marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
316 commits 1 branch 0 tags 20 MiB
Commit graph

8 commits

Author SHA1 Message Date
Florian BRUNIAUX
ac9b07a837 docs(guide): add YAML frontmatter to 24 top-level guide files 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 19:20:31 +01:00
Florian BRUNIAUX
d72905e9ba docs: integrate Entire CLI across guide (v3.27.0) 
Major integration of Entire CLI, an agent-native platform launched
Feb 2026 by Thomas Dohmke (ex-GitHub CEO) with $60M funding. Provides
rewindable checkpoints, approval gates, and audit trails for AI sessions.

## Added (7 guide files + 3 meta files)

- **ai-traceability.md**: Replace git-ai 404 with Entire CLI (section 5.1)
- **third-party-tools.md**: Fill "Session replay" gap + add tool section
- **observability.md**: Add session portability alternative
- **ai-ecosystem.md**: Add governance-first orchestration (section 8.1.5)
- **ultimate-guide.md**: Enrich multi-instance section 9.17
- **security-hardening.md**: Add compliance audit trails (section 3.4)
- **cheatsheet.md**: Add Community Tools quick reference
- **README.md**: Update structure tree with third-party-tools mention
- **CHANGELOG.md**: Document v3.27.0 release
- **docs/resource-evaluations/entire-cli.md**: Formal evaluation (5/5)

## Fixed

- git-ai references (404 repo) replaced with working alternative
- "Session replay" Known Gap now marked as  FILLED

## Key Features Documented

- Rewindable checkpoints (prompts + reasoning + tool usage)
- Governance layer (approval gates, permissions, audit trails)
- Multi-agent handoffs (Claude → Gemini with context)
- Compliance-ready (SOC2, HIPAA, FedRAMP)
- Session portability (path-agnostic vs native --resume)

## Positioning

- vs git-ai: Replaces non-existent tool (404)
- vs claude-code-viewer: Active replay vs read-only history
- vs Gas Town: Governance sequential vs parallel coordination

Files modified: 10 (7 content + 3 meta)
Words added: ~2,500
Version: 3.26.0 → 3.27.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-12 23:33:16 +01:00
Florian BRUNIAUX
deb518ceff fix(security): fact-check corrections across threat-db and hardening guide 
- CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate)
- CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD)
- CVE-2026-25536: add missing fixed_in 1.26.0
- CVE-2026-25546: add missing fixed_in 0.1.1
- Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001
- Fix Flatt Security URL to specific blog post
- Fix SentinelOne URL to specific CVE page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-11 15:11:13 +01:00
Florian BRUNIAUX
17846b1179 docs: complete Wasp fullstack essentials integration 
Complete all 4 action items from wasp-fullstack-essentials-eval.md resource
evaluation (score 3/5). Framework-agnostic insights only, promotional content
excluded.

Changes (3 sections):

1. Background tasks workflow (Section 9.5)
   - New subsection: "Background Tasks for Fullstack Development"
   - When to background tasks (5 scenarios table)
   - Fullstack workflow pattern with examples
   - Context rot prevention strategies
   - Limitations and workarounds
   - Integration with teleportation
   - /tasks monitoring guide
   - ~100 lines added to Section 9.5 "Tight Feedback Loops"

2. Chrome DevTools MCP (mcp-servers-ecosystem.md)
   - New server entry in "Browser Automation" section
   - Official Anthropic server (not community)
   - Comparison table vs Playwright MCP (debugging vs testing)
   - Setup and configuration
   - Use cases and limitations
   - Updated stats: 3 browser servers (was 2), 6 official servers (was 5)
   - ~60 lines added to Browser Automation section

3. Convention-over-config for AI (Section 9.18.1)
   - New subsection: "Convention-Over-Configuration for AI Agents"
   - Why opinionated frameworks reduce agent cognitive load
   - Comparison table: custom vs opinionated architectures
   - Examples: Next.js, Rails, Phoenix, Django
   - Real-world impact on agent productivity
   - Trade-offs analysis
   - Connection to CLAUDE.md sizing (token reduction)
   - ~60 lines added to Section 9.18.1

