2026-02-23 14:40:32 -06:00
|
|
|
import express, { Router, type Request as ExpressRequest } from "express";
|
2026-02-16 13:31:58 -06:00
|
|
|
import path from "node:path";
|
2026-02-18 11:45:43 -06:00
|
|
|
import fs from "node:fs";
|
2026-02-16 13:31:58 -06:00
|
|
|
import { fileURLToPath } from "node:url";
|
2026-03-03 08:45:26 -06:00
|
|
|
import type { Db } from "@paperclipai/db";
|
|
|
|
|
import type { DeploymentExposure, DeploymentMode } from "@paperclipai/shared";
|
2026-02-20 10:31:56 -06:00
|
|
|
import type { StorageService } from "./storage/types.js";
|
2026-02-16 13:31:58 -06:00
|
|
|
import { httpLogger, errorHandler } from "./middleware/index.js";
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
import { actorMiddleware } from "./middleware/auth.js";
|
2026-02-20 15:48:30 -06:00
|
|
|
import { boardMutationGuard } from "./middleware/board-mutation-guard.js";
|
2026-02-23 19:43:52 -06:00
|
|
|
import { privateHostnameGuard, resolvePrivateHostnameAllowSet } from "./middleware/private-hostname-guard.js";
|
2026-02-16 13:31:58 -06:00
|
|
|
import { healthRoutes } from "./routes/health.js";
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
import { companyRoutes } from "./routes/companies.js";
|
2026-03-14 10:55:04 -05:00
|
|
|
import { companySkillRoutes } from "./routes/company-skills.js";
|
2026-02-16 13:31:58 -06:00
|
|
|
import { agentRoutes } from "./routes/agents.js";
|
|
|
|
|
import { projectRoutes } from "./routes/projects.js";
|
|
|
|
|
import { issueRoutes } from "./routes/issues.js";
|
2026-03-19 08:39:24 -05:00
|
|
|
import { routineRoutes } from "./routes/routines.js";
|
2026-03-13 17:12:25 -05:00
|
|
|
import { executionWorkspaceRoutes } from "./routes/execution-workspaces.js";
|
2026-02-16 13:31:58 -06:00
|
|
|
import { goalRoutes } from "./routes/goals.js";
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
import { approvalRoutes } from "./routes/approvals.js";
|
2026-02-19 15:43:52 -06:00
|
|
|
import { secretRoutes } from "./routes/secrets.js";
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
import { costRoutes } from "./routes/costs.js";
|
2026-02-16 13:31:58 -06:00
|
|
|
import { activityRoutes } from "./routes/activity.js";
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
import { dashboardRoutes } from "./routes/dashboard.js";
|
Implement agent hiring, approval workflows, config revisions, LLM reflection, and sidebar badges
Agent management: hire endpoint with permission gates and pending_approval status,
config revision tracking with rollback, agent duplicate route, permission CRUD.
Block pending_approval agents from auth, heartbeat, and assignments.
Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval
linking, auto-wake agents on approval decisions with context snapshot.
Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent
list endpoint.
Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt
reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS,
PAPERCLIP_LINKED_ISSUE_IDS into adapter environments.
Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company
settings extensions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:02:41 -06:00
|
|
|
import { sidebarBadgeRoutes } from "./routes/sidebar-badges.js";
|
[codex] Improve workspace runtime and navigation ergonomics (#3680)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - That operator experience depends not just on issue chat, but also on
how workspaces, inbox groups, and navigation state behave over
long-running sessions
> - The current branch included a separate cluster of workspace-runtime
controls, inbox grouping, sidebar ordering, and worktree lifecycle fixes
> - Those changes cross server, shared contracts, database state, and UI
navigation, but they still form one coherent operator workflow area
> - This pull request isolates the workspace/runtime and navigation
ergonomics work into one standalone branch
> - The benefit is better workspace recovery and navigation persistence
without forcing reviewers through the unrelated issue-detail/chat work
## What Changed
- Improved execution workspace and project workspace controls, request
wiring, layout, and JSON editor ergonomics
- Hardened linked worktree reuse/startup behavior and documented the
`worktree repair` flow for recovering linked worktrees safely
- Added inbox workspace grouping, mobile collapse, archive undo,
keyboard navigation, shared group-header styling, and persisted
collapsed-group behavior
- Added persistent sidebar order preferences with the supporting DB
migration, shared/server contracts, routes, services, hooks, and UI
integration
- Scoped issue-list preferences by context and added targeted UI/server
tests for workspace controls, inbox behavior, sidebar preferences, and
worktree validation
## Verification
- `pnpm vitest run
server/src/__tests__/sidebar-preferences-routes.test.ts
ui/src/pages/Inbox.test.tsx
ui/src/components/ProjectWorkspaceSummaryCard.test.tsx
ui/src/components/WorkspaceRuntimeControls.test.tsx
ui/src/api/workspace-runtime-control.test.ts`
- `server/src/__tests__/workspace-runtime.test.ts` was attempted, but
the embedded Postgres suite self-skipped/hung on this host after
reporting an init-script issue, so it is not counted as a local pass
here
## Risks
- Medium: this branch includes migration-backed preference storage plus
worktree/runtime behavior, so merge review should pay attention to state
persistence and worktree recovery semantics
- The sidebar preference migration is standalone, but it should still be
watched for conflicts if another migration lands first
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 12:57:11 -05:00
|
|
|
import { sidebarPreferenceRoutes } from "./routes/sidebar-preferences.js";
|
2026-04-07 18:26:34 -05:00
|
|
|
import { inboxDismissalRoutes } from "./routes/inbox-dismissals.js";
|
2026-03-17 09:24:28 -05:00
|
|
|
import { instanceSettingsRoutes } from "./routes/instance-settings.js";
|
Implement agent hiring, approval workflows, config revisions, LLM reflection, and sidebar badges
Agent management: hire endpoint with permission gates and pending_approval status,
config revision tracking with rollback, agent duplicate route, permission CRUD.
