TikiTribe · esther-lyondelsordo · Feb 26, 2026 · Feb 26, 2026 · Feb 27, 2026 · Feb 27, 2026
@@ -11,7 +11,7 @@ This repository provides comprehensive security rules for Claude Code, covering
 - OWASP MCP Top 10 2025 (Model Context Protocol security)
 - AI/ML security (NIST AI RMF, MITRE ATLAS, Google SAIF)
 - Agentic AI security (tool use, autonomy, sandboxing)
-- Language-specific rules (Python, JavaScript, TypeScript, Go, Rust, Java, C#, Ruby, R, C++, Julia, SQL)
+- Language-specific rules (Python, JavaScript, TypeScript, Go, Rust, Java, C#, Ruby, R, C++, Julia, SQL, PHP)
 - Backend frameworks (FastAPI, Express, Django, Flask, NestJS)
 - AI/ML frameworks (LangChain, CrewAI, AutoGen, Transformers, vLLM, Triton, TorchServe, Ray Serve, BentoML, MLflow, Modal)
 - Frontend frameworks (React, Next.js, Vue, Angular, Svelte)
@@ -39,7 +39,8 @@ claude-secure-coding-rules/
 │   │   ├── r/CLAUDE.md            # Shiny apps, data security, package verification
 │   │   ├── cpp/CLAUDE.md          # Memory safety, buffer overflows, smart pointers
 │   │   ├── julia/CLAUDE.md        # Metaprogramming, type safety, serialization
-│   │   └── sql/CLAUDE.md          # Injection, permissions, stored procedures
+│   │   ├── sql/CLAUDE.md          # Injection, permissions, stored procedures
+│   │   └── php/CLAUDE.md          # SQL injection, path traversal, session security, code execution, crypto
 │   │
 │   ├── backend/                    # Backend framework rules
 │   │   ├── fastapi/CLAUDE.md      # Pydantic validation, JWT, authorization, CORS, AI APIs
@@ -85,11 +86,15 @@ claude-secure-coding-rules/
 | Category | Count | Description |
 |----------|-------|-------------|
 | Core Rules | 4 | OWASP 2025, MCP Security, AI Security, Agent Security |
-| Languages | 12 | Python, JavaScript, TypeScript, Go, Rust, Java, C#, Ruby, R, C++, Julia, SQL |
+| Languages | 13 | Python, JavaScript, TypeScript, Go, Rust, Java, C#, Ruby, R, C++, Julia, SQL, PHP |
 | Backend Frameworks | 5 | FastAPI, Express, Django, Flask, NestJS |
 | AI/ML Frameworks | 11 | LangChain, CrewAI, AutoGen, Transformers, vLLM, Triton, TorchServe, Ray Serve, BentoML, MLflow, Modal |
 | Frontend Frameworks | 5 | React, Next.js, Vue, Angular, Svelte |
-| **Total Rule Sets** | **37** | Comprehensive security coverage |
+| RAG & Knowledge | 35 | LlamaIndex, Haystack, Pinecone, Weaviate, Neo4j, Milvus, and more |
+| Infrastructure as Code | 3 | Terraform, Pulumi (+ core IaC rules) |
+| Containers | 3 | Docker, Kubernetes (+ core container rules) |
+| CI/CD | 3 | GitHub Actions, GitLab CI (+ core CI/CD rules) |
+| **Total Rule Sets** | **82** | See README.md for the complete catalog |
 
 ## Rule Format
 

@@ -15,7 +15,7 @@ This repository provides comprehensive security rules for Claude Code, covering
 - **OWASP MCP Top 10 2025** - Model Context Protocol security for AI assistants and tools
 - **AI/ML Security** - Rules for machine learning systems using NIST AI RMF, MITRE ATLAS, and Google SAIF
 - **Agentic AI Security** - Specialized rules for autonomous AI systems with tool use
-- **100+ Rule Sets** - Covering 12 languages, 5 backend frameworks, 11 AI/ML frameworks, 5 frontend frameworks, 51 RAG tools, IaC (Terraform/Pulumi), containers (Docker/K8s), and CI/CD (GitHub Actions/GitLab CI)
+- **100+ Rule Sets** - Covering 13 languages, 5 backend frameworks, 11 AI/ML frameworks, 5 frontend frameworks, 51 RAG tools, IaC (Terraform/Pulumi), containers (Docker/K8s), and CI/CD (GitHub Actions/GitLab CI)
 - **Enforcement Levels** - Strict, warning, and advisory modes for different risk levels
 
 ## Quick Start
@@ -84,7 +84,8 @@ claude-secure-coding-rules/
 │   │   ├── r/CLAUDE.md          # R security (Shiny, data science, packages)
 │   │   ├── cpp/CLAUDE.md        # C++ security (memory safety, buffer overflows)
 │   │   ├── julia/CLAUDE.md      # Julia security (metaprogramming, serialization)
-│   │   └── sql/CLAUDE.md        # SQL security (injection, permissions)
+│   │   ├── sql/CLAUDE.md        # SQL security (injection, permissions)
+│   │   └── php/CLAUDE.md        # PHP security (SQL injection, path traversal, session security)
 │   │
 │   ├── backend/                 # Backend framework rules
 │   │   ├── fastapi/CLAUDE.md    # FastAPI (Pydantic, dependencies, auth, AI APIs)

@@ -11,12 +11,14 @@ Thank you for your interest in contributing! This guide explains how to add, mod
 
 ## Project Overview
 
-This project provides **26 security rule sets** covering:
+This guide covers the **27 foundational security rule sets**:
 - **4 Core rule sets**: OWASP 2025, MCP Security, AI/ML Security, Agent Security
-- **12 Language rules**: Python, JavaScript, TypeScript, Go, Rust, Java, C#, Ruby, R, C++, Julia, SQL
+- **13 Language rules**: Python, JavaScript, TypeScript, Go, Rust, Java, C#, Ruby, R, C++, Julia, SQL, PHP
 - **5 Backend frameworks**: FastAPI, Express, Django, Flask, NestJS
 - **5 Frontend frameworks**: React, Next.js, Vue, Angular, Svelte
 
+The full repository also includes RAG, IaC, container, and CI/CD rule sets. See [README.md](../README.md) for the complete catalog.
+
 ## Rule Structure
 
 ### Rule Format
@@ -76,7 +78,8 @@ claude-secure-coding-rules/
 │   │   ├── r/CLAUDE.md             # Shiny apps, data security, packages
 │   │   ├── cpp/CLAUDE.md           # Memory safety, buffer overflows, RAII
 │   │   ├── julia/CLAUDE.md         # Metaprogramming, serialization
-│   │   └── sql/CLAUDE.md           # Injection, permissions, procedures
+│   │   ├── sql/CLAUDE.md           # Injection, permissions, procedures
+│   │   └── php/CLAUDE.md           # SQL injection, path traversal, session security, code execution
 │   │
 │   ├── backend/                     # Backend framework rules
 │   │   ├── fastapi/CLAUDE.md       # Pydantic, JWT, authorization, CORS