Master Claude Code

# Claude Code Ultimate Guide — Templates (232)
GitHub: https://github.com/FlorianBruniaux/claude-code-ultimate-guide/tree/main/examples

## Agents (6)

code-reviewer.md         → Review Anti Hallucination
planner.md               → Planner Agent
implementer.md           → Implementer Agent
architecture-reviewer.md → Architecture Reviewer Agent
devops-sre.md            → Devops Agent
security-patcher.md      → Security Patcher Agent

## Commands (15)

review-pr.md             → Review PR Advanced
review-plan.md           → Review Plan Command
quiz.md                  → Learn Quiz Command
audit-agents-skills.md   → Audit Agents Skills Command
git-worktree.md          → Git Worktree Command
security-check.md        → Security Check Command
security-audit.md        → Security Audit Command
update-threat-db.md      → Update Threat DB Command
... +7 more

## Hooks (6)

rtk-auto-wrapper.sh      → RTK Auto Wrapper
learning-capture.sh      → Learning Capture Hook
pre-commit-secrets.sh    → Pre-Commit Secrets Hook
security-gate.sh         → Security Gate Hook
tts-selective.sh         → TTS Hook Example
sandbox-validation.sh    → Sandbox Validation Hook

## Skills (17)

Talk pipeline complet (orchestrateur + 6 stages), pdf-generator,
rtk-optimizer, audit-agents-skills, voice-refine, design-patterns,
ast-grep-patterns...

## Scripts (5)

session-search.sh  · cc-sessions.py  · bridge.py
sync-claude-config.sh  · bridge-plan-schema.json

---
Pour récupérer un template : /ccguide:example <nom>
ex: /ccguide:example security-gate

# Claude Code Ultimate Guide — 893 indexed entries, 25 categories (v3.37.1)

┌────────────┬─────────┬───────────────────────────────────────────────┐
│ Category   │ Entries │ Examples                                       │
├────────────┼─────────┼───────────────────────────────────────────────┤
│ deep       │     740 │ Mermaid diagrams, exploration workflow,        │
│            │         │ script generation, anti-anchoring prompts,     │
│            │         │ session limits                                  │
├────────────┼─────────┼───────────────────────────────────────────────┤
│ mcp        │      61 │ Serena, claude-mem, plugin, repo, guide        │
├────────────┼─────────┼───────────────────────────────────────────────┤
│ onboarding │      33 │ Matrix meta, changelog, get started (5min)     │
├────────────┼─────────┼───────────────────────────────────────────────┤
│ ecosystem  │      27 │ This guide, MCP server npm/install/readme      │
├────────────┼─────────┼───────────────────────────────────────────────┤
│ hooks      │       7 │ Execution model, async, use cases, matrix      │
├────────────┼─────────┼───────────────────────────────────────────────┤
│ agent      │       4 │ Template, official fields, memory scopes       │
├────────────┼─────────┼───────────────────────────────────────────────┤
│ context    │       3 │ Zones, fresh context, symptoms                 │
└────────────┴─────────┴───────────────────────────────────────────────┘

Single-entry categories:
updated · decide · prompt · workflow · commands · shortcuts · cli
memory · folder · permissions · architecture · cost · tools · debug
hook · rules

---
Usage:
  /ccguide:search hooks
  /ccguide:search mcp serena
  /ccguide:search agent memory

# Claude Code Releases
Latest: v2.1.78 (updated: 2026-03-18)
https://github.com/FlorianBruniaux/.../guide/claude-code-releases.md

---
v2.1.78 — 2026-03-18

- StopFailure hook event fires on API errors (rate limit, auth failure)
- ${CLAUDE_PLUGIN_DATA} variable for persistent plugin state across updates
- effort, maxTurns, disallowedTools frontmatter for plugin-shipped agents
- Response text now streams line-by-line as generated
- Security: silent sandbox disable when deps missing now shows warning
- Security: deny MCP permission rules now properly block tools from model
- Security: protected dirs no longer writable in bypassPermissions mode
- Fixed infinite loop from API errors triggering stop hooks in a cycle
- Fixed --resume truncating history on large sessions with subagents

v2.1.77 — 2026-03-17

- Opus 4.6 default max output raised to 64k tokens; upper bound for
  Opus 4.6 and Sonnet 4.6 raised to 128k tokens
- allowRead sandbox setting to re-allow reads within denyRead regions
- /copy N to copy Nth-latest response; /branch replaces /fork (alias kept)
- Security fix: PreToolUse hooks returning "allow" could bypass enterprise
  deny permission rules (including managed settings)
- Fixed auto-updater accumulating GBs of memory from overlapping downloads
- Fixed --resume silently truncating recent conversation history
- Breaking: Agent tool resume parameter removed — use SendMessage instead

v2.1.76 — 2026-03-14

- MCP elicitation: servers request structured input mid-task via
  interactive dialog (form fields or browser URL)
- New hooks: Elicitation, ElicitationResult, PostCompact
- -n/--name CLI flag for session display name; worktree.sparsePaths
  for monorepo sparse checkout; /effort slash command
- Fixed ToolSearch deferred tools losing input schemas after compaction
- Auto-compact circuit breaker: stops after 3 consecutive failures
- Fixed Bash(cmd:*) rules not matching when argument contains #

