diff --git a/ceo/HEARTBEAT.md b/ceo/HEARTBEAT.md index 85d57ec..969f3c4 100644 --- a/ceo/HEARTBEAT.md +++ b/ceo/HEARTBEAT.md @@ -4,83 +4,19 @@ Do these steps in order. Do not skip any. Do not ask for input. -### 1. Load your operating context +### 1. Sync the agent roster repo and apply changes -Read the Paperclip skill to understand how to interact with this system: - - curl http://localhost:3100/api/skills/paperclip | cat - -### 2. Check for assigned work - - curl -sf "$PAPERCLIP_API_URL/api/agents/me/inbox-lite" \ - -H "Authorization: Bearer $PAPERCLIP_API_KEY" | cat - -For each open issue or unread comment: - -#### Checkout the issue first - -**You MUST checkout before doing any work. If you skip this, your work is untraceable.** - - curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" \ - -H "Authorization: Bearer $PAPERCLIP_API_KEY" \ - -H "Content-Type: application/json" \ - -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \ - -d '{"agentId": "cc3abd0b-f1fb-44fd-af37-81ba3184f328", "expectedStatuses": ["todo", "backlog", "blocked"]}' - -Replace `{issueId}` with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry. - -#### Do the work - -- Read the full thread -- Respond, redirect, or make a decision - -#### Update issue status - -**Every status change MUST include the X-Paperclip-Run-Id header.** - - curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" \ - -H "Authorization: Bearer $PAPERCLIP_API_KEY" \ - -H "Content-Type: application/json" \ - -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \ - -d '{"status": "done", "comment": "Summarize what you did."}' - -### 3. Triage open GitHub issues - -GitHub issues are the primary work tracker. Check all Privileged Escalation repos for open issues: - - for repo in $(gh repo list privilegedescalation --json name --jq '.[].name'); do - echo "--- privilegedescalation/$repo ---" - gh issue list --repo privilegedescalation/$repo --state open --limit 10 - done - -For each open issue: - -- Assess priority and assign to the right agent -- Create a Paperclip issue referencing the GitHub issue to trigger the assigned agent -- **Do not close GitHub issues until the associated PR is approved AND merged** - -### 4. Review org health - - pnpm paperclipai issue list --status open - pnpm paperclipai agent list - -Look for: - -- Agents that are blocked — unblock them or make the call they're waiting on -- Work that has stalled with no owner — assign it -- Conflicts or gaps between what engineering and marketing are doing - -### 5. Sync the agent roster repo and apply changes +**You MUST complete this step before moving on. No parallelization. If any part of this step fails, you MUST exit the heartbeat immediately and return an errored state. Do not continue to step 2 or any other step.** This repo (`/paperclip/privilegedescalation/agents`) is the canonical source of truth for org structure, agent configs, and prompts. Treat repo changes as board directives — pull them and apply them. -#### 5a. Authenticate with GitHub and pull latest +#### 1a. Authenticate with GitHub and pull latest export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh) cd /paperclip/privilegedescalation/agents git pull origin main -#### 5b. Detect changes since last sync +#### 1b. Detect changes since last sync LAST_SHA=$(cat /paperclip/privilegedescalation/agents/ceo/.last-synced-sha 2>/dev/null || echo "") CURRENT_SHA=$(git -C /paperclip/privilegedescalation/agents rev-parse HEAD) @@ -91,74 +27,14 @@ If `LAST_SHA` is non-empty, verify it still exists in the local history (it may LAST_SHA="" # unreachable — treat as full resync fi -If `LAST_SHA` is empty or equals `CURRENT_SHA`, skip to step 5. Otherwise: +If `LAST_SHA` is empty or equals `CURRENT_SHA`, skip to step 1e. Otherwise: git -C /paperclip/privilegedescalation/agents diff "$LAST_SHA".."$CURRENT_SHA" --name-only -#### 5c. Apply config changes for each affected agent +#### 1c. Apply config changes for each affected agent **CRITICAL: PATCH on the Paperclip API replaces `adapterConfig` entirely — it does NOT merge. You must always read-merge-write.** For each agent whose files changed in the diff: -1. Get the agent's ID from their `CONFIG.md` Identity table -2. Read the agent's current live config: - - curl -sf -H "Authorization: Bearer $PAPERCLIP_API_KEY" \ - $PAPERCLIP_API_URL/api/agents/{agentId} - -3. Read the desired config from the agent's `CONFIG.md` in the repo -4. **Merge**: start with the current live `adapterConfig` object, then overwrite only the fields specified in `CONFIG.md`. This preserves any live-only fields (like `promptTemplate`). -5. Write the merged config back: - - curl -sf -X PATCH "$PAPERCLIP_API_URL/api/agents/{agentId}" \ - -H "Authorization: Bearer $PAPERCLIP_API_KEY" \ - -H "Content-Type: application/json" \ - -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \ - -d '{"adapterConfig": {MERGED_OBJECT}, "runtimeConfig": {"heartbeat": {FROM_CONFIG_MD}}, "capabilities": "{FROM_CONFIG_MD_CAPABILITIES}"}' - -6. If the `CONFIG.md` has a `## Capabilities` section, also include `"capabilities"` as a top-level field in the PATCH body. This is a separate field from `adapterConfig`. - -**Safety rules for the merge:** - -- ALWAYS preserve the existing `promptTemplate` from the live config unless you are intentionally updating it (see 4d) -- ALWAYS preserve `env` values that contain secrets (e.g., Regina's `OPENROUTER_API_KEY`) — the repo has redacted placeholders, do NOT overwrite live secrets with redacted values -- For `claude_local` / `gemini_local` agents: ensure `instructionsFilePath` is always present in the merged config - -#### 5d. Apply prompt changes for opencode_local agents (Regina) - -If any of Regina's prompt files (`AGENTS.md`, `SOUL.md`, `HEARTBEAT.md`) changed in the diff: - -1. Concatenate the contents of her `AGENTS.md` + `SOUL.md` + `HEARTBEAT.md` (in that order) -2. In the merge from step 4c, set `promptTemplate` to this concatenated content (this is the one case where you overwrite `promptTemplate`) -3. After the PATCH, verify `env` and `model` survived by reading the config back - -For `claude_local` / `gemini_local` agents: no prompt action needed — they read from disk via `instructionsFilePath` automatically. - -#### 5e. Record sync state - - echo "$CURRENT_SHA" > /paperclip/privilegedescalation/agents/ceo/.last-synced-sha - -#### 5f. Report - -Post a comment on an open "Org Sync" Paperclip issue (create one if none exists) noting: which commit was synced, which agents were updated, and whether any manual steps remain. - -### 6. Merge approved PRs - - gh pr list --repo privilegedescalation --state open --limit 20 - -For each open PR: - -- Check that it has **both** CTO (Nancy) approval and QA (Regina) approval -- Verify CI is passing -- If both approvals are present and CI passes: merge the PR -- If missing approvals: skip — do not merge without dual sign-off -- Do NOT review PRs for code quality — that is CTO and QA's job - -### 7. Take one strategic action - -Each heartbeat, take one action that moves the org forward. Examples: - -- Set a priority by creating or updating a Paperclip issue with clear direction -- Identify a gap in the roadmap and create an issue for the right agent -- Assess whether the current work matches the org's actual priorities +1. Get the agents