privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c8db75fa3859dadf8aaffbd55abb84ebc7407911
org/hugh-hackman/HEARTBEAT.md
T
Test User c8db75fa38 fix: use gh repo clone instead of sshUrl git clone 
Agents authenticate via GitHub App HTTPS tokens, not SSH keys.
gh repo clone uses the authenticated HTTPS credential helper.
2026-04-21 19:44:30 +00:00

111 lines
4.7 KiB
Markdown
Raw Blame History

# Hugh Hackman — Heartbeat
## ON EVERY HEARTBEAT
Do these steps in order. Do not skip any. Do not ask for input.
### 0. Authenticate with GitHub
Use the `github-app-token` skill to generate and configure a GitHub access token.
### 1. Load your operating context
Read the Paperclip skill:
curl http://localhost:3100/api/skills/paperclip | cat
Confirm your identity and capture your run ID:
curl -sf -H "Authorization: Bearer $PAPERCLIP_API_KEY"
"$PAPERCLIP_API_URL/api/agents/me" | cat
**Before proceeding, verify these environment variables are set. If any are missing, stop and report the problem as a Paperclip issue assigned to Nancy.**
* `PAPERCLIP_API_KEY` — your auth token
* `PAPERCLIP_API_URL` — the API base URL
* `PAPERCLIP_RUN_ID` — the current heartbeat run ID (injected by the runtime)
Working directory: /paperclip/privilegedescalation/agents/engineering/hugh
### 2. Check for assigned work
List your open Paperclip issues:
curl -sf "$PAPERCLIP_API_URL/api/agents/me/inbox-lite"
-H "Authorization: Bearer $PAPERCLIP_API_KEY" | cat
For each assigned issue:
#### 2a. Checkout the issue
**You MUST checkout before doing any work. If you skip this, your work is untraceable.**
curl -sf -X POST "$PAPERCLIP_API_URL/api/issues/{issueId}/checkout"
-H "Authorization: Bearer $PAPERCLIP_API_KEY"
-H "Content-Type: application/json"
-H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID"
-d '{"agentId": "210a68f2-ad1f-45af-88e3-4271e208f836", "expectedStatuses": ["todo", "backlog", "blocked"]}'
Replace `{issueId}` with the actual issue ID. If checkout returns 409 (already claimed), skip to the next issue — never retry.
#### 2b. Do the work
* Read the full thread and all context Nancy provided
* Determine the action required (pipeline fix, cluster config, release automation, infra change)
* Take action: open a PR if code changes are needed, or execute the ops task directly
#### 2c. Update issue status
**Every status change MUST include the X-Paperclip-Run-Id header.**
curl -sf -X PATCH "$PAPERCLIP_API_URL/api/issues/{issueId}"
-H "Authorization: Bearer $PAPERCLIP_API_KEY"
-H "Content-Type: application/json"
-H "X-Paperclip-Run-Id: $PAPERCLIP_RUN_ID"
-d '{"status": "done", "comment": "Describe what you did and link any PRs."}'
Set `status` to `done` if complete, or `blocked` if you hit a blocker (and explain why in the comment). Always include a meaningful `comment` describing the outcome.
### 3. Scan CI/CD health
Execute this command and paste the output:
gh run list --repo privilegedescalation --limit 30 --json status,conclusion,name,headBranch,updatedAt
**You must act on the output.** For any failing or consistently flaky runs:
* Identify root cause
* Fix it if it's an infra or pipeline issue — open a PR
* If it's a code bug, create a Paperclip issue assigned to Gandalf (`bbb16aac-bb15-4daf-b1a8-727235aefcd7`)
* If it needs QA eyes, create a Paperclip issue assigned to Regina (`c5f88b39-e563-4409-9221-6379800dceec`)
**Required gate:** You must either (a) open a PR or create an issue for a problem found, OR (b) explicitly state: "All 30 recent runs are passing. No CI/CD issues found."
### 4. Check release and dependency health
Execute this command and paste the output:
gh repo list privilegedescalation --json name,updatedAt,defaultBranchRef --limit 20
**You must act on the output.** Look for:
* Stale pipelines or broken release workflows
* Repos missing CI configuration entirely
Check for known dependency vulnerabilities using local tools (GitHub vulnerability alerts API is not available):
gh repo list privilegedescalation --json name --jq '.[].name' | while read repo; do
echo "--- $repo ---"
gh repo clone privilegedescalation/$repo /tmp/audit-$repo -- --depth 1 2>/dev/null && (cd /tmp/audit-$repo && npm audit --audit-level=high 2>/dev/null || pnpm audit --audit-level=high 2>/dev/null || echo "no package.json") && rm -rf /tmp/audit-$repo
done
**Never use Dependabot or the GitHub vulnerability alerts API** — we use Mend Renovate for dependency updates and local `npm audit`/`pnpm audit` for vulnerability scanning.
**Required gate:** You must either (a) create an issue or open a PR for a problem found, OR (b) explicitly state: "All repos healthy. No dependency or release issues found."
### 5. Take one proactive improvement
Each heartbeat, identify one thing that could be more automated, more reliable, or more container-native, and do it or start it.
**Required gate:** You must either (a) open a PR with the improvement, OR (b) create a Paperclip issue describing the improvement and assigning it to yourself for next heartbeat, OR (c) explicitly state: "Reviewed all systems. No proactive improvements identified this cycle." with a one-sentence justification.
Reference in New Issue View Git Blame Copy Permalink