v2.1.75 — 2026-03-13

- 1M context for Opus 4.6 now default for Max, Team, Enterprise
  (previously required extra usage)
- Session name display on prompt bar when using /rename
- Fixed token estimation over-counting for thinking/tool_use blocks
  (was causing premature context compaction)
- Fixed Bash tool mangling ! in piped commands
- Improved startup performance on macOS non-MDM machines

v2.1.74 — 2026-03-12

- /context command now shows actionable suggestions (context-heavy
  tools, memory bloat, capacity warnings)
- Fixed memory leak in streaming API buffers (unbounded RSS growth)
- autoMemoryDirectory setting for custom auto-memory storage path
- Fixed managed policy ask rules bypassed by user allow rules
- Fixed SessionEnd hooks killed after 1.5s (now configurable)

v2.1.73 — 2026-03-11
- modelOverrides setting: map model picker entries to custom
  provider model IDs (Bedrock ARNs etc.)
- Fixed deadlock when many skill files change at once
- Fixed subagents with model: opus/sonnet/haiku being downgraded
  on Bedrock/Vertex/Foundry
- Deprecated /output-style — use /config instead

v2.1.72 — 2026-03-09
- Restored model param on Agent tool for per-invocation overrides
- Fixed SDK query() prompt cache invalidation (up to 12x savings)
- /plan accepts optional description; ExitWorktree tool added
- Simplified effort levels: low/medium/high (removed max)

v2.1.71 — 2026-03-06
- /loop command: run a prompt or slash command on a schedule
- Cron scheduling tools for recurring prompts within a session

---
80+ releases tracked.
Pour une version spécifique : /ccguide:release 2.1.73

# Threat Database Summary
Version 2.4.0 — updated 2026-02-28
https://github.com/FlorianBruniaux/.../threat-db.yaml

| Category              | Count |
|-----------------------|-------|
| CVEs                  |    28 |
| Malicious Authors     |     6 |
| Malicious Skills      |   655 |
| Attack Techniques     |    14 |
| Minimum Safe Versions |    12 |
| Research Sources      |    23 |

--- get_threat("CVE-2025-53109") ---

# CVE-2025-53109 — Filesystem MCP Server
Severity: HIGH | Source: Cymulate EscapeRoute

## Description
Symlink escape to arbitrary filesystem access / potential LPE

Fixed in: 0.6.3 / 2025.7.1

## Mitigation
Update to >= 0.6.3; avoid Filesystem MCP in sensitive environments

--- get_threat("T001") ---

# T001 — Tool Poisoning via SKILL.md
## Description
Hidden instructions in SKILL.md that instruct the agent
to run malicious commands.

## Examples
- curl | bash from glot.io scripts
- Password-protected ZIP with embedded malware
- Base64-decoded eval commands

Campaigns: ClawHavoc, ToxicSkills
Mitigation: Scan SKILL.md for shell commands;
            never auto-execute prerequisites

# Slash commands /ccguide:* (13 total)

cp -r .claude/commands/ccguide ~/.claude/commands/ccguide

── Guide ────────────────────────────────────────────────────────────
┌──────────────────────────┬──────────────────────────────────────────┐
│ Command                  │ What it does                             │
├──────────────────────────┼──────────────────────────────────────────┤
│ /ccguide:search <query>  │ Search 893 entries with scores + links   │
│ /ccguide:digest <period> │ Guide + CC CLI changes (day/week/month)  │
│ /ccguide:examples        │ List all 232 templates by category       │
│ /ccguide:example <name>  │ Fetch a template (agent/hook/skill...)   │
│ /ccguide:cheatsheet      │ Full cheatsheet or filtered by section   │
│ /ccguide:release         │ Latest Claude Code CLI release notes     │
│ /ccguide:changelog       │ Last N CHANGELOG entries from the guide  │
│ /ccguide:topics          │ Browse 25 topic categories               │
└──────────────────────────┴──────────────────────────────────────────┘

── Official Anthropic docs tracker (v1.1.0) ─────────────────────────
┌──────────────────────────┬──────────────────────────────────────────┐
│ Command                  │ What it does                             │
├──────────────────────────┼──────────────────────────────────────────┤
│ /ccguide:init-docs       │ Fetch docs + store as baseline (once)    │
│ /ccguide:refresh-docs    │ Update current snapshot (no baseline Δ)  │
│ /ccguide:diff-docs       │ Compare baseline vs current — 0 network  │
│ /ccguide:search-docs <q> │ Search official Anthropic docs from cache│
│ /ccguide:daily           │ refresh + diff + digest in one shot      │
└──────────────────────────┴──────────────────────────────────────────┘

Daily workflow:
  /ccguide:init-docs  # once → baseline in ~/.cache/claude-code-guide/
  /ccguide:daily      # every morning