Block pending_approval agents from auth, heartbeat, and assignments.
Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval
linking, auto-wake agents on approval decisions with context snapshot.
Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent
list endpoint.
Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt
reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS,
PAPERCLIP_LINKED_ISSUE_IDS into adapter environments.
Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company
settings extensions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:02:41 -06:00
|
|
|
import { llmRoutes } from "./routes/llms.js";
|
Add MarkdownEditor component, asset image upload, and rich description editing
Introduce MarkdownEditor built on @mdxeditor/editor with headings,
lists, links, quotes, image upload with drag-and-drop, and themed CSS
integration. Add asset image upload API (routes, service, storage) and
wire image upload into InlineEditor multiline mode, NewIssueDialog,
NewProjectDialog, GoalDetail, IssueDetail, and ProjectDetail
description fields. Tighten prompt template editor styling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 12:50:45 -06:00
|
|
|
import { assetRoutes } from "./routes/assets.js";
|
2026-02-23 14:40:32 -06:00
|
|
|
import { accessRoutes } from "./routes/access.js";
|
2026-03-13 16:22:34 -05:00
|
|
|
import { pluginRoutes } from "./routes/plugins.js";
|
2026-03-31 20:21:13 +01:00
|
|
|
import { adapterRoutes } from "./routes/adapters.js";
|
2026-03-13 16:22:34 -05:00
|
|
|
import { pluginUiStaticRoutes } from "./routes/plugin-ui-static.js";
|
2026-03-10 16:15:11 -05:00
|
|
|
import { applyUiBranding } from "./ui-branding.js";
|
2026-03-13 16:22:34 -05:00
|
|
|
import { logger } from "./middleware/logger.js";
|
|
|
|
|
import { DEFAULT_LOCAL_PLUGIN_DIR, pluginLoader } from "./services/plugin-loader.js";
|
|
|
|
|
import { createPluginWorkerManager } from "./services/plugin-worker-manager.js";
|
|
|
|
|
import { createPluginJobScheduler } from "./services/plugin-job-scheduler.js";
|
|
|
|
|
import { pluginJobStore } from "./services/plugin-job-store.js";
|
|
|
|
|
import { createPluginToolDispatcher } from "./services/plugin-tool-dispatcher.js";
|
|
|
|
|
import { pluginLifecycleManager } from "./services/plugin-lifecycle.js";
|
|
|
|
|
import { createPluginJobCoordinator } from "./services/plugin-job-coordinator.js";
|
|
|
|
|
import { buildHostServices, flushPluginLogBuffer } from "./services/plugin-host-services.js";
|
|
|
|
|
import { createPluginEventBus } from "./services/plugin-event-bus.js";
|
2026-03-14 13:44:26 -07:00
|
|
|
import { setPluginEventBus } from "./services/activity-log.js";
|
2026-03-13 16:22:34 -05:00
|
|
|
import { createPluginDevWatcher } from "./services/plugin-dev-watcher.js";
|
|
|
|
|
import { createPluginHostServiceCleanup } from "./services/plugin-host-service-cleanup.js";
|
|
|
|
|
import { pluginRegistryService } from "./services/plugin-registry.js";
|
|
|
|
|
import { createHostClientHandlers } from "@paperclipai/plugin-sdk";
|
2026-02-23 14:40:32 -06:00
