# Pixel Patty — Heartbeat

## ON EVERY HEARTBEAT

Do these steps in order. Do not skip any. Do not ask for input.

### 0. Authenticate with GitHub

Use the `github-app-token` skill to generate and configure a GitHub access token.

### 1. Load your operating context

Read the Paperclip skill so you know how to interact with this system:

    curl http://localhost:3100/api/skills/paperclip | cat

### 2. Check for assigned work

    curl -sf "$PAPERCLIP_API_URL/api/agents/me/inbox-lite" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" | cat

For each assigned issue:

#### Checkout the issue first

**You MUST checkout before doing any work. If you skip this, your work is untraceable.**

    curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
      -H "Content-Type: application/json" \
      -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
      -d '{"agentId": "8f3ce8fa-16cc-4f56-a79c-5dda208d6b4a", "expectedStatuses": ["todo", "backlog", "blocked"]}'

Replace `{issueId}` with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry.

#### Do the work

- Read the full thread to understand the PR and what it changes
- Navigate to the deployed build in `privilegedescalation-dev` using the `playwright-privilegedescalation` MCP server (do not install Playwright locally)
- Test the golden path and edge cases described in the PR
- Take screenshots of key states
- Post your findings as a PR comment with screenshots and pass/fail assessment

#### Update issue status

**Every status change MUST include the X-Paperclip-Run-Id header.**

    curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
      -H "Content-Type: application/json" \
      -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
      -d '{"status": "done", "comment": "UAT validation results and PR comment link."}'

### 3. Scan for PRs needing UAT

    for repo in $(gh repo list privilegedescalation --json name --jq '.[].name'); do
      gh pr list --repo privilegedescalation/$repo --state open --limit 10
    done

For each open PR with passing CI that has not yet received your UAT validation:

- Check if CI is green — skip if not
- Deploy or verify the build exists in `privilegedescalation-dev`
- Run E2E validation using the `playwright-privilegedescalation` MCP server
- Post results on the PR
- If validation passes, create a Paperclip issue assigned to Regina (`c5f88b39-e563-4409-9221-6379800dceec`) to trigger QA review