marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claude-code-ultimate-guide/IDEAS.md
Florian BRUNIAUX 34b2ca7200 feat(security): add security hardening guide and hooks v3.6.0 
- Add guide/security-hardening.md (~10K) covering:
  - MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136
  - Prompt injection evasion techniques (Unicode, ANSI, null bytes)
  - Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian)
  - Incident response procedures

- Add 3 new security hooks:
  - unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection
  - repo-integrity-scanner.sh: scan README/package.json for injection
  - mcp-config-integrity.sh: verify MCP config hash

- Update existing hooks:
  - prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd
  - output-secrets-scanner.sh: +env leakage, +generic tokens

- Update cross-references in ultimate-guide.md (§7.4, §8.6)
- Move MCP Security Hardening to Done in IDEAS.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-15 07:39:53 +01:00

3.6 KiB
Raw Blame History

Ideas to Dig

Research topics for future guide improvements. Curated and validated.

Done

MCP Security Hardening

Unified security research covering MCP vulnerabilities, prompt injection, and secret detection.

Completed: Security Hardening Guide covers:

  • CVE-2025-53109/53110, 54135, 54136 with mitigations
  • MCP vetting workflow with 5-minute audit checklist
  • MCP Safe List (community vetted)
  • Prompt injection evasion techniques (Unicode, ANSI, null bytes)
  • Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian)
  • Incident response procedures (secret exposed, MCP compromised)
  • 3 new hooks: unicode-injection-scanner.sh, repo-integrity-scanner.sh, mcp-config-integrity.sh

High Priority

(No items currently)

Medium Priority

CI/CD Workflows Gallery

Concrete GitHub Actions examples for Claude Code integration.

Topics:

  • Automated PR review workflows
  • Test generation pipelines
  • Cost optimization patterns for API calls in CI
  • Pre-commit hooks integration

Perplexity Query:

GitHub Actions workflows for AI coding assistants 2024-2025:
- Automated code review with Claude/GPT
- Cost optimization for API calls in CI/CD
- Real examples from open source projects

MCP Server Catalog

Exhaustive list of MCP servers with real-world use cases.

Topics:

  • Available servers by category (dev tools, databases, APIs)
  • Performance benchmarks vs native tools
  • Security trust levels per server
  • Custom server development patterns

Perplexity Query:

MCP Model Context Protocol servers catalog 2024-2025:
- Most useful servers for developers
- Performance comparison MCP vs native tools
- How to build custom MCP servers

Lower Priority

CLAUDE.md Patterns Library

Stack-specific templates for common project types.

Topics:

  • React/Next.js optimized configurations
  • Python/FastAPI patterns
  • Go project conventions
  • Monorepo configurations

Perplexity Query:

CLAUDE.md configuration examples by framework:
- React, Next.js, Vue patterns
- Python, FastAPI, Django patterns
- Best practices from GitHub repositories

Discarded Ideas

Idea Reason Discarded
LLM Fine-tuning guide Out of scope - users don't control model training
Model architecture internals Too theoretical, not actionable
Token pricing optimization Changes too frequently, use official docs
A2A Protocol (Agent-to-Agent) Claude Code is single-agent with sub-agents, not true multi-agent
AgentOps Enterprise Dashboard Infrastructure doesn't exist for CLI tool
LLM-as-a-Judge evaluation Overkill for CLI, adds latency without proportional value
Decision Trajectory logging No access to internal traces (black box)
4 Pillars formal framework Too academic - guide already covers symptoms pragmatically
Canary/Blue-Green deployments Infrastructure patterns, not relevant for CLI
Memory Poisoning defenses Theoretical risk requiring prior system compromise
Prompt Engineering for Code Gen Already well covered (xml_prompting, prompt_formula)
Context Window Optimization Already well covered (context_management, context_triage)
Task Decomposition Patterns Covered via plan_mode, interaction_loop
Agent Architecture Comparisons Out of scope - not multi-agent theory
Real-World Case Studies Non-verifiable metrics, marketing-prone
Comparison with Other Tools Out of scope, rapid obsolescence

Contributing

Found something interesting? Add it with:

  1. Topic name and why it matters
  2. Specific research questions
  3. Perplexity query to start