2026-04-24 15:50:32 -05:00
|
|
|
import { describe, expect, it } from "vitest";
|
|
|
|
|
import { classifyIssueGraphLiveness as classifyIssueGraphLivenessCompat } from "../services/issue-liveness.ts";
|
|
|
|
|
import { decideRunLivenessContinuation as decideRunLivenessContinuationCompat } from "../services/run-continuations.ts";
|
|
|
|
|
import {
|
|
|
|
|
RECOVERY_KEY_PREFIXES,
|
|
|
|
|
RECOVERY_ORIGIN_KINDS,
|
|
|
|
|
RECOVERY_REASON_KINDS,
|
|
|
|
|
buildIssueGraphLivenessIncidentKey,
|
|
|
|
|
buildIssueGraphLivenessLeafKey,
|
|
|
|
|
buildRunLivenessContinuationIdempotencyKey,
|
|
|
|
|
classifyIssueGraphLiveness,
|
|
|
|
|
decideRunLivenessContinuation,
|
[codex] Harden recovery issue handling (#4600)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The control plane must recover stranded agent work without creating
new operational loops
> - Stranded recovery issues can themselves fail, and exposing raw retry
errors in comments can leak sensitive adapter details
> - New local companies also should not force a hire-approval gate
unless operators enable that policy
> - This pull request hardens recovery issue handling, redacts retry
failure details in issue copy, preserves `maxConcurrentRuns: 1`, and
flips new-hire approval to an opt-in default
> - The benefit is safer automatic recovery and smoother default company
setup without hidden migration conflicts
## What Changed
- Added migration `0071_default_hire_approval_off` and updated company
schema/import/export/docs so hire approvals default off and serialize
only when enabled.
- Added migration `0072_large_sandman` with a partial unique index
preventing duplicate active stranded recovery issues for the same source
issue.
- Blocked failed `stranded_issue_recovery` issues in place instead of
creating nested recovery issues.
- Redacted latest retry failure details from recovery issue comments
while still linking reviewers to run evidence.
- Allowed `maxConcurrentRuns: 1` to be honored by heartbeat concurrency
normalization.
- Added focused regression coverage for recovery recursion, redaction,
migration ordering, and concurrency behavior.
## Verification
- `pnpm --filter @paperclipai/db run check:migrations`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/recovery-classifiers.test.ts`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/company-portability.test.ts --pool=forks
--poolOptions.forks.isolate=true`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/agent-permissions-routes.test.ts --pool=forks
--poolOptions.forks.isolate=true`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/heartbeat-process-recovery.test.ts --pool=forks
--poolOptions.forks.isolate=true` exits 0, but this host skipped the
embedded Postgres tests with the existing init guard.
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/heartbeat-dependency-scheduling.test.ts
--pool=forks --poolOptions.forks.isolate=true` exits 0, but this host
skipped the embedded Postgres tests with the existing init guard.
## Risks
- Migration risk is low but this PR intentionally owns both new
migrations to avoid separate PR migration-journal conflicts.
- Recovery comments now require operators to inspect linked run evidence
for details instead of reading raw errors inline.
