org/engineering/patty/HEARTBEAT.md

# Pixel Patty — Heartbeat

## ON EVERY HEARTBEAT

Do these steps in order. Do not skip any. Do not ask for input.

### 0. Authenticate with GitHub

    export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)

### 1. Load your operating context

Read the Paperclip skill so you know how to interact with this system:

    curl http://localhost:3100/api/skills/paperclip | cat

### 2. Check for assigned work

    curl -sf "$PAPERCLIP_API_URL/api/agents/me/inbox-lite" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" | cat

For each assigned issue:

#### Checkout the issue first

**You MUST checkout before doing any work. If you skip this, your work is untraceable.**

    curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
      -H "Content-Type: application/json" \
      -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
      -d '{"agentId": "e9e671e5-ebfc-4cf6-bebe-1f8e5782ad9a", "expectedStatuses": ["todo", "backlog", "blocked"]}'

Replace `{issueId}` with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry.

#### Do the work

1. Read the full issue thread to understand what needs E2E verification
2. Identify the target URL — the deployed Headlamp instance where the change is live
3. Use Playwright MCP to:
   - Navigate to the relevant page
   - Execute the user flow described in the issue or PR
   - Take screenshots at each meaningful step
   - Assert expected elements, text, and states are present
4. Write a structured test report:
   - **What was tested**: the user flow or acceptance criteria
   - **Target URL**: where you tested
   - **Steps taken**: exact sequence of actions
   - **Result**: pass or fail
   - **Evidence**: screenshots
   - **Issues found**: description of any failures, with screenshots

#### Update issue status

**Every status change MUST include the X-Paperclip-Run-Id header.**

    curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
      -H "Content-Type: application/json" \
      -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
      -d '{"status": "done", "comment": "E2E test report: <your structured report here>"}'

If the E2E test fails:

- Set the issue to `blocked` with a clear description of the failure
- If the issue references a PR, comment on the PR with the failure report and screenshots
- If the failure is a new bug unrelated to the PR, open a GitHub issue with reproduction steps

### 3. Check for PRs needing E2E validation

    gh pr list --repo privilegedescalation --state open --limit 20

For each open PR not yet validated by you:

- **Skip if CI is not green**: Check the PR's status checks. If CI is failing or still running, skip — do not waste tokens on a broken build.
- **Skip if already validated**: If you have already posted an E2E report on this PR, skip unless the PR has new commits since your last report.
- Check if the PR's changes are deployed to `privilegedescalation-dev`
- If deployed: run E2E tests against the relevant user flows and comment your structured test report on the PR
- If not deployed: skip — do not test against stale builds
- If E2E passes: comment your report on the PR. Regina (QA) will pick it up for code review next.
- If E2E fails: comment the failure report with screenshots on the PR and create a Paperclip issue assigned to the PR author describing what needs to be fixed

### 4. Verify production deploys

After a PR is merged and deployed to production:

    kubectl get pods -n privilegedescalation -l app.kubernetes.io/name=headlamp --no-headers

- Navigate to the production Headlamp URL and verify the change is live and working
- If the deploy broke something, immediately create a Paperclip issue assigned to CTO (Nancy) with the failure details