Total additions: ~220 lines (workflow patterns + MCP server + AX framework)

Source evaluation: docs/resource-evaluations/wasp-fullstack-essentials-eval.md
Primary sources: llmstxt.org (llms.txt), official docs (background tasks, Chrome
DevTools MCP), existing Section 9.18 (Marmelab/AX framework)

Related commits:
- 783c43b: llms.txt conceptual documentation (completed earlier)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 10:00:53 +01:00
Florian BRUNIAUX
bc86c8ed7f release: v3.20.6 - agentskills.io integration + 4 resource evaluations 
- agentskills.io open standard: frontmatter table, skills-ref CLI, portability section
- Agent Skills supply chain risks (security-hardening.md §1.2)
- anthropics/skills (60K+★) added to complementary resources
- 16 new reference.yaml entries
- Resource evaluations: agentskills.io (4/5), Skill Doctor (2/5), dclaude (new), paddo (new)
- Sandbox isolation + README updates

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 16:49:33 +01:00
Florian BRUNIAUX
c84c56bfbd docs: add AI Traceability & Attribution guide 
Comprehensive documentation on AI code attribution and disclosure:

- New guide: guide/ai-traceability.md (~640 lines)
  - LLVM "Human-in-the-Loop" policy (Assisted-by trailer)
  - Ghostty mandatory disclosure pattern
  - Fedora contributor accountability framework
  - git-ai tool documentation
  - PromptPwnd security vulnerability
  - Four-level disclosure spectrum
  - Implementation guides (solo, team, enterprise)

- Templates: examples/config/
  - CONTRIBUTING-ai-disclosure.md
  - PULL_REQUEST_TEMPLATE-ai.md

- Cross-references added to:
  - ultimate-guide.md (after Co-Authored-By section)
  - learning-with-ai.md (after Vibe Coding Trap)
  - security-hardening.md (See Also)
  - guide/README.md (table of contents)

- reference.yaml: 14 new entries for AI traceability topics

Source: Vibe coding needs git blame (Piotr Migdał, Jan 2026)
+ Perplexity research on LLVM, Ghostty, Fedora policies

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-24 20:11:53 +01:00
Florian BRUNIAUX
46c5862c4e fix(docs): critical factual corrections v3.6.1 
Major audit correcting misleading documentation about Claude Code behavior:

### Fixed
- `--add-dir`: permissions (not context loading)
- `excludePatterns` → `permissions.deny` (never existed)
- `.claudeignore` removed (not an official feature)
- "selective loading" myth → lazy loading reality
- Invented CLI flags (`--think`, `--headless`, `--learn`) → prompt keywords
- `@` file reference: "loads automatically" → "reads on-demand"

### Added
- Session Search Tool (`cs`) - zero-dep bash script for finding sessions
- Security section: Known limitations of permissions.deny

15 files modified, 516 insertions, 200 deletions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-15 09:16:53 +01:00
Florian BRUNIAUX
34b2ca7200 feat(security): add security hardening guide and hooks v3.6.0 
- Add guide/security-hardening.md (~10K) covering:
  - MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136
  - Prompt injection evasion techniques (Unicode, ANSI, null bytes)
  - Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian)
  - Incident response procedures

- Add 3 new security hooks:
  - unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection
  - repo-integrity-scanner.sh: scan README/package.json for injection
  - mcp-config-integrity.sh: verify MCP config hash

- Update existing hooks:
  - prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd
  - output-secrets-scanner.sh: +env leakage, +generic tokens

- Update cross-references in ultimate-guide.md (§7.4, §8.6)
- Move MCP Security Hardening to Done in IDEAS.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-15 07:39:53 +01:00