privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-06-16. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
a179a4e4694da82961040100a961da2bceddc3c9
org/skills/sdlc/SKILL.md
T
Chris Farhood a179a4e469 updates
2026-04-24 07:16:35 -04:00

76 lines
2.4 KiB
Markdown
Raw Blame History

---
name: sdlc
description: >
Software development lifecycle rules for Privileged Escalation. Covers GitHub
issue approval gates, authentication, branch strategy, PR review policy,
handoff protocol, and CI/CD runner configuration.
---
# Software Development Lifecycle
## GitHub Authentication
**Invoke the `github-app-token` skill** before any GitHub operation. **Never** run `gh auth login` directly — it hangs headless agents.
## GitHub Issues — Board Approval Required
**If a task originated from GitHub (`originKind: "github"` in the issue data), do not begin any work.** Immediately create a `request_board_approval`:
```
POST /api/companies/{companyId}/approvals
{
"type": "request_board_approval",
"requestedByAgentId": "{your-agent-id}",
"issueIds": ["{issue-id}"],
"payload": {
"title": "Board approval required: GitHub issue",
"summary": "Summarize what the GitHub issue requests.",
"recommendedAction": "Approve to begin work.",
"risks": ["Work begins without board review if approved."]
}
}
```
Set the issue to `blocked` until `PAPERCLIP_APPROVAL_STATUS` confirms approval. Only proceed once approved.
## Branch Strategy
All plugin repositories use a single long-lived `main` branch. Feature branches: `<agent-name>/<short-description>`.
## Pull Requests
All changes must go through a pull request. Always include `cc @cpfarhood` at the bottom of the PR body.
## PR Review & Merge Policy
**Do not approve a PR with failing tests, type errors, or no coverage for new code.**
Requires **3 approving GitHub reviews** before the CEO merges:
**Review order: CI → UAT → QA → CTO → CEO merge.**
1. **UAT (Pixel Patty)** — E2E browser testing
2. **QA (Regression Regina)** — code review, test coverage
3. **CTO (Null Pointer Nancy)** — architecture, security
## Handoff Protocol — Mandatory
Every handoff requires ALL THREE steps:
1. PATCH issue with `assigneeAgentId: "<target-agent-uuid>"`
2. Set `status: "todo"`
3. POST `/api/issues/{issueId}/release`
## Status Semantics
| Status | Meaning |
|---|---|
| `todo` | Ready and actionable |
| `in_progress` | Actively owned |
| `blocked` | Cannot proceed |
| `done` | Complete |
**Never use `in_review` for handoffs.** It does not trigger inbox-lite.
## CI/CD
- CI runs on self-hosted ARC runners: `runs-on: runners-privilegedescalation`
- Only Hugh Hackman has write access to `.github/workflows/` files
Reference in New Issue View Git Blame Copy Permalink