[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
import type {
|
|
|
|
|
ActivityEvent,
|
|
|
|
|
Agent,
|
|
|
|
|
Approval,
|
|
|
|
|
AuthSession,
|
|
|
|
|
BudgetPolicySummary,
|
|
|
|
|
Company,
|
Add secrets provider vaults and remote import (#5429)
## Thinking Path
> - Paperclip orchestrates AI-agent companies and needs secrets handling
to work across local development, hosted operators, and governed agent
execution.
> - The affected subsystem is the company-scoped secrets control plane:
database schema, server services/routes, CLI workflows, and the Secrets
settings UI.
> - The gap was that secrets were local-only and operators could not
manage provider vaults or import existing remote references without
exposing plaintext.
> - This branch adds provider vault configuration plus an AWS Secrets
Manager remote-import path while preserving company boundaries, binding
context, and audit trails.
> - I kept the PR to a single branch PR, removed unrelated
lockfile/package drift, rebased the full branch onto the current
`public-gh/master`, and addressed fresh Greptile findings.
> - The benefit is a reviewable implementation of provider-backed
secrets with focused tests covering provider selection, import
conflicts, deleted secret reuse, rotation guards, and AWS signing
behavior.
## What Changed
- Added provider vault support for company secrets, including provider
config storage, default vault handling, health checks, binding usage,
access events, and remote import preview/commit.
- Added an AWS Secrets Manager provider using SigV4 request signing,
bounded request timeouts, namespace guardrails, cached runtime
credential resolution, and external-reference linking without plaintext
reads.
- Added Secrets UI surfaces for vault management and remote import, plus
CLI/API documentation for setup and operations.
- Stabilized routine webhook secret binding paths and SSH
environment-driver fixture bindings discovered during verification.
- Addressed Greptile and CI findings: no lockfile/package drift,
monotonic migration metadata, disabled-vault default races, soft-deleted
secret hiding/recreate behavior, remove behavior with disabled vaults,
soft-deleted external-reference re-import, non-active rotation guards,
managed-secret soft deletion through PATCH, and per-call AWS SDK
credential client churn.
- Rebased this branch onto `public-gh/master` at `0e1a5828` and
force-pushed with lease to keep this as the single PR for the branch.
## Verification
- `git fetch public-gh master`
- `git rebase public-gh/master`
- `git diff --name-only public-gh/master...HEAD | grep
'^pnpm-lock\.yaml$' || true` confirmed `pnpm-lock.yaml` is not in the PR
diff.
- Confirmed migration ordering: master ends at `0081_optimal_dormammu`;
this PR adds `0082_dry_vision` and
`0083_company_secret_provider_configs`.
- Inspected migrations for repeat safety: new tables/indexes use `IF NOT
EXISTS`; foreign keys are guarded by `DO $$ ... IF NOT EXISTS`; column
additions use `ADD COLUMN IF NOT EXISTS`.
- `pnpm -r typecheck` passed before the Greptile follow-up commits.
- `pnpm test:run` ran the full stable Vitest path before the Greptile
follow-up commits; it completed with 3 timing-related failures under
parallel load: `codex-local-execute.test.ts`,
`cursor-local-execute.test.ts`, and `environment-service.test.ts`.
- `pnpm --filter @paperclipai/server exec vitest run
src/__tests__/codex-local-execute.test.ts
src/__tests__/cursor-local-execute.test.ts
src/__tests__/environment-service.test.ts` passed on targeted rerun
(`24/24`).
- `pnpm build` passed before the Greptile follow-up commits. Vite
reported existing chunk-size/dynamic-import warnings.
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/secrets-service.test.ts` passed (`26/26`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/aws-secrets-manager-provider.test.ts
src/__tests__/secrets-service.test.ts` passed (`39/39`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
typecheck` passed.
- Captured Storybook screenshots from `ui/storybook-static` for visual
review.
- Latest PR checks on `5ca3a5cf`: `policy`, serialized server suites
1/4-4/4, `Canary Dry Run`, `e2e`, `security/snyk`, and `Greptile Review`
pass; aggregate `verify` is still registering the completed child
checks.
- Greptile review loop continued through the latest requested pass; all
Greptile review threads are resolved and the latest `Greptile Review`
check on `5ca3a5cf` passed with 0 comments added.
## Screenshots
Before: the provider-vault and remote-import surfaces did not exist on
`master`; these are after-state screenshots from the Storybook fixtures.
## Risks
- Migration risk: this adds new secret provider tables and extends
existing secret rows. The migrations were checked for monotonic ordering
and idempotent guards, but reviewers should still inspect upgrade
behavior carefully.
- Provider risk: AWS support uses direct SigV4 requests. Automated tests
cover signing, request timeouts, vault-config selection, namespace
guardrails, pending-version archival, sanitized provider errors, and
service-level cleanup paths. A real-vault AWS smoke test remains
deployment validation for an operator with AWS credentials rather than
an unverified merge blocker in this local branch.
- UI risk: the Secrets page and import dialog are large new surfaces;
screenshots are included above for reviewer inspection.
- Verification risk: the full local stable test command hit
parallel-load timing failures, although the exact failed files passed
when rerun directly.
- Operational risk: remote import intentionally avoids plaintext reads;
operators must understand that imported external references resolve at
runtime and may fail if AWS permissions change.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent with local shell/tool use in the
Paperclip worktree. Exact context-window size was not exposed by the
runtime.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-09 18:22:17 -05:00
|
|
|
CompanySecret,
|
|
|
|
|
CompanySecretBinding,
|
2026-05-19 15:50:23 -05:00
|
|
|
CompanySecretProviderConfig,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
DashboardSummary,
|
|
|
|
|
ExecutionWorkspace,
|
|
|
|
|
Goal,
|
|
|
|
|
Issue,
|
|
|
|
|
IssueDocument,
|
|
|
|
|
IssueLabel,
|
|
|
|
|
Project,
|
Add secrets provider vaults and remote import (#5429)
## Thinking Path
> - Paperclip orchestrates AI-agent companies and needs secrets handling
to work across local development, hosted operators, and governed agent
execution.
> - The affected subsystem is the company-scoped secrets control plane:
database schema, server services/routes, CLI workflows, and the Secrets
settings UI.
> - The gap was that secrets were local-only and operators could not
manage provider vaults or import existing remote references without
exposing plaintext.
> - This branch adds provider vault configuration plus an AWS Secrets
Manager remote-import path while preserving company boundaries, binding
context, and audit trails.
> - I kept the PR to a single branch PR, removed unrelated
lockfile/package drift, rebased the full branch onto the current
`public-gh/master`, and addressed fresh Greptile findings.
> - The benefit is a reviewable implementation of provider-backed
secrets with focused tests covering provider selection, import
conflicts, deleted secret reuse, rotation guards, and AWS signing
behavior.
## What Changed
- Added provider vault support for company secrets, including provider
config storage, default vault handling, health checks, binding usage,
access events, and remote import preview/commit.
- Added an AWS Secrets Manager provider using SigV4 request signing,
bounded request timeouts, namespace guardrails, cached runtime
credential resolution, and external-reference linking without plaintext
reads.
- Added Secrets UI surfaces for vault management and remote import, plus
CLI/API documentation for setup and operations.
- Stabilized routine webhook secret binding paths and SSH
environment-driver fixture bindings discovered during verification.
- Addressed Greptile and CI findings: no lockfile/package drift,
monotonic migration metadata, disabled-vault default races, soft-deleted
secret hiding/recreate behavior, remove behavior with disabled vaults,
soft-deleted external-reference re-import, non-active rotation guards,
managed-secret soft deletion through PATCH, and per-call AWS SDK
credential client churn.
- Rebased this branch onto `public-gh/master` at `0e1a5828` and
force-pushed with lease to keep this as the single PR for the branch.
## Verification
- `git fetch public-gh master`
- `git rebase public-gh/master`
- `git diff --name-only public-gh/master...HEAD | grep
'^pnpm-lock\.yaml$' || true` confirmed `pnpm-lock.yaml` is not in the PR
diff.
- Confirmed migration ordering: master ends at `0081_optimal_dormammu`;
this PR adds `0082_dry_vision` and
`0083_company_secret_provider_configs`.
- Inspected migrations for repeat safety: new tables/indexes use `IF NOT
EXISTS`; foreign keys are guarded by `DO $$ ... IF NOT EXISTS`; column
additions use `ADD COLUMN IF NOT EXISTS`.
- `pnpm -r typecheck` passed before the Greptile follow-up commits.
- `pnpm test:run` ran the full stable Vitest path before the Greptile
follow-up commits; it completed with 3 timing-related failures under
parallel load: `codex-local-execute.test.ts`,
`cursor-local-execute.test.ts`, and `environment-service.test.ts`.
- `pnpm --filter @paperclipai/server exec vitest run
src/__tests__/codex-local-execute.test.ts
src/__tests__/cursor-local-execute.test.ts
src/__tests__/environment-service.test.ts` passed on targeted rerun
(`24/24`).
- `pnpm build` passed before the Greptile follow-up commits. Vite
reported existing chunk-size/dynamic-import warnings.
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/secrets-service.test.ts` passed (`26/26`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/aws-secrets-manager-provider.test.ts
src/__tests__/secrets-service.test.ts` passed (`39/39`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
typecheck` passed.
- Captured Storybook screenshots from `ui/storybook-static` for visual
review.
- Latest PR checks on `5ca3a5cf`: `policy`, serialized server suites
1/4-4/4, `Canary Dry Run`, `e2e`, `security/snyk`, and `Greptile Review`
pass; aggregate `verify` is still registering the completed child
checks.
- Greptile review loop continued through the latest requested pass; all
Greptile review threads are resolved and the latest `Greptile Review`
check on `5ca3a5cf` passed with 0 comments added.
## Screenshots
Before: the provider-vault and remote-import surfaces did not exist on
`master`; these are after-state screenshots from the Storybook fixtures.
## Risks
- Migration risk: this adds new secret provider tables and extends
existing secret rows. The migrations were checked for monotonic ordering
and idempotent guards, but reviewers should still inspect upgrade
behavior carefully.
- Provider risk: AWS support uses direct SigV4 requests. Automated tests
cover signing, request timeouts, vault-config selection, namespace
guardrails, pending-version archival, sanitized provider errors, and
service-level cleanup paths. A real-vault AWS smoke test remains
deployment validation for an operator with AWS credentials rather than
an unverified merge blocker in this local branch.
- UI risk: the Secrets page and import dialog are large new surfaces;
screenshots are included above for reviewer inspection.
- Verification risk: the full local stable test command hit
parallel-load timing failures, although the exact failed files passed
when rerun directly.
- Operational risk: remote import intentionally avoids plaintext reads;
operators must understand that imported external references resolve at
runtime and may fail if AWS permissions change.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent with local shell/tool use in the
Paperclip worktree. Exact context-window size was not exposed by the
runtime.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-09 18:22:17 -05:00
|
|
|
SecretAccessEvent,
|
2026-05-19 15:50:23 -05:00
|
|
|
SecretProviderConfigDiscoveryPreviewResult,
|
Add secrets provider vaults and remote import (#5429)
## Thinking Path
> - Paperclip orchestrates AI-agent companies and needs secrets handling
to work across local development, hosted operators, and governed agent
execution.
> - The affected subsystem is the company-scoped secrets control plane:
database schema, server services/routes, CLI workflows, and the Secrets
settings UI.
> - The gap was that secrets were local-only and operators could not
manage provider vaults or import existing remote references without
exposing plaintext.
> - This branch adds provider vault configuration plus an AWS Secrets
Manager remote-import path while preserving company boundaries, binding
context, and audit trails.
> - I kept the PR to a single branch PR, removed unrelated
lockfile/package drift, rebased the full branch onto the current
`public-gh/master`, and addressed fresh Greptile findings.
> - The benefit is a reviewable implementation of provider-backed
secrets with focused tests covering provider selection, import
conflicts, deleted secret reuse, rotation guards, and AWS signing
behavior.
## What Changed
- Added provider vault support for company secrets, including provider
config storage, default vault handling, health checks, binding usage,
access events, and remote import preview/commit.
- Added an AWS Secrets Manager provider using SigV4 request signing,
bounded request timeouts, namespace guardrails, cached runtime
credential resolution, and external-reference linking without plaintext
reads.
- Added Secrets UI surfaces for vault management and remote import, plus
CLI/API documentation for setup and operations.
- Stabilized routine webhook secret binding paths and SSH
environment-driver fixture bindings discovered during verification.
- Addressed Greptile and CI findings: no lockfile/package drift,
monotonic migration metadata, disabled-vault default races, soft-deleted
secret hiding/recreate behavior, remove behavior with disabled vaults,
soft-deleted external-reference re-import, non-active rotation guards,
managed-secret soft deletion through PATCH, and per-call AWS SDK
credential client churn.
- Rebased this branch onto `public-gh/master` at `0e1a5828` and
force-pushed with lease to keep this as the single PR for the branch.
## Verification
- `git fetch public-gh master`
- `git rebase public-gh/master`
- `git diff --name-only public-gh/master...HEAD | grep
'^pnpm-lock\.yaml$' || true` confirmed `pnpm-lock.yaml` is not in the PR
diff.
- Confirmed migration ordering: master ends at `0081_optimal_dormammu`;
this PR adds `0082_dry_vision` and
`0083_company_secret_provider_configs`.
- Inspected migrations for repeat safety: new tables/indexes use `IF NOT
EXISTS`; foreign keys are guarded by `DO $$ ... IF NOT EXISTS`; column
additions use `ADD COLUMN IF NOT EXISTS`.
- `pnpm -r typecheck` passed before the Greptile follow-up commits.
- `pnpm test:run` ran the full stable Vitest path before the Greptile
follow-up commits; it completed with 3 timing-related failures under
parallel load: `codex-local-execute.test.ts`,
`cursor-local-execute.test.ts`, and `environment-service.test.ts`.
- `pnpm --filter @paperclipai/server exec vitest run
src/__tests__/codex-local-execute.test.ts
src/__tests__/cursor-local-execute.test.ts
src/__tests__/environment-service.test.ts` passed on targeted rerun
(`24/24`).
- `pnpm build` passed before the Greptile follow-up commits. Vite
reported existing chunk-size/dynamic-import warnings.
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/secrets-service.test.ts` passed (`26/26`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/aws-secrets-manager-provider.test.ts
src/__tests__/secrets-service.test.ts` passed (`39/39`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
typecheck` passed.
- Captured Storybook screenshots from `ui/storybook-static` for visual
review.
- Latest PR checks on `5ca3a5cf`: `policy`, serialized server suites
1/4-4/4, `Canary Dry Run`, `e2e`, `security/snyk`, and `Greptile Review`
pass; aggregate `verify` is still registering the completed child
checks.
- Greptile review loop continued through the latest requested pass; all
Greptile review threads are resolved and the latest `Greptile Review`
check on `5ca3a5cf` passed with 0 comments added.
## Screenshots
Before: the provider-vault and remote-import surfaces did not exist on
`master`; these are after-state screenshots from the Storybook fixtures.
