Loop/goaltestingmedium riskadvancedsafety A · 90

Get the fix to score 90+

Run verify commands and benchmark checks until the target code scores 90 or higher on the benchmark, stopping after 5 attempts.

prompt
→ Claude
/goal the transcript reports a line matching SCORE: <n>/100 (threshold: 90, gate: pr) with n >= 90 for <slug> on branch <branch>, after <(bugfix) the REPRODUCE test is shown failing on unfixed code and passing on the final code, and> <verify commands, comma-separated> <(hot-path) and make bench-compare> all pass on the final code, or stop after 5 fix rounds
claude-code

Source: maroffo

More testing loops

Stabilize flaky tests for good

Loop/goalForward Futurenew

Measure the flakiness, fix one root cause at a time, and stop after a defined streak of stable full-suite runs.

prompt
→ Claude
Run [test suite] [N] times under the same conditions and list tests whose result changes. Fix the most frequent flake at its root cause—shared state, timing, ordering, or an external dependency—never with a blind sleep or retry. Run that test [N] times, then rerun the full suite. Repeat until [N] consecutive full-suite runs pass, progress stalls, or approval is required. Return each flake, root cause, fix, evidence, and justified quarantine.
testingmedium risk

# Latest session summary Previous: 2026-07-10 (code-scanning triage…

Loop/ralphnew

Community ralph loop for testing, sourced from github. Verified exit condition, evaluator-gated.

prompt
→ Claude
# Latest session summary Previous: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Date: 2026-07-10 (code-scanning triage — SSRF hardening + CI permissions + dependency bumps) Topic: All open GitHub security alerts triaged and fixed on branch fix/code-scanning-alerts → PR [#59](https://github.com/Lentach/Fireplace/pull/59) (base master , NOT merged — awaiting owner OK; CodeQL+Dependabot re-run on the PR is the proof). Actual scope was 3 CodeQL alerts + 30 Dependabot alerts (all npm/backend). CodeQL 3/3 fixed at root cause, zero suppressions: js/request-forgery critical in link-preview.service.ts ( 2a26bd3 ) replaced the regex host blocklist with two enforced layers — byte-parsed isPrivateIp for the URL-literal (kills decimal/hex/octal IPv4, mapped/NAT64 IPv6, 0.0.0.0, CGNAT, ULA, link-local) + an undici Agent.connect.lookup resolve-and-pin that refuses any hostname resolving to a private address, closing the DNS-rebinding residual the code previously documented as open; manual per-hop redirect validation retained. Two actions/missing-workflow-permissions fixed by top-level permissions: contents: read ( f
testinghigh risk

Builder vs. reviewer, proving each test

Loop/loopForward Futurenew

A builder and an adversarial reviewer pass a git baton between worktrees, proving every new test can catch its fix.

prompt
→ Claude
Use autonomy-loop for [repository task] after the test, build, and lint gates pass. Run /autonomy-loop:autonomy-init, then start builder and reviewer in separate worktrees. The builder reads LOOP-STATE.md, makes one bounded change, and adds a red-before, green-after test. The reviewer reruns the gates and proves the test by reverting or mutating the fix. Accept only on both passes; park protected or repeated-failure work for a human. Finish with the commit, gate evidence, test proof, trust tier, and risks.
testingmedium risk