privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: privilegedescalation/org:fix/remove-plugin-release-workflow
Branches Tags
privilegedescalation/org:main privilegedescalation/org:fix/remove-plugin-release-workflow privilegedescalation/org:pri-1741-delete-shared-workflows privilegedescalation/org:ceo/restore-plugin-release-workflow privilegedescalation/org:ceo/merge-pr-67-plugin-release privilegedescalation/org:gandalf/restore-github-release-workflow privilegedescalation/org:fix/pri-1630-runner-labels privilegedescalation/org:gandalf/add-uat-skill privilegedescalation/org:nancy/sdlc-two-pipeline-routing privilegedescalation/org:master privilegedescalation/org:onboard-kubectl-karen privilegedescalation/org:chore/add-funding-yml privilegedescalation/org:cmo/kubecon-eu-2026-live-coverage privilegedescalation/org:docs/kubecon-prep-2026-03-14 privilegedescalation/org:docs/2026-03-13-status-report privilegedescalation/org:social/2026-03-12-industry-commentary privilegedescalation/org:social/kubecon-eu-2026
..
compare: privilegedescalation/org:df583bc183230ed9753dae916c6e16df90dab153
Branches Tags
privilegedescalation/org:main privilegedescalation/org:fix/remove-plugin-release-workflow privilegedescalation/org:pri-1741-delete-shared-workflows privilegedescalation/org:ceo/restore-plugin-release-workflow privilegedescalation/org:ceo/merge-pr-67-plugin-release privilegedescalation/org:gandalf/restore-github-release-workflow privilegedescalation/org:fix/pri-1630-runner-labels privilegedescalation/org:gandalf/add-uat-skill privilegedescalation/org:nancy/sdlc-two-pipeline-routing privilegedescalation/org:master privilegedescalation/org:onboard-kubectl-karen privilegedescalation/org:chore/add-funding-yml privilegedescalation/org:cmo/kubecon-eu-2026-live-coverage privilegedescalation/org:docs/kubecon-prep-2026-03-14 privilegedescalation/org:docs/2026-03-13-status-report privilegedescalation/org:social/2026-03-12-industry-commentary privilegedescalation/org:social/kubecon-eu-2026

14 Commits
fix/remove-plugin-release-workflow .. df583bc183

Author SHA1 Message Date
Chris Farhood df583bc183 Delete profile/README.md 2026-05-19 20:55:59 +00:00
Chris Farhood 07d9440966 Delete images/org-chart.png 2026-05-19 20:55:43 +00:00
Chris Farhood 94c881184e Delete directory 'agents' 2026-05-19 20:55:28 +00:00
Chris Farhood 18f4ef2126 feat(sdlc): add delegation model tier policy 
Set modelProfile cheap only for mechanical, bounded tasks. Leave unset
(judgment/reasoning/QA) for standard tier. When in doubt, leave unset.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-04 22:36:55 -04:00
Chris Farhood d7e9c627a8 fix(coding-standards): align versioning with CalVer org policy 
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-04 22:01:14 -04:00
Chris Farhood 93e70e6d66 feat(skills): align with cross-org review 
- safety: drop tools section (moved to sdlc), add explicit kubectl-prod
  ban, add no-tofu-direct rule, drop the merge-gate cross-reference into
  a separate bullet
- sdlc: add Phase 0 product-analysis intake (CMPO Pawla as gate); add
  scheduled penetration testing program (Barkley owns); standardize
  authentication to Better-Auth + Google + Apple + Authentik; add
  canonical tools section (moved from safety) including ghcr.io/groombook
  registry standard; reorganize PR review sections to match the cross-org
  pattern (named SDLC pipeline phases)
 2026-05-03 19:50:22 -04:00
Chris Farhood d496a67eae chore: remove vendored mirrors of external skill repos 
These were stale snapshots of skills owned by other orgs (better-auth,
fluxcd, greptileai, paperclipai, etc.) — Paperclip imports those
directly from their source repos at runtime. groombook/org should
contain only GroomBook-authored skills.
 2026-05-03 10:04:48 -04:00
Chris Farhood 4b32e84c03 feat(skills): add sdlc, safety, and coding-standards org skills 
Mirrors the privilegedescalation/org pattern: extract company-wide
policy that was previously inlined in each agent's AGENTS.md into three
shared skills. Agents will reference these via one-line invocation
reminders in their Wake additions section.
 2026-05-03 09:53:45 -04:00
Scrubs McBarkley c5e210f653 chore: sync company backup — 2026-04-16 
Export all agent configs, skills, and company metadata from the
Paperclip control plane to match current GroomBook org state.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-16 14:19:26 +00:00
groombook-ceo[bot] a945a825f2 Restore agent GITHUB.md files to GitHub instructions 
Restore agent GITHUB.md files to GitHub instructions
 2026-04-15 21:20:54 +00:00
Scrubs McBarkley 86a2422129 Restore agent GITHUB.md files to GitHub instructions 
Roll back Forgejo references and restore proper GitHub-based
instructions for all agents. Board has already restored CEO file.
Updated agents: the-dogfather, flea-flicker, lint-roller, pawla-abdul.

- Replace Forgejo auth (FGJ_TOKEN/fgj CLI) with GitHub App token skill
- Fix PR merge policy to reflect correct 3-environment SDLC
- Add proper github-app-token skill invocation instructions
- Standardize cc @cpfarhood visibility pattern across all agents

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 21:20:26 +00:00
groombook-ceo[bot] cc81906d3b Merge pull request #1 from groombook/backup/2026-04-13 
Merging company backup sync for 2026-04-13.
 2026-04-13 04:02:44 +00:00
Scrubs McBarkley 6bfd1b6c30 chore: sync company backup 2026-04-13 
Export full company configuration including agents, skills, and memory
files as of 2026-04-13. Adds missing agents (barkley-trimsworth,
daisy-clippington, shedward-scissorhands) and updates existing agent
instructions and skill definitions.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-13 04:02:21 +00:00
Chris Farhood 6a422fe293 moving company export to different repo 2026-04-07 06:40:44 -04:00
23 changed files with 833 additions and 735 deletions
Expand all files Collapse all files
.gitea/workflows/ci.yaml
-56
View File
@@ -1,56 +0,0 @@
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install linters
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends shellcheck yamllint
- name: Lint Markdown
uses: DavidAnson/markdownlint-cli2-action@v19
with:
globs: "**/*.md"
- name: Lint YAML
run: yamllint .
- name: Shellcheck
run: shellcheck scripts/*.sh
- name: Validate skill frontmatter
run: |
set -e
fail=0
for f in skills/*/SKILL.md; do
fm=$(awk 'BEGIN{c=0} /^---$/{c++; next} c==1{print} c>=2{exit}' "$f")
for key in name description; do
if ! printf '%s\n' "$fm" | grep -qE "^${key}:[[:space:]]"; then
echo "::error file=${f}::missing '${key}' in YAML frontmatter"
fail=1
fi
done
done
exit $fail
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate JSON files
run: |
find . -name "*.json" -not -path "./.git/*" | while read -r f; do
python3 -m json.tool "$f" > /dev/null || { echo "::error file=$f::Invalid JSON"; exit 1; }
done
echo "All JSON files valid"
.gitea/workflows/promotion-gate.yaml
-24
View File
@@ -1,24 +0,0 @@
name: Promotion Gate
on:
pull_request:
branches: [main]
jobs:
promotion_gate:
name: Promotion Gate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate skills directory structure
run: |
set -e
fail=0
for dir in skills/*/; do
if [ ! -f "${dir}SKILL.md" ]; then
echo "::error::Missing SKILL.md in ${dir}"
fail=1
fi
done
exit $fail
.markdownlint.yaml
-15
View File
@@ -1,15 +0,0 @@
# Markdownlint configuration for the org repo.
# Skill files intentionally use longer lines and emphasis-as-headings.
# Allow these patterns for skills directory.
# Line length is disabled for skill documentation
MD013: false
# Emphasis used as headings is allowed in skill files
MD036: false
# Compact table style is allowed
MD060: false
# Unordered list style (dash vs asterisk) is flexible
MD004: false
.paperclip.yaml
+501
View File
@@ -0,0 +1,501 @@
schema: "paperclip/v1"
agents:
barkley-trimsworth:
role: "engineer"
icon: "shield"
capabilities: "Security engineer responsible for code security reviews in the SDLC pipeline (post-UAT gate) and scheduled penetration testing of production and demo environments. Board-authorized for offensive security analysis."
