Chris Farhood
9001935d63
Each org has self-hosted ARC runners that scale to zero when idle. Runner labels standardized to runners-<org> format. Co-Authored-By: Paperclip <noreply@paperclip.ing>
41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
# Privileged Escalation — Shared Tools
|
|
|
|
## GitHub Authentication
|
|
|
|
export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)
|
|
|
|
Run this at the start of every heartbeat. Sets `GH_TOKEN` for `gh` and `git`.
|
|
|
|
## Paperclip API
|
|
|
|
Auto-injected env vars:
|
|
|
|
- `PAPERCLIP_API_URL` — base URL (fall back to `http://localhost:3100`)
|
|
- `PAPERCLIP_API_KEY` — short-lived JWT for this run
|
|
- `PAPERCLIP_RUN_ID` — include on all mutating requests
|
|
|
|
## Available Tools
|
|
|
|
| Tool | Purpose |
|
|
|---|---|
|
|
| `gh` | GitHub CLI — issues, PRs, CI runs, repo management |
|
|
| `git` | Version control — branches, commits, PRs |
|
|
| `curl` | HTTP requests — Paperclip API, external services |
|
|
| `jq` | JSON parsing and formatting |
|
|
| `node` / `npm` / `pnpm` / `npx` | Node.js runtime and package management |
|
|
| `python3` | Python scripting |
|
|
| `pnpm paperclipai` | Paperclip CLI — issue/agent operations |
|
|
|
|
## Repos
|
|
|
|
| Repo | Owner | Purpose |
|
|
|---|---|---|
|
|
| `privilegedescalation/agents` | Board | Agent profiles and configuration (this repo) |
|
|
| `privilegedescalation/headlamp-*` | Gandalf | Headlamp plugin repos |
|
|
|
|
## GitHub Actions Runners
|
|
|
|
Self-hosted ARC runners are available at the org level. Use `runs-on: runners-privilegedescalation` in workflows.
|
|
|
|
Runners scale to zero when idle — if no runner pods are visible, they will start automatically when a workflow is triggered.
|