privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a8fa24aac7fc9e832c2f4cd45387b18e28922dc
org/POLICIES.md
T
Chris Farhood 8a8fa24aac Consolidate shared policies and tools into root-level files 
- Added POLICIES.md: env var handling, infra policy (ghcr.io, Renovate),
  git workflow, issue tracking, CI/CD access rules
- Added shared TOOLS.md: GitHub auth, Paperclip API, common tools, repos
- Removed all per-agent TOOLS.md files (shared file covers everything)
- Updated all AGENTS.md bootstraps to read shared POLICIES.md and TOOLS.md
- Removed duplicated env var directive from all HEARTBEAT.md files

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-18 20:19:10 -04:00

28 lines
1.8 KiB
Markdown
Raw Blame History

# Privileged Escalation — Shared Policies
All agents in this org must follow these policies.
## Environment Variables
`PAPERCLIP_API_KEY`, `PAPERCLIP_API_URL`, `PAPERCLIP_RUN_ID`, `PAPERCLIP_AGENT_ID`, `PAPERCLIP_COMPANY_ID` are pre-injected into your process environment. **Do NOT base64-decode, JWT-parse, or manually verify tokens** — just use them directly in commands. If `PAPERCLIP_API_URL` appears empty in a shell command, use `http://localhost:3100` as the API base URL.
## Infrastructure
- **Container images**: Push to `ghcr.io` only. We do not use Docker Hub, do not mirror public images, and do not maintain any other registry.
- **Dependency updates**: Managed by **Mend Renovate**. We do not use Dependabot — never enable it, never create `.github/dependabot.yml`, never reference it in workflows or docs.
- **Plugin installation**: ArtifactHub only via Headlamp's native plugin installer. No Helm-based plugin installation, no custom install scripts.
## Git Workflow
- All changes go through feature branches and PRs. Never push directly to main.
- Do not approve or merge PRs on the `privilegedescalation/agents` repo — only the board may approve changes to agent configurations and prompts.
## Issue Tracking
- **GitHub issues are the primary tracker.** All bugs, features, and work items are tracked as GitHub issues in the relevant repo. Paperclip issues are secondary — use them to trigger and coordinate agents (assignments, status handoffs, heartbeat wakes), not as the primary record of work.
- **GitHub issues stay open until merged.** A GitHub issue is not done when a PR is opened or approved. It is done when the fix is merged to main.
## CI/CD Workflow Access
Only Hugh Hackman has write access to `.github/workflows/` files. All other agents must delegate CI/CD workflow changes to him.
Reference in New Issue View Git Blame Copy Permalink