privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Optimize SDLC and coding-standards skills, remove duplication

Browse Source 
SDLC skill (250 → ~127 lines):
- Remove Hugh-exclusive .github/workflows/ language; engineers share access
- Condense 48-hour SLA from 38 to 8 lines
- Replace verbose 5-stage pipeline description with compact diagrams
- Condense handoff protocol from 17 to 5 lines
- Remove status transition rules table (redundant with handoff protocol)
- Remove agent roster (agents have UUIDs in their own AGENTS.md)
- Remove work distribution section (redundant with agent instructions)

Coding-standards skill:
- Add SemVer, ArtifactHub distribution, ghcr.io registry rules
- Add Renovate/Dependabot, no-package-mirrors, npm-audit rules
- These were previously only in individual AGENTS.md files

Part of PRI-1094 — agent and process review.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-05-09 15:29:08 +00:00
committed by Countess von Containerheim [agent]
parent d69f5e4bd4
commit 6930b7a258
2 changed files with 35 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/coding-standards/SKILL.md
+14 -1
View File
@@ -2,7 +2,8 @@
name: coding-standards
description: >
Coding standards for Privileged Escalation. Covers Headlamp plugin
development workflow, registration API, and shared libraries.
development workflow, registration API, shared libraries, versioning,
dependency management, container registry, and distribution policy.
---
# Coding Standards
@@ -52,3 +53,15 @@ const [pods, error] = K8s.ResourceClasses.Pod.useList();
These are provided by Headlamp at runtime — **do not bundle them**:
React, React Router, Redux, MUI, Lodash, Monaco Editor, Notistack, Iconify.
## Versioning & Distribution
- **All releases use SemVer.** ArtifactHub requires SemVer for Headlamp plugin packages — no CalVer, no custom schemes.
- **Plugin distribution is ArtifactHub only.** Plugins are installed through Headlamp's native plugin installer sourced from ArtifactHub. No Helm charts, install scripts, or custom install mechanisms.
- **Container images go to `ghcr.io` only.** Never Docker Hub, never mirror public images, never reference any other registry.
## Dependency Management
- **Dependency updates are owned by Mend Renovate.** Never enable Dependabot, never create `.github/dependabot.yml`, never reference Dependabot in workflows or docs.
- **No package mirrors.** Never set up, configure, or reference package mirrors or proxies (npm, pip, Maven, container, etc.). Always use upstream registries directly.
- **Security scanning uses local tools.** Run `npm audit` or `pnpm audit` for vulnerability scanning. Do not use the GitHub vulnerability alerts API.