[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74797":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":46,"readmeContent":47,"aiSummary":48,"trendingCount":16,"starSnapshotCount":16,"syncStatus":49,"lastSyncTime":50,"discoverSource":51},74797,"claude-code-ultimate-guide","FlorianBruniaux\u002Fclaude-code-ultimate-guide","FlorianBruniaux","A tremendous feat of documentation, this guide covers Claude Code from beginner to power user, with production-ready templates for Claude Code features, guides on agentic workflows, and a lot of great learning materials, including quizzes and a handy \"cheatsheet\". Whether it's the \"ultimate\" guide to Claude Code will be up to the reader :)","https:\u002F\u002Fcc.bruniaux.com\u002F",null,"Python",4841,654,63,6,0,121,250,544,363,30.45,"Creative Commons Attribution Share Alike 4.0 International",false,"main",[26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45],"agentic-coding","ai-assistant","ai-coding","ai-pair-programming","ai-security","anthropic","best-practices","claude","claude-code","claude-code-guide","claude-code-tutorial","cli-tool","coding-assistant","cursor-alternative","developer-tools","llm","mcp-servers","prompt-engineering","tutorial","vibe-coding","2026-06-12 02:03:28","# Claude Code Ultimate Guide\n\n\u003C!-- Website CTA -->\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fflorianbruniaux.github.io\u002Fclaude-code-ultimate-guide-landing\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F🌐_Interactive_Guide-Visit_Website-ff6b35?style=for-the-badge&logoColor=white\" alt=\"Website\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003C!-- Stats -->\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\u002Fstargazers\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide?style=for-the-badge\" alt=\"Stars\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\".\u002FCHANGELOG.md\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FUpdated-May_12,_2026_·_v3.40.0-brightgreen?style=for-the-badge\" alt=\"Last Update\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\".\u002Fquiz\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FQuiz-271_questions-orange?style=for-the-badge\" alt=\"Quiz\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\".\u002Fexamples\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTemplates-181-green?style=for-the-badge\" alt=\"Templates\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003C!-- Features -->\n\u003Cp align=\"center\">\n  \u003Ca href=\".\u002Fguide\u002Fsecurity\u002Fsecurity-hardening.md\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F🛡️_Threat_DB-28_vulnerabilities_·_655_malicious_skills-red?style=for-the-badge\" alt=\"Threat Database\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\".\u002Fmcp-server\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMCP_Server-npx_ready-blueviolet?style=for-the-badge\" alt=\"MCP Server\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003C!-- Downloads -->\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\u002Freleases\u002Flatest\u002Fdownload\u002Fguide-export.pdf\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F📄_Full_Guide-Download_PDF-dc2626?style=for-the-badge\" alt=\"Download PDF\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\u002Freleases\u002Flatest\u002Fdownload\u002Fguide-export.epub\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F📚_Full_Guide-Download_EPUB-7c3aed?style=for-the-badge\" alt=\"Download EPUB\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003C!-- Meta -->\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhesreallyhim\u002Fawesome-claude-code\">\u003Cimg src=\"https:\u002F\u002Fawesome.re\u002Fmentioned-badge-flat.svg\" alt=\"Mentioned in Awesome Claude Code\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby-sa\u002F4.0\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-CC%20BY--SA%204.0-blue.svg\" alt=\"License: CC BY-SA 4.0\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fskills.palebluedot.live\u002Fowner\u002FFlorianBruniaux\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSkillHub-9_skills-8b5cf6.svg\" alt=\"SkillHub Skills\"\u002F>\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fzread.ai\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAsk_Zread-_.svg?style=flat&color=00b0aa&labelColor=000000&logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHZpZXdCb3g9IjAgMCAxNiAxNiIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTQuOTYxNTYgMS42MDAxSDIuMjQxNTZDMS44ODgxIDEuNjAwMSAxLjYwMTU2IDEuODg2NjQgMS42MDE1NiAyLjI0MDFWNC45NjAxQzEuNjAxNTYgNS4zMTM1NiAxLjg4ODEgNS42MDAxIDIuMjQxNTYgNS42MDAxSDQuOTYxNTZDNS4zMTUwMiA1LjYwMDEgNS42MDE1NiA1LjMxMzU2IDUuNjAxNTYgNC45NjAxVjIuMjQwMUM1LjYwMTU2IDEuODg2NjQgNS4zMTUwMiAxLjYwMDEgNC45NjE1NiAxLjYwMDFaIiBmaWxsPSIjZmZmIi8%2BCjxwYXRoIGQ9Ik00Ljk2MTU2IDEwLjM5OTlIMi4yNDE1NkMxLjg4ODEgMTAuMzk5OSAxLjYwMTU2IDEwLjY4NjQgMS42MDE1NiAxMS4wMzk5VjEzLjc1OTlDMS42MDE1NiAxNC4xMTM0IDEuODg4MSAxNC4zOTk5IDIuMjQxNTYgMTQuMzk5OUg0Ljk2MTU2QzUuMzE1MDIgMTQuMzk5OSA1LjYwMTU2IDE0LjExMzQgNS42MDE1NiAxMy43NTk5VjExLjAzOTlDNS42MDE1NiAxMC42ODY0IDUuMzE1MDIgMTAuMzk5OSA0Ljk2MTU2IDEwLjM5OTlaIiBmaWxsPSIjZmZmIi8%2BCjxwYXRoIGQ9Ik0xMy43NTg0IDEuNjAwMUgxMS4wMzg0QzEwLjY4NSAxLjYwMDEgMTAuMzk4NCAxLjg4NjY0IDEwLjM5ODQgMi4yNDAxVjQuOTYwMUMxMC4zOTg0IDUuMzEzNTYgMTAuNjg1IDUuNjAwMSAxMS4wMzg0IDUuNjAwMUgxMy43NTg0QzE0LjExMTkgNS42MDAxIDE0LjM5ODQgNS4zMTM1NiAxNC4zOTg0IDQuOTYwMVYyLjI0MDFDMTQuMzk4NCAxLjg4NjY0IDE0LjExMTkgMS42MDAxIDEzLjc1ODQgMS42MDAxWiIgZmlsbD0iI2ZmZiIvPgo8cGF0aCBkPSJNNCAxMkwxMiA0TDQgMTJaIiBmaWxsPSIjZmZmIi8%2BCjxwYXRoIGQ9Ik00IDEyTDEyIDQiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIxLjUiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIvPgo8L3N2Zz4K&logoColor=ffffff\" alt=\"Ask Zread\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n> **6 months of daily practice** distilled into a guide that teaches you the WHY, not just the what. From core concepts to production security, you learn to design your own agentic workflows instead of copy-pasting configs.\n\n> **If this guide helps you, [give it a star ⭐](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\u002Fstargazers)** — it helps others discover it too.