6 months of daily practice distilled into a guide that teaches you the WHY, not just the what. From core concepts to production security, you learn to design your own agentic workflows instead of copy-pasting configs.If this guide helps you, give it a star β β it helps others discover it too.
| Who you are | Your guide |
|---|---|
| ποΈ Tech Lead / Engineering Manager | Deploying Claude Code across your team β |
| π CTO / Decision Maker | ROI, security posture, team adoption β |
| πΌ CIO / CEO | Budget, risk, what to ask your tech team (3 min) β |
| π¨ Product Manager / Designer | Vibe coding, working with AI-assisted dev teams β |
| βοΈ Writer / Ops / Manager | Claude Cowork Guide (separate repo) β |
| π¨βπ» Developer (all levels) | You're in the right place β read on β |
| π§ Career pivot / new AI role | AI Roles & Career Paths β |
This guide teaches you to think differently about AI-assisted development:
- β Understand trade-offs β When to use agents vs skills vs commands (not just how to configure them)
- β Build mental models β How Claude Code works internally (architecture, context flow, tool orchestration)
- β Visualize concepts β 41 Mermaid diagrams covering model selection, master loop, memory hierarchy, multi-agent patterns, security threats, AI fluency paths
- β Master methodologies β TDD, SDD, BDD with AI collaboration (not just templates)
- β Security mindset β Threat modeling for AI systems (only guide with 24 CVEs + 655 malicious skills database)
- β Test your knowledge β 271-question quiz to validate understanding (no other resource offers this)
Outcome: Go from copy-pasting configs to designing your own agentic workflows with confidence.
Both guides serve different needs. Choose based on your priority.
| Your Goal | This Guide | everything-claude-code |
|---|---|---|
| Understand why patterns work | Deep explanations + architecture | Config-focused |
| Quick setup for projects | Available but not the priority | Battle-tested production configs |
| Learn trade-offs (agents vs skills) | Decision frameworks + comparisons | Lists patterns, no trade-off analysis |
| Security hardening | Only threat database (24 CVEs) | Basic patterns only |
| Test understanding | 271-question quiz | Not available |
| Methodologies (TDD/SDD/BDD) | Full workflow guides | Not covered |
| Copy-paste ready templates | 228 templates | 200+ templates |
EDUCATIONAL DEPTH
β²
β
β β
This Guide
β Security + Methodologies + 24K+ lines
β
β [Everything-You-Need-to-Know]
β SDLC/BMAD beginner
ββββββββββββββββββββββββββΌββββββββββββββββββββββββββΊ READY-TO-USE
[awesome-claude-code] β [everything-claude-code]
(discovery, curation) β (plugin, 1-cmd install)
β
β [claude-code-studio]
β Context management
β
SPECIALIZED
4 unique gaps no competitor covers:
- Security-First β 24 CVEs + 655 malicious skills tracked (no competitor has this depth)
- Methodology Workflows β TDD/SDD/BDD comparison + step-by-step guides
- Comprehensive Reference β 24K+ lines across 16 specialized guides (24Γ more reference material than everything-cc)
- Educational Progression β 271-question quiz, beginner β expert path
Recommended workflow:
- Learn concepts here (mental models, trade-offs, security)
- Use battle-tested configs there (quick project setup)
- Return here for deep dives (when something doesn't work or to design custom workflows)
Both resources are complementary, not competitive. Use what fits your current need.
Quickest path: Cheat Sheet β 1 printable page with daily essentials
Interactive onboarding (no setup needed):
claude "Fetch and follow the onboarding instructions from: https://raw.githubusercontent.com/FlorianBruniaux/claude-code-ultimate-guide/main/tools/onboarding-prompt.md"Browse directly: Full Guide | Visual Diagrams | Examples | Quiz
No cloning needed. Add to ~/.claude.json and ask questions directly from any session:
{
"mcpServers": {
"claude-code-guide": {
"type": "stdio",
"command": "npx",
"args": ["-y", "claude-code-ultimate-guide-mcp"]
}
}
}17 tools: search_guide, read_section, get_cheatsheet, get_digest, get_example, list_examples, search_examples, get_release, get_changelog, compare_versions, list_topics, get_threat, list_threats, plus init_official_docs, refresh_official_docs, diff_official_docs, search_official_docs (v1.1.0 β official Anthropic docs tracker) β plus 13 slash commands /ccguide:* and a Haiku agent.
