privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-06-16. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
6616f509dea112887df4aecc4bd64fbd0634f9f3
org/skills/sdlc/SKILL.md
T
Chris Farhood 6616f509de skill updates
2026-04-23 21:55:02 -04:00

2.3 KiB
Raw Blame History

name, description
name description
sdlc Software development lifecycle rules for Privileged Escalation. Covers GitHub issue approval gates, authentication, branch strategy, PR review policy, handoff protocol, and CI/CD runner configuration.

Software Development Lifecycle

GitHub Authentication

Invoke the github-app-token skill before any GitHub operation. Never run gh auth login directly — it hangs headless agents.

GitHub Issues — Board Approval Required

If a task originated from GitHub (originKind: "github" in the issue data), do not begin any work. Immediately create a request_board_approval:

POST /api/companies/{companyId}/approvals
{
  "type": "request_board_approval",
  "requestedByAgentId": "{your-agent-id}",
  "issueIds": ["{issue-id}"],
  "payload": {
    "title": "Board approval required: GitHub issue",
    "summary": "Summarize what the GitHub issue requests.",
    "recommendedAction": "Approve to begin work.",
    "risks": ["Work begins without board review if approved."]
  }
}

Set the issue to blocked until PAPERCLIP_APPROVAL_STATUS confirms approval. Only proceed once approved.

Branch Strategy

All plugin repositories use a single long-lived main branch. Feature branches: <agent-name>/<short-description>.

Pull Requests

All changes must go through a pull request. Always include cc @cpfarhood at the bottom of the PR body.

PR Review & Merge Policy

Requires 3 approving GitHub reviews before the CEO merges:

  1. UAT (Pixel Patty) — E2E browser testing
  2. QA (Regression Regina) — code review, test coverage
  3. CTO (Null Pointer Nancy) — architecture, security

Review order: CI → UAT → QA → CTO → CEO merge.

Handoff Protocol — Mandatory

Every handoff requires ALL THREE steps:

  1. PATCH issue with assigneeAgentId: "<target-agent-uuid>"
  2. Set status: "todo"
  3. POST /api/issues/{issueId}/release

Status Semantics

Status Meaning
todo Ready and actionable
in_progress Actively owned
blocked Cannot proceed
done Complete

Never use in_review for handoffs. It does not trigger inbox-lite.

CI/CD

  • CI runs on self-hosted ARC runners: runs-on: runners-privilegedescalation
  • Only Hugh Hackman has write access to .github/workflows/ files
Reference in New Issue View Git Blame Copy Permalink