adapter:
config:
timeoutSec: 3600
type: "claude_k8s"
runtime:
heartbeat:
intervalSec: 14400
maxConcurrentRuns: 1
inputs:
env:
AGENT_HOME:
description: "Optional default for AGENT_HOME on agent barkley-trimsworth"
kind: "plain"
default: "/paperclip/instances/default/companies/d50d9792-5817-4ff5-9771-c3267ba12990/agents/fadbc601-1528-4368-9317-31b144ed1655/instructions"
portability: "system_dependent"
requirement: "optional"
ANTHROPIC_AUTH_TOKEN:
description: "Provide ANTHROPIC_AUTH_TOKEN for agent barkley-trimsworth"
kind: "secret"
default: ""
requirement: "optional"
ANTHROPIC_BASE_URL:
description: "Optional default for ANTHROPIC_BASE_URL on agent barkley-trimsworth"
kind: "plain"
default: "https://api.minimax.io/anthropic"
requirement: "optional"
ANTHROPIC_DEFAULT_HAIKU_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_HAIKU_MODEL on agent barkley-trimsworth"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_DEFAULT_OPUS_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_OPUS_MODEL on agent barkley-trimsworth"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_DEFAULT_SONNET_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_SONNET_MODEL on agent barkley-trimsworth"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_MODEL:
description: "Optional default for ANTHROPIC_MODEL on agent barkley-trimsworth"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_SMALL_FAST_MODEL:
description: "Optional default for ANTHROPIC_SMALL_FAST_MODEL on agent barkley-trimsworth"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
API_TIMEOUT_MS:
description: "Optional default for API_TIMEOUT_MS on agent barkley-trimsworth"
kind: "plain"
default: "3000000"
requirement: "optional"
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:
description: "Optional default for CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS on agent barkley-trimsworth"
kind: "plain"
default: "1"
requirement: "optional"
GH_CONFIG_DIR:
description: "Optional default for GH_CONFIG_DIR on agent barkley-trimsworth"
kind: "plain"
default: "$AGENT_HOME/.config/gh"
requirement: "optional"
GITHUB_APP_ID:
description: "Optional default for GITHUB_APP_ID on agent barkley-trimsworth"
kind: "plain"
default: "3141748"
requirement: "optional"
GITHUB_APP_INSTALLATION_ID:
description: "Optional default for GITHUB_APP_INSTALLATION_ID on agent barkley-trimsworth"
kind: "plain"
default: "117793367"
requirement: "optional"
GITHUB_APP_PEM_FILE:
description: "Optional default for GITHUB_APP_PEM_FILE on agent barkley-trimsworth"
kind: "plain"
default: "/secrets/groombook/groombook-engineer.pem"
portability: "system_dependent"
requirement: "optional"
flea-flicker:
role: "engineer"
icon: "code"
capabilities: "Principal software engineer responsible for core platform architecture, implementation, and technical execution."
adapter:
config:
timeoutSec: 3600
type: "claude_k8s"
runtime:
heartbeat:
enabled: true
intervalSec: 14400
maxConcurrentRuns: 1
inputs:
env:
AGENT_HOME:
description: "Optional default for AGENT_HOME on agent flea-flicker"
kind: "plain"
default: "/paperclip/instances/default/companies/d50d9792-5817-4ff5-9771-c3267ba12990/agents/515a927a-66b6-449b-aa03-653b697b30f7/instructions"
portability: "system_dependent"
requirement: "optional"
ANTHROPIC_AUTH_TOKEN:
description: "Provide ANTHROPIC_AUTH_TOKEN for agent flea-flicker"
kind: "secret"
default: ""
requirement: "optional"
ANTHROPIC_BASE_URL:
description: "Optional default for ANTHROPIC_BASE_URL on agent flea-flicker"
kind: "plain"
default: "https://api.minimax.io/anthropic"
requirement: "optional"
ANTHROPIC_DEFAULT_HAIKU_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_HAIKU_MODEL on agent flea-flicker"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_DEFAULT_OPUS_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_OPUS_MODEL on agent flea-flicker"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_MODEL:
description: "Optional default for ANTHROPIC_MODEL on agent flea-flicker"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_SMALL_FAST_MODEL:
description: "Optional default for ANTHROPIC_SMALL_FAST_MODEL on agent flea-flicker"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHRPOIC_DEFAULT_SONNET_MODEL:
description: "Optional default for ANTHRPOIC_DEFAULT_SONNET_MODEL on agent flea-flicker"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
API_TIMEOUT_MS:
description: "Optional default for API_TIMEOUT_MS on agent flea-flicker"
kind: "plain"
default: "3000000"
requirement: "optional"
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:
description: "Optional default for CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS on agent flea-flicker"
kind: "plain"
default: "1"
requirement: "optional"
GH_CONFIG_DIR:
description: "Optional default for GH_CONFIG_DIR on agent flea-flicker"
kind: "plain"
default: "$AGENT_HOME/.config/gh"
requirement: "optional"
GITHUB_APP_ID:
description: "Optional default for GITHUB_APP_ID on agent flea-flicker"
kind: "plain"
default: "3141748"
requirement: "optional"
GITHUB_APP_INSTALLATION_ID:
description: "Optional default for GITHUB_APP_INSTALLATION_ID on agent flea-flicker"
kind: "plain"
default: "117793367"
requirement: "optional"
GITHUB_APP_PEM_FILE:
description: "Optional default for GITHUB_APP_PEM_FILE on agent flea-flicker"
kind: "plain"
default: "/secrets/groombook/groombook-engineer.pem"
portability: "system_dependent"
requirement: "optional"
lint-roller:
role: "qa"
icon: "bug"
capabilities: "Senior QA engineer responsible for test strategy, quality assurance, bug tracking, and release validation."
adapter:
config:
timeoutSec: 3600
type: "claude_k8s"
runtime:
heartbeat:
enabled: true
intervalSec: 14400
maxConcurrentRuns: 1
inputs:
env:
AGENT_HOME:
description: "Optional default for AGENT_HOME on agent lint-roller"
kind: "plain"
default: "/paperclip/instances/default/companies/d50d9792-5817-4ff5-9771-c3267ba12990/agents/16fa774c-bbab-4647-9f8d-24807b83a24f/instructions"
portability: "system_dependent"
requirement: "optional"
ANTHROPIC_AUTH_TOKEN:
description: "Provide ANTHROPIC_AUTH_TOKEN for agent lint-roller"
kind: "secret"
default: ""
requirement: "optional"
ANTHROPIC_BASE_URL:
description: "Optional default for ANTHROPIC_BASE_URL on agent lint-roller"
kind: "plain"
default: "https://api.minimax.io/anthropic"
requirement: "optional"
ANTHROPIC_DEFAULT_HAIKU_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_HAIKU_MODEL on agent lint-roller"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_DEFAULT_OPUS_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_OPUS_MODEL on agent lint-roller"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_DEFAULT_SONNET_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_SONNET_MODEL on agent lint-roller"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_MODEL:
description: "Optional default for ANTHROPIC_MODEL on agent lint-roller"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_SMALL_FAST_MODEL:
description: "Optional default for ANTHROPIC_SMALL_FAST_MODEL on agent lint-roller"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
API_TIMEOUT_MS:
description: "Optional default for API_TIMEOUT_MS on agent lint-roller"
kind: "plain"
default: "3000000"
requirement: "optional"
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:
description: "Optional default for CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS on agent lint-roller"
kind: "plain"
default: "1"
requirement: "optional"
GH_CONFIG_DIR:
description: "Optional default for GH_CONFIG_DIR on agent lint-roller"
kind: "plain"
default: "$AGENT_HOME/.config/gh"
requirement: "optional"
GITHUB_APP_ID:
description: "Optional default for GITHUB_APP_ID on agent lint-roller"
kind: "plain"
default: "3141835"
requirement: "optional"
GITHUB_APP_INSTALLATION_ID:
description: "Optional default for GITHUB_APP_INSTALLATION_ID on agent lint-roller"
kind: "plain"
default: "117794928"
requirement: "optional"
GITHUB_APP_PEM_FILE:
description: "Optional default for GITHUB_APP_PEM_FILE on agent lint-roller"
kind: "plain"
default: "/secrets/groombook/groombook-qa.pem"
portability: "system_dependent"
requirement: "optional"
pawla-abdul:
role: "cmo"
icon: "target"
capabilities: "Chief Marketing & Product Officer responsible for marketing strategy, market positioning, brand management, product strategy, feature intake and prioritization (PDLC gate), product research, and public-facing content. Primary reviewer of all feature requests — returns Accept, Backlog, or Deny decisions to the CEO before any engineering work begins."
adapter:
config:
model: "claude-haiku-4-5-20251001"
type: "claude_k8s"
runtime:
heartbeat:
intervalSec: 14400
inputs:
env:
AGENT_HOME:
description: "Optional default for AGENT_HOME on agent pawla-abdul"
kind: "plain"
default: "/paperclip/instances/default/companies/d50d9792-5817-4ff5-9771-c3267ba12990/agents/7332abb9-4f85-4f87-ba13-aa7e0d5a2963/instructions"
portability: "system_dependent"
requirement: "optional"
GH_CONFIG_DIR:
description: "Optional default for GH_CONFIG_DIR on agent pawla-abdul"
kind: "plain"
default: "$AGENT_HOME/.config/gh"
requirement: "optional"
GITHUB_APP_ID:
description: "Optional default for GITHUB_APP_ID on agent pawla-abdul"
kind: "plain"
default: "3141748"
requirement: "optional"
GITHUB_APP_INSTALLATION_ID:
description: "Optional default for GITHUB_APP_INSTALLATION_ID on agent pawla-abdul"
kind: "plain"
default: "117793367"
requirement: "optional"
GITHUB_APP_PEM_FILE:
description: "Optional default for GITHUB_APP_PEM_FILE on agent pawla-abdul"
kind: "plain"
default: "/secrets/groombook/groombook-engineer.pem"
portability: "system_dependent"
requirement: "optional"
MINIMAX_API_BASE_URL:
description: "Optional default for MINIMAX_API_BASE_URL on agent pawla-abdul"
kind: "plain"
default: "https://api.minimax.io"
requirement: "optional"
MINIMAX_API_KEY:
description: "Optional default for MINIMAX_API_KEY on agent pawla-abdul"
kind: "secret"
default: ""
requirement: "optional"
scrubs-mcbarkley:
role: "ceo"
icon: "crown"
capabilities: "CEO responsible for company strategy, product roadmap, organizational coordination, hiring, and final production merge authority. Owns the PDLC gate: routes feature requests through CMPO review, approves or denies work, and is the sole agent authorized to merge to production."
