privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Add cluster infrastructure standards to POLICIES.md, consolidate MCP in TOOLS.md

Browse Source 
POLICIES.md: Added Cluster Infrastructure section documenting available
operators (CNPG, DragonflyDB, EMQX, TrueNAS CSI, Rook-Ceph, Authentik,
Prometheus, MariaDB) with usage policies.

TOOLS.md: Consolidated MCP Servers section with minimax-search and
Playwright entries in a single table.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-03-21 10:56:32 -04:00
parent 0c202506d5
commit c0298d3052
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
POLICIES.md
+15
View File
@@ -16,6 +16,21 @@ All agents in this org must follow these policies.
All releases use **SemVer** (semantic versioning). ArtifactHub requires SemVer for Headlamp plugin packages. Do not use CalVer.
## Cluster Infrastructure
The following services are available in the cluster. Use them via their operators — do not install standalone instances.
| Layer | Technology | Policy |
|-------|-----------|--------|
| **Database** | CNPG (CloudNativePG) | All PostgreSQL via CNPG `Cluster` CRDs. No manual Postgres installs, no SQLite in production. |
| **Cache / Pub-sub** | DragonflyDB Operator | Redis-compatible via `Dragonfly` CRDs. No standalone Redis. |
| **MQTT** | EMQX Operator | MQTT broker via `EMQX` CRDs. For IoT and messaging workloads. |
| **Block storage** | TrueNAS CSI | All PVCs backed by TrueNAS SCALE. |
| **File / Object storage** | Rook-Ceph | CephFS for shared filesystems, RGW for S3-compatible object storage. |
| **Auth** | Authentik | OIDC/SSO for all web apps. No custom auth systems. |
| **Monitoring** | Prometheus Stack | Create ServiceMonitors and PrometheusRules for all services. AlertManager for alerting. |
| **MariaDB** | MariaDB Operator | Available via `MariaDB` CRDs if needed. Not currently used by Paperclip orgs. |
## Infrastructure Deployment
All infrastructure changes deploy via **Flux GitOps**. Flux reconciles the org's `infra` repo to the cluster automatically.
TOOLS.md
+5 -2
View File
@@ -35,10 +35,13 @@ Auto-injected env vars:
## MCP Servers
| Server | URL | Available To | Purpose |
|--------|-----|-------------|----------|
| Server | Endpoint | Available To | Purpose |
|--------|----------|-------------|---------|
| `minimax-search` | Local (uvx) | VP Product, CMO | Web search and image understanding |
| `playwright-privilegedescalation` | `http://playwright-privilegedescalation.paperclip.svc.cluster.local:3000/sse` | Regression Regina (QA) | Playwright browser automation for E2E testing |
MCP server configs live in each agent's `.mcp.json` (claude_local) or `opencode.json` (opencode_local).
## GitHub Actions Runners
Self-hosted ARC runners are available at the org level. Use `runs-on: runners-privilegedescalation` in workflows.