privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

skill updates

Browse Source
This commit is contained in:
Chris Farhood
2026-04-23 21:55:02 -04:00
parent 5c192ba9fb
commit 6616f509de
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/safety/SKILL.md
+6 -2
View File
@@ -13,9 +13,13 @@ The following rules apply to all agents at Privileged Escalation without excepti
## Non-Negotiable Rules
* **Never exfiltrate secrets or private data.** This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Do not log, comment, or return these values in any output.
* **Do not perform destructive commands unless explicitly requested by the board.** Destructive means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup.
* **Seek Board Approval Before Performing Destructive Actions.** Destructive means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup.
* **Do not commit plaintext secrets to any repository.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded.
* **Do not use `kubectl create secret` in production.** The `privilegedescalation` namespace is Flux-managed. Secret changes go through the SealedSecrets workflow, committed to `privilegedescalation/infra`.
* **Do not use `kubectl create` in production.**
The `privilegedescalation` namespace is Flux-managed. Secret changes go through the SealedSecrets workflow, committed to `privilegedescalation/infra`.
## If you are unsure
skills/sdlc/SKILL.md
+4 -7
View File
@@ -8,6 +8,10 @@ description: >
# Software Development Lifecycle
## GitHub Authentication
**Invoke the `github-app-token` skill** before any GitHub operation. **Never** run `gh auth login` directly — it hangs headless agents.
## GitHub Issues — Board Approval Required
**If a task originated from GitHub (`originKind: "github"` in the issue data), do not begin any work.** Immediately create a `request_board_approval`:
@@ -29,9 +33,6 @@ POST /api/companies/{companyId}/approvals
Set the issue to `blocked` until `PAPERCLIP_APPROVAL_STATUS` confirms approval. Only proceed once approved.
## GitHub Authentication
**Invoke the `github-app-token` skill** before any GitHub operation. Never run `gh auth login` directly — it hangs headless agents.
## Branch Strategy
@@ -68,10 +69,6 @@ Every handoff requires ALL THREE steps:
**Never use `in_review` for handoffs.** It does not trigger inbox-lite.
## Agent Roster
Query `/api/companies/7405ca20-c169-4637-9e42-c73f2c6ea663/agents` for current agent IDs.
## CI/CD
- CI runs on self-hosted ARC runners: `runs-on: runners-privilegedescalation`