/config/settings-personalization.json — 19 verbs, 113+ tips, 13 categories
- reference.yaml: new spinner_personalization entry + line number fix
- CHANGELOG updated

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 10:00:58 +01:00
Florian BRUNIAUX
88c32c76ac docs: add resource eval #069 + reMarkable AI guide 
- Add evaluation of shanraisshan/claude-code-best-practice (score 4/5)
  - Documents critical bug we found and fixed (agent fields mislabeled)
  - Corrected 13 officially documented agent frontmatter fields
- Add guide/remarkable-ai.md: reMarkable 2 + AI integrations
  - MCP server, OCR pipelines, Obsidian/Notion workflows

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 18:27:46 +01:00
Florian BRUNIAUX
4a0a0bf30e docs: complete factual audit pass 2 — 90+ corrections 
Second 10-agent parallel audit covering all remaining sections:
ultimate-guide.md (ch1-ch11), workflows/ (17 files), quiz/ (12 files),
examples/agents+skills+commands. Source of truth: official Anthropic docs.

Key corrections:

Hook system (+8 missing events):
- Complete 17-event list: PermissionRequest, PostToolUseFailure, SubagentStart,
  TeammateIdle, TaskCompleted, WorktreeCreate, WorktreeRemove, SessionEnd
- SessionStart confirmed valid (previous audit wrongly doubted it)
- Hook output format: hookSpecificOutput.permissionDecision (not {"decision":"block"})
- Missing common input fields added: transcript_path, cwd, permission_mode

Agent YAML frontmatter (13 valid fields restored/added):
- Restored: disallowedTools, memory, background, isolation, skills, permissionMode, hooks
- Added new: maxTurns, mcpServers
- Fixed: tools format is comma-separated (not space-separated)

Plan Mode (12 occurrences fixed):
- Ctrl+G = "open plan in text editor" (NOT "enter plan mode")
- Plan Mode = Shift+Tab × 2 (Normal → acceptEdits → plan)

Commands table (10.1) + built-in commands (6.1):
- Added 18+ missing commands: /copy, /doctor, /hooks, /memory, /model,
  /config, /permissions, /remote-control, /rename, /resume, /sandbox, etc.

Workflow files:
- agent-teams.md: removed fake --experimental-agent-teams flag
- hooks.yaml + post_edit event → settings.json + PostToolUse (2 files)
- TodoWrite → TaskCreate/TaskUpdate (3 files)
- task-management.md: removed fake "failed" task status

Quiz / examples:
- 01-010: Esc stops mid-action (not Ctrl+C)
- refactoring-specialist.md: removed MultiEdit (not a valid tool)
- ast-grep-patterns.md: name field (not title)
- validate-changes.md, diagnose.md: field name fixes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 18:21:28 +01:00
Florian BRUNIAUX
8cb9f9efa6 docs: update Claude Code releases to v2.1.59 
- v2.1.59: auto-memory (/memory), /copy command picker, smarter compound bash prefixes, MCP OAuth race condition fix, config corruption fix
- v2.1.58: Remote Control expanded to more users

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 12:10:25 +01:00
Florian BRUNIAUX
8e63d84b47 docs: factual audit + reference sync — 260 findings corrected 
Parallel 6-agent audit against official Anthropic docs (llms-full.txt).
Key corrections applied across permissions, hooks, MCP, security, privacy, reference.yaml.

Highlights:
- Fix MCP config path (~/.claude.json), mcpServers key, variable substitution syntax
- Fix permission modes (5 not 3), :* syntax (×6), Stop event description
- Fix hook JSON field names (hook_event_name, tool_name, tool_input, session_id)
- Fix filesystem restriction docs (permission rules, not settings.json keys)
- Fix data-privacy: 4-tier retention, /bug 5yr warning, ZDR conditions, 5 telemetry opt-out vars
- Add official llms.txt/llms-full.txt references to CLAUDE.md + machine-readable/llms.txt
- Reference.yaml: 375 entries re-synced (92% had wrong line numbers — guide grew 15K→21K lines)
- New script: scripts/resync-reference-yaml.py for automated line number sync
- Quiz: corrected answers for hooks (07), memory settings (03), MCP servers (08)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-26 12:10:14 +01:00
Florian BRUNIAUX
ad735dfff4 docs(security): update threat-db v2.3.0 — CVE-2025-59536, CVE-2026-21852, +2 CVEs, T011 
New CVEs (4):
- CVE-2025-59536: Claude Code RCE via enableAllProjectMcpServers config (fixed 1.0.111)
- CVE-2026-21852: Claude Code API key theft via ANTHROPIC_BASE_URL redirect (fixed 2.0.65)
- CVE-2026-26029: sf-mcp-server command injection via child_process.exec
- CVE-2026-27203: eBay API MCP Server env variable injection

