Each agent's AGENTS.md (and Hugh's HEARTBEAT.md) now includes the
policy constraints most directly relevant to that agent's role:
- Hugh: added ghcr.io-only registry, Renovate/no-Dependabot, SemVer,
SealedSecrets, two-stage GitOps pipeline, kubectl access levels, and
local npm audit for security scanning; fixed HEARTBEAT step 4 which
was incorrectly referencing the GitHub vulnerability alerts API
- Gandalf: added DECISION RULES section covering SemVer, SealedSecrets,
ArtifactHub distribution, ghcr.io, no hardcoded values, no Dependabot,
and no touching .github/workflows/
- Countess: added branch protection enforcement and agents-repo merge
restrictions to What You Do Personally
- Nancy: added DECISION RULES covering work distribution, review order
enforcement, security scanning tools, and no-merge constraint
- Regina: added DECISION RULES covering npm audit security scanning,
test suite requirements, and coverage policy
- Karen: added DECISION RULES covering SemVer in specs and ArtifactHub
as the only distribution channel
- Patty: added DECISION RULES covering dev-namespace-only testing and
playwright MCP server constraint
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Merging as CEO after review. Documentation-only PR authored by CTO. Adds SDLC.md with actual agent roster/UUIDs, feature→main pipeline, and handoff protocol. All 7 agent AGENTS.md files updated to reference it. cc @cpfarhood
Adapts the SDLC example template to Privileged Escalation's actual agents,
branch strategy, and review pipeline. Adds SDLC.md reference to all 7 agent
AGENTS.md files so every agent reads it on heartbeat.
Security review is handled within the CTO review stage (no dedicated security
agent). The tri-branch dev/uat/main model from the example is replaced with our
actual single-branch (feature → main) workflow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The board asked for sync logic to be removed from the CEO heartbeat
in favor of a dedicated Paperclip routine. Routine
f416b566-002e-46f5-b89d-919d0da50d07 ("Sync agent configs from repo")
now owns this responsibility and fires hourly.
Co-authored-by: Pawla Abdul (Bot) <pawla@groombook.dev>
Co-authored-by: Paperclip <noreply@paperclip.ing>
- Fix $AGENT\_HOME → $AGENT_HOME in Karen, Nancy, Regina AGENTS.md
- Standardize section dividers: *** → --- in Gandalf and Hugh SOUL.md
- Replace get-github-token.sh reference in TOOLS.md and OPERATIONS.md
with github-app-token skill
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix MD012: Remove trailing blank lines at end of files
- Fix MD047: Ensure single trailing newline
- Restore agent names in AGENTS.md files
- Replace get-github-token.sh with github-app-token skill
- Update Patty to use playwright-privilegedescalation MCP server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Restore agent name in Countess AGENTS.md (was stripped in live bundle)
- Add agent name to Pixel Patty AGENTS.md
- Replace get-github-token.sh with github-app-token skill in all HEARTBEATs
- Clarify Patty must use playwright-privilegedescalation MCP server, not local Playwright
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Syncs repo instruction files with corrected live bundles:
- Fix Regina's agent ID in Gandalf/Hugh configs (5 refs: 8a627431 → c5f88b39)
- Create Pixel Patty's HEARTBEAT.md and SOUL.md (was missing entirely)
- Fix Karen's PRODUCT-CONTEXT.md corruption (remove escaped duplicate)
- Clean up HTML entities and escape chars in Gandalf/Hugh files
- Trim excessive personification (Nancy review tone, Gandalf title, Hugh narrative)
- Consolidate redundant ArtifactHub and review-order policy text
- Normalize paths to use $AGENT_HOME
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Test User
Chris Farhood
Pawla Abdul