marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claude-code-ultimate-guide/SECURITY.md
Florian BRUNIAUX d72905e9ba docs: integrate Entire CLI across guide (v3.27.0) 
Major integration of Entire CLI, an agent-native platform launched
Feb 2026 by Thomas Dohmke (ex-GitHub CEO) with $60M funding. Provides
rewindable checkpoints, approval gates, and audit trails for AI sessions.

## Added (7 guide files + 3 meta files)

- **ai-traceability.md**: Replace git-ai 404 with Entire CLI (section 5.1)
- **third-party-tools.md**: Fill "Session replay" gap + add tool section
- **observability.md**: Add session portability alternative
- **ai-ecosystem.md**: Add governance-first orchestration (section 8.1.5)
- **ultimate-guide.md**: Enrich multi-instance section 9.17
- **security-hardening.md**: Add compliance audit trails (section 3.4)
- **cheatsheet.md**: Add Community Tools quick reference
- **README.md**: Update structure tree with third-party-tools mention
- **CHANGELOG.md**: Document v3.27.0 release
- **docs/resource-evaluations/entire-cli.md**: Formal evaluation (5/5)

## Fixed

- git-ai references (404 repo) replaced with working alternative
- "Session replay" Known Gap now marked as  FILLED

## Key Features Documented

- Rewindable checkpoints (prompts + reasoning + tool usage)
- Governance layer (approval gates, permissions, audit trails)
- Multi-agent handoffs (Claude → Gemini with context)
- Compliance-ready (SOC2, HIPAA, FedRAMP)
- Session portability (path-agnostic vs native --resume)

## Positioning

- vs git-ai: Replaces non-existent tool (404)
- vs claude-code-viewer: Active replay vs read-only history
- vs Gas Town: Governance sequential vs parallel coordination

Files modified: 10 (7 content + 3 meta)
Words added: ~2,500
Version: 3.26.0 → 3.27.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-12 23:33:16 +01:00

2.8 KiB
Raw Blame History

Security Policy

Scope

This repository contains documentation and educational templates for Claude Code. It does not include executable code that processes user input or runs in production environments.

Security concerns specific to this repository:

Out of scope:

  • Security vulnerabilities in Claude Code CLI itself → Report to Anthropic
  • Security issues in MCP servers → Report to respective server maintainers

Reporting a Security Issue

If you discover a security concern related to this guide (examples: malicious template, incorrect security advice, threat database inaccuracies), please:

  1. Email: florian.bruniaux@methode-aristote.fr

    • Subject: [SECURITY] Claude Code Guide - Brief Description
    • Include: Affected file/section, description, impact assessment

  2. GitHub Private Disclosure: Use Security Advisories for sensitive issues

Response SLA: We aim to respond within 48 hours and issue fixes within 7 days for critical issues.

Security Resources

This guide maintains comprehensive security documentation:

Security Maintenance

Threat Database Updates: The threat intelligence database is updated based on:

  • CVE announcements and security advisories
  • Community reports of malicious skills/MCP servers
  • Anthropic security bulletins
  • Academic research (e.g., prompt injection papers)

Audit Schedule:

  • Weekly review of new MCP servers and skills
  • Monthly audit of security documentation accuracy
  • Quarterly full threat database refresh

Last Updated: 2026-02-11 (v3.26.0)

Coordinated Disclosure

If you're a security researcher and find issues affecting multiple repositories in the Claude Code ecosystem:

  1. Email us first (coordinated disclosure preferred)
  2. We'll coordinate with other maintainers if needed
  3. Public disclosure timing: 90 days or after fix, whichever comes first

Acknowledgments

We thank security researchers who have contributed to improving this guide's security content through responsible disclosure.

Author: Florian BRUNIAUX | Founding Engineer @Méthode Aristote

Guide License: CC BY-SA 4.0