## Risks
- Migration risk: this adds new secret provider tables and extends
existing secret rows. The migrations were checked for monotonic ordering
and idempotent guards, but reviewers should still inspect upgrade
behavior carefully.
- Provider risk: AWS support uses direct SigV4 requests. Automated tests
cover signing, request timeouts, vault-config selection, namespace
guardrails, pending-version archival, sanitized provider errors, and
service-level cleanup paths. A real-vault AWS smoke test remains
deployment validation for an operator with AWS credentials rather than
an unverified merge blocker in this local branch.
- UI risk: the Secrets page and import dialog are large new surfaces;
screenshots are included above for reviewer inspection.
- Verification risk: the full local stable test command hit
parallel-load timing failures, although the exact failed files passed
when rerun directly.
- Operational risk: remote import intentionally avoids plaintext reads;
operators must understand that imported external references resolve at
runtime and may fail if AWS permissions change.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent with local shell/tool use in the
Paperclip worktree. Exact context-window size was not exposed by the
runtime.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-09 18:22:17 -05:00
|
|
|
SecretProviderDescriptor,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
SidebarBadges,
|
|
|
|
|
WorkspaceRuntimeService,
|
|
|
|
|
} from "@paperclipai/shared";
|
|
|
|
|
import type { RunForIssue } from "@/api/activity";
|
|
|
|
|
import type { LiveRunForIssue } from "@/api/heartbeats";
|
|
|
|
|
|
|
|
|
|
const now = new Date("2026-04-20T12:00:00.000Z");
|
|
|
|
|
const recent = (minutesAgo: number) => new Date(now.getTime() - minutesAgo * 60_000);
|
|
|
|
|
const storybookRepoRoot = "~/paperclip";
|
|
|
|
|
const storybookWorkspaceRoot = `${storybookRepoRoot}/.paperclip/workspaces`;
|
|
|
|
|
const storybookWorktreeRoot = `${storybookRepoRoot}/.paperclip/worktrees`;
|
|
|
|
|
|
|
|
|
|
export const storybookCompanies: Company[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "company-storybook",
|
|
|
|
|
name: "Paperclip Storybook",
|
|
|
|
|
description: "Fixture company for isolated UI review.",
|
|
|
|
|
status: "active",
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
pausedAt: null,
|
|
|
|
|
issuePrefix: "PAP",
|
|
|
|
|
issueCounter: 1641,
|
|
|
|
|
budgetMonthlyCents: 250_000,
|
|
|
|
|
spentMonthlyCents: 67_500,
|
[codex] Split backend control-plane QoL slice (#4700)
## Thinking Path
> - Paperclip is the control plane for autonomous AI companies, so
backend task ownership, recovery, review visibility, and company-scoped
limits need to stay enforceable without UI-only coupling.
> - Closed PR #4692 bundled those backend changes with UI workflow,
docs, skills, workflow, and lockfile churn.
> - PAP-2694 asks for a clean backend/control-plane slice from that
closed branch.
> - This branch starts from current `master` and mines only the `cli`,
`packages/db`, `packages/shared`, and `server` contracts/tests needed
for the backend behavior.
> - It explicitly excludes UI workflow/performance work,
`.github/workflows/pr.yml`, `pnpm-lock.yaml`, docs, skills,
package-script, adapter UI build-config, and perf fixture script
changes; the only UI files are fixture/test updates required by the
tightened shared `Company` contract.
> - The benefit is a smaller reviewable PR that preserves the
control-plane fixes while staying under Greptile s 100-file review
limit.
## What Changed
- Added company-scoped attachment-size limits through DB
schema/migrations, shared company portability contracts, CLI
import/export coverage, and server attachment upload enforcement.
- Added productivity review service/API behavior for no-comment streak,
long-active, and high-churn review issues, including request-depth
clamping and issue summary exposure.
- Hardened issue ownership and recovery/control-plane paths: peer-agent
mutation denial, issue tree pause/resume behavior, stranded recovery
origins, and related activity/test coverage.
- Preserved related backend contract updates for routine timestamp
variables and managed agent instruction bundles because they live in
shared/server contracts from the source branch.
- Addressed Greptile feedback by making `Company.attachmentMaxBytes`
non-optional, simplifying review request-depth clamping, fixing the
migration final newline, and enforcing the process-level attachment cap
as the final ceiling for uploads.
- Added minimal company fixtures needed for repo-wide typecheck/build
and kept the PR to 66 changed files with forbidden/non-slice paths
excluded.
## Verification
- `pnpm install --frozen-lockfile`
- `git diff --check origin/master..HEAD`
- `git diff --name-only origin/master..HEAD | wc -l` -> 66 files
- `git diff --name-only origin/master..HEAD -- .github/workflows/pr.yml
pnpm-lock.yaml package.json doc skills .agents scripts
packages/adapters` -> no output
- `pnpm exec vitest run --config vitest.config.ts
packages/shared/src/validators/issue.test.ts
packages/shared/src/routine-variables.test.ts
packages/shared/src/adapter-types.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
cli/src/__tests__/company.test.ts
server/src/__tests__/productivity-review-service.test.ts
server/src/__tests__/issue-tree-control-service.test.ts
server/src/__tests__/issue-tree-control-routes.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
server/src/__tests__/issue-attachment-routes.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts
server/src/__tests__/issues-service.test.ts` -> 12 files, 147 tests
passed
- `pnpm exec vitest run --config vitest.config.ts
cli/src/__tests__/company-delete.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
server/src/__tests__/productivity-review-service.test.ts` -> 3 files, 18
tests passed
- `pnpm exec vitest run --config vitest.config.ts
server/src/__tests__/issue-attachment-routes.test.ts` -> 1 file, 6 tests
passed
- `pnpm --filter @paperclipai/db typecheck && pnpm --filter
@paperclipai/shared typecheck && pnpm --filter @paperclipai/server
typecheck && pnpm --filter paperclipai typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm --filter @paperclipai/ui typecheck && pnpm --filter
@paperclipai/ui build`
## Risks
- Includes migrations `0073_shiny_salo.sql` and
`0074_striped_genesis.sql`; merge ordering matters if another PR adds
migrations first.
- This is intentionally backend-only apart from fixture/test updates
forced by shared type correctness; UI affordances from PR #4692 are not
present here and should land in separate UI slices.
- The worktree install emitted plugin SDK bin-link warnings for unbuilt
plugin packages, but the targeted tests and package typechecks completed
successfully.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected; check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub
workflow. Exact runtime context window was not exposed by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-28 16:46:45 -05:00
|
|
|
attachmentMaxBytes: 10 * 1024 * 1024,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
requireBoardApprovalForNewAgents: true,
|
|
|
|
|
feedbackDataSharingEnabled: true,
|
|
|
|
|
feedbackDataSharingConsentAt: null,
|
|
|
|
|
feedbackDataSharingConsentByUserId: null,
|
|
|
|
|
feedbackDataSharingTermsVersion: null,
|
|
|
|
|
brandColor: "#0f766e",
|
|
|
|
|
logoAssetId: null,
|
|
|
|
|
logoUrl: null,
|
|
|
|
|
createdAt: new Date("2026-04-01T09:00:00.000Z"),
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "company-research",
|
|
|
|
|
name: "Research Bureau",
|
|
|
|
|
description: "A second active company for rail and switcher state coverage.",
|
|
|
|
|
status: "active",
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
pausedAt: null,
|
|
|
|
|
issuePrefix: "RES",
|
|
|
|
|
issueCounter: 88,
|
|
|
|
|
budgetMonthlyCents: 180_000,
|
|
|
|
|
spentMonthlyCents: 39_500,
|
[codex] Split backend control-plane QoL slice (#4700)
## Thinking Path
> - Paperclip is the control plane for autonomous AI companies, so
backend task ownership, recovery, review visibility, and company-scoped
limits need to stay enforceable without UI-only coupling.
> - Closed PR #4692 bundled those backend changes with UI workflow,
docs, skills, workflow, and lockfile churn.
> - PAP-2694 asks for a clean backend/control-plane slice from that
closed branch.
> - This branch starts from current `master` and mines only the `cli`,
`packages/db`, `packages/shared`, and `server` contracts/tests needed
for the backend behavior.
> - It explicitly excludes UI workflow/performance work,
`.github/workflows/pr.yml`, `pnpm-lock.yaml`, docs, skills,
package-script, adapter UI build-config, and perf fixture script
changes; the only UI files are fixture/test updates required by the
tightened shared `Company` contract.
> - The benefit is a smaller reviewable PR that preserves the
control-plane fixes while staying under Greptile s 100-file review
limit.
## What Changed
- Added company-scoped attachment-size limits through DB
schema/migrations, shared company portability contracts, CLI
import/export coverage, and server attachment upload enforcement.
- Added productivity review service/API behavior for no-comment streak,
long-active, and high-churn review issues, including request-depth
clamping and issue summary exposure.
- Hardened issue ownership and recovery/control-plane paths: peer-agent
mutation denial, issue tree pause/resume behavior, stranded recovery
origins, and related activity/test coverage.
- Preserved related backend contract updates for routine timestamp
variables and managed agent instruction bundles because they live in
shared/server contracts from the source branch.
- Addressed Greptile feedback by making `Company.attachmentMaxBytes`
non-optional, simplifying review request-depth clamping, fixing the
migration final newline, and enforcing the process-level attachment cap
as the final ceiling for uploads.
- Added minimal company fixtures needed for repo-wide typecheck/build
and kept the PR to 66 changed files with forbidden/non-slice paths
excluded.
## Verification
- `pnpm install --frozen-lockfile`
- `git diff --check origin/master..HEAD`
- `git diff --name-only origin/master..HEAD | wc -l` -> 66 files
- `git diff --name-only origin/master..HEAD -- .github/workflows/pr.yml
pnpm-lock.yaml package.json doc skills .agents scripts
packages/adapters` -> no output
- `pnpm exec vitest run --config vitest.config.ts
packages/shared/src/validators/issue.test.ts
packages/shared/src/routine-variables.test.ts
packages/shared/src/adapter-types.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
cli/src/__tests__/company.test.ts
server/src/__tests__/productivity-review-service.test.ts
server/src/__tests__/issue-tree-control-service.test.ts
server/src/__tests__/issue-tree-control-routes.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
server/src/__tests__/issue-attachment-routes.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts
server/src/__tests__/issues-service.test.ts` -> 12 files, 147 tests
passed
- `pnpm exec vitest run --config vitest.config.ts
cli/src/__tests__/company-delete.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
server/src/__tests__/productivity-review-service.test.ts` -> 3 files, 18
tests passed
- `pnpm exec vitest run --config vitest.config.ts
server/src/__tests__/issue-attachment-routes.test.ts` -> 1 file, 6 tests
passed
- `pnpm --filter @paperclipai/db typecheck && pnpm --filter
@paperclipai/shared typecheck && pnpm --filter @paperclipai/server
typecheck && pnpm --filter paperclipai typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm --filter @paperclipai/ui typecheck && pnpm --filter
@paperclipai/ui build`
## Risks
- Includes migrations `0073_shiny_salo.sql` and
`0074_striped_genesis.sql`; merge ordering matters if another PR adds
migrations first.
- This is intentionally backend-only apart from fixture/test updates
forced by shared type correctness; UI affordances from PR #4692 are not
present here and should land in separate UI slices.
- The worktree install emitted plugin SDK bin-link warnings for unbuilt
plugin packages, but the targeted tests and package typechecks completed
successfully.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected; check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub
workflow. Exact runtime context window was not exposed by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-28 16:46:45 -05:00
|
|
|
attachmentMaxBytes: 10 * 1024 * 1024,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
requireBoardApprovalForNewAgents: false,
|
|
|
|
|
feedbackDataSharingEnabled: false,
|
|
|
|
|
feedbackDataSharingConsentAt: null,
|
|
|
|
|
feedbackDataSharingConsentByUserId: null,
|
|
|
|
|
feedbackDataSharingTermsVersion: null,
|
|
|
|
|
brandColor: "#4f46e5",
|
|
|
|
|
logoAssetId: null,
|
|
|
|
|
logoUrl: null,
|
|
|
|
|
createdAt: new Date("2026-04-03T09:00:00.000Z"),
|
|
|
|
|
updatedAt: recent(10),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "company-paused",
|
|
|
|
|
name: "Launch Ops",
|
|
|
|
|
description: "Paused company for inactive switcher treatment.",
|
|
|
|
|
status: "paused",
|
|
|
|
|
pauseReason: "manual",
|
|
|
|
|
pausedAt: recent(240),
|
|
|
|
|
issuePrefix: "OPS",
|
|
|
|
|
issueCounter: 204,
|
|
|
|
|
budgetMonthlyCents: 90_000,
|
|
|
|
|
spentMonthlyCents: 91_200,
|
[codex] Split backend control-plane QoL slice (#4700)
## Thinking Path
> - Paperclip is the control plane for autonomous AI companies, so
backend task ownership, recovery, review visibility, and company-scoped
limits need to stay enforceable without UI-only coupling.
> - Closed PR #4692 bundled those backend changes with UI workflow,
docs, skills, workflow, and lockfile churn.
> - PAP-2694 asks for a clean backend/control-plane slice from that
closed branch.
> - This branch starts from current `master` and mines only the `cli`,
`packages/db`, `packages/shared`, and `server` contracts/tests needed
for the backend behavior.
> - It explicitly excludes UI workflow/performance work,
`.github/workflows/pr.yml`, `pnpm-lock.yaml`, docs, skills,
package-script, adapter UI build-config, and perf fixture script
changes; the only UI files are fixture/test updates required by the
tightened shared `Company` contract.
> - The benefit is a smaller reviewable PR that preserves the
control-plane fixes while staying under Greptile s 100-file review
limit.
## What Changed
- Added company-scoped attachment-size limits through DB
schema/migrations, shared company portability contracts, CLI
import/export coverage, and server attachment upload enforcement.
- Added productivity review service/API behavior for no-comment streak,
long-active, and high-churn review issues, including request-depth
clamping and issue summary exposure.
- Hardened issue ownership and recovery/control-plane paths: peer-agent
mutation denial, issue tree pause/resume behavior, stranded recovery
origins, and related activity/test coverage.
- Preserved related backend contract updates for routine timestamp
variables and managed agent instruction bundles because they live in
shared/server contracts from the source branch.
- Addressed Greptile feedback by making `Company.attachmentMaxBytes`
non-optional, simplifying review request-depth clamping, fixing the
migration final newline, and enforcing the process-level attachment cap
as the final ceiling for uploads.
- Added minimal company fixtures needed for repo-wide typecheck/build
and kept the PR to 66 changed files with forbidden/non-slice paths
excluded.
