/looptestinghigh riskadvancedsafety C · 65Forward Futurepre-dates current gate · under review

Triage Dependabot PRs safely

Check the diff, release notes, exact-head CI, and tests before you repair, merge, or escalate a dependency update.

prompt
→ Claude
Review every Dependabot pull request currently open in [repository]. Take a fixed snapshot of that set and process each pull request once. Read its diff, release notes, advisories, dependency role, current base revision, and exact-head CI results. Run the repository’s relevant tests in an isolated worktree and classify the update by version change, breaking behavior, security exposure, and regression risk. For failing checks, identify the root cause and prepare the smallest verified repair. Process merges serially: before each merge, refetch the base and pull-request head and require passing exact-head checks. Merge only low-risk patch or minor updates when explicit merge authority has already been granted. Request approval for major, breaking, security-sensitive, uncertain, or externally visible actions. Never push changes, merge, comment, or send messages without the corresponding authority. Stop successfully when the original snapshot is fully processed; stop without changes when none are open; stop as blocked when verification is unavailable. Finish with reviewed, repaired, merged, deferred, and blocked pull requests plus supporting evidence.
claude-code · codex

Use this when

Use this when a repository has several open Dependabot pull requests and an authorized maintainer wants them reviewed safely without stale checks, parallel merge races, or automatic high-risk upgrades.

How it runs

  1. Snapshot the currently open Dependabot pull requests.
  2. Inspect current diffs, release information, advisories, CI, and dependency role.
  3. Run relevant tests in isolation and classify risk from evidence.
  4. Repair failures or process authorized low-risk merges one at a time.
  5. Refetch state before each merge and report every final status.

Done when

Every snapshotted dependency pull request reaches an evidence-backed status. Each pull request is merged, repaired, deferred for approval, or blocked with current diff, release, CI, and repository-test evidence; every merge uses a fresh base and exact head.

Why it works

A fixed queue, isolated verification, and serialized fresh-state merges turn routine dependency updates into a bounded maintenance pass without granting unsafe blanket authority.

Implementation note

This loop grants no merge, push, comment, or messaging authority by itself. Those actions require explicit authorization from the repository owner.

Source: Forward Future

More testing loops

Watch tests while you work

/loopnew

A passive watchdog loop that reruns your test suite every 15 minutes and surfaces failing tests with their error output.

prompt
→ Claude
/loop 15m run the test suite, and if anything fails, show me the failing tests and the error output
testinglow risk

Kill flaky tests

/loopnew

Run your test suite repeatedly, collect every intermittent failure, and fix or quarantine flaky tests until you get five consecutive green runs.

prompt
→ Claude
/loop run my test suite 20 times, collect every intermittent failure, fix or quarantine the flaky ones, and don't stop until you get 5 consecutive fully-green runs
testinghigh risk

Make all tests pass

/goalnew

Implement remaining code and run tests repeatedly until the full suite passes.

prompt
→ Claude
/goal finish the implementation and make all tests pass
testingmedium risk