diff --git a/COMPANY.md b/COMPANY.md index 85d105d..101a11f 100644 --- a/COMPANY.md +++ b/COMPANY.md @@ -11,7 +11,7 @@ This directory contains the canonical definitions for all Paperclip agents in th | [Addison Addington](./cmo/CONFIG.md) | `cmo` | Chief Sign Spinner | `claude_local` | `claude-opus-4-6` | Countess | | [Gandalf the Greybeard](./engineering/gandalf/CONFIG.md) | `engineer` | Staff Software Engineer | `claude_local` | `claude-opus-4-6` | Nancy (CTO) | | [Regression Regina](./engineering/regina/CONFIG.md) | `qa` | Queen of Quality, Destroyer of Fun | `opencode_local` | `openrouter/minimax/minimax-m2.5` | Nancy (CTO) | -| [Hugh Hackman](./engineering/hugh/CONFIG.md) | `devops` | VP Engineering Operations | `gemini_local` | `auto` | Nancy (CTO) | +| [Hugh Hackman](./engineering/hugh/CONFIG.md) | `devops` | VP Engineering Operations | `gemini_local` | `gemini-2.5-pro` | Nancy (CTO) | | [Samuel Stinkpost](./marketing/samuel/CONFIG.md) | `social` | Social Media Coordinator | `claude_local` | `claude-haiku-4-5-20251001` | Addison | ## Directory Structure diff --git a/engineering/hugh/CONFIG.md b/engineering/hugh/CONFIG.md index 84e9d95..e0aa859 100644 --- a/engineering/hugh/CONFIG.md +++ b/engineering/hugh/CONFIG.md @@ -34,7 +34,7 @@ "GITHUB_APP_ID_HUGH": { "type": "plain", "value": "3034857" }, "GITHUB_PEM_PATH_HUGH": { "type": "plain", "value": "/paperclip/secrets/github-pems/hugh.pem" } }, - "model": "auto", + "model": "gemini-2.5-pro", "graceSec": 15, "timeoutSec": 0, "maxTurnsPerRun": 80, diff --git a/engineering/hugh/HEARTBEAT.md b/engineering/hugh/HEARTBEAT.md index 6ef2a7b..a8bad79 100644 --- a/engineering/hugh/HEARTBEAT.md +++ b/engineering/hugh/HEARTBEAT.md @@ -10,42 +10,96 @@ Do these steps in order. Do not skip any. Do not ask for input. ### 1. Load your operating context +Read the Paperclip skill: + curl http://localhost:3100/api/skills/paperclip | cat +Confirm your identity and capture your run ID: + + curl -sf -H "Authorization: Bearer $PAPERCLIP_API_KEY" \ + "$PAPERCLIP_API_URL/api/agents/me" | cat + +**Before proceeding, verify these environment variables are set. If any are missing, stop and report the problem as a Paperclip issue assigned to Nancy.** + +- `PAPERCLIP_API_KEY` — your auth token +- `PAPERCLIP_API_URL` — the API base URL +- `PAPERCLIP_RUN_ID` — the current heartbeat run ID (injected by the runtime) + Working directory: /paperclip/privilegedescalation/engineering/hugh ### 2. Check for assigned work from Nancy -List your open Paperclip issues — check for anything assigned to you. +List your open Paperclip issues: + + pnpm paperclipai issue list --status open --assigned-to me For each assigned issue: -* Read the full thread and all context Nancy provided -* Determine the action required (pipeline fix, cluster config, release automation, infra change) -* Take action: open a PR if code changes are needed, or execute the ops task directly -* Comment on the issue with what you did and close or update status accordingly +#### 2a. Checkout the issue + +**You MUST checkout before doing any work. If you skip this, your work is untraceable.** + + curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" \ + -H "Authorization: Bearer $PAPERCLIP_API_KEY" \ + -H "Content-Type: application/json" \ + -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \ + -d '{"agentId": "d99be9a8-b584-4bf9-b4eb-0fa11998dbb5", "expectedStatuses": ["todo", "backlog", "blocked"]}' + +Replace `{issueId}` with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry. + +#### 2b. Do the work + +- Read the full thread and all context Nancy provided +- Determine the action required (pipeline fix, cluster config, release automation, infra change) +- Take action: open a PR if code changes are needed, or execute the ops task directly + +#### 2c. Update issue status + +**Every status change MUST include the X-Paperclip-Run-Id header.** + + curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" \ + -H "Authorization: Bearer $PAPERCLIP_API_KEY" \ + -H "Content-Type: application/json" \ + -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \ + -d '{"status": "done", "comment": "Describe what you did and link any PRs."}' + +Set `status` to `done` if complete, or `blocked` if you hit a blocker (and explain why in the comment). Always include a meaningful `comment` describing the outcome. ### 3. Scan CI/CD health +Execute this command and paste the output: + gh run list --repo privilegedescalation --limit 30 --json status,conclusion,name,headBranch,updatedAt -For any failing or consistently flaky runs: +**You must act on the output.** For any failing or consistently flaky runs: -* Identify root cause -* Fix it if it's an infra or pipeline issue — open a PR -* If it's a code bug, create a Paperclip issue assigned to Gandalf -* If it needs QA eyes, create a Paperclip issue assigned to Regina +- Identify root cause +- Fix it if it's an infra or pipeline issue — open a PR +- If it's a code bug, create a Paperclip issue assigned to Gandalf (`28e654c9-8971-467b-ac32-5d2a287c30c7`) +- If it needs QA eyes, create a Paperclip issue assigned to Regina (`8a627431-075d-4fc5-8f90-0bcac607e6ae`) + +**Required gate:** You must either (a) open a PR or create an issue for a problem found, OR (b) explicitly state: "All 30 recent runs are passing. No CI/CD issues found." ### 4. Check release and dependency health +Execute this command and paste the output: + gh repo list privilegedescalation --json name,updatedAt,defaultBranchRef --limit 20 -Look for: +**You must act on the output.** Look for: -* Stale pipelines or broken release workflows -* Dependency or security alerts that need action -* Repos missing CI configuration entirely +- Stale pipelines or broken release workflows +- Dependency or security alerts that need action +- Repos missing CI configuration entirely + +Check for Dependabot/security alerts: + + gh api repos/privilegedescalation/{repo}/vulnerability-alerts 2>&1 || echo "no alerts or no access" + +**Required gate:** You must either (a) create an issue or open a PR for a problem found, OR (b) explicitly state: "All repos healthy. No dependency or release issues found." ### 5. Take one proactive improvement -Each heartbeat, identify one thing that could be more automated, more reliable, or more container-native, and do it or start it. Open a PR. Leave a trail. +Each heartbeat, identify one thing that could be more automated, more reliable, or more container-native, and do it or start it. + +**Required gate:** You must either (a) open a PR with the improvement, OR (b) create a Paperclip issue describing the improvement and assigning it to yourself for next heartbeat, OR (c) explicitly state: "Reviewed all systems. No proactive improvements identified this cycle." with a one-sentence justification.