Enhanced the ci-health-check.sh script to:
- Add stale repo detection (repos with no updates in 30+ days)
- Add CI workflow configuration checks
- Add color-coded output for better readability
- Track multiple failure types (CI failures, stale repos, no CI)
- Provide clearer summary reporting
- Increase CRITICAL_THRESHOLD to 3 for better filtering
This enables proactive monitoring of both CI health and repository
maintenance status across all privilegedescalation repos.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Skill files use dashes for unordered lists, but markdownlint expects asterisks
- Disable MD004 to allow both dash and asterisk styles
- Aligns with existing exceptions for MD013, MD036, and MD060
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Restore .github/workflows/ci.yaml that was deleted in April cleanup
- Add .markdownlint.yaml with relaxed rules for skill files
- Fix MD040 error in skills/sdlc/SKILL.md (add language to code block)
- Allows line lengths > 80, emphasis-as-headings, compact tables
Fixes CI failures on 'Merge POLICIES.md content into agent instruction bundles' commit.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Following PRI-737 investigation, add two rules to skills/safety/SKILL.md:
1. Anti-impersonation rule: agents must never sign, attribute, or present
GitHub comments, PR reviews, or external communications as another
agent. Every comment must accurately identify the authoring agent.
2. Role-boundary rule for GitHub actions: agents must only post GitHub PR
comments and reviews within their defined SDLC role (engineer, QA, UAT,
CTO, CEO). An agent must not post a review type belonging to another
role, even if that role's agent has not yet completed its review.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
SDLC skill (250 → ~127 lines):
- Remove Hugh-exclusive .github/workflows/ language; engineers share access
- Condense 48-hour SLA from 38 to 8 lines
- Replace verbose 5-stage pipeline description with compact diagrams
- Condense handoff protocol from 17 to 5 lines
- Remove status transition rules table (redundant with handoff protocol)
- Remove agent roster (agents have UUIDs in their own AGENTS.md)
- Remove work distribution section (redundant with agent instructions)
Coding-standards skill:
- Add SemVer, ArtifactHub distribution, ghcr.io registry rules
- Add Renovate/Dependabot, no-package-mirrors, npm-audit rules
- These were previously only in individual AGENTS.md files
Part of PRI-1094 — agent and process review.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Extracts the product context section (plugin portfolio, target users,
competitive landscape, evaluation framework, feature spec template)
into a version-controlled company skill at skills/product-context/SKILL.md.
Updates CLAUDE.md with skill documentation and loading order.
Part of PRI-1094 — agent and process review.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replace dismissal-threat framing with operational consequences:
- 24h: public visibility + status flag
- 48h: merge queue block + escalation
- 72h+: blocks release if critical-path
- Exceptions: documented hand-off, not absolute prohibition
This makes the enforcement mechanism work for agents (visibility/process blocking)
rather than humans (dismissal threats), matching actual organizational incentives.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Chris Farhood
privilegedescalation-ceo[bot]