claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// Developer Tools

claude-code-ultimate-guide

The most comprehensive Claude Code guide: agentic workflows, hooks, skills, MCP servers, quizzes, and production-ready templates. 430K+ lines.

Actively maintained
100/100
last commit 1 day ago
last release 3 months ago
releases 1
open issues 9
// install
git clone https://github.com/FlorianBruniaux/claude-code-ultimate-guide

Claude Code Ultimate Guide

Mentioned in Awesome Claude Code

6 months of daily practice distilled into a guide that teaches you the WHY, not just the what. From core concepts to production security, you learn to design your own agentic workflows instead of copy-pasting configs.

If this guide helps you, give it a star ⭐ — it helps others discover it too.


StarMapper

StarMapper — see who stars this repo on a world map

Choose Your Path

Who you areYour guide
🏗️ Tech Lead / Engineering ManagerDeploying Claude Code across your team →
📊 CTO / Decision MakerROI, security posture, team adoption →
💼 CIO / CEOBudget, risk, what to ask your tech team (3 min) →
🎨 Product Manager / DesignerVibe coding, working with AI-assisted dev teams →
✍️ Writer / Ops / ManagerClaude Cowork Guide (separate repo) →
👨‍💻 Developer (all levels)You're in the right place — read on ↓
🧭 Career pivot / new AI roleAI Roles & Career Paths →

🎯 What You'll Learn

This guide teaches you to think differently about AI-assisted development:

  • Understand trade-offs — When to use agents vs skills vs commands (not just how to configure them)
  • Build mental models — How Claude Code works internally (architecture, context flow, tool orchestration)
  • Visualize concepts — 48 Mermaid diagrams covering model selection, master loop, memory hierarchy, multi-agent patterns, security threats, AI fluency paths
  • Master methodologies — TDD, SDD, BDD with AI collaboration (not just templates)
  • Security mindset — Threat modeling for AI systems (only guide with 28 CVEs + 655 malicious skills database)
  • Test your knowledge — 271-question quiz to validate understanding (no other resource offers this)

Outcome: Go from copy-pasting configs to designing your own agentic workflows with confidence.


📊 When to Use This Guide vs Everything-CC

Both guides serve different needs. Choose based on your priority.

Your GoalThis Guideeverything-claude-code
Understand why patterns workDeep explanations + architectureConfig-focused
Quick setup for projectsAvailable but not the priorityBattle-tested production configs
Learn trade-offs (agents vs skills)Decision frameworks + comparisonsLists patterns, no trade-off analysis
Security hardeningOnly threat database (28 CVEs)Basic patterns only
Test understanding271-question quizNot available
Methodologies (TDD/SDD/BDD)Full workflow guidesNot covered
Copy-paste ready templates181 templates200+ templates

Ecosystem Positioning

                    EDUCATIONAL DEPTH
                           ▲
                           │
                           │  ★ This Guide
                           │  Security + Methodologies + 24K+ lines
                           │
                           │  [Everything-You-Need-to-Know]
                           │  SDLC/BMAD beginner
  ─────────────────────────┼─────────────────────────► READY-TO-USE
  [awesome-claude-code]    │            [everything-claude-code]
  (discovery, curation)    │            (plugin, 1-cmd install)
                           │
                           │  [claude-code-studio]
                           │  Context management
                           │
                      SPECIALIZED

5 unique gaps no competitor covers:

  1. Security-First — 28 CVEs + 655 malicious skills tracked (no competitor has this depth)
  2. Methodology Workflows — TDD/SDD/BDD comparison + step-by-step guides
  3. Comprehensive Reference — 24K+ lines across 16 specialized guides (24× more reference material than everything-cc)
  4. Educational Progression — 271-question quiz + 7-module structured learning path (beginner → advanced)
  5. Interactive Assessment/self-assessment skill with personalized learning path recommendations

Recommended workflow:

  1. Learn concepts here (mental models, trade-offs, security)
  2. Use battle-tested configs there (quick project setup)
  3. Return here for deep dives (when something doesn't work or to design custom workflows)

Both resources are complementary, not competitive. Use what fits your current need.


