2026-03-13 21:30:48 -05:00
|
|
|
import { and, asc, desc, eq } from "drizzle-orm";
|
|
|
|
|
import type { Db } from "@paperclipai/db";
|
|
|
|
|
import { documentRevisions, documents, issueDocuments, issues } from "@paperclipai/db";
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
import { isSystemIssueDocumentKey, issueDocumentKeySchema } from "@paperclipai/shared";
|
2026-03-13 21:30:48 -05:00
|
|
|
import { conflict, notFound, unprocessable } from "../errors.js";
|
|
|
|
|
|
|
|
|
|
function normalizeDocumentKey(key: string) {
|
|
|
|
|
const normalized = key.trim().toLowerCase();
|
|
|
|
|
const parsed = issueDocumentKeySchema.safeParse(normalized);
|
|
|
|
|
if (!parsed.success) {
|
|
|
|
|
throw unprocessable("Invalid document key", parsed.error.issues);
|
|
|
|
|
}
|
|
|
|
|
return parsed.data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function isUniqueViolation(error: unknown): boolean {
|
|
|
|
|
return !!error && typeof error === "object" && "code" in error && (error as { code?: string }).code === "23505";
|
|
|
|
|
}
|
|
|
|
|
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
function nextAvailableDocumentKey(sourceKey: string, existingKeys: string[]) {
|
|
|
|
|
const usedKeys = new Set(existingKeys);
|
|
|
|
|
for (let index = 2; index < 1000; index += 1) {
|
|
|
|
|
const suffix = `-${index}`;
|
|
|
|
|
const baseMaxLength = 64 - suffix.length;
|
|
|
|
|
const base = sourceKey.slice(0, baseMaxLength).replace(/[-_]+$/g, "") || "document";
|
|
|
|
|
const candidate = `${base}${suffix}`;
|
|
|
|
|
if (!usedKeys.has(candidate) && issueDocumentKeySchema.safeParse(candidate).success) {
|
|
|
|
|
return candidate;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
throw conflict("Unable to choose a new document key for locked document", { key: sourceKey });
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-13 21:30:48 -05:00
|
|
|
export function extractLegacyPlanBody(description: string | null | undefined) {
|
|
|
|
|
if (!description) return null;
|
|
|
|
|
const match = /<plan>\s*([\s\S]*?)\s*<\/plan>/i.exec(description);
|
|
|
|
|
if (!match) return null;
|
|
|
|
|
const body = match[1]?.trim();
|
|
|
|
|
return body ? body : null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function mapIssueDocumentRow(
|
|
|
|
|
row: {
|
|
|
|
|
id: string;
|
|
|
|
|
companyId: string;
|
|
|
|
|
issueId: string;
|
|
|
|
|
key: string;
|
|
|
|
|
title: string | null;
|
|
|
|
|
format: string;
|
|
|
|
|
latestBody: string;
|
|
|
|
|
latestRevisionId: string | null;
|
|
|
|
|
latestRevisionNumber: number;
|
|
|
|
|
createdByAgentId: string | null;
|
|
|
|
|
createdByUserId: string | null;
|
|
|
|
|
updatedByAgentId: string | null;
|
|
|
|
|
updatedByUserId: string | null;
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: Date | null;
|
|
|
|
|
lockedByAgentId: string | null;
|
|
|
|
|
lockedByUserId: string | null;
|
2026-03-13 21:30:48 -05:00
|
|
|
createdAt: Date;
|
|
|
|
|
updatedAt: Date;
|
|
|
|
|
},
|
|
|
|
|
includeBody: boolean,
|
|
|
|
|
) {
|
|
|
|
|
return {
|
|
|
|
|
id: row.id,
|
|
|
|
|
companyId: row.companyId,
|
|
|
|
|
issueId: row.issueId,
|
|
|
|
|
key: row.key,
|
|
|
|
|
title: row.title,
|
|
|
|
|
format: row.format,
|
|
|
|
|
...(includeBody ? { body: row.latestBody } : {}),
|
2026-03-13 22:17:49 -05:00
|
|
|
latestRevisionId: row.latestRevisionId ?? null,
|
