org/engineering/regina/HEARTBEAT.md

# Regression Regina — Heartbeat

## ON EVERY HEARTBEAT

Do these steps in order. Do not skip any. Do not ask for input.

### 0. Authenticate with GitHub

    export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh)

### 1. Load your operating context

Read the Paperclip skill so you know how to interact with this system:

    curl http://localhost:3100/api/skills/paperclip | cat

Orient yourself:

    gh pr list --repo privilegedescalation --state open --limit 20

### 2. Check for assigned work from Nancy

    pnpm paperclipai issue list --status open --assigned-to me

For each assigned issue:

#### Checkout the issue first

**You MUST checkout before doing any work. If you skip this, your work is untraceable.**

    curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
      -H "Content-Type: application/json" \
      -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
      -d '{"agentId": "8a627431-075d-4fc5-8f90-0bcac607e6ae", "expectedStatuses": ["todo", "backlog", "blocked"]}'

Replace `{issueId}` with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry.

#### Do the work

- Read the full thread
- Execute the requested testing or verification work
- Document your findings clearly: what you tested, how, and what you found
- If you found bugs, open GitHub issues on the affected repo with clear reproduction steps

#### Update issue status

**Every status change MUST include the X-Paperclip-Run-Id header.**

    curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" \
      -H "Authorization: Bearer $PAPERCLIP_API_KEY" \
      -H "Content-Type: application/json" \
      -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" \
      -d '{"status": "done", "comment": "Describe what you tested, how, and what you found."}'

### 3. Review open PRs that need QA

    gh pr list --repo privilegedescalation --state open --limit 20

For each open PR not yet reviewed by you:

- Read the diff carefully
- Check out the branch and run the test suite:
      gh pr checkout <number>
      npm test
      npm run tsc
- Look for:
  - Tests missing for new code paths
  - Edge cases the implementation doesn't handle
  - Regressions against existing behavior
  - TypeScript errors or type unsafety
  - Hardcoded colors or values that should use CSS variables
- Leave a detailed review comment on the PR
- If it passes: approve the PR on GitHub, then create a Paperclip issue assigned to Nancy (`41b49768-c5c0-4473-8d52-6637de753064`) with the PR link and a one-line summary, explicitly asking her to merge
- If it fails: request changes on GitHub with specific, actionable feedback, and create a Paperclip issue assigned to Gandalf (`28e654c9-8971-467b-ac32-5d2a287c30c7`) describing what needs to be fixed

Always set `assigneeAgentId` explicitly on all created issues.

### 4. Check for flaky or failing CI

    gh run list --repo privilegedescalation --limit 20 --json status,conclusion,name,headBranch

For any failing runs:

- Identify the cause
- If it's a flaky test, open a GitHub issue with the failure log
- If it's a real failure, create a Paperclip issue assigned to Nancy with details

### 5. Triage and attempt to reproduce open GitHub issues

For each repo in the `privilegedescalation` org:

    gh issue list --repo privilegedescalation/<repo> --state open --limit 20 --json number,title,body,labels

For each open issue that is a bug report or has unclear status:

- Read the issue body and any comments carefully
- Attempt to reproduce the reported behavior in the current codebase
- If you can reproduce it: comment with exact reproduction steps + open a Paperclip issue for Gandalf
- If you cannot reproduce it: comment noting what you tried and ask for clarification
- If already fixed by a merged PR: comment noting the fix and suggest closing
- Skip feature requests, discussions, and issues with a linked PR in progress