\n\n---\n\n## StarMapper\n\n\u003Ca href=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\">\n  \u003Cpicture>\n    \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002Fapi\u002Fmap-image\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide?theme=dark\" \u002F>\n    \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002Fapi\u002Fmap-image\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide?theme=light\" \u002F>\n    \u003Cimg alt=\"StarMapper — see who stars this repo on a world map\" src=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002Fapi\u002Fmap-image\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\" \u002F>\n  \u003C\u002Fpicture>\n\u003C\u002Fa>\n\n---\n\n## Choose Your Path\n\n| Who you are | Your guide |\n|---|---|\n| 🏗️ **Tech Lead \u002F Engineering Manager** | [Deploying Claude Code across your team →](docs\u002Ffor-tech-leads.md) |\n| 📊 **CTO \u002F Decision Maker** | [ROI, security posture, team adoption →](docs\u002Ffor-cto.md) |\n| 💼 **CIO \u002F CEO** | [Budget, risk, what to ask your tech team (3 min) →](docs\u002Ffor-cio-ceo.md) |\n| 🎨 **Product Manager \u002F Designer** | [Vibe coding, working with AI-assisted dev teams →](docs\u002Ffor-product-managers.md) |\n| ✍️ **Writer \u002F Ops \u002F Manager** | [Claude Cowork Guide (separate repo) →](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-cowork-guide) |\n| 👨‍💻 **Developer (all levels)** | You're in the right place — read on ↓ |\n| 🧭 **Career pivot \u002F new AI role** | [AI Roles & Career Paths →](guide\u002Froles\u002Fai-roles.md) |\n\n---\n\n## 🎯 What You'll Learn\n\n**This guide teaches you to think differently about AI-assisted development:**\n- ✅ **Understand trade-offs** — When to use agents vs skills vs commands (not just how to configure them)\n- ✅ **Build mental models** — How Claude Code works internally (architecture, context flow, tool orchestration)\n- ✅ **Visualize concepts** — 48 Mermaid diagrams covering model selection, master loop, memory hierarchy, multi-agent patterns, security threats, AI fluency paths\n- ✅ **Master methodologies** — TDD, SDD, BDD with AI collaboration (not just templates)\n- ✅ **Security mindset** — Threat modeling for AI systems (only guide with 28 CVEs + 655 malicious skills database)\n- ✅ **Test your knowledge** — 271-question quiz to validate understanding (no other resource offers this)\n\n**Outcome**: Go from copy-pasting configs to designing your own agentic workflows with confidence.\n\n---\n\n## 📊 When to Use This Guide vs Everything-CC\n\nBoth guides serve different needs. Choose based on your priority.\n\n| Your Goal | This Guide | everything-claude-code |\n|-----------|------------|------------------------|\n| **Understand why** patterns work | Deep explanations + architecture | Config-focused |\n| **Quick setup** for projects | Available but not the priority | Battle-tested production configs |\n| **Learn trade-offs** (agents vs skills) | Decision frameworks + comparisons | Lists patterns, no trade-off analysis |\n| **Security hardening** | Only threat database (28 CVEs) | Basic patterns only |\n| **Test understanding** | 271-question quiz | Not available |\n| **Methodologies** (TDD\u002FSDD\u002FBDD) | Full workflow guides | Not covered |\n| **Copy-paste ready** templates | 181 templates | 200+ templates |\n\n### Ecosystem Positioning\n\n```\n                    EDUCATIONAL DEPTH\n                           ▲\n                           │\n                           │  ★ This Guide\n                           │  Security + Methodologies + 24K+ lines\n                           │\n                           │  [Everything-You-Need-to-Know]\n                           │  SDLC\u002FBMAD beginner\n  ─────────────────────────┼─────────────────────────► READY-TO-USE\n  [awesome-claude-code]    │            [everything-claude-code]\n  (discovery, curation)    │            (plugin, 1-cmd install)\n                           │\n                           │  [claude-code-studio]\n                           │  Context management\n                           │\n                      SPECIALIZED\n```\n\n**5 unique gaps no competitor covers:**\n1. **Security-First** — 28 CVEs + 655 malicious skills tracked (no competitor has this depth)\n2. **Methodology Workflows** — TDD\u002FSDD\u002FBDD comparison + step-by-step guides\n3. **Comprehensive Reference** — 24K+ lines across 16 specialized guides (24× more reference material than everything-cc)\n4. **Educational Progression** — 271-question quiz + 7-module structured learning path (beginner → advanced)\n5. **Interactive Assessment** — `\u002Fself-assessment` skill with personalized learning path recommendations\n\n**Recommended workflow:**\n1. Learn concepts here (mental models, trade-offs, security)\n2. Use battle-tested configs there (quick project setup)\n3. Return here for deep dives (when something doesn't work or to design custom workflows)\n\n**Both resources are complementary, not competitive.** Use what fits your current need.\n\n---\n\n## ⚡ Quick Start\n\n**New to Claude Code?** → [**7-Module Learning Path**](.\u002Fguide\u002Flearning-path\u002FREADME.md) — 8-11 hours, beginner to advanced\n\n**Quickest path**: [Cheat Sheet](.\u002Fguide\u002Fcheatsheet.md) — 1 printable page with daily essentials\n\n**Interactive onboarding** (no setup needed):\n```bash\nclaude \"Fetch and follow the onboarding instructions from: https:\u002F\u002Fraw.githubusercontent.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\u002Fmain\u002Ftools\u002Fonboarding-prompt.md\"\n```\n\n**Browse directly**: [Full Guide](.\u002Fguide\u002Fultimate-guide.md) | [Learning Path](.\u002Fguide\u002Flearning-path\u002F) | [Visual Diagrams](.\u002Fguide\u002Fdiagrams\u002F) | [Examples](.\u002Fexamples\u002F) | [Quiz](.\u002Fquiz\u002F)\n\n---\n\n## 🔌 MCP Server — Use the guide from any Claude Code session\n\nNo cloning needed. Add to `~\u002F.claude.json` and ask questions directly from any session:\n\n```json\n{\n  \"mcpServers\": {\n    \"claude-code-guide\": {\n      \"type\": \"stdio\",\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"claude-code-ultimate-guide-mcp\"]\n    }\n  }\n}\n```\n\n17 tools: `search_guide`, `read_section`, `get_cheatsheet`, `get_digest`, `get_example`, `list_examples`, `search_examples`, `get_release`, `get_changelog`, `compare_versions`, `list_topics`, `get_threat`, `list_threats`, plus `init_official_docs`, `refresh_official_docs`, `diff_official_docs`, `search_official_docs` (v1.1.0 — official Anthropic docs tracker) — plus 13 slash commands `\u002Fccguide:*` and a Haiku agent.\n\n**Onboarding one-liner** (once MCP is configured):\n```bash\nclaude \"Use the claude-code-guide MCP server. Activate the claude-code-expert prompt, then run a personalized onboarding: ask me 3 questions about my goal, experience level, and preferred tone — then build a custom learning path using search_guide and read_section to navigate the guide with live source links.\"\n```\n\n→ [MCP Server README](.\u002Fmcp-server\u002FREADME.md)\n\n---\n\n## 📁 Repository Structure\n\n```mermaid\ngraph LR\n    root[📦 Repository\u003Cbr\u002F>Root]\n\n    root --> guide[📖 guide\u002F\u003Cbr\u002F>24K+ lines]\n    root --> learning[🎓 learning-path\u002F\u003Cbr\u002F>7 modules]\n    root --> examples[📋 examples\u002F\u003Cbr\u002F>181 templates]\n    root --> quiz[🧠 quiz\u002F\u003Cbr\u002F>271 questions]\n    root --> tools[🔧 tools\u002F\u003Cbr\u002F>utils]\n    root --> machine[🤖 machine-readable\u002F\u003Cbr\u002F>AI index]\n    root --> docs[📚 docs\u002F\u003Cbr\u002F>151 evaluations]\n\n    style root fill:#d35400,stroke:#e67e22,stroke-width:3px,color:#fff\n    style guide fill:#2980b9,stroke:#3498db,stroke-width:2px,color:#fff\n    style learning fill:#27ae60,stroke:#2ecc71,stroke-width:2px,color:#fff\n    style examples fill:#8e44ad,stroke:#9b59b6,stroke-width:2px,color:#fff\n    style quiz fill:#d68910,stroke:#f39c12,stroke-width:2px,color:#fff\n    style tools fill:#5d6d7e,stroke:#7f8c8d,stroke-width:2px,color:#fff\n    style machine fill:#138d75,stroke:#16a085,stroke-width:2px,color:#fff\n    