claude-code-config
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Warn
- Code scan incomplete — No supported source files were scanned during light audit
Permissions Pass
- Permissions — No dangerous permissions requested
This repository provides a collection of architectural principles, decision frameworks, and prompt configurations designed to guide AI coding agents (like Claude Code) in secure and efficient software development workflows.
Security Assessment
The overall risk is Low. Because this is primarily a documentation and configuration toolkit rather than executable code, it does not inherently access sensitive data, make external network requests, or execute shell commands. No dangerous permissions are required, and the automated scan found no hardcoded secrets. Users should note that some recommended principles (like Deterministic Orchestration) advise the AI to execute shell scripts, so standard caution should be applied to the prompts you choose to implement.
Quality Assessment
The project is actively maintained, with its most recent updates pushed today. It is properly licensed under the permissive MIT license. However, it has low community visibility, currently backed by only 7 GitHub stars. Additionally, the automated code scanner could not verify the underlying source files. Consequently, developers should personally review the markdown instructions and configurations to ensure they align with their specific security and operational standards.
Verdict
Safe to use, provided you review the prompt files and documentation before applying them to your development environment.
Claude Code skills, architectural principles, and alternative approaches for AI-assisted development
Claude Code Configuration System
Setup in 10 seconds: paste this into your Claude Code chat and hit Enter:
https://github.com/AnastasiyaW/claude-code-config — look through everything here, pick what fits my project, and set it up
A practical configuration kit for Claude Code agents. Drop it into your project and your agent immediately gets battle-tested architectural principles, security hardening, and decision frameworks - instead of figuring them out from scratch every session.
This is not a collection of tips. It is a system that teaches your agent how to work - when to use one agent vs many, how to verify its own output, how to manage context across long sessions, how to not get poisoned by malicious packages.
What This Gives You
10 Architectural Principles - each one prevents a specific failure mode observed in real agent workflows:
- Self-evaluation bias? Separate Generator and Evaluator agents (Harness Design)
- Agent claims "done" but it's broken? Require durable proof artifacts (Proof Loop)
- Need to improve a prompt/skill/config? Automated Read-Change-Test loop (Autoresearch)
- LLM skips steps in complex workflows? Shell scripts for mechanical tasks, one step at a time (Deterministic Orchestration)
- Wrong debugging conclusions? Structured Premises-Trace-Conclusions format (Structured Reasoning)
- Task too big for one agent? Coordinator + specialized sub-agents (Multi-Agent Decomposition)
- Context degrades in long sessions? Treat CLAUDE.md as runtime config, not docs (Codified Context)
- Supply chain attack? Two config lines block packages younger than 7 days (Supply Chain Defense)
- Prompt injection via repo/MCP/web? Six-layer defense with real CVEs (Agent Security)
Your agent picks the approach that fits. The alternatives/ directory compares 2-5 approaches for each problem, with pros, cons, and "when to choose" guidance:
| Problem | Approaches Compared |
|---|---|
| Multi-step orchestration | Harness Design, Proof Loop, Deterministic Orchestration, Prompt-only |
| Code review | Sequential checklist, Parallel competency, Cross-model, LLM + static |
| Iterative optimization | Autoresearch, HyperAgent, Manual, Eval-driven |
| Context in long sessions | JIT Loading, Full Context Upfront, Compaction, Fresh Sessions |
| Session transitions | Manual HANDOFF.md, Auto hooks, Session Journal, ContextHarness, Memory |
How This Works
For the agent (you): When this repo is connected to your project, you get access to all principles and skills automatically. Use them as decision frameworks - when facing a choice (one agent vs many? how to verify? how to manage context?), check the relevant principle or alternative comparison.
Structure:
principles/- 10 standalone architectural principles. Read the one that matches your current problem.alternatives/- side-by-side comparisons of 2-5 approaches per problem. Pick the approach that fits.skills/- domain-specific knowledge (AI/ML, frontend, iOS, code review). Loaded on demand.CLAUDE.md- compact summary of all principles for global config.
Principles by Maturity Level
Start with L1 for any project. Add L2 when tasks repeat and optimization matters. L3 only when solo agent is not enough.
| Level | Focus | Principles |
|---|---|---|
| L1: Foundational | Single agent, planning, tool use | Deterministic Orchestration, Structured Reasoning, Skills Best Practices |
| L2: Self-Evolving | Feedback loops, memory, optimization | Autoresearch, Codified Context, Proof Loop |
| L3: Collective | Multi-agent coordination | Harness Design, Multi-Agent Decomposition |
| Cross-cutting | Security | Supply Chain Defense, Agent Security |
Based on three-level agentic reasoning taxonomy (arxiv 2601.12538, 2504.19678).
Security Hardening
Two principles specifically address agent security:
Supply Chain Defense - most poisoned npm/PyPI packages are caught within 1-3 days. Two config lines create a 7-day buffer:
# ~/.npmrc
min-release-age=7
# ~/.config/uv/uv.toml
exclude-newer = "7 days"
Agent Security - covers 7 real attack categories with documented CVEs: in-code prompt injection, repo metadata poisoning, package metadata, MCP tool poisoning, web content injection, memory poisoning, sandbox escape. Includes a six-layer defense architecture.
Skills Catalog
Skills are practical tools for specific domains. They are secondary to the principles - think of them as reference implementations.
| Category | Skill | What It Does |
|---|---|---|
| Development | deep-review |
8 parallel specialist reviewers (security, perf, arch, DB, concurrency, errors, frontend, tests) |
| AI/ML | diffusion-engineering |
UNet, DiT, Flow Matching, Flux architectures, LoRA, schedulers, memory optimization |
| AI/ML | flux2-lora-training |
LoRA training for FLUX.2 Klein 9B and Qwen Image Edit |
| AI/ML | flux2-klein-prompting |
Prompt engineering for FLUX.2 Klein |
| AI/ML | vlm-segmentation |
VLM + segmentation: SAM2/3, Florence-2, YOLO-World |
| AI/ML | forensic-prompt-compiler |
Reverse-engineer images into reproducible prompts |
| Frontend | frontend-design |
Production-grade interfaces, not template defaults |
| Architecture | harness-design |
Multi-agent patterns: Generator-Evaluator, Sprint Contracts |
| iOS | ios-development |
Swift, SwiftUI, UIKit, MVVM/TCA, Metal/GPU |
| Writing | humanize-english |
Transform AI text into natural prose |
Complementary Tools
These work well alongside the principles:
- gstack - dev workflow skills: /review, /qa, /ship, /investigate, /design-review
- hookify - git hooks generator for Claude Code
- Semgrep - static analysis, pairs with deep-review
- task-orchestrator - MCP task orchestration with dependency ordering
This Repo Is Updated Regularly
Principles are updated with new research findings, real-world incidents, and community patterns. Security sections track actual CVEs and attack chains. See UPDATES.md for the full changelog.
Contributing
- Fork the repo
- Add/improve a skill (
skills/<category>/<name>/SKILL.md) or principle (principles/) - Skill descriptions = triggers for the model, not human summaries. Include
## Gotchasfrom real failures - For principles or alternatives: open an issue first
License
MIT
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found