paperclip/doc/DEVELOPING.md

# Developing

This project can run fully in local dev without setting up PostgreSQL manually.

## Prerequisites

- Node.js 20+
- pnpm 9+

## Start Dev

From repo root:

```sh
pnpm install
pnpm dev
```

This starts:

- API server: `http://localhost:3100`
- UI: served by the API server in dev middleware mode (same origin as API)

## Database in Dev (Auto-Handled)

For local development, leave `DATABASE_URL` unset.
The server will automatically use embedded PostgreSQL and persist data at:

- `./data/embedded-postgres`

No Docker or external database is required for this mode.

## Quick Health Checks

In another terminal:

```sh
curl http://localhost:3100/api/health
curl http://localhost:3100/api/companies
```

Expected:

- `/api/health` returns `{"status":"ok"}`
- `/api/companies` returns a JSON array

## Reset Local Dev Database

To wipe local dev data and start fresh:

```sh
rm -rf server/data/embedded-postgres
pnpm dev
```

## Optional: Use External Postgres

If you set `DATABASE_URL`, the server will use that instead of embedded PostgreSQL.

## Secrets in Dev

Agent env vars now support secret references. By default, secret values are stored with local encryption and only secret refs are persisted in agent config.

- Default local key path: `./data/secrets/master.key`
- Override key material directly: `PAPERCLIP_SECRETS_MASTER_KEY`
- Override key file path: `PAPERCLIP_SECRETS_MASTER_KEY_FILE`

Strict mode (recommended outside local trusted machines):

```sh
PAPERCLIP_SECRETS_STRICT_MODE=true
```

When strict mode is enabled, sensitive env keys (for example `*_API_KEY`, `*_TOKEN`, `*_SECRET`) must use secret references instead of inline plain values.

CLI configuration support:

- `pnpm paperclip onboard` writes a default `secrets` config section (`local_encrypted`, strict mode off, key file path set) and creates a local key file when needed.
- `pnpm paperclip configure --section secrets` lets you update provider/strict mode/key path and creates the local key file when needed.
- `pnpm paperclip doctor` validates secrets adapter configuration and can create a missing local key file with `--repair`.

Migration helper for existing inline env secrets:

```sh
pnpm secrets:migrate-inline-env         # dry run
pnpm secrets:migrate-inline-env --apply # apply migration
```
Reorganize docs and add implementation spec Move GOAL.md, PRODUCT.md, SPEC.md from repo root into doc/. Add AGENTS.md (contributor guidance), doc/DEVELOPING.md (dev setup), doc/SPEC-implementation.md (V1 implementation contract), and doc/specs/ui.md (UI design spec). Update ClipHub doc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-17 09:07:15 -06:00			`# Developing`

			`This project can run fully in local dev without setting up PostgreSQL manually.`

			`## Prerequisites`

			`- Node.js 20+`
			`- pnpm 9+`

			`## Start Dev`

			`From repo root:`

			```sh
			`pnpm install`
			`pnpm dev`
			```

			`This starts:`

			- API server: `http://localhost:3100`
Replace PGlite with embedded-postgres and add startup banner Switch from PGlite (WebAssembly) to embedded-postgres for zero-config local development — provides a real PostgreSQL server with full compatibility. Add startup banner with config summary on server boot. Improve server bootstrap with auto port detection, database creation, and migration on startup. Update DATABASE.md, DEVELOPING.md, and SPEC-implementation.md to reflect the change. Update CLI database check and prompts. Simplify OnboardingWizard database options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-18 11:45:43 -06:00			`- UI: served by the API server in dev middleware mode (same origin as API)`
Reorganize docs and add implementation spec Move GOAL.md, PRODUCT.md, SPEC.md from repo root into doc/. Add AGENTS.md (contributor guidance), doc/DEVELOPING.md (dev setup), doc/SPEC-implementation.md (V1 implementation contract), and doc/specs/ui.md (UI design spec). Update ClipHub doc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-17 09:07:15 -06:00
			`## Database in Dev (Auto-Handled)`

