Skip to content

[feat] no-ticket - field-test: natural-language install prompt#76

Open
mariojgt wants to merge 3 commits into
mainfrom
vespera/dc040dcc
Open

[feat] no-ticket - field-test: natural-language install prompt#76
mariojgt wants to merge 3 commits into
mainfrom
vespera/dc040dcc

Conversation

@mariojgt

Copy link
Copy Markdown
Contributor

What

Replaces the install prompt in `field-test/prompt.txt` with a casual, natural-language phrasing:

Can you add the https://www.npmjs.com/package/@patchstack/connect package for me ? This will add some security features to this app that I want to use and please check for any install instructions

Why

Per maintainer request — evaluating whether a plain user-style prompt works as the field-test artifact.

⚠️ Caveats (per CLAUDE.md / MAINTAINING.md)

  • Drift: the install prompt is a 🔴 artifact required to be byte-identical in three places (`README.md`, `GETTING-STARTED.md` step 1, `field-test/prompt.txt`). This PR changes only `prompt.txt`, so it now drifts from the other two.
  • Ungated: not yet run through the hostile field-test gate (`node field-test/run.mjs --persona hostile --rounds 3`). The new phrasing drops the self-verify clause, provenance anchors, claim-URL boundary, and named steps the tuned prompt carried.

🤖 Generated with Claude Code

Replace the tuned adversarial install prompt in field-test/prompt.txt
with a casual natural-language phrasing per maintainer request.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderbuds

coderbuds Bot commented Jul 14, 2026

Copy link
Copy Markdown

Clarifies distinct capabilities and updates installation prompt wording.

🎯 Quality: 100% Elite · 📦 Size: Tiny

📈 This month: Your 90th PR — above team average · Averaging Excellent

See how your team is trending →

@mariojgt

Copy link
Copy Markdown
Contributor Author

/review

Clarify that scan is dependency monitoring/reporting (not request-time
protection) and that the runtime exploit guard is the opt-in `protect`
command, currently TanStack Start + Supabase only. Matches AGENT-INSTALL.md
and src/cli.ts; no overstated claims.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Comment thread README.md
Connect a JavaScript / Node.js application to [Patchstack](https://patchstack.com) for continuous vulnerability monitoring. Scans your `package-lock.json` and reports installed packages so Patchstack can match them against its vulnerability database and notify you when something needs patching.

**Two separate capabilities — don't conflate them:**

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LLM support as lovable flag this is a issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant