Commit Graph

23 Commits

Author SHA1 Message Date
yarlinghe bce7cf8cb4 fix(hooks): correct pre-tool-check.sh hook protocol bugs (#72)
The pre-tool-check.sh example had three bugs rooted in the same
misunderstanding of the Claude Code PreToolUse hook protocol
(stdin/stdout/stderr + exit code contract):

1. Substring matching on `rm -rf /`
   The pattern was unanchored, so grep treated it as a substring and
   falsely blocked any command containing `rm -rf /` — including benign
   calls like `rm -rf /tmp/build` or `rm -rf /var/cache/foo`. Fixed by
   anchoring the slash to a whitespace-or-end-of-line boundary.

2. WARN tier was dead code
   The warning layer printed to stderr and then `exit 0`. Claude Code
   silently discards stderr on exit 0, so the warnings were never seen
   by Claude, the user, or any log. Fixed by adding an audit log file
   at `$CLAUDE_PROJECT_DIR/.claude/hooks/audit.log` that records every
   invocation with its decision (BLOCK/WARN/ALLOW). The audit log is
   now the reliable observability mechanism for the WARN tier.

3. BLOCK reasons printed to stdout instead of stderr
   On `exit 2`, Claude Code reads stderr to surface the block reason
   to Claude. The echoes before `exit 2` defaulted to stdout, so
   Claude Code reported `"No stderr output"` and Claude had to read
   the hook source file to infer why a command was blocked. Fixed by
   explicitly redirecting the block-reason echoes to stderr with `>&2`.

Also escaped the regex metacharacters in the fork-bomb pattern
`:(){:|:&};:` so it matches literally under `grep -E`, and updated the
header docstring to document the stdout/stderr/exit-code convention so
future readers don't make the same mistakes.

Verified with 6 smoke tests covering: benign command (ALLOW), warn-tier
relative path, substring edge case (`rm -rf /tmp/...` no longer falsely
blocked), exact root match (`rm -rf /`, `rm -rf / ; echo` still blocked),
fork-bomb literal, and `git push --force` (WARN only). stdout is empty
in all cases; all reasons correctly routed to stderr or the audit log.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 22:48:05 +02:00
Luong NGUYEN 2deba3ac2f docs: sync to Claude Code v2.1.101 with /team-onboarding, /ultraplan, Monitor tool (#73)
* docs: sync to Claude Code v2.1.101 with new feature coverage

Bumps all English docs from v2.1.97 to v2.1.101, adds mandatory Sources
footer block (previously missing), and documents three new features
shipped between v2.1.98 and v2.1.101:

- /team-onboarding (v2.1.101) — new built-in command for generating
  teammate ramp-up guides. Added to 01-slash-commands and CATALOG.
- /ultraplan (v2.1.91+, cloud-env auto-creation in v2.1.101) — full
  section in 09-advanced-features covering launch methods, status
  indicators, and execution options. Replaces prior 3-line stub.
- Monitor tool (v2.1.98) — full section in 09-advanced-features with
  stream-filter and poll-emit patterns and the grep --line-buffered
  warning. Added to resources.md feature table.

Vietnamese and Chinese translations are not touched in this sync.

* fix(docs): address review feedback on v2.1.101 sync

- Correct /team-onboarding availability date (April 10 → April 11, 2026)
- Fix uninitialized \$last variable in Monitor poll-and-emit example
- Update CATALOG.md New Features heading to April 2026 and add Monitor
  Tool, /team-onboarding, and Ultraplan auto-create entries
2026-04-11 22:30:46 +02:00
Luong NGUYEN 63a1416884 fix(docs): correct Claude Code version to 2.1.97 across all footers
The latest Claude Code release is 2.1.97, not 2.3.0 (which is this
guide's own version). Update all 20 "Claude Code Version" footer lines
to accurately reflect the documented Claude Code version.

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
2026-04-09 06:42:51 +02:00
Luong NGUYEN 7f2e77337e docs: update Last Updated date and Claude Code version across all files
Update all documentation footers from generic "April 2026 / 2.1+" to
the specific sync date (April 9, 2026) and documented version (2.3.0).
Also add version/date footers to zh/CATALOG.md and
zh/01-slash-commands/README.md which were missing them.