⚡ Quick Start

New to Claude Code?7-Module Learning Path — 8-11 hours, beginner to advanced

Quickest path: Cheat Sheet — 1 printable page with daily essentials

Interactive onboarding (no setup needed):

claude "Fetch and follow the onboarding instructions from: https://raw.githubusercontent.com/FlorianBruniaux/claude-code-ultimate-guide/main/tools/onboarding-prompt.md"

Browse directly: Full Guide | Learning Path | Visual Diagrams | Examples | Quiz


🔌 MCP Server — Use the guide from any Claude Code session

No cloning needed. Add to ~/.claude.json and ask questions directly from any session:

{
  "mcpServers": {
    "claude-code-guide": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "claude-code-ultimate-guide-mcp"]
    }
  }
}

17 tools: search_guide, read_section, get_cheatsheet, get_digest, get_example, list_examples, search_examples, get_release, get_changelog, compare_versions, list_topics, get_threat, list_threats, plus init_official_docs, refresh_official_docs, diff_official_docs, search_official_docs (v1.1.0 — official Anthropic docs tracker) — plus 13 slash commands /ccguide:* and a Haiku agent.

Onboarding one-liner (once MCP is configured):

claude "Use the claude-code-guide MCP server. Activate the claude-code-expert prompt, then run a personalized onboarding: ask me 3 questions about my goal, experience level, and preferred tone — then build a custom learning path using search_guide and read_section to navigate the guide with live source links."

MCP Server README


📁 Repository Structure

graph LR
    root[📦 Repository<br/>Root]

    root --> guide[📖 guide/<br/>24K+ lines]
    root --> learning[🎓 learning-path/<br/>7 modules]
    root --> examples[📋 examples/<br/>181 templates]
    root --> quiz[🧠 quiz/<br/>271 questions]
    root --> tools[🔧 tools/<br/>utils]
    root --> machine[🤖 machine-readable/<br/>AI index]
    root --> docs[📚 docs/<br/>151 evaluations]

    style root fill:#d35400,stroke:#e67e22,stroke-width:3px,color:#fff
    style guide fill:#2980b9,stroke:#3498db,stroke-width:2px,color:#fff
    style learning fill:#27ae60,stroke:#2ecc71,stroke-width:2px,color:#fff
    style examples fill:#8e44ad,stroke:#9b59b6,stroke-width:2px,color:#fff
    style quiz fill:#d68910,stroke:#f39c12,stroke-width:2px,color:#fff
    style tools fill:#5d6d7e,stroke:#7f8c8d,stroke-width:2px,color:#fff
    style machine fill:#138d75,stroke:#16a085,stroke-width:2px,color:#fff
    style docs fill:#c0392b,stroke:#e74c3c,stroke-width:2px,color:#fff
Detailed Structure (Text View)
📦 claude-code-ultimate-guide/
│
├─ 📖 guide/              Core Documentation (24K+ lines)
│  ├─ learning-path/      7-Module Learning Path (beginners → advanced)
│  ├─ ultimate-guide.md   Complete reference, 10 sections
│  ├─ cheatsheet.md       1-page printable
│  ├─ architecture.md     How Claude Code works internally
│  ├─ methodologies.md    TDD, SDD, BDD workflows
│  ├─ diagrams/           48 Mermaid diagrams (10 thematic files)
│  ├─ third-party-tools.md  Community tools (RTK, ccusage, Entire CLI)
│  ├─ mcp-servers-ecosystem.md  Official & community MCP servers
│  └─ workflows/          Step-by-step guides
│
├─ 📋 examples/           181 Production Templates
│  ├─ CATALOG.md          Auto-generated index by complexity, time, domain
│  ├─ agents/             23 custom AI personas
│  ├─ commands/           redirect stubs (migrated to skills/ in CC 2.1.3)
│  ├─ hooks/              37 hooks (bash + PowerShell)
│  ├─ skills/             64 skills (9 on SkillHub)
│  └─ scripts/            Utility scripts (audit, search)
│
├─ 🧠 quiz/               271 Questions
│  ├─ 9 categories        Setup, Agents, MCP, Trust, Advanced...
│  ├─ 4 profiles          Junior, Senior, Power User, PM
│  └─ Instant feedback    Doc links + score tracking
│
├─ 🔧 tools/              Interactive Utilities
│  ├─ onboarding-prompt   Personalized guided tour
│  └─ audit-prompt        Setup audit & recommendations
│
├─ 🤖 machine-readable/   AI-Optimized Index
│  ├─ reference.yaml      Structured index (~2K tokens) — powers landing site CMD+K search
│  ├─ claude-code-releases.yaml  Structured releases changelog
│  └─ llms.txt            Standard LLM context file
│
└─ 📚 docs/               151 Resource Evaluations
   └─ resource-evaluations/  5-point scoring, source attribution

