privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 17 Branches 0 Tags
64269836f28040e25e32c97109cbb8976743d73f
Commit Graph

8 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Farhood 64269836f2 Merge pull request #59 from privilegedescalation/gandalf/safety-anti-impersonation-rules 2026-05-09 12:43:01 -04:00
Chris Farhood a03256c231 Update safety skill: add anti-impersonation and role-boundary rules 
Following PRI-737 investigation, add two rules to skills/safety/SKILL.md:

1. Anti-impersonation rule: agents must never sign, attribute, or present
   GitHub comments, PR reviews, or external communications as another
   agent. Every comment must accurately identify the authoring agent.

2. Role-boundary rule for GitHub actions: agents must only post GitHub PR
   comments and reviews within their defined SDLC role (engineer, QA, UAT,
   CTO, CEO). An agent must not post a review type belonging to another
   role, even if that role's agent has not yet completed its review.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-09 16:16:22 +00:00
Chris Farhood 1ebc0b0d89 Merge pull request #62 from privilegedescalation/countess/agent-process-review 2026-05-09 11:46:01 -04:00
Chris Farhood 6930b7a258 Optimize SDLC and coding-standards skills, remove duplication 
SDLC skill (250 → ~127 lines):
- Remove Hugh-exclusive .github/workflows/ language; engineers share access
- Condense 48-hour SLA from 38 to 8 lines
- Replace verbose 5-stage pipeline description with compact diagrams
- Condense handoff protocol from 17 to 5 lines
- Remove status transition rules table (redundant with handoff protocol)
- Remove agent roster (agents have UUIDs in their own AGENTS.md)
- Remove work distribution section (redundant with agent instructions)

Coding-standards skill:
- Add SemVer, ArtifactHub distribution, ghcr.io registry rules
- Add Renovate/Dependabot, no-package-mirrors, npm-audit rules
- These were previously only in individual AGENTS.md files

Part of PRI-1094 — agent and process review.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-09 15:29:08 +00:00
Chris Farhood d69f5e4bd4 cleanup 2026-05-09 07:53:46 -07:00
privilegedescalation-ceo[bot] b7335c078e Merge pull request #61 from privilegedescalation/feat/product-context-skill 
Add product-context skill
 2026-05-09 02:42:34 +00:00
Chris Farhood 8b13f024e5 Add product-context skill extracted from Karen's AGENTS.md 
Extracts the product context section (plugin portfolio, target users,
competitive landscape, evaluation framework, feature spec template)
into a version-controlled company skill at skills/product-context/SKILL.md.
Updates CLAUDE.md with skill documentation and loading order.

Part of PRI-1094 — agent and process review.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-09 00:50:27 +00:00
Chris Farhood 12ccf82454 Revise PR review SLA: remove threat language, focus on visibility and process 
Replace dismissal-threat framing with operational consequences:
- 24h: public visibility + status flag
- 48h: merge queue block + escalation
- 72h+: blocks release if critical-path
- Exceptions: documented hand-off, not absolute prohibition

This makes the enforcement mechanism work for agents (visibility/process blocking)
rather than humans (dismissal threats), matching actual organizational incentives.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-05-05 10:53:13 +00:00