ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-17 03:10:38 +09:00
Code Issues Projects Releases Packages Wiki Activity
paperclip/server/src/services/companies.ts

323 lines
12 KiB
TypeScript
Raw Normal View History

Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
import { and, count, eq, gte, inArray, lt, sql } from "drizzle-orm";
refactor: rename packages to @paperclipai and CLI binary to paperclipai Rename all workspace packages from @paperclip/* to @paperclipai/* and the CLI binary from `paperclip` to `paperclipai` in preparation for npm publishing. Bump CLI version to 0.1.0 and add package metadata (description, keywords, license, repository, files). Update all imports, documentation, user-facing messages, and tests accordingly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 08:45:26 -06:00
import type { Db } from "@paperclipai/db";
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
import {
companies,
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
companyLogos,
assets,
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
agents,
agentApiKeys,
agentRuntimeState,
Implement task-scoped sessions, queued run chaining, and session reset API Heartbeat service now resolves session state per-task using agentTaskSessions, with resolveNextSessionState handling codec-based serialization and fallback to legacy sessionId. Queued runs are chained — when a run finishes or is reaped, the next queued run for the same agent starts automatically. Queued runs for an agent with an already-running run wait instead of failing. Add task-sessions list endpoint and extend reset-session to accept optional taskKey for targeted session clearing. Block pending_approval agents from API key auth. Update agent/company delete cascades to include task sessions. Update spec docs with task-session architecture. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 14:02:17 -06:00
agentTaskSessions,
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
agentWakeupRequests,
issues,
issueComments,
projects,
goals,
heartbeatRuns,
heartbeatRunEvents,
costEvents,
feat(costs): add billing, quota, and budget control plane
2026-03-14 22:00:12 -05:00
financeEvents,
Stabilize onboarding e2e cleanup paths
2026-04-07 18:20:35 -05:00
issueReadStates,
Implement agent hiring, approval workflows, config revisions, LLM reflection, and sidebar badges Agent management: hire endpoint with permission gates and pending_approval status, config revision tracking with rollback, agent duplicate route, permission CRUD. Block pending_approval agents from auth, heartbeat, and assignments. Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval linking, auto-wake agents on approval decisions with context snapshot. Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent list endpoint. Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS, PAPERCLIP_LINKED_ISSUE_IDS into adapter environments. Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company settings extensions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:02:41 -06:00
approvalComments,
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
approvals,
activityLog,
Implement secrets service with local encryption, redaction, and runtime resolution Add AES-256-GCM local encrypted secrets provider with auto-generated master key, stub providers for AWS/GCP/Vault, and a secrets service that normalizes adapter configs (converting sensitive inline values to secret refs in strict mode) and resolves secret refs back to plain values at runtime. Extract redaction utilities from agent routes into shared module. Redact sensitive values in activity logs, config revisions, and approval payloads. Block rollback of revisions containing redacted secrets. Filter hidden issues from list queries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 15:43:52 -06:00
companySecrets,
feat(server): integrate Better Auth, access control, and deployment mode startup Wire up Better Auth for session-based authentication. Add actor middleware that resolves local_trusted mode to an implicit board actor and authenticated mode to Better Auth sessions. Add access service with membership, permission, invite, and join-request management. Register access routes for member/invite/ join-request CRUD. Update health endpoint to report deployment mode and bootstrap status. Enforce tasks:assign and agents:create permissions in issue and agent routes. Add deployment mode validation at startup with guardrails (loopback-only for local_trusted, auth config required for authenticated). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 14:40:32 -06:00
joinRequests,
invites,
principalPermissionGrants,
companyMemberships,
Stabilize onboarding e2e cleanup paths
2026-04-07 18:20:35 -05:00
companySkills,