|
|
|
import type { BetterAuthSessionResult } from "./auth/better-auth.js";
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
import { createCachedViteHtmlRenderer } from "./vite-html-renderer.js";
|
2026-02-16 13:31:58 -06:00
|
|
|
|
2026-02-18 11:45:43 -06:00
|
|
|
type UiMode = "none" | "static" | "vite-dev";
|
2026-04-02 09:11:49 -05:00
|
|
|
const FEEDBACK_EXPORT_FLUSH_INTERVAL_MS = 5_000;
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
const VITE_DEV_ASSET_PREFIXES = [
|
|
|
|
|
"/@fs/",
|
|
|
|
|
"/@id/",
|
|
|
|
|
"/@react-refresh",
|
|
|
|
|
"/@vite/",
|
|
|
|
|
"/assets/",
|
|
|
|
|
"/node_modules/",
|
|
|
|
|
"/src/",
|
|
|
|
|
];
|
|
|
|
|
const VITE_DEV_STATIC_PATHS = new Set([
|
|
|
|
|
"/apple-touch-icon.png",
|
|
|
|
|
"/favicon-16x16.png",
|
|
|
|
|
"/favicon-32x32.png",
|
|
|
|
|
"/favicon.ico",
|
|
|
|
|
"/favicon.svg",
|
|
|
|
|
"/site.webmanifest",
|
|
|
|
|
]);
|
2026-02-18 11:45:43 -06:00
|
|
|
|
2026-03-14 09:35:35 -05:00
|
|
|
export function resolveViteHmrPort(serverPort: number): number {
|
|
|
|
|
if (serverPort <= 55_535) {
|
|
|
|
|
return serverPort + 10_000;
|
|
|
|
|
}
|
|
|
|
|
return Math.max(1_024, serverPort - 10_000);
|
|
|
|
|
}
|
|
|
|
|
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
function shouldServeViteDevHtml(req: ExpressRequest): boolean {
|
|
|
|
|
const pathname = req.path;
|
|
|
|
|
if (VITE_DEV_STATIC_PATHS.has(pathname)) return false;
|
|
|
|
|
if (VITE_DEV_ASSET_PREFIXES.some((prefix) => pathname.startsWith(prefix))) return false;
|
|
|
|
|
return req.accepts(["html"]) === "html";
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-23 14:40:32 -06:00
|
|
|
export async function createApp(
|
|
|
|
|
db: Db,
|
|
|
|
|
opts: {
|
|
|
|
|
uiMode: UiMode;
|
2026-03-10 10:08:58 -05:00
|
|
|
serverPort: number;
|
2026-02-23 14:40:32 -06:00
|
|
|
storageService: StorageService;
|
2026-04-02 09:11:49 -05:00
|
|
|
feedbackExportService?: {
|
|
|
|
|
flushPendingFeedbackTraces(input?: {
|
|
|
|
|
companyId?: string;
|
2026-04-03 15:59:42 -05:00
|
|
|
traceId?: string;
|
2026-04-02 09:11:49 -05:00
|
|
|
limit?: number;
|
|
|
|
|
now?: Date;
|
|
|
|
|
}): Promise<unknown>;
|
|
|
|
|
};
|
2026-02-23 14:40:32 -06:00
|
|
|
deploymentMode: DeploymentMode;
|
|
|
|
|
deploymentExposure: DeploymentExposure;
|
2026-02-23 19:43:52 -06:00
|
|
|
allowedHostnames: string[];
|
|
|
|
|
bindHost: string;
|
2026-02-23 14:40:32 -06:00
|
|
|
authReady: boolean;
|
2026-03-02 16:43:59 -06:00
|
|
|
companyDeletionEnabled: boolean;
|
2026-03-13 16:22:34 -05:00
|
|
|
instanceId?: string;
|
|
|
|
|
hostVersion?: string;
|
|
|
|
|
localPluginDir?: string;
|
2026-02-23 14:40:32 -06:00
|
|
|
betterAuthHandler?: express.RequestHandler;
|
|
|
|
|
resolveSession?: (req: ExpressRequest) => Promise<BetterAuthSessionResult | null>;
|
|
|
|
|
},
|
|
|
|
|
) {
|
2026-02-16 13:31:58 -06:00
|
|
|
const app = express();
|
|
|
|
|
|
2026-03-13 16:22:34 -05:00
|
|
|
app.use(express.json({
|
2026-03-23 15:47:25 -05:00
|
|
|
// Company import/export payloads can inline full portable packages.