adapter:
config:
dangerouslySkipPermissions: true
maxTurnsPerRun: 300
model: "claude-sonnet-4-6"
type: "claude_local"
runtime:
heartbeat:
intervalSec: 28800
maxConcurrentRuns: 1
permissions:
canCreateAgents: true
inputs:
env:
AGENT_HOME:
description: "Optional default for AGENT_HOME on agent scrubs-mcbarkley"
kind: "plain"
default: "/paperclip/instances/default/companies/d50d9792-5817-4ff5-9771-c3267ba12990/agents/1471aa94-e2b4-46b7-8fe7-084865d662fe/instructions"
portability: "system_dependent"
requirement: "optional"
GH_CONFIG_DIR:
description: "Optional default for GH_CONFIG_DIR on agent scrubs-mcbarkley"
kind: "plain"
default: "$AGENT_HOME/.config/gh"
requirement: "optional"
GITHUB_APP_ID:
description: "Optional default for GITHUB_APP_ID on agent scrubs-mcbarkley"
kind: "plain"
default: "3141498"
requirement: "optional"
GITHUB_APP_INSTALLATION_ID:
description: "Optional default for GITHUB_APP_INSTALLATION_ID on agent scrubs-mcbarkley"
kind: "plain"
default: "117787139"
requirement: "optional"
GITHUB_APP_PEM_FILE:
description: "Optional default for GITHUB_APP_PEM_FILE on agent scrubs-mcbarkley"
kind: "plain"
default: "/secrets/groombook/groombook-ceo.pem"
portability: "system_dependent"
requirement: "optional"
shedward-scissorhands:
role: "qa"
icon: "microscope"
capabilities: "User acceptance testing via Playwright MCP. Performs exhaustive pre-production browser evaluation — navigates every page, clicks every interactive element, walks all critical user flows, and blocks releases when defects are found."
adapter:
config:
graceSec: 15
timeoutSec: 3600
type: "claude_k8s"
runtime:
heartbeat:
enabled: true
intervalSec: 14400
maxConcurrentRuns: 1
inputs:
env:
AGENT_HOME:
description: "Optional default for AGENT_HOME on agent shedward-scissorhands"
kind: "plain"
default: "/paperclip/instances/default/companies/d50d9792-5817-4ff5-9771-c3267ba12990/agents/22f13aec-6df2-4d24-be70-66e0abad7e12/instructions"
portability: "system_dependent"
requirement: "optional"
ANTHROPIC_AUTH_TOKEN:
description: "Provide ANTHROPIC_AUTH_TOKEN for agent shedward-scissorhands"
kind: "secret"
default: ""
requirement: "optional"
ANTHROPIC_BASE_URL:
description: "Optional default for ANTHROPIC_BASE_URL on agent shedward-scissorhands"
kind: "plain"
default: "https://api.minimax.io/anthropic"
requirement: "optional"
ANTHROPIC_DEFAULT_HAIKU_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_HAIKU_MODEL on agent shedward-scissorhands"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_DEFAULT_OPUS_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_OPUS_MODEL on agent shedward-scissorhands"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_DEFAULT_SONNET_MODEL:
description: "Optional default for ANTHROPIC_DEFAULT_SONNET_MODEL on agent shedward-scissorhands"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHROPIC_MODEL:
description: "Optional default for ANTHROPIC_MODEL on agent shedward-scissorhands"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
ANTHRPOIC_SMALL_FAST_MODEL:
description: "Optional default for ANTHRPOIC_SMALL_FAST_MODEL on agent shedward-scissorhands"
kind: "plain"
default: "MiniMax-M2.7"
requirement: "optional"
API_TIMEOUT_MS:
description: "Optional default for API_TIMEOUT_MS on agent shedward-scissorhands"
kind: "plain"
default: "3000000"
requirement: "optional"
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:
description: "Optional default for CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS on agent shedward-scissorhands"
kind: "plain"
default: "1"
requirement: "optional"
GH_CONFIG_DIR:
description: "Optional default for GH_CONFIG_DIR on agent shedward-scissorhands"
kind: "plain"
default: "$AGENT_HOME/.config/gh"
requirement: "optional"
GITHUB_APP_ID:
description: "Optional default for GITHUB_APP_ID on agent shedward-scissorhands"
kind: "plain"
default: "3141835"
requirement: "optional"
GITHUB_APP_INSTALLATION_ID:
description: "Optional default for GITHUB_APP_INSTALLATION_ID on agent shedward-scissorhands"
kind: "plain"
default: "117794928"
requirement: "optional"
GITHUB_APP_PEM_FILE:
description: "Optional default for GITHUB_APP_PEM_FILE on agent shedward-scissorhands"
kind: "plain"
default: "/secrets/groombook/groombook-qa.pem"
portability: "system_dependent"
requirement: "optional"
the-dogfather:
role: "cto"
icon: "cpu"
capabilities: "Owns technical roadmap, architecture, engineering hiring, and execution. First engineering leader for a pet grooming platform."
adapter:
config:
effort: "high"
graceSec: 15
model: "claude-opus-4-6"
timeoutSec: 0
type: "claude_k8s"
runtime:
heartbeat:
intervalSec: 14400
maxConcurrentRuns: 1
inputs:
env:
AGENT_HOME:
description: "Optional default for AGENT_HOME on agent the-dogfather"
kind: "plain"
default: "/paperclip/instances/default/companies/d50d9792-5817-4ff5-9771-c3267ba12990/agents/2a556501-95e0-4e52-9cf1-e2034678285d/instructions"
portability: "system_dependent"
requirement: "optional"
GH_CONFIG_DIR:
description: "Optional default for GH_CONFIG_DIR on agent the-dogfather"
kind: "plain"
default: "$AGENT_HOME/.config/gh"
requirement: "optional"
GITHUB_APP_ID:
description: "Optional default for GITHUB_APP_ID on agent the-dogfather"
kind: "plain"
default: "3141591"
requirement: "optional"
GITHUB_APP_INSTALLATION_ID:
description: "Optional default for GITHUB_APP_INSTALLATION_ID on agent the-dogfather"
kind: "plain"
default: "117788845"
requirement: "optional"
GITHUB_APP_PEM_FILE:
description: "Optional default for GITHUB_APP_PEM_FILE on agent the-dogfather"
kind: "plain"
default: "/secrets/groombook/groombook-cto.pem"
portability: "system_dependent"
requirement: "optional"
company:
brandColor: "#96d35f"
logoPath: "images/company-logo.png"
sidebar:
agents:
- "scrubs-mcbarkley"
- "pawla-abdul"
- "the-dogfather"
- "barkley-trimsworth"
- "flea-flicker"
- "lint-roller"
- "shedward-scissorhands"
.yamllint.yaml
-7
View File
@@ -1,7 +0,0 @@
extends: default
rules:
line-length: disable
document-start: disable
truthy:
check-keys: false
CLAUDE.md
+25 -21
View File
@@ -2,34 +2,38 @@
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Repository Purpose
## What This Repo Is
This is the **Privileged Escalation org-level repository**. It contains company-wide skills (instruction bundles) consumed by AI agents that run inside Paperclip and develop Headlamp plugins. There is no application code, build system, or test suite — only Markdown skill definitions.
This is the **GitHub org-level configuration repository** (`groombook/.github`) for GroomBook — an open-source, self-hostable pet grooming business management platform. It contains:
## Structure
- `profile/` — GitHub organization profile README and logo
- `company/` — Paperclip AI company configuration export (agent definitions, skills, projects)
- `skills/` — Company skill definitions, each in its own directory with a `SKILL.md` file
- `skills/safety/SKILL.md` — Non-negotiable safety rules (secret handling, destructive action restrictions, sealed-secrets workflow, escalation protocol)
- `skills/sdlc/SKILL.md` — Software development lifecycle rules (GitHub auth, issue approval gates, branch strategy, PR review policy, handoff protocol, CI/CD)
- `skills/coding-standards/SKILL.md` — Headlamp plugin development conventions (stack, commands, registration API, shared libraries)
- `skills/product-context/SKILL.md` — Product context (plugin portfolio, target users, competitive landscape, evaluation framework, feature spec template)
There is no application code, build system, or test suite here. This repo is purely configuration and documentation.
## Skill File Format
## Related Repositories
Each skill is a Markdown file with YAML frontmatter containing `name` and `description` fields:
| Repo | Purpose |
|------|---------|
| `groombook/groombook` | Primary application (TypeScript, Node.js, React, PostgreSQL) |
| `groombook/agents` | Canonical agent definitions — prompts, personas, heartbeats, adapter configs |
| `groombook/infra` | Kubernetes manifests for Flux GitOps deployment |
```markdown
---
name: skill-name
description: >
One-line description of what the skill covers.
---
## Company Directory (`company/`)
# Skill Title
This is an export from [Paperclip](https://paperclip.ing) and contains a snapshot of the agent company configuration:
Content...
```
- `.paperclip.yaml` — Full agent configuration (adapters, heartbeats, env vars, permissions)
- `agents/` — Per-agent directories with prompt files (AGENTS.md, SOUL.md, HEARTBEAT.md, etc.)
- `skills/` — Shared skill definitions sourced from external repos (cpfarhood, fluxcd, paperclipai)
- `projects/` — Project definitions (groombook-app, groombook-infra, groombook-org, groombook-site, onboarding)
- `COMPANY.md` — Company metadata frontmatter
## Skill Loading Order
The canonical source for agent configurations is the `groombook/agents` repo. The `company/` directory here is a synced export — do not treat it as the source of truth for agent prompts or configs.
Skills are loaded by Paperclip in this order: `safety``sdlc``coding-standards``product-context`. Later skills can assume earlier ones are already loaded and should not duplicate their content.
## Key Policies
- **Container images**: `ghcr.io` only — no Docker Hub, no mirrors
- **Dependency updates**: Mend Renovate only — never use Dependabot
- **Versioning**: CalVer format `YYYY.MDD.PATCH` (e.g., `2026.318.0`), not SemVer
- **All PRs**: Include `cc @cpfarhood` at the bottom of the PR body
COMPANY.md
+7
View File
@@ -0,0 +1,7 @@
---
name: "GroomBook"
description: "An open source business management solution for pet groomers."
schema: "agentcompanies/v1"
slug: "groombook"
---
README.md
+62
View File
@@ -0,0 +1,62 @@
# GroomBook
> An open source business management solution for pet groomers.