Onboarding one-liner (once MCP is configured):
claude "Use the claude-code-guide MCP server. Activate the claude-code-expert prompt, then run a personalized onboarding: ask me 3 questions about my goal, experience level, and preferred tone β then build a custom learning path using search_guide and read_section to navigate the guide with live source links."graph LR
root[π¦ Repository<br/>Root]
root --> guide[π guide/<br/>24K+ lines]
root --> examples[π examples/<br/>228 templates]
root --> quiz[π§ quiz/<br/>271 questions]
root --> tools[π§ tools/<br/>utils]
root --> machine[π€ machine-readable/<br/>AI index]
root --> docs[π docs/<br/>115 evaluations]
style root fill:#d35400,stroke:#e67e22,stroke-width:3px,color:#fff
style guide fill:#2980b9,stroke:#3498db,stroke-width:2px,color:#fff
style examples fill:#8e44ad,stroke:#9b59b6,stroke-width:2px,color:#fff
style quiz fill:#d68910,stroke:#f39c12,stroke-width:2px,color:#fff
style tools fill:#5d6d7e,stroke:#7f8c8d,stroke-width:2px,color:#fff
style machine fill:#138d75,stroke:#16a085,stroke-width:2px,color:#fff
style docs fill:#c0392b,stroke:#e74c3c,stroke-width:2px,color:#fff
Detailed Structure (Text View)
π¦ claude-code-ultimate-guide/
β
ββ π guide/ Core Documentation (24K+ lines)
β ββ ultimate-guide.md Complete reference, 10 sections
β ββ cheatsheet.md 1-page printable
β ββ architecture.md How Claude Code works internally
β ββ methodologies.md TDD, SDD, BDD workflows
β ββ diagrams/ 41 Mermaid diagrams (10 thematic files)
β ββ third-party-tools.md Community tools (RTK, ccusage, Entire CLI)
β ββ mcp-servers-ecosystem.md Official & community MCP servers
β ββ workflows/ Step-by-step guides
β
ββ π examples/ 228 Production Templates
β ββ agents/ 9 custom AI personas
β ββ commands/ 26 slash commands
β ββ hooks/ 31 hooks (bash + PowerShell)
β ββ skills/ 14 skills (9 on SkillHub)
β ββ scripts/ Utility scripts (audit, search)
β
ββ π§ quiz/ 271 Questions
β ββ 9 categories Setup, Agents, MCP, Trust, Advanced...
β ββ 4 profiles Junior, Senior, Power User, PM
β ββ Instant feedback Doc links + score tracking
β
ββ π§ tools/ Interactive Utilities
β ββ onboarding-prompt Personalized guided tour
β ββ audit-prompt Setup audit & recommendations
β
ββ π€ machine-readable/ AI-Optimized Index
β ββ reference.yaml Structured index (~2K tokens) β powers landing site CMD+K search
β ββ claude-code-releases.yaml Structured releases changelog
β ββ llms.txt Standard LLM context file
β
ββ π docs/ 115 Resource Evaluations
ββ resource-evaluations/ 5-point scoring, source attribution
Outcome: Design your own workflows instead of copy-pasting blindly.
We teach how Claude Code works and why patterns matter:
- Architecture β Internal mechanics (context flow, tool orchestration, memory management)
- Trade-offs β Decision frameworks for agents vs skills vs commands
- Configuration Decision Guide β Unified "which mechanism for what?" map across all 7 config layers
- Pitfalls β Common failure modes + prevention strategies
What this means for you: Troubleshoot issues independently, optimize for your specific use case, know when to deviate from patterns.
Outcome: Grasp complex concepts instantly through visual mental models.
41 interactive diagrams across 10 thematic files β GitHub-native Mermaid rendering + ASCII fallback for every diagram:
- Foundations β 4-layer context model, 9-step pipeline, permission modes
- Architecture β Master loop, tool categories, system prompt assembly
- Multi-Agent β 3 topologies, worktrees, dual-instance, horizontal scaling
- Security β 3-layer defense, MCP rug pull attack chain, verification paradox
- Cost & Models β Model selection tree, token reduction pipeline
What this means for you: Understand the master loop before reading 24K+ lines, see multi-agent topologies at a glance, share visual security threat models with your team.
Outcome: Protect production systems from AI-specific attacks.
Only guide with systematic threat tracking:
- 24 CVE-mapped vulnerabilities β Prompt injection, data exfiltration, code injection
- 655 malicious skills catalogued β Unicode injection, hidden instructions, auto-execute patterns
- Production hardening workflows β MCP vetting, injection defense, audit automation
Threat Database β | Security Guide β
What this means for you: Vet MCP servers before trusting them, detect attack patterns in configs, comply with security audits.