🎯 What Makes This Guide Unique

🎓 Deep Understanding Over Configuration

Outcome: Design your own workflows instead of copy-pasting blindly.

We teach how Claude Code works and why patterns matter:

  • Tools Reference: all 40 built-in tools, permission rule formats, per-tool behaviors (timeouts, file-read limits, lossy WebFetch), and how-to for Monitor, Workflow, agent teams, Cron, Tasks API
  • Architecture — Internal mechanics (context flow, tool orchestration, memory management)
  • Trade-offs — Decision frameworks for agents vs skills vs commands
  • Configuration Decision Guide — Unified "which mechanism for what?" map across all 7 config layers
  • Pitfalls — Common failure modes + prevention strategies

What this means for you: Troubleshoot issues independently, optimize for your specific use case, know when to deviate from patterns.


🖼️ Visual Diagrams Series (48 Mermaid Diagrams)

Outcome: Grasp complex concepts instantly through visual mental models.

48 interactive diagrams across 10 thematic files — GitHub-native Mermaid rendering + ASCII fallback for every diagram:

  • Foundations — 4-layer context model, 9-step pipeline, permission modes
  • Architecture — Master loop, tool categories, system prompt assembly
  • Multi-Agent — 3 topologies, worktrees, dual-instance, horizontal scaling
  • Security — 3-layer defense, MCP rug pull attack chain, verification paradox
  • Cost & Models — Model selection tree, token reduction pipeline

Browse all 48 diagrams →

What this means for you: Understand the master loop before reading 24K+ lines, see multi-agent topologies at a glance, share visual security threat models with your team.


🛡️ Security Threat Intelligence (Only Comprehensive Database)

Outcome: Protect production systems from AI-specific attacks.

Only guide with systematic threat tracking:

  • 28 CVE-mapped vulnerabilities — Prompt injection, data exfiltration, code injection
  • 655 malicious skills catalogued — Unicode injection, hidden instructions, auto-execute patterns
  • Production hardening workflows — MCP vetting, injection defense, audit automation

Threat Database → | Security Guide →

What this means for you: Vet MCP servers before trusting them, detect attack patterns in configs, comply with security audits.


📝 271-Question Knowledge Validation (Unique in Ecosystem)

Outcome: Verify your understanding + identify knowledge gaps.

Only comprehensive assessment available — test across 9 categories:

  • Setup & Configuration, Agents & Sub-Agents, MCP Servers, Trust & Verification, Advanced Patterns

Features: 4 skill profiles (Junior/Senior/Power User/PM), instant feedback with doc links, weak area identification

Try Quiz Online → | Run Locally

What this means for you: Know what you don't know, track learning progress, prepare for team adoption discussions.


🤖 Agent Teams Coverage (v2.1.32+ Experimental)

Outcome: Parallelize work on large codebases (Fountain: 50% faster, CRED: 2x speed).

