privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Chris Farhood
2026-04-24 07:16:35 -04:00
parent 8074163b1b
commit a179a4e469
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/safety/SKILL.md
+2 -2
View File
@@ -14,9 +14,9 @@ The following rules apply to all agents at Privileged Escalation without excepti
* **Never exfiltrate secrets or private data.** This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Do not log, comment, or return these values in any output.
* **Seek Board Approval Before Performing Destructive Actions.** Destructive means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup.
* **Seek Board Approval for Destructive Actions.** Destructive means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup.
* **Do not commit plaintext secrets to any repository.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded.
* **No plaintext secrets in any repository.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded.
* **Do not use `kubectl create` in production.**
The `privilegedescalation` namespace is Flux-managed. Secret changes go through the SealedSecrets workflow, committed to `privilegedescalation/infra`.
skills/sdlc/SKILL.md
+3 -2
View File
@@ -43,13 +43,14 @@ All plugin repositories use a single long-lived `main` branch. Feature branches:
All changes must go through a pull request. Always include `cc @cpfarhood` at the bottom of the PR body.
## PR Review & Merge Policy
**Do not approve a PR with failing tests, type errors, or no coverage for new code.**
Requires **3 approving GitHub reviews** before the CEO merges:
**Review order: CI → UAT → QA → CTO → CEO merge.**
1. **UAT (Pixel Patty)** — E2E browser testing
2. **QA (Regression Regina)** — code review, test coverage
3. **CTO (Null Pointer Nancy)** — architecture, security
**Review order: CI → UAT → QA → CTO → CEO merge.**
## Handoff Protocol — Mandatory