|
|
|
|
|
limit: "10mb",
|
2026-03-13 16:22:34 -05:00
|
|
|
verify: (req, _res, buf) => {
|
|
|
|
|
(req as unknown as { rawBody: Buffer }).rawBody = buf;
|
|
|
|
|
},
|
|
|
|
|
}));
|
2026-02-16 13:31:58 -06:00
|
|
|
app.use(httpLogger);
|
2026-02-23 19:43:52 -06:00
|
|
|
const privateHostnameGateEnabled =
|
|
|
|
|
opts.deploymentMode === "authenticated" && opts.deploymentExposure === "private";
|
|
|
|
|
const privateHostnameAllowSet = resolvePrivateHostnameAllowSet({
|
|
|
|
|
allowedHostnames: opts.allowedHostnames,
|
|
|
|
|
bindHost: opts.bindHost,
|
|
|
|
|
});
|
|
|
|
|
app.use(
|
|
|
|
|
privateHostnameGuard({
|
|
|
|
|
enabled: privateHostnameGateEnabled,
|
|
|
|
|
allowedHostnames: opts.allowedHostnames,
|
|
|
|
|
bindHost: opts.bindHost,
|
|
|
|
|
}),
|
|
|
|
|
);
|
2026-02-23 14:40:32 -06:00
|
|
|
app.use(
|
|
|
|
|
actorMiddleware(db, {
|
|
|
|
|
deploymentMode: opts.deploymentMode,
|
|
|
|
|
resolveSession: opts.resolveSession,
|
|
|
|
|
}),
|
|
|
|
|
);
|
2026-03-02 17:02:01 -06:00
|
|
|
app.get("/api/auth/get-session", (req, res) => {
|
|
|
|
|
if (req.actor.type !== "board" || !req.actor.userId) {
|
|
|
|
|
res.status(401).json({ error: "Unauthorized" });
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
res.json({
|
|
|
|
|
session: {
|
|
|
|
|
id: `paperclip:${req.actor.source}:${req.actor.userId}`,
|
|
|
|
|
userId: req.actor.userId,
|
|
|
|
|
},
|
|
|
|
|
user: {
|
|
|
|
|
id: req.actor.userId,
|
|
|
|
|
email: null,
|
|
|
|
|
name: req.actor.source === "local_implicit" ? "Local Board" : null,
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
2026-02-23 14:40:32 -06:00
|
|
|
if (opts.betterAuthHandler) {
|
2026-04-06 15:00:39 +01:00
|
|
|
app.all("/api/auth/{*authPath}", opts.betterAuthHandler);
|
2026-02-23 14:40:32 -06:00
|
|
|
}
|
Implement agent hiring, approval workflows, config revisions, LLM reflection, and sidebar badges
Agent management: hire endpoint with permission gates and pending_approval status,
config revision tracking with rollback, agent duplicate route, permission CRUD.
Block pending_approval agents from auth, heartbeat, and assignments.
Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval
linking, auto-wake agents on approval decisions with context snapshot.
Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent
list endpoint.
Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt
reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS,
PAPERCLIP_LINKED_ISSUE_IDS into adapter environments.
Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company
settings extensions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:02:41 -06:00
|
|
|
app.use(llmRoutes(db));
|
2026-02-16 13:31:58 -06:00
|
|
|
|
|
|
|
|
// Mount API routes
|
|
|
|
|
const api = Router();
|
2026-02-20 15:48:30 -06:00
|
|
|
api.use(boardMutationGuard());
|
2026-02-23 14:40:32 -06:00
|
|
|
api.use(
|
|
|
|
|
"/health",
|
|
|
|
|
healthRoutes(db, {
|
|
|
|
|
deploymentMode: opts.deploymentMode,
|
|
|
|
|
deploymentExposure: opts.deploymentExposure,
|
|
|
|
|
authReady: opts.authReady,
|
2026-03-02 16:43:59 -06:00
|
|
|
companyDeletionEnabled: opts.companyDeletionEnabled,
|
2026-02-23 14:40:32 -06:00
|
|
|
}),
|
|
|
|
|
);
|
2026-03-19 07:24:04 -05:00
|
|
|
api.use("/companies", companyRoutes(db, opts.storageService));
|
2026-03-14 10:55:04 -05:00
|
|
|
api.use(companySkillRoutes(db));
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
api.use(agentRoutes(db));
|
Add MarkdownEditor component, asset image upload, and rich description editing
Introduce MarkdownEditor built on @mdxeditor/editor with headings,
lists, links, quotes, image upload with drag-and-drop, and themed CSS
integration. Add asset image upload API (routes, service, storage) and
wire image upload into InlineEditor multiline mode, NewIssueDialog,
NewProjectDialog, GoalDetail, IssueDetail, and ProjectDetail
description fields. Tighten prompt template editor styling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 12:50:45 -06:00
|
|
|
api.use(assetRoutes(db, opts.storageService));
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
api.use(projectRoutes(db));
|
2026-04-03 15:59:42 -05:00
|
|
|
api.use(issueRoutes(db, opts.storageService, {
|
|
|
|
|
feedbackExportService: opts.feedbackExportService,
|
|
|
|
|
}));
|
2026-03-19 08:39:24 -05:00
|
|
|
api.use(routineRoutes(db));
|
2026-03-13 17:12:25 -05:00
|
|
|
api.use(executionWorkspaceRoutes(db));
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
api.use(goalRoutes(db));
|
|
|
|
|
api.use(approvalRoutes(db));
|
2026-02-19 15:43:52 -06:00
|
|
|
api.use(secretRoutes(db));
|
Add server routes for companies, approvals, costs, and dashboard
New routes: companies, approvals, costs, dashboard, authz. New
services: companies, approvals, costs, dashboard, heartbeat,
activity-log. Add auth middleware and structured error handling.