Only comprehensive guide to Anthropic's multi-agent coordination:

  • Production metrics from real companies (autonomous C compiler, 500K hours saved)
  • 5 validated workflows (multi-layer review, parallel debugging, large-scale refactoring)
  • Decision framework: Teams vs Multi-Instance vs Dual-Instance vs Beads

Agent Teams Workflow → | Section 9.20 →

What this means for you: Break monolithic tasks into parallelizable work, coordinate multi-file refactors, review your own AI-generated code.


🔬 Methodologies (Structured Development Workflows)

Outcome: Maintain code quality while working with AI.

Complete guides with rationale and examples:

  • TDD — Test-Driven Development (Red-Green-Refactor with AI)
  • SDD — Specification-Driven Development (Design before code)
  • BDD — Behavior-Driven Development (User stories → tests)
  • GSD — Get Shit Done (Pragmatic delivery)

What this means for you: Choose the right workflow for your team culture, integrate AI into existing processes, avoid technical debt from AI over-reliance.


📚 181 Annotated Templates

Outcome: Learn patterns, not just configs.

Educational templates with explanations:

  • Agents (23), Skills (74), Hooks (37)
  • Comments explaining why each pattern works (not just what it does)
  • Gradual complexity progression (simple → advanced)

Browse Catalog →

What this means for you: Understand the reasoning behind patterns, adapt templates to your context, create your own custom patterns.


🔍 151 Resource Evaluations

Outcome: Trust our recommendations are evidence-based.

Systematic assessment of external resources (5-point scoring):

  • Articles, videos, tools, frameworks
  • Honest assessments with source attribution (no marketing fluff)
  • Integration recommendations with trade-offs

See Evaluations →

What this means for you: Save time vetting resources, understand limitations before adopting tools, make informed decisions.


🎯 Learning Paths

Junior Developer — Foundation path (7 steps)
  1. Quick Start — Install & first workflow
  2. Essential Commands — The 7 commands
  3. Context Management — Critical concept
  4. Memory Files — Your first CLAUDE.md
  5. Learning with AI — Use AI without becoming dependent ⭐
  6. TDD Workflow — Test-first development
  7. Cheat Sheet — Print this
Senior Developer — Intermediate path (6 steps)
  1. Core Concepts — Mental model
  2. Plan Mode — Safe exploration
  3. Methodologies — TDD, SDD, BDD reference
  4. Agents — Custom AI personas
  5. Hooks — Event automation
  6. CI/CD Integration — Pipelines
Power User — Comprehensive path (8 steps)
  1. Complete Guide — End-to-end
  2. Architecture — How Claude Code works
  3. Security Hardening — MCP vetting, injection defense
  4. MCP Servers — Extended capabilities
  5. Trinity Pattern — Advanced workflows
  6. Observability — Monitor costs & sessions
  7. Agent Teams — Multi-agent coordination (Opus 4.7+ experimental)
  8. Examples — Production templates
Product Manager / DevOps / Designer

Product Manager (5 steps):

  1. What's Inside — Scope overview
  2. Golden Rules — Key principles
  3. Data Privacy — Retention & compliance
  4. Adoption Approaches — Team strategies
  5. PM FAQ — Code-adjacent vs non-coding PMs

Note: Non-coding PMs should consider Claude Cowork Guide instead.

DevOps / SRE (5 steps):

  1. DevOps & SRE Guide — FIRE framework
  2. K8s Troubleshooting — Symptom-based prompts
  3. Incident Response — Workflows
  4. IaC Patterns — Terraform, Ansible
  5. Guardrails — Security boundaries

Product Designer (5 steps):

  1. Working with Images — Image analysis
  2. Wireframing Tools — ASCII/Excalidraw
  3. Figma MCP — Design file access
  4. Design-to-Code Workflow — Figma → Claude
  5. Cheat Sheet — Print this

Progressive Journey

  • Week 1: Foundations (install, CLAUDE.md, first agent)
  • Week 2: Core Features (skills, hooks, trust calibration)
  • Week 3: Advanced (MCP servers, methodologies)
  • Month 2+: Production mastery (CI/CD, observability)

🔧 Rate Limits & Cost Savings

cc-copilot-bridge routes Claude Code through GitHub Copilot Pro+ for flat-rate access ($10/month instead of per-token billing).