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
2026-04-09 06:41:16 +02:00
Luong NGUYEN e015f39c68 fix: apply 2026-04-09 documentation accuracy updates
P0 Critical:
- Remove /vim (removed in v2.1.92) from CATALOG.md, zh/CATALOG.md active tables
- Move /vim to deprecated section in zh/01-slash-commands/README.md
- Fix fake hook events (PreCommit/PrePush/PostPush) in config-examples.json
- Replace with real PreToolUse hook pattern
- Update deprecated model IDs: claude-sonnet-4-5 → claude-sonnet-4-6 (x4)
- Fix notify-team.sh comment: PostPush → PostToolUse with explanation
- Mark # memory shortcut as discontinued in 02-memory/README.md

P2 Conflicts resolved:
- effort:max confirmed valid in current CLI; no changes needed
- Remove WebSocket MCP transport (not supported; only stdio/sse/http valid)
  from 05-mcp/README.md, CATALOG.md, QUICK_REFERENCE.md

P4 Cosmetic:
- Update hook count 25 → 26 in QUICK_REFERENCE.md

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
2026-04-09 06:32:26 +02:00
Luong NGUYEN 72d3b016e6 docs: sync all tutorials with latest Claude Code docs (April 2026) (#56)
* docs: sync all tutorials with latest Claude Code official docs (April 2026)

Update 44 documentation files to reflect the latest Claude Code features
from code.claude.com. Key content changes include new slash commands
(/ultraplan, /powerup, /sandbox), deprecated command removals (/pr-comments,
/vim), corrected skill description budget (1%/8K), new hook events
(PermissionDenied, InstructionsLoaded, ConfigChange), expanded Agent Teams
section, new plugin components (LSP, bin/, settings.json), and new CLI
flags (--bare, --tmux, --effort, --channels). Added "Last Updated: April
2026" metadata footer to all documentation files.

* fix(docs): correct env var values and alphabetical ordering

- CLAUDE_CODE_NEW_INIT=true → =1 in 02-memory and 09-advanced-features
- CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=true → =1 in 09-advanced-features
- Fix /powerup vs /plugin alphabetical order in slash commands table

* fix(docs): correct env var values in locale files (vi, zh)

Propagate CLAUDE_CODE_NEW_INIT=true → =1 and
CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=true → =1 corrections
to Vietnamese and Chinese translations.
2026-04-07 10:20:53 +02:00
Luong NGUYEN 2cbb10c959 fix(hooks): Windows Git Bash compatibility + stdin JSON protocol (#55)
* fix(hooks): make hook scripts compatible with Windows Git Bash and use stdin JSON protocol

- Replace `grep -P` (Perl regex) with `sed` for JSON field extraction,
  as Windows Git Bash does not support `grep -P`
- Replace positional arg (`$1`) with stdin JSON parsing to match the
  actual Claude Code hook protocol (hooks receive data via stdin, not args)
- Fix JSON double-quote escaping in grep patterns that silently fails
  on Windows Git Bash
- Remove python3 dependency for JSON parsing, making scripts portable
- Add Windows Git Bash to compatibility notes in script headers

Affected scripts: security-scan.sh, validate-prompt.sh, log-bash.sh, format-code.sh

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(hooks): address review issues in Windows Git Bash compatibility scripts

- security-scan.sh: wrap output in hookSpecificOutput format required by
  PostToolUse protocol; restore secret/token detection pattern that was
  dropped; escape file path and issues for safe JSON construction
- validate-prompt.sh: extract "user_prompt" field first (Claude Code
  UserPromptSubmit protocol), falling back to "prompt"
- log-bash.sh: document sed truncation limitation for commands with
  double-quoted strings
- format-code.sh: fix misleading comment about updatedInput output

* fix(hooks): produce valid JSON from security-scan.sh

- Use \\n (JSON newline escape) when building ISSUES, not real newlines,
  so the value passes safely through printf into the JSON string
- Remove the real-newline-to-\\n sed pass (no longer needed)
- Output is now verifiably valid JSON per python3 json.loads