- The hire approval default changes behavior for newly created/imported
companies only; existing persisted company settings are not changed
except by the SQL default for future rows.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub
workflow, reasoning mode active. Context window not exposed in this
environment.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-27 15:02:47 -05:00
|
|
|
isStrandedIssueRecoveryOriginKind,
|
2026-04-24 15:50:32 -05:00
|
|
|
parseIssueGraphLivenessIncidentKey,
|
|
|
|
|
} from "../services/recovery/index.ts";
|
|
|
|
|
|
|
|
|
|
const companyId = "company-1";
|
|
|
|
|
const agentId = "agent-1";
|
|
|
|
|
const managerId = "manager-1";
|
|
|
|
|
const issueId = "issue-1";
|
|
|
|
|
const blockerId = "blocker-1";
|
|
|
|
|
const runId = "run-1";
|
|
|
|
|
|
|
|
|
|
describe("recovery classifier boundary", () => {
|
|
|
|
|
it("keeps issue graph liveness classifier parity with the compatibility export", () => {
|
|
|
|
|
const input = {
|
|
|
|
|
issues: [
|
|
|
|
|
{
|
|
|
|
|
id: issueId,
|
|
|
|
|
companyId,
|
|
|
|
|
identifier: "PAP-2073",
|
|
|
|
|
title: "Centralize recovery classifiers",
|
|
|
|
|
status: "blocked",
|
|
|
|
|
assigneeAgentId: agentId,
|
|
|
|
|
assigneeUserId: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: null,
|
|
|
|
|
executionState: null,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: blockerId,
|
|
|
|
|
companyId,
|
|
|
|
|
identifier: "PAP-2074",
|
|
|
|
|
title: "Move recovery side effects",
|
|
|
|
|
status: "todo",
|
|
|
|
|
assigneeAgentId: null,
|
|
|
|
|
assigneeUserId: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: null,
|
|
|
|
|
executionState: null,
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
relations: [{ companyId, blockerIssueId: blockerId, blockedIssueId: issueId }],
|
|
|
|
|
agents: [
|
|
|
|
|
{
|
|
|
|
|
id: agentId,
|
|
|
|
|
companyId,
|
|
|
|
|
name: "Coder",
|
|
|
|
|
role: "engineer",
|
|
|
|
|
status: "idle",
|
|
|
|
|
reportsTo: managerId,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: managerId,
|
|
|
|
|
companyId,
|
|
|
|
|
name: "CTO",
|
|
|
|
|
role: "cto",
|
|
|
|
|
status: "idle",
|
|
|
|
|
reportsTo: null,
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
expect(classifyIssueGraphLiveness(input)).toEqual(classifyIssueGraphLivenessCompat(input));
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("keeps run liveness continuation decision parity with the compatibility export", () => {
|
|
|
|
|
const input = {
|
|
|
|
|
run: {
|
|
|
|
|
id: runId,
|
|
|
|
|
companyId,
|
|
|
|
|
agentId,
|
|
|
|
|
continuationAttempt: 0,
|
|
|
|
|
} as never,
|
|
|
|
|
issue: {
|
|
|
|
|
id: issueId,
|
|
|
|
|
companyId,
|
|
|
|
|
identifier: "PAP-2073",
|
|
|
|
|
title: "Centralize recovery classifiers",
|
|
|
|
|
status: "in_progress",
|
|
|
|
|
assigneeAgentId: agentId,
|
|
|
|
|
executionState: null,
|
|
|
|
|
projectId: null,
|
|
|
|
|
} as never,
|
|
|
|
|
agent: {
|
|
|
|
|
id: agentId,
|
|
|
|
|
companyId,
|
|
|
|
|
status: "idle",
|
|
|
|
|
} as never,
|
|
|
|
|
livenessState: "plan_only" as const,
|
|
|
|
|
livenessReason: "Planned without acting",
|
|
|
|
|
nextAction: "Take the first concrete action.",
|
|
|
|
|
budgetBlocked: false,
|
|
|
|
|
idempotentWakeExists: false,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
expect(decideRunLivenessContinuation(input)).toEqual(decideRunLivenessContinuationCompat(input));
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("keeps recovery origin and idempotency keys stable", () => {
|
|
|
|
|
expect(RECOVERY_ORIGIN_KINDS).toMatchObject({
|
|
|
|
|
issueGraphLivenessEscalation: "harness_liveness_escalation",
|
|
|
|
|
strandedIssueRecovery: "stranded_issue_recovery",
|
|
|
|
|
staleActiveRunEvaluation: "stale_active_run_evaluation",
|
|
|
|
|
});
|
|
|
|
|
expect(RECOVERY_REASON_KINDS.runLivenessContinuation).toBe("run_liveness_continuation");
|
|
|
|
|
expect(RECOVERY_KEY_PREFIXES.issueGraphLivenessIncident).toBe("harness_liveness");
|
|
|
|
|
expect(RECOVERY_KEY_PREFIXES.issueGraphLivenessLeaf).toBe("harness_liveness_leaf");
|
|
|
|
|
|
|
|
|
|
const incidentKey = buildIssueGraphLivenessIncidentKey({
|
|
|
|
|
companyId,
|
|
|
|
|
issueId,
|
|
|
|
|
state: "blocked_by_unassigned_issue",
|
|
|
|
|
blockerIssueId: blockerId,
|
|
|
|
|
});
|
|
|