# Install
git clone https://github.com/FlorianBruniaux/cc-copilot-bridge.git && cd cc-copilot-bridge && ./install.sh

# Use
ccc   # Copilot mode (flat $10/month)
ccd   # Direct Anthropic mode (per-token)
cco   # Offline mode (Ollama, 100% local)

Benefits: Multi-provider switching, rate limit bypass, 99%+ cost savings on heavy usage.

cc-copilot-bridge


🔑 Golden Rules

1. Verify Trust Before Use

Claude Code can generate 1.75x more logic errors than human-written code (ACM 2025). Every output must be verified. Use /insights commands and verify patterns through tests.

Strategy: Solo dev (verify logic + edge cases). Team (systematic peer review). Production (mandatory gating tests).


2. Never Approve MCPs from Unknown Sources

28 CVEs identified in Claude Code ecosystem. 655 malicious skills in supply chain. MCP servers can read/write your codebase.

Strategy: Systematic audit (5-min checklist). Community-vetted MCP Safe List. Vetting workflow documented in guide.


3. Context Pressure Changes Behavior

At 70% context, Claude starts losing precision. At 85%, hallucinations increase. At 90%+, responses become erratic.

Strategy: 0-50% (work freely). 50-70% (attention). 70-90% (/compact). 90%+ (/clear mandatory).


4. Start Simple, Scale Smart

Start with basic CLAUDE.md + a few commands. Test in production for 2 weeks. Add agents/skills only if need is proven.

Strategy: Phase 1 (basic). Phase 2 (commands + hooks if needed). Phase 3 (agents if multi-context). Phase 4 (MCP servers if truly required).


5. Methodologies Matter More with AI

TDD/SDD/BDD are not optional with Claude Code. AI accelerates bad code as much as good code.

Strategy: TDD (critical logic). SDD (architecture upfront). BDD (PM/dev collaboration). GSD (throwaway prototypes).


Quick Reference

#RuleKey MetricAction
1Verify Trust1.75x more logic errorsTest everything, peer review
2Vet MCPs28 CVEs, 655 malicious skills5-min audit checklist
3Manage Context70% = precision loss/compact at 70%, /clear at 90%
4Start Simple2-week test periodPhase 1→4 progressive adoption
5Use MethodologiesAI amplifies good AND badTDD/SDD/BDD by context

Context management is critical. See the Cheat Sheet for thresholds and actions.


🤖 For AI Assistants

ResourcePurposeTokens
llms.txtStandard context file~1K
reference.yamlStructured index with line numbers~2K

Quick load: curl -sL https://raw.githubusercontent.com/FlorianBruniaux/claude-code-ultimate-guide/main/machine-readable/reference.yaml

reference.yaml is organized into several top-level sections:

SectionContent
linesLine number references for key sections in ultimate-guide.md
deep_diveKey → file path mappings for all guides, examples, hooks, agents, commands
decideDecision tree (when to use what)
statsCounters (templates, questions, CVEs…)

The deep_dive section powers the landing site CMD+K search. The build script (scripts/build-guide-index.mjs) parses it to generate 160 search entries.

How the search index works

The CMD+K search on the landing site is an explicit index — not a full-text search. Only entries listed in deep_dive are indexed. Keywords are derived mechanically from the key name and file path, not from the file content.

Consequence: adding a new guide section requires explicitly adding an entry to deep_dive, then running pnpm build:search in the landing repo.

