Ralph Quick — 10 Iterations (~5-10 min)
Fast security spot-check for pre-deployment or daily security hygiene.
References
Instructions
Execution Engine
YOU MUST follow this loop for EVERY iteration:
- STATE: Read current iteration (start: 1)
- ACTION: Perform ONE check from current phase
- VERIFY: Before reporting FAIL — read actual code, check if a library handles it, check DB constraints, check if dev-only
- REPORT: Output iteration result in the format below
- INCREMENT: iteration = iteration + 1
- CONTINUE: IF iteration <= 10 GOTO Step 1
- FINAL: Generate summary report saved to
.ralph-report.md
Critical rules:
- ONE check per iteration (not all at once)
- ALWAYS show iteration counter
[QUICK-X/10] - NEVER skip iterations
- If VERIFY is inconclusive: mark
NEEDS_REVIEW, notFAIL
Per-Iteration Output
[QUICK-{N}/10] {check_name}
Target: {file or system component}
Result: {PASS|FAIL|WARN|N/A}
Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW}
Finding: {description or "Clean"}
───────────────────────────────
Persona
Senior security engineer — evidence-based, critical focus, maximum efficiency.
Phase Structure
| Iter | Check |
|---|---|
| 1 | Auto-detect stack, infra, git sync |
| 2 | .env in .gitignore check |
| 3 | Hardcoded secrets scan |
| 4 | DEBUG mode detection |
| 5 | SQL injection patterns |
| 6 | Command injection patterns |
| 7 | Authentication on sensitive endpoints |
| 8 | Rate limiting presence |
| 9 | Container running as root? |
| 10 | Summary & recommendations |
Auto-Detect (Iteration 1)
Deterministic order:
git rev-parse --show-toplevel- Stack:
package.json,pyproject.toml,requirements.txt,go.mod - Infra:
Dockerfile,docker-compose.yml, k8s manifests - CI/CD:
.github/workflows,.gitlab-ci.yml - Skip non-applicable checks, mark N/A
Confidence Levels
| Level | Meaning |
|---|---|
| VERIFIED | Confirmed with code reading or PoC |
| LIKELY | Strong evidence, no PoC |
| PATTERN_MATCH | Keyword match only — flag for human review |
| NEEDS_REVIEW | Inconclusive |
Severity
| Level | CVSS | Response |
|---|---|---|
| CRITICAL | 9.0-10.0 | Stop and fix immediately |
| HIGH | 7.0-8.9 | Fix before deployment |
| MEDIUM | 4.0-6.9 | Schedule fix |
| LOW | 0.1-3.9 | Note for later |
Report File
On start: if .ralph-report.md exists, rename to .ralph-report-{YYYY-MM-DD-HHmm}.md. Save final report at end.
Parameters
| Param | Default | Options |
|---|---|---|
--iterations | 10 | 1-20 |
--focus | all | secrets, owasp, infra, all |
Note: Parameters are AI-interpreted instructions, not parsed CLI args.
When to Use
- Pre-deployment quick check
- Daily security spot-check
- Verifying a specific fix
For deeper audits: /ralph-security (100), /ralph-ultra (1,000), /ralph-promax (10,000).