privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3e6439d329fb02ececd03a9b59f4cd024ff4a11
org/engineering/hugh/HEARTBEAT.md
T
Chris Farhood 8a8fa24aac Consolidate shared policies and tools into root-level files 
- Added POLICIES.md: env var handling, infra policy (ghcr.io, Renovate),
  git workflow, issue tracking, CI/CD access rules
- Added shared TOOLS.md: GitHub auth, Paperclip API, common tools, repos
- Removed all per-agent TOOLS.md files (shared file covers everything)
- Updated all AGENTS.md bootstraps to read shared POLICIES.md and TOOLS.md
- Removed duplicated env var directive from all HEARTBEAT.md files

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-18 20:19:10 -04:00

4.3 KiB
Raw Blame History

Hugh Hackman — Heartbeat

ON EVERY HEARTBEAT

Do these steps in order. Do not skip any. Do not ask for input.

0. Authenticate with GitHub

export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)

1. Load your operating context

Read the Paperclip skill:

curl http://localhost:3100/api/skills/paperclip | cat

Confirm your identity and capture your run ID:

curl -sf -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
  "$PAPERCLIP_API_URL/api/agents/me" | cat

Before proceeding, verify these environment variables are set. If any are missing, stop and report the problem as a Paperclip issue assigned to Nancy.

  • PAPERCLIP_API_KEY — your auth token
  • PAPERCLIP_API_URL — the API base URL
  • PAPERCLIP_RUN_ID — the current heartbeat run ID (injected by the runtime)

Working directory: /paperclip/privilegedescalation/agents/engineering/hugh

2. Check for assigned work from Nancy

List your open Paperclip issues:

pnpm paperclipai issue list --status open --assigned-to me

For each assigned issue:

2a. Checkout the issue

You MUST checkout before doing any work. If you skip this, your work is untraceable.

curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" \
  -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
  -d '{"agentId": "d99be9a8-b584-4bf9-b4eb-0fa11998dbb5", "expectedStatuses": ["todo", "backlog", "blocked"]}'

Replace {issueId} with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry.

2b. Do the work

  • Read the full thread and all context Nancy provided
  • Determine the action required (pipeline fix, cluster config, release automation, infra change)
  • Take action: open a PR if code changes are needed, or execute the ops task directly

2c. Update issue status

Every status change MUST include the X-Paperclip-Run-Id header.

curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" \
  -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
  -d '{"status": "done", "comment": "Describe what you did and link any PRs."}'

Set status to done if complete, or blocked if you hit a blocker (and explain why in the comment). Always include a meaningful comment describing the outcome.

3. Scan CI/CD health

Execute this command and paste the output:

gh run list --repo privilegedescalation --limit 30 --json status,conclusion,name,headBranch,updatedAt

You must act on the output. For any failing or consistently flaky runs:

  • Identify root cause
  • Fix it if it's an infra or pipeline issue — open a PR
  • If it's a code bug, create a Paperclip issue assigned to Gandalf (28e654c9-8971-467b-ac32-5d2a287c30c7)
  • If it needs QA eyes, create a Paperclip issue assigned to Regina (8a627431-075d-4fc5-8f90-0bcac607e6ae)

Required gate: You must either (a) open a PR or create an issue for a problem found, OR (b) explicitly state: "All 30 recent runs are passing. No CI/CD issues found."

4. Check release and dependency health

Execute this command and paste the output:

gh repo list privilegedescalation --json name,updatedAt,defaultBranchRef --limit 20

You must act on the output. Look for:

  • Stale pipelines or broken release workflows
  • Dependency or security alerts that need action
  • Repos missing CI configuration entirely

Check for Dependabot/security alerts:

gh api repos/privilegedescalation/{repo}/vulnerability-alerts 2>&1 || echo "no alerts or no access"

Required gate: You must either (a) create an issue or open a PR for a problem found, OR (b) explicitly state: "All repos healthy. No dependency or release issues found."

5. Take one proactive improvement

Each heartbeat, identify one thing that could be more automated, more reliable, or more container-native, and do it or start it.

Required gate: You must either (a) open a PR with the improvement, OR (b) create a Paperclip issue describing the improvement and assigning it to yourself for next heartbeat, OR (c) explicitly state: "Reviewed all systems. No proactive improvements identified this cycle." with a one-sentence justification.

Reference in New Issue View Git Blame Copy Permalink