* fix(hooks): fix grep -E POSIX compat and semgrep/trufflehog stdout mixing

- Replace \s with [[:space:]] in grep -E patterns (security-scan.sh lines
  34,44): \s is a Perl extension, silently fails on macOS BSD grep and
  BusyBox — password/secret detection was a no-op on macOS
- Suppress stdout of semgrep/trufflehog (>/dev/null) to prevent their
  output mixing with hookSpecificOutput JSON, which would produce invalid
  JSON and cause the additionalContext to fail parsing
- Fix format-code.sh hook comment: PreToolUse → PostToolUse (matches
  README example and actual hook behavior)

---------

Co-authored-by: Bruce <binyuli1993@foxmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-07 08:53:32 +02:00
qk f53d08098e Add performance-optimizer subagent and dependency-check hook (#36)
* feat: add performance-optimizer subagent and dependency-check hook

Agent-Logs-Url: https://github.com/khanhnkq/claude-howto/sessions/ef3fb01c-a9c0-466e-9ad2-f255f306add2

Co-authored-by: khanhnkq <180888435+khanhnkq@users.noreply.github.com>

* fix(hooks): use basename for manifest matching in dependency-check.sh

FILE=$1 receives an absolute path (e.g. /home/user/project/package.json).
The case statement and all [[ "$FILE" == ... ]] guards matched bare filenames,
so every invocation would hit the *) exit 0 branch and skip all vuln scans.

Extract BASENAME=$(basename "$FILE") and use it for all pattern matching.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Luong NGUYEN <luongnv89@gmail.com>
2026-04-07 08:07:20 +02:00
JiayuWang(王嘉宇) b511ed1997 feat: add missing pre-tool-check.sh hook to 06-hooks (#40)
* feat: add missing pre-tool-check.sh hook to 06-hooks

The LEARNING-ROADMAP.md (Milestone 2A) referenced this file in an
exercise that copies it to ~/.claude/hooks/, but the file did not exist.
This caused confusion for learners following the guide.

The new pre-tool-check.sh is a PreToolUse hook for the Bash matcher that:
- Blocks unconditionally destructive commands (rm -rf /, dd, fork bomb, etc.)
- Warns on high-risk commands (rm -rf, git push --force, DROP TABLE, etc.)
- Reads tool input JSON from stdin (matching Claude Code hook protocol)
- Requires no external dependencies (pure bash + grep)

Fixes #32

* fix(hooks): correct exit code, remove set -e, use portable sed in pre-tool-check.sh

- Change `exit 1` to `exit 2` so Claude Code actually blocks the command
  (exit 1 is treated as a non-blocking error; exit 2 is required to block)
- Remove `set -euo pipefail`: `set -e` caused the script to exit on the
  first non-matching grep result, skipping all remaining pattern checks
- Replace non-portable `grep -o '"command"\s*:\s*"[^"]*"'` with
  `sed -n 's/.*"command"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p'`
  which works on both macOS (BSD) and Linux without GNU grep extensions

Closes #32

---------

Co-authored-by: Luong NGUYEN <luongnv89@gmail.com>
2026-04-07 01:18:12 +02:00
Luong NGUYEN 34259caf7c fix(hooks): apply review fixes dropped by squash merge
The squash merge of PR #49 discarded two review fix commits. Re-applying:

- security-scan.sh: wrap output in hookSpecificOutput (PostToolUse protocol);
  restore secret/token detection; fix JSON newline escaping; escape file path
- validate-prompt.sh: try "user_prompt" field first, fall back to "prompt"
- log-bash.sh: document sed truncation limitation for quoted commands
- format-code.sh: fix misleading comment about updatedInput output
2026-04-06 21:48:55 +02:00
binyu, li 107153d5d7 fix(hooks): make hook scripts compatible with Windows Git Bash and use stdin JSON protocol (#49)
- Replace `grep -P` (Perl regex) with `sed` for JSON field extraction,
  as Windows Git Bash does not support `grep -P`
- Replace positional arg (`$1`) with stdin JSON parsing to match the
  actual Claude Code hook protocol (hooks receive data via stdin, not args)
- Fix JSON double-quote escaping in grep patterns that silently fails
  on Windows Git Bash
- Remove python3 dependency for JSON parsing, making scripts portable
- Add Windows Git Bash to compatibility notes in script headers

