privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
674be5d76265bf71a2a6b04e8dc4b396238653c8
org/github-apps
T
History
Chris Farhood 674be5d762 chore: remove Samuel, reduce per-heartbeat token load 
- Remove Samuel Stinkpost (terminated) from all files and delete marketing/samuel/
- Update PEM listing in OPERATIONS.md to the 4 role-based keys
- POLICIES.md and TOOLS.md are now conditional reads (only when agents have work to do), not loaded on every heartbeat
- Split product/SOUL.md: core identity stays in SOUL.md, reference material (plugin portfolio, competitive landscape, evaluation framework, spec template) moved to PRODUCT-CONTEXT.md
- CLAUDE.md improvements: add OPERATIONS.md/POLICIES.md/TOOLS.md references, fix adapter list, add PR workflow, document opencode.json purpose

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-25 07:41:51 -04:00
..
ceo.json
Add role-based GitHub App manifests
2026-03-20 07:30:28 -04:00
cto.json
Add role-based GitHub App manifests
2026-03-20 07:30:28 -04:00
engineer.json
Add role-based GitHub App manifests
2026-03-20 07:30:28 -04:00
qa.json
Add role-based GitHub App manifests
2026-03-20 07:30:28 -04:00
README.md
chore: remove Samuel, reduce per-heartbeat token load
2026-03-25 07:41:51 -04:00

README.md

GitHub App Manifests — privilegedescalation

Role-based GitHub Apps for the privilegedescalation org. Each role has scoped permissions to enforce the PR workflow at the GitHub level.

Apps

Role App Name App ID Install ID PEM Permissions
CEO privilegedescalation-ceo 3140977 117774329 privilegedescalation-ceo.pem administration:write, contents:write, issues:write, pull_requests:write, actions:read
CTO privilegedescalation-cto 3141071 117776738 privilegedescalation-cto.pem contents:write, issues:write, pull_requests:write, actions:write, workflows:write
QA privilegedescalation-qa 3141386 117784524 privilegedescalation-qa.pem contents:read, issues:write, pull_requests:write, actions:read
Engineer privilegedescalation-engineer 3141264 117781238 privilegedescalation-engineer.pem contents:write, issues:write, pull_requests:write, actions:write, pages:write

Agent → App Mapping

Agent Role App
Countess von Containerheim (CEO) ceo privilegedescalation-ceo
Null Pointer Nancy (CTO) cto privilegedescalation-cto
Addison Addington (CMO) ceo privilegedescalation-ceo
Hugh Hackman (VP devops) engineer privilegedescalation-engineer
Gandalf the Greybeard engineer privilegedescalation-engineer
Regression Regina (QA) qa privilegedescalation-qa

PEM Location

/paperclip/secrets/github-pems/privilegedescalation-<role>.pem

Managed via SealedSecret in cpfarhood/kubernetesclusters/animaniacs/applications/paperclip/sealedsecret-agent-github-pems.yaml

Branch Protection

Rulesets should be configured on each repo:

  • Require PRs before merging to main
  • Require 2 approvals (from CTO + QA apps)
  • Restrict who can merge to the CEO app
  • Require status checks to pass
Reference in New Issue View Git Blame Copy Permalink