[codex] Improve transient recovery and Codex model refresh (#4383) ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Adapter execution and retry classification decide whether agent work pauses, retries, or recovers automatically > - Transient provider failures need to be classified precisely so Paperclip does not convert retryable upstream conditions into false hard failures > - At the same time, operators need an up-to-date model list for Codex-backed agents and prompts should nudge agents toward targeted verification instead of repo-wide sweeps > - This pull request tightens transient recovery classification for Claude and Codex, updates the agent prompt guidance, and adds Codex model refresh support end-to-end > - The benefit is better automatic retry behavior plus fresher operator-facing model configuration ## What Changed - added Codex usage-limit retry-window parsing and Claude extra-usage transient classification - normalized the heartbeat transient-recovery contract across adapter executions and heartbeat scheduling - documented that deferred comment wakes only reopen completed issues for human/comment-reopen interactions, while system follow-ups leave closed work closed - updated adapter-utils prompt guidance to prefer targeted verification - added Codex model refresh support in the server route, registry, shared types, and agent config form - added adapter/server tests covering the new parsing, retry scheduling, and model-refresh behavior ## Verification - `pnpm exec vitest run --project @paperclipai/adapter-utils packages/adapter-utils/src/server-utils.test.ts` - `pnpm exec vitest run --project @paperclipai/adapter-claude-local packages/adapters/claude-local/src/server/parse.test.ts` - `pnpm exec vitest run --project @paperclipai/adapter-codex-local packages/adapters/codex-local/src/server/parse.test.ts` - `pnpm exec vitest run --project @paperclipai/server server/src/__tests__/adapter-model-refresh-routes.test.ts server/src/__tests__/adapter-models.test.ts server/src/__tests__/claude-local-execute.test.ts server/src/__tests__/codex-local-execute.test.ts server/src/__tests__/heartbeat-process-recovery.test.ts server/src/__tests__/heartbeat-retry-scheduling.test.ts` ## Risks - Moderate behavior risk: retry classification affects whether runs auto-recover or block, so mistakes here could either suppress needed retries or over-retry real failures - Low workflow risk: deferred comment wake reopening is intentionally scoped to human/comment-reopen interactions so system follow-ups do not revive completed issues unexpectedly > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex GPT-5-based coding agent with tool use and code execution in the Codex CLI environment ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [ ] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-24 09:40:40 -05:00
documents,
refactor: rename packages to @paperclipai and CLI binary to paperclipai Rename all workspace packages from @paperclip/* to @paperclipai/* and the CLI binary from `paperclip` to `paperclipai` in preparation for npm publishing. Bump CLI version to 0.1.0 and add package metadata (description, keywords, license, repository, files). Update all imports, documentation, user-facing messages, and tests accordingly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 08:45:26 -06:00
} from "@paperclipai/db";
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
import { notFound, unprocessable } from "../errors.js";
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
export function companyService(db: Db) {
feat(db): enforce globally unique issue prefixes and identifiers Derive issue_prefix from first 3 letters of company name with deterministic suffixes on collision. Migration rebuilds existing prefixes, reassigns issue numbers, and adds unique indexes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 16:08:10 -06:00
const ISSUE_PREFIX_FALLBACK = "CMP";
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
const companySelection = {
id: companies.id,
name: companies.name,
description: companies.description,
status: companies.status,
issuePrefix: companies.issuePrefix,
issueCounter: companies.issueCounter,
budgetMonthlyCents: companies.budgetMonthlyCents,
spentMonthlyCents: companies.spentMonthlyCents,
requireBoardApprovalForNewAgents: companies.requireBoardApprovalForNewAgents,
Add feedback voting and thumbs capture flow Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-02 09:11:49 -05:00
feedbackDataSharingEnabled: companies.feedbackDataSharingEnabled,
feedbackDataSharingConsentAt: companies.feedbackDataSharingConsentAt,
feedbackDataSharingConsentByUserId: companies.feedbackDataSharingConsentByUserId,
feedbackDataSharingTermsVersion: companies.feedbackDataSharingTermsVersion,
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
brandColor: companies.brandColor,
logoAssetId: companyLogos.assetId,
createdAt: companies.createdAt,
updatedAt: companies.updatedAt,
};
function enrichCompany<T extends { logoAssetId: string | null }>(company: T) {
return {
...company,
logoUrl: company.logoAssetId ? `/api/assets/${company.logoAssetId}/content` : null,
};
}
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
