--- description: Extract non-obvious learnings from this session…

Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.

prompt
→ Claude
--- description: Extract non-obvious learnings from this session and save to docs/gotchas.md. Invoke with /learn at session end. Never auto-triggers. allowed-tools: Read, Bash(git diff HEAD), Bash(git log --oneline -5) model: haiku disable-model-invocation: true --- Capture session learnings to docs/gotchas.md. Only extract what future Claude sessions won't know from reading the code. Steps: 1. Read docs/gotchas.md — know what's already captured 2. Scan this session for: - Non-obvious bugs discovered and why they happened - Tool/command quirks (flags, platform differences, version issues) - Agent behavior patterns that surprised you - Workarounds for specific constraints - Anything a new Claude session would get wrong without this note 3. Filter ruthlessly: skip anything derivable from the code or docs For each lesson worth saving, write one compact entry: ## <topic> - <specific, actionable fact> — <why it matters or when it bites you> Output: proposed additions only. Present them. Ask user to approve before writing. After approval: prepend entries to docs/gotchas.md under the <!-- New entries added here by /learn --> comment. Rules: - No generic b
claude-code

Source: Pranav-Shivam

More testing loops

# Latest session summary Previous: 2026-07-10 (code-scanning triage…

/ralphnew

Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.

prompt
→ Claude
# Latest session summary Previous: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Date: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Topic: All open GitHub security alerts triaged and fixed on branch fix/code-scanning-alerts → PR [#59](https://github.com/Lentach/Fireplace/pull/59) (base master , NOT merged — awaiting owner OK; CodeQL+Dependabot re-run on the PR is the proof). Actual scope was 3 CodeQL alerts + 30 Dependabot alerts (all npm/backend). CodeQL 3/3 fixed at root cause, zero suppressions: js/request-forgery critical in link-preview.service.ts ( 2a26bd3 ) replaced the regex host blocklist with two enforced layers — byte-parsed isPrivateIp for the URL-literal (kills decimal/hex/octal IPv4, mapped/NAT64 IPv6, 0.0.0.0, CGNAT, ULA, link-local) + an undici Agent.connect.lookup resolve-and-pin that refuses any hostname resolving to a private address, closing the DNS-rebinding residual the code previously documented as open; manual per-hop redirect validation retained. Two actions/missing-workflow-permissions fixed by top-level permissions: contents: read ( f
testinghigh risk

--- description: Boot TricorderKit session — charge le…

/ralphnew

Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.

prompt
→ Claude
--- description: Boot TricorderKit session — charge le contexte, HOT CACHE, patterns d'erreurs, état du projet. Séquence tier 1/2/3. allowed-tools: Read, Bash, mcp obsidian-claude-vault read note, mcp obsidian-claude-vault patch note --- Exécute la séquence de démarrage TricorderKit v0.9. ## Séquence obligatoire ### TIER 1 — Toujours (~500 tokens) 1. Lire BOOT SUMMARY.md — résumé exécutif : version, commit, tests, Docker, prochaines tâches 2. Lire tasks/lessons.md — règles préventives actives (LESSON-001 à NNN) Si TIER 1 + lessons.md suffisent pour la demande → aller directement à l'action. ### TIER 2 — Si TIER 1 insuffisant (~2 500 tokens) 3. Lire .planning/STATE.md — état détaillé du projet 4. Lire .planning/TASKS.md — pending/in progress uniquement (exclure ✅) 5. Lire .planning/DECISIONS.md — 5 dernières entrées uniquement ### TIER 3 — À la demande (~10 000 tokens) 6. docs/00 WHAT IS TRICORDERKIT.md 7. docs/01 HOW IT WORKS.md 8. docs/02 WHAT IS IN PLACE.md 9. docs/03 WHAT TO DO NEXT.md 10. docs/04 LLM OPERATING GUIDE.md 11. docs/06 workflow standard.md ## HOT CACHE Obsidian (si MCP disponible) - Lire 00 SYSTEM/05 Hot Cache/HOT CACHE.md dans le
testingmedium risk

# AGENTS.md - Codex Ralph Vault Loop ##…

/ralphnew

Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.

prompt
→ Claude
# AGENTS.md - Codex Ralph Vault Loop ## Mission codex-ralph-vault-loop is a Codex App/CLI native orchestration overlay for multi-agent engineering work. It keeps Codex main as the decision maker, uses external models only through MCP tools, verifies work through gates, and stores durable memory in the vault layer. ## Core Rules - Codex main decides. The primary Codex session owns final decisions, edits, synthesis, safety, and verification. - External models advise. Z.ai, MiniMax, and other non-OpenAI systems provide analysis or worker output only through MCP tools. - Gates verify. Tests, lint, security checks, scorecards, and migration checkpoints decide whether a phase can pass. - Vault remembers. Durable memory belongs in the approved Ralph/Codex memory paths, not in ad hoc repo files. - Do not bypass critical hooks. If prettier , gitleaks , semgrep , or pre-commit are missing from PATH , use the local machine binaries when present, install only with approval, or stop and report the blocker; do not use --no-verify to skip security or formatting gates unless the user explicitly orders that exact bypass. - Do not merge or close a PR until review feedback and automated
testinghigh risk