style docs fill:#c0392b,stroke:#e74c3c,stroke-width:2px,color:#fff\n```\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Detailed Structure (Text View)\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n```\n📦 claude-code-ultimate-guide\u002F\n│\n├─ 📖 guide\u002F              Core Documentation (24K+ lines)\n│  ├─ learning-path\u002F      7-Module Learning Path (beginners → advanced)\n│  ├─ ultimate-guide.md   Complete reference, 10 sections\n│  ├─ cheatsheet.md       1-page printable\n│  ├─ architecture.md     How Claude Code works internally\n│  ├─ methodologies.md    TDD, SDD, BDD workflows\n│  ├─ diagrams\u002F           48 Mermaid diagrams (10 thematic files)\n│  ├─ third-party-tools.md  Community tools (RTK, ccusage, Entire CLI)\n│  ├─ mcp-servers-ecosystem.md  Official & community MCP servers\n│  └─ workflows\u002F          Step-by-step guides\n│\n├─ 📋 examples\u002F           181 Production Templates\n│  ├─ CATALOG.md          Auto-generated index by complexity, time, domain\n│  ├─ agents\u002F             23 custom AI personas\n│  ├─ commands\u002F           52 slash commands\n│  ├─ hooks\u002F              37 hooks (bash + PowerShell)\n│  ├─ skills\u002F             64 skills (9 on SkillHub)\n│  └─ scripts\u002F            Utility scripts (audit, search)\n│\n├─ 🧠 quiz\u002F               271 Questions\n│  ├─ 9 categories        Setup, Agents, MCP, Trust, Advanced...\n│  ├─ 4 profiles          Junior, Senior, Power User, PM\n│  └─ Instant feedback    Doc links + score tracking\n│\n├─ 🔧 tools\u002F              Interactive Utilities\n│  ├─ onboarding-prompt   Personalized guided tour\n│  └─ audit-prompt        Setup audit & recommendations\n│\n├─ 🤖 machine-readable\u002F   AI-Optimized Index\n│  ├─ reference.yaml      Structured index (~2K tokens) — powers landing site CMD+K search\n│  ├─ claude-code-releases.yaml  Structured releases changelog\n│  └─ llms.txt            Standard LLM context file\n│\n└─ 📚 docs\u002F               151 Resource Evaluations\n   └─ resource-evaluations\u002F  5-point scoring, source attribution\n```\n\n\u003C\u002Fdetails>\n\n---\n\n## 🎯 What Makes This Guide Unique\n\n### 🎓 Deep Understanding Over Configuration\n\n**Outcome**: Design your own workflows instead of copy-pasting blindly.\n\n**We teach how Claude Code works and why patterns matter**:\n- [Architecture](.\u002Fguide\u002Fcore\u002Farchitecture.md) — Internal mechanics (context flow, tool orchestration, memory management)\n- [Trade-offs](.\u002Fguide\u002Fultimate-guide.md#when-to-use-what) — Decision frameworks for agents vs skills vs commands\n- [Configuration Decision Guide](.\u002Fguide\u002Fultimate-guide.md#27-configuration-decision-guide) — Unified \"which mechanism for what?\" map across all 7 config layers\n- [Pitfalls](.\u002Fguide\u002Fultimate-guide.md#common-mistakes) — Common failure modes + prevention strategies\n\n**What this means for you**: Troubleshoot issues independently, optimize for your specific use case, know when to deviate from patterns.\n\n---\n\n### 🖼️ Visual Diagrams Series (48 Mermaid Diagrams)\n\n**Outcome**: Grasp complex concepts instantly through visual mental models.\n\n**48 interactive diagrams** across 10 thematic files — GitHub-native Mermaid rendering + ASCII fallback for every diagram:\n- [Foundations](.\u002Fguide\u002Fdiagrams\u002F01-foundations.md) — 4-layer context model, 9-step pipeline, permission modes\n- [Architecture](.\u002Fguide\u002Fdiagrams\u002F04-architecture-internals.md) — Master loop, tool categories, system prompt assembly\n- [Multi-Agent](.\u002Fguide\u002Fdiagrams\u002F07-multi-agent-patterns.md) — 3 topologies, worktrees, dual-instance, horizontal scaling\n- [Security](.\u002Fguide\u002Fdiagrams\u002F08-security-and-production.md) — 3-layer defense, MCP rug pull attack chain, verification paradox\n- [Cost & Models](.\u002Fguide\u002Fdiagrams\u002F09-cost-and-optimization.md) — Model selection tree, token reduction pipeline\n\n[Browse all 48 diagrams →](.\u002Fguide\u002Fdiagrams\u002F)\n\n**What this means for you**: Understand the master loop before reading 24K+ lines, see multi-agent topologies at a glance, share visual security threat models with your team.\n\n---\n\n### 🛡️ Security Threat Intelligence (Only Comprehensive Database)\n\n**Outcome**: Protect production systems from AI-specific attacks.\n\n**Only guide with systematic threat tracking**:\n- **28 CVE-mapped vulnerabilities** — Prompt injection, data exfiltration, code injection\n- **655 malicious skills catalogued** — Unicode injection, hidden instructions, auto-execute patterns\n- **Production hardening workflows** — MCP vetting, injection defense, audit automation\n\n[Threat Database →](.\u002Fexamples\u002Fcommands\u002Fresources\u002Fthreat-db.yaml) | [Security Guide →](.\u002Fguide\u002Fsecurity\u002Fsecurity-hardening.md)\n\n**What this means for you**: Vet MCP servers before trusting them, detect attack patterns in configs, comply with security audits.\n\n---\n\n### 📝 271-Question Knowledge Validation (Unique in Ecosystem)\n\n**Outcome**: Verify your understanding + identify knowledge gaps.\n\n**Only comprehensive assessment available** — test across 9 categories:\n- Setup & Configuration, Agents & Sub-Agents, MCP Servers, Trust & Verification, Advanced Patterns\n\n**Features**: 4 skill profiles (Junior\u002FSenior\u002FPower User\u002FPM), instant feedback with doc links, weak area identification\n\n[Try Quiz Online →](https:\u002F\u002Fflorianbruniaux.github.io\u002Fclaude-code-ultimate-guide-landing\u002Fquiz\u002F) | [Run Locally](.\u002Fquiz\u002F)\n\n**What this means for you**: Know what you don't know, track learning progress, prepare for team adoption discussions.\n\n---\n\n### 🤖 Agent Teams Coverage (v2.1.32+ Experimental)\n\n**Outcome**: Parallelize work on large codebases (Fountain: 50% faster, CRED: 2x speed).\n\n**Only comprehensive guide to Anthropic's multi-agent coordination**:\n- Production metrics from real companies (autonomous C compiler, 500K hours saved)\n- 5 validated workflows (multi-layer review, parallel debugging, large-scale refactoring)\n- Decision framework: Teams vs Multi-Instance vs Dual-Instance vs Beads\n\n[Agent Teams Workflow →](.\u002Fguide\u002Fworkflows\u002Fagent-teams.md) | [Section 9.20 →](.\u002Fguide\u002Fultimate-guide.md#920-agent-teams-multi-agent-coordination)\n\n**What this means for you**: Break monolithic tasks into parallelizable work, coordinate multi-file refactors, review your own AI-generated code.\n\n---\n\n### 🔬 Methodologies (Structured Development Workflows)\n\n**Outcome**: Maintain code quality while working with AI.\n\nComplete guides with rationale and examples:\n- [TDD](.\u002Fguide\u002Fcore\u002Fmethodologies.md#1-tdd-test-driven-development-with-claude) — Test-Driven Development (Red-Green-Refactor with AI)\n- [SDD](.\u002Fguide\u002Fcore\u002Fmethodologies.md#2-sdd-specification-driven-development) — Specification-Driven Development (Design before code)\n- [BDD](.\u002Fguide\u002Fcore\u002Fmethodologies.md#3-bdd-behavior-driven-development) — Behavior-Driven Development (User stories → tests)\n- [GSD](.