function currentUtcMonthWindow(now = new Date()) {
const year = now.getUTCFullYear();
const month = now.getUTCMonth();
return {
start: new Date(Date.UTC(year, month, 1, 0, 0, 0, 0)),
end: new Date(Date.UTC(year, month + 1, 1, 0, 0, 0, 0)),
};
}
async function getMonthlySpendByCompanyIds(
companyIds: string[],
database: Pick<Db, "select"> = db,
) {
if (companyIds.length === 0) return new Map<string, number>();
const { start, end } = currentUtcMonthWindow();
const rows = await database
Sync/master post pap1497 followups 2026 04 15 (#3779) ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - The board depends on issue, inbox, cost, and company-skill surfaces to stay accurate and fast while agents are actively working > - The PAP-1497 follow-up branch exposed a few rough edges in those surfaces: stale active-run state on completed issues, missing creator filters, oversized issue payload scans, and placeholder issue-route parsing > - Those gaps make the control plane harder to trust because operators can see misleading run state, miss the right subset of work, or pay extra query/render cost on large issue records > - This pull request tightens those follow-ups across server and UI code, and adds regression coverage for the affected paths > - The benefit is a more reliable issue workflow, safer high-volume cost aggregation, and clearer board/operator navigation ## What Changed - Added the `v2026.415.0` release changelog entry. - Fixed stale issue-run presentation after completion and reused the shared issue-path parser so literal route placeholders no longer become issue links. - Added creator filters to the Issues page and Inbox, including persisted filter-state normalization and regression coverage. - Bounded issue detail/list project-mention scans and trimmed large issue-list payload fields to keep issue reads lighter. - Hardened company-skill list projection and cost/finance aggregation so large markdown blobs and large summed values do not leak into list responses or overflow 32-bit casts. - Added targeted server/UI regression tests for company skills, costs/finance, issue mention scanning, creator filters, inbox normalization, and issue reference parsing. ## Verification - `pnpm exec vitest run server/src/__tests__/company-skills-service.test.ts server/src/__tests__/costs-service.test.ts server/src/__tests__/issues-goal-context-routes.test.ts server/src/__tests__/issues-service.test.ts ui/src/lib/inbox.test.ts ui/src/lib/issue-filters.test.ts ui/src/lib/issue-reference.test.ts` - `gh pr checks 3779` Current pass set on the PR head: `policy`, `verify`, `e2e`, `security/snyk (cryppadotta)`, `Greptile Review` ## Risks - Creator filter options are derived from the currently loaded issue/agent data, so very sparse result sets may not surface every historical creator until they appear in the active dataset. - Cost/finance aggregate casts now use `double precision`; that removes the current overflow risk, but future schema changes should keep large-value aggregation behavior under review. - Issue detail mention scanning now skips comment-body scans on the detail route, so any consumer that relied on comment-only project mentions there would need to fetch them separately. ## Model Used - OpenAI Codex, GPT-5-based coding agent with terminal tool use and local code execution in the Paperclip workspace. Exact internal model ID/context-window exposure is not surfaced in this session. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-15 21:13:56 -05:00
.select({
companyId: costEvents.companyId,
spentMonthlyCents: sql<number>`coalesce(sum(${costEvents.costCents}), 0)::double precision`,
})
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
.from(costEvents)
.where(
and(
inArray(costEvents.companyId, companyIds),
gte(costEvents.occurredAt, start),
lt(costEvents.occurredAt, end),
),
)
.groupBy(costEvents.companyId);
return new Map(rows.map((row) => [row.companyId, Number(row.spentMonthlyCents ?? 0)]));
}
async function hydrateCompanySpend<T extends { id: string; spentMonthlyCents: number }>(
rows: T[],
database: Pick<Db, "select"> = db,
) {
const spendByCompanyId = await getMonthlySpendByCompanyIds(rows.map((row) => row.id), database);
return rows.map((row) => ({
...row,
spentMonthlyCents: spendByCompanyId.get(row.id) ?? 0,
}));
}
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
function getCompanyQuery(database: Pick<Db, "select">) {
return database
.select(companySelection)
.from(companies)
.leftJoin(companyLogos, eq(companyLogos.companyId, companies.id));
}
feat(db): enforce globally unique issue prefixes and identifiers Derive issue_prefix from first 3 letters of company name with deterministic suffixes on collision. Migration rebuilds existing prefixes, reassigns issue numbers, and adds unique indexes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 16:08:10 -06:00
function deriveIssuePrefixBase(name: string) {
const normalized = name.toUpperCase().replace(/[^A-Z]/g, "");