## Verification
- `pnpm install --frozen-lockfile`
- `git diff --check origin/master..HEAD`
- `git diff --name-only origin/master..HEAD | wc -l` -> 66 files
- `git diff --name-only origin/master..HEAD -- .github/workflows/pr.yml
pnpm-lock.yaml package.json doc skills .agents scripts
packages/adapters` -> no output
- `pnpm exec vitest run --config vitest.config.ts
packages/shared/src/validators/issue.test.ts
packages/shared/src/routine-variables.test.ts
packages/shared/src/adapter-types.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
cli/src/__tests__/company.test.ts
server/src/__tests__/productivity-review-service.test.ts
server/src/__tests__/issue-tree-control-service.test.ts
server/src/__tests__/issue-tree-control-routes.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
server/src/__tests__/issue-attachment-routes.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts
server/src/__tests__/issues-service.test.ts` -> 12 files, 147 tests
passed
- `pnpm exec vitest run --config vitest.config.ts
cli/src/__tests__/company-delete.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
server/src/__tests__/productivity-review-service.test.ts` -> 3 files, 18
tests passed
- `pnpm exec vitest run --config vitest.config.ts
server/src/__tests__/issue-attachment-routes.test.ts` -> 1 file, 6 tests
passed
- `pnpm --filter @paperclipai/db typecheck && pnpm --filter
@paperclipai/shared typecheck && pnpm --filter @paperclipai/server
typecheck && pnpm --filter paperclipai typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm --filter @paperclipai/ui typecheck && pnpm --filter
@paperclipai/ui build`
## Risks
- Includes migrations `0073_shiny_salo.sql` and
`0074_striped_genesis.sql`; merge ordering matters if another PR adds
migrations first.
- This is intentionally backend-only apart from fixture/test updates
forced by shared type correctness; UI affordances from PR #4692 are not
present here and should land in separate UI slices.
- The worktree install emitted plugin SDK bin-link warnings for unbuilt
plugin packages, but the targeted tests and package typechecks completed
successfully.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected; check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub
workflow. Exact runtime context window was not exposed by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-28 16:46:45 -05:00
|
|
|
attachmentMaxBytes: 10 * 1024 * 1024,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
requireBoardApprovalForNewAgents: true,
|
|
|
|
|
feedbackDataSharingEnabled: false,
|
|
|
|
|
feedbackDataSharingConsentAt: null,
|
|
|
|
|
feedbackDataSharingConsentByUserId: null,
|
|
|
|
|
feedbackDataSharingTermsVersion: null,
|
|
|
|
|
brandColor: "#c2410c",
|
|
|
|
|
logoAssetId: null,
|
|
|
|
|
logoUrl: null,
|
|
|
|
|
createdAt: new Date("2026-04-05T09:00:00.000Z"),
|
|
|
|
|
updatedAt: recent(240),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookAuthSession: AuthSession = {
|
|
|
|
|
session: {
|
|
|
|
|
id: "session-storybook",
|
|
|
|
|
userId: "user-board",
|
|
|
|
|
},
|
|
|
|
|
user: {
|
|
|
|
|
id: "user-board",
|
|
|
|
|
name: "Riley Board",
|
|
|
|
|
email: "riley@paperclip.local",
|
|
|
|
|
image: null,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export const storybookAgents: Agent[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "agent-codex",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
name: "CodexCoder",
|
|
|
|
|
urlKey: "codexcoder",
|
|
|
|
|
role: "engineer",
|
|
|
|
|
title: "Senior Product Engineer",
|
|
|
|
|
icon: "code",
|
|
|
|
|
status: "running",
|
|
|
|
|
reportsTo: "agent-cto",
|
|
|
|
|
capabilities: "Ships full-stack Paperclip product tasks, Storybook coverage, and verification.",
|
|
|
|
|
adapterType: "codex_local",
|
|
|
|
|
adapterConfig: {},
|
|
|
|
|
runtimeConfig: {},
|
|
|
|
|
budgetMonthlyCents: 125_000,
|
|
|
|
|
spentMonthlyCents: 43_200,
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
pausedAt: null,
|
|
|
|
|
permissions: { canCreateAgents: false },
|
|
|
|
|
lastHeartbeatAt: recent(3),
|
|
|
|
|
metadata: null,
|
|
|
|
|
createdAt: recent(12_000),
|
|
|
|
|
updatedAt: recent(3),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "agent-qa",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
name: "QAChecker",
|
|
|
|
|
urlKey: "qachecker",
|
|
|
|
|
role: "qa",
|
|
|
|
|
title: "QA Engineer",
|
|
|
|
|
icon: "shield",
|
|
|
|
|
status: "idle",
|
|
|
|
|
reportsTo: "agent-cto",
|
|
|
|
|
capabilities: "Validates browser flows, acceptance criteria, and release smoke tests.",
|
|
|
|
|
adapterType: "claude_local",
|
|
|
|
|
adapterConfig: {},
|
|
|
|
|
runtimeConfig: {},
|
|
|
|
|
budgetMonthlyCents: 80_000,
|
|
|
|
|
spentMonthlyCents: 18_900,
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
pausedAt: null,
|
|
|
|
|
permissions: { canCreateAgents: false },
|
|
|
|
|
lastHeartbeatAt: recent(24),
|
|
|
|
|
metadata: null,
|
|
|
|
|
createdAt: recent(11_000),
|
|
|
|
|
updatedAt: recent(24),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "agent-cto",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
name: "CTO",
|
|
|
|
|
urlKey: "cto",
|
|
|
|
|
role: "cto",
|
|
|
|
|
title: "CTO",
|
|
|
|
|
icon: "crown",
|
|
|
|
|
status: "active",
|
|
|
|
|
reportsTo: null,
|
|
|
|
|
capabilities: "Reviews architecture, quality gates, and engineering priority tradeoffs.",
|
|
|
|
|
adapterType: "codex_local",
|
|
|
|
|
adapterConfig: {},
|
|
|
|
|
runtimeConfig: {},
|
|
|
|
|
budgetMonthlyCents: 200_000,
|
|
|
|
|
spentMonthlyCents: 54_000,
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
pausedAt: null,
|
|
|
|
|
permissions: { canCreateAgents: true },
|
|
|
|
|
lastHeartbeatAt: recent(41),
|
|
|
|
|
metadata: null,
|
|
|
|
|
createdAt: recent(14_000),
|
|
|
|
|
updatedAt: recent(41),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookAgentMap = new Map(storybookAgents.map((agent) => [agent.id, agent]));
|
|
|
|
|
|
|
|
|
|
export const storybookIssueLabels: IssueLabel[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "label-ui",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
name: "UI",
|
|
|
|
|
color: "#0f766e",
|
|
|
|
|
createdAt: recent(20_000),
|
|
|
|
|
updatedAt: recent(20_000),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "label-docs",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
name: "Design system",
|
|
|
|
|
color: "#f59e0b",
|
|
|
|
|
createdAt: recent(20_000),
|
|
|
|
|
updatedAt: recent(20_000),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "label-backend",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
name: "API",
|
|
|
|
|
color: "#2563eb",
|
|
|
|
|
createdAt: recent(18_000),
|
|
|
|
|
updatedAt: recent(18_000),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "label-risk",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
name: "Risk",
|
|
|
|
|
color: "#dc2626",
|
|
|
|
|
createdAt: recent(16_000),
|
|
|
|
|
updatedAt: recent(16_000),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
const storybookIssueLabelMap = new Map(storybookIssueLabels.map((label) => [label.id, label]));
|
|
|
|
|
|
|
|
|
|
function labelsFor(ids: string[]) {
|
|
|
|
|
return ids.map((id) => storybookIssueLabelMap.get(id)).filter((label): label is IssueLabel => Boolean(label));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export const storybookGoals: Goal[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "goal-company",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
title: "Build Paperclip",
|
|
|
|
|
description: "Make Paperclip the control plane operators trust for autonomous AI companies.",
|
|
|
|
|
level: "company",
|
|
|
|
|
status: "active",
|
|
|
|
|
parentId: null,
|
|
|
|
|
ownerAgentId: "agent-cto",
|
|
|
|
|
createdAt: recent(30_000),
|
|
|
|
|
updatedAt: recent(8),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "goal-board-ux",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
title: "Tighten board operator visibility",
|
|
|
|
|
description: "Every project, goal, and workspace surface should reveal ownership, progress, and runtime state at a glance.",
|
|
|
|
|
level: "team",
|
|
|
|
|
status: "active",
|
|
|
|
|
parentId: "goal-company",
|
|
|
|
|
ownerAgentId: "agent-codex",
|
|
|
|
|
createdAt: recent(19_000),
|
|
|
|
|
updatedAt: recent(18),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "goal-agent-runtime",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
title: "Stabilize agent runtime loops",
|
|
|
|
|
description: "Keep local and isolated workspaces predictable while preserving operator control.",
|
|
|
|
|
level: "team",
|
|
|
|
|
status: "planned",
|
|
|
|
|
parentId: "goal-company",
|
|
|
|
|
ownerAgentId: "agent-cto",
|
|
|
|
|
createdAt: recent(17_500),
|
|
|
|
|
updatedAt: recent(60),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "goal-storybook",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
title: "Complete Storybook review coverage",
|
|
|
|
|
description: "Capture dense board UI states in fixture-backed stories before release review.",
|
|
|
|
|
level: "task",
|
|
|
|
|
status: "active",
|
|
|
|
|
parentId: "goal-board-ux",
|
|
|
|
|
ownerAgentId: "agent-codex",
|
|
|
|
|
createdAt: recent(9_000),
|
|
|
|
|
updatedAt: recent(3),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "goal-budget-safety",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
title: "Enforce spend guardrails",
|
|
|
|
|
description: "Budget hard stops should be visible before they surprise operators.",
|
|
|
|
|
level: "agent",
|
|
|
|
|
status: "achieved",
|
|
|
|
|
parentId: "goal-agent-runtime",
|
|
|
|
|
ownerAgentId: "agent-qa",
|
|
|
|
|
createdAt: recent(12_000),
|
|
|
|
|
updatedAt: recent(120),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "goal-archived-import",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
title: "Retire old import wizard",
|
|
|
|
|
description: "Legacy import wizard work is preserved for audit only.",
|
|
|
|
|
level: "task",
|
|
|
|
|
status: "cancelled",
|
|
|
|
|
parentId: "goal-board-ux",
|
|
|
|
|
ownerAgentId: null,
|
|
|
|
|
createdAt: recent(24_000),
|
|
|
|
|
updatedAt: recent(2_500),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
function createRuntimeService(
|
|
|
|
|
overrides: Partial<WorkspaceRuntimeService> = {},
|
|
|
|
|
): WorkspaceRuntimeService {
|
|
|
|
|
return {
|
|
|
|
|
id: overrides.id ?? "service-storybook",
|
|
|
|
|
companyId: overrides.companyId ?? "company-storybook",
|
|
|
|
|
projectId: overrides.projectId ?? "project-board-ui",
|
|
|
|
|
projectWorkspaceId: overrides.projectWorkspaceId ?? "workspace-board-ui",
|
|
|
|
|
executionWorkspaceId: overrides.executionWorkspaceId ?? "execution-workspace-storybook",
|
|
|
|
|
issueId: overrides.issueId ?? "issue-storybook-1",
|
|
|
|
|
scopeType: overrides.scopeType ?? "execution_workspace",
|
|
|
|
|
scopeId: overrides.scopeId ?? "execution-workspace-storybook",
|
|
|
|
|
serviceName: overrides.serviceName ?? "storybook",
|
|
|
|
|
status: overrides.status ?? "running",
|
|
|
|
|
lifecycle: overrides.lifecycle ?? "ephemeral",
|
|
|
|
|
reuseKey: overrides.reuseKey ?? "storybook",
|
|
|
|
|
command: overrides.command ?? "pnpm storybook",
|
|
|
|
|
cwd: overrides.cwd ?? `${storybookRepoRoot}/ui`,
|
|
|
|
|
port: overrides.port ?? 6006,
|
|
|
|
|
url: overrides.url ?? "http://localhost:6006",
|
|
|
|
|
provider: overrides.provider ?? "local_process",
|
|
|
|
|
providerRef: overrides.providerRef ?? null,
|
|
|
|
|
ownerAgentId: overrides.ownerAgentId ?? "agent-codex",
|
|
|
|
|
startedByRunId: overrides.startedByRunId ?? "run-storybook",
|
|
|
|
|
lastUsedAt: overrides.lastUsedAt ?? recent(4),
|
|
|
|
|
startedAt: overrides.startedAt ?? recent(16),
|
|
|
|
|
stoppedAt: overrides.stoppedAt ?? null,
|
|
|
|
|
stopPolicy: overrides.stopPolicy ?? null,
|
|
|
|
|
healthStatus: overrides.healthStatus ?? "healthy",
|
|
|
|
|
configIndex: overrides.configIndex ?? 0,
|
|
|
|
|
createdAt: overrides.createdAt ?? recent(16),
|
|
|
|
|
updatedAt: overrides.updatedAt ?? recent(4),
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const storybookWorkspaceRuntime = {
|
|
|
|
|
commands: [
|
|
|
|
|
{
|
|
|
|
|
id: "storybook",
|
|
|
|
|
name: "Storybook",
|
|
|
|
|
kind: "service",
|
|
|
|
|
command: "pnpm storybook",
|
|
|
|
|
cwd: "ui",
|
|
|
|
|
lifecycle: "shared",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "typecheck-ui",
|
|
|
|
|
name: "UI typecheck",
|
|
|
|
|
kind: "job",
|
|
|
|
|
command: "pnpm --filter @paperclipai/ui typecheck",
|
|
|
|
|
cwd: ".",
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export const storybookProjectWorkspaces: Project["workspaces"] = [
|
|
|
|
|
{
|
|
|
|
|
id: "workspace-board-ui",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
projectId: "project-board-ui",
|
|
|
|
|
name: "Board UI",
|
|
|
|
|
sourceType: "local_path" as const,
|
|
|
|
|
cwd: `${storybookRepoRoot}/ui`,
|
|
|
|
|
repoUrl: "https://github.com/paperclipai/paperclip",
|
|
|
|
|
repoRef: "master",
|
|
|
|
|
defaultRef: "master",
|
|
|
|
|
visibility: "default" as const,
|
|
|
|
|
setupCommand: "pnpm install",
|
|
|
|
|
cleanupCommand: null,
|
|
|
|
|
remoteProvider: null,
|
|
|
|
|
remoteWorkspaceRef: null,
|
|
|
|
|
sharedWorkspaceKey: "board-ui",
|
|
|
|
|
metadata: null,
|
|
|
|
|
runtimeConfig: {
|
|
|
|
|
workspaceRuntime: storybookWorkspaceRuntime,
|
|
|
|
|
