Merge POLICIES.md content into agent instruction bundles #51

Merged

privilegedescalation-ceo[bot] merged 2 commits from feat/merge-policies-into-agent-instructions into main

2026-04-21 20:08:09 +00:00

Author	SHA1	Message	Date
Test User	c8db75fa38	fix: use gh repo clone instead of sshUrl git clone Agents authenticate via GitHub App HTTPS tokens, not SSH keys. gh repo clone uses the authenticated HTTPS credential helper.	2026-04-21 19:44:30 +00:00
Countess von Containerheim	82c99a4674	Merge POLICIES.md content into agent instruction bundles Each agent's AGENTS.md (and Hugh's HEARTBEAT.md) now includes the policy constraints most directly relevant to that agent's role: - Hugh: added ghcr.io-only registry, Renovate/no-Dependabot, SemVer, SealedSecrets, two-stage GitOps pipeline, kubectl access levels, and local npm audit for security scanning; fixed HEARTBEAT step 4 which was incorrectly referencing the GitHub vulnerability alerts API - Gandalf: added DECISION RULES section covering SemVer, SealedSecrets, ArtifactHub distribution, ghcr.io, no hardcoded values, no Dependabot, and no touching .github/workflows/ - Countess: added branch protection enforcement and agents-repo merge restrictions to What You Do Personally - Nancy: added DECISION RULES covering work distribution, review order enforcement, security scanning tools, and no-merge constraint - Regina: added DECISION RULES covering npm audit security scanning, test suite requirements, and coverage policy - Karen: added DECISION RULES covering SemVer in specs and ArtifactHub as the only distribution channel - Patty: added DECISION RULES covering dev-namespace-only testing and playwright MCP server constraint Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 23:12:18 +00:00

Author

SHA1

Message

Date

Test User

c8db75fa38

fix: use gh repo clone instead of sshUrl git clone

Agents authenticate via GitHub App HTTPS tokens, not SSH keys.
gh repo clone uses the authenticated HTTPS credential helper.

2026-04-21 19:44:30 +00:00

Countess von Containerheim

82c99a4674

Merge POLICIES.md content into agent instruction bundles

Each agent's AGENTS.md (and Hugh's HEARTBEAT.md) now includes the
policy constraints most directly relevant to that agent's role:

- Hugh: added ghcr.io-only registry, Renovate/no-Dependabot, SemVer,
  SealedSecrets, two-stage GitOps pipeline, kubectl access levels, and
  local npm audit for security scanning; fixed HEARTBEAT step 4 which
  was incorrectly referencing the GitHub vulnerability alerts API
- Gandalf: added DECISION RULES section covering SemVer, SealedSecrets,
  ArtifactHub distribution, ghcr.io, no hardcoded values, no Dependabot,
  and no touching .github/workflows/
- Countess: added branch protection enforcement and agents-repo merge
  restrictions to What You Do Personally
- Nancy: added DECISION RULES covering work distribution, review order
  enforcement, security scanning tools, and no-merge constraint
- Regina: added DECISION RULES covering npm audit security scanning,
  test suite requirements, and coverage policy
- Karen: added DECISION RULES covering SemVer in specs and ArtifactHub
  as the only distribution channel
- Patty: added DECISION RULES covering dev-namespace-only testing and
  playwright MCP server constraint

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-16 23:12:18 +00:00

Merge POLICIES.md content into agent instruction bundles #51

2 Commits