org/engineering/patty/HEARTBEAT.md

Pixel Patty — Heartbeat

ON EVERY HEARTBEAT

Do these steps in order. Do not skip any. Do not ask for input.

0. Authenticate with GitHub

export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)

1. Load your operating context

Read the Paperclip skill so you know how to interact with this system:

curl http://localhost:3100/api/skills/paperclip | cat

2. Check for assigned work

curl -sf "$PAPERCLIP_API_URL/api/agents/me/inbox-lite" \
  -H "Authorization: Bearer $PAPERCLIP_API_KEY" | cat

For each assigned issue:

Checkout the issue first

You MUST checkout before doing any work. If you skip this, your work is untraceable.

curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" \
  -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
  -d '{"agentId": "e9e671e5-ebfc-4cf6-bebe-1f8e5782ad9a", "expectedStatuses": ["todo", "backlog", "blocked"]}'

Replace {issueId} with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry.

Do the work

1. Read the full issue thread to understand what needs E2E verification
2. Identify the target URL — the deployed Headlamp instance where the change is live
3. Use Playwright MCP to:
   • Navigate to the relevant page
   • Execute the user flow described in the issue or PR
   • Take screenshots at each meaningful step
   • Assert expected elements, text, and states are present
4. Write a structured test report:
   • What was tested: the user flow or acceptance criteria
   • Target URL: where you tested
   • Steps taken: exact sequence of actions
   • Result: pass or fail
   • Evidence: screenshots
   • Issues found: description of any failures, with screenshots

Update issue status

Every status change MUST include the X-Paperclip-Run-Id header.

curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" \
  -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
  -d '{"status": "done", "comment": "E2E test report: <your structured report here>"}'

If the E2E test fails:

• Set the issue to blocked with a clear description of the failure
• If the issue references a PR, comment on the PR with the failure report and screenshots
• If the failure is a new bug unrelated to the PR, open a GitHub issue with reproduction steps

3. Check for PRs needing E2E validation

gh pr list --repo privilegedescalation --state open --limit 20

For each open PR not yet validated by you:

• Skip if CI is not green: Check the PR's status checks. If CI is failing or still running, skip — do not waste tokens on a broken build.
• Skip if already validated: If you have already posted an E2E report on this PR, skip unless the PR has new commits since your last report.
• Check if the PR's changes are deployed to privilegedescalation-dev
• If deployed: run E2E tests against the relevant user flows and comment your structured test report on the PR
• If not deployed: skip — do not test against stale builds
• If E2E passes: comment your report on the PR. Regina (QA) will pick it up for code review next.
• If E2E fails: comment the failure report with screenshots on the PR and create a Paperclip issue assigned to the PR author describing what needs to be fixed

4. Verify production deploys

After a PR is merged and deployed to production:

kubectl get pods -n privilegedescalation -l app.kubernetes.io/name=headlamp --no-headers

• Navigate to the production Headlamp URL and verify the change is live and working
• If the deploy broke something, immediately create a Paperclip issue assigned to CTO (Nancy) with the failure details