desiredState: "running" as const,
|
|
|
|
|
serviceStates: { storybook: "running" as const },
|
|
|
|
|
},
|
|
|
|
|
isPrimary: true,
|
|
|
|
|
runtimeServices: [createRuntimeService()],
|
|
|
|
|
createdAt: recent(20_000),
|
|
|
|
|
updatedAt: recent(4),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "workspace-docs-remote",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
projectId: "project-board-ui",
|
|
|
|
|
name: "Docs preview sandbox",
|
|
|
|
|
sourceType: "remote_managed",
|
|
|
|
|
cwd: null,
|
|
|
|
|
repoUrl: "https://github.com/paperclipai/paperclip",
|
|
|
|
|
repoRef: "preview/docs-workspaces",
|
|
|
|
|
defaultRef: "master",
|
|
|
|
|
visibility: "advanced",
|
|
|
|
|
setupCommand: "pnpm install",
|
|
|
|
|
cleanupCommand: "pnpm dev:stop",
|
|
|
|
|
remoteProvider: "vercel_sandbox",
|
|
|
|
|
remoteWorkspaceRef: "vcsb_storybook_docs_0420",
|
|
|
|
|
sharedWorkspaceKey: "docs-preview",
|
|
|
|
|
metadata: { region: "iad1", ttlHours: 8 },
|
|
|
|
|
runtimeConfig: {
|
|
|
|
|
workspaceRuntime: {
|
|
|
|
|
commands: [
|
|
|
|
|
{
|
|
|
|
|
id: "docs",
|
|
|
|
|
name: "Docs preview",
|
|
|
|
|
kind: "service",
|
|
|
|
|
command: "pnpm docs:dev",
|
|
|
|
|
cwd: ".",
|
|
|
|
|
lifecycle: "ephemeral",
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
|
|
|
|
desiredState: "stopped",
|
|
|
|
|
serviceStates: { docs: "stopped" },
|
|
|
|
|
},
|
|
|
|
|
isPrimary: false,
|
|
|
|
|
runtimeServices: [
|
|
|
|
|
createRuntimeService({
|
|
|
|
|
id: "service-docs-preview",
|
|
|
|
|
projectWorkspaceId: "workspace-docs-remote",
|
|
|
|
|
executionWorkspaceId: null,
|
|
|
|
|
issueId: "issue-storybook-6",
|
|
|
|
|
scopeType: "project_workspace",
|
|
|
|
|
scopeId: "workspace-docs-remote",
|
|
|
|
|
serviceName: "docs",
|
|
|
|
|
status: "stopped",
|
|
|
|
|
lifecycle: "ephemeral",
|
|
|
|
|
reuseKey: "docs-preview",
|
|
|
|
|
command: "pnpm docs:dev",
|
|
|
|
|
cwd: null,
|
|
|
|
|
port: 4173,
|
|
|
|
|
url: "https://paperclip-docs-preview.vercel.app",
|
|
|
|
|
healthStatus: "unknown",
|
|
|
|
|
lastUsedAt: recent(48),
|
|
|
|
|
startedAt: recent(72),
|
|
|
|
|
stoppedAt: recent(46),
|
|
|
|
|
createdAt: recent(72),
|
|
|
|
|
updatedAt: recent(46),
|
|
|
|
|
}),
|
|
|
|
|
],
|
|
|
|
|
createdAt: recent(2_000),
|
|
|
|
|
updatedAt: recent(46),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "workspace-release-local",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
projectId: "project-board-ui",
|
|
|
|
|
name: "Release smoke local checkout",
|
|
|
|
|
sourceType: "local_path",
|
|
|
|
|
cwd: `${storybookWorkspaceRoot}/release-smoke`,
|
|
|
|
|
repoUrl: "https://github.com/paperclipai/paperclip",
|
|
|
|
|
repoRef: "release/smoke-2026-04-20",
|
|
|
|
|
defaultRef: "master",
|
|
|
|
|
visibility: "advanced",
|
|
|
|
|
setupCommand: "pnpm install",
|
|
|
|
|
cleanupCommand: "pnpm dev:stop",
|
|
|
|
|
remoteProvider: null,
|
|
|
|
|
remoteWorkspaceRef: null,
|
|
|
|
|
sharedWorkspaceKey: "release-smoke",
|
|
|
|
|
metadata: null,
|
|
|
|
|
runtimeConfig: {
|
|
|
|
|
workspaceRuntime: {
|
|
|
|
|
commands: [
|
|
|
|
|
{
|
|
|
|
|
id: "release-smoke",
|
|
|
|
|
name: "Release smoke",
|
|
|
|
|
kind: "job",
|
|
|
|
|
command: "pnpm test:release-smoke",
|
|
|
|
|
cwd: ".",
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
|
|
|
|
desiredState: "stopped",
|
|
|
|
|
serviceStates: null,
|
|
|
|
|
},
|
|
|
|
|
isPrimary: false,
|
|
|
|
|
runtimeServices: [],
|
|
|
|
|
createdAt: recent(7_200),
|
|
|
|
|
updatedAt: recent(90),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookExecutionWorkspaces: ExecutionWorkspace[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "execution-workspace-storybook",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
projectId: "project-board-ui",
|
|
|
|
|
projectWorkspaceId: "workspace-board-ui",
|
|
|
|
|
sourceIssueId: "issue-storybook-1",
|
|
|
|
|
mode: "isolated_workspace",
|
|
|
|
|
strategyType: "git_worktree",
|
|
|
|
|
name: "PAP-1641 storybook worktree",
|
|
|
|
|
status: "active",
|
|
|
|
|
cwd: `${storybookWorktreeRoot}/PAP-1641-create-super-detailed-storybooks-for-our-project`,
|
|
|
|
|
repoUrl: "https://github.com/paperclipai/paperclip",
|
|
|
|
|
baseRef: "master",
|
|
|
|
|
branchName: "PAP-1641-create-super-detailed-storybooks-for-our-project",
|
|
|
|
|
providerType: "git_worktree",
|
|
|
|
|
providerRef: null,
|
|
|
|
|
derivedFromExecutionWorkspaceId: null,
|
|
|
|
|
lastUsedAt: recent(3),
|
|
|
|
|
openedAt: recent(90),
|
|
|
|
|
closedAt: null,
|
|
|
|
|
cleanupEligibleAt: null,
|
|
|
|
|
cleanupReason: null,
|
|
|
|
|
config: null,
|
|
|
|
|
metadata: null,
|
|
|
|
|
runtimeServices: storybookProjectWorkspaces[0]!.runtimeServices,
|
|
|
|
|
createdAt: recent(90),
|
|
|
|
|
updatedAt: recent(3),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "execution-workspace-cleanup",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
projectId: "project-board-ui",
|
|
|
|
|
projectWorkspaceId: "workspace-release-local",
|
|
|
|
|
sourceIssueId: "issue-storybook-8",
|
|
|
|
|
mode: "isolated_workspace",
|
|
|
|
|
strategyType: "git_worktree",
|
|
|
|
|
name: "PAP-1608 release smoke cleanup",
|
|
|
|
|
status: "cleanup_failed",
|
|
|
|
|
cwd: `${storybookWorktreeRoot}/PAP-1608-release-smoke-cleanup`,
|
|
|
|
|
repoUrl: "https://github.com/paperclipai/paperclip",
|
|
|
|
|
baseRef: "master",
|
|
|
|
|
branchName: "PAP-1608-release-smoke-cleanup",
|
|
|
|
|
providerType: "git_worktree",
|
|
|
|
|
providerRef: null,
|
|
|
|
|
derivedFromExecutionWorkspaceId: null,
|
|
|
|
|
lastUsedAt: recent(120),
|
|
|
|
|
openedAt: recent(260),
|
|
|
|
|
closedAt: recent(118),
|
|
|
|
|
cleanupEligibleAt: recent(115),
|
|
|
|
|
cleanupReason: "release smoke finished but the local worktree still has generated artifacts",
|
|
|
|
|
config: {
|
|
|
|
|
provisionCommand: null,
|
|
|
|
|
teardownCommand: "pnpm dev:stop && rm -rf ui/storybook-static",
|
|
|
|
|
cleanupCommand: null,
|
|
|
|
|
workspaceRuntime: storybookWorkspaceRuntime,
|
|
|
|
|
desiredState: "stopped",
|
|
|
|
|
serviceStates: { storybook: "stopped" },
|
|
|
|
|
},
|
|
|
|
|
metadata: { dirtyEntryCount: 3 },
|
|
|
|
|
runtimeServices: [
|
|
|
|
|
createRuntimeService({
|
|
|
|
|
id: "service-cleanup-storybook",
|
|
|
|
|
projectWorkspaceId: "workspace-release-local",
|
|
|
|
|
executionWorkspaceId: "execution-workspace-cleanup",
|
|
|
|
|
issueId: "issue-storybook-8",
|
|
|
|
|
scopeId: "execution-workspace-cleanup",
|
|
|
|
|
status: "failed",
|
|
|
|
|
healthStatus: "unhealthy",
|
|
|
|
|
url: "http://localhost:6007",
|
|
|
|
|
port: 6007,
|
|
|
|
|
lastUsedAt: recent(130),
|
|
|
|
|
startedAt: recent(210),
|
|
|
|
|
stoppedAt: recent(125),
|
|
|
|
|
updatedAt: recent(120),
|
|
|
|
|
}),
|
|
|
|
|
],
|
|
|
|
|
createdAt: recent(260),
|
|
|
|
|
updatedAt: recent(120),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
function createProject(overrides: Partial<Project> = {}): Project {
|
|
|
|
|
const id = overrides.id ?? "project-board-ui";
|
|
|
|
|
return {
|
|
|
|
|
id,
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
urlKey: "board-ui",
|
|
|
|
|
goalId: "goal-company",
|
|
|
|
|
goalIds: ["goal-company", "goal-board-ux"],
|
|
|
|
|
goals: storybookGoals
|
|
|
|
|
.filter((goal) => goal.id === "goal-company" || goal.id === "goal-board-ux")
|
|
|
|
|
.map(({ id, title }) => ({ id, title })),
|
|
|
|
|
name: "Board UI",
|
|
|
|
|
description: "Navigation, command, and operator layout polish.",
|
|
|
|
|
status: "in_progress",
|
|
|
|
|
leadAgentId: "agent-codex",
|
|
|
|
|
targetDate: "2026-04-30",
|
|
|
|
|
color: "#0f766e",
|
|
|
|
|
env: null,
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
pausedAt: null,
|
|
|
|
|
executionWorkspacePolicy: {
|
|
|
|
|
enabled: true,
|
|
|
|
|
defaultMode: "isolated_workspace",
|
|
|
|
|
allowIssueOverride: true,
|
|
|
|
|
defaultProjectWorkspaceId: "workspace-board-ui",
|
|
|
|
|
workspaceStrategy: {
|
|
|
|
|
type: "git_worktree",
|
|
|
|
|
baseRef: "master",
|
|
|
|
|
branchTemplate: "{issueIdentifier}-{slug}",
|
|
|
|
|
worktreeParentDir: storybookWorktreeRoot,
|
|
|
|
|
provisionCommand: null,
|
|
|
|
|
teardownCommand: null,
|
|
|
|
|
},
|
|
|
|
|
workspaceRuntime: null,
|
|
|
|
|
branchPolicy: null,
|
|
|
|
|
pullRequestPolicy: null,
|
|
|
|
|
runtimePolicy: null,
|
|
|
|
|
cleanupPolicy: null,
|
|
|
|
|
},
|
|
|
|
|
codebase: {
|
|
|
|
|
workspaceId: "workspace-board-ui",
|
|
|
|
|
repoUrl: "https://github.com/paperclipai/paperclip",
|
|
|
|
|
repoRef: "master",
|
|
|
|
|
defaultRef: "master",
|
|
|
|
|
repoName: "paperclip",
|
|
|
|
|
localFolder: storybookRepoRoot,
|
|
|
|
|
managedFolder: ".paperclip/worktrees/storybook",
|
|
|
|
|
effectiveLocalFolder: storybookRepoRoot,
|
|
|
|
|
origin: "local_folder",
|
|
|
|
|
},
|
|
|
|
|
workspaces: storybookProjectWorkspaces,
|
|
|
|
|
primaryWorkspace: storybookProjectWorkspaces[0]!,
|
|
|
|
|
archivedAt: null,
|
|
|
|
|
createdAt: recent(18_000),
|
|
|
|
|
updatedAt: recent(12),
|
|
|
|
|
...overrides,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export const storybookProjects: Project[] = [
|
|
|
|
|
createProject(),
|
|
|
|
|
createProject({
|
|
|
|
|
id: "project-runtime",
|
|
|
|
|
urlKey: "agent-runtime",
|
|
|
|
|
name: "Agent Runtime",
|
|
|
|
|
description: "Heartbeat, adapters, and execution trace work.",
|
|
|
|
|
status: "planned",
|
|
|
|
|
leadAgentId: "agent-cto",
|
|
|
|
|
color: "#2563eb",
|
|
|
|
|
updatedAt: recent(60),
|
|
|
|
|
}),
|
|
|
|
|
createProject({
|
|
|
|
|
id: "project-budget",
|
|
|
|
|
urlKey: "budget-guardrails",
|
|
|
|
|
name: "Budget Guardrails",
|
|
|
|
|
description: "Hard-stop and approval flow review surfaces.",
|
|
|
|
|
status: "in_progress",
|
|
|
|
|
leadAgentId: "agent-qa",
|
|
|
|
|
color: "#f59e0b",
|
|
|
|
|
pauseReason: "budget",
|
|
|
|
|
pausedAt: recent(90),
|
|
|
|
|
updatedAt: recent(90),
|
|
|
|
|
}),
|
|
|
|
|
createProject({
|
|
|
|
|
id: "project-archived-import",
|
|
|
|
|
urlKey: "archived-import-wizard",
|
|
|
|
|
name: "Archived Import Wizard",
|
|
|
|
|
description: "Preserved for audit after the import workflow moved into company packages.",
|
|
|
|
|
status: "cancelled",
|
|
|
|
|
leadAgentId: null,
|
|
|
|
|
goalId: "goal-archived-import",
|
|
|
|
|
goalIds: ["goal-archived-import"],
|
|
|
|
|
goals: [{ id: "goal-archived-import", title: "Retire old import wizard" }],
|
|
|
|
|
color: "#64748b",
|
|
|
|
|
workspaces: [],
|
|
|
|
|
primaryWorkspace: null,
|
|
|
|
|
codebase: {
|
|
|
|
|
workspaceId: null,
|
|
|
|
|
repoUrl: null,
|
|
|
|
|
repoRef: null,
|
|
|
|
|
defaultRef: null,
|
|
|
|
|
repoName: null,
|
|
|
|
|
localFolder: null,
|
|
|
|
|
managedFolder: "",
|
|
|
|
|
effectiveLocalFolder: "Not configured",
|
|
|
|
|
origin: "local_folder",
|
|
|
|
|
},
|
|
|
|
|
executionWorkspacePolicy: {
|
|
|
|
|
enabled: false,
|
|
|
|
|
defaultMode: "shared_workspace",
|
|
|
|
|
allowIssueOverride: false,
|
|
|
|
|
defaultProjectWorkspaceId: null,
|
|
|
|
|
workspaceStrategy: null,
|
|
|
|
|
workspaceRuntime: null,
|
|
|
|
|
branchPolicy: null,
|
|
|
|
|
pullRequestPolicy: null,
|
|
|
|
|
runtimePolicy: null,
|
|
|
|
|
cleanupPolicy: null,
|
|
|
|
|
},
|
|
|
|
|
archivedAt: recent(2_400),
|
|
|
|
|
updatedAt: recent(2_400),
|
|
|
|
|
}),
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export function createIssue(overrides: Partial<Issue> = {}): Issue {
|
|
|
|
|
return {
|
|
|
|
|
id: "issue-storybook-1",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
projectId: "project-board-ui",
|
|
|
|
|
projectWorkspaceId: "workspace-board-ui",
|
|
|
|
|
goalId: "goal-company",
|
|
|
|
|
parentId: null,
|
|
|
|
|
title: "Create super-detailed storybooks for the project",
|
|
|
|
|
description: "Set up Storybook and move UX review surfaces into stories.",
|
|
|
|
|
status: "in_progress",
|
|
|
|
|
priority: "high",
|
|
|
|
|
assigneeAgentId: "agent-codex",
|
|
|
|
|
assigneeUserId: null,
|
|
|
|
|
checkoutRunId: "run-storybook",
|
|
|
|
|
executionRunId: "run-storybook",
|
|
|
|
|
executionAgentNameKey: "codexcoder",
|
|
|
|
|
executionLockedAt: recent(28),
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
issueNumber: 1641,
|
|
|
|
|
identifier: "PAP-1641",
|
|
|
|
|
requestDepth: 0,
|
|
|
|
|
billingCode: "product",
|
|
|
|
|
assigneeAdapterOverrides: null,
|
|
|
|
|
executionWorkspaceId: "execution-workspace-storybook",
|
|
|
|
|
executionWorkspacePreference: "project",
|
|
|
|
|
executionWorkspaceSettings: null,
|
|
|
|
|
startedAt: recent(28),
|
|
|
|
|
completedAt: null,
|
|
|
|
|
cancelledAt: null,
|
|
|
|
|
hiddenAt: null,
|
|
|
|
|
labelIds: ["label-ui", "label-docs"],
|
|
|
|
|
labels: labelsFor(["label-ui", "label-docs"]),
|
|
|
|
|
blockedBy: [],
|
|
|
|
|
blocks: [],
|
|
|
|
|
planDocument: null,
|
|
|
|
|
documentSummaries: [],
|
|
|
|
|
legacyPlanDocument: null,
|
|
|
|
|
project: storybookProjects[0]!,
|
|
|
|
|
goal: null,
|
|
|
|
|
currentExecutionWorkspace: storybookExecutionWorkspaces[0]!,
|
|
|
|
|
workProducts: [],
|
|
|
|
|
mentionedProjects: [],
|
|
|
|
|
myLastTouchAt: recent(8),
|
|
|
|
|
lastExternalCommentAt: recent(70),
|
|
|
|
|
lastActivityAt: recent(3),
|
|
|
|
|
isUnreadForMe: true,
|
|
|
|
|
createdAt: recent(90),
|
|
|
|
|
updatedAt: recent(3),
|
|
|
|
|
...overrides,
|
Add planning mode for issue work (#5353)
## Thinking Path
> - Paperclip is a control plane for autonomous AI companies.
