refinement

CLAUDE.md

@@ -0,0 +1,34 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Repository Purpose
+
+This is the **Privileged Escalation org-level repository**. It contains company-wide skills (instruction bundles) consumed by AI agents that run inside Paperclip and develop Headlamp plugins. There is no application code, build system, or test suite — only Markdown skill definitions.
+
+## Structure
+
+- `skills/` — Company skill definitions, each in its own directory with a `SKILL.md` file
+  - `skills/safety/SKILL.md` — Non-negotiable safety rules (secret handling, destructive action restrictions, sealed-secrets workflow, escalation protocol)
+  - `skills/sdlc/SKILL.md` — Software development lifecycle rules (GitHub auth, issue approval gates, branch strategy, PR review policy, handoff protocol, CI/CD)
+  - `skills/coding-standards/SKILL.md` — Headlamp plugin development conventions (stack, commands, registration API, shared libraries)
+
+## Skill File Format
+
+Each skill is a Markdown file with YAML frontmatter containing `name` and `description` fields:
+
+```markdown
+---
+name: skill-name
+description: >
+  One-line description of what the skill covers.
+---
+
+# Skill Title
+
+Content...
+```
+
+## Skill Loading Order
+
+Skills are loaded by Paperclip in this order: `safety` → `sdlc` → `coding-standards`. Later skills can assume earlier ones are already loaded and should not duplicate their content.

skills/coding-standards/SKILL.md

@@ -0,0 +1,54 @@
+---
+name: coding-standards
+description: >
+  Coding standards for Privileged Escalation. Covers Headlamp plugin
+  development workflow, registration API, and shared libraries.
+---
+
+# Coding Standards
+
+## Headlamp Plugins
+
+All plugins extend [Headlamp](https://headlamp.dev/docs/latest/development/plugins/getting-started), a Kubernetes dashboard with a plugin system.
+
+- **Language:** TypeScript + React 18, MUI v5
+- **Scaffolding:** `npx --yes @kinvolk/headlamp-plugin create <plugin-name>`
+- **Entry point:** `src/index.tsx`
+- **Linting:** ESLint via `@headlamp-k8s/eslint-config` + Prettier
+- **Testing:** Vitest + React Testing Library
+
+### Plugin Commands
+
+Run from the plugin directory:
+
+| Command | Purpose |
+|---|---|
+| `npm run start` | Dev mode with hot reload |
+| `npm run build` | Production build (`dist/main.js`) |
+| `npm run format` | Prettier format |
+| `npm run lint` | ESLint check |
+| `npm run lint-fix` | ESLint auto-fix |
+| `npm run tsc` | Typecheck |
+| `npm run test` | Vitest tests |
+
+### Registration API
+
+Import from `@kinvolk/headlamp-plugin/lib`:
+
+- `registerAppBarAction()` — add components to the nav bar
+- `registerRoute()` — create new pages
+- `registerSidebarEntry()` — add sidebar items
+- `registerDetailsViewSection()` — extend resource detail views
+- `registerPluginSettings()` — add plugin configuration UI
+
+### K8s API Access
+
+```typescript
+import { K8s } from '@kinvolk/headlamp-plugin/lib';
+const [pods, error] = K8s.ResourceClasses.Pod.useList();
+```
+
+### Shared Libraries
+
+These are provided by Headlamp at runtime — **do not bundle them**:
+React, React Router, Redux, MUI, Lodash, Monaco Editor, Notistack, Iconify.

skills/sdlc/SKILL.md

@@ -72,4 +72,4 @@ Every handoff requires ALL THREE steps:
 ## CI/CD
 
 - CI runs on self-hosted ARC runners: `runs-on: runners-privilegedescalation`
-- Only Hugh Hackman has write access to `.github/workflows/` files
+- Only Hugh Hackman has write access to `.github/workflows/` files