			For local development, leave `DATABASE_URL` unset.
Replace PGlite with embedded-postgres and add startup banner Switch from PGlite (WebAssembly) to embedded-postgres for zero-config local development — provides a real PostgreSQL server with full compatibility. Add startup banner with config summary on server boot. Improve server bootstrap with auto port detection, database creation, and migration on startup. Update DATABASE.md, DEVELOPING.md, and SPEC-implementation.md to reflect the change. Update CLI database check and prompts. Simplify OnboardingWizard database options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-18 11:45:43 -06:00			`The server will automatically use embedded PostgreSQL and persist data at:`
Reorganize docs and add implementation spec Move GOAL.md, PRODUCT.md, SPEC.md from repo root into doc/. Add AGENTS.md (contributor guidance), doc/DEVELOPING.md (dev setup), doc/SPEC-implementation.md (V1 implementation contract), and doc/specs/ui.md (UI design spec). Update ClipHub doc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-17 09:07:15 -06:00
Replace PGlite with embedded-postgres and add startup banner Switch from PGlite (WebAssembly) to embedded-postgres for zero-config local development — provides a real PostgreSQL server with full compatibility. Add startup banner with config summary on server boot. Improve server bootstrap with auto port detection, database creation, and migration on startup. Update DATABASE.md, DEVELOPING.md, and SPEC-implementation.md to reflect the change. Update CLI database check and prompts. Simplify OnboardingWizard database options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-18 11:45:43 -06:00			- `./data/embedded-postgres`
Reorganize docs and add implementation spec Move GOAL.md, PRODUCT.md, SPEC.md from repo root into doc/. Add AGENTS.md (contributor guidance), doc/DEVELOPING.md (dev setup), doc/SPEC-implementation.md (V1 implementation contract), and doc/specs/ui.md (UI design spec). Update ClipHub doc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-17 09:07:15 -06:00
			`No Docker or external database is required for this mode.`

			`## Quick Health Checks`

			`In another terminal:`

			```sh
			`curl http://localhost:3100/api/health`
			`curl http://localhost:3100/api/companies`
			```

			`Expected:`

			- `/api/health` returns `{"status":"ok"}`
			- `/api/companies` returns a JSON array

			`## Reset Local Dev Database`

			`To wipe local dev data and start fresh:`

			```sh
Replace PGlite with embedded-postgres and add startup banner Switch from PGlite (WebAssembly) to embedded-postgres for zero-config local development — provides a real PostgreSQL server with full compatibility. Add startup banner with config summary on server boot. Improve server bootstrap with auto port detection, database creation, and migration on startup. Update DATABASE.md, DEVELOPING.md, and SPEC-implementation.md to reflect the change. Update CLI database check and prompts. Simplify OnboardingWizard database options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-18 11:45:43 -06:00			`rm -rf server/data/embedded-postgres`
Reorganize docs and add implementation spec Move GOAL.md, PRODUCT.md, SPEC.md from repo root into doc/. Add AGENTS.md (contributor guidance), doc/DEVELOPING.md (dev setup), doc/SPEC-implementation.md (V1 implementation contract), and doc/specs/ui.md (UI design spec). Update ClipHub doc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-17 09:07:15 -06:00			`pnpm dev`
			```

			`## Optional: Use External Postgres`

Replace PGlite with embedded-postgres and add startup banner Switch from PGlite (WebAssembly) to embedded-postgres for zero-config local development — provides a real PostgreSQL server with full compatibility. Add startup banner with config summary on server boot. Improve server bootstrap with auto port detection, database creation, and migration on startup. Update DATABASE.md, DEVELOPING.md, and SPEC-implementation.md to reflect the change. Update CLI database check and prompts. Simplify OnboardingWizard database options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-18 11:45:43 -06:00			If you set `DATABASE_URL`, the server will use that instead of embedded PostgreSQL.
Add secrets documentation and inline env migration script Document secret storage in DATABASE.md and DEVELOPING.md. Update SPEC-implementation with company_secrets schema and indexes. Add migrate-inline-env-secrets script for converting existing plain env values to managed secrets (dry-run by default, --apply to commit). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-19 15:44:11 -06:00
			`## Secrets in Dev`

			`Agent env vars now support secret references. By default, secret values are stored with local encryption and only secret refs are persisted in agent config.`

			- Default local key path: `./data/secrets/master.key`
			- Override key material directly: `PAPERCLIP_SECRETS_MASTER_KEY`
			- Override key file path: `PAPERCLIP_SECRETS_MASTER_KEY_FILE`

			`Strict mode (recommended outside local trusted machines):`

			```sh
			`PAPERCLIP_SECRETS_STRICT_MODE=true`
			```

			When strict mode is enabled, sensitive env keys (for example `_API_KEY`, `_TOKEN`, `*_SECRET`) must use secret references instead of inline plain values.

			`CLI configuration support:`

			- `pnpm paperclip onboard` writes a default `secrets` config section (`local_encrypted`, strict mode off, key file path set) and creates a local key file when needed.
			- `pnpm paperclip configure --section secrets` lets you update provider/strict mode/key path and creates the local key file when needed.
			- `pnpm paperclip doctor` validates secrets adapter configuration and can create a missing local key file with `--repair`.

			`Migration helper for existing inline env secrets:`

			```sh
			`pnpm secrets:migrate-inline-env # dry run`
			`pnpm secrets:migrate-inline-env --apply # apply migration`
			```