New attack technique:
- T011: Project Configuration Hijacking (.claude/settings.json / .mcp.json as attack surface)

New defensive resources:
- GuardFive AI Agent Security Scanner
- Palo Alto AI Runtime Security MCP Threat Detection

New sources (7): Check Point Research, The Hacker News, Trend Micro, 1Password, Red Hat, NVD x2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:59:03 +01:00
Florian BRUNIAUX
9dc51b7033 docs: integrate Boris Cherny / Lenny's Newsletter insights (4/5) 
3 contenus inédits issus de l'interview Boris Cherny (Head of Claude Code)
sur Lenny's Newsletter (19 fev 2026), vérifiés Perplexity :

- Ratio "80% Plan Mode" (empirique, inventeur du produit) → §2.3
- "Build for the Model 6 Months Out" (principe stratégique) → §3.2 CLAUDE.md
- 3 principes d'équipe : underfund / unlimited tokens / go faster → §3.5

+ Fichier d'évaluation (4/5, challenge technical-writer, fact-check)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:53:30 +01:00
Florian BRUNIAUX
5e893f3ccd docs: add Remote Control (§9.22) — mobile access feature documentation 
- New section 9.22 in ultimate-guide.md with full Remote Control coverage
- Cheatsheet: dedicated section + Features Méconnues + slash commands
- security-hardening.md: Part 7 Remote Control Security threat model
- machine-readable/reference.yaml: /rc, /remote-control, /mobile, subcommand
- Resource evaluation: 2026-02-25 (score 4/5, community feedback included)

Key original content vs official Anthropic docs:
- Slash commands (/new, /compact) broken in remote UI — undocumented
- tmux multi-session workaround for 1-session limit
- Community security analysis (RCE surface, CISO implications)

Research Preview — Pro/Max plans only (v2.1.51+)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:45:41 +01:00
Florian BRUNIAUX
97f9167a61 docs: add Kairn memory MCP + resource evaluations + guide updates 
- guide/ultimate-guide.md §10.2: Add Kairn (knowledge graph memory with biological decay)
  - Typed relationships (depends-on, resolves, causes), 18 MCP tools
  - Updated comparison table: Serena / grepai / doobidoo / Kairn
  - Added decision routing for long-term memory + causality tracking
- guide/ultimate-guide.md §5.1: Add real-world CLAUDE.md migration example (Avo, 600-line → 15 path-scoped files)
- guide/ai-ecosystem.md: Minor update
- machine-readable/reference.yaml: Add Kairn entries
- examples/config/mcp.json: Add Kairn MCP config
- docs/resource-evaluations/: Add 2 new evaluations (context-evaluator-packmind, kairn-memory-mcp)
- docs/resource-evaluations/agents-md-empirical-study: Add community reception section
- docs/resource-evaluations/2026-02-23-agentsview: Minor fix

