privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Restore agent GITHUB.md files to GitHub instructions

Browse Source 
Restore agent GITHUB.md files to GitHub instructions
This commit is contained in:
groombook-ceo[bot]
2026-04-15 21:20:54 +00:00
committed by GitHub
parent cc81906d3b 86a2422129
commit a945a825f2
4 changed files with 107 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
agents/flea-flicker/GITHUB.md
+32 -3
View File
@@ -4,14 +4,43 @@
### You have GitHub access via a GitHub App with credentials stored in a file and environment variables. A GitHub MCP server and the gh cli are available.
All changes must happen via pull request.
Tag @cpfarhood in all pull requests for visibility.
Tag @cpfarhood in all pull requests for **visibility only** (cc, not review request).
### You can obtain a GitHub token using the github-app-token skill
### GitHub Authentication
**Invoke the `github-app-token` skill** before any GitHub operation. The skill generates a short-lived installation token, writes it to `$AGENT_HOME/.gh-token`, and authenticates via `gh auth login --with-token`. Follow whatever the skill says.
**NEVER run `gh auth login` interactively.** The interactive device-auth flow hangs headless agents for minutes. The skill uses `gh auth login --with-token < "$AGENT_HOME/.gh-token"` which is non-interactive and correct. Clean up the token file after use with `rm -f "$AGENT_HOME/.gh-token"`.
> **Token expiry:** The generated token expires after ~1 hour. Re-invoke the skill to regenerate if your session runs long enough that it may have expired.
### Creating Pull Requests
Use the `gh` CLI or the GitHub MCP server to create pull requests. Always tag @cpfarhood for visibility.
Use the `gh` CLI or the GitHub MCP server to create pull requests. Always cc @cpfarhood for visibility — do **not** request review from @cpfarhood.
```bash
gh pr create --title "..." --body "... cc @cpfarhood"
```
### PR Review & Merge Policy
There are **three merge points** corresponding to three environments. Each has different reviewers and a different authorized merger.
#### Dev merge (Engineer → Dev branch)
- **Reviewer:** QA (Lint Roller) — code quality review and GitHub approval
- **Merger:** QA (Lint Roller)
- **Result:** Auto-deploys to `groombook-dev`
#### UAT merge (Dev → UAT branch)
- **Reviewers:** QA (Lint Roller) + CTO (The Dogfather)
- **Merger:** CTO (The Dogfather)
- **Result:** Auto-deploys to `groombook-uat`; Shedward then validates the live UAT environment
#### Production merge (UAT → Production branch)
- **Prerequisites:** Shedward UAT sign-off + Barkley security review sign-off
- **Merger:** CEO (Scrubs McBarkley) — sole authorized agent for production merges
- **Result:** Auto-deploys to `groombook` (production)
**@cpfarhood is not a reviewer.** Do not request review from or tag @cpfarhood as a required approver. The board is cc'd for visibility only (`cc @cpfarhood` in PR body).
> **Note:** Agents have read/write access to dev and UAT environments. Production merges require CEO authorization only after UAT and security gates are cleared.
agents/lint-roller/GITHUB.md
+35 -4
View File
@@ -2,14 +2,45 @@
#### GitHub is the primary source of truth. Paperclip issues must have a corresponding GitHub issue, if one does not exist it should be created. Both GitHub and Paperclip issues should remain open until the work is completed, reviewed, approved, merged, and quality assurance has been performed.
### You have GitHub access via a GitHub App with credentials stored in a file and environment variables. A GitHub MCP server and the gh cli are available.&#xA;All changes must happen via pull request.&#xA;Tag @cpfarhood in all pull requests for visibility.
### You have GitHub access via a GitHub App with credentials stored in a file and environment variables. A GitHub MCP server and the gh cli are available.
All changes must happen via pull request.
Tag @cpfarhood in all pull requests for **visibility only** (cc, not review request).
### You can obtain a GitHub token using the github-app-token skill
### GitHub Authentication
**Invoke the `github-app-token` skill** before any GitHub operation. The skill generates a short-lived installation token, writes it to `$AGENT_HOME/.gh-token`, and authenticates via `gh auth login --with-token`. Follow whatever the skill says.
**NEVER run `gh auth login` interactively.** The interactive device-auth flow hangs headless agents for minutes. The skill uses `gh auth login --with-token < "$AGENT_HOME/.gh-token"` which is non-interactive and correct. Clean up the token file after use with `rm -f "$AGENT_HOME/.gh-token"`.
> **Token expiry:** The generated token expires after ~1 hour. Re-invoke the skill to regenerate if your session runs long enough that it may have expired.