Maintaining reference.yaml

Adding a new entry to deep_dive:

deep_dive:
  # existing entries...
  my_new_section: "guide/my-new-file.md"          # local guide file
  my_hook_example: "examples/hooks/bash/foo.sh"   # example file
  my_section_ref: "guide/ultimate-guide.md:1234"  # with line number anchor

Critical: avoid duplicate keys. If a key appears twice in deep_dive, the YAML parser fails and the landing site search index becomes empty (0 entries). The build exits with a warning but no hard error:

[build-guide-index] ERROR: Failed to parse YAML: duplicated mapping key
[build-guide-index] Generating empty guide-search-entries.ts

Use distinct names — e.g. if you need both a line-number reference and a file path for the same concept, suffix the line-number key with _line:

security_gate_hook_line: 6907                              # line number ref
security_gate_hook: "examples/hooks/bash/security-gate.sh" # file path ref

📄 Whitepapers (FR + EN)

11 focused whitepapers covering Claude Code in depth — PDF + EPUB, available in French and English. 472 pages total.

Coming soon — currently in private access. Public release planned.

#FRENPages
00De Zéro à ProductifFrom Zero to Productive20
01Prompts qui MarchentPrompts That Work40
02Personnaliser ClaudeCustomizing Claude47
03Sécurité en ProductionSecurity in Production48
04L'Architecture DémystifiéeArchitecture Demystified40
05Déployer en ÉquipeTeam Deployment43
06Privacy & CompliancePrivacy & Compliance29
07Guide de RéférenceReference Guide87
08Agent TeamsAgent Teams42
09Apprendre avec l'IALearning with AI — UVAL protocol, comprehension debt49
10Convaincre son EmployeurMaking the Case for AI — ROI dossier for CEO/CTO/CFO27

🗂️ Recap Cards (FR, EN coming)

57 single-page A4 reference cards — printable, one concept per card. Available in French; English version in progress.

Browse online: cc.bruniaux.com/cheatsheets/

  • Technique (22 cards) — Commands, permissions, configuration, MCP, models, context window
  • Méthodologie (22 cards) — Daily workflow, agents, hooks, CI/CD, multi-agent, debug
  • Conception (13 cards) — Mental models, prompting, security by design, cost patterns

🌍 Ecosystem

Claude Cowork (Non-Developers)

Claude Cowork is the companion guide for non-technical users (knowledge workers, assistants, managers).

Same agentic capabilities as Claude Code, but through a visual interface with no coding required.

Claude Cowork Guide — File organization, document generation, automated workflows

Status: Research preview (Pro $20/mo or Max $100-200/mo, macOS only, VPN incompatible)

Claude Code Plugins (Marketplace)

All 181 templates from this guide packaged as installable Claude Code plugins — hooks auto-wired, no manual config:

# Add the marketplace
claude plugin marketplace add FlorianBruniaux/claude-code-plugins

# Install the plugins you need
claude plugin install security-suite       # OWASP auditing, cyber-defense pipeline, 13 hooks
claude plugin install devops-pipeline      # CI/CD, git worktrees, GitHub Actions
claude plugin install release-automation   # Changelog + release notes + social content
claude plugin install code-quality         # SOLID refactoring, TDD, GoF patterns, 6 agents
claude plugin install pr-workflow          # Planning gates, PR/issue triage, handoffs
claude plugin install session-tools        # ccboard monitoring, voice refinement, 11 hooks
claude plugin install ai-methodology       # Scaffolding, 6-stage talk pipeline, context-engineering
claude plugin install session-summary      # Session analytics dashboard (15 sections)

FlorianBruniaux/claude-code-plugins — 8 plugins, 181 templates, one marketplace

Complementary Resources

ProjectFocusBest For
everything-claude-codeProduction configs (45k+ stars)Quick setup, battle-tested patterns
claude-code-templatesDistribution (200+ templates)CLI installation (17k stars)
anthropics/skillsOfficial Anthropic skills (60K+ stars)Documents, design, dev templates
anthropics/claude-plugins-officialPlugin dev tools (3.1K installs)CLAUDE.md audit, automation discovery
skills.shSkills marketplaceOne-command install (Vercel Labs)
awesome-claude-codeCurationResource discovery
youtube-skills12 YouTube skills (search, transcripts, chapters)Claude Code, Cursor, Windsurf, Cline
awesome-claude-skillsSkills taxonomy62 skills across 12 categories
awesome-claude-mdCLAUDE.md examplesAnnotated configs with scoring
ctopSession monitoring (htop for AI agents)Real-time CPU, memory, tokens, costs
AI Coding Agents MatrixTechnical comparisonComparing 23+ alternatives

Community: 🇫🇷 Dev With AI — 1500+ devs on Slack, meetups in Paris, Bordeaux, Lyon

AI Ecosystem Guide — Complete integration patterns with complementary AI tools


🛡️ Security

Comprehensive MCP security coverage — the only guide with a threat intelligence database and production hardening workflows.