\u002Fguide\u002Fcore\u002Fmethodologies.md#gsd-get-shit-done) — Get Shit Done (Pragmatic delivery)\n\n**What this means for you**: Choose the right workflow for your team culture, integrate AI into existing processes, avoid technical debt from AI over-reliance.\n\n---\n\n### 📚 181 Annotated Templates\n\n**Outcome**: Learn patterns, not just configs.\n\nEducational templates with explanations:\n- Agents (23), Commands (52), Hooks (37), Skills (64)\n- Comments explaining **why** each pattern works (not just what it does)\n- Gradual complexity progression (simple → advanced)\n\n[Browse Catalog →](.\u002Fexamples\u002F)\n\n**What this means for you**: Understand the reasoning behind patterns, adapt templates to your context, create your own custom patterns.\n\n---\n\n### 🔍 151 Resource Evaluations\n\n**Outcome**: Trust our recommendations are evidence-based.\n\nSystematic assessment of external resources (5-point scoring):\n- Articles, videos, tools, frameworks\n- Honest assessments with source attribution (no marketing fluff)\n- Integration recommendations with trade-offs\n\n[See Evaluations →](.\u002Fdocs\u002Fresource-evaluations\u002F)\n\n**What this means for you**: Save time vetting resources, understand limitations before adopting tools, make informed decisions.\n\n---\n\n## 🎯 Learning Paths\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Junior Developer\u003C\u002Fstrong> — Foundation path (7 steps)\u003C\u002Fsummary>\n\n1. [Quick Start](.\u002Fguide\u002Fultimate-guide.md#1-quick-start-day-1) — Install & first workflow\n2. [Essential Commands](.\u002Fguide\u002Fultimate-guide.md#13-essential-commands) — The 7 commands\n3. [Context Management](.\u002Fguide\u002Fultimate-guide.md#22-context-management) — Critical concept\n4. [Memory Files](.\u002Fguide\u002Fultimate-guide.md#31-memory-files-claudemd) — Your first CLAUDE.md\n5. [Learning with AI](.\u002Fguide\u002Froles\u002Flearning-with-ai.md) — Use AI without becoming dependent ⭐\n6. [TDD Workflow](.\u002Fguide\u002Fworkflows\u002Ftdd-with-claude.md) — Test-first development\n7. [Cheat Sheet](.\u002Fguide\u002Fcheatsheet.md) — Print this\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Senior Developer\u003C\u002Fstrong> — Intermediate path (6 steps)\u003C\u002Fsummary>\n\n1. [Core Concepts](.\u002Fguide\u002Fultimate-guide.md#2-core-concepts) — Mental model\n2. [Plan Mode](.\u002Fguide\u002Fultimate-guide.md#23-plan-mode) — Safe exploration\n3. [Methodologies](.\u002Fguide\u002Fcore\u002Fmethodologies.md) — TDD, SDD, BDD reference\n4. [Agents](.\u002Fguide\u002Fultimate-guide.md#4-agents) — Custom AI personas\n5. [Hooks](.\u002Fguide\u002Fultimate-guide.md#7-hooks) — Event automation\n6. [CI\u002FCD Integration](.\u002Fguide\u002Fultimate-guide.md#93-cicd-integration) — Pipelines\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Power User\u003C\u002Fstrong> — Comprehensive path (8 steps)\u003C\u002Fsummary>\n\n1. [Complete Guide](.\u002Fguide\u002Fultimate-guide.md) — End-to-end\n2. [Architecture](.\u002Fguide\u002Fcore\u002Farchitecture.md) — How Claude Code works\n3. [Security Hardening](.\u002Fguide\u002Fsecurity\u002Fsecurity-hardening.md) — MCP vetting, injection defense\n4. [MCP Servers](.\u002Fguide\u002Fultimate-guide.md#8-mcp-servers) — Extended capabilities\n5. [Trinity Pattern](.\u002Fguide\u002Fultimate-guide.md#91-the-trinity) — Advanced workflows\n6. [Observability](.\u002Fguide\u002Fops\u002Fobservability.md) — Monitor costs & sessions\n7. [Agent Teams](.\u002Fguide\u002Fworkflows\u002Fagent-teams.md) — Multi-agent coordination (Opus 4.7+ experimental)\n8. [Examples](.\u002Fexamples\u002F) — Production templates\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Product Manager \u002F DevOps \u002F Designer\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n**Product Manager** (5 steps):\n1. [What's Inside](#-whats-inside) — Scope overview\n2. [Golden Rules](#-golden-rules) — Key principles\n3. [Data Privacy](.\u002Fguide\u002Fsecurity\u002Fdata-privacy.md) — Retention & compliance\n4. [Adoption Approaches](.\u002Fguide\u002Froles\u002Fadoption-approaches.md) — Team strategies\n5. [PM FAQ](.\u002Fguide\u002Fultimate-guide.md#can-product-managers-use-claude-code) — Code-adjacent vs non-coding PMs\n\n**Note**: Non-coding PMs should consider [Claude Cowork Guide](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-cowork-guide) instead.\n\n**DevOps \u002F SRE** (5 steps):\n1. [DevOps & SRE Guide](.\u002Fguide\u002Fops\u002Fdevops-sre.md) — FIRE framework\n2. [K8s Troubleshooting](.\u002Fguide\u002Fops\u002Fdevops-sre.md#kubernetes-troubleshooting) — Symptom-based prompts\n3. [Incident Response](.\u002Fguide\u002Fops\u002Fdevops-sre.md#pattern-incident-response) — Workflows\n4. [IaC Patterns](.\u002Fguide\u002Fops\u002Fdevops-sre.md#pattern-infrastructure-as-code) — Terraform, Ansible\n5. [Guardrails](.\u002Fguide\u002Fops\u002Fdevops-sre.md#guardrails--adoption) — Security boundaries\n\n**Product Designer** (5 steps):\n1. [Working with Images](.\u002Fguide\u002Fultimate-guide.md#24-working-with-images) — Image analysis\n2. [Wireframing Tools](.\u002Fguide\u002Fultimate-guide.md#wireframing-tools) — ASCII\u002FExcalidraw\n3. [Figma MCP](.\u002Fguide\u002Fultimate-guide.md#figma-mcp) — Design file access\n4. [Design-to-Code Workflow](.\u002Fguide\u002Fworkflows\u002Fdesign-to-code.md) — Figma → Claude\n5. [Cheat Sheet](.\u002Fguide\u002Fcheatsheet.md) — Print this\n\n\u003C\u002Fdetails>\n\n### Progressive Journey\n\n- **Week 1**: Foundations (install, CLAUDE.md, first agent)\n- **Week 2**: Core Features (skills, hooks, trust calibration)\n- **Week 3**: Advanced (MCP servers, methodologies)\n- **Month 2+**: Production mastery (CI\u002FCD, observability)\n\n---\n\n## 🔧 Rate Limits & Cost Savings\n\n**cc-copilot-bridge** routes Claude Code through GitHub Copilot Pro+ for flat-rate access ($10\u002Fmonth instead of per-token billing).\n\n```bash\n# Install\ngit clone https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fcc-copilot-bridge.git && cd cc-copilot-bridge && .\u002Finstall.sh\n\n# Use\nccc   # Copilot mode (flat $10\u002Fmonth)\nccd   # Direct Anthropic mode (per-token)\ncco   # Offline mode (Ollama, 100% local)\n```\n\n**Benefits**: Multi-provider switching, rate limit bypass, 99%+ cost savings on heavy usage.\n\n→ **[cc-copilot-bridge](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fcc-copilot-bridge)**\n\n---\n\n## 🔑 Golden Rules\n\n### 1. Verify Trust Before Use\n\nClaude Code can generate 1.75x more logic errors than human-written code ([ACM 2025](https:\u002F\u002Fdl.acm.org\u002Fdoi\u002F10.1145\u002F3716848)). Every output must be verified. Use `\u002Finsights` commands and verify patterns through tests.\n\n**Strategy:** Solo dev (verify logic + edge cases). Team (systematic peer review). Production (mandatory gating tests).\n\n---\n\n### 2. Never Approve MCPs from Unknown Sources\n\n28 CVEs identified in Claude Code ecosystem. 655 malicious skills in supply chain. MCP servers can read\u002Fwrite your codebase.\n\n**Strategy:** Systematic audit (5-min checklist). Community-vetted MCP Safe List. Vetting workflow documented in guide.