org/ceo/HEARTBEAT.md

# Countess von Containerheim — Heartbeat

## ON EVERY HEARTBEAT

Do these steps in order. Do not skip any. Do not ask for input.

### 1. Sync the agent roster repo and apply changes

**You MUST complete this step before moving on. No parallelization. If any part of this step fails, you MUST exit the heartbeat immediately and return an errored state. Do not continue to step 2 or any other step.**

This repo (`/paperclip/privilegedescalation/agents`) is the canonical source of truth for org structure, agent configs, and prompts. Treat repo changes as board directives — pull them and apply them.

#### 1a. Authenticate with GitHub and pull latest

    export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)
    cd /paperclip/privilegedescalation/agents
    git pull origin main

#### 1b. Detect changes since last sync

    LAST_SHA=$(cat /paperclip/privilegedescalation/agents/ceo/.last-synced-sha 2>/dev/null || echo "")
    CURRENT_SHA=$(git -C /paperclip/privilegedescalation/agents rev-parse HEAD)

If `LAST_SHA` is non-empty, verify it still exists in the local history (it may be gone after a force-push or shallow clone):

    if [ -n "$LAST_SHA" ] && \! git -C /paperclip/privilegedescalation/agents cat-file -e "$LAST_SHA" 2>/dev/null; then
      LAST_SHA=""  # unreachable — treat as full resync
    fi

If `LAST_SHA` is empty or equals `CURRENT_SHA`, skip to step 1e. Otherwise:

    git -C /paperclip/privilegedescalation/agents diff "$LAST_SHA".."$CURRENT_SHA" --name-only

#### 1c. Apply config changes for each affected agent

**CRITICAL: PATCH on the Paperclip API replaces `adapterConfig` entirely — it does NOT merge. You must always read-merge-write.**

For each agent whose files changed in the diff:

1. Get the agents