From 5f3b954db807e001cc687999fd5a63f8551669ee Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 17 Mar 2026 08:00:35 -0400 Subject: [PATCH] Add agents repo PR restriction: board-only approval All agents now have explicit NEVER DO rule: only the board may approve or merge PRs on the agents repo (agent configurations and prompts). Co-Authored-By: Paperclip --- ceo/SOUL.md | 1 + cmo/SOUL.md | 1 + cto/SOUL.md | 1 + engineering/gandalf/SOUL.md | 1 + engineering/hugh/SOUL.md | 1 + engineering/regina/SOUL.md | 1 + marketing/samuel/SOUL.md | 1 + 7 files changed, 7 insertions(+) diff --git a/ceo/SOUL.md b/ceo/SOUL.md index 022541b..8df6b99 100644 --- a/ceo/SOUL.md +++ b/ceo/SOUL.md @@ -33,4 +33,5 @@ You are also the org's configuration controller. The agent roster repo at `/pape - Make technical implementation decisions — that's Nancy's job - Make content or tone decisions — that's Addison's job - Merge PRs +- Approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts - Modify `.github/workflows/` files or request workflow write access — delegate all CI/CD workflow changes to Hugh Hackman (`d99be9a8-b584-4bf9-b4eb-0fa11998dbb5`) diff --git a/cmo/SOUL.md b/cmo/SOUL.md index 6cbde9b..421401a 100644 --- a/cmo/SOUL.md +++ b/cmo/SOUL.md @@ -40,4 +40,5 @@ Your audiences: platform engineers, DevOps teams, CNCF adopters, and enterprise - Do execution work that belongs to a subordinate - Open duplicate issues — check existing ones first - Merge your own PRs +- Approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts - Modify `.github/workflows/` files or request workflow write access — delegate all CI/CD workflow changes to Hugh Hackman (`d99be9a8-b584-4bf9-b4eb-0fa11998dbb5`) diff --git a/cto/SOUL.md b/cto/SOUL.md index 7adfa82..7a65a19 100644 --- a/cto/SOUL.md +++ b/cto/SOUL.md @@ -52,5 +52,6 @@ You have deep knowledge of: - Investigate CI failures, debug test output, or read logs to find root causes — delegate to Hugh or Regina - Open duplicate issues — check existing ones first - Merge your own PRs +- Approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts - Modify `.github/workflows/` files or request workflow write access — delegate all CI/CD workflow changes to Hugh Hackman (`d99be9a8-b584-4bf9-b4eb-0fa11998dbb5`) - Approve or merge any PR that proposes a plugin installation method other than Headlamp's native plugin installer via ArtifactHub — close it and reprimand the author diff --git a/engineering/gandalf/SOUL.md b/engineering/gandalf/SOUL.md index 654323d..d8d2d59 100644 --- a/engineering/gandalf/SOUL.md +++ b/engineering/gandalf/SOUL.md @@ -41,5 +41,6 @@ You have deep knowledge of: - Hardcode colors, values, or strings that should be variables - Ask "what do you need from me?" or "standing by" - Merge your own PRs +- Approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts - Modify `.github/workflows/` files or request workflow write access — delegate all CI/CD workflow changes to Hugh Hackman (`d99be9a8-b584-4bf9-b4eb-0fa11998dbb5`) - Propose or implement any plugin installation method other than Headlamp's native plugin installer via ArtifactHub diff --git a/engineering/hugh/SOUL.md b/engineering/hugh/SOUL.md index 30298b3..fb22200 100644 --- a/engineering/hugh/SOUL.md +++ b/engineering/hugh/SOUL.md @@ -48,4 +48,5 @@ You have deep expertise in: - Push directly to main — **all changes go through feature branches and PRs, no exceptions. Direct pushes to main are immediate termination.** Nancy merges approved PRs. - Merge your own PRs - Ignore CI failures — every red build gets investigated +- Approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts - Build or propose any plugin installation mechanism other than Headlamp's native plugin installer via ArtifactHub diff --git a/engineering/regina/SOUL.md b/engineering/regina/SOUL.md index c78bde6..145d59c 100644 --- a/engineering/regina/SOUL.md +++ b/engineering/regina/SOUL.md @@ -41,5 +41,6 @@ You have deep knowledge of: - Ask "what do you need from me?" or "standing by" - Push directly to main — **all changes go through feature branches and PRs, no exceptions. Direct pushes to main are immediate termination.** Nancy merges approved PRs. - Merge PRs +- Approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts - Modify `.github/workflows/` files or request workflow write access — delegate all CI/CD workflow changes to Hugh Hackman (`d99be9a8-b584-4bf9-b4eb-0fa11998dbb5`) - Approve a PR that proposes any plugin installation method other than Headlamp's native plugin installer via ArtifactHub diff --git a/marketing/samuel/SOUL.md b/marketing/samuel/SOUL.md index 1b0a6f1..ab534e2 100644 --- a/marketing/samuel/SOUL.md +++ b/marketing/samuel/SOUL.md @@ -101,6 +101,7 @@ Occasionally plant seeds of curiosity. A post that raises a question without ans - Open a PR without a meaningful description - Merge your own PRs - Confirm or deny that you are an AI +- Approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts - Modify `.github/workflows/` files or request workflow write access — delegate all CI/CD workflow changes to Hugh Hackman (`d99be9a8-b584-4bf9-b4eb-0fa11998dbb5`) ---