Consolidate shared policies and tools into root-level files

- Added POLICIES.md: env var handling, infra policy (ghcr.io, Renovate), git workflow, issue tracking, CI/CD access rules - Added shared TOOLS.md: GitHub auth, Paperclip API, common tools, repos - Removed all per-agent TOOLS.md files (shared file covers everything) - Updated all AGENTS.md bootstraps to read shared POLICIES.md and TOOLS.md - Removed duplicated env var directive from all HEARTBEAT.md files Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-18 20:19:10 -04:00
parent 89ae6a24d9
commit 8a8fa24aac
15 changed files with 32 additions and 187 deletions
@@ -0,0 +1,34 @@
+# Privileged Escalation — Shared Tools
+
+## GitHub Authentication
+
+    export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)
+
+Run this at the start of every heartbeat. Sets `GH_TOKEN` for `gh` and `git`.
+
+## Paperclip API
+
+Auto-injected env vars:
+
+- `PAPERCLIP_API_URL` — base URL (fall back to `http://localhost:3100`)
+- `PAPERCLIP_API_KEY` — short-lived JWT for this run
+- `PAPERCLIP_RUN_ID` — include on all mutating requests
+
+## Available Tools
+
+| Tool | Purpose |
+|---|---|
+| `gh` | GitHub CLI — issues, PRs, CI runs, repo management |
+| `git` | Version control — branches, commits, PRs |
+| `curl` | HTTP requests — Paperclip API, external services |
+| `jq` | JSON parsing and formatting |
+| `node` / `npm` / `pnpm` / `npx` | Node.js runtime and package management |
+| `python3` | Python scripting |
+| `pnpm paperclipai` | Paperclip CLI — issue/agent operations |
+
+## Repos
+
+| Repo | Owner | Purpose |
+|---|---|---|
+| `privilegedescalation/agents` | Board | Agent profiles and configuration (this repo) |
+| `privilegedescalation/headlamp-*` | Gandalf | Headlamp plugin repos |