Initial release: Complete Claude Code configuration collection
Battle-tested configs from 10+ months of daily Claude Code usage.
Won Anthropic x Forum Ventures hackathon building zenith.chat.
Includes:
- 9 specialized agents (planner, architect, tdd-guide, code-reviewer, etc.)
- 9 slash commands (tdd, plan, e2e, code-review, etc.)
- 8 rule files (security, coding-style, testing, git-workflow, etc.)
- 7 skills (coding-standards, backend-patterns, frontend-patterns, etc.)
- Hooks configuration (PreToolUse, PostToolUse, Stop)
- MCP server configurations (15 servers)
- Plugin/marketplace documentation
- Example configs (project CLAUDE.md, user CLAUDE.md, statusline)
Read the full guide: https://x.com/affaanmustafa/status/2012378465664745795
2026-01-17 17:49:33 -08:00
|
|
|
# Security Guidelines
|
|
|
|
|
|
|
|
|
|
## Mandatory Security Checks
|
|
|
|
|
|
|
|
|
|
Before ANY commit:
|
|
|
|
|
- [ ] No hardcoded secrets (API keys, passwords, tokens)
|
|
|
|
|
- [ ] All user inputs validated
|
|
|
|
|
- [ ] SQL injection prevention (parameterized queries)
|
|
|
|
|
- [ ] XSS prevention (sanitized HTML)
|
|
|
|
|
- [ ] CSRF protection enabled
|
|
|
|
|
- [ ] Authentication/authorization verified
|
|
|
|
|
- [ ] Rate limiting on all endpoints
|
|
|
|
|
- [ ] Error messages don't leak sensitive data
|
|
|
|
|
|
|
|
|
|
## Secret Management
|
|
|
|
|
|
refactor(rules): restructure into common + language-specific directories
* refactor(rules): restructure rules into common + language-specific directories
- Split 8 flat rule files into common/, typescript/, python/, golang/
- common/ contains language-agnostic principles (no code examples)
- typescript/ extracts TS/JS specifics (Zod, Playwright, Prettier hooks, etc.)
- python/ adds Python rules (PEP 8, pytest, black/ruff, bandit)
- golang/ adds Go rules (gofmt, table-driven tests, gosec, functional options)
- Replace deprecated ultrathink with extended thinking documentation
- Add README.md with installation guide and new-language template
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Fix installation commands for rules
Updated installation instructions to copy all rules to a single directory.
* docs: update README.md to reflect new rules directory structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Hor1zonZzz <Hor1zonZzz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 21:58:06 +08:00
|
|
|
- NEVER hardcode secrets in source code
|
|
|
|
|
- ALWAYS use environment variables or a secret manager
|
|
|
|
|
- Validate that required secrets are present at startup
|
|
|
|
|
- Rotate any secrets that may have been exposed
|
Initial release: Complete Claude Code configuration collection
Battle-tested configs from 10+ months of daily Claude Code usage.
Won Anthropic x Forum Ventures hackathon building zenith.chat.
Includes:
- 9 specialized agents (planner, architect, tdd-guide, code-reviewer, etc.)
- 9 slash commands (tdd, plan, e2e, code-review, etc.)
- 8 rule files (security, coding-style, testing, git-workflow, etc.)
- 7 skills (coding-standards, backend-patterns, frontend-patterns, etc.)
- Hooks configuration (PreToolUse, PostToolUse, Stop)
- MCP server configurations (15 servers)
- Plugin/marketplace documentation
- Example configs (project CLAUDE.md, user CLAUDE.md, statusline)
Read the full guide: https://x.com/affaanmustafa/status/2012378465664745795
2026-01-17 17:49:33 -08:00
|
|
|
|
|
|
|
|
## Security Response Protocol
|
|
|
|
|
|
|
|
|
|
If security issue found:
|
|
|
|
|
1. STOP immediately
|
|
|
|
|
2. Use **security-reviewer** agent
|
|
|
|
|
3. Fix CRITICAL issues before continuing
|
|
|
|
|
4. Rotate any exposed secrets
|
|
|
|
|
5. Review entire codebase for similar issues
|