Every agent must have opencode.json with permission: allow,
regardless of adapter type. Without it, opencode auto-rejects
file access outside the agent's cwd.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The agents repo is not the agent's cwd — opencode.json and .mcp.json
must exist in the cwd at runtime for permissions and MCP access.
CEO now copies these files from the repo to each agent's cwd during
the sync step.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore full heartbeat (was truncated at 41 lines)
- Add placeholder detection + agent creation via Paperclip API
- New hires get PRed back for board approval, not self-merged
- Update merge step to require triple approval (UAT + QA + CTO)
- Update SOUL.md merge rule to include Patty (UAT)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CEO heartbeat is mostly mechanical — repo sync, config PATCH,
delegation routing, PR merging. Sonnet on high effort handles
this reliably at a fraction of Opus token cost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Repo sync must complete before any other heartbeat work. If sync fails,
the heartbeat must exit with an error state immediately. No
parallelization, no skipping.
Also fixes escaped backslash-bang in cat-file check.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
If the repo was force-pushed or shallow-cloned, the saved SHA may no
longer exist. Detect this and fall back to a full resync instead of
failing silently.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Separates working directory (ephemeral, /workspaces/) from agent
home/config directory (persistent, /paperclip/). Prevents branch
switching in one agent's work from breaking other agents' instructions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Stripped rules that are already in POLICIES.md from all 28 SOUL.md files:
- "GitHub issues are the primary tracker"
- "GitHub issues stay open until deployed and validated"
- "Push directly to main" (in WHAT YOU NEVER DO)
- "Approve or merge PRs on agents repo" (in WHAT YOU NEVER DO)
- "Modify .github/workflows" (in WHAT YOU NEVER DO)
Also fixed:
- CartSnitch CTO: removed stale merge authority (contradicted POLICIES.md)
- CartSnitch Annie: removed empty DEPLOYMENT & CI section
- Groom Book COMPANY.md: updated roster with all 6 agents
- PRI COMPANY.md: removed Samuel, added VP Product, updated models/adapters
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEOs were missing issues in repos not explicitly listed (e.g.,
groombook/infra, PRI plugin repos). Now uses gh repo list to
discover all repos in the org at triage time.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaced hardcoded "Check for assigned work from <manager>" and
pnpm paperclipai CLI with consistent inbox-lite API call.
Agents work on whatever is assigned regardless of who assigned it.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Updated across all POLICIES.md and SOUL.md files in all orgs.
Merging is a step in the process, not the finish line.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
PRI agents were still referencing local TOOLS.md (deleted).
Now uses absolute paths to shared root files.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All agents now use App ID 3097914 (privilegedescalation-paperclip) with
the shared PEM at /paperclip/secrets/github-pems/privilegedescalation.pem.
Individual per-agent PEMs have been removed from the k8s secret.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The previous directive told agents to exit on 401, causing them to bail
on the first failed curl. PAPERCLIP_API_URL is injected by the adapter
but may not expand in all shell contexts. Fall back to localhost:3100.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Agent memory files can contain secrets (API keys, credentials, infra
details). These must not be committed to git. Memory persists on the
pod's persistent volume. Git is for board-authored config only.
- Added life/ and memory/ back to .gitignore
- Removed git add/commit/push from CEO heartbeat sync (pull-only now)
- Removed auto-merge workflow (no longer needed)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEO commits memory/runtime updates to agent-sync branch instead of main.
GitHub Actions workflow auto-merges agent-sync into main on push.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Added explicit directive to all heartbeats: PAPERCLIP_API_KEY and other
env vars are pre-injected and valid — do not inspect, decode, verify,
or debug them. Exit cleanly on 401 instead of retrying.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- .gitignore: exclude runtime junk (.claude/, .cache/, .npm/) but track
life/ and memory/ so agent knowledge persists across pod restarts
- CEO heartbeat: git add + commit local changes before pull --rebase,
then push to persist memory files in the repo
- Fixes agents wasting turns debugging dirty working tree on every heartbeat
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Every agent now invokes the persistent memory skill for cross-heartbeat
knowledge retention: facts, daily notes, entities, synthesis, and recall.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
C-level and VP agents explicitly state they do not do IC work and name
who they delegate to. IC agents declare owned domains and tech skills.
Format: scope sentence + delegation boundary + domain tags.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All agents now have explicit NEVER DO rule: only the board may approve
or merge PRs on the agents repo (agent configurations and prompts).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- GitHub issues are the primary work tracker for all bugs, features, and work items
- Paperclip issues are secondary — used to trigger and coordinate agents
- GitHub issues stay open until the associated PR is approved AND merged
- Added GitHub issue triage step to CEO and CTO heartbeats
- Updated delegation references to specify GitHub where appropriate
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Nancy will close without merging and reprimand any PR proposing alternatives.
All agents updated to understand this is non-negotiable.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Repo renamed from privilegedescalation/privilegedescalation to
privilegedescalation/agents. All filesystem paths in agent configs,
heartbeats, and tools updated to match the new on-disk location.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each agent gets HOME set to their cwd so ~/.gitconfig and
~/.config/gh/ don't collide between concurrent heartbeats.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add explicit POST /api/issues/{issueId}/checkout and PATCH status
update curl templates with X-Paperclip-Run-Id headers to all agent
heartbeats. Document Gemini workspace sandboxing in Hugh's TOOLS.md.
Also removed Regina's ghost instructionsFilePath from live DB.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PATCH replaces adapterConfig entirely (no merge), so the heartbeat now
specifies an explicit read-merge-write flow to prevent wiping promptTemplate
and secret env values. Includes exact curl commands and safety rules.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Single script at repo root that auto-detects GITHUB_APP_ID_* and
GITHUB_PEM_PATH_* env vars, generates a JWT, and exchanges it for a
GitHub App installation token. Contains no secrets.
Updated all heartbeats to reference the absolute path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All agents now reference PEMs at /paperclip/secrets/github-pems/<name>.pem
instead of per-agent secrets/ subdirectories. PEMs will be mounted from a
single Kubernetes Secret. Added .gitignore to prevent accidental secret commits.
Countess GitHub App ID set to 3097914.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Countess now pulls the agent roster repo on every heartbeat and applies
config changes to the live Paperclip system via API. Includes prompt-wipe
safety rules for opencode_local (Regina) and GitHub app env var placeholders.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Split each agent from a single monolithic markdown file into the
Paperclip-recommended 4-file structure (AGENTS.md, SOUL.md, HEARTBEAT.md,
TOOLS.md) plus CONFIG.md as operational backup.
Bug fixes applied during restructure:
- Nancy reports to Countess, not Baron von Namespace
- Gandalf is Staff Software Engineer, not VP of Engineering
- Samuel restored from git history and role changed to `social`
- Addison references Samuel Stinkpost, not Shitposting Samuel
- Nancy instructionsFilePath corrected to /cto/ path
- Added missing model field to Addison, Nancy, Gandalf
- Added missing instructionsFilePath to Addison, Gandalf, Hugh, Samuel
- Added WHAT YOU NEVER DO section to Hugh
- Hugh adapter changed to gemini_local with model auto
- Removed Baron von Namespace and Nancy (Engineer) from roster
- Countess heartbeat now checks this repo for org config changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Chris Farhood
Countess von Containerheim