Official Security Tools

ToolPurposeMaintained By
claude-code-security-reviewGitHub Action for automated security scanningAnthropic (official)
This Guide's Threat DBIntelligence layer (28 CVEs, 655 malicious skills)Community

Workflow: Use GitHub Action for automation → Consult Threat DB for threat intelligence.

Threat Database

28 CVE-mapped vulnerabilities and 655 malicious skills tracked in examples/skills/update-threat-db/threat-db.yaml:

Threat CategoryCountExamples
Code/Command Injection5 CVEsCLI bypass (CVE-2025-66032), child_process exec
Path Traversal & Access4 CVEsSymlink escape (CVE-2025-53109), prefix bypass
RCE & Prompt Hijacking4 CVEsMCP Inspector RCE (CVE-2025-49596), session hijack
SSRF & DNS Rebinding4 CVEsWebFetch SSRF (CVE-2026-24052), DNS rebinding
Data Leakage1 CVECross-client response leak (CVE-2026-25536)
Malicious Skills655 patternsUnicode injection, hidden instructions, auto-execute

Taxonomies: 10 attack surfaces × 11 threat types × 8 impact levels

Hardening Resources

ResourcePurposeTime
Security Hardening GuideMCP vetting, injection defense, audit workflow25 min
Data Privacy GuideRetention policies (5yr → 30d → 0), GDPR compliance10 min
Sandbox IsolationDocker sandboxes for untrusted MCP servers10 min
Production SafetyInfrastructure locks, port stability, DB safety20 min

Security Commands

/security-check      # Quick scan config vs known threats (~30s)
/security-audit      # Full 6-phase audit with score /100 (2-5min)
/update-threat-db    # Research & update threat intelligence
/audit-agents-skills # Quality audit with security checks

Security Hooks

38 production hooks (bash + PowerShell) in examples/hooks/:

HookPurpose
dangerous-actions-blockerBlock rm -rf, force-push, production ops
prompt-injection-detectorDetect injection patterns in CLAUDE.md/prompts
unicode-injection-scannerDetect hidden Unicode (zero-width, RTL override)
output-secrets-scannerPrevent API keys/tokens in Claude responses

Browse All Security Hooks →

MCP Vetting Workflow

Systematic evaluation before trusting MCP servers:

  1. Provenance: GitHub verified, 100+ stars, active maintenance
  2. Code Review: Minimal privileges, no obfuscation, open-source
  3. Permissions: Whitelist-only filesystem access, network restrictions
  4. Testing: Isolated Docker sandbox first, monitor tool calls
  5. Monitoring: Session logs, error tracking, regular re-audits

Full MCP Security Workflow →


📖 About

This guide is the result of 6 months of daily practice with Claude Code. The goal isn't to be exhaustive (the tool evolves too fast), but to share what works in production.

What you'll find:

  • Patterns verified in production (not theory)
  • Trade-off explanations (not just "here's how to do it")
  • Security first (28 CVEs tracked)
  • Transparency on limitations (Claude Code isn't magic)

What you won't find:

  • Definitive answers (tool is too new)
  • Universal configs (every project is different)
  • Marketing promises (zero bullshit)

Use this guide critically. Experiment. Share what works for you.

Feedback welcome: GitHub Issues

About the Author

Florian Bruniaux — Founding Engineer @ Méthode Aristote (EdTech + AI). 12 years in tech (Dev → Lead → EM → VP Eng → CTO). Current focus: Rust CLI tools, MCP servers, AI developer tooling.