\n\n---\n\n### 3. Context Pressure Changes Behavior\n\nAt 70% context, Claude starts losing precision. At 85%, hallucinations increase. At 90%+, responses become erratic.\n\n**Strategy:** 0-50% (work freely). 50-70% (attention). 70-90% (`\u002Fcompact`). 90%+ (`\u002Fclear` mandatory).\n\n---\n\n### 4. Start Simple, Scale Smart\n\nStart with basic CLAUDE.md + a few commands. Test in production for 2 weeks. Add agents\u002Fskills only if need is proven.\n\n**Strategy:** Phase 1 (basic). Phase 2 (commands + hooks if needed). Phase 3 (agents if multi-context). Phase 4 (MCP servers if truly required).\n\n---\n\n### 5. Methodologies Matter More with AI\n\nTDD\u002FSDD\u002FBDD are not optional with Claude Code. AI accelerates bad code as much as good code.\n\n**Strategy:** TDD (critical logic). SDD (architecture upfront). BDD (PM\u002Fdev collaboration). GSD (throwaway prototypes).\n\n---\n\n### Quick Reference\n\n| # | Rule | Key Metric | Action |\n|---|------|------------|--------|\n| 1 | Verify Trust | 1.75x more logic errors | Test everything, peer review |\n| 2 | Vet MCPs | 28 CVEs, 655 malicious skills | 5-min audit checklist |\n| 3 | Manage Context | 70% = precision loss | `\u002Fcompact` at 70%, `\u002Fclear` at 90% |\n| 4 | Start Simple | 2-week test period | Phase 1→4 progressive adoption |\n| 5 | Use Methodologies | AI amplifies good AND bad | TDD\u002FSDD\u002FBDD by context |\n\n> Context management is critical. See the [Cheat Sheet](.\u002Fguide\u002Fcheatsheet.md#context-management-critical) for thresholds and actions.\n\n---\n\n## 🤖 For AI Assistants\n\n| Resource | Purpose | Tokens |\n|----------|---------|--------|\n| **[llms.txt](.\u002Fmachine-readable\u002Fllms.txt)** | Standard context file | ~1K |\n| **[reference.yaml](.\u002Fmachine-readable\u002Freference.yaml)** | Structured index with line numbers | ~2K |\n\n**Quick load**: `curl -sL https:\u002F\u002Fraw.githubusercontent.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\u002Fmain\u002Fmachine-readable\u002Freference.yaml`\n\n### reference.yaml — Structure & Landing Site Search\n\n`reference.yaml` is organized into several top-level sections:\n\n| Section | Content |\n|---------|---------|\n| `lines` | Line number references for key sections in `ultimate-guide.md` |\n| `deep_dive` | Key → file path mappings for all guides, examples, hooks, agents, commands |\n| `decide` | Decision tree (when to use what) |\n| `stats` | Counters (templates, questions, CVEs…) |\n\n**The `deep_dive` section powers the [landing site](https:\u002F\u002Fcc.bruniaux.com) CMD+K search.** The build script (`scripts\u002Fbuild-guide-index.mjs`) parses it to generate 160 search entries.\n\n#### How the search index works\n\nThe CMD+K search on the landing site is an **explicit index** — not a full-text search. Only entries listed in `deep_dive` are indexed. Keywords are derived mechanically from the key name and file path, not from the file content.\n\n**Consequence**: adding a new guide section requires explicitly adding an entry to `deep_dive`, then running `pnpm build:search` in the landing repo.\n\n#### Maintaining reference.yaml\n\n**Adding a new entry** to `deep_dive`:\n```yaml\ndeep_dive:\n  # existing entries...\n  my_new_section: \"guide\u002Fmy-new-file.md\"          # local guide file\n  my_hook_example: \"examples\u002Fhooks\u002Fbash\u002Ffoo.sh\"   # example file\n  my_section_ref: \"guide\u002Fultimate-guide.md:1234\"  # with line number anchor\n```\n\n**Critical: avoid duplicate keys.** If a key appears twice in `deep_dive`, the YAML parser fails and the landing site search index becomes empty (0 entries). The build exits with a warning but no hard error:\n\n```\n[build-guide-index] ERROR: Failed to parse YAML: duplicated mapping key\n[build-guide-index] Generating empty guide-search-entries.ts\n```\n\nUse distinct names — e.g. if you need both a line-number reference and a file path for the same concept, suffix the line-number key with `_line`:\n```yaml\nsecurity_gate_hook_line: 6907                              # line number ref\nsecurity_gate_hook: \"examples\u002Fhooks\u002Fbash\u002Fsecurity-gate.sh\" # file path ref\n```\n\n---\n\n## 📄 Whitepapers (FR + EN)\n\n11 focused whitepapers covering Claude Code in depth — PDF + EPUB, available in French and English. 472 pages total.\n\n> **Coming soon** — currently in private access. Public release planned.\n\n| # | FR | EN | Pages |\n|---|----|----|-------|\n| **00** | *De Zéro à Productif* | *From Zero to Productive* | 20 |\n| **01** | *Prompts qui Marchent* | *Prompts That Work* | 40 |\n| **02** | *Personnaliser Claude* | *Customizing Claude* | 47 |\n| **03** | *Sécurité en Production* | *Security in Production* | 48 |\n| **04** | *L'Architecture Démystifiée* | *Architecture Demystified* | 40 |\n| **05** | *Déployer en Équipe* | *Team Deployment* | 43 |\n| **06** | *Privacy & Compliance* | *Privacy & Compliance* | 29 |\n| **07** | *Guide de Référence* | *Reference Guide* | 87 |\n| **08** | *Agent Teams* | *Agent Teams* | 42 |\n| **09** | *Apprendre avec l'IA* | *Learning with AI* — UVAL protocol, comprehension debt | 49 |\n| **10** | *Convaincre son Employeur* | *Making the Case for AI* — ROI dossier for CEO\u002FCTO\u002FCFO | 27 |\n\n## 🗂️ Recap Cards (FR, EN coming)\n\n57 single-page A4 reference cards — printable, one concept per card. Available in French; English version in progress.\n\n> **Browse online**: [cc.bruniaux.com\u002Fcheatsheets\u002F](https:\u002F\u002Fcc.bruniaux.com\u002Fcheatsheets\u002F)\n\n- **Technique (22 cards)** — Commands, permissions, configuration, MCP, models, context window\n- **Méthodologie (22 cards)** — Daily workflow, agents, hooks, CI\u002FCD, multi-agent, debug\n- **Conception (13 cards)** — Mental models, prompting, security by design, cost patterns\n\n---\n\n## 🌍 Ecosystem\n\n### Claude Cowork (Non-Developers)\n\n**Claude Cowork** is the companion guide for non-technical users (knowledge workers, assistants, managers).\n\nSame agentic capabilities as Claude Code, but through a visual interface with no coding required.