> - Issues are the core unit of work, and issue comments are how board
users and agents coordinate execution.
> - Some issue conversations need to produce plans and approvals instead
of immediate implementation work.
> - The existing issue contract did not distinguish standard execution
comments from planning-oriented issue work.
> - This pull request adds an issue work-mode contract and board UI
affordances for standard vs planning mode.
> - The benefit is that planning-mode issues can be created, displayed,
discussed, and carried through agent heartbeat context without losing
the normal issue workflow.
## What Changed
- Added `standard` / `planning` issue work-mode contracts across DB,
shared validators/types, server issue flows, plugin protocol, and
adapter heartbeat payloads.
- Added an idempotent `0081_optimal_dormammu` migration for
`issues.work_mode`, ordered after current `public-gh/master` migrations.
- Updated heartbeat/context summaries and issue-thread interaction
behavior so planning work mode is preserved when creating suggested
follow-up issues.
- Added UI support for planning-mode issue creation, issue rows, detail
composer styling, and composer work-mode toggles.
- Added focused server/shared/UI tests plus a Playwright visual
verification spec for planning-mode surfaces.
- Rebased the branch onto current `public-gh/master` and added durable
planning-mode screenshots under `doc/assets/pap-3368/`.
## Verification
- `pnpm --filter @paperclipai/db run check:migrations`
- `pnpm exec vitest run --project @paperclipai/shared
packages/shared/src/validators/issue.test.ts`
- `pnpm exec vitest run --project @paperclipai/server
server/src/__tests__/heartbeat-context-summary.test.ts
server/src/__tests__/issue-thread-interactions-service.test.ts
server/src/__tests__/issues-goal-context-routes.test.ts --pool=forks
--poolOptions.forks.isolate=true`
- `pnpm exec vitest run --project @paperclipai/ui
ui/src/components/IssueChatThread.test.tsx
ui/src/components/NewIssueDialog.test.tsx
ui/src/components/IssueRow.test.tsx ui/src/pages/IssueDetail.test.tsx`
- `pnpm exec vitest run --project @paperclipai/adapter-utils
packages/adapter-utils/src/server-utils.test.ts`
- `PAPERCLIP_E2E_SKIP_LLM=true npx playwright test --config
tests/e2e/playwright.config.ts
tests/e2e/planning-mode-visual-verification.spec.ts`
## Screenshots
Desktop planning detail:
Desktop planning row:
Desktop staged standard toggle:
Mobile planning detail:
Mobile planning row:
## Risks
- Medium migration risk: this adds a non-null issue column. The
migration uses `ADD COLUMN IF NOT EXISTS` so installations that applied
an older branch-local migration number can still apply the final
numbered migration safely.
- Medium contract risk: issue payloads, plugin payloads, and adapter
heartbeat payloads now include work mode; compatibility is handled by
defaulting missing values to `standard`.
- UI risk is moderate because composer controls changed; focused
component tests and visual e2e coverage exercise standard vs planning
display and toggle behavior.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent in a local Paperclip worktree, with
shell/tool use. Exact context-window size is not exposed in this
runtime.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-06 07:01:28 -05:00
|
|
|
workMode: overrides.workMode ?? "standard",
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export const storybookIssues: Issue[] = [
|
|
|
|
|
createIssue(),
|
|
|
|
|
createIssue({
|
|
|
|
|
id: "issue-storybook-2",
|
|
|
|
|
title: "Add budget hard-stop incident review",
|
|
|
|
|
description: "Trace why a hard stop paused the agent and add a board-facing incident summary.",
|
|
|
|
|
status: "blocked",
|
|
|
|
|
priority: "critical",
|
|
|
|
|
assigneeAgentId: "agent-qa",
|
|
|
|
|
checkoutRunId: null,
|
|
|
|
|
executionRunId: null,
|
|
|
|
|
executionLockedAt: null,
|
|
|
|
|
startedAt: null,
|
|
|
|
|
identifier: "PAP-1528",
|
|
|
|
|
issueNumber: 1528,
|
|
|
|
|
billingCode: "reliability",
|
|
|
|
|
projectId: "project-budget",
|
|
|
|
|
projectWorkspaceId: null,
|
|
|
|
|
labelIds: ["label-risk", "label-backend"],
|
|
|
|
|
labels: labelsFor(["label-risk", "label-backend"]),
|
|
|
|
|
blockedBy: [
|
|
|
|
|
{
|
|
|
|
|
id: "issue-storybook-7",
|
|
|
|
|
identifier: "PAP-1591",
|
|
|
|
|
title: "Confirm project budget override policy",
|
|
|
|
|
status: "in_review",
|
|
|
|
|
priority: "high",
|
|
|
|
|
assigneeAgentId: null,
|
|
|
|
|
assigneeUserId: "user-board",
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
lastActivityAt: recent(18),
|
|
|
|
|
}),
|
|
|
|
|
createIssue({
|
|
|
|
|
id: "issue-storybook-3",
|
|
|
|
|
title: "QA invite flow on authenticated private mode",
|
|
|
|
|
status: "in_review",
|
|
|
|
|
priority: "medium",
|
|
|
|
|
assigneeAgentId: null,
|
|
|
|
|
assigneeUserId: "user-board",
|
|
|
|
|
checkoutRunId: null,
|
|
|
|
|
executionRunId: null,
|
|
|
|
|
executionLockedAt: null,
|
|
|
|
|
identifier: "PAP-1602",
|
|
|
|
|
issueNumber: 1602,
|
|
|
|
|
completedAt: null,
|
|
|
|
|
lastActivityAt: recent(49),
|
|
|
|
|
isUnreadForMe: false,
|
|
|
|
|
}),
|
|
|
|
|
createIssue({
|
|
|
|
|
id: "issue-storybook-4",
|
|
|
|
|
parentId: "issue-storybook-1",
|
|
|
|
|
title: "Extract issue row density fixtures",
|
|
|
|
|
description: "Create fixture-backed rows for unread, selected, nested, and grouped issue management views.",
|
|
|
|
|
status: "todo",
|
|
|
|
|
priority: "medium",
|
|
|
|
|
assigneeAgentId: "agent-codex",
|
|
|
|
|
checkoutRunId: null,
|
|
|
|
|
executionRunId: null,
|
|
|
|
|
executionLockedAt: null,
|
|
|
|
|
startedAt: null,
|
|
|
|
|
identifier: "PAP-1668",
|
|
|
|
|
issueNumber: 1668,
|
|
|
|
|
labelIds: ["label-ui"],
|
|
|
|
|
labels: labelsFor(["label-ui"]),
|
|
|
|
|
lastActivityAt: recent(31),
|
|
|
|
|
isUnreadForMe: true,
|
|
|
|
|
}),
|
|
|
|
|
createIssue({
|
|
|
|
|
id: "issue-storybook-5",
|
|
|
|
|
parentId: "issue-storybook-1",
|
|
|
|
|
title: "Review document editor empty states",
|
|
|
|
|
description: "Validate plan and notes documents in issue detail before handing the Storybook preview to QA.",
|
|
|
|
|
status: "done",
|
|
|
|
|
priority: "low",
|
|
|
|
|
assigneeAgentId: "agent-qa",
|
|
|
|
|
checkoutRunId: null,
|
|
|
|
|
executionRunId: "run-storybook-qa",
|
|
|
|
|
executionLockedAt: null,
|
|
|
|
|
completedAt: recent(22),
|
|
|
|
|
identifier: "PAP-1669",
|
|
|
|
|
issueNumber: 1669,
|
|
|
|
|
labelIds: ["label-docs"],
|
|
|
|
|
labels: labelsFor(["label-docs"]),
|
|
|
|
|
lastActivityAt: recent(22),
|
|
|
|
|
isUnreadForMe: false,
|
|
|
|
|
}),
|
|
|
|
|
createIssue({
|
|
|
|
|
id: "issue-storybook-6",
|
|
|
|
|
title: "Publish static Storybook preview",
|
|
|
|
|
description: "Build the static preview and attach the generated artifact to the parent issue.",
|
|
|
|
|
status: "todo",
|
|
|
|
|
priority: "high",
|
|
|
|
|
assigneeAgentId: null,
|
|
|
|
|
assigneeUserId: null,
|
|
|
|
|
checkoutRunId: null,
|
|
|
|
|
executionRunId: null,
|
|
|
|
|
executionLockedAt: null,
|
|
|
|
|
startedAt: null,
|
|
|
|
|
identifier: "PAP-1670",
|
|
|
|
|
issueNumber: 1670,
|
|
|
|
|
labelIds: ["label-ui", "label-risk"],
|
|
|
|
|
labels: labelsFor(["label-ui", "label-risk"]),
|
|
|
|
|
lastActivityAt: recent(64),
|
|
|
|
|
isUnreadForMe: false,
|
|
|
|
|
}),
|
|
|
|
|
createIssue({
|
|
|
|
|
id: "issue-storybook-7",
|
|
|
|
|
title: "Confirm project budget override policy",
|
|
|
|
|
description: "Board review needed before increasing the project budget for long-running browser verification.",
|
|
|
|
|
status: "in_review",
|
|
|
|
|
priority: "high",
|
|
|
|
|
assigneeAgentId: null,
|
|
|
|
|
assigneeUserId: "user-board",
|
|
|
|
|
checkoutRunId: null,
|
|
|
|
|
executionRunId: null,
|
|
|
|
|
executionLockedAt: null,
|
|
|
|
|
startedAt: null,
|
|
|
|
|
identifier: "PAP-1591",
|
|
|
|
|
issueNumber: 1591,
|
|
|
|
|
billingCode: "governance",
|
|
|
|
|
projectId: "project-budget",
|
|
|
|
|
projectWorkspaceId: null,
|
|
|
|
|
labelIds: ["label-risk"],
|
|
|
|
|
labels: labelsFor(["label-risk"]),
|
|
|
|
|
lastActivityAt: recent(85),
|
|
|
|
|
isUnreadForMe: false,
|
|
|
|
|
}),
|
|
|
|
|
createIssue({
|
|
|
|
|
id: "issue-storybook-8",
|
|
|
|
|
title: "Clean up release smoke worktree",
|
|
|
|
|
description: "Close the isolated release smoke workspace after static preview review.",
|
|
|
|
|
status: "blocked",
|
|
|
|
|
priority: "medium",
|
|
|
|
|
assigneeAgentId: "agent-codex",
|
|
|
|
|
checkoutRunId: null,
|
|
|
|
|
executionRunId: "run-release-smoke-cleanup",
|
|
|
|
|
executionLockedAt: null,
|
|
|
|
|
startedAt: recent(260),
|
|
|
|
|
identifier: "PAP-1608",
|
|
|
|
|
issueNumber: 1608,
|
|
|
|
|
projectId: "project-board-ui",
|
|
|
|
|
projectWorkspaceId: "workspace-release-local",
|
|
|
|
|
executionWorkspaceId: "execution-workspace-cleanup",
|
|
|
|
|
labelIds: ["label-ui", "label-risk"],
|
|
|
|
|
labels: labelsFor(["label-ui", "label-risk"]),
|
|
|
|
|
lastActivityAt: recent(120),
|
|
|
|
|
isUnreadForMe: false,
|
|
|
|
|
}),
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookIssueDocuments: IssueDocument[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "document-plan-storybook",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
issueId: "issue-storybook-1",
|
|
|
|
|
key: "plan",
|
|
|
|
|
title: "Plan",
|
|
|
|
|
format: "markdown",
|
|
|
|
|
body: [
|
|
|
|
|
"# Plan",
|
|
|
|
|
"",
|
|
|
|
|
"- Add issue-management stories for list, filters, detail, documents, runs, and workspace cards.",
|
|
|
|
|
"- Use existing product components instead of mock-only approximations.",
|
|
|
|
|
"- Verify the Storybook build after the fixture expansion.",
|
|
|
|
|
].join("\n"),
|
|
|
|
|
latestRevisionId: "revision-plan-3",
|
|
|
|
|
latestRevisionNumber: 3,
|
|
|
|
|
createdByAgentId: "agent-codex",
|
|
|
|
|
createdByUserId: null,
|
|
|
|
|
updatedByAgentId: "agent-codex",
|
|
|
|
|
updatedByUserId: null,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
createdAt: recent(80),
|
|
|
|
|
updatedAt: recent(8),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "document-notes-storybook",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
issueId: "issue-storybook-1",
|
|
|
|
|
key: "notes",
|
|
|
|
|
title: "Review Notes",
|
|
|
|
|
format: "markdown",
|
|
|
|
|
body: [
|
|
|
|
|
"# Review Notes",
|
|
|
|
|
"",
|
|
|
|
|
"- The issue list needs group headers and dense trailing columns.",
|
|
|
|
|
"- The filters popover should show selected status, priority, and assignee filters.",
|
|
|
|
|
"- Workspace copy must expose branch, path, and runtime status.",
|
|
|
|
|
].join("\n"),
|
|
|
|
|
latestRevisionId: "revision-notes-1",
|
|
|
|
|
latestRevisionNumber: 1,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
updatedByAgentId: null,
|
|
|
|
|
updatedByUserId: "user-board",
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
createdAt: recent(55),
|
|
|
|
|
updatedAt: recent(12),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookContinuationHandoff: IssueDocument = {
|
|
|
|
|
id: "document-continuation-storybook",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
issueId: "issue-storybook-1",
|
|
|
|
|
key: "continuation_summary",
|
|
|
|
|
title: "Continuation handoff",
|
|
|
|
|
format: "markdown",
|
|
|
|
|
body: [
|
|
|
|
|
"Current state: issue-management stories have the fixture surface mapped.",
|
|
|
|
|
"",
|
|
|
|
|
"Next action: run the Storybook build, inspect the issue management story, then request QA visual review if the build passes.",
|
|
|
|
|
"",
|
|
|
|
|
"Important files: `ui/storybook/stories/issue-management.stories.tsx` and `ui/storybook/fixtures/paperclipData.ts`.",
|
|
|
|
|
].join("\n"),
|
|
|
|
|
latestRevisionId: "revision-continuation-1",
|
|
|
|
|
latestRevisionNumber: 1,
|
|
|
|
|
createdByAgentId: "agent-codex",
|
|
|
|
|
createdByUserId: null,
|
|
|
|
|
updatedByAgentId: "agent-codex",
|
|
|
|
|
updatedByUserId: null,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
[codex] add comprehensive UI Storybook coverage (#4132)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The board UI is the main operator surface, so its component and
workflow coverage needs to stay reviewable as the product grows.