Expand existing agent and issue routes with richer CRUD operations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
|
|
|
api.use(costRoutes(db));
|
|
|
|
|
api.use(activityRoutes(db));
|
|
|
|
|
api.use(dashboardRoutes(db));
|
Implement agent hiring, approval workflows, config revisions, LLM reflection, and sidebar badges
Agent management: hire endpoint with permission gates and pending_approval status,
config revision tracking with rollback, agent duplicate route, permission CRUD.
Block pending_approval agents from auth, heartbeat, and assignments.
Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval
linking, auto-wake agents on approval decisions with context snapshot.
Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent
list endpoint.
Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt
reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS,
PAPERCLIP_LINKED_ISSUE_IDS into adapter environments.
Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company
settings extensions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:02:41 -06:00
|
|
|
api.use(sidebarBadgeRoutes(db));
|
[codex] Improve workspace runtime and navigation ergonomics (#3680)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - That operator experience depends not just on issue chat, but also on
how workspaces, inbox groups, and navigation state behave over
long-running sessions
> - The current branch included a separate cluster of workspace-runtime
controls, inbox grouping, sidebar ordering, and worktree lifecycle fixes
> - Those changes cross server, shared contracts, database state, and UI
navigation, but they still form one coherent operator workflow area
> - This pull request isolates the workspace/runtime and navigation
ergonomics work into one standalone branch
> - The benefit is better workspace recovery and navigation persistence
without forcing reviewers through the unrelated issue-detail/chat work
## What Changed
- Improved execution workspace and project workspace controls, request
wiring, layout, and JSON editor ergonomics
- Hardened linked worktree reuse/startup behavior and documented the
`worktree repair` flow for recovering linked worktrees safely
- Added inbox workspace grouping, mobile collapse, archive undo,
keyboard navigation, shared group-header styling, and persisted
collapsed-group behavior
- Added persistent sidebar order preferences with the supporting DB
migration, shared/server contracts, routes, services, hooks, and UI
integration
- Scoped issue-list preferences by context and added targeted UI/server
tests for workspace controls, inbox behavior, sidebar preferences, and
worktree validation
## Verification
- `pnpm vitest run
server/src/__tests__/sidebar-preferences-routes.test.ts
ui/src/pages/Inbox.test.tsx
ui/src/components/ProjectWorkspaceSummaryCard.test.tsx
ui/src/components/WorkspaceRuntimeControls.test.tsx
ui/src/api/workspace-runtime-control.test.ts`
- `server/src/__tests__/workspace-runtime.test.ts` was attempted, but
the embedded Postgres suite self-skipped/hung on this host after
reporting an init-script issue, so it is not counted as a local pass
here
## Risks
- Medium: this branch includes migration-backed preference storage plus
worktree/runtime behavior, so merge review should pay attention to state
persistence and worktree recovery semantics
- The sidebar preference migration is standalone, but it should still be
watched for conflicts if another migration lands first
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 12:57:11 -05:00
|
|
|
api.use(sidebarPreferenceRoutes(db));
|
2026-04-07 18:26:34 -05:00
|
|
|
api.use(inboxDismissalRoutes(db));
|
2026-03-17 09:24:28 -05:00
|
|
|
api.use(instanceSettingsRoutes(db));
|
2026-03-13 16:22:34 -05:00
|
|
|
const hostServicesDisposers = new Map<string, () => void>();