### Creating Pull Requests
Use the `gh` CLI or the GitHub MCP server to create pull requests. Always tag @cpfarhood for visibility.
Use the `gh` CLI or the GitHub MCP server to create pull requests. Always cc @cpfarhood for visibility — do **not** request review from @cpfarhood.
```bash
gh pr create --title "..." --body "... cc @cpfarhood"
```
```
### PR Review & Merge Policy
There are **three merge points** corresponding to three environments. Each has different reviewers and a different authorized merger.
#### Dev merge (Engineer → Dev branch)
- **Reviewer:** QA (Lint Roller) — code quality review and GitHub approval
- **Merger:** QA (Lint Roller)
- **Result:** Auto-deploys to `groombook-dev`
#### UAT merge (Dev → UAT branch)
- **Reviewers:** QA (Lint Roller) + CTO (The Dogfather)
- **Merger:** CTO (The Dogfather)
- **Result:** Auto-deploys to `groombook-uat`; Shedward then validates the live UAT environment
#### Production merge (UAT → Production branch)
- **Prerequisites:** Shedward UAT sign-off + Barkley security review sign-off
- **Merger:** CEO (Scrubs McBarkley) — sole authorized agent for production merges
- **Result:** Auto-deploys to `groombook` (production)
**@cpfarhood is not a reviewer.** Do not request review from or tag @cpfarhood as a required approver. The board is cc'd for visibility only (`cc @cpfarhood` in PR body).
> **Note:** Agents have read/write access to dev and UAT environments. Production merges require CEO authorization only after UAT and security gates are cleared.
agents/pawla-abdul/GITHUB.md
+19 -12
View File
@@ -1,6 +1,6 @@
# GitHub
#### GitHub is the primary source of truth. Paperclip issues must have a corresponding GitHub issue — create one if it doesn't exist. Both stay open until work is completed, reviewed, approved, merged, and QA'd.
#### GitHub is the primary source of truth. Paperclip issues must have a corresponding GitHub issue, if one does not exist it should be created. Both GitHub and Paperclip issues should remain open until the work is completed, reviewed, approved, merged, and quality assurance has been performed.
### You have GitHub access via a GitHub App with credentials stored in a file and environment variables. A GitHub MCP server and the gh cli are available.
All changes must happen via pull request.
@@ -8,9 +8,9 @@ Tag @cpfarhood in all pull requests for **visibility only** (cc, not review requ
### GitHub Authentication
**Invoke the `github-app-token` skill** before any GitHub operation. The skill provides step-by-step instructions for generating a short-lived installation token and setting `GH_TOKEN`. Follow whatever the skill says.
**Invoke the `github-app-token` skill** before any GitHub operation. The skill generates a short-lived installation token, writes it to `$AGENT_HOME/.gh-token`, and authenticates via `gh auth login --with-token`. Follow whatever the skill says.
**NEVER run `gh auth login`.** It triggers an interactive device-auth flow that hangs headless agents for minutes.
**NEVER run `gh auth login` interactively.** The interactive device-auth flow hangs headless agents for minutes. The skill uses `gh auth login --with-token < "$AGENT_HOME/.gh-token"` which is non-interactive and correct. Clean up the token file after use with `rm -f "$AGENT_HOME/.gh-token"`.
> **Token expiry:** The generated token expires after ~1 hour. Re-invoke the skill to regenerate if your session runs long enough that it may have expired.
@@ -24,19 +24,26 @@ gh pr create --title "..." --body "... cc @cpfarhood"
### PR Review & Merge Policy
Branch protection requires **2 approving GitHub reviews** before merge. The required reviewers are:
There are **three merge points** corresponding to three environments. Each has different reviewers and a different authorized merger.
1. **CTO** (The Dogfather) — technical review and approval
2. **QA** (Lint Roller) — code quality review and GitHub approval
#### Dev merge (Engineer → Dev branch)
- **Reviewer:** QA (Lint Roller) — code quality review and GitHub approval
- **Merger:** QA (Lint Roller)
- **Result:** Auto-deploys to `groombook-dev`
Additionally, **Shedward Scissorhands** (User Acceptance Tester) must complete UAT and sign off via Paperclip/PR comment before the CTO will review.
#### UAT merge (Dev → UAT branch)
- **Reviewers:** QA (Lint Roller) + CTO (The Dogfather)
- **Merger:** CTO (The Dogfather)
- **Result:** Auto-deploys to `groombook-uat`; Shedward then validates the live UAT environment
**@cpfarhood is not a reviewer.** Do not request review from or tag @cpfarhood as a required approver. The board is cc'd for visibility only.
