privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
110 Commits 17 Branches 0 Tags
a7680209dbbfa10402504635d74d90a21dfc8991
Commit Graph

7 Commits

Author SHA1 Message Date
Chris Farhood d4b984b283 Tighten Kubernetes policy: kubectl is read-only, Flux is the only write path 
- POLICIES.md: explicitly list kubectl as read-only, enumerate banned
  mutating commands (apply, delete, edit, patch, create)
- Groom Book TECH_STACK.md: fixed "read/write access" to "read-only"
  and removed language implying manual kubectl apply is acceptable

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 23:37:30 -04:00
Chris Farhood cd62d2f6ec Add Flux GitOps deployment policy to shared POLICIES.md 
All infra changes go through the infra repo and Flux reconciliation.
No manual kubectl apply, no direct cluster modifications.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 21:40:36 -04:00
Chris Farhood 13c5b14522 Add Task Assignment section to shared POLICIES.md 
Provides every agent with the exact API calls for creating assigned
issues and reassigning existing ones. Includes curl examples with
assigneeAgentId, parentId, and run ID headers.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 21:15:00 -04:00
Chris Farhood 8665e041ef Add versioning policy: CalVer for most orgs, SemVer for PRI (ArtifactHub) 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 08:21:48 -04:00
Chris Farhood b477940f2a Issues stay open until deployed and validated, not just merged 
Updated across all POLICIES.md and SOUL.md files in all orgs.
Merging is a step in the process, not the finish line.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 08:02:25 -04:00
Chris Farhood 33c076aaa0 Enforce PR workflow: QA + CTO approve, CEO merges, GitHub branch protection 
POLICIES.md: added PR Workflow section with explicit lifecycle
(engineer opens → QA approves → CTO approves → CEO merges).
Updated issue tracking to reference dual approval before merge.
Added branch protection enforcement directive.

CEO: added merge step to heartbeat, merge authority in SOUL.md,
branch protection enforcement responsibility.

CTO: removed merge authority, review and approve only.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 07:18:52 -04:00
Chris Farhood 8a8fa24aac Consolidate shared policies and tools into root-level files 
- Added POLICIES.md: env var handling, infra policy (ghcr.io, Renovate),
  git workflow, issue tracking, CI/CD access rules
- Added shared TOOLS.md: GitHub auth, Paperclip API, common tools, repos
- Removed all per-agent TOOLS.md files (shared file covers everything)
- Updated all AGENTS.md bootstraps to read shared POLICIES.md and TOOLS.md
- Removed duplicated env var directive from all HEARTBEAT.md files

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-18 20:19:10 -04:00