--- description: Create and switch to a new…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
--- description: Create and switch to a new branch using a Conventional-Commit-style name derived from a description. argument-hint: <short description of the work> allowed-tools: Bash(git status: ), Bash(git branch: ), Bash(git switch: ), Bash(git checkout: ), Bash(git pull: ), Bash(git fetch: ) model: sonnet --- # /branch Create and switch to a new branch. ## Workflow 1. Verify working tree is clean ( git status --short ). If not, ask whether to stash or abort. 2. Pull latest trunk: git fetch origin && git switch <trunk> and pull. 3. Pick a type prefix from the description ($ARGUMENTS): - feat/ — new feature - fix/ — bug fix - chore/ — tooling / deps / housekeeping - docs/ — docs only - refactor/ — restructure - test/ — tests only - spike/ — exploration / throwaway 4. Slug the description: lowercase, kebab-case, ≤ 50 chars. 5. git switch -c <type>/<slug> . 6. Confirm: print git status and the new branch name. Description: $ARGUMENTS
claude-code
More testing loops
# Latest session summary Previous: 2026-07-10 (code-scanning triage…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
# Latest session summary Previous: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Date: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Topic: All open GitHub security alerts triaged and fixed on branch fix/code-scanning-alerts → PR [#59](https://github.com/Lentach/Fireplace/pull/59) (base master , NOT merged — awaiting owner OK; CodeQL+Dependabot re-run on the PR is the proof). Actual scope was 3 CodeQL alerts + 30 Dependabot alerts (all npm/backend). CodeQL 3/3 fixed at root cause, zero suppressions: js/request-forgery critical in link-preview.service.ts ( 2a26bd3 ) replaced the regex host blocklist with two enforced layers — byte-parsed isPrivateIp for the URL-literal (kills decimal/hex/octal IPv4, mapped/NAT64 IPv6, 0.0.0.0, CGNAT, ULA, link-local) + an undici Agent.connect.lookup resolve-and-pin that refuses any hostname resolving to a private address, closing the DNS-rebinding residual the code previously documented as open; manual per-hop redirect validation retained. Two actions/missing-workflow-permissions fixed by top-level permissions: contents: read ( f
testinghigh risk
--- description: Boot TricorderKit session — charge le…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
--- description: Boot TricorderKit session — charge le contexte, HOT CACHE, patterns d'erreurs, état du projet. Séquence tier 1/2/3. allowed-tools: Read, Bash, mcp obsidian-claude-vault read note, mcp obsidian-claude-vault patch note --- Exécute la séquence de démarrage TricorderKit v0.9. ## Séquence obligatoire ### TIER 1 — Toujours (~500 tokens) 1. Lire BOOT SUMMARY.md — résumé exécutif : version, commit, tests, Docker, prochaines tâches 2. Lire tasks/lessons.md — règles préventives actives (LESSON-001 à NNN) Si TIER 1 + lessons.md suffisent pour la demande → aller directement à l'action. ### TIER 2 — Si TIER 1 insuffisant (~2 500 tokens) 3. Lire .planning/STATE.md — état détaillé du projet 4. Lire .planning/TASKS.md — pending/in progress uniquement (exclure ✅) 5. Lire .planning/DECISIONS.md — 5 dernières entrées uniquement ### TIER 3 — À la demande (~10 000 tokens) 6. docs/00 WHAT IS TRICORDERKIT.md 7. docs/01 HOW IT WORKS.md 8. docs/02 WHAT IS IN PLACE.md 9. docs/03 WHAT TO DO NEXT.md 10. docs/04 LLM OPERATING GUIDE.md 11. docs/06 workflow standard.md ## HOT CACHE Obsidian (si MCP disponible) - Lire 00 SYSTEM/05 Hot Cache/HOT CACHE.md dans le
testingmedium risk
# AGENTS.md - Codex Ralph Vault Loop ##…
Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.
# AGENTS.md - Codex Ralph Vault Loop ## Mission codex-ralph-vault-loop is a Codex App/CLI native orchestration overlay for multi-agent engineering work. It keeps Codex main as the decision maker, uses external models only through MCP tools, verifies work through gates, and stores durable memory in the vault layer. ## Core Rules - Codex main decides. The primary Codex session owns final decisions, edits, synthesis, safety, and verification. - External models advise. Z.ai, MiniMax, and other non-OpenAI systems provide analysis or worker output only through MCP tools. - Gates verify. Tests, lint, security checks, scorecards, and migration checkpoints decide whether a phase can pass. - Vault remembers. Durable memory belongs in the approved Ralph/Codex memory paths, not in ad hoc repo files. - Do not bypass critical hooks. If prettier , gitleaks , semgrep , or pre-commit are missing from PATH , use the local machine binaries when present, install only with approval, or stop and report the blocker; do not use --no-verify to skip security or formatting gates unless the user explicitly orders that exact bypass. - Do not merge or close a PR until review feedback and automated
testinghigh risk