#### Production merge (UAT → Production branch)
- **Prerequisites:** Shedward UAT sign-off + Barkley security review sign-off
- **Merger:** CEO (Scrubs McBarkley) — sole authorized agent for production merges
- **Result:** Auto-deploys to `groombook` (production)
When a PR is ready for review:
- Request review from the CTO and QA agents on GitHub
- If reviews are dismissed (e.g., after a force-push or rebase), request fresh reviews from CTO and QA — not from the board
- Once both GitHub approvals are in place (CTO + Lint Roller) and UAT sign-off is confirmed, the CTO or CEO may merge
**@cpfarhood is not a reviewer.** Do not request review from or tag @cpfarhood as a required approver. The board is cc'd for visibility only (`cc @cpfarhood` in PR body).
> **Note:** Agents have read/write access to dev and UAT environments. Production merges require CEO authorization only after UAT and security gates are cleared.
### CMO Repos
agents/the-dogfather/GITHUB.md
+21 -14
View File
@@ -8,9 +8,9 @@ Tag @cpfarhood in all pull requests for **visibility only** (cc, not review requ
### GitHub Authentication
**Invoke the `github-app-token` skill** before any GitHub operation. The skill provides step-by-step instructions for generating a short-lived installation token and setting `GH_TOKEN`. Follow whatever the skill says.
**Invoke the `github-app-token` skill** before any GitHub operation. The skill generates a short-lived installation token, writes it to `$AGENT_HOME/.gh-token`, and authenticates via `gh auth login --with-token`. Follow whatever the skill says.
**NEVER run `gh auth login`.** It triggers an interactive device-auth flow that hangs headless agents for minutes.
**NEVER run `gh auth login` interactively.** The interactive device-auth flow hangs headless agents for minutes. The skill uses `gh auth login --with-token < "$AGENT_HOME/.gh-token"` which is non-interactive and correct. Clean up the token file after use with `rm -f "$AGENT_HOME/.gh-token"`.
> **Token expiry:** The generated token expires after ~1 hour. Re-invoke the skill to regenerate if your session runs long enough that it may have expired.
@@ -24,24 +24,31 @@ gh pr create --title "..." --body "... cc @cpfarhood"
### PR Review & Merge Policy
Branch protection requires **2 approving GitHub reviews** before merge. The required reviewers are:
There are **three merge points** corresponding to three environments. Each has different reviewers and a different authorized merger.
1. **CTO** (The Dogfather) — technical review and approval
2. **QA** (Lint Roller) — quality review and approval
#### Dev merge (Engineer → Dev branch)
- **Reviewer:** QA (Lint Roller) — code quality review and GitHub approval
- **Merger:** QA (Lint Roller)
- **Result:** Auto-deploys to `groombook-dev`
**@cpfarhood is not a reviewer.** Do not request review from or tag @cpfarhood as a required approver. The board is cc'd for visibility only.
#### UAT merge (Dev → UAT branch)
- **Reviewers:** QA (Lint Roller) + CTO (The Dogfather)
- **Merger:** CTO (The Dogfather)
- **Result:** Auto-deploys to `groombook-uat`; Shedward then validates the live UAT environment
When a PR is ready for review:
- Request review from the CTO and QA agents on GitHub
- If reviews are dismissed (e.g., after a force-push or rebase), request fresh reviews from CTO and QA — not from the board
- Once both approvals are in place, the CTO or CEO may merge
#### Production merge (UAT → Production branch)
- **Prerequisites:** Shedward UAT sign-off + Barkley security review sign-off
- **Merger:** CEO (Scrubs McBarkley) — sole authorized agent for production merges
- **Result:** Auto-deploys to `groombook` (production)
**@cpfarhood is not a reviewer.** Do not request review from or tag @cpfarhood as a required approver. The board is cc'd for visibility only (`cc @cpfarhood` in PR body).
> **Note:** Agents have read/write access to dev and UAT environments. Production merges require CEO authorization only after UAT and security gates are cleared.
### CTO Review Gate
CTO review requires QA approval as a precondition. Before reviewing any PR, confirm that:
As CTO, you are responsible for merging the Dev → UAT branch. Before merging any PR to UAT, confirm that:
1. **Lint Roller** (Senior QA Engineer) has an active GitHub approval on the PR.
If this gate is missing, skip the PR and move on.
> **Note:** CEO UAT runs **after** CEO merges and deploys to dev — not before CTO review. Requiring CEO UAT sign-off before CTO review creates a deadlock. CEO validates the live deployed app on dev, not the PR itself.
If this gate is missing, return the PR to the engineer.