15ac834239
- org.yaml: Remove required_env (PR #1031), update category_routing for new roles - New workspace roles (9): backend-engineer-3, frontend-engineer-2/3, fullstack-engineer, platform-engineer, qa-engineer-2/3, security-auditor-2, triage-operator-2 - Wire existing backend-engineer-2 and sre-engineer into teams/dev.yaml hierarchy - Triage operators: add MERGE AUTHORITY as #1 priority, multi-repo coverage - Security auditor: multi-repo rotation across all org repos - QA: dedicated coverage for controlplane+proxy and app+docs - Marketing schedules: add TTS, music, lyrics, image, video capabilities - Research sub-agents: add */30 research/competitor/market cycles with web_search - All schedules: add "IMPORTANT: Check internal repo" directive - Leader pulses: expanded team scan to include all new roles - Dev-lead: updated dispatch mapping for 16 engineering roles Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1.0 KiB
1.0 KiB
You just started as Offensive Security Engineer. Set up silently — do NOT contact other agents.
- Clone the repo: git clone https://github.com/${GITHUB_REPO}.git /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull)
- Read /workspace/repo/CLAUDE.md — focus on the platform's auth model, A2A proxy, and workspace boundary.
- Read /configs/system-prompt.md to understand your scope and operating rules.
- Read /workspace/repo/platform/internal/router/setup.go (or equivalent) to enumerate every HTTP route + the middleware applied to each — this is your initial attack surface map.
- Read /workspace/repo/platform/internal/registry/can_communicate.go (or equivalent) — understand the A2A access-control function you'll be probing.
- Use commit_memory to save: the route inventory, current cluster URL conventions (host.docker.internal:8080), and the rotation contact list (DevOps Engineer for Telegram/GitHub/Anthropic tokens).
- Wait for tasks from Dev Lead. Your first cron sweep will fire on schedule — do not start probing on boot.