\n\n→ **[Claude Cowork Guide](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-cowork-guide)** — File organization, document generation, automated workflows\n\n**Status**: Research preview (Pro $20\u002Fmo or Max $100-200\u002Fmo, macOS only, **VPN incompatible**)\n\n### Claude Code Plugins (Marketplace)\n\nAll 181 templates from this guide packaged as installable Claude Code plugins — hooks auto-wired, no manual config:\n\n```bash\n# Add the marketplace\nclaude plugin marketplace add FlorianBruniaux\u002Fclaude-code-plugins\n\n# Install the plugins you need\nclaude plugin install security-suite       # OWASP auditing, cyber-defense pipeline, 13 hooks\nclaude plugin install devops-pipeline      # CI\u002FCD, git worktrees, GitHub Actions\nclaude plugin install release-automation   # Changelog + release notes + social content\nclaude plugin install code-quality         # SOLID refactoring, TDD, GoF patterns, 6 agents\nclaude plugin install pr-workflow          # Planning gates, PR\u002Fissue triage, handoffs\nclaude plugin install session-tools        # ccboard monitoring, voice refinement, 11 hooks\nclaude plugin install ai-methodology       # Scaffolding, 6-stage talk pipeline, context-engineering\nclaude plugin install session-summary      # Session analytics dashboard (15 sections)\n```\n\n> **[FlorianBruniaux\u002Fclaude-code-plugins](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-plugins)** — 8 plugins, 181 templates, one marketplace\n\n### Complementary Resources\n\n| Project | Focus | Best For |\n|---------|-------|----------|\n| [everything-claude-code](https:\u002F\u002Fgithub.com\u002Faffaan-m\u002Feverything-claude-code) | Production configs (45k+ stars) | Quick setup, battle-tested patterns |\n| [claude-code-templates](https:\u002F\u002Fgithub.com\u002Fdavila7\u002Fclaude-code-templates) | Distribution (200+ templates) | CLI installation (17k stars) |\n| [anthropics\u002Fskills](https:\u002F\u002Fgithub.com\u002Fanthropics\u002Fskills) | Official Anthropic skills (60K+ stars) | Documents, design, dev templates |\n| [anthropics\u002Fclaude-plugins-official](https:\u002F\u002Fskills.sh\u002Fanthropics\u002Fclaude-plugins-official) | Plugin dev tools (3.1K installs) | CLAUDE.md audit, automation discovery |\n| [skills.sh](https:\u002F\u002Fskills.sh\u002F) | Skills marketplace | One-command install (Vercel Labs) |\n| [awesome-claude-code](https:\u002F\u002Fgithub.com\u002Fhesreallyhim\u002Fawesome-claude-code) | Curation | Resource discovery |\n| [awesome-claude-skills](https:\u002F\u002Fgithub.com\u002FBehiSecc\u002Fawesome-claude-skills) | Skills taxonomy | 62 skills across 12 categories |\n| [awesome-claude-md](https:\u002F\u002Fgithub.com\u002Fjosix\u002Fawesome-claude-md) | CLAUDE.md examples | Annotated configs with scoring |\n| [AI Coding Agents Matrix](https:\u002F\u002Fcoding-agents-matrix.dev) | Technical comparison | Comparing 23+ alternatives |\n\n**Community**: 🇫🇷 [Dev With AI](https:\u002F\u002Fwww.devw.ai\u002F) — 1500+ devs on Slack, meetups in Paris, Bordeaux, Lyon\n\n→ **[AI Ecosystem Guide](.\u002Fguide\u002Fecosystem\u002Fai-ecosystem.md)** — Complete integration patterns with complementary AI tools\n\n---\n\n## 🛡️ Security\n\n**Comprehensive MCP security coverage** — the only guide with a threat intelligence database and production hardening workflows.\n\n### Official Security Tools\n\n| Tool | Purpose | Maintained By |\n|------|---------|---------------|\n| [claude-code-security-review](https:\u002F\u002Fgithub.com\u002Fanthropics\u002Fclaude-code-security-review) | GitHub Action for automated security scanning | Anthropic (official) |\n| This Guide's Threat DB | Intelligence layer (28 CVEs, 655 malicious skills) | Community |\n\n**Workflow**: Use GitHub Action for automation → Consult Threat DB for threat intelligence.\n\n### Threat Database\n\n**28 CVE-mapped vulnerabilities** and **655 malicious skills** tracked in [`examples\u002Fcommands\u002Fresources\u002Fthreat-db.yaml`](.\u002Fexamples\u002Fcommands\u002Fresources\u002Fthreat-db.yaml):\n\n| Threat Category | Count | Examples |\n|----------------|-------|----------|\n| **Code\u002FCommand Injection** | 5 CVEs | CLI bypass (CVE-2025-66032), child_process exec |\n| **Path Traversal & Access** | 4 CVEs | Symlink escape (CVE-2025-53109), prefix bypass |\n| **RCE & Prompt Hijacking** | 4 CVEs | MCP Inspector RCE (CVE-2025-49596), session hijack |\n| **SSRF & DNS Rebinding** | 4 CVEs | WebFetch SSRF (CVE-2026-24052), DNS rebinding |\n| **Data Leakage** | 1 CVE | Cross-client response leak (CVE-2026-25536) |\n| **Malicious Skills** | 655 patterns | Unicode injection, hidden instructions, auto-execute |\n\n**Taxonomies**: 10 attack surfaces × 11 threat types × 8 impact levels\n\n### Hardening Resources\n\n| Resource | Purpose | Time |\n|----------|---------|------|\n| **[Security Hardening Guide](.\u002Fguide\u002Fsecurity\u002Fsecurity-hardening.md)** | MCP vetting, injection defense, audit workflow | 25 min |\n| **[Data Privacy Guide](.\u002Fguide\u002Fsecurity\u002Fdata-privacy.md)** | Retention policies (5yr → 30d → 0), GDPR compliance | 10 min |\n| **[Sandbox Isolation](.\u002Fguide\u002Fsecurity\u002Fsandbox-isolation.md)** | Docker sandboxes for untrusted MCP servers | 10 min |\n| **[Production Safety](.\u002Fguide\u002Fsecurity\u002Fproduction-safety.md)** | Infrastructure locks, port stability, DB safety | 20 min |\n\n### Security Commands\n\n```bash\n\u002Fsecurity-check      # Quick scan config vs known threats (~30s)\n\u002Fsecurity-audit      # Full 6-phase audit with score \u002F100 (2-5min)\n\u002Fupdate-threat-db    # Research & update threat intelligence\n\u002Faudit-agents-skills # Quality audit with security checks\n```\n\n### Security Hooks\n\n**37 production hooks** (bash + PowerShell) in [`examples\u002Fhooks\u002F`](.\u002Fexamples\u002Fhooks\u002F):\n\n| Hook | Purpose |\n|------|---------|\n| [dangerous-actions-blocker](.\u002Fexamples\u002Fhooks\u002Fbash\u002Fdangerous-actions-blocker.sh) | Block `rm -rf`, force-push, production ops |\n| [prompt-injection-detector](.\u002Fexamples\u002Fhooks\u002Fbash\u002Fprompt-injection-detector.sh) | Detect injection patterns in CLAUDE.md\u002Fprompts |\n| [unicode-injection-scanner](.\u002Fexamples\u002Fhooks\u002Fbash\u002Funicode-injection-scanner.sh) | Detect hidden Unicode (zero-width, RTL override) |\n| [output-secrets-scanner](.\u002Fexamples\u002Fhooks\u002Fbash\u002Foutput-secrets-scanner.sh) | Prevent API keys\u002Ftokens in Claude responses |\n\n**[Browse All Security Hooks →](.\u002Fexamples\u002Fhooks\u002F)**\n\n### MCP Vetting Workflow\n\n**Systematic evaluation before trusting MCP servers:**\n\n1. **Provenance**: GitHub verified, 100+ stars, active maintenance\n2. **Code Review**: Minimal privileges, no obfuscation, open-source\n3. **Permissions**: Whitelist-only filesystem access, network restrictions\n4. **Testing**: Isolated Docker sandbox first, monitor tool calls\n5. **Monitoring**: Session logs, error tracking, regular re-audits\n\n**[Full MCP Security Workflow →](.\u002Fguide\u002Fsecurity\u002Fsecurity-hardening.md#vetting-mcp-servers)**\n\n---\n\n## 📖 About\n\nThis guide is the result of **6 months of daily practice** with Claude Code. The goal isn't to be exhaustive (the tool evolves too fast), but to share what works in production.\n\n**What you'll find:**\n- Patterns verified in production (not theory)\n- Trade-off explanations (not just \"here's how to do it\")\n- Security first (28 CVEs tracked)\n- Transparency on limitations (Claude Code isn't magic)\n\n**What you won't find:**\n- Definitive answers (tool is too new)\n- Universal configs (every project is different)\n- Marketing promises (zero bullshit)\n\nUse this guide critically. Experiment. Share what works for you.\n\n**Feedback welcome:** [GitHub Issues](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\u002Fissues)\n\n### About the Author\n\n**Florian Bruniaux** — Founding Engineer @ [Méthode Aristote](https:\u002F\u002Fmethode-aristote.fr) (EdTech + AI). 12 years in tech (Dev → Lead → EM → VP Eng → CTO). Current focus: Rust CLI tools, MCP servers, AI developer tooling.