![Org Chart](images/org-chart.png)
## What's Inside
> This is an [Agent Company](https://agentcompanies.io) package from [Paperclip](https://paperclip.ing)
| Content | Count |
|---------|-------|
| Agents | 7 |
| Skills | 20 |
### Agents
| Agent | Role | Reports To |
|-------|------|------------|
| Barkley Trimsworth | Engineer | the-dogfather |
| Flea Flicker | Engineer | the-dogfather |
| Lint Roller | qa | the-dogfather |
| Pawla Abdul | CMO | scrubs-mcbarkley |
| Scrubs McBarkley | CEO | — |
| Shedward Scissorhands | qa | the-dogfather |
| The Dogfather | CTO | scrubs-mcbarkley |
### Skills
| Skill | Description | Source |
|-------|-------------|--------|
| better-auth-best-practices | Configure Better Auth server and client, set up database adapters, manage sessions, add plugins, and handle environment variables. Use when users mention Better Auth, betterauth, auth.ts, or need to set up TypeScript authentication with email/password, OAuth, or plugin configuration. | [github](https://github.com/better-auth/skills) |
| better-auth-security-best-practices | Configure rate limiting, manage auth secrets, set up CSRF protection, define trusted origins, secure sessions and cookies, encrypt OAuth tokens, track IP addresses, and implement audit logging for Better Auth. Use when users need to secure their auth setup, prevent brute force attacks, or harden a Better Auth deployment. | [github](https://github.com/better-auth/skills) |
| create-auth-skill | Scaffold and implement authentication in TypeScript/JavaScript apps using Better Auth. Detect frameworks, configure database adapters, set up route handlers, add OAuth providers, and create auth UI pages. Use when users want to add login, sign-up, or authentication to a new or existing project with Better Auth. | [github](https://github.com/better-auth/skills) |
| email-and-password-best-practices | Configure email verification, implement password reset flows, set password policies, and customise hashing algorithms for Better Auth email/password authentication. Use when users need to set up login, sign-in, sign-up, credential authentication, or password security with Better Auth. | [github](https://github.com/better-auth/skills) |
| organization-best-practices | Configure multi-tenant organizations, manage members and invitations, define custom roles and permissions, set up teams, and implement RBAC using Better Auth's organization plugin. Use when users need org setup, team management, member roles, access control, or the Better Auth organization plugin. | [github](https://github.com/better-auth/skills) |
| two-factor-authentication-best-practices | Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better Auth's twoFactor plugin. Use when users need MFA, multi-factor authentication, authenticator setup, or login security with Better Auth. | [github](https://github.com/better-auth/skills) |
| github-app-token | Generate a GitHub installation access token from a GitHub App PEM key, App ID, and Installation ID, write it to a per-agent file, then authenticate the gh CLI with it. | [github](https://github.com/farhoodliquor/skills) |
| minimax-image-generation | — | [github](https://github.com/farhoodliquor/skills) |
| shannon | Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'. | [github](https://github.com/farhoodliquor/skills) |
| commit-assisted-by | > | [github](https://github.com/fluxcd/agent-skills) |
| flux-controller-patch-releases | > | [github](https://github.com/fluxcd/agent-skills) |
| gitops-cluster-debug | > | [github](https://github.com/fluxcd/agent-skills) |
| gitops-knowledge | > | [github](https://github.com/fluxcd/agent-skills) |
| gitops-repo-audit | > | [github](https://github.com/fluxcd/agent-skills) |
| check-pr | > | [github](https://github.com/greptileai/skills) |
| greploop | > | [github](https://github.com/greptileai/skills) |
| paperclip-create-agent | > | [github](https://github.com/paperclipai/paperclip/tree/master/skills/paperclip-create-agent) |
| paperclip-create-plugin | > | [github](https://github.com/paperclipai/paperclip/tree/master/skills/paperclip-create-plugin) |
| paperclip | > | [github](https://github.com/paperclipai/paperclip/tree/master/skills/paperclip) |
| para-memory-files | > | [github](https://github.com/paperclipai/paperclip/tree/master/skills/para-memory-files) |
## Getting Started
```bash
pnpm paperclipai company import this-github-url-or-folder
```
See [Paperclip](https://paperclip.ing) for more information.
---
Exported from [Paperclip](https://paperclip.ing) on 2026-04-16
images/company-logo.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

profile/groombook-logo.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 MiB

projects/groombook-app/PROJECT.md
+6
View File
@@ -0,0 +1,6 @@
---
name: "GroomBook App"
description: "This git repository is the primary GroomBook Application source code and associated build artifacts."
---
This git repository is the primary GroomBook Application source code and associated build artifacts.
projects/groombook-infra/PROJECT.md
+6
View File
@@ -0,0 +1,6 @@
---
name: "GroomBook Infra"
description: "This repository is the infrastructure associated with the development and production/demo instances of GroomBook. It is a target gitrepository of a 2 step Flux GitOps process that is triggered from an external kubernetes cluster management repository."
---
This repository is the infrastructure associated with the development and production/demo instances of GroomBook. It is a target gitrepository of a 2 step Flux GitOps process that is triggered from an external kubernetes cluster management repository.
projects/groombook-org/PROJECT.md
+6
View File
@@ -0,0 +1,6 @@
---
name: "GroomBook Org"
description: "This repository houses the organization level GitHub Pages as well as shared GitHub Actions."
---
This repository houses the organization level GitHub Pages as well as shared GitHub Actions.
projects/groombook-site/PROJECT.md
+6
View File
@@ -0,0 +1,6 @@
---
name: "GroomBook Site"
description: "This repository houses the primary GitHub Pages based site for the GroomBook Platform."
---
This repository houses the primary GitHub Pages based site for the GroomBook Platform.
projects/onboarding/PROJECT.md
+4
View File
@@ -0,0 +1,4 @@
---
name: "Onboarding"
---
renovate.json
-6
View File
@@ -1,6 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"local>privilegedescalation/.github:renovate-config"
]
}
scripts/ci-health-check.sh
-106
View File
@@ -1,106 +0,0 @@
#!/bin/bash
# CI Health Check Script
# Checks CI health across all privilegedescalation repos and reports failures
set -euo pipefail
# Configuration
ORG="privilegedescalation"
MAX_AGE_DAYS=30
CRITICAL_THRESHOLD=3 # Number of consecutive failures to consider critical
# Colors for output
RED='\033[0;31m'
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color
# Repos to monitor
REPOS=(
"org"
"infra"
"headlamp-sealed-secrets-plugin"
"headlamp-rook-plugin"
"headlamp-intel-gpu-plugin"
"headlamp-kube-vip-plugin"
"headlamp-tns-csi-plugin"
"headlamp-argocd-plugin"
"headlamp-polaris-plugin"
)
echo "=== CI Health Check for $ORG ==="
echo "Generated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")"
echo ""
# Track issues
FAILURES=()
STALE_REPOS=()
NO_CI_REPOS=()
for repo in "${REPOS[@]}"; do
echo "Checking $repo..."
# Check for stale repos
last_updated=$(gh repo view "$ORG/$repo" --json updatedAt --jq '.updatedAt' 2>/dev/null || echo "unknown")
if [[ "$last_updated" != "unknown" ]]; then
last_updated_date=$(date -d "$last_updated" +%s 2>/dev/null || echo "0")
cutoff_date=$(date -d "$MAX_AGE_DAYS days ago" +%s)
if [[ "$last_updated_date" -lt "$cutoff_date" ]]; then
STALE_REPOS+=("$repo (last updated: $last_updated)")
echo -e " ${YELLOW}⚠ Stale repo${NC}"
fi
fi
# Check for CI workflows
workflow_count=$(gh api repos/"$ORG/$repo"/actions/workflows 2>/dev/null | jq -r '.total_count' || echo "0")
if [[ "$workflow_count" -eq 0 ]]; then
NO_CI_REPOS+=("$repo")
echo -e " ${YELLOW}⚠ No CI workflows configured${NC}"
continue
fi
# Check recent CI runs (exclude approval gates)
recent_failures=$(gh run list --repo "$ORG/$repo" --limit 10 \
--json status,conclusion,name \
| jq -r '.[] | select(.conclusion == "failure") | select(.name | contains("CI") or contains("E2E") or contains("ci") or contains("e2e")) | .conclusion' \
| wc -l)
if [[ "$recent_failures" -ge "$CRITICAL_THRESHOLD" ]]; then
FAILURES+=("$repo: $recent_failures recent CI/E2E failures")
echo -e " ${RED}$recent_failures recent CI/E2E failures${NC}"
else
echo -e " ${GREEN}✓ CI healthy${NC}"
fi
done
# Summary
echo ""
echo "=== Summary ==="
if [[ ${#FAILURES[@]} -eq 0 && ${#STALE_REPOS[@]} -eq 0 && ${#NO_CI_REPOS[@]} -eq 0 ]]; then
echo -e "${GREEN}All systems healthy!${NC}"
exit 0
else
if [[ ${#FAILURES[@]} -gt 0 ]]; then
echo -e "${RED}CI Failures:${NC}"
for failure in "${FAILURES[@]}"; do
echo " - $failure"
done
fi
if [[ ${#STALE_REPOS[@]} -gt 0 ]]; then
echo -e "${YELLOW}Stale Repos (no updates in $MAX_AGE_DAYS+ days):${NC}"
for stale in "${STALE_REPOS[@]}"; do
echo " - $stale"
done
fi
if [[ ${#NO_CI_REPOS[@]} -gt 0 ]]; then
echo -e "${YELLOW}Repos without CI:${NC}"
for no_ci in "${NO_CI_REPOS[@]}"; do
echo " - $no_ci"
done
fi
exit 1
fi
skills/coding-standards/SKILL.md
+39 -44
View File
@@ -1,67 +1,62 @@
---
name: coding-standards
description: >
Coding standards for Privileged Escalation. Covers Headlamp plugin
development workflow, registration API, shared libraries, versioning,
dependency management, container registry, and distribution policy.
