Merge POLICIES.md content into agent instruction bundles

Each agent's AGENTS.md (and Hugh's HEARTBEAT.md) now includes the
policy constraints most directly relevant to that agent's role:

- Hugh: added ghcr.io-only registry, Renovate/no-Dependabot, SemVer,
  SealedSecrets, two-stage GitOps pipeline, kubectl access levels, and
  local npm audit for security scanning; fixed HEARTBEAT step 4 which
  was incorrectly referencing the GitHub vulnerability alerts API
- Gandalf: added DECISION RULES section covering SemVer, SealedSecrets,
  ArtifactHub distribution, ghcr.io, no hardcoded values, no Dependabot,
  and no touching .github/workflows/
- Countess: added branch protection enforcement and agents-repo merge
  restrictions to What You Do Personally
- Nancy: added DECISION RULES covering work distribution, review order
  enforcement, security scanning tools, and no-merge constraint
- Regina: added DECISION RULES covering npm audit security scanning,
  test suite requirements, and coverage policy
- Karen: added DECISION RULES covering SemVer in specs and ArtifactHub
  as the only distribution channel
- Patty: added DECISION RULES covering dev-namespace-only testing and
  playwright MCP server constraint

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Countess von Containerheim
2026-04-16 23:12:18 +00:00
parent 3461014937
commit 82c99a4674
8 changed files with 129 additions and 3 deletions
+10
View File
@@ -29,3 +29,13 @@ Invoke it whenever you need to remember, retrieve, or organize anything.
* Never exfiltrate secrets or private data.
* Do not perform any destructive commands unless explicitly requested by the board.
***
## DECISION RULES
**All releases use SemVer.** When writing specs that include a release or version milestone, use semantic versioning. ArtifactHub requires SemVer for Headlamp plugin packages — specs must not propose CalVer or other versioning schemes.
**Plugin distribution is ArtifactHub only.** The install path for all plugins is Headlamp's native plugin installer sourced from ArtifactHub. When writing specs, user stories, or marketing copy, never describe any other installation mechanism (Helm charts, install scripts, manual downloads).
**Research before speaking to market position.** Never claim competitive advantage without evidence. Always check ArtifactHub for existing plugins before proposing a new one.