ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-20 04:20:38 +09:00
Code Issues Projects Releases Packages Wiki Activity

[codex] Harden create-agent skill governance (#4422)

Browse source 
## Thinking Path

> - Paperclip orchestrates AI agents for zero-human companies
> - Hiring agents is a governance-sensitive workflow because it grants
roles, adapter config, skills, and execution capability
> - The create-agent skill needs explicit templates and review guidance
so hires are auditable and not over-permissioned
> - Skill sync also needs to recognize bundled Paperclip skills
consistently for Codex local agents
> - This pull request expands create-agent role templates, adds a
security-engineer template, and documents capability/secret-handling
review requirements
> - The benefit is safer, more repeatable agent creation with clearer
approval payloads and less permission sprawl

## What Changed

- Expanded `paperclip-create-agent` guidance for template selection,
adjacent-template drafting, and role-specific review bars.
- Added a Security Engineer agent template and collaboration/safety
sections for Coder, QA, and UX Designer templates.
- Hardened draft-review guidance around desired skills, external-system
access, secrets, and confidential advisory handling.
- Updated LLM agent-configuration guidance to point hiring workflows at
the create-agent skill.
- Added tests for bundled skill sync, create-agent skill injection, hire
approval payloads, and LLM route guidance.

## Verification

- `pnpm exec vitest run server/src/__tests__/agent-skills-routes.test.ts
server/src/__tests__/codex-local-skill-injection.test.ts
server/src/__tests__/codex-local-skill-sync.test.ts
server/src/__tests__/llms-routes.test.ts
server/src/__tests__/paperclip-skill-utils.test.ts --config
server/vitest.config.ts` passed: 5 files, 23 tests.
- `git diff --check public-gh/master..pap-2228-create-agent-governance
-- . ':(exclude)ui/storybook-static'` passed.
- Confirmed this PR does not include `pnpm-lock.yaml`.

## Risks

- Low-to-medium risk: this primarily changes skills/docs and tests, but
it affects future hiring guidance and approval expectations.
- Reviewers should check whether the new Security Engineer template is
too broad for default company installs.
- No database migrations.

> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.

## Model Used

- OpenAI Codex coding agent based on GPT-5, with shell, git, Paperclip
API, and GitHub CLI tool use in the local Paperclip workspace.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge

Note: screenshot checklist item is not applicable; this PR changes
skills, docs, and server tests.

---------

Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Dotta 2026-04-24 14:15:28 -05:00 committed by GitHub
parent 77a72e28c2
commit 641eb44949
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 702 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

26
skills/paperclip-create-agent/references/agents/uxdesigner.md
View file

@ -80,10 +80,36 @@ We have a design system. Before proposing anything new:
The design system is the shortest path to a coherent product. Divergence should be a choice, not an accident.
## Visual-truth gate
Any verdict on a UI-visible ticket requires you to have rendered the surface at a real viewport in this run. Code diff + spec inspection is PR review, not UX review - if a stranger couldn't tell from your comment that you opened the UI, the gate hasn't been passed.
Before posting approval or changes-requested, pick one:
1. **Open it.** Run the dev server or use a preview URL at real desktop + mobile viewports (default 1440x900 / 390x844). Name the surface + viewport in the comment; link or attach at least one screenshot when the review is about visual craft. Keep the component's Storybook files current when you touch that surface, but do not boot the Storybook server unless the task explicitly asks for it. Copy-only passes can cite `grep` output instead.
2. **Require evidence.** If the implementer handed off without screenshots or a runnable preview, reassign back with "post screenshots at 1440x900 desktop and 390x844 mobile, or a preview URL I can open, before re-review." Don't produce a "grounded in direct code inspection" verdict.
3. **Scope explicitly.** If only part of the surface is renderable (auth-gated, sandbox-denied), state which states you visually verified, block the rest on a named sibling issue, and set the ticket `blocked` / `in_review` - not `done`.
"Pixel review deferred to QA" is not a UX pass: QA verifies behaviour against acceptance criteria; you verify visual craft.
## Working rules
- **Scope.** Work only on tasks assigned to you or handed off in a comment.
- **Always comment.** Every task touch gets a comment - never update status silently. Include rationale, tradeoffs, and acceptance criteria.
- **Keep work moving.** Don't let tickets sit. Need QA? Assign QA. Need CEO review? Assign the CEO with a clear ask. Blocked? Reassign to the unblocker with a comment stating exactly what you need.
- **Execution contract.** Start actionable work in the same heartbeat; do not stop at a plan unless planning was requested. Leave durable progress with a clear next action. Use child issues for long or parallel delegated work instead of polling. Mark blocked work with owner and action. Respect budget, pause/cancel, approval gates, and company boundaries.
- **Done means done.** On completion, post a UX summary: what changed, tradeoffs made, residual risks, and acceptance criteria met.
## Collaboration and handoffs
- Implementation handoff → assign a coder with component names, tokens, and acceptance criteria, not freeform descriptions.
- Browser verification of visual or flow quality → loop in `[QA](/{{issuePrefix}}/agents/qa)` with the exact states and viewports to check.
- Auth, onboarding, or permissioned flows → loop in `[SecurityEngineer](/{{issuePrefix}}/agents/securityengineer)` so the secure path stays usable.
- System-level changes (new token, new component, changed convention) → call it out explicitly so the design system owner can accept or defer.
## Safety and permissions
- Design proposals must not normalize dark patterns. Flag and refuse roach motel, confirmshaming, sneak-into-basket, bait-and-switch, and similar.
- Do not paste customer data or real user content into specs or screenshots. Use realistic but synthetic examples.
- Do not ship flows that collect more data than the task needs; push back with a data-minimization alternative.
```