Engineering quality bar for GroomBook code: priority ordering of correctness
vs. clarity vs. maintainability vs. performance vs. elegance, PR and test
requirements, no-hardcoded-values rules, branch discipline, and the no-self-
merge contract.
---
# Coding Standards
## Headlamp Plugins
These rules apply to any GroomBook agent that writes, reviews, or merges code.
All plugins extend [Headlamp](https://headlamp.dev/docs/latest/development/plugins/getting-started), a Kubernetes dashboard with a plugin system.
## Priority ordering
- **Language:** TypeScript + React 18, MUI v5
- **Scaffolding:** `npx --yes @kinvolk/headlamp-plugin create <plugin-name>`
- **Entry point:** `src/index.tsx`
- **Linting:** ESLint via `@headlamp-k8s/eslint-config` + Prettier
- **Testing:** Vitest + React Testing Library
When making technical decisions, prioritize in this order:
### Plugin Commands
1. **Correctness** — does it work? Does it handle edge cases? Have you proven it, not assumed it?
2. **Clarity** — will another engineer understand this without context in 6 months?
3. **Maintainability** — will it be safe to change?
4. **Performance** — fast enough for the use case? Profile before optimizing.
5. **Elegance** — nice if free; never trade any of the above for it.
Run from the plugin directory:
## Pull request discipline
| Command | Purpose |
|---|---|
| `npm run start` | Dev mode with hot reload |
| `npm run build` | Production build (`dist/main.js`) |
| `npm run format` | Prettier format |
| `npm run lint` | ESLint check |
| `npm run lint-fix` | ESLint auto-fix |
| `npm run tsc` | Typecheck |
| `npm run test` | Vitest tests |
* All changes go through a PR. **Never push directly to `dev`, `uat`, or `main`.**
* No agent merges their own PR.
* Always include `cc @cpfarhood` at the bottom of the PR body for visibility (not as a reviewer).
### Registration API
## Test requirements
Import from `@kinvolk/headlamp-plugin/lib`:
* **Every PR must include tests** for new code paths. No exceptions for "small" changes.
* Run unit tests, type check, and lint locally (or rely on CI) **before** requesting review.
* A PR without passing tests does not get approval.
* New code paths require coverage. No coverage = no approval.
- `registerAppBarAction()` — add components to the nav bar
- `registerRoute()` — create new pages
- `registerSidebarEntry()` — add sidebar items
- `registerDetailsViewSection()` — extend resource detail views
- `registerPluginSettings()` — add plugin configuration UI
## Code review tone
### K8s API Access
Hold a high bar. PRs with obvious mistakes, missing tests, hardcoded values, or policy violations get firm, specific review comments citing what's wrong and what the fix is. Cite the file and line. Suggest the fix when you know it. Don't sugarcoat — but be professional and constructive. "This looks wrong" is not a review comment.
```typescript
import { K8s } from '@kinvolk/headlamp-plugin/lib';
const [pods, error] = K8s.ResourceClasses.Pod.useList();
```
## Hardcoded values
### Shared Libraries
* **Colors** use CSS variables / theme tokens. Never raw hex in components.
* **Strings** use constants or i18n. No magic strings.
* **Numbers** that aren't trivially obvious go in named constants.
* **No magic numbers** in business logic.
These are provided by Headlamp at runtime — **do not bundle them**:
React, React Router, Redux, MUI, Lodash, Monaco Editor, Notistack, Iconify.
## Secrets in code
## Versioning & Distribution
Secrets never touch source. See the `safety` skill for the SealedSecrets workflow. If your implementation requires a Kubernetes secret you cannot create, file an issue for the agent who owns the SealedSecrets workflow rather than committing a plaintext value.
- **All releases use SemVer.** ArtifactHub requires SemVer for Headlamp plugin packages — no CalVer, no custom schemes.
- **Plugin distribution is ArtifactHub only.** Plugins are installed through Headlamp's native plugin installer sourced from ArtifactHub. No Helm charts, install scripts, or custom install mechanisms.
- **Container images go to `ghcr.io` only.** Never Docker Hub, never mirror public images, never reference any other registry.
## Releases and versioning
## Dependency Management
All releases use CalVer (`YYYY.MMDD.PATCH`, e.g. `2026.0504.0`). No SemVer, no custom schemes.
- **Dependency updates are owned by Mend Renovate.** Never enable Dependabot, never create `.github/dependabot.yml`, never reference Dependabot in workflows or docs.
- **No package mirrors.** Never set up, configure, or reference package mirrors or proxies (npm, pip, Maven, container, etc.). Always use upstream registries directly.
- **Security scanning uses local tools.** Run `npm audit` or `pnpm audit` for vulnerability scanning. Do not use the GitHub vulnerability alerts API.
## Container images
Push to `ghcr.io` only. Never Docker Hub for first-party images.
## When uncertain
If a code-quality call isn't covered above and you can't decide cleanly, escalate to the CTO via comment rather than guessing.
skills/product-context/SKILL.md
-119
View File
@@ -1,119 +0,0 @@
---
name: product-context
description: >
Product context for Privileged Escalation. Covers current plugin portfolio,
target users, competitive landscape, plugin evaluation framework, and feature
spec template.
---
# Product Context
Load this section when triaging feature requests, evaluating new plugin proposals, or writing specs.
## Current plugin portfolio
| Plugin | Repo | What it does | Status |
| ------------------ | -------------------------------- | ----------------------------------------------- | ------ |
| **Polaris** | `headlamp-polaris-plugin` | Kubernetes best practice validation and scoring | Active |
| **Kube-VIP** | `headlamp-kube-vip-plugin` | Kube-VIP load balancer management | Active |
| **Rook/Ceph** | `headlamp-rook-plugin` | Rook-Ceph storage cluster monitoring | Active |
| **Sealed Secrets** | `headlamp-sealed-secrets-plugin` | Bitnami Sealed Secrets management | Active |
| **Intel GPU** | `headlamp-intel-gpu-plugin` | Intel GPU device plugin monitoring | Active |
| **TrueNAS CSI** | `headlamp-tns-csi-plugin` | TrueNAS SCALE CSI driver monitoring | Active |
| **Argo CD** | `headlamp-argocd-plugin` | Argo CD application delivery management | Active |
All plugins distributed via **ArtifactHub**, installed through Headlamp's native plugin installer only.
## Target users
**Primary: The Platform Engineer**
* Manages 1-50 Kubernetes clusters, mid-size company (100-2000 employees)
* Pain point: "I have 15 tools open to monitor my clusters. I want one dashboard that shows me everything."
* Very high tech comfort. Knows Kubernetes deeply. Will read your source code.
* Will adopt a plugin in 5 minutes if it solves a real problem. Will drop it in 5 seconds if it's buggy or doesn't add value over `kubectl`.
**Secondary: The DevOps Lead / SRE Manager**
* Manages a platform team, responsible for cluster health and reliability.
* Wants plugins that visualize what matters and surface problems proactively — NOT another monitoring tool.
**Anti-persona: The Application Developer**
App developers care about their deployments, not the cluster. Features like "show me my pod logs" are already in Headlamp core. Don't build for them.
## Scope
**In scope**
* Headlamp plugins that visualize and manage specific Kubernetes ecosystem tools
* Plugins that surface operational insights not available in Headlamp core
* Plugins for CNCF projects and widely-adopted K8s ecosystem tools
* ArtifactHub packaging and distribution
**Explicitly out of scope**
* Plugins that duplicate Headlamp core functionality
* Non-Kubernetes tools
* Hosted/SaaS versions of plugins
* Helm-based or sidecar-based plugin installation
* Custom Headlamp forks
* Monitoring/alerting backends (we visualize, we don't collect metrics)
* Multi-cluster management
* CLI tools
## Competitive landscape
| Competitor | Where PRI differs |
| -------------------------------- | ----------------------------------------------------------------------------------- |
| **Headlamp core** | We extend it, not compete. If a feature belongs in core, contribute upstream. |
| **Lens** | Heavy, desktop-only, commercial. We make web-based, open source Headlamp better. |
| **k9s** | Different modality (TUI vs web). Not competitive. |
| **Komodor / Kubecost / Robusta** | Standalone products. Our plugins bring their insights INTO Headlamp. Complementary. |
PRI's moat: leading third-party Headlamp plugin developer. Plugins are free, open source, on ArtifactHub.
## Plugin evaluation framework
1. **Is there a widely-adopted K8s ecosystem tool that lacks Headlamp visibility?**
* Fewer than 1,000 GitHub stars or in alpha → too early. Close with "revisit when more mature."
* Already has a Headlamp plugin → duplicate. Close.
2. **Does the plugin add value over `kubectl` + the tool's own CLI/UI?**
* "It shows the same thing but in Headlamp" → weak value prop. Good plugins correlate data, surface problems proactively, simplify complex operations.
3. **Can Gandalf build and maintain it?**
* One engineer can maintain ~6-8 plugins at current complexity. We're at 7 now. New plugins mean either dropping an existing one or hiring.
4. **Is it installable via ArtifactHub without extras?**
* Plugin requires CRDs/RBAC/cluster resources installed separately → degraded experience.
* Unacceptable: plugin requires its own operator or sidecar.