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 17:39:20 +01:00
Florian BRUNIAUX
a6b0a0084a docs: update Claude Code releases to v2.1.56 
- Updated tracking: v2.1.52 → v2.1.56
- v2.1.56: VSCode extension crash fix (Windows)
- v2.1.55: BashTool EINVAL fix on Windows
- v2.1.53: Stability release (Windows panics, WebAssembly crashes Linux/Windows, Remote Control shutdown fix)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 11:49:34 +01:00
Florian BRUNIAUX
79157ac077 release: v3.29.0 
- Observability: MLflow Tracing section complète (CLI + SDK, LLM-as-judge)
- Skills §5.5: UI UX Pro Max (33.7k stars, design reasoning engine BM25)
- Diagram #41: AI Fluency High vs Low paths (Anthropic research)
- 3 callouts empiriques AI Fluency Index (Rev Engine 5.6×, CLAUDE.md 30%)
- Hooks docs v2.1.47-2.1.50: WorktreeCreate/Remove, ConfigChange, --from-pr
- CC releases tracking: v2.1.50 → v2.1.52
- 4 nouvelles évaluations ressources (AgentsView, AI Fluency, UX Pro Max)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-24 13:58:09 +01:00
Florian BRUNIAUX
939e33ab68 docs: update Claude Code releases to v2.1.52 
- v2.1.51: claude remote-control subcommand, BashTool login shell perf,
  SDK account env vars (CLAUDE_CODE_ACCOUNT_UUID etc.),
  /model human-readable labels, custom npm registries for plugins
- v2.1.52: VSCode crash fix on Windows (openLast command)
- Updated latest: 2.1.50 → 2.1.52

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-24 13:55:06 +01:00
Florian BRUNIAUX
c05e4fa4fd docs: update stats to reflect actual counts (20K lines, 274 quiz, 175 templates) 
- Guide lines: 19K → 20K+ (actual: 20,548)
- Quiz questions: 271 → 274 (actual file count)
- Templates section titles: 164 → 175 (consistent with badge)
- 19K CVEs in hero text: 18 → 24 (consistent with threat-db badge)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-23 15:40:43 +01:00
Florian BRUNIAUX
6117145837 docs: integrate veille hebdo Anthropic 17-23 fev 2026 (+177 lignes guide) 
P1 - Prompt caching + env vars:
- Strategy 6 cost optimization: cache_control API, pricing (write 1.25x, read 0.1x), break-even 2 hits
- CLAUDE_CODE_DISABLE_1M_CONTEXT + CLAUDE_CODE_SIMPLE ajoutés à la table env vars principale

P2 - Model deprecations + agents:
- Warning claude-3-haiku-20240307 deprecated 19 fev / retirement 20 avril 2026
- Frontmatter fields: background: true (v2.1.49+) + isolation: worktree (v2.1.50+)
- Section Background Agents: comportement non-blocking, gestion (ctrl+f, double ESC)
- Section claude agents CLI: commande + output annoté

P3 - Worktree isolation native + security cross-ref:
- Native worktree features: --worktree flag, isolation declaratif, WorktreeCreate/WorktreeRemove hooks
- §7.4 Security Hooks: cross-ref Claude Code Security scanner (research preview)

Eval: docs/resource-evaluations/2026-02-22-veille-hebdo-anthropic-17-23-fev.md (score 3/5)
Stats: 19K → 20K lignes (20 440 total)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-23 12:59:28 +01:00
Florian BRUNIAUX
2874eee382 docs(diagrams): add budget modifier to model selection decision flow 
Le diagramme assumait implicitement un budget illimité (Max/API).
Ajout d'un budget modifier table et community pattern basé sur le
feedback de Frédéric Camblor (Teams Standard $25/mo: Sonnet plan → Haiku impl).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-23 11:33:23 +01:00
Florian BRUNIAUX
ce9e8718df feat(diagrams): add per-node click hrefs to all 40 flowchart diagrams 
Each flowchart node now links to the specific guide section it represents
via Mermaid `click NodeId href "URL"` directives. sequenceDiagram blocks
(10 total) are skipped as Mermaid does not support click directives for them.

Files updated:
- 01-foundations.md through 10-adoption-and-learning.md
- All flowchart nodes linked to their respective guide anchors
- Architecture, MCP, security, workflows, multi-agent, cost, adoption sections

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 22:21:30 +01:00
Florian BRUNIAUX
33cf57b155 docs: document reference.yaml structure, deep_dive section, and CMD+K search index behavior 2026-02-22 20:20:04 +01:00
Florian BRUNIAUX
b6a1e63f94 fix: rename duplicate key security_gate_hook → security_gate_hook_line in reference.yaml 2026-02-22 19:24:53 +01:00
Florian BRUNIAUX
7c001da251 docs: update README + CHANGELOG for threat-db v2.2.0 
README: CVE count 19→24, malicious skills 341→655 (consistent across all occurrences + badge)
CHANGELOG: security patch entry for threat-db v2.2.0 (CVE-2026-0755, mcp-run-python SSRF, 5 new scanners, T010)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:21:53 +01:00
Florian BRUNIAUX
24b464802e fix(diagrams): replace \n with <br/> in all Mermaid node labels 
Mermaid does not support \n for line breaks — rendered literally.
Replaced all 276 occurrences with <br/> across 10 diagram files.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:17:52 +01:00
Florian BRUNIAUX
92643c1a6b docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners 
New CVEs:
- CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet)
- SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox)

