d72905e9ba
Major integration of Entire CLI, an agent-native platform launched
Feb 2026 by Thomas Dohmke (ex-GitHub CEO) with $60M funding. Provides
rewindable checkpoints, approval gates, and audit trails for AI sessions.
## Added (7 guide files + 3 meta files)
- **ai-traceability.md**: Replace git-ai 404 with Entire CLI (section 5.1)
- **third-party-tools.md**: Fill "Session replay" gap + add tool section
- **observability.md**: Add session portability alternative
- **ai-ecosystem.md**: Add governance-first orchestration (section 8.1.5)
- **ultimate-guide.md**: Enrich multi-instance section 9.17
- **security-hardening.md**: Add compliance audit trails (section 3.4)
- **cheatsheet.md**: Add Community Tools quick reference
- **README.md**: Update structure tree with third-party-tools mention
- **CHANGELOG.md**: Document v3.27.0 release
- **docs/resource-evaluations/entire-cli.md**: Formal evaluation (5/5)
## Fixed
- git-ai references (404 repo) replaced with working alternative
- "Session replay" Known Gap now marked as ✅ FILLED
## Key Features Documented
- Rewindable checkpoints (prompts + reasoning + tool usage)
- Governance layer (approval gates, permissions, audit trails)
- Multi-agent handoffs (Claude → Gemini with context)
- Compliance-ready (SOC2, HIPAA, FedRAMP)
- Session portability (path-agnostic vs native --resume)
## Positioning
- vs git-ai: Replaces non-existent tool (404)
- vs claude-code-viewer: Active replay vs read-only history
- vs Gas Town: Governance sequential vs parallel coordination
Files modified: 10 (7 content + 3 meta)
Words added: ~2,500
Version: 3.26.0 → 3.27.0
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
68 lines
2.8 KiB
Markdown
68 lines
2.8 KiB
Markdown
# Security Policy
|
|
|
|
## Scope
|
|
|
|
This repository contains **documentation and educational templates** for Claude Code. It does not include executable code that processes user input or runs in production environments.
|
|
|
|
**Security concerns specific to this repository:**
|
|
- Documentation accuracy for security practices
|
|
- Template code quality and security patterns
|
|
- Threat database integrity ([`machine-readable/threat-db.yaml`](./machine-readable/threat-db.yaml))
|
|
|
|
**Out of scope:**
|
|
- Security vulnerabilities in Claude Code CLI itself → Report to [Anthropic](https://github.com/anthropics/claude-code/security)
|
|
- Security issues in MCP servers → Report to respective server maintainers
|
|
|
|
## Reporting a Security Issue
|
|
|
|
If you discover a security concern related to this guide (examples: malicious template, incorrect security advice, threat database inaccuracies), please:
|
|
|
|
1. **Email**: florian.bruniaux@methode-aristote.fr
|
|
- Subject: `[SECURITY] Claude Code Guide - Brief Description`
|
|
- Include: Affected file/section, description, impact assessment
|
|
|
|
2. **GitHub Private Disclosure**: Use [Security Advisories](../../security/advisories/new) for sensitive issues
|
|
|
|
**Response SLA**: We aim to respond within 48 hours and issue fixes within 7 days for critical issues.
|
|
|
|
## Security Resources
|
|
|
|
This guide maintains comprehensive security documentation:
|
|
|
|
- **[Security Hardening Guide](./guide/security-hardening.md)** — MCP vetting, injection defense, audit workflows
|
|
- **[Threat Database](./machine-readable/threat-db.yaml)** — 22 CVEs, 341 malicious skills
|
|
- **[Security Hooks](./examples/hooks/)** — 18 production hooks (bash + PowerShell)
|
|
- **[Security Commands](./examples/commands/)** — `/security-check`, `/security-audit`, `/update-threat-db`
|
|
|
|
## Security Maintenance
|
|
|
|
**Threat Database Updates**: The threat intelligence database is updated based on:
|
|
- CVE announcements and security advisories
|
|
- Community reports of malicious skills/MCP servers
|
|
- Anthropic security bulletins
|
|
- Academic research (e.g., prompt injection papers)
|
|
|
|
**Audit Schedule**:
|
|
- Weekly review of new MCP servers and skills
|
|
- Monthly audit of security documentation accuracy
|
|
- Quarterly full threat database refresh
|
|
|
|
**Last Updated**: 2026-02-11 (v3.26.0)
|
|
|
|
## Coordinated Disclosure
|
|
|
|
If you're a security researcher and find issues affecting multiple repositories in the Claude Code ecosystem:
|
|
|
|
1. Email us first (coordinated disclosure preferred)
|
|
2. We'll coordinate with other maintainers if needed
|
|
3. Public disclosure timing: 90 days or after fix, whichever comes first
|
|
|
|
## Acknowledgments
|
|
|
|
We thank security researchers who have contributed to improving this guide's security content through responsible disclosure.
|
|
|
|
---
|
|
|
|
**Author**: [Florian BRUNIAUX](https://github.com/FlorianBruniaux) | Founding Engineer [@Méthode Aristote](https://methode-aristote.fr)
|
|
|
|
**Guide License**: [CC BY-SA 4.0](./LICENSE)
|