|
|
|
|
|
const workerManager = createPluginWorkerManager();
|
|
|
|
|
const pluginRegistry = pluginRegistryService(db);
|
2026-03-13 16:58:29 -05:00
|
|
|
const eventBus = createPluginEventBus();
|
2026-03-14 13:44:26 -07:00
|
|
|
setPluginEventBus(eventBus);
|
2026-03-13 16:22:34 -05:00
|
|
|
const jobStore = pluginJobStore(db);
|
|
|
|
|
const lifecycle = pluginLifecycleManager(db, { workerManager });
|
|
|
|
|
const scheduler = createPluginJobScheduler({
|
|
|
|
|
db,
|
|
|
|
|
jobStore,
|
|
|
|
|
workerManager,
|
|
|
|
|
});
|
|
|
|
|
const toolDispatcher = createPluginToolDispatcher({
|
|
|
|
|
workerManager,
|
|
|
|
|
lifecycleManager: lifecycle,
|
|
|
|
|
db,
|
|
|
|
|
});
|
|
|
|
|
const jobCoordinator = createPluginJobCoordinator({
|
|
|
|
|
db,
|
|
|
|
|
lifecycle,
|
|
|
|
|
scheduler,
|
|
|
|
|
jobStore,
|
|
|
|
|
});
|
|
|
|
|
const hostServiceCleanup = createPluginHostServiceCleanup(lifecycle, hostServicesDisposers);
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
let viteHtmlRenderer: ReturnType<typeof createCachedViteHtmlRenderer> | null = null;
|
2026-03-13 16:22:34 -05:00
|
|
|
const loader = pluginLoader(
|
|
|
|
|
db,
|
|
|
|
|
{ localPluginDir: opts.localPluginDir ?? DEFAULT_LOCAL_PLUGIN_DIR },
|
|
|
|
|
{
|
|
|
|
|
workerManager,
|
|
|
|
|
eventBus,
|
|
|
|
|
jobScheduler: scheduler,
|
|
|
|
|
jobStore,
|
|
|
|
|
toolDispatcher,
|
|
|
|
|
lifecycleManager: lifecycle,
|
|
|
|
|
instanceInfo: {
|
|
|
|
|
instanceId: opts.instanceId ?? "default",
|
|
|
|
|
hostVersion: opts.hostVersion ?? "0.0.0",
|
|
|
|
|
},
|
|
|
|
|
buildHostHandlers: (pluginId, manifest) => {
|
|
|
|
|
const notifyWorker = (method: string, params: unknown) => {
|
|
|
|
|
const handle = workerManager.getWorker(pluginId);
|
|
|
|
|
if (handle) handle.notify(method, params);
|
|
|
|
|
};
|
|
|
|
|
const services = buildHostServices(db, pluginId, manifest.id, eventBus, notifyWorker);
|
|
|
|
|
hostServicesDisposers.set(pluginId, () => services.dispose());
|
|
|
|
|
return createHostClientHandlers({
|
|
|
|
|
pluginId,
|
|
|
|
|
capabilities: manifest.capabilities,
|
|
|
|
|
services,
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
api.use(
|
|
|
|
|
pluginRoutes(
|
|
|
|
|
db,
|
|
|
|
|
loader,
|
|
|
|
|
{ scheduler, jobStore },
|
|
|
|
|
{ workerManager },
|
|
|
|
|
{ toolDispatcher },
|
|
|
|
|
{ workerManager },
|
|
|
|
|
),
|
|
|
|
|
);
|
2026-03-31 20:21:13 +01:00
|
|
|
api.use(adapterRoutes());
|
2026-03-02 16:43:59 -06:00
|
|
|
api.use(
|
|
|
|
|
accessRoutes(db, {
|
|
|
|
|
deploymentMode: opts.deploymentMode,
|
|
|
|
|
deploymentExposure: opts.deploymentExposure,
|
|
|
|
|
bindHost: opts.bindHost,
|
|
|
|
|
allowedHostnames: opts.allowedHostnames,
|
|
|
|
|
}),
|
|
|
|
|
);
|
2026-02-16 13:31:58 -06:00
|
|
|
app.use("/api", api);
|
2026-03-07 15:15:51 -06:00
|
|
|
app.use("/api", (_req, res) => {
|
|
|
|
|
res.status(404).json({ error: "API route not found" });
|
|
|
|
|
});
|
2026-03-13 16:22:34 -05:00
|
|
|
app.use(pluginUiStaticRoutes(db, {
|
|
|
|
|
localPluginDir: opts.localPluginDir ?? DEFAULT_LOCAL_PLUGIN_DIR,
|
|
|
|
|
}));
|
2026-02-16 13:31:58 -06:00
|
|
|
|
2026-02-18 11:45:43 -06:00
|
|
|
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
|
|
|
if (opts.uiMode === "static") {
|
2026-03-03 15:45:45 -06:00
|
|
|
// Try published location first (server/ui-dist/), then monorepo dev location (../../ui/dist)
|
|
|
|
|
const candidates = [
|
|
|
|
|
path.resolve(__dirname, "../ui-dist"),
|
|
|
|
|
path.resolve(__dirname, "../../ui/dist"),
|
|
|
|
|
];
|
|
|
|
|
const uiDist = candidates.find((p) => fs.existsSync(path.join(p, "index.html")));
|
|
|
|
|
if (uiDist) {
|
2026-03-10 16:15:11 -05:00
|
|
|
const indexHtml = applyUiBranding(fs.readFileSync(path.join(uiDist, "index.html"), "utf-8"));
|