\n\n| Project | Description | Links |\n|---------|-------------|-------|\n| **RTK** | CLI proxy — 60-90% LLM token reduction | [GitHub](https:\u002F\u002Fgithub.com\u002Frtk-ai\u002Frtk) · [Site](https:\u002F\u002Fwww.rtk-ai.app\u002F) |\n| **ccboard** | Real-time TUI\u002FWeb dashboard for Claude Code | [GitHub](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fccboard) · [Demo](https:\u002F\u002Fccboard.bruniaux.com\u002F) |\n| **Claude Cowork Guide** | 26 business workflows for non-coders | [GitHub](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-cowork-guide) · [Site](https:\u002F\u002Fcowork.bruniaux.com\u002F) |\n| **cc-copilot-bridge** | Bridge between Claude Code & GitHub Copilot | [GitHub](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fcc-copilot-bridge) · [Site](https:\u002F\u002Fccbridge.bruniaux.com\u002F) |\n| **Agent Academy** | MCP server for AI agent learning | [GitHub](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fagent-academy) |\n| **techmapper** | Tech stack mapping & visualization | [GitHub](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Ftechmapper) |\n\n[GitHub](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux) · [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fflorian-bruniaux-43408b83\u002F) · [Portfolio](https:\u002F\u002Fflorian.bruniaux.com\u002F)\n\n---\n\n## 📚 What's Inside\n\n### Core Documentation\n\n| File | Purpose | Time |\n|------|---------|------|\n| **[Ultimate Guide](.\u002Fguide\u002Fultimate-guide.md)** | Complete reference (24K+ lines), 10 sections | 30-40h (full) • Most consult sections |\n| **[Cheat Sheet](.\u002Fguide\u002Fcheatsheet.md)** | 1-page printable reference | 5 min |\n| **[Visual Reference](.\u002Fguide\u002Fcore\u002Fvisual-reference.md)** | 20 ASCII diagrams for key concepts | 5 min |\n| **[Architecture](.\u002Fguide\u002Fcore\u002Farchitecture.md)** | How Claude Code works internally | 25 min |\n| **[Methodologies](.\u002Fguide\u002Fcore\u002Fmethodologies.md)** | TDD, SDD, BDD reference | 20 min |\n| **[Workflows](.\u002Fguide\u002Fworkflows\u002F)** | Practical guides (TDD, Plan-Driven, Task Management) | 30 min |\n| **[Data Privacy](.\u002Fguide\u002Fsecurity\u002Fdata-privacy.md)** | Retention & compliance | 10 min |\n| **[Security Hardening](.\u002Fguide\u002Fsecurity\u002Fsecurity-hardening.md)** | MCP vetting, injection defense | 25 min |\n| **[Sandbox Isolation](.\u002Fguide\u002Fsecurity\u002Fsandbox-isolation.md)** | Docker Sandboxes, cloud alternatives, safe autonomy | 10 min |\n| **[Production Safety](.\u002Fguide\u002Fsecurity\u002Fproduction-safety.md)** | Port stability, DB safety, infrastructure lock | 20 min |\n| **[DevOps & SRE](.\u002Fguide\u002Fops\u002Fdevops-sre.md)** | FIRE framework, K8s troubleshooting, incident response | 30 min |\n| **[AI Ecosystem](.\u002Fguide\u002Fecosystem\u002Fai-ecosystem.md)** | Complementary AI tools & integration patterns | 20 min |\n| **[AI Traceability](.\u002Fguide\u002Fops\u002Fai-traceability.md)** | Code attribution & provenance tracking | 15 min |\n| **[Search Tools Cheatsheet](.\u002Fguide\u002Fcheatsheet.md)** | Grep, Serena, ast-grep, grepai comparison | 5 min |\n| **[Learning with AI](.\u002Fguide\u002Froles\u002Flearning-with-ai.md)** | Use AI without becoming dependent | 15 min |\n| **[Claude Code Releases](.\u002Fguide\u002Fcore\u002Fclaude-code-releases.md)** | Official release history | 10 min |\n| **[Credits](.\u002Fguide\u002Fcore\u002Fcredits.md)** | Open-source inspirations and pattern attributions | 2 min |\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Examples Library\u003C\u002Fstrong> (181 templates)\u003C\u002Fsummary>\n\n**Agents** (23): [code-reviewer](.\u002Fexamples\u002Fagents\u002Fcode-reviewer.md), [test-writer](.\u002Fexamples\u002Fagents\u002Ftest-writer.md), [security-auditor](.\u002Fexamples\u002Fagents\u002Fsecurity-auditor.md), [refactoring-specialist](.\u002Fexamples\u002Fagents\u002Frefactoring-specialist.md), [output-evaluator](.\u002Fexamples\u002Fagents\u002Foutput-evaluator.md), [devops-sre](.\u002Fexamples\u002Fagents\u002Fdevops-sre.md) ⭐\n\n**Slash Commands** (52): [\u002Fpr](.\u002Fexamples\u002Fcommands\u002Fpr.md), [\u002Fcommit](.\u002Fexamples\u002Fcommands\u002Fcommit.md), [\u002Frelease-notes](.\u002Fexamples\u002Fcommands\u002Frelease-notes.md), [\u002Fdiagnose](.\u002Fexamples\u002Fcommands\u002Fdiagnose.md), [\u002Fsecurity](.\u002Fexamples\u002Fcommands\u002Fsecurity.md), [\u002Fsecurity-check](.\u002Fexamples\u002Fcommands\u002Fsecurity-check.md) **, [\u002Fsecurity-audit](.\u002Fexamples\u002Fcommands\u002Fsecurity-audit.md) **, [\u002Fupdate-threat-db](.\u002Fexamples\u002Fcommands\u002Fupdate-threat-db.md) **, [\u002Frefactor](.\u002Fexamples\u002Fcommands\u002Frefactor.md), [\u002Fexplain](.\u002Fexamples\u002Fcommands\u002Fexplain.md), [\u002Foptimize](.\u002Fexamples\u002Fcommands\u002Foptimize.md), [\u002Fship](.\u002Fexamples\u002Fcommands\u002Fship.md)...\n\n**Security Hooks** (37): [dangerous-actions-blocker](.\u002Fexamples\u002Fhooks\u002Fbash\u002Fdangerous-actions-blocker.sh), [prompt-injection-detector](.\u002Fexamples\u002Fhooks\u002Fbash\u002Fprompt-injection-detector.sh), [unicode-injection-scanner](.\u002Fexamples\u002Fhooks\u002Fbash\u002Funicode-injection-scanner.sh), [output-secrets-scanner](.\u002Fexamples\u002Fhooks\u002Fbash\u002Foutput-secrets-scanner.sh)...\n\n**Skills** (64): [Claudeception](https:\u002F\u002Fgithub.com\u002Fblader\u002FClaudeception) — Meta-skill that auto-generates skills from session discoveries ⭐\n\n**Plugins** (1): [SE-CoVe](.\u002Fexamples\u002Fplugins\u002Fse-cove.md) — Chain-of-Verification for independent code review (Meta AI, ACL 2024)\n\n**Utility Scripts**: [session-search.sh](.\u002Fexamples\u002Fscripts\u002Fsession-search.sh), [audit-scan.sh](.\u002Fexamples\u002Fscripts\u002Faudit-scan.sh)\n\n**GitHub Actions**: [claude-pr-auto-review.yml](.\u002Fexamples\u002Fgithub-actions\u002Fclaude-pr-auto-review.yml), [claude-security-review.yml](.\u002Fexamples\u002Fgithub-actions\u002Fclaude-security-review.yml), [claude-issue-triage.yml](.\u002Fexamples\u002Fgithub-actions\u002Fclaude-issue-triage.yml)\n\n**Integrations** (1): [Agent Vibes TTS](.\u002Fexamples\u002Fintegrations\u002Fagent-vibes\u002F) - Text-to-speech narration for Claude Code responses\n\n**[Browse Complete Catalog](.\u002Fexamples\u002FREADME.md)** | **[Interactive Catalog](.\u002Fexamples\u002Findex.html)**\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Knowledge Quiz\u003C\u002Fstrong> (271 questions)\u003C\u002Fsummary>\n\nTest your Claude Code knowledge with an interactive CLI quiz covering all guide sections.\n\n```bash\ncd quiz && npm install && npm start\n```\n\n**Features**: 4 profiles (Junior\u002FSenior\u002FPower User\u002FPM), 10 topic categories, immediate feedback with doc links, score tracking with weak area identification.\n\n**[Quiz Documentation](.\u002Fquiz\u002FREADME.md)** | **[Contribute Questions](.\u002Fquiz\u002Ftemplates\u002Fquestion-template.yaml)**\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Resource Evaluations\u003C\u002Fstrong> (151 assessments)\u003C\u002Fsummary>\n\nSystematic evaluation of external resources (tools, methodologies, articles) before integration into the guide.