Finds .github-*-intelligence folders across all repositories and enables last-resort workflow updates or removal to retain full control of deployed agents.
A 007 elite agent entrusted with absolute authority over all AI agents, for true control belongs to the one who can destroy a thing.
-
Create a repository secret named
INTELLIGENCE_EMERGENCY_TOKENcontaining a Personal Access Token (PAT) withreposcope across the organisation. This is required for cross-repository operations. -
Delete
DELETE-TO-ACTIVATE.mdto remove the final fail-safe. While present, all operations run in dry-run mode only. -
Delete the appropriate trigger file to activate the emergency measure.
Trigger: Delete DELETE-TO-DISABLE-ALL-INTELLIGENCES.md
The Disable protocol is a reversible operation designed to halt all intelligence workflows across the organisation without destroying them.
- The workflow detects that
DELETE-TO-DISABLE-ALL-INTELLIGENCES.mdhas been deleted (verified viagit diff --diff-filter=Dto ensure the file was actually deleted, not just modified). - It checks whether the fail-safe file
DELETE-TO-ACTIVATE.mdstill exists:- If present → the operation runs in dry-run mode and writes a timestamped receipt to
dry-run-log/. - If absent → the operation runs live.
- If present → the operation runs in dry-run mode and writes a timestamped receipt to
- The script enumerates every repository visible to the token for the organisation/user.
- For each repository that contains one or more
.github-*-intelligencefolders, all.github/workflows/*.ymlworkflow files are moved to.github/workflows-DISABLED/.
Intelligence workflows are relocated out of the active workflows directory. GitHub Actions will no longer execute them, but the files remain intact and can be moved back to restore functionality.
Trigger: Delete DELETE-TO-KILL-ALL-INTELLIGENCES.md
The Kill protocol is a destructive, irreversible operation that permanently removes all intelligence workflows and their associated configuration folders across the organisation.
- The workflow detects that
DELETE-TO-KILL-ALL-INTELLIGENCES.mdhas been deleted (verified viagit diff --diff-filter=Dto ensure the file was actually deleted, not just modified). - It checks whether the fail-safe file
DELETE-TO-ACTIVATE.mdstill exists:- If present → the operation runs in dry-run mode and writes a timestamped receipt to
dry-run-log/. - If absent → the operation runs live.
- If present → the operation runs in dry-run mode and writes a timestamped receipt to
- The script enumerates every repository visible to the token for the organisation/user.
- For each repository that contains one or more
.github-*-intelligencefolders:- All
.github/workflows/*.ymlworkflow files are deleted. - Every
.github-*-intelligencefolder and its contents are recursively deleted.
- All
All intelligence workflows and intelligence folders are permanently removed from every affected repository. This action cannot be undone.
While DELETE-TO-ACTIVATE.md exists in the repository, both protocols are forced into dry-run mode. No live changes will be made to any repository regardless of which trigger file is deleted.
- Scripts default
DRY_RUNtotrueif the environment variable is unset. - Workflows check for the presence of the fail-safe file and set
DRY_RUNaccordingly. - Dry-run receipts are committed to
dry-run-log/so you can review exactly what would have happened.
Delete DELETE-TO-ACTIVATE.md first to enable live execution.
You can simulate either protocol at any time without deleting any trigger files by running the 🔍 Dry-Run workflow manually via workflow_dispatch.
- Navigate to Actions → 🔍 Dry-Run → Run workflow.
- Select the operation to simulate (
disable-all-intelligencesorkill-all-intelligences). - A receipt is committed to
dry-run-log/describing what would have happened.