|
|
expect(incidentKey).toBe(
|
|
|
|
|
"harness_liveness:company-1:issue-1:blocked_by_unassigned_issue:blocker-1",
|
|
|
|
|
);
|
|
|
|
|
expect(parseIssueGraphLivenessIncidentKey(incidentKey)).toEqual({
|
|
|
|
|
companyId,
|
|
|
|
|
issueId,
|
|
|
|
|
state: "blocked_by_unassigned_issue",
|
|
|
|
|
leafIssueId: blockerId,
|
|
|
|
|
});
|
|
|
|
|
expect(buildIssueGraphLivenessLeafKey({
|
|
|
|
|
companyId,
|
|
|
|
|
state: "blocked_by_unassigned_issue",
|
|
|
|
|
leafIssueId: blockerId,
|
|
|
|
|
})).toBe("harness_liveness_leaf:company-1:blocked_by_unassigned_issue:blocker-1");
|
|
|
|
|
expect(buildRunLivenessContinuationIdempotencyKey({
|
|
|
|
|
issueId,
|
|
|
|
|
sourceRunId: runId,
|
|
|
|
|
livenessState: "plan_only",
|
|
|
|
|
nextAttempt: 1,
|
|
|
|
|
})).toBe("run_liveness_continuation:issue-1:run-1:plan_only:1");
|
|
|
|
|
});
|
[codex] Harden recovery issue handling (#4600)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The control plane must recover stranded agent work without creating
new operational loops
> - Stranded recovery issues can themselves fail, and exposing raw retry
errors in comments can leak sensitive adapter details
> - New local companies also should not force a hire-approval gate
unless operators enable that policy
> - This pull request hardens recovery issue handling, redacts retry
failure details in issue copy, preserves `maxConcurrentRuns: 1`, and
flips new-hire approval to an opt-in default
> - The benefit is safer automatic recovery and smoother default company
setup without hidden migration conflicts
## What Changed
- Added migration `0071_default_hire_approval_off` and updated company
schema/import/export/docs so hire approvals default off and serialize
only when enabled.
- Added migration `0072_large_sandman` with a partial unique index
preventing duplicate active stranded recovery issues for the same source
issue.
- Blocked failed `stranded_issue_recovery` issues in place instead of
creating nested recovery issues.
- Redacted latest retry failure details from recovery issue comments
while still linking reviewers to run evidence.
- Allowed `maxConcurrentRuns: 1` to be honored by heartbeat concurrency
normalization.
- Added focused regression coverage for recovery recursion, redaction,
migration ordering, and concurrency behavior.
## Verification
- `pnpm --filter @paperclipai/db run check:migrations`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/recovery-classifiers.test.ts`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/company-portability.test.ts --pool=forks
--poolOptions.forks.isolate=true`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/agent-permissions-routes.test.ts --pool=forks
--poolOptions.forks.isolate=true`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/heartbeat-process-recovery.test.ts --pool=forks
--poolOptions.forks.isolate=true` exits 0, but this host skipped the
embedded Postgres tests with the existing init guard.
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/heartbeat-dependency-scheduling.test.ts
--pool=forks --poolOptions.forks.isolate=true` exits 0, but this host
skipped the embedded Postgres tests with the existing init guard.
## Risks
- Migration risk is low but this PR intentionally owns both new
migrations to avoid separate PR migration-journal conflicts.
- Recovery comments now require operators to inspect linked run evidence
for details instead of reading raw errors inline.
- The hire approval default changes behavior for newly created/imported
companies only; existing persisted company settings are not changed
except by the SQL default for future rows.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub
workflow, reasoning mode active. Context window not exposed in this
environment.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-27 15:02:47 -05:00
|
|
|
|
|
|
|
|
it("classifies stranded recovery origins as recovery-owned work", () => {
|
|
|
|
|
expect(isStrandedIssueRecoveryOriginKind("stranded_issue_recovery")).toBe(true);
|
|
|
|
|
expect(isStrandedIssueRecoveryOriginKind("harness_liveness_escalation")).toBe(false);
|
|
|
|
|
expect(isStrandedIssueRecoveryOriginKind("manual")).toBe(false);
|
|
|
|
|
expect(isStrandedIssueRecoveryOriginKind(null)).toBe(false);
|
|
|
|
|
});
|
2026-04-24 15:50:32 -05:00
|
|
|
});
|