Affected scripts: security-scan.sh, validate-prompt.sh, log-bash.sh, format-code.sh

Co-authored-by: Bruce <binyuli1993@foxmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-06 21:47:41 +02:00
Luong NGUYEN 995a5d6c12 refactor(hooks): Replace auto-adapt hook with one-time permissions setup script
Remove the auto-adapt-mode PostToolUse hook (no more dynamic permission
learning). Replace with a standalone setup script that seeds ~67 safe
auto-mode-equivalent permission rules into settings.json in one shot.
Move the script to 09-advanced-features/ alongside the Auto Mode docs.
2026-03-30 22:56:36 +02:00
Luong NGUYEN 9b6c6195d7 feat(hooks): Add auto-adapt-mode hook for learning user tool approvals
Adds a PostToolUse hook that automatically generalizes approved tool
invocations into reusable permission rules in settings.json. Seeds
auto-mode-equivalent baseline permissions on first run. Dangerous
commands (rm -rf, force-push, DROP TABLE, sudo, etc.) are never remembered.
2026-03-27 22:44:55 +01:00
Luong NGUYEN f78c094740 docs: Sync all tutorials and references with Claude Code v2.1.84
- Slash commands: update to 55+ built-in, add 5 bundled skills, mark 3 deprecated
- Memory: add managed drop-ins (v2.1.83), subagent memory, settings hierarchy
- Skills: add effort, shell frontmatter fields and discovery behavior
- Subagents: add effort, initialPrompt, disallowedTools fields; document Bash agent
- MCP: add WebSocket transport, elicitation, 2KB tool cap, server deduplication
- Hooks: expand from 18 to 25 events, add agent hook type (now 4 types)
- Plugins: add LSP support, userConfig, CLAUDE_PLUGIN_DATA, CLI commands
- Advanced: add Auto Mode, Channels, Voice Dictation, auto permission mode
- CLI: add 17+ new flags, 17 environment variables, new commands
- Update all reference docs (CATALOG, QUICK_REFERENCE, LEARNING-ROADMAP, INDEX)
- Fix stale quiz questions (hook count, permission modes, hook types)
2026-03-26 14:54:29 +01:00
Luong NGUYEN 4bc8f15f38 docs: Add missing commands, features, and settings across 6 guides
Phase 2 of docs sync: fill gaps in existing content for Jan-Mar 2026 features.

- Add 15 missing slash commands to built-in commands table
- Add bundled skills section (/simplify, /batch, /debug, /loop, /claude-api)
- Add ${CLAUDE_SKILL_DIR} string substitution for skills
- Add MCP OAuth metadata override, scope terminology update, CLAUDEAI toggle
- Add InstructionsLoaded/Setup hook events, HTTP hooks version note, new fields
- Add effort level visual indicators and autoMemoryDirectory/claudeMdExcludes settings
- Update /context command description with optimization suggestions
- Add update-plan.md tracking document
2026-03-13 04:52:19 +01:00
Luong NGUYEN 487c96d950 docs: Sync all documentation with Claude Code February 2026 features
Update 23 files across all 10 tutorial directories and 7 reference
documents to match the latest Claude Code v2.1+ features and correct
outdated content including model names (4.5→4.6), permission modes,
hook events, CLI syntax, MCP config paths, plugin manifest format,
checkpoint commands, session management, and URLs. Add documentation
for new features: Auto Memory, Remote Control, Web Sessions, Desktop
App, Agent Teams, MCP OAuth, Task List, Sandboxing, and more.
2026-02-25 23:19:08 +01:00
Luong NGUYEN 58e586f09b refactor: Add new V2.0 logo with dark/light mode support to all markdown files
- Update all main markdown files (INDEX.md, LEARNING-ROADMAP.md, QUICK_REFERENCE.md, CONTRIBUTING.md, claude_concepts_guide.md, resources.md) with new responsive picture element
- Add logo to all subdirectory README files in feature folders (01-10) and plugins
- Replace old markdown image syntax with HTML picture element for dark/light mode adaptation
- Logo automatically displays dark mode version when system prefers dark mode
- Maintain correct relative paths for all nesting levels (../, ../../, etc.)
- Update README.md with new logo syntax

