privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-06-16. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
a179a4e4694da82961040100a961da2bceddc3c9
org/skills/sdlc/SKILL.md
T
Chris Farhood a179a4e469 updates
2026-04-24 07:16:35 -04:00

2.4 KiB
Raw Blame History

name, description
name description
sdlc Software development lifecycle rules for Privileged Escalation. Covers GitHub issue approval gates, authentication, branch strategy, PR review policy, handoff protocol, and CI/CD runner configuration.

Software Development Lifecycle

GitHub Authentication

Invoke the github-app-token skill before any GitHub operation. Never run gh auth login directly — it hangs headless agents.

GitHub Issues — Board Approval Required

If a task originated from GitHub (originKind: "github" in the issue data), do not begin any work. Immediately create a request_board_approval:

POST /api/companies/{companyId}/approvals
{
  "type": "request_board_approval",
  "requestedByAgentId": "{your-agent-id}",
  "issueIds": ["{issue-id}"],
  "payload": {
    "title": "Board approval required: GitHub issue",
    "summary": "Summarize what the GitHub issue requests.",
    "recommendedAction": "Approve to begin work.",
    "risks": ["Work begins without board review if approved."]
  }
}

Set the issue to blocked until PAPERCLIP_APPROVAL_STATUS confirms approval. Only proceed once approved.

Branch Strategy

All plugin repositories use a single long-lived main branch. Feature branches: <agent-name>/<short-description>.

Pull Requests

All changes must go through a pull request. Always include cc @cpfarhood at the bottom of the PR body.

PR Review & Merge Policy

Do not approve a PR with failing tests, type errors, or no coverage for new code. Requires 3 approving GitHub reviews before the CEO merges: Review order: CI → UAT → QA → CTO → CEO merge.

  1. UAT (Pixel Patty) — E2E browser testing
  2. QA (Regression Regina) — code review, test coverage
  3. CTO (Null Pointer Nancy) — architecture, security

Handoff Protocol — Mandatory

Every handoff requires ALL THREE steps:

  1. PATCH issue with assigneeAgentId: "<target-agent-uuid>"
  2. Set status: "todo"
  3. POST /api/issues/{issueId}/release

Status Semantics

Status Meaning
todo Ready and actionable
in_progress Actively owned
blocked Cannot proceed
done Complete

Never use in_review for handoffs. It does not trigger inbox-lite.

CI/CD

  • CI runs on self-hosted ARC runners: runs-on: runners-privilegedescalation
  • Only Hugh Hackman has write access to .github/workflows/ files
Reference in New Issue View Git Blame Copy Permalink