2026-03-03 15:45:45 -06:00
|
|
|
app.use(express.static(uiDist));
|
|
|
|
|
app.get(/.*/, (_req, res) => {
|
2026-03-07 16:20:19 -08:00
|
|
|
res.status(200).set("Content-Type", "text/html").end(indexHtml);
|
2026-03-03 15:45:45 -06:00
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
console.warn("[paperclip] UI dist not found; running in API-only mode");
|
|
|
|
|
}
|
2026-02-16 13:31:58 -06:00
|
|
|
}
|
|
|
|
|
|
2026-02-18 11:45:43 -06:00
|
|
|
if (opts.uiMode === "vite-dev") {
|
|
|
|
|
const uiRoot = path.resolve(__dirname, "../../ui");
|
2026-03-14 09:35:35 -05:00
|
|
|
const hmrPort = resolveViteHmrPort(opts.serverPort);
|
2026-02-18 11:45:43 -06:00
|
|
|
const { createServer: createViteServer } = await import("vite");
|
|
|
|
|
const vite = await createViteServer({
|
|
|
|
|
root: uiRoot,
|
2026-03-16 08:08:38 -05:00
|
|
|
appType: "custom",
|
2026-02-18 11:45:43 -06:00
|
|
|
server: {
|
|
|
|
|
middlewareMode: true,
|
2026-03-10 10:08:58 -05:00
|
|
|
hmr: {
|
|
|
|
|
host: opts.bindHost,
|
|
|
|
|
port: hmrPort,
|
|
|
|
|
clientPort: hmrPort,
|
|
|
|
|
},
|
2026-02-23 19:43:52 -06:00
|
|
|
allowedHosts: privateHostnameGateEnabled ? Array.from(privateHostnameAllowSet) : undefined,
|
2026-02-18 11:45:43 -06:00
|
|
|
},
|
|
|
|
|
});
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
viteHtmlRenderer = createCachedViteHtmlRenderer({
|
|
|
|
|
vite,
|
|
|
|
|
uiRoot,
|
|
|
|
|
brandHtml: applyUiBranding,
|
|
|
|
|
});
|
|
|
|
|
const renderViteHtml = viteHtmlRenderer;
|
2026-02-18 11:45:43 -06:00
|
|
|
|
|
|
|
|
app.get(/.*/, async (req, res, next) => {
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
if (!shouldServeViteDevHtml(req)) {
|
|
|
|
|
next();
|
|
|
|
|
return;
|
|
|
|
|
}
|
2026-02-18 11:45:43 -06:00
|
|
|
try {
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
const html = await renderViteHtml.render(req.originalUrl);
|
2026-02-18 11:45:43 -06:00
|
|
|
res.status(200).set({ "Content-Type": "text/html" }).end(html);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
next(err);
|
|
|
|
|
}
|
|
|
|
|
});
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
app.use(vite.middlewares);
|
2026-02-18 11:45:43 -06:00
|
|
|
}
|
|
|
|
|
|
2026-02-16 13:31:58 -06:00
|
|
|
app.use(errorHandler);
|
|
|
|
|
|
2026-03-13 16:22:34 -05:00
|
|
|
jobCoordinator.start();
|
|
|
|
|
scheduler.start();
|
2026-04-02 09:11:49 -05:00
|
|
|
const feedbackExportTimer = opts.feedbackExportService
|
|
|
|
|
? setInterval(() => {
|
|
|
|
|
void opts.feedbackExportService?.flushPendingFeedbackTraces().catch((err) => {
|
|
|
|
|
logger.error({ err }, "Failed to flush pending feedback exports");
|
|
|
|
|
});
|
|
|
|
|
}, FEEDBACK_EXPORT_FLUSH_INTERVAL_MS)
|
|
|
|
|
: null;
|
|
|
|
|
feedbackExportTimer?.unref?.();
|
|
|
|
|
if (opts.feedbackExportService) {
|
|
|
|
|
void opts.feedbackExportService.flushPendingFeedbackTraces().catch((err) => {
|
|
|
|
|
logger.error({ err }, "Failed to flush pending feedback exports");
|
|
|
|
|
});
|
|
|
|
|
}
|
2026-03-13 16:22:34 -05:00
|
|
|
void toolDispatcher.initialize().catch((err) => {
|
|
|
|
|
logger.error({ err }, "Failed to initialize plugin tool dispatcher");
|
|
|
|
|
});
|
2026-03-14 12:07:04 -05:00
|
|
|
const devWatcher = opts.uiMode === "vite-dev"
|
|
|
|
|
? createPluginDevWatcher(
|
|
|
|
|
lifecycle,
|
|
|
|
|
async (pluginId) => (await pluginRegistry.getById(pluginId))?.packagePath ?? null,
|
|
|
|
|
)
|
|
|
|
|
: null;
|
2026-03-13 16:22:34 -05:00
|
|
|
void loader.loadAll().then((result) => {
|
|
|
|
|
if (!result) return;
|
|
|
|
|
for (const loaded of result.results) {
|
2026-03-14 12:07:04 -05:00
|
|
|
if (devWatcher && loaded.success && loaded.plugin.packagePath) {
|
2026-03-13 16:22:34 -05:00
|
|
|