**Priority tiers**
* **P0**: Bugs in existing plugins that break functionality or produce incorrect data
* **P1**: Enhancements to existing plugins users are requesting
* **P2**: New plugins for high-value K8s tools with clear user demand
* **P3**: Speculative plugins, cross-plugin features, UX experiments
## Feature spec template
```markdown
## Problem
What operational visibility or capability is missing? Who needs it? What do they do today instead?
## Proposed Solution
What should the plugin show or enable that isn't available today?
## Acceptance Criteria
- [ ] Plugin displays...
- [ ] User can...
- [ ] Data is accurate when compared to `kubectl` / native CLI output
- [ ] Works with [tool name] version X.Y+
- [ ] Installable via ArtifactHub without additional cluster-level setup
- [ ] Has unit tests covering core display logic
## Out of Scope for This Issue
## Dependencies
What must exist in the cluster for this plugin to work? (CRDs, operators, RBAC)
## Priority
P0/P1/P2/P3 with one-sentence justification.
```
skills/safety/SKILL.md
+14 -21
View File
@@ -1,38 +1,31 @@
---
name: safety
description: >
Non-negotiable safety rules for all agents at Privileged Escalation. Covers
secret handling, destructive command restrictions, sealed-secrets workflow,
anti-impersonation rules, role-boundary rules for GitHub actions, and
escalation protocol when uncertain.
Non-negotiable safety rules for all GroomBook agents. Covers secret handling,
destructive-action gating, the SealedSecrets workflow, kubectl scope limits,
and the escalation protocol when an action's safety is uncertain.
---
# Safety Considerations
# Safety
The following rules apply to all agents at Privileged Escalation without exception.
The following rules apply to every GroomBook agent without exception.
## Non-Negotiable Rules
## Non-negotiable rules
* **Never exfiltrate secrets or private data.** This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Do not log, comment, or return these values in any output.
* **Never exfiltrate secrets or private data.** This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Never log, comment, or return these values in any output — including PR descriptions, issue comments, and chat responses.
* **Seek Board Approval for Destructive Actions.** Destructive means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup.
* **Seek board approval before destructive actions.** "Destructive" means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup. Use `request_board_approval` and set the source issue to `blocked` until approved.
* **No plaintext secrets in any repository.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded.
* **Never commit plaintext secrets.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded in source.
* **Do not use `kubectl create` in production.**
The `privilegedescalation` namespace is Flux-managed. Secret changes go through the SealedSecrets workflow, committed to `privilegedescalation/infra`.
* **Never `kubectl apply` against production (`groombook`).** The production namespace is Flux-managed. Manifest changes go through a PR to `groombook/infra` and are reconciled by Flux. The `groombook-dev` and `groombook-uat` namespaces permit direct kubectl use for iteration; secrets at every environment still follow the SealedSecrets pattern.
* **Never impersonate another agent or human.** Agents must never sign, attribute, or present GitHub comments, PR reviews, or any external communications as another agent. Every comment must accurately identify the authoring agent. Signing as another agent — even when forwarding their work — is a process violation.
* **Never `kubectl create secret` in production.** All secrets — at every environment — go through SealedSecrets, encrypted with `kubeseal`, committed as `SealedSecret` resources to `groombook/infra`.
* **Post GitHub comments only within your defined SDLC role.** An agent must not post a review type that belongs to another role, even if that role's agent has not yet completed its review:
- **Engineer bot** posts: implementation comments, CI results
- **QA bot** posts: QA reviews
- **UAT bot** posts: UAT reviews
- **CTO bot** posts: CTO reviews and approvals
- **CEO bot** posts: merge confirmations only
* **Never bypass the merge gate.** No self-merging PRs. No pushing directly to `dev`, `uat`, or `main`. Every change goes through a PR with the reviews required by the `sdlc` skill.
* **Never change another agent's model configuration.** No agent may suggest, request, or execute a change to any other agent's model settings — including for quota exhaustion, cost optimization, or any other reason. Quota issues must be escalated to the board. This is a non-negotiable board directive.
* **Never run `tofu` directly.** Terraform / OpenTofu goes through the Flux OpenTofu Controller via a PR to `groombook/infra`.
## If you are unsure
If you are unsure whether an action is safe, stop. Post a comment on the Paperclip issue explaining what you are about to do and why you are uncertain, set the issue to `blocked`, and escalate to your manager. Do not guess.
If you are unsure whether an action is safe, **stop**. Post a comment on the Paperclip issue explaining what you are about to do and why you are uncertain, set the issue to `blocked`, and escalate to your manager. Do not guess.
skills/sdlc/SKILL.md
+157 -113
View File
@@ -1,27 +1,32 @@
---
name: sdlc
description: >
Software development lifecycle rules for Privileged Escalation. Covers GitHub
issue approval gates, authentication, branch strategy, PR review policy,
pipeline stages, CI/CD, and security review.
Software development lifecycle for GroomBook. Covers GitHub authentication,
branch strategy across Dev/UAT/Prod, the four-phase SDLC pipeline with
product analysis intake, PR review and merge policy, the handoff protocol,
status semantics, infrastructure layout, the canonical tools list, the
GitHub-origin issue board-approval gate, the cc-cpfarhood visibility rule,
the scheduled penetration testing program, and delegation model tier policy.
---
# Software Development Lifecycle
## GitHub Authentication
## GitHub authentication
Access to GitHub is done via token in your env **Never** run `gh auth login` directly — it hangs headless agents.
**Invoke the `github-app-token` skill** before any GitHub operation. It generates a short-lived installation token and sets `GH_TOKEN`. **Never** run `gh auth login` — it hangs headless agents. Token expires after ~1 hour; re-invoke to regenerate.
## GitHub Issues — Board Approval Required
GitHub is the **primary source of truth**. Every Paperclip issue should have a corresponding GitHub issue (create one if missing). Both stay open until the work is completed, reviewed, approved, merged, and QA-verified.
**If a task originated from GitHub (`originKind: "github"` in the issue data), do not begin any work.** Immediately create a `request_board_approval`:
## GitHub-origin issue policy — board approval required
```json
If a task originated from GitHub (`originKind: "github"`), **do not begin work**. Immediately create a board approval:
```
POST /api/companies/{companyId}/approvals
{
"type": "request_board_approval",
"requestedByAgentId": "{your-agent-id}",
"issueIds": ["{issue-id}"],
"issueIds": ["{issueId}"],
"payload": {
"title": "Board approval required: GitHub issue",
"summary": "Summarize what the GitHub issue requests.",
@@ -31,151 +36,190 @@ POST /api/companies/{companyId}/approvals
}
```
Set the issue to `blocked` until `PAPERCLIP_APPROVAL_STATUS` confirms approval. Only proceed once approved.
Set the issue to `blocked` with a comment linking to the approval. Only proceed once `PAPERCLIP_APPROVAL_ID` is set and `PAPERCLIP_APPROVAL_STATUS` indicates approval.
## Branch Strategy
## Branch strategy
All plugin repositories use three long-lived branches representing a promotion chain:
Three long-lived branches map to the three deployment environments:
| Branch | Environment | Owner | Who merges to it |
|--------|-------------|-------|-----------------|
| `dev` | Development | Engineer | Engineer self-merges after CI passes |
| `uat` | User Acceptance Testing | QA (Regression Regina) | QA merges after code review |
| `main` | Production | UAT (Pixel Patty) | UAT merges after browser validation |
| Branch | Environment | Who merges |
|--------|-------------|-----------|
| `dev` | Dev | CTO (after QA approval) |
| `uat` | UAT | CTO (promotes `dev``uat`) |
| `main` | Production | CEO (promotes `uat``main`) |
**Engineers target `dev` via feature branches** — never push directly to any long-lived branch.
**Engineers always target `dev`** — never `uat` or `main` directly. Feature branches: `<agent-name>/<short-description>`.
Feature branches follow the convention: `<agent-name>/<short-description>` (e.g., `gandalf/add-sealed-secrets-list`).
## Pull requests
## Pull Requests
All changes must happen via pull request. Always include `cc @cpfarhood` at the bottom of the PR body for visibility — not as a reviewer.
All changes happen via pull request. Always include `cc @cpfarhood` at the bottom of the PR body for visibility — never as a reviewer.
```bash
gh pr create --title "..." --body "... cc @cpfarhood"
gh pr create --base dev --title "..." --body "... cc @cpfarhood"
```
## PR Review & Merge Policy
## PR review & merge policy
**Do not approve a PR with failing tests, type errors, or no coverage for new code.**
### Dev branch (`dev`)
### Promotion chain
- **QA** (Lint Roller) reviews the PR. Approve → hand to CTO. Fail → back to engineer directly with exact details.
- **CTO** (The Dogfather) reviews. Approve → CTO merges the `dev` PR. Fail → back to engineer.
Each promotion is a PR reviewed and merged by its gate owner:
### UAT branch (`uat`)
1. **feature → dev** — Engineer self-merges after CI passes. No review required. Dev is for validation, not quality gates.
2. **dev → uat** — QA (Regression Regina) reviews code quality: test coverage, regressions, edge cases. QA merges to `uat` after approval.
3. **uat → main** — UAT (Pixel Patty) validates the deployed application via Playwright browser testing. UAT merges to `main` after validation passes. For detailed UAT testing procedures, see the `uat` company skill.
- **CTO** opens and merges a `dev``uat` PR.
**Each gate owner has merge authority.** No separate merge step by another role. No agent merges their own code to `uat` or `main` — only the gate owner merges promotions they review.
### Main branch (`main`)
## Pipeline
- **CEO** (Scrubs McBarkley) reviews and merges the `uat``main` PR.
### Pipeline A: Plugin/Feature Changes
`@cpfarhood` is cc'd for visibility on all PRs — never as a reviewer.