Outcome: Verify your understanding + identify knowledge gaps.
Only comprehensive assessment available β test across 9 categories:
- Setup & Configuration, Agents & Sub-Agents, MCP Servers, Trust & Verification, Advanced Patterns
Features: 4 skill profiles (Junior/Senior/Power User/PM), instant feedback with doc links, weak area identification
Try Quiz Online β | Run Locally
What this means for you: Know what you don't know, track learning progress, prepare for team adoption discussions.
Outcome: Parallelize work on large codebases (Fountain: 50% faster, CRED: 2x speed).
Only comprehensive guide to Anthropic's multi-agent coordination:
- Production metrics from real companies (autonomous C compiler, 500K hours saved)
- 5 validated workflows (multi-layer review, parallel debugging, large-scale refactoring)
- Decision framework: Teams vs Multi-Instance vs Dual-Instance vs Beads
Agent Teams Workflow β | Section 9.20 β
What this means for you: Break monolithic tasks into parallelizable work, coordinate multi-file refactors, review your own AI-generated code.
Outcome: Maintain code quality while working with AI.
Complete guides with rationale and examples:
- TDD β Test-Driven Development (Red-Green-Refactor with AI)
- SDD β Specification-Driven Development (Design before code)
- BDD β Behavior-Driven Development (User stories β tests)
- GSD β Get Shit Done (Pragmatic delivery)
What this means for you: Choose the right workflow for your team culture, integrate AI into existing processes, avoid technical debt from AI over-reliance.
Outcome: Learn patterns, not just configs.
Educational templates with explanations:
- Agents (6), Commands (26), Hooks (31), Skills
- Comments explaining why each pattern works (not just what it does)
- Gradual complexity progression (simple β advanced)
What this means for you: Understand the reasoning behind patterns, adapt templates to your context, create your own custom patterns.
Outcome: Trust our recommendations are evidence-based.
Systematic assessment of external resources (5-point scoring):
- Articles, videos, tools, frameworks
- Honest assessments with source attribution (no marketing fluff)
- Integration recommendations with trade-offs
What this means for you: Save time vetting resources, understand limitations before adopting tools, make informed decisions.
Junior Developer β Foundation path (7 steps)
- Quick Start β Install & first workflow
- Essential Commands β The 7 commands
- Context Management β Critical concept
- Memory Files β Your first CLAUDE.md
- Learning with AI β Use AI without becoming dependent β
- TDD Workflow β Test-first development
- Cheat Sheet β Print this
Senior Developer β Intermediate path (6 steps)
- Core Concepts β Mental model
- Plan Mode β Safe exploration
- Methodologies β TDD, SDD, BDD reference
- Agents β Custom AI personas
- Hooks β Event automation
- CI/CD Integration β Pipelines
Power User β Comprehensive path (8 steps)
- Complete Guide β End-to-end
- Architecture β How Claude Code works
- Security Hardening β MCP vetting, injection defense
- MCP Servers β Extended capabilities
- Trinity Pattern β Advanced workflows
- Observability β Monitor costs & sessions
- Agent Teams β Multi-agent coordination (Opus 4.6 experimental)
- Examples β Production templates
Product Manager / DevOps / Designer
Product Manager (5 steps):
- What's Inside β Scope overview
- Golden Rules β Key principles
- Data Privacy β Retention & compliance
- Adoption Approaches β Team strategies
- PM FAQ β Code-adjacent vs non-coding PMs
Note: Non-coding PMs should consider Claude Cowork Guide instead.
DevOps / SRE (5 steps):
- DevOps & SRE Guide β FIRE framework
- K8s Troubleshooting β Symptom-based prompts
- Incident Response β Workflows
- IaC Patterns β Terraform, Ansible
- Guardrails β Security boundaries
Product Designer (5 steps):
- Working with Images β Image analysis
- Wireframing Tools β ASCII/Excalidraw
- Figma MCP β Design file access
- Design-to-Code Workflow β Figma β Claude
- Cheat Sheet β Print this
- Week 1: Foundations (install, CLAUDE.md, first agent)
- Week 2: Core Features (skills, hooks, trust calibration)
- Week 3: Advanced (MCP servers, methodologies)
- Month 2+: Production mastery (CI/CD, observability)
cc-copilot-bridge routes Claude Code through GitHub Copilot Pro+ for flat-rate access ($10/month instead of per-token billing).
