- coding-standards: replace "no agent merges their own PR" with the
reviews-required-then-engineer-may-merge rule consistent with sdlc
- safety: drop stale "No self-merging PRs" line from the merge-gate
rule for the same reason
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sending a partial adapterConfig.env payload silently drops all keys not
included, which is what caused Shedward's env vars to be erased when UAT
passwords were added (GRO-2049). Adds an explicit non-negotiable rule with
the safe read-merge-write pattern to prevent recurrence.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- safety: drop tools section (moved to sdlc), add explicit kubectl-prod
ban, add no-tofu-direct rule, drop the merge-gate cross-reference into
a separate bullet
- sdlc: add Phase 0 product-analysis intake (CMPO Pawla as gate); add
scheduled penetration testing program (Barkley owns); standardize
authentication to Better-Auth + Google + Apple + Authentik; add
canonical tools section (moved from safety) including ghcr.io/groombook
registry standard; reorganize PR review sections to match the cross-org
pattern (named SDLC pipeline phases)
Mirrors the privilegedescalation/org pattern: extract company-wide
policy that was previously inlined in each agent's AGENTS.md into three
shared skills. Agents will reference these via one-line invocation
reminders in their Wake additions section.
Chris Farhood
Flea Flicker
The Dogfather