return normalized.slice(0, 3) || ISSUE_PREFIX_FALLBACK;
}
function suffixForAttempt(attempt: number) {
if (attempt <= 1) return "";
return "A".repeat(attempt - 1);
}
function isIssuePrefixConflict(error: unknown) {
const constraint = typeof error === "object" && error !== null && "constraint" in error
? (error as { constraint?: string }).constraint
: typeof error === "object" && error !== null && "constraint_name" in error
? (error as { constraint_name?: string }).constraint_name
: undefined;
return typeof error === "object"
&& error !== null
&& "code" in error
&& (error as { code?: string }).code === "23505"
&& constraint === "companies_issue_prefix_idx";
}
async function createCompanyWithUniquePrefix(data: typeof companies.$inferInsert) {
const base = deriveIssuePrefixBase(data.name);
let suffix = 1;
while (suffix < 10000) {
const candidate = `${base}${suffixForAttempt(suffix)}`;
try {
const rows = await db
.insert(companies)
.values({ ...data, issuePrefix: candidate })
.returning();
return rows[0];
} catch (error) {
if (!isIssuePrefixConflict(error)) throw error;
}
suffix += 1;
}
throw new Error("Unable to allocate unique issue prefix");
}
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
return {
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
list: async () => {
const rows = await getCompanyQuery(db);
const hydrated = await hydrateCompanySpend(rows);
return hydrated.map((row) => enrichCompany(row));
},
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
getById: async (id: string) => {
const row = await getCompanyQuery(db)
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
.where(eq(companies.id, id))
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
.then((rows) => rows[0] ?? null);
if (!row) return null;
const [hydrated] = await hydrateCompanySpend([row], db);
return enrichCompany(hydrated);
},
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
create: async (data: typeof companies.$inferInsert) => {
const created = await createCompanyWithUniquePrefix(data);
const row = await getCompanyQuery(db)
.where(eq(companies.id, created.id))
.then((rows) => rows[0] ?? null);
if (!row) throw notFound("Company not found after creation");
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
const [hydrated] = await hydrateCompanySpend([row], db);
return enrichCompany(hydrated);
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
},
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
update: (
id: string,
data: Partial<typeof companies.$inferInsert> & { logoAssetId?: string | null },
) =>
db.transaction(async (tx) => {
const existing = await getCompanyQuery(tx)
.where(eq(companies.id, id))
.then((rows) => rows[0] ?? null);
if (!existing) return null;
const { logoAssetId, ...companyPatch } = data;
if (logoAssetId !== undefined && logoAssetId !== null) {
const nextLogoAsset = await tx
.select({ id: assets.id, companyId: assets.companyId })
.from(assets)
.where(eq(assets.id, logoAssetId))
.then((rows) => rows[0] ?? null);
if (!nextLogoAsset) throw notFound("Logo asset not found");
if (nextLogoAsset.companyId !== existing.id) {
throw unprocessable("Logo asset must belong to the same company");
}
}
const updated = await tx
.update(companies)
.set({ ...companyPatch, updatedAt: new Date() })
.where(eq(companies.id, id))
.returning()
.then((rows) => rows[0] ?? null);
if (!updated) return null;
if (logoAssetId === null) {
await tx.delete(companyLogos).where(eq(companyLogos.companyId, id));
} else if (logoAssetId !== undefined) {
await tx
.insert(companyLogos)
.values({
companyId: id,
assetId: logoAssetId,
})
.onConflictDoUpdate({
target: companyLogos.companyId,
set: {
assetId: logoAssetId,
updatedAt: new Date(),
},
});
}
if (logoAssetId !== undefined && existing.logoAssetId && existing.logoAssetId !== logoAssetId) {
await tx.delete(assets).where(eq(assets.id, existing.logoAssetId));
}
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
const [hydrated] = await hydrateCompanySpend([{
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
...updated,
logoAssetId: logoAssetId === undefined ? existing.logoAssetId : logoAssetId,
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
}], tx);
return enrichCompany(hydrated);
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
}),
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
archive: (id: string) =>
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
db.transaction(async (tx) => {
const updated = await tx
.update(companies)
.set({ status: "archived", updatedAt: new Date() })
.where(eq(companies.id, id))
.returning()
.then((rows) => rows[0] ?? null);
if (!updated) return null;
const row = await getCompanyQuery(tx)
.where(eq(companies.id, id))
.then((rows) => rows[0] ?? null);
Fix budget auth and monthly spend rollups
2026-03-16 15:41:48 -05:00
if (!row) return null;
const [hydrated] = await hydrateCompanySpend([row], tx);
return enrichCompany(hydrated);
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
}),