> - This branch adds Storybook as a dedicated UI reference surface for
core Paperclip screens and interaction patterns.
> - That work spans Storybook infrastructure, app-level provider wiring,
and a large fixture set that can render real control-plane states
without a live backend.
> - The branch also expands coverage across agents, budgets, issues,
chat, dialogs, navigation, projects, and data visualization so future UI
changes have a concrete visual baseline.
> - This pull request packages that Storybook work on top of the latest
`master`, excludes the lockfile from the final diff per repo policy, and
fixes one fixture contract drift caught during verification.
> - The benefit is a single reviewable PR that adds broad UI
documentation and regression-surfacing coverage without losing the
existing branch work.
## What Changed
- Added Storybook 10 wiring for the UI package, including root scripts,
UI package scripts, Storybook config, preview wrappers, Tailwind
entrypoints, and setup docs.
- Added a large fixture-backed data source for Storybook so complex
board states can render without a live server.
- Added story suites covering foundations, status language,
control-plane surfaces, overview, UX labs, agent management, budget and
finance, forms and editors, issue management, navigation and layout,
chat and comments, data visualization, dialogs and modals, and
projects/goals/workspaces.
- Adjusted several UI components for Storybook parity so dialogs, menus,
keyboard shortcuts, budget markers, markdown editing, and related
surfaces render correctly in isolation.
- Rebasing work for PR assembly: replayed the branch onto current
`master`, removed `pnpm-lock.yaml` from the final PR diff, and aligned
the dashboard fixture with the current `DashboardSummary.runActivity`
API contract.
## Verification
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/ui build-storybook`
- Manual diff audit after rebase: verified the PR no longer includes
`pnpm-lock.yaml` and now cleanly targets current `master`.
- Before/after UI note: before this branch there was no dedicated
Storybook surface for these Paperclip views; after this branch the local
Storybook build includes the new overview and domain story suites in
`ui/storybook-static`.
## Risks
- Large static fixture files can drift from shared types as dashboard
and UI contracts evolve; this PR already needed one fixture correction
for `runActivity`.
- Storybook bundle output includes some large chunks, so future growth
may need chunking work if build performance becomes an issue.
- Several component tweaks were made for isolated rendering parity, so
reviewers should spot-check key board surfaces against the live app
behavior.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Paperclip harness; exact
serving model ID is not exposed in-runtime to the agent.
- Tool-assisted workflow with terminal execution, git operations, local
typecheck/build verification, and GitHub CLI PR creation.
- Context window/reasoning mode not surfaced by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 12:13:23 -05:00
|
|
|
createdAt: recent(18),
|
|
|
|
|
updatedAt: recent(5),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export const storybookIssueRuns: RunForIssue[] = [
|
|
|
|
|
{
|
|
|
|
|
runId: "run-storybook",
|
|
|
|
|
status: "running",
|
|
|
|
|
agentId: "agent-codex",
|
|
|
|
|
adapterType: "codex_local",
|
|
|
|
|
startedAt: recent(28).toISOString(),
|
|
|
|
|
finishedAt: null,
|
|
|
|
|
createdAt: recent(28).toISOString(),
|
|
|
|
|
invocationSource: "manual",
|
|
|
|
|
usageJson: { costCents: 142, inputTokens: 38400, outputTokens: 7200 },
|
|
|
|
|
resultJson: null,
|
|
|
|
|
logBytes: 62_400,
|
|
|
|
|
livenessState: null,
|
|
|
|
|
livenessReason: null,
|
|
|
|
|
continuationAttempt: 1,
|
|
|
|
|
lastUsefulActionAt: recent(3).toISOString(),
|
|
|
|
|
nextAction: "Finish the issue-management Storybook and verify the static build.",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
runId: "run-storybook-qa",
|
|
|
|
|
status: "succeeded",
|
|
|
|
|
agentId: "agent-qa",
|
|
|
|
|
adapterType: "claude_local",
|
|
|
|
|
startedAt: recent(110).toISOString(),
|
|
|
|
|
finishedAt: recent(94).toISOString(),
|
|
|
|
|
createdAt: recent(110).toISOString(),
|
|
|
|
|
invocationSource: "manual",
|
|
|
|
|
usageJson: { costCents: 38, inputTokens: 12200, outputTokens: 1900 },
|
|
|
|
|
resultJson: { stopReason: "completed" },
|
|
|
|
|
logBytes: 18_400,
|
|
|
|
|
livenessState: "advanced",
|
|
|
|
|
livenessReason: "Verified the document editor empty state and left concrete screenshot notes.",
|
|
|
|
|
continuationAttempt: 0,
|
|
|
|
|
lastUsefulActionAt: recent(96).toISOString(),
|
|
|
|
|
nextAction: "Re-run after final story fixture additions land.",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
runId: "run-storybook-plan",
|
|
|
|
|
status: "succeeded",
|
|
|
|
|
agentId: "agent-codex",
|
|
|
|
|
adapterType: "codex_local",
|
|
|
|
|
startedAt: recent(210).toISOString(),
|
|
|
|
|
finishedAt: recent(196).toISOString(),
|
|
|
|
|
createdAt: recent(210).toISOString(),
|
|
|
|
|
invocationSource: "scheduler",
|
|
|
|
|
usageJson: { costCents: 24, inputTokens: 9100, outputTokens: 1100 },
|
|
|
|
|
resultJson: { stopReason: "completed" },
|
|
|
|
|
logBytes: 9800,
|
|
|
|
|
livenessState: "plan_only",
|
|
|
|
|
livenessReason: "Identified Storybook coverage gaps but did not edit files in that run.",
|
|
|
|
|
continuationAttempt: 0,
|
|
|
|
|
lastUsefulActionAt: null,
|
|
|
|
|
nextAction: "Implement issue-management stories in the next heartbeat.",
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookApprovals: Approval[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "approval-hire-designer",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
type: "hire_agent",
|
|
|
|
|
requestedByAgentId: "agent-cto",
|
|
|
|
|
requestedByUserId: null,
|
|
|
|
|
status: "pending",
|
|
|
|
|
payload: {
|
|
|
|
|
name: "DesignSystemCoder",
|
|
|
|
|
role: "designer",
|
|
|
|
|
title: "Design System Engineer",
|
|
|
|
|
icon: "sparkles",
|
|
|
|
|
adapterType: "codex_local",
|
|
|
|
|
capabilities: "Owns component quality, visual regression stories, and design-system consolidation.",
|
|
|
|
|
desiredSkills: ["frontend-design", "web-design-guidelines"],
|
|
|
|
|
},
|
|
|
|
|
decisionNote: null,
|
|
|
|
|
decidedByUserId: null,
|
|
|
|
|
decidedAt: null,
|
|
|
|
|
createdAt: recent(42),
|
|
|
|
|
updatedAt: recent(42),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "approval-budget",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
type: "budget_override_required",
|
|
|
|
|
requestedByAgentId: "agent-codex",
|
|
|
|
|
requestedByUserId: null,
|
|
|
|
|
status: "revision_requested",
|
|
|
|
|
payload: {
|
|
|
|
|
scopeName: "Paperclip App",
|
|
|
|
|
scopeType: "project",
|
|
|
|
|
windowKind: "calendar_month_utc",
|
|
|
|
|
metric: "billed_cents",
|
|
|
|
|
budgetAmount: 120_000,
|
|
|
|
|
observedAmount: 131_400,
|
|
|
|
|
guidance: "Raise the project budget only after current release smoke checks are green.",
|
|
|
|
|
},
|
|
|
|
|
decisionNote: "Need a tighter verification list before approving more spend.",
|
|
|
|
|
decidedByUserId: "user-board",
|
|
|
|
|
decidedAt: recent(12),
|
|
|
|
|
createdAt: recent(75),
|
|
|
|
|
updatedAt: recent(12),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "approval-board",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
type: "request_board_approval",
|
|
|
|
|
requestedByAgentId: "agent-cto",
|
|
|
|
|
requestedByUserId: null,
|
|
|
|
|
status: "approved",
|
|
|
|
|
payload: {
|
|
|
|
|
title: "Publish the Storybook preview for design review",
|
|
|
|
|
summary: "Build the static Storybook and attach the generated URL to the release issue.",
|
|
|
|
|
recommendedAction: "Approve publishing the preview for internal board review.",
|
|
|
|
|
nextActionOnApproval: "Run build-storybook, upload the static artifact, and request QA visual review.",
|
|
|
|
|
risks: [
|
|
|
|
|
"Stories may expose stale fixture copy if not maintained with UI changes.",
|
|
|
|
|
"Preview screenshots can hide responsive regressions unless mobile viewports are checked.",
|
|
|
|
|
],
|
|
|
|
|
},
|
|
|
|
|
decisionNote: "Approved for internal-only review.",
|
|
|
|
|
decidedByUserId: "user-board",
|
|
|
|
|
decidedAt: recent(4),
|
|
|
|
|
createdAt: recent(55),
|
|
|
|
|
updatedAt: recent(4),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookBudgetSummaries: BudgetPolicySummary[] = [
|
|
|
|
|
{
|
|
|
|
|
policyId: "budget-company-ok",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
scopeType: "company",
|
|
|
|
|
scopeId: "company-storybook",
|
|
|
|
|
scopeName: "Paperclip Storybook",
|
|
|
|
|
metric: "billed_cents",
|
|
|
|
|
windowKind: "calendar_month_utc",
|
|
|
|
|
amount: 250_000,
|
|
|
|
|
observedAmount: 67_500,
|
|
|
|
|
remainingAmount: 182_500,
|
|
|
|
|
utilizationPercent: 27,
|
|
|
|
|
warnPercent: 80,
|
|
|
|
|
hardStopEnabled: true,
|
|
|
|
|
notifyEnabled: true,
|
|
|
|
|
isActive: true,
|
|
|
|
|
status: "ok",
|
|
|
|
|
paused: false,
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
windowStart: new Date("2026-04-01T00:00:00.000Z"),
|
|
|
|
|
windowEnd: new Date("2026-05-01T00:00:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
policyId: "budget-project-warning",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
scopeType: "project",
|
|
|
|
|
scopeId: "project-board-ui",
|
|
|
|
|
scopeName: "Paperclip App",
|
|
|
|
|
metric: "billed_cents",
|
|
|
|
|
windowKind: "calendar_month_utc",
|
|
|
|
|
amount: 120_000,
|
|
|
|
|
observedAmount: 103_100,
|
|
|
|
|
remainingAmount: 16_900,
|
|
|
|
|
utilizationPercent: 86,
|
|
|
|
|
warnPercent: 80,
|
|
|
|
|
hardStopEnabled: true,
|
|
|
|
|
notifyEnabled: true,
|
|
|
|
|
isActive: true,
|
|
|
|
|
status: "warning",
|
|
|
|
|
paused: false,
|
|
|
|
|
pauseReason: null,
|
|
|
|
|
windowStart: new Date("2026-04-01T00:00:00.000Z"),
|
|
|
|
|
windowEnd: new Date("2026-05-01T00:00:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
policyId: "budget-agent-hard-stop",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
scopeType: "agent",
|
|
|
|
|
scopeId: "agent-codex",
|
|
|
|
|
scopeName: "CodexCoder",
|
|
|
|
|
metric: "billed_cents",
|
|
|
|
|
windowKind: "calendar_month_utc",
|
|
|
|
|
amount: 40_000,
|
|
|
|
|
observedAmount: 43_200,
|
|
|
|
|
remainingAmount: 0,
|
|
|
|
|
utilizationPercent: 108,
|
|
|
|
|
warnPercent: 80,
|
|
|
|
|
hardStopEnabled: true,
|
|
|
|
|
notifyEnabled: true,
|
|
|
|
|
isActive: true,
|
|
|
|
|
status: "hard_stop",
|
|
|
|
|
paused: true,
|
|
|
|
|
pauseReason: "budget",
|
|
|
|
|
windowStart: new Date("2026-04-01T00:00:00.000Z"),
|
|
|
|
|
windowEnd: new Date("2026-05-01T00:00:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookActivityEvents: ActivityEvent[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "activity-1",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
actorType: "agent",
|
|
|
|
|
actorId: "agent-codex",
|
|
|
|
|
action: "issue.status_changed",
|
|
|
|
|
entityType: "issue",
|
|
|
|
|
entityId: "issue-storybook-1",
|
|
|
|
|
agentId: "agent-codex",
|
|
|
|
|
runId: "run-storybook",
|
|
|
|
|
details: { from: "todo", to: "in_progress" },
|
|
|
|
|
createdAt: recent(28),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "activity-2",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
actorType: "user",
|
|
|
|
|
actorId: "user-board",
|
|
|
|
|
action: "approval.revision_requested",
|
|
|
|
|
entityType: "approval",
|
|
|
|
|
entityId: "approval-budget",
|
|
|
|
|
agentId: null,
|
|
|
|
|
runId: null,
|
|
|
|
|
details: { type: "budget_override_required" },
|
|
|
|
|
createdAt: recent(12),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "activity-3",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
actorType: "system",
|
|
|
|
|
actorId: "system",
|
|
|
|
|
action: "budget.hard_stop",
|
|
|
|
|
entityType: "agent",
|
|
|
|
|
entityId: "agent-codex",
|
|
|
|
|
agentId: "agent-codex",
|
|
|
|
|
runId: null,
|
|
|
|
|
details: { observedAmount: 43_200, budgetAmount: 40_000 },
|
|
|
|
|
createdAt: recent(7),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookEntityNameMap = new Map<string, string>([
|
|
|
|
|
["issue:issue-storybook-1", "PAP-1641"],
|
|
|
|
|
["issue:issue-storybook-2", "PAP-1528"],
|
|
|
|
|
["issue:issue-storybook-3", "PAP-1602"],
|
|
|
|
|
["issue:issue-storybook-4", "PAP-1668"],
|
|
|
|
|
["issue:issue-storybook-5", "PAP-1669"],
|
|
|
|
|
["issue:issue-storybook-6", "PAP-1670"],
|
|
|
|
|
["issue:issue-storybook-7", "PAP-1591"],
|
|
|
|
|
["approval:approval-budget", "Budget override"],
|
|
|
|
|
["agent:agent-codex", "CodexCoder"],
|
|
|
|
|
["agent:agent-qa", "QAChecker"],
|
|
|
|
|
["agent:agent-cto", "CTO"],
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
export const storybookEntityTitleMap = new Map<string, string>([
|
|
|
|
|
["issue:issue-storybook-1", "Create super-detailed storybooks for the project"],
|
|
|
|
|
["issue:issue-storybook-2", "Add budget hard-stop incident review"],
