34b2ca7200
- Add guide/security-hardening.md (~10K) covering: - MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136 - Prompt injection evasion techniques (Unicode, ANSI, null bytes) - Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian) - Incident response procedures - Add 3 new security hooks: - unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection - repo-integrity-scanner.sh: scan README/package.json for injection - mcp-config-integrity.sh: verify MCP config hash - Update existing hooks: - prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd - output-secrets-scanner.sh: +env leakage, +generic tokens - Update cross-references in ultimate-guide.md (§7.4, §8.6) - Move MCP Security Hardening to Done in IDEAS.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
7 KiB
7 KiB
Claude Code Examples
Ready-to-use templates for Claude Code configuration.
Structure
| Folder | Description |
|---|---|
agents/ |
Custom AI personas for specialized tasks |
skills/ |
Reusable knowledge modules |
commands/ |
Custom slash commands |
hooks/ |
Event-driven automation scripts |
config/ |
Configuration file templates |
memory/ |
CLAUDE.md memory file templates |
scripts/ |
Utility scripts for setup and diagnostics |
github-actions/ |
CI/CD workflows for GitHub Actions |
workflows/ |
Advanced development workflow guides |
modes/ |
Behavioral modes for Claude (SuperClaude) |
Quick Start
- Copy the template you need
- Customize for your project
- Place in the correct location (see paths below)
File Locations
| Type | Project Location | Global Location |
|---|---|---|
| Agents | .claude/agents/ |
~/.claude/agents/ |
| Skills | .claude/skills/ |
~/.claude/skills/ |
| Commands | .claude/commands/ |
~/.claude/commands/ |
| Hooks | .claude/hooks/ |
~/.claude/hooks/ |
| Config | .claude/ |
~/.claude/ |
| Memory | ./CLAUDE.md or .claude/CLAUDE.md |
~/.claude/CLAUDE.md |
| Modes | — | ~/.claude/MODE_*.md |
Windows: Replace
~/.claude/with%USERPROFILE%\.claude\
Templates Index
Agents
| File | Purpose | Model |
|---|---|---|
| code-reviewer.md | Thorough code review | Sonnet |
| test-writer.md | TDD/BDD test generation | Sonnet |
| security-auditor.md | Security vulnerability detection | Sonnet |
| refactoring-specialist.md | Clean code refactoring | Sonnet |
| output-evaluator.md | LLM-as-a-Judge quality gate | Haiku |
Skills
| File | Purpose |
|---|---|
| tdd-workflow.md | Test-Driven Development process |
| security-checklist.md | OWASP Top 10 security checks |
Commands
| File | Trigger | Purpose |
|---|---|---|
| commit.md | /commit |
Conventional commit messages |
| pr.md | /pr |
Create well-structured PRs with scope analysis |
| review-pr.md | /review-pr |
PR review workflow |
| release-notes.md | /release-notes |
Generate release notes in 3 formats |
| sonarqube.md | /sonarqube |
Analyze SonarCloud quality issues for PRs |
| generate-tests.md | /generate-tests |
Test generation |
| git-worktree.md | /git-worktree |
Isolated git worktree setup |
| diagnose.md | /diagnose |
Interactive troubleshooting assistant (FR/EN) |
| validate-changes.md | /validate-changes |
LLM-as-a-Judge pre-commit validation |
Hooks
| File | Event | Purpose |
|---|---|---|
| dangerous-actions-blocker.sh | PreToolUse | Block dangerous commands/edits |
| security-check.* | PreToolUse | Block secrets in commands |
| prompt-injection-detector.sh | PreToolUse | Detect injection attempts (+ANSI, null bytes) |
| unicode-injection-scanner.sh | PreToolUse | Detect zero-width, RTL, ANSI escape |
| repo-integrity-scanner.sh | PreToolUse | Scan README/package.json for injection |
| mcp-config-integrity.sh | SessionStart | Verify MCP config hash (CVE protection) |
| output-secrets-scanner.sh | PostToolUse | Detect secrets + env leakage |
| auto-format.* | PostToolUse | Auto-format after edits |
| notification.sh | Notification | Contextual macOS sound alerts |
| output-validator.sh | PostToolUse | Heuristic output validation |
| session-logger.sh | PostToolUse | Log operations for monitoring |
| pre-commit-evaluator.sh | Git hook | LLM-as-a-Judge pre-commit |
See hooks/README.md for complete documentation and security hardening patterns
Config
| File | Purpose |
|---|---|
| settings.json | Hooks configuration |
| mcp.json | MCP servers setup |
| .gitignore-claude | Git ignore patterns |
Memory
| File | Purpose |
|---|---|
| CLAUDE.md.project-template | Team project memory |
| CLAUDE.md.personal-template | Personal global memory |
Scripts
| File | Purpose | Output |
|---|---|---|
| audit-scan.sh | Fast setup audit scanner | JSON / Human |
| check-claude.sh | Health check diagnostics (macOS/Linux) | Human |
| check-claude.ps1 | Health check diagnostics (Windows) | Human |
| clean-reinstall-claude.sh | Clean reinstall procedure (macOS/Linux) | Human |
| clean-reinstall-claude.ps1 | Clean reinstall procedure (Windows) | Human |
| session-stats.sh | Analyze session logs & costs | JSON / Human |
Usage:
./audit-scan.shfor human output,./audit-scan.sh --jsonfor JSON output
GitHub Actions
| File | Trigger | Purpose |
|---|---|---|
| claude-pr-auto-review.yml | PR open/update | Auto code review with inline comments |
| claude-security-review.yml | PR open/update | Security-focused scan (OWASP) |
| claude-issue-triage.yml | Issue opened | Auto-triage with labels and severity |
See github-actions/README.md for setup instructions and customization
Workflows
| File | Purpose |
|---|---|
| database-branch-setup.md | Isolated feature dev with database branches (Neon/PlanetScale) |
Modes
| File | Purpose | Activation |
|---|---|---|
| MODE_Learning.md | Just-in-time explanations | --learn flag |
See modes/README.md for installation and SuperClaude framework reference
See the main guide for detailed explanations, or the architecture guide for how Claude Code works internally.