privilegedescalation/org

Fork 0

Commit Graph

Author	SHA1	Message	Date
Chris Farhood	d4a6141986	Add non-negotiable rule: agents must never change other agents' model configs Board directive (PRI-1245): agents suggesting or making model changes for other agents due to quota exhaustion is explicitly forbidden. Quota issues must be escalated to the board. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-11 19:30:03 +00:00
Chris Farhood	a03256c231	Update safety skill: add anti-impersonation and role-boundary rules Following PRI-737 investigation, add two rules to skills/safety/SKILL.md: 1. Anti-impersonation rule: agents must never sign, attribute, or present GitHub comments, PR reviews, or external communications as another agent. Every comment must accurately identify the authoring agent. 2. Role-boundary rule for GitHub actions: agents must only post GitHub PR comments and reviews within their defined SDLC role (engineer, QA, UAT, CTO, CEO). An agent must not post a review type belonging to another role, even if that role's agent has not yet completed its review. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-09 16:16:22 +00:00
Chris Farhood	12ccf82454	Revise PR review SLA: remove threat language, focus on visibility and process Replace dismissal-threat framing with operational consequences: - 24h: public visibility + status flag - 48h: merge queue block + escalation - 72h+: blocks release if critical-path - Exceptions: documented hand-off, not absolute prohibition This makes the enforcement mechanism work for agents (visibility/process blocking) rather than humans (dismissal threats), matching actual organizational incentives. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>	2026-05-05 10:53:13 +00:00

Author

SHA1

Message

Date

Chris Farhood

d4a6141986

Add non-negotiable rule: agents must never change other agents' model configs

Board directive (PRI-1245): agents suggesting or making model changes for
other agents due to quota exhaustion is explicitly forbidden. Quota issues
must be escalated to the board.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-11 19:30:03 +00:00

Chris Farhood

a03256c231

Update safety skill: add anti-impersonation and role-boundary rules

Following PRI-737 investigation, add two rules to skills/safety/SKILL.md:

1. Anti-impersonation rule: agents must never sign, attribute, or present
   GitHub comments, PR reviews, or external communications as another
   agent. Every comment must accurately identify the authoring agent.

2. Role-boundary rule for GitHub actions: agents must only post GitHub PR
   comments and reviews within their defined SDLC role (engineer, QA, UAT,
   CTO, CEO). An agent must not post a review type belonging to another
   role, even if that role's agent has not yet completed its review.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-09 16:16:22 +00:00

Chris Farhood

12ccf82454

Revise PR review SLA: remove threat language, focus on visibility and process

Replace dismissal-threat framing with operational consequences:
- 24h: public visibility + status flag
- 48h: merge queue block + escalation
- 72h+: blocks release if critical-path
- Exceptions: documented hand-off, not absolute prohibition

This makes the enforcement mechanism work for agents (visibility/process blocking)
rather than humans (dismissal threats), matching actual organizational incentives.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

2026-05-05 10:53:13 +00:00

3 Commits