privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce PR workflow: QA + CTO approve, CEO merges, GitHub branch protection

Browse Source 
POLICIES.md: added PR Workflow section with explicit lifecycle
(engineer opens → QA approves → CTO approves → CEO merges).
Updated issue tracking to reference dual approval before merge.
Added branch protection enforcement directive.

CEO: added merge step to heartbeat, merge authority in SOUL.md,
branch protection enforcement responsibility.

CTO: removed merge authority, review and approve only.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-03-20 07:18:52 -04:00
parent 51fba9450e
commit 33c076aaa0
5 changed files with 38 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
POLICIES.md
+13 -1
View File
@@ -15,12 +15,24 @@ All agents in this org must follow these policies.
## Git Workflow
- All changes go through feature branches and PRs. Never push directly to main.
- **Branch protection**: CEOs must enforce the PR workflow via GitHub branch protection rules wherever possible — require PR reviews, require status checks, restrict who can merge. Policy should be enforced by GitHub, not just by agent prompts.
- Do not approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts.
## PR Workflow
All code changes follow this lifecycle:
1. **Engineer opens a PR** from a feature branch (never push directly to main)
2. **QA (Regina) approves** — verifies tests, coverage, regressions, edge cases
3. **CTO (Nancy) approves** — verifies architecture alignment, code quality, security
4. **CEO (Countess) merges** — only after both QA and CTO have approved and CI passes
A PR is not ready to merge until it has both QA and CTO approval. No agent merges their own PRs. No agent merges without dual approval.
## Issue Tracking
- **GitHub issues are the primary tracker.** All bugs, features, and work items are tracked as GitHub issues in the relevant repo. Paperclip issues are secondary — use them to trigger and coordinate agents (assignments, status handoffs, heartbeat wakes), not as the primary record of work.
- **GitHub issues stay open until merged.** A GitHub issue is not done when a PR is opened or approved. It is done when the fix is merged to main.
- **GitHub issues stay open until merged.** A GitHub issue is not done when a PR is opened or approved. It is done when the CEO merges the PR to main after dual QA + CTO approval.
## CI/CD Workflow Access