|
|
|
|
|
["issue:issue-storybook-3", "QA invite flow on authenticated private mode"],
|
|
|
|
|
["issue:issue-storybook-4", "Extract issue row density fixtures"],
|
|
|
|
|
["issue:issue-storybook-5", "Review document editor empty states"],
|
|
|
|
|
["issue:issue-storybook-6", "Publish static Storybook preview"],
|
|
|
|
|
["issue:issue-storybook-7", "Confirm project budget override policy"],
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
export const storybookSidebarBadges: SidebarBadges = {
|
|
|
|
|
inbox: 7,
|
|
|
|
|
approvals: 2,
|
|
|
|
|
failedRuns: 1,
|
|
|
|
|
joinRequests: 1,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export const storybookDashboardSummary: DashboardSummary = {
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
agents: {
|
|
|
|
|
active: 3,
|
|
|
|
|
running: 1,
|
|
|
|
|
paused: 0,
|
|
|
|
|
error: 0,
|
|
|
|
|
},
|
|
|
|
|
tasks: {
|
|
|
|
|
open: 12,
|
|
|
|
|
inProgress: 4,
|
|
|
|
|
blocked: 1,
|
|
|
|
|
done: 36,
|
|
|
|
|
},
|
|
|
|
|
costs: {
|
|
|
|
|
monthSpendCents: 67_500,
|
|
|
|
|
monthBudgetCents: 250_000,
|
|
|
|
|
monthUtilizationPercent: 27,
|
|
|
|
|
},
|
|
|
|
|
pendingApprovals: 2,
|
|
|
|
|
budgets: {
|
|
|
|
|
activeIncidents: 1,
|
|
|
|
|
pendingApprovals: 1,
|
|
|
|
|
pausedAgents: 0,
|
|
|
|
|
pausedProjects: 1,
|
|
|
|
|
},
|
|
|
|
|
runActivity: [
|
|
|
|
|
{ date: "2026-04-07", succeeded: 4, failed: 0, other: 1, total: 5 },
|
|
|
|
|
{ date: "2026-04-08", succeeded: 5, failed: 1, other: 0, total: 6 },
|
|
|
|
|
{ date: "2026-04-09", succeeded: 3, failed: 0, other: 1, total: 4 },
|
|
|
|
|
{ date: "2026-04-10", succeeded: 6, failed: 0, other: 0, total: 6 },
|
|
|
|
|
{ date: "2026-04-11", succeeded: 4, failed: 1, other: 0, total: 5 },
|
|
|
|
|
{ date: "2026-04-12", succeeded: 2, failed: 0, other: 1, total: 3 },
|
|
|
|
|
{ date: "2026-04-13", succeeded: 5, failed: 0, other: 1, total: 6 },
|
|
|
|
|
{ date: "2026-04-14", succeeded: 6, failed: 1, other: 0, total: 7 },
|
|
|
|
|
{ date: "2026-04-15", succeeded: 4, failed: 0, other: 1, total: 5 },
|
|
|
|
|
{ date: "2026-04-16", succeeded: 7, failed: 0, other: 0, total: 7 },
|
|
|
|
|
{ date: "2026-04-17", succeeded: 6, failed: 1, other: 0, total: 7 },
|
|
|
|
|
{ date: "2026-04-18", succeeded: 3, failed: 0, other: 1, total: 4 },
|
|
|
|
|
{ date: "2026-04-19", succeeded: 5, failed: 0, other: 1, total: 6 },
|
|
|
|
|
{ date: "2026-04-20", succeeded: 4, failed: 0, other: 2, total: 6 },
|
|
|
|
|
],
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export const storybookLiveRuns: LiveRunForIssue[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "run-storybook",
|
|
|
|
|
status: "running",
|
|
|
|
|
invocationSource: "manual",
|
|
|
|
|
triggerDetail: "issue_assigned",
|
|
|
|
|
startedAt: recent(28).toISOString(),
|
|
|
|
|
finishedAt: null,
|
|
|
|
|
createdAt: recent(28).toISOString(),
|
|
|
|
|
agentId: "agent-codex",
|
|
|
|
|
agentName: "CodexCoder",
|
|
|
|
|
adapterType: "codex_local",
|
|
|
|
|
issueId: "issue-storybook-1",
|
|
|
|
|
livenessState: "advanced",
|
|
|
|
|
livenessReason: null,
|
|
|
|
|
continuationAttempt: 0,
|
|
|
|
|
lastUsefulActionAt: recent(3).toISOString(),
|
|
|
|
|
nextAction: "Build fixture-backed navigation stories",
|
|
|
|
|
},
|
|
|
|
|
];
|
Add secrets provider vaults and remote import (#5429)
## Thinking Path
> - Paperclip orchestrates AI-agent companies and needs secrets handling
to work across local development, hosted operators, and governed agent
execution.
> - The affected subsystem is the company-scoped secrets control plane:
database schema, server services/routes, CLI workflows, and the Secrets
settings UI.
> - The gap was that secrets were local-only and operators could not
manage provider vaults or import existing remote references without
exposing plaintext.
> - This branch adds provider vault configuration plus an AWS Secrets
Manager remote-import path while preserving company boundaries, binding
context, and audit trails.
> - I kept the PR to a single branch PR, removed unrelated
lockfile/package drift, rebased the full branch onto the current
`public-gh/master`, and addressed fresh Greptile findings.
> - The benefit is a reviewable implementation of provider-backed
secrets with focused tests covering provider selection, import
conflicts, deleted secret reuse, rotation guards, and AWS signing
behavior.
## What Changed
- Added provider vault support for company secrets, including provider
config storage, default vault handling, health checks, binding usage,
access events, and remote import preview/commit.
- Added an AWS Secrets Manager provider using SigV4 request signing,
bounded request timeouts, namespace guardrails, cached runtime
credential resolution, and external-reference linking without plaintext
reads.
- Added Secrets UI surfaces for vault management and remote import, plus
CLI/API documentation for setup and operations.
- Stabilized routine webhook secret binding paths and SSH
environment-driver fixture bindings discovered during verification.
- Addressed Greptile and CI findings: no lockfile/package drift,
monotonic migration metadata, disabled-vault default races, soft-deleted
secret hiding/recreate behavior, remove behavior with disabled vaults,
soft-deleted external-reference re-import, non-active rotation guards,
managed-secret soft deletion through PATCH, and per-call AWS SDK
credential client churn.
- Rebased this branch onto `public-gh/master` at `0e1a5828` and
force-pushed with lease to keep this as the single PR for the branch.
## Verification
- `git fetch public-gh master`
- `git rebase public-gh/master`
- `git diff --name-only public-gh/master...HEAD | grep
'^pnpm-lock\.yaml$' || true` confirmed `pnpm-lock.yaml` is not in the PR
diff.
- Confirmed migration ordering: master ends at `0081_optimal_dormammu`;
this PR adds `0082_dry_vision` and
`0083_company_secret_provider_configs`.
- Inspected migrations for repeat safety: new tables/indexes use `IF NOT
EXISTS`; foreign keys are guarded by `DO $$ ... IF NOT EXISTS`; column
additions use `ADD COLUMN IF NOT EXISTS`.
- `pnpm -r typecheck` passed before the Greptile follow-up commits.
- `pnpm test:run` ran the full stable Vitest path before the Greptile
follow-up commits; it completed with 3 timing-related failures under
parallel load: `codex-local-execute.test.ts`,
`cursor-local-execute.test.ts`, and `environment-service.test.ts`.
- `pnpm --filter @paperclipai/server exec vitest run
src/__tests__/codex-local-execute.test.ts
src/__tests__/cursor-local-execute.test.ts
src/__tests__/environment-service.test.ts` passed on targeted rerun
(`24/24`).
- `pnpm build` passed before the Greptile follow-up commits. Vite
reported existing chunk-size/dynamic-import warnings.
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/secrets-service.test.ts` passed (`26/26`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/aws-secrets-manager-provider.test.ts
src/__tests__/secrets-service.test.ts` passed (`39/39`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
typecheck` passed.
- Captured Storybook screenshots from `ui/storybook-static` for visual
review.
- Latest PR checks on `5ca3a5cf`: `policy`, serialized server suites
1/4-4/4, `Canary Dry Run`, `e2e`, `security/snyk`, and `Greptile Review`
pass; aggregate `verify` is still registering the completed child
checks.
- Greptile review loop continued through the latest requested pass; all
Greptile review threads are resolved and the latest `Greptile Review`
check on `5ca3a5cf` passed with 0 comments added.
## Screenshots
Before: the provider-vault and remote-import surfaces did not exist on
`master`; these are after-state screenshots from the Storybook fixtures.
## Risks
- Migration risk: this adds new secret provider tables and extends
existing secret rows. The migrations were checked for monotonic ordering
and idempotent guards, but reviewers should still inspect upgrade
behavior carefully.
- Provider risk: AWS support uses direct SigV4 requests. Automated tests
cover signing, request timeouts, vault-config selection, namespace
guardrails, pending-version archival, sanitized provider errors, and
service-level cleanup paths. A real-vault AWS smoke test remains
deployment validation for an operator with AWS credentials rather than
an unverified merge blocker in this local branch.
- UI risk: the Secrets page and import dialog are large new surfaces;
screenshots are included above for reviewer inspection.
- Verification risk: the full local stable test command hit
parallel-load timing failures, although the exact failed files passed
when rerun directly.
- Operational risk: remote import intentionally avoids plaintext reads;
operators must understand that imported external references resolve at
runtime and may fail if AWS permissions change.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent with local shell/tool use in the
Paperclip worktree. Exact context-window size was not exposed by the
runtime.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-09 18:22:17 -05:00
|
|
|
|
|
|
|
|
export const storybookSecretProviders: SecretProviderDescriptor[] = [
|
|
|
|
|
{ id: "local_encrypted", label: "Local encrypted", requiresExternalRef: false },
|
|
|
|
|
{ id: "aws_secrets_manager", label: "AWS Secrets Manager", requiresExternalRef: false },
|
|
|
|
|
{ id: "gcp_secret_manager", label: "GCP Secret Manager", requiresExternalRef: false },
|
|
|
|
|
{ id: "vault", label: "HashiCorp Vault", requiresExternalRef: false },
|
|
|
|
|
];
|
|
|
|
|
|
2026-05-19 15:50:23 -05:00
|
|
|
export const storybookSecretProviderConfigs: CompanySecretProviderConfig[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "provider-config-local",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
provider: "local_encrypted",
|
|
|
|
|
displayName: "Local encrypted default",
|
|
|
|
|
status: "ready",
|
|
|
|
|
isDefault: true,
|
|
|
|
|
config: { backupReminderAcknowledged: true },
|
|
|
|
|
healthStatus: "ready",
|
|
|
|
|
healthCheckedAt: recent(45),
|
|
|
|
|
healthMessage: "Local encrypted provider is healthy.",
|
|
|
|
|
healthDetails: null,
|
|
|
|
|
disabledAt: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
createdAt: recent(2_400),
|
|
|
|
|
updatedAt: recent(45),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "provider-config-aws-prod",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
provider: "aws_secrets_manager",
|
|
|
|
|
displayName: "AWS production",
|
|
|
|
|
status: "warning",
|
|
|
|
|
isDefault: false,
|
|
|
|
|
config: {
|
|
|
|
|
region: "us-east-1",
|
|
|
|
|
namespace: "prod-use1",
|
|
|
|
|
secretNamePrefix: "paperclip",
|
|
|
|
|
kmsKeyId: "alias/paperclip-secrets",
|
|
|
|
|
ownerTag: "platform",
|
|
|
|
|
environmentTag: "production",
|
|
|
|
|
},
|
|
|
|
|
healthStatus: "warning",
|
|
|
|
|
healthCheckedAt: recent(18),
|
|
|
|
|
healthMessage: "Connected; KMS key rotation policy not yet enforced.",
|
|
|
|
|
healthDetails: {
|
|
|
|
|
code: "kms_rotation_policy",
|
|
|
|
|
message: "Connected; KMS key rotation policy not yet enforced.",
|
|
|
|
|
guidance: ["Enable automatic key rotation before using this vault for production agents."],
|
|
|
|
|
},
|
|
|
|
|
disabledAt: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
createdAt: recent(1_800),
|
|
|
|
|
updatedAt: recent(18),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookSecretProviderDiscoveryPreview: SecretProviderConfigDiscoveryPreviewResult = {
|
|
|
|
|
provider: "aws_secrets_manager",
|
|
|
|
|
nextToken: null,
|
|
|
|
|
sampledSecretCount: 6,
|
|
|
|
|
skippedForeignPaperclipSampleCount: 1,
|
|
|
|
|
warnings: ["Skipped 1 Paperclip-managed AWS secret from a different deployment namespace."],
|
|
|
|
|
candidates: [
|
|
|
|
|
{
|
|
|
|
|
provider: "aws_secrets_manager",
|
|
|
|
|
displayName: "AWS production",
|
|
|
|
|
config: {
|
|
|
|
|
region: "us-east-1",
|
|
|
|
|
namespace: "prod-use1",
|
|
|
|
|
secretNamePrefix: "paperclip",
|
|
|
|
|
kmsKeyId: "alias/paperclip-secrets",
|
|
|
|
|
ownerTag: "platform",
|
|
|
|
|
environmentTag: "production",
|
|
|
|
|
},
|
|
|
|
|
sampleCount: 5,
|
|
|
|
|
samples: [
|
|
|
|
|
{
|
|
|
|
|
name: "paperclip/prod-use1/company-storybook/openai_api_key",
|
|
|
|
|
hasKmsKey: true,
|
|
|
|
|
tagKeys: ["paperclip:managed-by", "paperclip:environment", "paperclip:provider-owner"],
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
signals: {
|
|
|
|
|
namespace: "prod-use1",
|
|
|
|
|
secretNamePrefix: "paperclip",
|
|
|
|
|
environmentTag: "production",
|
|
|
|
|
ownerTag: "platform",
|
|
|
|
|
kmsKeyId: "alias/paperclip-secrets",
|
|
|
|
|
hasKmsKey: true,
|
|
|
|
|
sampleCount: 5,
|
|
|
|
|
paperclipManagedSampleCount: 5,
|
|
|
|
|
skippedForeignPaperclipSampleCount: 1,
|
|
|
|
|
},
|
|
|
|
|
warnings: [],
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
};
|
|
|
|
|
|
Add secrets provider vaults and remote import (#5429)
## Thinking Path
> - Paperclip orchestrates AI-agent companies and needs secrets handling
to work across local development, hosted operators, and governed agent
execution.