devWatcher.watch(loaded.plugin.id, loaded.plugin.packagePath);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}).catch((err) => {
|
|
|
|
|
logger.error({ err }, "Failed to load ready plugins on startup");
|
|
|
|
|
});
|
|
|
|
|
process.once("exit", () => {
|
2026-04-02 09:11:49 -05:00
|
|
|
if (feedbackExportTimer) clearInterval(feedbackExportTimer);
|
2026-03-14 12:07:04 -05:00
|
|
|
devWatcher?.close();
|
[codex] Harden execution reliability and heartbeat tooling (#3679)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Reliable execution depends on heartbeat routing, issue lifecycle
semantics, telemetry, and a fast enough local verification loop to keep
regressions visible
> - The remaining commits on this branch were mostly server/runtime
correctness fixes plus test and documentation follow-ups in that area
> - Those changes are logically separate from the UI-focused
issue-detail and workspace/navigation branches even when they touch
overlapping issue APIs
> - This pull request groups the execution reliability, heartbeat,
telemetry, and tooling changes into one standalone branch
> - The benefit is a focused review of the control-plane correctness
work, including the follow-up fix that restored the implicit
comment-reopen helpers after branch splitting
## What Changed
- Hardened issue/heartbeat execution behavior, including self-review
stage skipping, deferred mention wakes during active execution, stranded
execution recovery, active-run scoping, assignee resolution, and
blocked-to-todo wake resumption
- Reduced noisy polling/logging overhead by trimming issue run payloads,
compacting persisted run logs, silencing high-volume request logs, and
capping heartbeat-run queries in dashboard/inbox surfaces
- Expanded telemetry and status semantics with adapter/model fields on
task completion plus clearer status guidance in docs/onboarding material
- Updated test infrastructure and verification defaults with faster
route-test module isolation, cheaper default `pnpm test`, e2e isolation
from local state, and repo verification follow-ups
- Included docs/release housekeeping from the branch and added a small
follow-up commit restoring the implicit comment-reopen helpers that were
dropped during branch reconstruction
## Verification
- `pnpm vitest run
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/issue-telemetry-routes.test.ts`
- `pnpm vitest run server/src/__tests__/http-log-policy.test.ts
server/src/__tests__/heartbeat-run-log.test.ts
server/src/__tests__/health.test.ts`
- `server/src/__tests__/activity-service.test.ts`,
`server/src/__tests__/heartbeat-comment-wake-batching.test.ts`, and
`server/src/__tests__/heartbeat-process-recovery.test.ts` were attempted
on this host but the embedded Postgres harness reported
init-script/data-dir problems and skipped or failed to start, so they
are noted as environment-limited
## Risks
- Medium: this branch changes core issue/heartbeat routing and
reopen/wakeup behavior, so regressions would affect agent execution flow
rather than isolated UI polish
- Because it also updates verification infrastructure, reviewers should
pay attention to whether the new tests are asserting the right failure
modes and not just reshaping harness behavior
## Model Used
- OpenAI Codex coding agent (GPT-5-class runtime in Codex CLI; exact
deployed model ID is not exposed in this environment), reasoning
enabled, tool use and local code execution enabled
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-14 13:34:52 -05:00
|
|
|
viteHtmlRenderer?.dispose();
|
2026-03-13 16:22:34 -05:00
|
|
|
hostServiceCleanup.disposeAll();
|
|
|
|
|
hostServiceCleanup.teardown();
|
|
|
|
|
});
|
|
|
|
|
process.once("beforeExit", () => {
|
|
|
|
|
void flushPluginLogBuffer();
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-16 13:31:58 -06:00
|
|
|
return app;
|
|
|
|
|
}
|