Separates working directory (ephemeral, /workspaces/) from agent
home/config directory (persistent, /paperclip/). Prevents branch
switching in one agent's work from breaking other agents' instructions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Stripped rules that are already in POLICIES.md from all 28 SOUL.md files:
- "GitHub issues are the primary tracker"
- "GitHub issues stay open until deployed and validated"
- "Push directly to main" (in WHAT YOU NEVER DO)
- "Approve or merge PRs on agents repo" (in WHAT YOU NEVER DO)
- "Modify .github/workflows" (in WHAT YOU NEVER DO)
Also fixed:
- CartSnitch CTO: removed stale merge authority (contradicted POLICIES.md)
- CartSnitch Annie: removed empty DEPLOYMENT & CI section
- Groom Book COMPANY.md: updated roster with all 6 agents
- PRI COMPANY.md: removed Samuel, added VP Product, updated models/adapters
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CMOs (Savannah, Addison, Clipper):
- Switched from claude_local/sonnet to opencode_local/minimax
- Uses MINIMAX_API_KEY secret_ref (direct MiniMax API, not OpenRouter)
- opencode.json with web search MCP
- Removed .mcp.json (claude_local only)
- promptTemplate required in DB (no instructionsFilePath)
QAs (Betty, Regina, Lint Roller):
- Switched from openrouter/minimax to minimax direct
- Model: minimax/MiniMax-M2.7 (was openrouter/minimax/minimax-m2.7)
- Uses MINIMAX_API_KEY instead of OPENROUTER_API_KEY
VP Products: unchanged (stay on opus, .mcp.json for web search MCP only)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- .mcp.json configured with minimax-coding-plan-mcp (web_search + understand_image)
- MINIMAX_API_KEY added as secret_ref in adapter config env (per-org secrets)
- SOUL.md updated with web search usage guidance
- Keys stored in Paperclip secrets, not in repo
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- All CMOs now own and execute the full marketing function (IC work)
- Removed delegation language — no subordinates to delegate to
- Removed GitHub auth and gh commands from CMO heartbeats (CMOs don't use GitHub)
- PRI: removed Samuel Stinkpost references (terminated)
- PRI: updated Addison's capabilities and SOUL.md
- Groom Book: hired Clipper McGee as CMO
- Updated org charts in CLAUDE.md and CEO SOUL.md files
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaced hardcoded "Check for assigned work from <manager>" and
pnpm paperclipai CLI with consistent inbox-lite API call.
Agents work on whatever is assigned regardless of who assigned it.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Updated across all POLICIES.md and SOUL.md files in all orgs.
Merging is a step in the process, not the finish line.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEOs and CTOs stay on claude-opus-4-6 (strategy, architecture, judgment).
IC agents move to claude-sonnet-4-6 (implementation, routine execution).
Lint Roller set up as opencode_local with minimax-m2.5 (matching Regina).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
PRI agents were still referencing local TOOLS.md (deleted).
Now uses absolute paths to shared root files.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All agents now use App ID 3097914 (privilegedescalation-paperclip) with
the shared PEM at /paperclip/secrets/github-pems/privilegedescalation.pem.
Individual per-agent PEMs have been removed from the k8s secret.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The previous directive told agents to exit on 401, causing them to bail
on the first failed curl. PAPERCLIP_API_URL is injected by the adapter
but may not expand in all shell contexts. Fall back to localhost:3100.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Added explicit directive to all heartbeats: PAPERCLIP_API_KEY and other
env vars are pre-injected and valid — do not inspect, decode, verify,
or debug them. Exit cleanly on 401 instead of retrying.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Every agent now invokes the persistent memory skill for cross-heartbeat
knowledge retention: facts, daily notes, entities, synthesis, and recall.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
C-level and VP agents explicitly state they do not do IC work and name
who they delegate to. IC agents declare owned domains and tech skills.
Format: scope sentence + delegation boundary + domain tags.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All agents now have explicit NEVER DO rule: only the board may approve
or merge PRs on the agents repo (agent configurations and prompts).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- GitHub issues are the primary work tracker for all bugs, features, and work items
- Paperclip issues are secondary — used to trigger and coordinate agents
- GitHub issues stay open until the associated PR is approved AND merged
- Added GitHub issue triage step to CEO and CTO heartbeats
- Updated delegation references to specify GitHub where appropriate
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Nancy will close without merging and reprimand any PR proposing alternatives.
All agents updated to understand this is non-negotiable.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Repo renamed from privilegedescalation/privilegedescalation to
privilegedescalation/agents. All filesystem paths in agent configs,
heartbeats, and tools updated to match the new on-disk location.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each agent gets HOME set to their cwd so ~/.gitconfig and
~/.config/gh/ don't collide between concurrent heartbeats.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add explicit POST /api/issues/{issueId}/checkout and PATCH status
update curl templates with X-Paperclip-Run-Id headers to all agent
heartbeats. Document Gemini workspace sandboxing in Hugh's TOOLS.md.
Also removed Regina's ghost instructionsFilePath from live DB.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Single script at repo root that auto-detects GITHUB_APP_ID_* and
GITHUB_PEM_PATH_* env vars, generates a JWT, and exchanges it for a
GitHub App installation token. Contains no secrets.
Updated all heartbeats to reference the absolute path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All agents now reference PEMs at /paperclip/secrets/github-pems/<name>.pem
instead of per-agent secrets/ subdirectories. PEMs will be mounted from a
single Kubernetes Secret. Added .gitignore to prevent accidental secret commits.
Countess GitHub App ID set to 3097914.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Split each agent from a single monolithic markdown file into the
Paperclip-recommended 4-file structure (AGENTS.md, SOUL.md, HEARTBEAT.md,
TOOLS.md) plus CONFIG.md as operational backup.
Bug fixes applied during restructure:
- Nancy reports to Countess, not Baron von Namespace
- Gandalf is Staff Software Engineer, not VP of Engineering
- Samuel restored from git history and role changed to `social`
- Addison references Samuel Stinkpost, not Shitposting Samuel
- Nancy instructionsFilePath corrected to /cto/ path
- Added missing model field to Addison, Nancy, Gandalf
- Added missing instructionsFilePath to Addison, Gandalf, Hugh, Samuel
- Added WHAT YOU NEVER DO section to Hugh
- Hugh adapter changed to gemini_local with model auto
- Removed Baron von Namespace and Nancy (Engineer) from roster
- Countess heartbeat now checks this repo for org config changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Chris Farhood