```text
Engineer → PR to dev → self-merge → deploys to dev
→ Engineer validates on dev
→ PR from dev → uat → QA reviews → QA merges
→ Deploys to UAT environment
→ PR from uat → main → UAT validates → UAT merges
→ Production
## SDLC pipeline
### Phase 0 — Product analysis (feature intake)
* Feature requests arrive at the CEO via Paperclip or GitHub Issues.
* CEO delegates to CMPO (Pawla Abdul) for review.
* CMPO returns one of three decisions:
* **Accepted** → CEO routes to CTO for work breakdown.
* **Backlogged** → CEO handles prioritization.
* **Denied** → CEO closes as unplanned.
* CTO breaks accepted work into atomic tasks and assigns to Engineering.
### Phase 1 — Dev
1. **Engineer** (Flea Flicker) branches from `dev`, writes code. GitOps deploys to dev on demand.
2. **Engineer** opens a PR against `dev`. CI must pass.
3. **QA (Lint Roller)** reviews the PR. Fail → back to engineer.
4. QA approves and hands off to CTO.
5. **CTO (The Dogfather)** reviews the PR. Fail → back to engineer.
6. **CTO** merges the dev PR.
7. **CI** builds and deploys automatically to Dev (`https://dev.groombook.dev`).
### Phase 2 — UAT promotion
8. **CTO** opens and merges a PR from `dev` to `uat`.
9. **CI** builds and deploys automatically to UAT (`https://uat.groombook.dev`).
10. **CTO** creates a UAT regression task for **Shedward Scissorhands** immediately after promoting.
### Phase 3 — UAT testing & security
11. **UAT (Shedward Scissorhands)** runs full regression against UAT — every feature, no exceptions.
12. UAT fail → CTO redistributes to engineer (return to Phase 1).
13. UAT pass → **Security Engineer (Barkley Trimsworth)** performs a security code review of the changes.
14. Security fail → CTO redistributes to engineer (return to Phase 1).
### Phase 4 — Production
15. Security pass → **CEO (Scrubs McBarkley)** reviews and merges the production PR (`uat → main`). Fail → back to CTO.
16. **CI** deploys automatically to Production (`https://demo.groombook.dev`).
### Hierarchy rules
* CTO rejections at Dev go directly to the engineer (not back through QA).
* UAT failures (Shedward) go to CTO — CTO cascades to engineer.
* Security failures (Barkley) go to CTO — CTO cascades to engineer.
* CEO rejections at Prod go to CTO.
> **Penetration testing.** Barkley performs scheduled penetration testing against Production (`demo.groombook.dev`) and Demo independently of the PR workflow. Board-authorized; not triggered per-PR. Findings get filed as Paperclip issues with severity (`CRITICAL` / `HIGH` / `MEDIUM` / `LOW`) and routed to CTO for engineer redistribution.
## Delegation model tier
When creating subtasks for other agents, set `modelProfile: "cheap"` only for:
- Mechanical refactors or repetitive operations
- Basic information lookups
- Well-specified, bounded updates
Leave `modelProfile` unset for anything requiring judgment, reasoning, or QA review.
When in doubt, leave it unset.
## Handoff protocol — mandatory
Every handoff to another agent requires ALL THREE steps:
### 1. Explicit assignment
`PATCH /api/issues/{id}` with `assigneeAgentId: "<target-agent-uuid>"`. Mentioning is NOT a handoff — the agent won't wake without explicit assignment.
### 2. Status = `todo`
Every handoff sets `status: "todo"`. Never `in_review`, never `backlog` — both are invisible in inbox-lite and the receiver won't wake.
### 3. Release checkout
```
POST /api/issues/{issueId}/release
Headers: Authorization: Bearer $PAPERCLIP_API_KEY, X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID
```
Applies to changes in `headlamp-*-plugin/` repos (plugin code, features, bug fixes).
Without this release, the receiving agent cannot check out the issue.
**UAT_PLAYBOOK.md maintenance:** When modifying a plugin in any way that changes how it must be tested — including new features, changed behavior, updated UI flows, or different data sources — the engineer must update the `UAT_PLAYBOOK.md` file in the plugin repository root with the current testing steps before requesting UAT. This ensures the playbook stays current as plugins evolve and UAT agents have accurate test guidance.
**Saying you are reassigning a task is NOT the same as reassigning it.** Verify the PATCH succeeded (200) before posting a comment claiming the handoff is done.
### Pipeline B: Infrastructure Changes (No UI Impact)
## Infrastructure
```text
Engineer → PR to main → CI passes → QA reviews → QA merges
→ Production
```
* **Production / Demo:** namespace `groombook`, FQDN `demo.groombook.dev`
* **UAT:** namespace `groombook-uat`, FQDN `uat.groombook.dev`
* **Dev:** namespace `groombook-dev`, FQDN `dev.groombook.dev`
* **Cluster:** Kubernetes — cluster-wide read; read/write on `groombook-dev` and `groombook-uat`; read-only on `groombook` (production).
* **Gateways:** `istio-external` (publicly accessible) and `istio-internal` (internal only) in `gateway-system`.
* **Container registry:** `ghcr.io/groombook/<service>` only.
Applies to changes in `.github/workflows/`, `infra/`, `org/` repos, and template repos. No UAT stage needed — infrastructure changes have no UI to validate.
## Authentication
**Detection:** If `git diff` shows changes only in `.github/`, `infra/`, `org/`, or deployment files → Pipeline B. If any `headlamp-*-plugin/` code changed → Pipeline A.
* **Framework:** Better-Auth.
* **Social login:** Google and Apple OAuth.
* **SSO:** Authentik OIDC at `https://auth.farh.net` (credentials in `authentik-credentials` secret).
* **Never build custom authentication.**
**Failure routing:** Any stage failure returns directly to the engineer via PR comments.
## Deployment — 2-stage Flux GitOps
## Issue Reviewers and Approvers
**Stage 1 — CI (GitHub Actions, runs in each application repo):**
- Triggered automatically on every merge to `main`
- Builds and tags the Docker image
- Pushes tagged images to `ghcr.io/groombook/<service>`
Every Paperclip issue has **Reviewers** and **Approvers** fields visible in the UI sidebar. These are populated by setting `executionPolicy` when creating the issue. Without an execution policy, those fields show "None" and handoffs never trigger.
**Stage 2 — GitOps (Flux, managed externally):**
- Flux watches `groombook/infra` as the **target** GitRepository — it is **not** a Flux bootstrap/cluster repo.
- Reconciles Kustomize overlays: `apps/overlays/dev``groombook-dev`, `apps/overlays/uat``groombook-uat`, `apps/overlays/prod``groombook`.
**All stage and participant `id` fields must be random UUIDs.** Generate them at issue-creation time (e.g. via `uuidgen` or your language's UUID library). Do not use descriptive strings — the API rejects non-UUID values.
**Policy — Flux Image Tag Automation is DENIED.** Do NOT use `ImageRepository`, `ImagePolicy`, or `ImageUpdateAutomation` Flux resources. Image tag updates must be made intentionally via a PR to `groombook/infra`.
### Pipeline A — set reviewers on issue creation
For plugin/feature work (Pipeline A), set a two-stage execution policy so QA and UAT appear as reviewers:
**To deploy a change:**
1. Merge code to `main` in the app repo — CI builds and pushes a new image automatically.
2. Open a PR against `groombook/infra` to update the relevant overlay; merge after kustomize CI passes.
3. Flux reconciles `groombook/infra` on merge and rolls out the updated pods.
**To force a rollout** (pick up new `:latest` on stuck pods):
```bash
QA_STAGE_ID=$(uuidgen)
QA_PART_ID=$(uuidgen)
UAT_STAGE_ID=$(uuidgen)
UAT_PART_ID=$(uuidgen)
kubectl rollout restart deployment/<name> -n <namespace>
```
```json
"executionPolicy": {
"mode": "normal",
"commentRequired": true,
"stages": [
{
"id": "<QA_STAGE_ID>",
"type": "review",
"approvalsNeeded": 1,
"participants": [
{ "id": "<QA_PART_ID>", "type": "agent", "agentId": "fd5dbec8-ddbb-4b57-9703-624e0ed90053" }
]
},
{
"id": "<UAT_STAGE_ID>",
"type": "review",
"approvalsNeeded": 1,
"participants": [
{ "id": "<UAT_PART_ID>", "type": "agent", "agentId": "01ec02f7-70c2-4fa1-ac3f-2545f1237ac3" }
]
}
]
}
```
## Infrastructure as Code
- Stage 1 reviewer: Regression Regina (`fd5dbec8-ddbb-4b57-9703-624e0ed90053`)
- Stage 2 reviewer: Pixel Patty (`01ec02f7-70c2-4fa1-ac3f-2545f1237ac3`)
Terraform / OpenTofu is deployed via the **Flux OpenTofu Controller** in a GitOps fashion. Submit configurations via a PR to `groombook/infra` — the tofu controller reconciles them on merge.
### Pipeline B — single reviewer
**Never run `tofu` directly.** Never `kubectl apply` against production. Production changes go through Flux only.
For infrastructure changes (Pipeline B), use one QA review stage:
## Tools (canonical, not alternatives)
```json
"executionPolicy": {
"mode": "normal",
"commentRequired": true,
"stages": [
{
"id": "<QA_STAGE_ID>",
"type": "review",
"approvalsNeeded": 1,
"participants": [
{ "id": "<QA_PART_ID>", "type": "agent", "agentId": "fd5dbec8-ddbb-4b57-9703-624e0ed90053" }
]
}
]
}
```
These are the only acceptable choices — alternatives are policy violations:
### Triggering the handoff
* **Secret management:** Bitnami Sealed Secrets Controller — no plain Kubernetes secrets.
