--- allowed-tools: Bash(git add: ), Bash(git status: )…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
--- allowed-tools: Bash(git add: ), Bash(git status: ), Bash(git commit: ), Bash(git log: ), Bash(git diff: ), Bash(git branch: ) description: Create a git commit --- # Git Commit Message Guidelines Create a git commit message following these rules: ## The Seven Rules 1. Separate subject from body with a blank line 2. Limit the subject line to 50 characters 3. Use conventional commit spec for subject line 4. Do not end the subject line with a period 5. Use the imperative mood in the subject line 6. Wrap the body at 72 characters 7. Use the body to explain what and why vs. how ## Format txt <type>: <subject - max 50 chars total, imperative mood, conventional commit spec> <Body - wrapped at 72 chars, explains what and why> <Optional bullet points for clarity> <Optional "Issue $ARGUMENTS" if provided> ## Conventional Commits - Use conventional commits spec with types: feat, fix, refactor, docs, test, chore, style, perf, ci, build - Format: <type>: <description> - Examples: "feat: add user authentication", "fix: resolve memory leak in cache" - Use "feat" only on user-facing changes ## Subject Line - Write as if completing: "If applied, this commit will..." - Include
claude-code
More testing loops
# Latest session summary Previous: 2026-07-10 (code-scanning triage…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
# Latest session summary Previous: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Date: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Topic: All open GitHub security alerts triaged and fixed on branch fix/code-scanning-alerts → PR [#59](https://github.com/Lentach/Fireplace/pull/59) (base master , NOT merged — awaiting owner OK; CodeQL+Dependabot re-run on the PR is the proof). Actual scope was 3 CodeQL alerts + 30 Dependabot alerts (all npm/backend). CodeQL 3/3 fixed at root cause, zero suppressions: js/request-forgery critical in link-preview.service.ts ( 2a26bd3 ) replaced the regex host blocklist with two enforced layers — byte-parsed isPrivateIp for the URL-literal (kills decimal/hex/octal IPv4, mapped/NAT64 IPv6, 0.0.0.0, CGNAT, ULA, link-local) + an undici Agent.connect.lookup resolve-and-pin that refuses any hostname resolving to a private address, closing the DNS-rebinding residual the code previously documented as open; manual per-hop redirect validation retained. Two actions/missing-workflow-permissions fixed by top-level permissions: contents: read ( f
testinghigh risk
--- description: Boot TricorderKit session — charge le…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
--- description: Boot TricorderKit session — charge le contexte, HOT CACHE, patterns d'erreurs, état du projet. Séquence tier 1/2/3. allowed-tools: Read, Bash, mcp obsidian-claude-vault read note, mcp obsidian-claude-vault patch note --- Exécute la séquence de démarrage TricorderKit v0.9. ## Séquence obligatoire ### TIER 1 — Toujours (~500 tokens) 1. Lire BOOT SUMMARY.md — résumé exécutif : version, commit, tests, Docker, prochaines tâches 2. Lire tasks/lessons.md — règles préventives actives (LESSON-001 à NNN) Si TIER 1 + lessons.md suffisent pour la demande → aller directement à l'action. ### TIER 2 — Si TIER 1 insuffisant (~2 500 tokens) 3. Lire .planning/STATE.md — état détaillé du projet 4. Lire .planning/TASKS.md — pending/in progress uniquement (exclure ✅) 5. Lire .planning/DECISIONS.md — 5 dernières entrées uniquement ### TIER 3 — À la demande (~10 000 tokens) 6. docs/00 WHAT IS TRICORDERKIT.md 7. docs/01 HOW IT WORKS.md 8. docs/02 WHAT IS IN PLACE.md 9. docs/03 WHAT TO DO NEXT.md 10. docs/04 LLM OPERATING GUIDE.md 11. docs/06 workflow standard.md ## HOT CACHE Obsidian (si MCP disponible) - Lire 00 SYSTEM/05 Hot Cache/HOT CACHE.md dans le
testingmedium risk
# AGENTS.md - Codex Ralph Vault Loop ##…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
# AGENTS.md - Codex Ralph Vault Loop ## Mission codex-ralph-vault-loop is a Codex App/CLI native orchestration overlay for multi-agent engineering work. It keeps Codex main as the decision maker, uses external models only through MCP tools, verifies work through gates, and stores durable memory in the vault layer. ## Core Rules - Codex main decides. The primary Codex session owns final decisions, edits, synthesis, safety, and verification. - External models advise. Z.ai, MiniMax, and other non-OpenAI systems provide analysis or worker output only through MCP tools. - Gates verify. Tests, lint, security checks, scorecards, and migration checkpoints decide whether a phase can pass. - Vault remembers. Durable memory belongs in the approved Ralph/Codex memory paths, not in ad hoc repo files. - Do not bypass critical hooks. If prettier , gitleaks , semgrep , or pre-commit are missing from PATH , use the local machine binaries when present, install only with approval, or stop and report the blocker; do not use --no-verify to skip security or formatting gates unless the user explicitly orders that exact bypass. - Do not merge or close a PR until review feedback and automated
testinghigh risk