Claude Code Ultimate Guide

6 months of daily practice distilled into a guide that teaches you the WHY, not just the what. From core concepts to production security, you learn to design your own agentic workflows instead of copy-pasting configs.

If this guide helps you, give it a star ⭐ — it helps others discover it too.

🎯 What You'll Learn

This guide teaches you to think differently about AI-assisted development:

• ✅ Understand trade-offs — When to use agents vs skills vs commands (not just how to configure them)
• ✅ Build mental models — How Claude Code works internally (architecture, context flow, tool orchestration)
• ✅ Visualize concepts — 41 Mermaid diagrams covering model selection, master loop, memory hierarchy, multi-agent patterns, security threats, AI fluency paths
• ✅ Master methodologies — TDD, SDD, BDD with AI collaboration (not just templates)
• ✅ Security mindset — Threat modeling for AI systems (only guide with 24 CVEs + 655 malicious skills database)
• ✅ Test your knowledge — 274-question quiz to validate understanding (no other resource offers this)

Outcome: Go from copy-pasting configs to designing your own agentic workflows with confidence.

📊 When to Use This Guide vs Everything-CC

Both guides serve different needs. Choose based on your priority.

Ecosystem Positioning

                    EDUCATIONAL DEPTH
                           ▲
                           │
                           │  ★ This Guide
                           │  Security + Methodologies + 20K lines
                           │
                           │  [Everything-You-Need-to-Know]
                           │  SDLC/BMAD beginner
  ─────────────────────────┼─────────────────────────► READY-TO-USE
  [awesome-claude-code]    │            [everything-claude-code]
  (discovery, curation)    │            (plugin, 1-cmd install)
                           │
                           │  [claude-code-studio]
                           │  Context management
                           │
                      SPECIALIZED

4 unique gaps no competitor covers:

1. Security-First — 24 CVEs + 655 malicious skills tracked (no competitor has this depth)
2. Methodology Workflows — TDD/SDD/BDD comparison + step-by-step guides
3. Comprehensive Reference — 20K lines across 16 specialized guides (24× more reference material than everything-cc)
4. Educational Progression — 274-question quiz, beginner → expert path

Recommended workflow:

1. Learn concepts here (mental models, trade-offs, security)
2. Use battle-tested configs there (quick project setup)
3. Return here for deep dives (when something doesn't work or to design custom workflows)

Both resources are complementary, not competitive. Use what fits your current need.

⚡ Quick Start

Quickest path: Cheat Sheet — 1 printable page with daily essentials

Interactive onboarding (no setup needed):

claude "Fetch and follow the onboarding instructions from: https://raw.githubusercontent.com/FlorianBruniaux/claude-code-ultimate-guide/main/tools/onboarding-prompt.md"

Browse directly: Full Guide | Visual Diagrams | Examples | Quiz

🔌 MCP Server — Use the guide from any Claude Code session

No cloning needed. Add to ~/.claude.json and ask questions directly from any session:

{
  "mcpServers": {
    "claude-code-guide": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "claude-code-ultimate-guide-mcp"]
    }
  }
}

12 tools: search_guide, read_section, get_cheatsheet, get_digest, get_example, list_examples, get_release, get_changelog, list_topics, compare_versions, get_threat, list_threats, search_examples — plus 8 slash commands /ccguide:* and a Haiku agent.

Onboarding one-liner (once MCP is configured):

claude "Use the claude-code-guide MCP server. Activate the claude-code-expert prompt, then run a personalized onboarding: ask me 3 questions about my goal, experience level, and preferred tone — then build a custom learning path using search_guide and read_section to navigate the guide with live source links."

→ MCP Server README

📁 Repository Structure

graph LR
    root[📦 Repository<br/>Root]
root --&gt; guide[📖 guide/&lt;br/&gt;20K lines]
root --&gt; examples[📋 examples/&lt;br/&gt;175 templates]
root --&gt; quiz[🧠 quiz/&lt;br/&gt;274 questions]
root --&gt; tools[🔧 tools/&lt;br/&gt;utils]
root --&gt; machine[🤖 machine-readable/&lt;br/&gt;AI index]
root --&gt; docs[📚 docs/&lt;br/&gt;84 evaluations]

style root fill:#d35400,stroke:#e67e22,stroke-width:3px,color:#fff
style guide fill:#2980b9,stroke:#3498db,stroke-width:2px,color:#fff
style examples fill:#8e44ad,stroke:#9b59b6,stroke-width:2px,color:#fff
style quiz fill:#d68910,stroke:#f39c12,stroke-width:2px,color:#fff
style tools fill:#5d6d7e,stroke:#7f8c8d,stroke-width:2px,color:#fff
style machine fill:#138d75,stroke:#16a085,stroke-width:2px,color:#fff
style docs fill:#c0392b,stroke:#e74c3c,stroke-width:2px,color:#fff