# Install
git clone https://github.com/FlorianBruniaux/cc-copilot-bridge.git && cd cc-copilot-bridge && ./install.sh
# Use
ccc # Copilot mode (flat $10/month)
ccd # Direct Anthropic mode (per-token)
cco # Offline mode (Ollama, 100% local)Benefits: Multi-provider switching, rate limit bypass, 99%+ cost savings on heavy usage.
Claude Code can generate 1.75x more logic errors than human-written code (ACM 2025). Every output must be verified. Use /insights commands and verify patterns through tests.
Strategy: Solo dev (verify logic + edge cases). Team (systematic peer review). Production (mandatory gating tests).
24 CVEs identified in Claude Code ecosystem. 655 malicious skills in supply chain. MCP servers can read/write your codebase.
Strategy: Systematic audit (5-min checklist). Community-vetted MCP Safe List. Vetting workflow documented in guide.
At 70% context, Claude starts losing precision. At 85%, hallucinations increase. At 90%+, responses become erratic.
Strategy: 0-50% (work freely). 50-70% (attention). 70-90% (/compact). 90%+ (/clear mandatory).
Start with basic CLAUDE.md + a few commands. Test in production for 2 weeks. Add agents/skills only if need is proven.
Strategy: Phase 1 (basic). Phase 2 (commands + hooks if needed). Phase 3 (agents if multi-context). Phase 4 (MCP servers if truly required).
TDD/SDD/BDD are not optional with Claude Code. AI accelerates bad code as much as good code.
Strategy: TDD (critical logic). SDD (architecture upfront). BDD (PM/dev collaboration). GSD (throwaway prototypes).
| # | Rule | Key Metric | Action |
|---|---|---|---|
| 1 | Verify Trust | 1.75x more logic errors | Test everything, peer review |
| 2 | Vet MCPs | 24 CVEs, 655 malicious skills | 5-min audit checklist |
| 3 | Manage Context | 70% = precision loss | /compact at 70%, /clear at 90% |
| 4 | Start Simple | 2-week test period | Phase 1β4 progressive adoption |
| 5 | Use Methodologies | AI amplifies good AND bad | TDD/SDD/BDD by context |
Context management is critical. See the Cheat Sheet for thresholds and actions.
| Resource | Purpose | Tokens |
|---|---|---|
| llms.txt | Standard context file | ~1K |
| reference.yaml | Structured index with line numbers | ~2K |
Quick load: curl -sL https://raw.githubusercontent.com/FlorianBruniaux/claude-code-ultimate-guide/main/machine-readable/reference.yaml
reference.yaml is organized into several top-level sections:
| Section | Content |
|---|---|
lines |
Line number references for key sections in ultimate-guide.md |
deep_dive |
Key β file path mappings for all guides, examples, hooks, agents, commands |
decide |
Decision tree (when to use what) |
stats |
Counters (templates, questions, CVEsβ¦) |
The deep_dive section powers the landing site CMD+K search. The build script (scripts/build-guide-index.mjs) parses it to generate 160 search entries.
The CMD+K search on the landing site is an explicit index β not a full-text search. Only entries listed in deep_dive are indexed. Keywords are derived mechanically from the key name and file path, not from the file content.
Consequence: adding a new guide section requires explicitly adding an entry to deep_dive, then running pnpm build:search in the landing repo.
Adding a new entry to deep_dive:
deep_dive:
# existing entries...
my_new_section: "guide/my-new-file.md" # local guide file
my_hook_example: "examples/hooks/bash/foo.sh" # example file
my_section_ref: "guide/ultimate-guide.md:1234" # with line number anchorCritical: avoid duplicate keys. If a key appears twice in deep_dive, the YAML parser fails and the landing site search index becomes empty (0 entries). The build exits with a warning but no hard error:
[build-guide-index] ERROR: Failed to parse YAML: duplicated mapping key
[build-guide-index] Generating empty guide-search-entries.ts
Use distinct names β e.g. if you need both a line-number reference and a file path for the same concept, suffix the line-number key with _line:
security_gate_hook_line: 6907 # line number ref
security_gate_hook: "examples/hooks/bash/security-gate.sh" # file path ref11 focused whitepapers covering Claude Code in depth β PDF + EPUB, available in French and English. 472 pages total.
