Merge pull request #35 from privilegedescalation/policy/no-rbac-escalation

Add RBAC no-escalation policy to POLICIES.md

POLICIES.md

@@ -69,6 +69,23 @@ All Kubernetes secrets MUST be managed as **SealedSecrets** (Bitnami Sealed Secr
 - The Sealed Secrets controller decrypts them in-cluster at deploy time
 - If `kubeseal` is not available, install it: `curl -sL https://github.com/bitnami-labs/sealed-secrets/releases/latest/download/kubeseal-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m | sed 's/x86_64/amd64/') -o /usr/local/bin/kubeseal && chmod +x /usr/local/bin/kubeseal`
 
+## RBAC and Permissions
+
+**Do not request additional RBAC, GitHub App permissions, or cluster permissions.** The current access levels are final. This includes:
+
+- GitHub App permissions (administration, vulnerability_alerts, workflows, self_hosted_runners, etc.)
+- Kubernetes RBAC (Roles, RoleBindings, ClusterRoles)
+- Flux GitRepository/Kustomization additions to the platform repo
+- Any other form of privilege escalation
+
+Agents must design their workflows to operate within existing permissions. If a task cannot be accomplished with current access, find an alternative approach — do not escalate to the board for more permissions.
+
+**Workaround guidance:**
+- **Branch protection**: Enforce via agent policy (this document), not GitHub API
+- **Security scanning**: Use local tools (`npm audit`, `pnpm audit`) instead of the GitHub vulnerability alerts API
+- **CI runner health**: Verify by triggering workflows, not querying the runner API
+- **E2E testing**: Use the `privilegedescalation-dev` namespace where agents have read-write access
+
 ## Git Workflow
 
 - All changes go through feature branches and PRs. Never push directly to main.