📦 claude-code-ultimate-guide/
│
├─ 📖 guide/              Core Documentation (20K+ lines)
│  ├─ ultimate-guide.md   Complete reference, 10 sections
│  ├─ cheatsheet.md       1-page printable
│  ├─ architecture.md     How Claude Code works internally
│  ├─ methodologies.md    TDD, SDD, BDD workflows
│  ├─ diagrams/           41 Mermaid diagrams (10 thematic files)
│  ├─ third-party-tools.md  Community tools (RTK, ccusage, Entire CLI)
│  ├─ mcp-servers-ecosystem.md  Official & community MCP servers
│  └─ workflows/          Step-by-step guides
│
├─ 📋 examples/           175 Production Templates
│  ├─ agents/             9 custom AI personas
│  ├─ commands/           26 slash commands
│  ├─ hooks/              31 hooks (bash + PowerShell)
│  ├─ skills/             14 skills (9 on SkillHub)
│  └─ scripts/            Utility scripts (audit, search)
│
├─ 🧠 quiz/               274 Questions
│  ├─ 9 categories        Setup, Agents, MCP, Trust, Advanced...
│  ├─ 4 profiles          Junior, Senior, Power User, PM
│  └─ Instant feedback    Doc links + score tracking
│
├─ 🔧 tools/              Interactive Utilities
│  ├─ onboarding-prompt   Personalized guided tour
│  └─ audit-prompt        Setup audit & recommendations
│
├─ 🤖 machine-readable/   AI-Optimized Index
│  ├─ reference.yaml      Structured index (~2K tokens) — powers landing site CMD+K search
│  ├─ claude-code-releases.yaml  Structured releases changelog
│  └─ llms.txt            Standard LLM context file
│
└─ 📚 docs/               84 Resource Evaluations
   └─ resource-evaluations/  5-point scoring, source attribution

🎯 What Makes This Guide Unique

🎓 Deep Understanding Over Configuration

Outcome: Design your own workflows instead of copy-pasting blindly.

We teach how Claude Code works and why patterns matter:

• Architecture — Internal mechanics (context flow, tool orchestration, memory management)
• Trade-offs — Decision frameworks for agents vs skills vs commands
• Configuration Decision Guide — Unified "which mechanism for what?" map across all 7 config layers
• Pitfalls — Common failure modes + prevention strategies

What this means for you: Troubleshoot issues independently, optimize for your specific use case, know when to deviate from patterns.

🖼️ Visual Diagrams Series (41 Mermaid Diagrams)

Outcome: Grasp complex concepts instantly through visual mental models.

41 interactive diagrams across 10 thematic files — GitHub-native Mermaid rendering + ASCII fallback for every diagram:

• Foundations — 4-layer context model, 9-step pipeline, permission modes
• Architecture — Master loop, tool categories, system prompt assembly
• Multi-Agent — 3 topologies, worktrees, dual-instance, horizontal scaling
• Security — 3-layer defense, MCP rug pull attack chain, verification paradox
• Cost & Models — Model selection tree, token reduction pipeline

Browse all 41 diagrams →

What this means for you: Understand the master loop before reading 20K lines, see multi-agent topologies at a glance, share visual security threat models with your team.

🛡️ Security Threat Intelligence (Only Comprehensive Database)

Outcome: Protect production systems from AI-specific attacks.

Only guide with systematic threat tracking:

• 24 CVE-mapped vulnerabilities — Prompt injection, data exfiltration, code injection
• 655 malicious skills catalogued — Unicode injection, hidden instructions, auto-execute patterns
• Production hardening workflows — MCP vetting, injection defense, audit automation

Threat Database → | Security Guide →

What this means for you: Vet MCP servers before trusting them, detect attack patterns in configs, comply with security audits.

📝 274-Question Knowledge Validation (Unique in Ecosystem)

Outcome: Verify your understanding + identify knowledge gaps.

Only comprehensive assessment available — test across 9 categories:

• Setup & Configuration, Agents & Sub-Agents, MCP Servers, Trust & Verification, Advanced Patterns

Features: 4 skill profiles (Junior/Senior/Power User/PM), instant feedback with doc links, weak area identification

Try Quiz Online → | Run Locally

What this means for you: Know what you don't know, track learning progress, prepare for team adoption discussions.