All markdown files now use the new V2.0 starburst logo design with professional dark/light mode support.
2026-01-09 10:36:58 +01:00
Luong NGUYEN 821709b143 Update all lessons 2026-01-08 23:51:46 +01:00
Luong NGUYEN 8ef1e4a0c0 docs: Update hooks lesson with improved context tracker example
- Replace simple Stop-only context-usage hook with hook pair pattern
- Add UserPromptSubmit + Stop hook combination for tracking delta
- Include both char-estimation and tiktoken versions as separate files
- Show how to use session_id for isolated state tracking
2025-12-25 18:10:16 +01:00
Luong NGUYEN 513171332e fix: correct token calculation in context-usage hook example
The hook was converting total_chars to string before calculating tokens,
resulting in ~0 tokens reported. Fixed to calculate directly from char count.

- Remove unused estimate_tokens() function
- Calculate tokens as total_chars // 4 directly
- Archive fix-context-usage-hook change
2025-12-24 23:54:35 +01:00
Luong NGUYEN 9c5c7c5049 docs: Add context usage reporter hook example
Add Example 6 showing how to create a hook that reports context/token
usage after each Claude response:

- Python script reads transcript_path to access conversation history
- Estimates tokens using ~4 chars/token heuristic
- Outputs one-line report: "Context: ~45k/200k tokens (77% remaining)"
- Documents both Stop and UserPromptSubmit hook configurations
- Explains limitations (estimate vs exact /context command)
2025-12-24 23:21:38 +01:00
Luong NGUYEN c1ef277925 docs: Rewrite hooks documentation based on official Claude Code docs
- Update configuration format to use array-based matcher/hooks structure
- Document all 9 official hook events (PreToolUse, PermissionRequest,
  PostToolUse, Notification, UserPromptSubmit, Stop, SubagentStop,
  PreCompact, SessionStart, SessionEnd)
- Add JSON stdin input/output documentation with schemas
- Document exit code semantics (0=success, 2=blocking, other=warning)
- Add prompt-based hooks for Stop/SubagentStop events
- Add environment variables (CLAUDE_PROJECT_DIR, CLAUDE_ENV_FILE, etc.)
- Add security considerations with official disclaimer
- Add MCP tool hook patterns (mcp__<server>__<tool>)
- Update example scripts to use JSON stdin parsing
- Add debugging section with claude --debug flag
- Remove incorrect hook types (PreCommit, PostCommit, PrePush)

Based on official documentation: https://code.claude.com/docs/en/hooks
2025-12-24 15:36:49 +01:00
Luong NGUYEN 5caeff2f1c refactor: Reorganize repository structure for optimal learning path
Reorder folders based on learning dependencies, complexity, and frequency of use:
- 01-slash-commands (unchanged) - Quick wins for beginners
- 02-memory (was 03) - Essential foundation
- 03-skills (was 05) - Auto-invoked capabilities
- 04-subagents (was 02) - Task delegation
- 05-mcp (was 04) - External integration
- 06-hooks (was 07) - Event automation
- 07-plugins (was 06) - Bundled solutions
- 08-checkpoints (unchanged) - Safe experimentation
- 09-advanced-features (unchanged) - Power user tools

Documentation improvements:
- Add LEARNING-ROADMAP.md with detailed milestones and exercises
- Simplify README.md for better scannability
- Consolidate Quick Start and Getting Started sections
- Combine Feature Comparison and Use Case Matrix tables
- Reorder README sections: Learning Path → Quick Reference → Getting Started
- Update all cross-references across module READMEs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-09 17:54:58 +01:00