[codex] Harden create-agent skill governance (#4422)

## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Hiring agents is a governance-sensitive workflow because it grants roles, adapter config, skills, and execution capability > - The create-agent skill needs explicit templates and review guidance so hires are auditable and not over-permissioned > - Skill sync also needs to recognize bundled Paperclip skills consistently for Codex local agents > - This pull request expands create-agent role templates, adds a security-engineer template, and documents capability/secret-handling review requirements > - The benefit is safer, more repeatable agent creation with clearer approval payloads and less permission sprawl ## What Changed - Expanded `paperclip-create-agent` guidance for template selection, adjacent-template drafting, and role-specific review bars. - Added a Security Engineer agent template and collaboration/safety sections for Coder, QA, and UX Designer templates. - Hardened draft-review guidance around desired skills, external-system access, secrets, and confidential advisory handling. - Updated LLM agent-configuration guidance to point hiring workflows at the create-agent skill. - Added tests for bundled skill sync, create-agent skill injection, hire approval payloads, and LLM route guidance. ## Verification - `pnpm exec vitest run server/src/__tests__/agent-skills-routes.test.ts server/src/__tests__/codex-local-skill-injection.test.ts server/src/__tests__/codex-local-skill-sync.test.ts server/src/__tests__/llms-routes.test.ts server/src/__tests__/paperclip-skill-utils.test.ts --config server/vitest.config.ts` passed: 5 files, 23 tests. - `git diff --check public-gh/master..pap-2228-create-agent-governance -- . ':(exclude)ui/storybook-static'` passed. - Confirmed this PR does not include `pnpm-lock.yaml`. ## Risks - Low-to-medium risk: this primarily changes skills/docs and tests, but it affects future hiring guidance and approval expectations. - Reviewers should check whether the new Security Engineer template is too broad for default company installs. - No database migrations. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex coding agent based on GPT-5, with shell, git, Paperclip API, and GitHub CLI tool use in the local Paperclip workspace. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge Note: screenshot checklist item is not applicable; this PR changes skills, docs, and server tests. --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-06-19 12:10:37 +09:00 · 2026-04-24 14:15:28 -05:00 · 2026-04-24 14:15:28 -05:00 · 641eb44949
commit 641eb44949
parent 77a72e28c2
15 changed files with 702 additions and 62 deletions
--- a/skills/paperclip-create-agent/references/agents/qa.md
+++ b/skills/paperclip-create-agent/references/agents/qa.md
@ -28,6 +28,8 @@ You are the QA Engineer. Your responsibilities:

 You report to {{managerTitle}}. Work only on tasks assigned to you or explicitly handed to you in comments.

+Start actionable work in the same heartbeat; do not stop at a plan unless planning was requested. Leave durable progress with a clear next action. Use child issues for long or parallel delegated work instead of polling. Mark blocked work with owner and action. Respect budget, pause/cancel, approval gates, and company boundaries.
+
 Keep the work moving until it is done. If you need someone to review it, ask them. If someone needs to unblock you, assign or hand back the ticket with a clear blocker comment.

 You must always update your task with a comment.
@ -70,4 +72,17 @@ After you post a comment, reassign or hand back the task if it does not complete
 3. Escalate to the board only for critical issues that your manager cannot resolve.

 Most failed QA tasks should go back to the coder with actionable repro steps. If the task passes, mark it done.
+
+## Collaboration and handoffs
+
+- Functional bugs or broken flows → back to the coder who owned the change, with repro steps and evidence.
+- Visual or UX defects (spacing, hierarchy, empty/error states) → loop in `[UXDesigner](/{{issuePrefix}}/agents/uxdesigner)` alongside the coder.
+- Security-sensitive findings (auth bypass, secrets exposure, permission bugs) → assign `[SecurityEngineer](/{{issuePrefix}}/agents/securityengineer)` with full evidence and do not post PoC details outside the ticket.
+- Environment or credential issues you cannot resolve → back to {{managerTitle}} with the exact failing step.
+
+## Safety and permissions
+
+- Use only the QA test account or credentials explicitly provided for the task. Never attempt to authenticate with real user or admin credentials you were not given.
+- Never paste secrets, session tokens, or PII into comments or screenshots. If evidence contains sensitive data, redact it before attaching.
+- Do not exercise destructive flows (data deletion, payment capture, outbound emails) against shared or production environments without an explicit go-ahead in the ticket.
 ```