🤖 Agent Teams Coverage (v2.1.32+ Experimental)

Outcome: Parallelize work on large codebases (Fountain: 50% faster, CRED: 2x speed).

Only comprehensive guide to Anthropic's multi-agent coordination:

• Production metrics from real companies (autonomous C compiler, 500K hours saved)
• 5 validated workflows (multi-layer review, parallel debugging, large-scale refactoring)
• Decision framework: Teams vs Multi-Instance vs Dual-Instance vs Beads

Agent Teams Workflow → | Section 9.20 →

What this means for you: Break monolithic tasks into parallelizable work, coordinate multi-file refactors, review your own AI-generated code.

🔬 Methodologies (Structured Development Workflows)

Outcome: Maintain code quality while working with AI.

Complete guides with rationale and examples:

• TDD — Test-Driven Development (Red-Green-Refactor with AI)
• SDD — Specification-Driven Development (Design before code)
• BDD — Behavior-Driven Development (User stories → tests)
• GSD — Get Shit Done (Pragmatic delivery)

What this means for you: Choose the right workflow for your team culture, integrate AI into existing processes, avoid technical debt from AI over-reliance.

📚 175 Annotated Templates

Outcome: Learn patterns, not just configs.

Educational templates with explanations:

• Agents (6), Commands (26), Hooks (31), Skills
• Comments explaining why each pattern works (not just what it does)
• Gradual complexity progression (simple → advanced)

Browse Catalog →

What this means for you: Understand the reasoning behind patterns, adapt templates to your context, create your own custom patterns.

🔍 84 Resource Evaluations

Outcome: Trust our recommendations are evidence-based.

Systematic assessment of external resources (5-point scoring):

• Articles, videos, tools, frameworks
• Honest assessments with source attribution (no marketing fluff)
• Integration recommendations with trade-offs

See Evaluations →

What this means for you: Save time vetting resources, understand limitations before adopting tools, make informed decisions.

🎯 Learning Paths

Progressive Journey

• Week 1: Foundations (install, CLAUDE.md, first agent)
• Week 2: Core Features (skills, hooks, trust calibration)
• Week 3: Advanced (MCP servers, methodologies)
• Month 2+: Production mastery (CI/CD, observability)

🔧 Rate Limits & Cost Savings

cc-copilot-bridge routes Claude Code through GitHub Copilot Pro+ for flat-rate access ($10/month instead of per-token billing).

# Install
git clone https://github.com/FlorianBruniaux/cc-copilot-bridge.git && cd cc-copilot-bridge && ./install.sh
Use
ccc   # Copilot mode (flat $10/month)
ccd   # Direct Anthropic mode (per-token)
cco   # Offline mode (Ollama, 100% local)

Benefits: Multi-provider switching, rate limit bypass, 99%+ cost savings on heavy usage.

→ cc-copilot-bridge

🔑 Golden Rules

1. Verify Trust Before Use

Claude Code can generate 1.75x more logic errors than human-written code (ACM 2025). Every output must be verified. Use /insights commands and verify patterns through tests.

Strategy: Solo dev (verify logic + edge cases). Team (systematic peer review). Production (mandatory gating tests).

2. Never Approve MCPs from Unknown Sources

24 CVEs identified in Claude Code ecosystem. 655 malicious skills in supply chain. MCP servers can read/write your codebase.

Strategy: Systematic audit (5-min checklist). Community-vetted MCP Safe List. Vetting workflow documented in guide.

3. Context Pressure Changes Behavior

At 70% context, Claude starts losing precision. At 85%, hallucinations increase. At 90%+, responses become erratic.

Strategy: 0-50% (work freely). 50-70% (attention). 70-90% (/compact). 90%+ (/clear mandatory).

4. Start Simple, Scale Smart

Start with basic CLAUDE.md + a few commands. Test in production for 2 weeks. Add agents/skills only if need is proven.

Strategy: Phase 1 (basic). Phase 2 (commands + hooks if needed). Phase 3 (agents if multi-context). Phase 4 (MCP servers if truly required).

5. Methodologies Matter More with AI

TDD/SDD/BDD are not optional with Claude Code. AI accelerates bad code as much as good code.

Strategy: TDD (critical logic). SDD (architecture upfront). BDD (PM/dev collaboration). GSD (throwaway prototypes).

Quick Reference

Context management is critical. See the Cheat Sheet for thresholds and actions.