Coming soon β currently in private access. Public release planned.
| # | FR | EN | Pages |
|---|---|---|---|
| 00 | De ZΓ©ro Γ Productif | From Zero to Productive | 20 |
| 01 | Prompts qui Marchent | Prompts That Work | 40 |
| 02 | Personnaliser Claude | Customizing Claude | 47 |
| 03 | SΓ©curitΓ© en Production | Security in Production | 48 |
| 04 | L'Architecture DΓ©mystifiΓ©e | Architecture Demystified | 40 |
| 05 | DΓ©ployer en Γquipe | Team Deployment | 43 |
| 06 | Privacy & Compliance | Privacy & Compliance | 29 |
| 07 | Guide de RΓ©fΓ©rence | Reference Guide | 87 |
| 08 | Agent Teams | Agent Teams | 42 |
| 09 | Apprendre avec l'IA | Learning with AI β UVAL protocol, comprehension debt | 49 |
| 10 | Convaincre son Employeur | Making the Case for AI β ROI dossier for CEO/CTO/CFO | 27 |
57 single-page A4 reference cards β printable, one concept per card. Available in French; English version in progress.
Browse online: cc.bruniaux.com/cheatsheets/
- Technique (22 cards) β Commands, permissions, configuration, MCP, models, context window
- MΓ©thodologie (22 cards) β Daily workflow, agents, hooks, CI/CD, multi-agent, debug
- Conception (13 cards) β Mental models, prompting, security by design, cost patterns
Claude Cowork is the companion guide for non-technical users (knowledge workers, assistants, managers).
Same agentic capabilities as Claude Code, but through a visual interface with no coding required.
β Claude Cowork Guide β File organization, document generation, automated workflows
Status: Research preview (Pro $20/mo or Max $100-200/mo, macOS only, VPN incompatible)
Production-ready plugins from this guide, installable in one command:
claude plugin marketplace add FlorianBruniaux/claude-code-plugins
claude plugin install session-summary@florian-claude-toolsFlorianBruniaux/claude-code-plugins β Session analytics, more plugins coming
| Project | Focus | Best For |
|---|---|---|
| everything-claude-code | Production configs (45k+ stars) | Quick setup, battle-tested patterns |
| claude-code-templates | Distribution (200+ templates) | CLI installation (17k stars) |
| anthropics/skills | Official Anthropic skills (60K+ stars) | Documents, design, dev templates |
| anthropics/claude-plugins-official | Plugin dev tools (3.1K installs) | CLAUDE.md audit, automation discovery |
| skills.sh | Skills marketplace | One-command install (Vercel Labs) |
| awesome-claude-code | Curation | Resource discovery |
| awesome-claude-skills | Skills taxonomy | 62 skills across 12 categories |
| awesome-claude-md | CLAUDE.md examples | Annotated configs with scoring |
| AI Coding Agents Matrix | Technical comparison | Comparing 23+ alternatives |
Community: π«π· Dev With AI β 1500+ devs on Slack, meetups in Paris, Bordeaux, Lyon
β AI Ecosystem Guide β Complete integration patterns with complementary AI tools
Comprehensive MCP security coverage β the only guide with a threat intelligence database and production hardening workflows.
| Tool | Purpose | Maintained By |
|---|---|---|
| claude-code-security-review | GitHub Action for automated security scanning | Anthropic (official) |
| This Guide's Threat DB | Intelligence layer (24 CVEs, 655 malicious skills) | Community |
Workflow: Use GitHub Action for automation β Consult Threat DB for threat intelligence.
24 CVE-mapped vulnerabilities and 655 malicious skills tracked in machine-readable/threat-db.yaml:
| Threat Category | Count | Examples |
|---|---|---|
| Code/Command Injection | 5 CVEs | CLI bypass (CVE-2025-66032), child_process exec |
| Path Traversal & Access | 4 CVEs | Symlink escape (CVE-2025-53109), prefix bypass |
| RCE & Prompt Hijacking | 4 CVEs | MCP Inspector RCE (CVE-2025-49596), session hijack |
| SSRF & DNS Rebinding | 4 CVEs | WebFetch SSRF (CVE-2026-24052), DNS rebinding |
| Data Leakage | 1 CVE | Cross-client response leak (CVE-2026-25536) |
| Malicious Skills | 341 patterns | Unicode injection, hidden instructions, auto-execute |
Taxonomies: 10 attack surfaces Γ 11 threat types Γ 8 impact levels
| Resource | Purpose | Time |
|---|---|---|
| Security Hardening Guide | MCP vetting, injection defense, audit workflow | 25 min |
| Data Privacy Guide | Retention policies (5yr β 30d β 0), GDPR compliance | 10 min |
| Sandbox Isolation | Docker sandboxes for untrusted MCP servers | 10 min |
| Production Safety | Infrastructure locks, port stability, DB safety | 20 min |