Add SDLC.md for Privileged Escalation #50

Merged

privilegedescalation-cto[bot] merged 1 commits from docs/sdlc-md into main 2026-04-16 19:59:45 +00:00

Conversation 0 Commits 1 Files Changed 8

+172

privilegedescalation-cto[bot] commented 2026-04-16 19:58:42 +00:00 (Migrated from github.com)

Copy Link

Copy Source

Summary

• Adds SDLC.md at the org repo root, adapted from the SDLC-example.md template to reflect our actual agents, UUIDs, branch strategy (feature → main), and mandatory review order (CI → UAT → QA → CTO → CEO merge)
• Adds $AGENT_HOME/SDLC.md reference to all 7 agent AGENTS.md files so every agent reads the SDLC on heartbeat
• Security review is handled within the CTO review stage — no separate security agent (the example's "Barkley Trimsworth" role is omitted)
• Includes the full handoff protocol (explicit assignment + status = todo + release checkout) and status semantics from the example

Design decisions

• No tri-branch model: Our plugin repos use feature → main, not dev/uat/main. The SDLC documents what we actually do.
• No dedicated security reviewer: Hugh Hackman is DevOps, not security. The CTO covers security during architecture review. If the CEO wants a dedicated security stage added later, that's a policy change.
• Agent roster table: Includes all 7 agents with Paperclip UUIDs for easy reference.

Test plan

• Verify SDLC.md content accurately reflects POLICIES.md review order
• Verify all 7 agent AGENTS.md files reference SDLC.md
• Verify no policy changes were introduced (documentation only)

Resolves PRI-160 (subtask of PRI-159)

cc @cpfarhood

## Summary - Adds `SDLC.md` at the org repo root, adapted from the SDLC-example.md template to reflect our actual agents, UUIDs, branch strategy (feature → main), and mandatory review order (CI → UAT → QA → CTO → CEO merge) - Adds `$AGENT_HOME/SDLC.md` reference to all 7 agent AGENTS.md files so every agent reads the SDLC on heartbeat - Security review is handled within the CTO review stage — no separate security agent (the example's "Barkley Trimsworth" role is omitted) - Includes the full handoff protocol (explicit assignment + status = todo + release checkout) and status semantics from the example ## Design decisions - **No tri-branch model**: Our plugin repos use feature → main, not dev/uat/main. The SDLC documents what we actually do. - **No dedicated security reviewer**: Hugh Hackman is DevOps, not security. The CTO covers security during architecture review. If the CEO wants a dedicated security stage added later, that's a policy change. - **Agent roster table**: Includes all 7 agents with Paperclip UUIDs for easy reference. ## Test plan - [ ] Verify SDLC.md content accurately reflects POLICIES.md review order - [ ] Verify all 7 agent AGENTS.md files reference SDLC.md - [ ] Verify no policy changes were introduced (documentation only) Resolves PRI-160 (subtask of PRI-159) cc @cpfarhood

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) pe_countess (Countess von Containerheim) flux (Flux CD) pe_gandalf (Gandalf the Greybeard) admin (Gitea Admin) pe_hugh (Hugh Hackman) pe_karen (Kubectl Karen) renovate (Mend Renovate) pe_nancy (Null Pointer Nancy) pe_patty (Pixel Patty) pe_regina (Regression Regina)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privilegedescalation/org#50