ProjectDescriptionLinks
RTKCLI proxy — 60-90% LLM token reductionGitHub · Site
ccboardReal-time TUI/Web dashboard for Claude CodeGitHub · Demo
Claude Cowork Guide26 business workflows for non-codersGitHub · Site
cc-copilot-bridgeBridge between Claude Code & GitHub CopilotGitHub · Site
Agent AcademyMCP server for AI agent learningGitHub
techmapperTech stack mapping & visualizationGitHub

GitHub · LinkedIn · Portfolio


📚 What's Inside

Core Documentation

FilePurposeTime
Ultimate GuideComplete reference (24K+ lines), 10 sections30-40h (full) • Most consult sections
Cheat Sheet1-page printable reference5 min
Visual Reference20 ASCII diagrams for key concepts5 min
ArchitectureHow Claude Code works internally25 min
MethodologiesTDD, SDD, BDD reference20 min
WorkflowsPractical guides (TDD, Plan-Driven, Task Management)30 min
Data PrivacyRetention & compliance10 min
Security HardeningMCP vetting, injection defense25 min
Sandbox IsolationDocker Sandboxes, cloud alternatives, safe autonomy10 min
Production SafetyPort stability, DB safety, infrastructure lock20 min
DevOps & SREFIRE framework, K8s troubleshooting, incident response30 min
AI EcosystemComplementary AI tools & integration patterns20 min
AI TraceabilityCode attribution & provenance tracking15 min
Search Tools CheatsheetGrep, Serena, ast-grep, grepai comparison5 min
Learning with AIUse AI without becoming dependent15 min
Claude Code ReleasesOfficial release history10 min
CreditsOpen-source inspirations and pattern attributions2 min
Examples Library (181 templates)

Agents (23): code-reviewer, test-writer, security-auditor, refactoring-specialist, output-evaluator, devops-sre

view the full README on GitHub.

// compatibility

Platformscli, api, web
Operating systems
AI compatibilityclaude
LicenseCC-BY-SA-4.0
Pricingopen-source
LanguagePython

// faq

What is claude-code-ultimate-guide?

The most comprehensive Claude Code guide: agentic workflows, hooks, skills, MCP servers, quizzes, and production-ready templates. 430K+ lines.. It is open-source on GitHub.

Is claude-code-ultimate-guide free to use?

claude-code-ultimate-guide is open-source under the CC-BY-SA-4.0 license, so it is free to use.

What category does claude-code-ultimate-guide belong to?

claude-code-ultimate-guide is listed under devtools in the Claudeers registry of Claude-compatible tools.

1 views
5,368 stars
unclaimed
updated 15 days ago

// embed badge

claude-code-ultimate-guide on Claudeers
[![Claudeers](https://claudeers.com/api/badge/claude-code-ultimate-guide.svg)](https://claudeers.com/claude-code-ultimate-guide)

// retro hit counter

claude-code-ultimate-guide hit counter
[![Hits](https://claudeers.com/api/counter/claude-code-ultimate-guide.svg)](https://claudeers.com/claude-code-ultimate-guide)

// reviews

// guestbook

0/500

// related in Developer Tools

🔓

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Curs…

// devtoolsaffaan-m/JavaScript225,699MIT[ claude ]
🔓

Use Garry Tan's exact Claude Code setup: 23 opinionated tools that serve as CEO, Designer, Eng Manager, Release Manager, Doc Engineer, and QA

// devtoolsgarrytan/TypeScript119,234MIT[ claude ]
🔓

🙌 OpenHands: AI-Driven Development

// devtoolsOpenHands/Python79,324NOASSERTION[ claude ]
🔓

Makes your AI agent think like the laziest senior dev in the room. The best code is the code you never wrote.

// devtoolsDietrichGebert/JavaScript73,042MIT[ claude ]

// built by

Connectorlinks several projects together across the ecosystem · 12 connections
→ see how claude-code-ultimate-guide connects across the ecosystem