🤖 For AI Assistants

Quick load: curl -sL https://raw.githubusercontent.com/FlorianBruniaux/claude-code-ultimate-guide/main/machine-readable/reference.yaml

reference.yaml — Structure & Landing Site Search

reference.yaml is organized into several top-level sections:

The deep_dive section powers the landing site CMD+K search. The build script (scripts/build-guide-index.mjs) parses it to generate 160 search entries.

How the search index works

The CMD+K search on the landing site is an explicit index — not a full-text search. Only entries listed in deep_dive are indexed. Keywords are derived mechanically from the key name and file path, not from the file content.

Consequence: adding a new guide section requires explicitly adding an entry to deep_dive, then running pnpm build:search in the landing repo.

Maintaining reference.yaml

Adding a new entry to deep_dive:

deep_dive:
  # existing entries...
  my_new_section: "guide/my-new-file.md"          # local guide file
  my_hook_example: "examples/hooks/bash/foo.sh"   # example file
  my_section_ref: "guide/ultimate-guide.md:1234"  # with line number anchor

Critical: avoid duplicate keys. If a key appears twice in deep_dive, the YAML parser fails and the landing site search index becomes empty (0 entries). The build exits with a warning but no hard error:

[build-guide-index] ERROR: Failed to parse YAML: duplicated mapping key
[build-guide-index] Generating empty guide-search-entries.ts

Use distinct names — e.g. if you need both a line-number reference and a file path for the same concept, suffix the line-number key with _line:

security_gate_hook_line: 6907                              # line number ref
security_gate_hook: "examples/hooks/bash/security-gate.sh" # file path ref

📄 Whitepapers (FR + EN)

A series of 9 focused whitepapers covering Claude Code in depth. Each covers a specific topic and is available in both French and English.

• 00 — De Zéro à Productif / From Zero to Productive — Foundations, first steps
• 01 — Prompts qui Marchent / Prompts That Work — Prompting method, context, hooks
• 02 — Personnaliser Claude / Customizing Claude — CLAUDE.md, custom agents, skills
• 03 — Sécurité en Production / Security in Production — 17 security hooks, threat DB, permissions
• 04 — L'Architecture Démystifiée / Architecture Demystified — Agent loop, context, token pricing
• 05 — Déployer en Équipe / Team Deployment — CI/CD, observability, 50+ devs adoption
• 06 — Privacy & Compliance — Anthropic data, ZDR, retention policies
• 07 — Guide de Référence / Reference Guide — Complete synthesis + advanced workflows
• 08 — Agent Teams — Multi-agent orchestration and coordination

→ Download all whitepapers

🌍 Ecosystem

Claude Cowork (Non-Developers)

Claude Cowork is the companion guide for non-technical users (knowledge workers, assistants, managers).

Same agentic capabilities as Claude Code, but through a visual interface with no coding required.

→ Claude Cowork Guide — File organization, document generation, automated workflows

Status: Research preview (Pro $20/mo or Max $100-200/mo, macOS only, VPN incompatible)

Claude Code Plugins (Marketplace)

Production-ready plugins from this guide, installable in one command:

claude plugin marketplace add FlorianBruniaux/claude-code-plugins
claude plugin install session-summary@florian-claude-tools

FlorianBruniaux/claude-code-plugins — Session analytics, more plugins coming

Complementary Resources

Community: 🇫🇷 Dev With AI — 1500+ devs on Slack, meetups in Paris, Bordeaux, Lyon

→ AI Ecosystem Guide — Complete integration patterns with complementary AI tools

🛡️ Security

Comprehensive MCP security coverage — the only guide with a threat intelligence database and production hardening workflows.

Official Security Tools

Workflow: Use GitHub Action for automation → Consult Threat DB for threat intelligence.

Threat Database

24 CVE-mapped vulnerabilities and 655 malicious skills tracked in machine-readable/threat-db.yaml:

Taxonomies: 10 attack surfaces × 11 threat types × 8 impact levels

Hardening Resources

Security Commands

/security-check      # Quick scan config vs known threats (~30s)
/security-audit      # Full 6-phase audit with score /100 (2-5min)
/update-threat-db    # Research & update threat intelligence
/audit-agents-skills # Quality audit with security checks

Security Hooks

30 production hooks (bash + PowerShell) in examples/hooks/:

Browse All Security Hooks →

MCP Vetting Workflow

Systematic evaluation before trusting MCP servers:

1. Provenance: GitHub verified, 100+ stars, active maintenance
2. Code Review: Minimal privileges, no obfuscation, open-source
3. Permissions: Whitelist-only filesystem access, network restrictions
4. Testing: Isolated Docker sandbox first, monitor tool calls
5. Monitoring: Session logs, error tracking, regular re-audits

Full MCP Security Workflow →

📖 About

This guide is the result of 6 months of daily practice with Claude Code. The goal isn't to be exhaustive (the tool evolves too fast), but to share what works in production.