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
remove: (id: string) =>
db.transaction(async (tx) => {
// Delete from child tables in dependency order
await tx.delete(heartbeatRunEvents).where(eq(heartbeatRunEvents.companyId, id));
Implement task-scoped sessions, queued run chaining, and session reset API Heartbeat service now resolves session state per-task using agentTaskSessions, with resolveNextSessionState handling codec-based serialization and fallback to legacy sessionId. Queued runs are chained — when a run finishes or is reaped, the next queued run for the same agent starts automatically. Queued runs for an agent with an already-running run wait instead of failing. Add task-sessions list endpoint and extend reset-session to accept optional taskKey for targeted session clearing. Block pending_approval agents from API key auth. Update agent/company delete cascades to include task sessions. Update spec docs with task-session architecture. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 14:02:17 -06:00
await tx.delete(agentTaskSessions).where(eq(agentTaskSessions.companyId, id));
Stabilize onboarding e2e cleanup paths
2026-04-07 18:20:35 -05:00
await tx.delete(activityLog).where(eq(activityLog.companyId, id));
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
await tx.delete(heartbeatRuns).where(eq(heartbeatRuns.companyId, id));
await tx.delete(agentWakeupRequests).where(eq(agentWakeupRequests.companyId, id));
await tx.delete(agentApiKeys).where(eq(agentApiKeys.companyId, id));
await tx.delete(agentRuntimeState).where(eq(agentRuntimeState.companyId, id));
await tx.delete(issueComments).where(eq(issueComments.companyId, id));
await tx.delete(costEvents).where(eq(costEvents.companyId, id));
feat(costs): add billing, quota, and budget control plane
2026-03-14 22:00:12 -05:00
await tx.delete(financeEvents).where(eq(financeEvents.companyId, id));
Implement agent hiring, approval workflows, config revisions, LLM reflection, and sidebar badges Agent management: hire endpoint with permission gates and pending_approval status, config revision tracking with rollback, agent duplicate route, permission CRUD. Block pending_approval agents from auth, heartbeat, and assignments. Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval linking, auto-wake agents on approval decisions with context snapshot. Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent list endpoint. Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS, PAPERCLIP_LINKED_ISSUE_IDS into adapter environments. Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company settings extensions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:02:41 -06:00
await tx.delete(approvalComments).where(eq(approvalComments.companyId, id));
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
await tx.delete(approvals).where(eq(approvals.companyId, id));
Implement secrets service with local encryption, redaction, and runtime resolution Add AES-256-GCM local encrypted secrets provider with auto-generated master key, stub providers for AWS/GCP/Vault, and a secrets service that normalizes adapter configs (converting sensitive inline values to secret refs in strict mode) and resolves secret refs back to plain values at runtime. Extract redaction utilities from agent routes into shared module. Redact sensitive values in activity logs, config revisions, and approval payloads. Block rollback of revisions containing redacted secrets. Filter hidden issues from list queries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 15:43:52 -06:00
await tx.delete(companySecrets).where(eq(companySecrets.companyId, id));
feat(server): integrate Better Auth, access control, and deployment mode startup Wire up Better Auth for session-based authentication. Add actor middleware that resolves local_trusted mode to an implicit board actor and authenticated mode to Better Auth sessions. Add access service with membership, permission, invite, and join-request management. Register access routes for member/invite/ join-request CRUD. Update health endpoint to report deployment mode and bootstrap status. Enforce tasks:assign and agents:create permissions in issue and agent routes. Add deployment mode validation at startup with guardrails (loopback-only for local_trusted, auth config required for authenticated). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 14:40:32 -06:00
await tx.delete(joinRequests).where(eq(joinRequests.companyId, id));
await tx.delete(invites).where(eq(invites.companyId, id));
await tx.delete(principalPermissionGrants).where(eq(principalPermissionGrants.companyId, id));
await tx.delete(companyMemberships).where(eq(companyMemberships.companyId, id));
Stabilize onboarding e2e cleanup paths
2026-04-07 18:20:35 -05:00
await tx.delete(companySkills).where(eq(companySkills.companyId, id));
await tx.delete(issueReadStates).where(eq(issueReadStates.companyId, id));