New entries:
- Attack technique T010: Agent-to-Agent Communication Injection
- 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai
- 1 new defensive resource: Anthropic Claude Code Security (2026-02-21)
- 4 new sources (Lakera, Penligent AI, Snyk, THN)

Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:14:34 +01:00
Florian BRUNIAUX
8a75fd2fd2 fix(diagrams): add color:#333 to light-fill nodes for dark mode contrast 
Nodes with fill:#F5E6D3 (beige), fill:#B8B8B8 (gray), fill:#7BC47F (green)
had no explicit text color — GitHub dark mode rendered white text on light
backgrounds, making them unreadable.

Added color:#333 to all 3 light fills across all 10 diagram files.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:59:07 +01:00
Florian BRUNIAUX
dbb62306d7 release: v3.28.1 - Visual Diagrams Series (40 Mermaid diagrams) 
guide/diagrams/: new directory with 40 interactive Mermaid diagrams
- 10 thematic files: foundations, context/sessions, configuration,
  architecture, MCP ecosystem, dev workflows, multi-agent patterns,
  security/production, cost/optimization, adoption/learning
- Each diagram: Mermaid (GitHub-native) + ASCII fallback + source link
- Bold Guy palette (6-color system) consistent across all diagrams
- README with index, visual palette legend, navigation by use case

Also includes (backlog from v3.28.0→v3.28.1):
- guide/ultimate-guide.md: Managing Large MCP Server Sets, AI Code
  Disclosure Policy, claude-mem Gemini alternative, observability
- guide/workflows/plan-driven.md: Boris Tane custom markdown plans (+172L)
- guide/security-hardening.md: Part 4 PR security review workflow
- examples/agents/security-patcher.md: new security agent
- examples/hooks/bash/security-gate.sh: PreToolUse security hook
- guide/observability.md: activity monitoring, external tools, proxying
- docs/resource-evaluations/: 4 new evaluations (Boris Cherny, Moigneu,
  Boris Tane, Aristote AI instructions)
- README.md: Visual Diagrams section in "What Makes This Guide Unique"

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:51:21 +01:00
Florian BRUNIAUX
9218ab37d6 feat: security scanning workflow (auditor + patcher + gate hook) 
- security-hardening.md Part 4: PR security review workflow
  3-agent pipeline: scan → data flow trace → patch
  Tableau par type de changement (auth, DB, upload, deps)
  Hook pre-push git pour alerter sur fichiers sensibles
- security-patcher agent: applique les findings du security-auditor
  Propose avant d'écrire, jamais en autonomie (human approval gate)
  Séparation nette detect vs patch
- security-gate.sh hook: PreToolUse, 7 patterns vulnérables bloqués
  SQLi, XSS innerHTML, secrets hardcodés, eval() dynamique,
  hash faible (MD5/SHA1 password), command injection, path traversal
  Complément de dangerous-actions-blocker.sh (ops système)
- Claude Code Security (research preview) documentée dans security-hardening.md
  Comparaison Security Auditor Agent vs feature Anthropic
- reference.yaml: 4 nouvelles entrées indexées

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 15:21:35 +01:00
Florian BRUNIAUX
ac50ee7ad8 docs: add monitoring & activity audit sections to observability guide 
- guide/observability.md: +3 sections (Activity Monitoring, External Tools, Proxying)
  - Activity Monitoring: JSONL tool_use audit, jq queries, sensitive pattern detection
  - External Tools: ccusage / claude-code-otel / Akto / MLflow / ccboard comparison
  - Proxying: NODE_EXTRA_CA_CERTS, ANTHROPIC_API_URL, mitmproxy, Python proxy
- docs: ccboard Activity module implementation plan (Tab 10, Rust models, SQLite cache)
- docs: Mergify cross-system support evaluation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-21 20:29:05 +01:00