privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
130 Commits 17 Branches 0 Tags
bd493d72aee5f90ffec28fe9ebd69463e769637a
Commit Graph

6 Commits

Author SHA1 Message Date
Chris Farhood 66d78ef403 Add sealed secrets policy and kubeseal to tools 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 15:52:56 -04:00
Chris Farhood 2fd9f0691d Add dev namespace access and kubectl to POLICIES.md and TOOLS.md 
Each org now has a -dev namespace where agents can freely use kubectl
for testing and iteration. Production namespaces remain Flux-only.

Access model:
- Cluster-wide: read-only
- Production namespace: read-write (Flux-managed, no manual kubectl)
- Dev namespace: read-write (agents may use kubectl freely)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-21 11:05:32 -04:00
Chris Farhood c0298d3052 Add cluster infrastructure standards to POLICIES.md, consolidate MCP in TOOLS.md 
POLICIES.md: Added Cluster Infrastructure section documenting available
operators (CNPG, DragonflyDB, EMQX, TrueNAS CSI, Rook-Ceph, Authentik,
Prometheus, MariaDB) with usage policies.

TOOLS.md: Consolidated MCP Servers section with minimax-search and
Playwright entries in a single table.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-21 10:56:32 -04:00
Chris Farhood e29531913c Align Regina with other QA agents: Playwright, generic heartbeat, dedupe policies 
- Added Playwright MCP to opencode.json and SOUL.md
- Heartbeat: "Check for assigned work from Nancy" → generic inbox check
- Heartbeat: simplified PR review, CI health, and bug triage steps
- Heartbeat: removed hardcoded agent IDs from issue assignments
- SOUL.md: removed ArtifactHub rule (already in shared POLICIES.md)
- SOUL.md: updated merge language to match PR workflow policy
- TOOLS.md: added MCP Servers section

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 19:40:41 -04:00
Chris Farhood 9001935d63 Add GitHub Actions runner info to shared TOOLS.md 
Each org has self-hosted ARC runners that scale to zero when idle.
Runner labels standardized to runners-<org> format.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-18 22:53:35 -04:00
Chris Farhood 8a8fa24aac Consolidate shared policies and tools into root-level files 
- Added POLICIES.md: env var handling, infra policy (ghcr.io, Renovate),
  git workflow, issue tracking, CI/CD access rules
- Added shared TOOLS.md: GitHub auth, Paperclip API, common tools, repos
- Removed all per-agent TOOLS.md files (shared file covers everything)
- Updated all AGENTS.md bootstraps to read shared POLICIES.md and TOOLS.md
- Removed duplicated env var directive from all HEARTBEAT.md files

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-18 20:19:10 -04:00