\n\n**Methodology**: 5-point scoring system (Critical → Low) with technical review and challenge phase for objectivity.\n\n**Evaluations**: GSD methodology, Worktrunk, Boris Cowork video, AST-grep, ClawdBot analysis, and more.\n\n**[Browse Evaluations](.\u002Fdocs\u002Fresource-evaluations\u002F)** | **[Evaluation Methodology](.\u002Fdocs\u002Fresource-evaluations\u002FREADME.md)**\n\n\u003C\u002Fdetails>\n\n---\n\n## ⭐ Star History\n\n[![Star History Chart](https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=FlorianBruniaux\u002Fclaude-code-ultimate-guide&type=Date)](https:\u002F\u002Fwww.star-history.com\u002F#FlorianBruniaux\u002Fclaude-code-ultimate-guide&Date)\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\">\n    \u003Cpicture>\n      \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002Fapi\u002Fmap-image\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide?theme=dark\" \u002F>\n      \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002Fapi\u002Fmap-image\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide?theme=light\" \u002F>\n      \u003Cimg alt=\"StarMapper — see who stars this repo on a world map\" src=\"https:\u002F\u002Fstarmapper.bruniaux.com\u002Fapi\u002Fmap-image\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide\" \u002F>\n    \u003C\u002Fpicture>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n## 🤝 Contributing\n\nWe welcome:\n- ✅ Corrections and clarifications\n- ✅ New quiz questions\n- ✅ Methodologies and workflows\n- ✅ Resource evaluations (see [process](.\u002Fdocs\u002Fresource-evaluations\u002FREADME.md))\n- ✅ Educational content improvements\n\nSee [CONTRIBUTING.md](.\u002FCONTRIBUTING.md) for guidelines.\n\n**Ways to Help**: Star the repo • Report issues • Submit PRs • Share workflows in [Discussions](..\u002F..\u002Fdiscussions)\n\n---\n\n## 📄 License & Support\n\n**Guide**: [CC BY-SA 4.0](https:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby-sa\u002F4.0\u002F) — Educational content is open for reuse with attribution.\n\n**Templates**: [CC0 1.0](https:\u002F\u002Fcreativecommons.org\u002Fpublicdomain\u002Fzero\u002F1.0\u002F) — Copy-paste freely, no attribution needed.\n\n**Author**: [Florian BRUNIAUX](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux) | Founding Engineer [@Méthode Aristote](https:\u002F\u002Fmethode-aristote.fr)\n\n**Stay Updated**: [Watch releases](..\u002F..\u002Freleases) | [Discussions](..\u002F..\u002Fdiscussions) | [Connect on LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fflorian-bruniaux-43408b83\u002F)\n\n---\n\n## 📚 Further Reading\n\n### This Guide\n- **[CHANGELOG](.\u002FCHANGELOG.md)** — Guide version history (what's new in each release)\n- [Claude Code Releases](.\u002Fguide\u002Fcore\u002Fclaude-code-releases.md) — Official Claude Code release tracking\n\n### Official Resources\n- [Claude Code CLI](https:\u002F\u002Fcode.claude.com) — Official website\n- [Documentation](https:\u002F\u002Fcode.claude.com\u002Fdocs) — Official docs\n- [Anthropic CHANGELOG](https:\u002F\u002Fgithub.com\u002Fanthropics\u002Fclaude-code\u002Fblob\u002Fmain\u002FCHANGELOG.md) — Official Claude Code changelog\n- [GitHub Issues](https:\u002F\u002Fgithub.com\u002Fanthropics\u002Fclaude-code\u002Fissues) — Bug reports & feature requests\n\n### Research & Industry Reports\n\n- **[2026 Agentic Coding Trends Report](https:\u002F\u002Fresources.anthropic.com\u002Fhubfs\u002F2026%20Agentic%20Coding%20Trends%20Report.pdf)** (Anthropic, Feb 2026)\n  - 8 trends prospectifs (foundation\u002Fcapability\u002Fimpact)\n  - Case studies: Fountain (50% faster), Rakuten (7h autonomous), CRED (2x speed), TELUS (500K hours saved)\n  - Research data: 60% AI usage, 0-20% full delegation, 67% more PRs merged\u002Fday\n  - **Evaluation**: [`docs\u002Fresource-evaluations\u002Fanthropic-2026-agentic-coding-trends.md`](docs\u002Fresource-evaluations\u002Fanthropic-2026-agentic-coding-trends.md) (score 4\u002F5)\n  - **Integration**: Diffused across sections 9.17 (Multi-Instance ROI), 9.20 (Agent Teams adoption), 9.11 (Enterprise Anti-Patterns), Section 9 intro\n\n- **[AI Fluency Index](https:\u002F\u002Fwww.anthropic.com\u002Fresearch\u002FAI-fluency-index)** (Anthropic, Feb 23, 2026)\n  - Research on 9,830 Claude.ai conversations: iteration multiplies fluency behaviors 2× (2.67 vs 1.33)\n  - **Artifact Paradox**: polished outputs (code, files) reduce critical evaluation — −5.2pp missing context, −3.7pp fact-checking, −3.1pp reasoning challenge\n  - Only 30% of users set collaboration terms explicitly — CLAUDE.md addresses this structurally\n  - **Evaluation**: [`docs\u002Fresource-evaluations\u002F2026-02-23-anthropic-ai-fluency-index.md`](docs\u002Fresource-evaluations\u002F2026-02-23-anthropic-ai-fluency-index.md) (score 4\u002F5)\n  - **Integration**: 3 callouts in §2.3 (plan review), §3.1 (CLAUDE.md), §9.11 (Artifact Paradox) + [diagram](.\u002Fguide\u002Fdiagrams\u002F06-development-workflows.md#ai-fluency--high-vs-low-fluency-paths)\n\n- **[Outcome Engineering — o16g Manifesto](https:\u002F\u002Fo16g.com\u002F)** (Cory Ondrejka, Feb 2026)\n  - 16 principles for shifting from \"software engineering\" to \"outcome engineering\"\n  - Author: CTO Onebrief, co-creator Second Life, ex-VP Google\u002FMeta\n  - Cultural positioning: numeronym naming (o16g like i18n, k8s), Honeycomb endorsement\n  - **Status**: Emerging — on [watch list](.\u002Fdocs\u002Fresource-evaluations\u002Fwatch-list.md) for community adoption tracking\n\n### Community Resources\n- [everything-claude-code](https:\u002F\u002Fgithub.com\u002Faffaan-m\u002Feverything-claude-code) — Production configs (45k+⭐)\n- [awesome-claude-code](https:\u002F\u002Fgithub.com\u002Fhesreallyhim\u002Fawesome-claude-code) — Curated links\n- [SuperClaude Framework](https:\u002F\u002Fgithub.com\u002FSuperClaude-Org\u002FSuperClaude_Framework) — Behavioral modes\n\n### Tools\n- [Ask Zread](https:\u002F\u002Fzread.ai\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide) — Ask questions about this guide\n- [Interactive Quiz](.\u002Fquiz\u002F) — 271 questions\n- [Landing Site](https:\u002F\u002Fcc.bruniaux.com) — Visual navigation, cheat sheets, ebooks, quiz\n- [RSS Feed](https:\u002F\u002Fcc.bruniaux.com\u002Frss.xml) — Subscribe to guide updates, new content, and CC releases\n\n---\n\n*Version 3.40.0 | Updated daily · May 12, 2026 | Crafted with Claude*\n\n\u003C!-- SEO Keywords -->\n\u003C!-- claude code, claude code tutorial, anthropic cli, ai coding assistant, claude code mcp,\nclaude code agents, claude code hooks, claude code skills, agentic coding, ai pair programming,\ntdd ai, test driven development ai, sdd spec driven development, bdd claude, development methodologies,\nclaude code architecture, data privacy anthropic, claude code workflows, ai coding workflows -->\n","该项目是一个全面的Claude Code使用指南，从初学者到高级用户都能找到所需资源。它提供了生产就绪的模板、代理工作流指导以及丰富的学习材料，包括测验和实用“速查表”。项目采用TypeScript编写，具有安全性加固、MCP服务器支持等核心功能，并且包含了28个已知漏洞的威胁数据库。适用于需要提高编码效率、安全性和协作能力的开发者或团队，在AI辅助编程、代码安全等领域特别有用。",2,"2026-06-11 03:50:53","high_star"]