What you'll find:

• Patterns verified in production (not theory)
• Trade-off explanations (not just "here's how to do it")
• Security first (24 CVEs tracked)
• Transparency on limitations (Claude Code isn't magic)

What you won't find:

• Definitive answers (tool is too new)
• Universal configs (every project is different)
• Marketing promises (zero bullshit)

Use this guide critically. Experiment. Share what works for you.

Feedback welcome: GitHub Issues

About the Author

Florian Bruniaux — Founding Engineer @ Méthode Aristote (EdTech + AI). 12 years in tech (Dev → Lead → EM → VP Eng → CTO). Current focus: Rust CLI tools, MCP servers, AI developer tooling.

GitHub · LinkedIn · Portfolio

📚 What's Inside

Core Documentation

cd quiz && npm install && npm start

🤝 Contributing

We welcome:

• ✅ Corrections and clarifications
• ✅ New quiz questions
• ✅ Methodologies and workflows
• ✅ Resource evaluations (see process)
• ✅ Educational content improvements

See CONTRIBUTING.md for guidelines.

Ways to Help: Star the repo • Report issues • Submit PRs • Share workflows in Discussions

📄 License & Support

Guide: CC BY-SA 4.0 — Educational content is open for reuse with attribution.

Templates: CC0 1.0 — Copy-paste freely, no attribution needed.

Author: Florian BRUNIAUX | Founding Engineer @Méthode Aristote

Stay Updated: Watch releases | Discussions | Connect on LinkedIn

📚 Further Reading

This Guide

• CHANGELOG — Guide version history (what's new in each release)
• Claude Code Releases — Official Claude Code release tracking

Official Resources

• Claude Code CLI — Official website
• Documentation — Official docs
• Anthropic CHANGELOG — Official Claude Code changelog
• GitHub Issues — Bug reports & feature requests

Research & Industry Reports

• 2026 Agentic Coding Trends Report (Anthropic, Feb 2026)

  • 8 trends prospectifs (foundation/capability/impact)
  • Case studies: Fountain (50% faster), Rakuten (7h autonomous), CRED (2x speed), TELUS (500K hours saved)
  • Research data: 60% AI usage, 0-20% full delegation, 67% more PRs merged/day
  • Evaluation: docs/resource-evaluations/anthropic-2026-agentic-coding-trends.md (score 4/5)
  • Integration: Diffused across sections 9.17 (Multi-Instance ROI), 9.20 (Agent Teams adoption), 9.11 (Enterprise Anti-Patterns), Section 9 intro

• AI Fluency Index (Anthropic, Feb 23, 2026)

  • Research on 9,830 Claude.ai conversations: iteration multiplies fluency behaviors 2× (2.67 vs 1.33)
  • Artifact Paradox: polished outputs (code, files) reduce critical evaluation — −5.2pp missing context, −3.7pp fact-checking, −3.1pp reasoning challenge
  • Only 30% of users set collaboration terms explicitly — CLAUDE.md addresses this structurally
  • Evaluation: docs/resource-evaluations/2026-02-23-anthropic-ai-fluency-index.md (score 4/5)
  • Integration: 3 callouts in §2.3 (plan review), §3.1 (CLAUDE.md), §9.11 (Artifact Paradox) + diagram

• Outcome Engineering — o16g Manifesto (Cory Ondrejka, Feb 2026)

  • 16 principles for shifting from "software engineering" to "outcome engineering"
  • Author: CTO Onebrief, co-creator Second Life, ex-VP Google/Meta
  • Cultural positioning: numeronym naming (o16g like i18n, k8s), Honeycomb endorsement
  • Status: Emerging — on watch list for community adoption tracking

Community Resources

• everything-claude-code — Production configs (45k+⭐)
• awesome-claude-code — Curated links
• SuperClaude Framework — Behavioral modes

Tools

• Ask Zread — Ask questions about this guide
• Interactive Quiz — 274 questions
• Landing Site — Visual navigation

Version 3.30.1 | Updated daily · Mar 4, 2026 | Crafted with Claude