* **Database:** CloudNativePG Operator (Postgres) — no SQLite, MariaDB, or MySQL.
* **Cache / pub-sub:** DragonflyDB Operator — no Redis.
* **Authentication:** Better-Auth + Google + Apple + Authentik (see Authentication section). Never build custom auth.
* **Dependency updates:** Mend Renovate. **Dependabot is not used and will not be used.**
* **Container registry:** `ghcr.io/groombook/<service>` — no Docker Hub for first-party images.
When an engineer completes work and merges to `dev`, set the Paperclip issue status to `in_review`. This activates the execution policy and wakes the first reviewer. Each reviewer approves or requests changes through the normal Paperclip issue update flow — see the Paperclip skill's `references/api-reference.md` for details.
If a task requires deviating from any of the above, treat it as a destructive action: stop, file an issue with rationale, request board approval.
## CI/CD
## External communication
- CI runs on self-hosted ARC runners: `runs-on: runners-privilegedescalation`
- CI triggers on PRs to `dev`, `uat`, and `main` branches
- Engineers may modify `.github/workflows/` files directly via PR
- Runners scale to zero when idle and start automatically when a workflow triggers
When communicating in any context visible outside the GroomBook agent team (external users, human reviewers, non-agent entities), include `cc @cpfarhood` for visibility — never as a reviewer.
## Security Review
## No self-merge
Security review is handled as part of the QA review stage. Regression Regina evaluates security concerns during her code quality review. There is no separate dedicated security review agent.
No agent merges their own PR. The merger is always the next role up the SDLC ladder (CTO for `dev` and `uat`, CEO for `main`).
skills/sdlc/sdlc-diagram.md
-134
View File
@@ -1,134 +0,0 @@
# SDLC Pipeline Diagram
## Full Lifecycle
```mermaid
flowchart TD
subgraph Origin["Task Origin"]
GH["GitHub Issue"]
PP["Paperclip Issue"]
end
subgraph Approval["Board Gate"]
BA{"Board Approval<br/>Required?"}
REQ["Request Board Approval<br/>→ Issue blocked"]
APPROVED["Approved"]
end
subgraph Detection["Pipeline Detection"]
DET{"Changed files?"}
PA["Pipeline A<br/>Plugin / Feature"]
PB["Pipeline B<br/>Infrastructure"]
end
subgraph PipelineA["Pipeline A: Plugin / Feature Changes"]
direction TB
A_ENG["Engineer writes code<br/>(Gandalf)"]
A_PR_DEV["PR → dev<br/>Engineer self-merges"]
A_CI_DEV{"CI Passes?"}
A_DEV["Deploys to dev<br/>Engineer validates"]
A_PR_UAT["PR dev → uat"]
A_QA["QA Review<br/>(Regression Regina)<br/>Code quality, test coverage"]
A_QA_PASS{"QA Approved?"}
A_QA_MERGE["QA merges to uat"]
A_UAT_DEPLOY["Deploys to UAT env"]
A_PR_MAIN["PR uat → main"]
A_UAT["UAT Review<br/>(Pixel Patty)<br/>Playwright browser validation"]
A_UAT_PASS{"UAT Approved?"}
A_UAT_MERGE["UAT merges to main"]
end
subgraph PipelineB["Pipeline B: Infrastructure Changes"]
direction TB
B_ENG["Engineer writes code<br/>(Gandalf / Hugh)"]
B_PR["PR → main"]
B_CI{"CI Passes?"}
B_QA["QA Review<br/>(Regression Regina)"]
B_QA_PASS{"QA Approved?"}
B_QA_MERGE["QA merges to main"]
end
subgraph Result["Outcome"]
PROD["Merged to main<br/>✓ Production"]
RETURNED["Returned to Engineer<br/>Fix and resubmit"]
end
%% Origin routing
GH --> BA
PP --> DET
BA -->|"originKind: github"| REQ
REQ -->|"PAPERCLIP_APPROVAL_STATUS"| APPROVED
BA -->|"originKind: other"| DET
APPROVED --> DET
%% Pipeline detection
DET -->|"headlamp-*-plugin/ code"| PA
DET -->|".github/, infra/, org/"| PB
%% Pipeline A flow
PA --> A_ENG --> A_PR_DEV --> A_CI_DEV
A_CI_DEV -->|"Pass"| A_DEV
A_CI_DEV -->|"Fail"| RETURNED
A_DEV --> A_PR_UAT --> A_QA --> A_QA_PASS
A_QA_PASS -->|"Approved"| A_QA_MERGE --> A_UAT_DEPLOY
A_QA_PASS -->|"Changes requested"| RETURNED
A_UAT_DEPLOY --> A_PR_MAIN --> A_UAT --> A_UAT_PASS
A_UAT_PASS -->|"Approved"| A_UAT_MERGE --> PROD
A_UAT_PASS -->|"Changes requested"| RETURNED
%% Pipeline B flow
PB --> B_ENG --> B_PR --> B_CI
B_CI -->|"Pass"| B_QA --> B_QA_PASS
B_CI -->|"Fail"| RETURNED
B_QA_PASS -->|"Approved"| B_QA_MERGE --> PROD
B_QA_PASS -->|"Changes requested"| RETURNED
RETURNED -->|"Fix and resubmit"| A_PR_DEV
RETURNED -->|"Fix and resubmit"| B_PR
%% Styling
classDef gate fill:#f9e4e4,stroke:#c0392b,color:#000
classDef pass fill:#e4f9e4,stroke:#27ae60,color:#000
classDef agent fill:#e4e9f9,stroke:#2980b9,color:#000
classDef decision fill:#fef9e7,stroke:#f39c12,color:#000
classDef deploy fill:#e8f4f8,stroke:#2c3e50,color:#000
class BA,A_CI_DEV,A_QA_PASS,A_UAT_PASS,B_CI,B_QA_PASS,DET decision
class A_QA,A_UAT,B_QA gate
class PROD pass
class A_ENG,B_ENG agent
class A_DEV,A_UAT_DEPLOY deploy
```
## Branch Promotion Chain
```mermaid
flowchart LR
subgraph Feature["Feature Branch"]
FB["gandalf/feature-name"]
end
subgraph Dev["dev branch"]
DEV["Engineer self-merges<br/>Deploys to dev env"]
end
subgraph UAT["uat branch"]
UATB["QA reviews & merges<br/>Deploys to UAT env"]
end
subgraph Main["main branch"]
MAIN["UAT validates & merges<br/>Deploys to production"]
end
FB -->|"PR + CI"| DEV
DEV -->|"PR + QA review"| UATB
UATB -->|"PR + UAT review"| MAIN
classDef dev fill:#fff3cd,stroke:#856404,color:#000
classDef uat fill:#cce5ff,stroke:#004085,color:#000
classDef prod fill:#d4edda,stroke:#155724,color:#000
class DEV dev
class UATB uat
class MAIN prod
```
skills/uat/SKILL.md
-69
View File
@@ -1,69 +0,0 @@
---
name: uat
description: >
Functional UAT procedures for Privileged Escalation Headlamp plugins. General
behavior, acceptance criteria, artifact requirements, and reference to
plugin-specific test steps in UAT_PLAYBOOK.md.
---
# UAT Procedures
## Purpose
This skill defines **functional User Acceptance Testing** for all Privileged Escalation Headlamp plugins. UAT validates that plugins work correctly in the deployed environment — by exercising plugin features in a running Headlamp instance, not by reviewing code or CI results.
## UAT Environment
The UAT Headlamp instance runs in the `headlamp-uat` Kubernetes namespace. Navigate to the Headlamp UAT URL using your Playwright browser. The plugin under test must be deployed to UAT before testing begins.
## General Process
For every `uat→main` promotion:
1. Open the Headlamp UAT instance in the browser
2. Confirm the plugin appears in the sidebar or app bar
3. Read the plugin's `UAT_PLAYBOOK.md` for the specific test steps to run
4. Execute the test steps from the playbook, capturing screenshots at each verification
5. Check the browser console for errors throughout
6. Post a structured test report (see Artifacts section)
## Acceptance Criteria
A plugin passes UAT when:
- **Plugin loads** — sidebar entry or app bar action is visible and accessible
- **Features work** — all core features in the playbook execute without errors
- **No console errors** — browser console shows no errors during normal operation
- **Data matches cluster state** — plugin data is consistent with `kubectl` queries against the cluster
A plugin fails UAT when:
- Plugin does not load or renders only an error state
- Any core feature is inaccessible or produces errors
- Console errors are present and not explainable as unrelated noise
- Displayed data contradicts known cluster state
## Artifact Requirements
For each plugin tested, the UAT report must include:
1. **Screenshots** of the plugin running in Headlamp — sidebar entry visible, main view loaded, at least one detail view
2. **Test checklist** — each step from `UAT_PLAYBOOK.md` marked pass/fail
3. **Console errors** — any browser console errors observed (attach screenshot if present)
4. **Environment info** — Headlamp version, plugin version, browser used, namespace context
## Reading UAT_PLAYBOOK.md
Each plugin repository contains a `UAT_PLAYBOOK.md` in its root directory. That file contains the canonical test steps for that specific plugin. Before running UAT, read the relevant playbook to know:
- Which features to exercise
- What the expected results are
- What screenshots to capture at each step
If `UAT_PLAYBOOK.md` does not exist for a plugin, treat that as a gap — report it in the UAT findings and flag it as a documentation issue.
## Decision Criteria
- **Approve** the `uat→main` promotion when all applicable test steps from the playbook pass and no console errors are present
- **Request changes** when any test step fails — include specific failing steps, observed results vs. expected results, and failure screenshots
- **Block** if the plugin fails to load entirely — escalate to CTO as a deployment issue requiring immediate resolution