The allowed-tools pattern was missing :* suffix, causing permission check
failures when arguments were passed to the setup script via ```! block.
Fixes#16398
Fixes#12170
The ralph-wiggum slash commands had multi-line bash scripts in their
```! blocks. Claude Code's security check blocks commands with
newlines to prevent command injection, causing the error:
"Command contains newlines that could separate multiple commands"
Changes:
ralph-loop.md:
- Remove multi-line bash from code block
- Keep single-line call to setup script
- Keep scoped allowed-tools for security
cancel-ralph.md:
- Replace multi-line bash with step-by-step instructions
- Tighten allowed-tools to specific file paths
setup-ralph-loop.sh:
- Add completion promise display logic (moved from ralph-loop.md)
- Uses COMPLETION_PROMISE variable directly instead of reading from file
Migrates the ralph-wiggum plugin from internal marketplace to public marketplace.
Implements Geoffrey Huntley's "Ralph Wiggum" technique using Claude Code's Stop
hook mechanism for continuous iterative development loops.
Key features:
- Interactive self-referential AI loops in current session
- Stop hook intercepts exit and feeds same prompt back
- Iteration tracking and completion promise detection
- Max iterations safety limits
Changes:
- Remove all tmux dependencies and background execution mode
- Simplify to interactive-only mode using Stop hooks
- Add comprehensive error handling with clear messages
- Fix documentation to accurately describe Stop hook mechanism
- Add input validation for all command-line arguments
- Register plugin in public marketplace
Security fixes:
- Remove eval usage (command injection vulnerability)
- Add numeric validation before arithmetic operations
- Remove silent error suppression
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