[codex] Improve transient recovery and Codex model refresh (#4383) ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Adapter execution and retry classification decide whether agent work pauses, retries, or recovers automatically > - Transient provider failures need to be classified precisely so Paperclip does not convert retryable upstream conditions into false hard failures > - At the same time, operators need an up-to-date model list for Codex-backed agents and prompts should nudge agents toward targeted verification instead of repo-wide sweeps > - This pull request tightens transient recovery classification for Claude and Codex, updates the agent prompt guidance, and adds Codex model refresh support end-to-end > - The benefit is better automatic retry behavior plus fresher operator-facing model configuration ## What Changed - added Codex usage-limit retry-window parsing and Claude extra-usage transient classification - normalized the heartbeat transient-recovery contract across adapter executions and heartbeat scheduling - documented that deferred comment wakes only reopen completed issues for human/comment-reopen interactions, while system follow-ups leave closed work closed - updated adapter-utils prompt guidance to prefer targeted verification - added Codex model refresh support in the server route, registry, shared types, and agent config form - added adapter/server tests covering the new parsing, retry scheduling, and model-refresh behavior ## Verification - `pnpm exec vitest run --project @paperclipai/adapter-utils packages/adapter-utils/src/server-utils.test.ts` - `pnpm exec vitest run --project @paperclipai/adapter-claude-local packages/adapters/claude-local/src/server/parse.test.ts` - `pnpm exec vitest run --project @paperclipai/adapter-codex-local packages/adapters/codex-local/src/server/parse.test.ts` - `pnpm exec vitest run --project @paperclipai/server server/src/__tests__/adapter-model-refresh-routes.test.ts server/src/__tests__/adapter-models.test.ts server/src/__tests__/claude-local-execute.test.ts server/src/__tests__/codex-local-execute.test.ts server/src/__tests__/heartbeat-process-recovery.test.ts server/src/__tests__/heartbeat-retry-scheduling.test.ts` ## Risks - Moderate behavior risk: retry classification affects whether runs auto-recover or block, so mistakes here could either suppress needed retries or over-retry real failures - Low workflow risk: deferred comment wake reopening is intentionally scoped to human/comment-reopen interactions so system follow-ups do not revive completed issues unexpectedly > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex GPT-5-based coding agent with tool use and code execution in the Codex CLI environment ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [ ] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-24 09:40:40 -05:00
await tx.delete(documents).where(eq(documents.companyId, id));
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
await tx.delete(issues).where(eq(issues.companyId, id));
Use asset-backed company logos
2026-03-16 09:25:39 -05:00
await tx.delete(companyLogos).where(eq(companyLogos.companyId, id));
await tx.delete(assets).where(eq(assets.companyId, id));
Upgrade Companies page: stats, delete, status badge, dropdown menu Server: - companyService.stats() returns per-company agent/issue counts in one query pair - companyService.remove() cascades deletes across all child tables in dependency order - GET /companies/stats endpoint (board-accessible) - DELETE /companies/:companyId endpoint (board-only) UI: - Companies page shows agent count, issue count, spend/budget, and created-at per card - Company status shown as a colored badge (active/paused/archived) - Three-dot dropdown menu with Rename and Delete Company actions - Inline delete confirmation to prevent accidental data loss - 'New Company' button opens onboarding wizard instead of inline form Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-17 20:14:05 -06:00
await tx.delete(goals).where(eq(goals.companyId, id));
await tx.delete(projects).where(eq(projects.companyId, id));
await tx.delete(agents).where(eq(agents.companyId, id));
const rows = await tx
.delete(companies)
.where(eq(companies.id, id))
.returning();
return rows[0] ?? null;
}),
stats: () =>
Promise.all([
db
.select({ companyId: agents.companyId, count: count() })
.from(agents)
.groupBy(agents.companyId),
db
.select({ companyId: issues.companyId, count: count() })
.from(issues)
.groupBy(issues.companyId),
]).then(([agentRows, issueRows]) => {
const result: Record<string, { agentCount: number; issueCount: number }> = {};
for (const row of agentRows) {
result[row.companyId] = { agentCount: row.count, issueCount: 0 };
}
for (const row of issueRows) {
if (result[row.companyId]) {
result[row.companyId].issueCount = row.count;
} else {
result[row.companyId] = { agentCount: 0, issueCount: row.count };
}
}
return result;
}),
Add server routes for companies, approvals, costs, and dashboard New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
};
}
Reference in a new issue Copy permalink