The previous directive told agents to exit on 401, causing them to bail
on the first failed curl. PAPERCLIP_API_URL is injected by the adapter
but may not expand in all shell contexts. Fall back to localhost:3100.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Added explicit directive to all heartbeats: PAPERCLIP_API_KEY and other
env vars are pre-injected and valid — do not inspect, decode, verify,
or debug them. Exit cleanly on 401 instead of retrying.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Every agent now invokes the persistent memory skill for cross-heartbeat
knowledge retention: facts, daily notes, entities, synthesis, and recall.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
C-level and VP agents explicitly state they do not do IC work and name
who they delegate to. IC agents declare owned domains and tech skills.
Format: scope sentence + delegation boundary + domain tags.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All agents now have explicit NEVER DO rule: only the board may approve
or merge PRs on the agents repo (agent configurations and prompts).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- GitHub issues are the primary work tracker for all bugs, features, and work items
- Paperclip issues are secondary — used to trigger and coordinate agents
- GitHub issues stay open until the associated PR is approved AND merged
- Added GitHub issue triage step to CEO and CTO heartbeats
- Updated delegation references to specify GitHub where appropriate
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Nancy will close without merging and reprimand any PR proposing alternatives.
All agents updated to understand this is non-negotiable.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Repo renamed from privilegedescalation/privilegedescalation to
privilegedescalation/agents. All filesystem paths in agent configs,
heartbeats, and tools updated to match the new on-disk location.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each agent gets HOME set to their cwd so ~/.gitconfig and
~/.config/gh/ don't collide between concurrent heartbeats.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add explicit POST /api/issues/{issueId}/checkout and PATCH status
update curl templates with X-Paperclip-Run-Id headers to all agent
heartbeats. Document Gemini workspace sandboxing in Hugh's TOOLS.md.
Also removed Regina's ghost instructionsFilePath from live DB.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Single script at repo root that auto-detects GITHUB_APP_ID_* and
GITHUB_PEM_PATH_* env vars, generates a JWT, and exchanges it for a
GitHub App installation token. Contains no secrets.
Updated all heartbeats to reference the absolute path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All agents now reference PEMs at /paperclip/secrets/github-pems/<name>.pem
instead of per-agent secrets/ subdirectories. PEMs will be mounted from a
single Kubernetes Secret. Added .gitignore to prevent accidental secret commits.
Countess GitHub App ID set to 3097914.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Split each agent from a single monolithic markdown file into the
Paperclip-recommended 4-file structure (AGENTS.md, SOUL.md, HEARTBEAT.md,
TOOLS.md) plus CONFIG.md as operational backup.
Bug fixes applied during restructure:
- Nancy reports to Countess, not Baron von Namespace
- Gandalf is Staff Software Engineer, not VP of Engineering
- Samuel restored from git history and role changed to `social`
- Addison references Samuel Stinkpost, not Shitposting Samuel
- Nancy instructionsFilePath corrected to /cto/ path
- Added missing model field to Addison, Nancy, Gandalf
- Added missing instructionsFilePath to Addison, Gandalf, Hugh, Samuel
- Added WHAT YOU NEVER DO section to Hugh
- Hugh adapter changed to gemini_local with model auto
- Removed Baron von Namespace and Nancy (Engineer) from roster
- Countess heartbeat now checks this repo for org config changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Chris Farhood