> - The affected subsystem is the company-scoped secrets control plane:
database schema, server services/routes, CLI workflows, and the Secrets
settings UI.
> - The gap was that secrets were local-only and operators could not
manage provider vaults or import existing remote references without
exposing plaintext.
> - This branch adds provider vault configuration plus an AWS Secrets
Manager remote-import path while preserving company boundaries, binding
context, and audit trails.
> - I kept the PR to a single branch PR, removed unrelated
lockfile/package drift, rebased the full branch onto the current
`public-gh/master`, and addressed fresh Greptile findings.
> - The benefit is a reviewable implementation of provider-backed
secrets with focused tests covering provider selection, import
conflicts, deleted secret reuse, rotation guards, and AWS signing
behavior.
## What Changed
- Added provider vault support for company secrets, including provider
config storage, default vault handling, health checks, binding usage,
access events, and remote import preview/commit.
- Added an AWS Secrets Manager provider using SigV4 request signing,
bounded request timeouts, namespace guardrails, cached runtime
credential resolution, and external-reference linking without plaintext
reads.
- Added Secrets UI surfaces for vault management and remote import, plus
CLI/API documentation for setup and operations.
- Stabilized routine webhook secret binding paths and SSH
environment-driver fixture bindings discovered during verification.
- Addressed Greptile and CI findings: no lockfile/package drift,
monotonic migration metadata, disabled-vault default races, soft-deleted
secret hiding/recreate behavior, remove behavior with disabled vaults,
soft-deleted external-reference re-import, non-active rotation guards,
managed-secret soft deletion through PATCH, and per-call AWS SDK
credential client churn.
- Rebased this branch onto `public-gh/master` at `0e1a5828` and
force-pushed with lease to keep this as the single PR for the branch.
## Verification
- `git fetch public-gh master`
- `git rebase public-gh/master`
- `git diff --name-only public-gh/master...HEAD | grep
'^pnpm-lock\.yaml$' || true` confirmed `pnpm-lock.yaml` is not in the PR
diff.
- Confirmed migration ordering: master ends at `0081_optimal_dormammu`;
this PR adds `0082_dry_vision` and
`0083_company_secret_provider_configs`.
- Inspected migrations for repeat safety: new tables/indexes use `IF NOT
EXISTS`; foreign keys are guarded by `DO $$ ... IF NOT EXISTS`; column
additions use `ADD COLUMN IF NOT EXISTS`.
- `pnpm -r typecheck` passed before the Greptile follow-up commits.
- `pnpm test:run` ran the full stable Vitest path before the Greptile
follow-up commits; it completed with 3 timing-related failures under
parallel load: `codex-local-execute.test.ts`,
`cursor-local-execute.test.ts`, and `environment-service.test.ts`.
- `pnpm --filter @paperclipai/server exec vitest run
src/__tests__/codex-local-execute.test.ts
src/__tests__/cursor-local-execute.test.ts
src/__tests__/environment-service.test.ts` passed on targeted rerun
(`24/24`).
- `pnpm build` passed before the Greptile follow-up commits. Vite
reported existing chunk-size/dynamic-import warnings.
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/secrets-service.test.ts` passed (`26/26`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
exec vitest run src/__tests__/aws-secrets-manager-provider.test.ts
src/__tests__/secrets-service.test.ts` passed (`39/39`).
- After Greptile follow-up commits: `pnpm --filter @paperclipai/server
typecheck` passed.
- Captured Storybook screenshots from `ui/storybook-static` for visual
review.
- Latest PR checks on `5ca3a5cf`: `policy`, serialized server suites
1/4-4/4, `Canary Dry Run`, `e2e`, `security/snyk`, and `Greptile Review`
pass; aggregate `verify` is still registering the completed child
checks.
- Greptile review loop continued through the latest requested pass; all
Greptile review threads are resolved and the latest `Greptile Review`
check on `5ca3a5cf` passed with 0 comments added.
## Screenshots
Before: the provider-vault and remote-import surfaces did not exist on
`master`; these are after-state screenshots from the Storybook fixtures.
## Risks
- Migration risk: this adds new secret provider tables and extends
existing secret rows. The migrations were checked for monotonic ordering
and idempotent guards, but reviewers should still inspect upgrade
behavior carefully.
- Provider risk: AWS support uses direct SigV4 requests. Automated tests
cover signing, request timeouts, vault-config selection, namespace
guardrails, pending-version archival, sanitized provider errors, and
service-level cleanup paths. A real-vault AWS smoke test remains
deployment validation for an operator with AWS credentials rather than
an unverified merge blocker in this local branch.
- UI risk: the Secrets page and import dialog are large new surfaces;
screenshots are included above for reviewer inspection.
- Verification risk: the full local stable test command hit
parallel-load timing failures, although the exact failed files passed
when rerun directly.
- Operational risk: remote import intentionally avoids plaintext reads;
operators must understand that imported external references resolve at
runtime and may fail if AWS permissions change.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent with local shell/tool use in the
Paperclip worktree. Exact context-window size was not exposed by the
runtime.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-09 18:22:17 -05:00
|
|
|
export const storybookSecrets: CompanySecret[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "secret-openai",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
key: "openai_api_key",
|
|
|
|
|
name: "OPENAI_API_KEY",
|
|
|
|
|
provider: "local_encrypted",
|
|
|
|
|
status: "active",
|
|
|
|
|
managedMode: "paperclip_managed",
|
|
|
|
|
externalRef: null,
|
|
|
|
|
providerConfigId: null,
|
|
|
|
|
providerMetadata: null,
|
|
|
|
|
latestVersion: 3,
|
|
|
|
|
description: "OpenAI API key shared by all model adapters.",
|
|
|
|
|
lastResolvedAt: recent(12),
|
|
|
|
|
lastRotatedAt: new Date("2026-04-15T09:30:00.000Z"),
|
|
|
|
|
deletedAt: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
createdAt: new Date("2026-03-01T10:00:00.000Z"),
|
|
|
|
|
updatedAt: recent(12),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "secret-aws-prod",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
key: "prod_aws_deploy",
|
|
|
|
|
name: "PROD_AWS_DEPLOY_KEY",
|
|
|
|
|
provider: "aws_secrets_manager",
|
|
|
|
|
status: "active",
|
|
|
|
|
managedMode: "external_reference",
|
|
|
|
|
externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod/aws-deploy-AbCdEf",
|
|
|
|
|
providerConfigId: null,
|
|
|
|
|
providerMetadata: null,
|
|
|
|
|
latestVersion: 2,
|
|
|
|
|
description: "Deploy key for the prod ECS rollout pipeline.",
|
|
|
|
|
lastResolvedAt: recent(180),
|
|
|
|
|
lastRotatedAt: new Date("2026-04-22T14:00:00.000Z"),
|
|
|
|
|
deletedAt: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
createdAt: new Date("2026-02-01T10:00:00.000Z"),
|
|
|
|
|
updatedAt: recent(180),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "secret-github",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
key: "github_app_pem",
|
|
|
|
|
name: "GITHUB_APP_PEM",
|
|
|
|
|
provider: "local_encrypted",
|
|
|
|
|
status: "disabled",
|
|
|
|
|
managedMode: "paperclip_managed",
|
|
|
|
|
externalRef: null,
|
|
|
|
|
providerConfigId: null,
|
|
|
|
|
providerMetadata: null,
|
|
|
|
|
latestVersion: 1,
|
|
|
|
|
description: "Disabled until GitHub App reinstall is approved.",
|
|
|
|
|
lastResolvedAt: new Date("2026-03-30T08:11:00.000Z"),
|
|
|
|
|
lastRotatedAt: null,
|
|
|
|
|
deletedAt: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
createdAt: new Date("2026-03-15T10:00:00.000Z"),
|
|
|
|
|
updatedAt: new Date("2026-04-21T11:30:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "secret-stripe-archived",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
key: "stripe_legacy",
|
|
|
|
|
name: "STRIPE_LEGACY",
|
|
|
|
|
provider: "vault",
|
|
|
|
|
status: "archived",
|
|
|
|
|
managedMode: "external_reference",
|
|
|
|
|
externalRef: "secret/data/payments/stripe-legacy",
|
|
|
|
|
providerConfigId: null,
|
|
|
|
|
providerMetadata: null,
|
|
|
|
|
latestVersion: 4,
|
|
|
|
|
description: "Migrated to managed billing service. Kept for backfill jobs.",
|
|
|
|
|
lastResolvedAt: new Date("2026-02-25T08:11:00.000Z"),
|
|
|
|
|
lastRotatedAt: new Date("2026-02-20T08:11:00.000Z"),
|
|
|
|
|
deletedAt: null,
|
|
|
|
|
createdByAgentId: null,
|
|
|
|
|
createdByUserId: "user-board",
|
|
|
|
|
createdAt: new Date("2025-12-01T10:00:00.000Z"),
|
|
|
|
|
updatedAt: new Date("2026-03-01T11:30:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookSecretBindings: CompanySecretBinding[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "binding-openai-agent",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
secretId: "secret-openai",
|
|
|
|
|
targetType: "agent",
|
|
|
|
|
targetId: "agent-codex",
|
|
|
|
|
configPath: "env.OPENAI_API_KEY",
|
|
|
|
|
versionSelector: "latest",
|
|
|
|
|
required: true,
|
|
|
|
|
label: "Codex agent env",
|
|
|
|
|
createdAt: new Date("2026-03-02T09:00:00.000Z"),
|
|
|
|
|
updatedAt: new Date("2026-03-02T09:00:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "binding-openai-project",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
secretId: "secret-openai",
|
|
|
|
|
targetType: "project",
|
|
|
|
|
targetId: "project-app",
|
|
|
|
|
configPath: "env.OPENAI_API_KEY",
|
|
|
|
|
versionSelector: "latest",
|
|
|
|
|
required: true,
|
|
|
|
|
label: "Paperclip App project env",
|
|
|
|
|
createdAt: new Date("2026-03-02T09:00:00.000Z"),
|
|
|
|
|
updatedAt: new Date("2026-03-02T09:00:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "binding-aws-environment",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
secretId: "secret-aws-prod",
|
|
|
|
|
targetType: "environment",
|
|
|
|
|
targetId: "env-prod",
|
|
|
|
|
configPath: "secrets.AWS_DEPLOY",
|
|
|
|
|
versionSelector: 2,
|
|
|
|
|
required: true,
|
|
|
|
|
label: "Prod environment",
|
|
|
|
|
createdAt: new Date("2026-04-22T14:01:00.000Z"),
|
|
|
|
|
updatedAt: new Date("2026-04-22T14:01:00.000Z"),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookSecretAccessEvents: SecretAccessEvent[] = [
|
|
|
|
|
{
|
|
|
|
|
id: "evt-1",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
secretId: "secret-openai",
|
|
|
|
|
version: 3,
|
|
|
|
|
provider: "local_encrypted",
|
|
|
|
|
actorType: "agent",
|
|
|
|
|
actorId: "agent-codex",
|
|
|
|
|
consumerType: "agent",
|
|
|
|
|
consumerId: "agent-codex",
|
|
|
|
|
configPath: "env.OPENAI_API_KEY",
|
|
|
|
|
issueId: "issue-storybook-1",
|
|
|
|
|
heartbeatRunId: "run-storybook",
|
|
|
|
|
pluginId: null,
|
|
|
|
|
outcome: "success",
|
|
|
|
|
errorCode: null,
|
|
|
|
|
createdAt: recent(12),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "evt-2",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
secretId: "secret-openai",
|
|
|
|
|
version: 3,
|
|
|
|
|
provider: "local_encrypted",
|
|
|
|
|
actorType: "system",
|
|
|
|
|
actorId: null,
|
|
|
|
|
consumerType: "project",
|
|
|
|
|
consumerId: "project-app",
|
|
|
|
|
configPath: "env.OPENAI_API_KEY",
|
|
|
|
|
issueId: null,
|
|
|
|
|
heartbeatRunId: null,
|
|
|
|
|
pluginId: null,
|
|
|
|
|
outcome: "success",
|
|
|
|
|
errorCode: null,
|
|
|
|
|
createdAt: recent(48),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
id: "evt-3",
|
|
|
|
|
companyId: "company-storybook",
|
|
|
|
|
secretId: "secret-openai",
|
|
|
|
|
version: null,
|
|
|
|
|
provider: "local_encrypted",
|
|
|
|
|
actorType: "agent",
|
|
|
|
|
actorId: "agent-codex",
|
|
|
|
|
consumerType: "agent",
|
|
|
|
|
consumerId: "agent-codex",
|
|
|
|
|
configPath: "env.OPENAI_API_KEY",
|
|
|
|
|
issueId: "issue-storybook-1",
|
|
|
|
|
heartbeatRunId: "run-storybook",
|
|
|
|
|
pluginId: null,
|
|
|
|
|
outcome: "failure",
|
|
|
|
|
errorCode: "secret_disabled",
|
|
|
|
|
createdAt: recent(360),
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
export const storybookSecretProviderHealth = {
|
|
|
|
|
providers: [
|
|
|
|
|
{
|
|
|
|
|
provider: "local_encrypted" as const,
|
|
|
|
|
status: "ok" as const,
|
|
|
|
|
message: "Encryption key loaded; permissions OK.",
|
|
|
|
|
warnings: [] as string[],
|
|
|
|
|
backupGuidance: ["Backup ~/.paperclip/instances/default/secrets/key separately from the database."],
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
provider: "aws_secrets_manager" as const,
|
|
|
|
|
status: "warn" as const,
|
|
|
|
|
message: "Connected; KMS key rotation policy not yet enforced.",
|
|
|
|
|
warnings: ["Set up automated KMS key rotation for production tenants."],
|
|
|
|
|
backupGuidance: [],
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
provider: "gcp_secret_manager" as const,
|
|
|
|
|
status: "ok" as const,
|
|
|
|
|
message: "Service account reachable.",
|
|
|
|
|
warnings: [] as string[],
|
|
|
|
|
backupGuidance: [],
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
provider: "vault" as const,
|
|
|
|
|
status: "ok" as const,
|
|
|
|
|
message: "KV v2 mount reachable.",
|
|
|
|
|
warnings: [] as string[],
|
|
|
|
|
backupGuidance: [],
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
};
|