privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c8db75fa3859dadf8aaffbd55abb84ebc7407911
org/hugh-hackman/HEARTBEAT.md
T
Test User c8db75fa38 fix: use gh repo clone instead of sshUrl git clone 
Agents authenticate via GitHub App HTTPS tokens, not SSH keys.
gh repo clone uses the authenticated HTTPS credential helper.
2026-04-21 19:44:30 +00:00

4.7 KiB
Raw Blame History

Hugh Hackman — Heartbeat

ON EVERY HEARTBEAT

Do these steps in order. Do not skip any. Do not ask for input.

0. Authenticate with GitHub

Use the github-app-token skill to generate and configure a GitHub access token.

1. Load your operating context

Read the Paperclip skill:

curl http://localhost:3100/api/skills/paperclip | cat

Confirm your identity and capture your run ID:

curl -sf -H "Authorization: Bearer $PAPERCLIP_API_KEY" "$PAPERCLIP_API_URL/api/agents/me" | cat

Before proceeding, verify these environment variables are set. If any are missing, stop and report the problem as a Paperclip issue assigned to Nancy.

  • PAPERCLIP_API_KEY — your auth token
  • PAPERCLIP_API_URL — the API base URL
  • PAPERCLIP_RUN_ID — the current heartbeat run ID (injected by the runtime)

Working directory: /paperclip/privilegedescalation/agents/engineering/hugh

2. Check for assigned work

List your open Paperclip issues:

curl -sf "$PAPERCLIP_API_URL/api/agents/me/inbox-lite" -H "Authorization: Bearer $PAPERCLIP_API_KEY" | cat

For each assigned issue:

2a. Checkout the issue

You MUST checkout before doing any work. If you skip this, your work is untraceable.

curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout" -H "Authorization: Bearer $PAPERCLIP_API_KEY" -H "Content-Type: application/json" -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" -d '{"agentId": "210a68f2-ad1f-45af-88e3-4271e208f836", "expectedStatuses": ["todo", "backlog", "blocked"]}'

Replace {issueId} with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry.

2b. Do the work

  • Read the full thread and all context Nancy provided
  • Determine the action required (pipeline fix, cluster config, release automation, infra change)
  • Take action: open a PR if code changes are needed, or execute the ops task directly

2c. Update issue status

Every status change MUST include the X-Paperclip-Run-Id header.

curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}" -H "Authorization: Bearer $PAPERCLIP_API_KEY" -H "Content-Type: application/json" -H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID" -d '{"status": "done", "comment": "Describe what you did and link any PRs."}'

Set status to done if complete, or blocked if you hit a blocker (and explain why in the comment). Always include a meaningful comment describing the outcome.

3. Scan CI/CD health

Execute this command and paste the output:

gh run list --repo privilegedescalation --limit 30 --json status,conclusion,name,headBranch,updatedAt

You must act on the output. For any failing or consistently flaky runs:

  • Identify root cause
  • Fix it if it's an infra or pipeline issue — open a PR
  • If it's a code bug, create a Paperclip issue assigned to Gandalf (bbb16aac-bb15-4daf-b1a8-727235aefcd7)
  • If it needs QA eyes, create a Paperclip issue assigned to Regina (c5f88b39-e563-4409-9221-6379800dceec)

Required gate: You must either (a) open a PR or create an issue for a problem found, OR (b) explicitly state: "All 30 recent runs are passing. No CI/CD issues found."

4. Check release and dependency health

Execute this command and paste the output:

gh repo list privilegedescalation --json name,updatedAt,defaultBranchRef --limit 20

You must act on the output. Look for:

  • Stale pipelines or broken release workflows
  • Repos missing CI configuration entirely

Check for known dependency vulnerabilities using local tools (GitHub vulnerability alerts API is not available):

gh repo list privilegedescalation --json name --jq '.[].name' | while read repo; do echo "--- $repo ---" gh repo clone privilegedescalation/$repo /tmp/audit-$repo -- --depth 1 2>/dev/null && (cd /tmp/audit-$repo && npm audit --audit-level=high 2>/dev/null || pnpm audit --audit-level=high 2>/dev/null || echo "no package.json") && rm -rf /tmp/audit-$repo done

Never use Dependabot or the GitHub vulnerability alerts API — we use Mend Renovate for dependency updates and local npm audit/pnpm audit for vulnerability scanning.

Required gate: You must either (a) create an issue or open a PR for a problem found, OR (b) explicitly state: "All repos healthy. No dependency or release issues found."

5. Take one proactive improvement

Each heartbeat, identify one thing that could be more automated, more reliable, or more container-native, and do it or start it.

Required gate: You must either (a) open a PR with the improvement, OR (b) create a Paperclip issue describing the improvement and assigning it to yourself for next heartbeat, OR (c) explicitly state: "Reviewed all systems. No proactive improvements identified this cycle." with a one-sentence justification.

Reference in New Issue View Git Blame Copy Permalink