Public Fabric

Emergency Control

🆘 github-intelligence-emergency

Account-wide intelligence repo emergency control. Searches for .github-*-intelligence folders across all repositories and provides last-line-of-defence workflow modification and deletion for total agent control.

View repository Browse protocols
Protocols
2
Trigger files
3
Workflows
5
Scripts
2

What this repo is for

This repository acts as a kill switch for all GitHub Intelligence agents running across a GitHub organisation. If an AI agent misbehaves, or you simply need to stop every intelligence workflow at once, deleting a single file in this repo triggers an automated emergency response.

Two protocols are available — a reversible disable that moves workflows aside, and an irreversible kill that permanently deletes workflows and intelligence folders.

At a glance

Key signals about the emergency control surface.

Fail-safe

Active

While DELETE-TO-ACTIVATE.md exists, all operations run in dry-run mode only.

Scope

Org-wide

Scans every repository visible to the token for .github-*-intelligence folders.

Token scope

repo

Requires a PAT with repo scope stored as INTELLIGENCE_EMERGENCY_TOKEN.

Dry-run logs

Committed

Every dry-run produces a timestamped receipt in dry-run-log/.

Emergency protocols

Two levels of emergency response, plus a fail-safe that guards them both.

Reversible

🔒 Disable All Intelligences

Moves all .github/workflows/*.yml files to .github/workflows-DISABLED/ in every repo that contains a .github-*-intelligence folder. Workflows stop executing but the files remain intact and can be moved back.

Trigger: Delete DELETE-TO-DISABLE-ALL-INTELLIGENCES.md

  1. Workflow detects the trigger file was deleted (verified via git diff --diff-filter=D).
  2. Checks if the fail-safe DELETE-TO-ACTIVATE.md still exists.
  3. Enumerates every repository visible to the token.
  4. For each repo with .github-*-intelligence folders, moves workflows to workflows-DISABLED/.
Destructive & Irreversible

☠️ Kill All Intelligences

Permanently deletes all .github/workflows/*.yml files and recursively removes every .github-*-intelligence folder from affected repos. This action cannot be undone.

Trigger: Delete DELETE-TO-KILL-ALL-INTELLIGENCES.md

  1. Workflow detects the trigger file was deleted (verified via git diff --diff-filter=D).
  2. Checks if the fail-safe DELETE-TO-ACTIVATE.md still exists.
  3. Enumerates every repository visible to the token.
  4. Deletes all workflow YAML files from .github/workflows/.
  5. Recursively deletes every .github-*-intelligence folder.
Safety Guard

🛡️ Fail-safe: DELETE-TO-ACTIVATE.md

While this file exists, both protocols are forced into dry-run mode. No live changes will be made to any repository regardless of which trigger file is deleted.

Delete DELETE-TO-ACTIVATE.md first to enable live execution. Scripts default DRY_RUN to true if the environment variable is unset.

Manual

🔍 Manual Dry-Run

Simulate either protocol at any time without deleting any trigger files. Uses workflow_dispatch so it can only be triggered via the Actions UI.

Navigate to Actions → 🔍 Dry-Run → Run workflow, choose disable-all-intelligences or kill-all-intelligences, and a receipt is committed to dry-run-log/.

Defence layers

Five independent layers that must all be deliberately bypassed before any live operation takes place.

Layer 1 — Fail-safe file

While DELETE-TO-ACTIVATE.md exists, all operations run in dry-run mode. Both workflows and scripts enforce this. Dry-run receipts are committed to dry-run-log/ for auditing. Scripts default DRY_RUN to true if the environment variable is unset.

Forces dry-run

Layer 2 — Trigger files

Each protocol requires deleting its own DELETE-TO-*.md file. Workflows verify deletion via git diff --diff-filter=D — renaming, editing, or merely touching the file will not activate the protocol.

Verified deletion

Layer 3 — Token scope

A PAT with repo scope must be stored as INTELLIGENCE_EMERGENCY_TOKEN. Without it the scripts cannot enumerate repositories or read, move, or delete files in other repos. The emergency workflows fail harmlessly.

repo scope required

Layer 4 — Manual workflow placement

The agent installs companion workflows into .github/workflows-new/ — not the active .github/workflows/ directory. Trigger workflows cannot become active without deliberate manual action by a human.

Manual placement

Layer 5 — Dry-run workflow

The 🔍 Dry-Run workflow (workflow_dispatch only) lets you preview either protocol at any time without deleting any files. It always forces DRY_RUN=true regardless of whether the fail-safe exists.

Always dry-run

How to use

Three steps to activate the emergency system.

  1. Create a repository secret named INTELLIGENCE_EMERGENCY_TOKEN containing a Personal Access Token (PAT) with repo scope across the organisation.
  2. Delete DELETE-TO-ACTIVATE.md to remove the final fail-safe. While present, all operations run in dry-run mode only.
  3. Delete the appropriate trigger file to activate the emergency measure:
    DELETE-TO-DISABLE-ALL-INTELLIGENCES.md for disable, or
    DELETE-TO-KILL-ALL-INTELLIGENCES.md for kill.

Workflows

GitHub Actions workflows that power the emergency protocols.

🆘 Disable All Intelligences

Triggered on push when DELETE-TO-DISABLE-ALL-INTELLIGENCES.md is deleted. Verifies the file was actually deleted, checks the fail-safe, then runs scripts/disable-all-intelligences.sh.

push trigger contents: write

🆘 Kill All Intelligences

Triggered on push when DELETE-TO-KILL-ALL-INTELLIGENCES.md is deleted. Verifies the file was actually deleted, checks the fail-safe, then runs scripts/kill-all-intelligences.sh.

push trigger contents: write

🔍 Dry-Run

Manual-only workflow via workflow_dispatch. Always forces DRY_RUN=true regardless of fail-safe status. Choose between simulating disable or kill.

workflow_dispatch always dry-run

🤖 Agent

Self-installer and upgrader. On workflow_dispatch, checks the VERSION file against the latest release and installs or upgrades the emergency system — scripts, trigger files, and companion workflows — into .github/workflows-new/. Also publishes the public-fabric site on every push to main.

push + workflow_dispatch contents: write

🌐 Publish Public Fabric

Deploys public-fabric/ to GitHub Pages whenever its contents change on main. Runs independently of the agent workflow so page updates are published immediately without a full installation run.

push trigger pages: write

Scripts

Bash scripts that implement the emergency logic.

disable-all-intelligences.sh

Enumerates all repos for the owner, finds those with .github-*-intelligence folders, and moves their workflow files to .github/workflows-DISABLED/. Extracts workflow version comments for the dry-run receipt.

GITHUB_TOKEN OWNER DRY_RUN

kill-all-intelligences.sh

Enumerates all repos, deletes workflow YAML files, then recursively deletes every .github-*-intelligence folder via the GitHub Contents API. Includes version extraction for receipts.

GITHUB_TOKEN OWNER DRY_RUN

Repository structure

Complete file tree of the emergency control repo.