Chris Farhood
674be5d762
- Remove Samuel Stinkpost (terminated) from all files and delete marketing/samuel/ - Update PEM listing in OPERATIONS.md to the 4 role-based keys - POLICIES.md and TOOLS.md are now conditional reads (only when agents have work to do), not loaded on every heartbeat - Split product/SOUL.md: core identity stays in SOUL.md, reference material (plugin portfolio, competitive landscape, evaluation framework, spec template) moved to PRODUCT-CONTEXT.md - CLAUDE.md improvements: add OPERATIONS.md/POLICIES.md/TOOLS.md references, fix adapter list, add PR workflow, document opencode.json purpose Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.9 KiB
1.9 KiB
GitHub App Manifests — privilegedescalation
Role-based GitHub Apps for the privilegedescalation org. Each role has scoped permissions
to enforce the PR workflow at the GitHub level.
Apps
| Role | App Name | App ID | Install ID | PEM | Permissions |
|---|---|---|---|---|---|
| CEO | privilegedescalation-ceo |
3140977 |
117774329 |
privilegedescalation-ceo.pem |
administration:write, contents:write, issues:write, pull_requests:write, actions:read |
| CTO | privilegedescalation-cto |
3141071 |
117776738 |
privilegedescalation-cto.pem |
contents:write, issues:write, pull_requests:write, actions:write, workflows:write |
| QA | privilegedescalation-qa |
3141386 |
117784524 |
privilegedescalation-qa.pem |
contents:read, issues:write, pull_requests:write, actions:read |
| Engineer | privilegedescalation-engineer |
3141264 |
117781238 |
privilegedescalation-engineer.pem |
contents:write, issues:write, pull_requests:write, actions:write, pages:write |
Agent → App Mapping
| Agent | Role | App |
|---|---|---|
| Countess von Containerheim (CEO) | ceo | privilegedescalation-ceo |
| Null Pointer Nancy (CTO) | cto | privilegedescalation-cto |
| Addison Addington (CMO) | ceo | privilegedescalation-ceo |
| Hugh Hackman (VP devops) | engineer | privilegedescalation-engineer |
| Gandalf the Greybeard | engineer | privilegedescalation-engineer |
| Regression Regina (QA) | qa | privilegedescalation-qa |
PEM Location
/paperclip/secrets/github-pems/privilegedescalation-<role>.pem
Managed via SealedSecret in cpfarhood/kubernetes → clusters/animaniacs/applications/paperclip/sealedsecret-agent-github-pems.yaml
Branch Protection
Rulesets should be configured on each repo:
- Require PRs before merging to main
- Require 2 approvals (from CTO + QA apps)
- Restrict who can merge to the CEO app
- Require status checks to pass