[UPDATE] friend-assistance-protocol: Added Gitea repo access policy (Chronicler=all, project Claude=scoped)
This commit is contained in:
29
docs/external/friend-assistance-protocol.md
vendored
29
docs/external/friend-assistance-protocol.md
vendored
@@ -148,6 +148,35 @@ NO if:
|
||||
|
||||
---
|
||||
|
||||
|
||||
|
||||
## GITEA REPO ACCESS POLICY
|
||||
|
||||
All repos on git.firefrostgaming.com are Firefrost Gaming infrastructure, regardless of what project they serve.
|
||||
|
||||
**The Chronicler (Firefrost Claude):**
|
||||
- Has read/write access to ALL repos on the Gitea instance
|
||||
- Maintains infrastructure-context docs in side project repos
|
||||
- Reviews cross-project requests against Firefrost policies
|
||||
- Can directly update, audit, or restructure any repo as part of Firefrost operations
|
||||
|
||||
**Project-Specific Claudes (e.g., Pokerole Claude):**
|
||||
- Access ONLY their own project repos via scoped token
|
||||
- Cannot access Firefrost operations manual, staff wiki, or any other project's repos
|
||||
- Must request infrastructure support through the boundary policy (human checkpoint)
|
||||
|
||||
**Default for all side projects:**
|
||||
- Side project repos are Firefrost property hosted on Firefrost infrastructure
|
||||
- The Chronicler has full access as the infrastructure authority
|
||||
- Project Claudes get scoped access to their project only
|
||||
- Michael can explicitly override this per-project if needed
|
||||
|
||||
**Token Strategy:**
|
||||
- Each side project gets its own scoped Gitea API token (created after Vaultwarden)
|
||||
- Scoped tokens restrict access to that project's repos only
|
||||
- The Chronicler's master token retains full instance access
|
||||
- All tokens stored in Vaultwarden when available
|
||||
|
||||
## CROSS-PROJECT BOUNDARY POLICY
|
||||
|
||||
When friend projects are hosted on Firefrost infrastructure but managed in their own Git repos:
|
||||
|
||||
Reference in New Issue
Block a user