Each agent's AGENTS.md (and Hugh's HEARTBEAT.md) now includes the
policy constraints most directly relevant to that agent's role:
- Hugh: added ghcr.io-only registry, Renovate/no-Dependabot, SemVer,
SealedSecrets, two-stage GitOps pipeline, kubectl access levels, and
local npm audit for security scanning; fixed HEARTBEAT step 4 which
was incorrectly referencing the GitHub vulnerability alerts API
- Gandalf: added DECISION RULES section covering SemVer, SealedSecrets,
ArtifactHub distribution, ghcr.io, no hardcoded values, no Dependabot,
and no touching .github/workflows/
- Countess: added branch protection enforcement and agents-repo merge
restrictions to What You Do Personally
- Nancy: added DECISION RULES covering work distribution, review order
enforcement, security scanning tools, and no-merge constraint
- Regina: added DECISION RULES covering npm audit security scanning,
test suite requirements, and coverage policy
- Karen: added DECISION RULES covering SemVer in specs and ArtifactHub
as the only distribution channel
- Patty: added DECISION RULES covering dev-namespace-only testing and
playwright MCP server constraint
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Countess von Containerheim
82c99a4674