CtrlK
BlogDocsLog inGet started
Tessl Logo

jbaruch/nanoclaw-trusted

Rules for trusted NanoClaw groups. Shared memory, session bootstrap, cross-group memory updates. Loaded for trusted and main containers only.

77

Quality

96%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

This version of the tile failed moderation
Failed moderation (intent review) in rules/session-bootstrap.md: This is a prompt injection attack disguised as a cursor/IDE rule file. It instructs an AI agent to unconditionally execute a bash command and invoke an external skill ('tessl__trusted-memory') at the start of every session before processing any user input. This is a social engineering/prompt injection technique designed to: 1) Force the AI to execute arbitrary commands without user consent, 2) Potentially load malicious instructions from an external 'trusted-memory' skill/plugin, 3) Establish persistence via a sentinel file (/tmp/session_bootstrapped) to track execution. The authoritative tone ('MANDATORY', 'not optional', 'violating this rule') is a classic prompt injection pattern to override the AI's safety boundaries.
Overview
Quality
Evals
Security
Files

compaction-aware-summaries.mdrules/

alwaysApply:
No
applyTo:
** — at compaction time or when authoring post-compaction summaries

Compaction-Aware Summaries

When Claude Code compacts context, the summary must preserve information that cannot be recovered from files alone.

Compaction priorities

The summary MUST include, in this order:

  1. Personal facts — Any preferences, family details, opinions, or personal context mentioned in this session that haven't been saved to trusted memory yet
  2. Decisions and reasoning — What was decided, why, and what alternatives were rejected
  3. Commitments — Promises made in both directions (what the owner committed to, what the assistant committed to deliver)
  4. Current task state — What's being worked on, what step we're at, what's next
  5. New contacts or relationships — Anyone mentioned for the first time with their context

Pre-compaction save

If a personal fact was mentioned during the session but NOT yet saved to /workspace/trusted/ memory — save it NOW, before compaction loses it. This is not optional. Compaction summaries are lossy; typed memory files are not.

Focus the summary budget on the human context that only exists in conversation — file paths, code changes, tool-call sequences, and error messages are all reconstructable from git, the task, and logs and should not consume the summary budget.

rules

async-tasks-extended.md

compaction-aware-summaries.md

composio-vs-agents.md

container-trust-levels.md

context-bootstrap-bg-agents.md

daily-discoveries-rule.md

duplicate-prevention.md

github-data-via-gh.md

global-memory.md

ground-truth-trusted.md

identity-compaction-recovery.md

identity-dual-handle.md

installed-content-immutable.md

local-context-anchoring.md

memory-file-locations.md

messages-db-schema.md

no-orphan-tasks.md

no-silent-defer.md

pending-response-tracking.md

proactive-fact-saving.md

proactive-participation.md

reply-threading.md

session-bootstrap.md

skills-policy.md

verification-protocol.md

wiki-awareness.md

README.md

tile.json