2026-03-13 21:30:48 -05:00
|
|
|
latestRevisionNumber: row.latestRevisionNumber,
|
|
|
|
|
createdByAgentId: row.createdByAgentId,
|
|
|
|
|
createdByUserId: row.createdByUserId,
|
|
|
|
|
updatedByAgentId: row.updatedByAgentId,
|
|
|
|
|
updatedByUserId: row.updatedByUserId,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: row.lockedAt,
|
|
|
|
|
lockedByAgentId: row.lockedByAgentId,
|
|
|
|
|
lockedByUserId: row.lockedByUserId,
|
2026-03-13 21:30:48 -05:00
|
|
|
createdAt: row.createdAt,
|
|
|
|
|
updatedAt: row.updatedAt,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-26 08:24:57 -05:00
|
|
|
const issueDocumentSelect = {
|
|
|
|
|
id: documents.id,
|
|
|
|
|
companyId: documents.companyId,
|
|
|
|
|
issueId: issueDocuments.issueId,
|
|
|
|
|
key: issueDocuments.key,
|
|
|
|
|
title: documents.title,
|
|
|
|
|
format: documents.format,
|
|
|
|
|
latestBody: documents.latestBody,
|
|
|
|
|
latestRevisionId: documents.latestRevisionId,
|
|
|
|
|
latestRevisionNumber: documents.latestRevisionNumber,
|
|
|
|
|
createdByAgentId: documents.createdByAgentId,
|
|
|
|
|
createdByUserId: documents.createdByUserId,
|
|
|
|
|
updatedByAgentId: documents.updatedByAgentId,
|
|
|
|
|
updatedByUserId: documents.updatedByUserId,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: documents.lockedAt,
|
|
|
|
|
lockedByAgentId: documents.lockedByAgentId,
|
|
|
|
|
lockedByUserId: documents.lockedByUserId,
|
2026-03-26 08:24:57 -05:00
|
|
|
createdAt: documents.createdAt,
|
|
|
|
|
updatedAt: documents.updatedAt,
|
|
|
|
|
};
|
|
|
|
|
|
2026-03-13 21:30:48 -05:00
|
|
|
export function documentService(db: Db) {
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
const filterSystemDocuments = <T extends { key: string }>(rows: T[], includeSystem: boolean) =>
|
|
|
|
|
includeSystem ? rows : rows.filter((row) => !isSystemIssueDocumentKey(row.key));
|
|
|
|
|
|
2026-03-13 21:30:48 -05:00
|
|
|
return {
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
getIssueDocumentPayload: async (
|
|
|
|
|
issue: { id: string; description: string | null },
|
|
|
|
|
options: { includeSystem?: boolean } = {},
|
|
|
|
|
) => {
|
2026-03-13 21:30:48 -05:00
|
|
|
const [planDocument, documentSummaries] = await Promise.all([
|
|
|
|
|
db
|
2026-03-26 08:24:57 -05:00
|
|
|
.select(issueDocumentSelect)
|
2026-03-13 21:30:48 -05:00
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, issue.id), eq(issueDocuments.key, "plan")))
|
|
|
|
|
.then((rows) => rows[0] ?? null),
|
|
|
|
|
db
|
2026-03-26 08:24:57 -05:00
|
|
|
.select(issueDocumentSelect)
|
2026-03-13 21:30:48 -05:00
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(eq(issueDocuments.issueId, issue.id))
|
|
|
|
|
.orderBy(asc(issueDocuments.key), desc(documents.updatedAt)),
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
const legacyPlanBody = planDocument ? null : extractLegacyPlanBody(issue.description);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
planDocument: planDocument ? mapIssueDocumentRow(planDocument, true) : null,
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
documentSummaries: filterSystemDocuments(documentSummaries, options.includeSystem ?? false)
|
|
|
|
|
.map((row) => mapIssueDocumentRow(row, false)),
|
2026-03-13 21:30:48 -05:00
|
|
|
legacyPlanDocument: legacyPlanBody
|
|
|
|
|
? {
|
|
|
|
|
key: "plan" as const,
|
|
|
|
|
body: legacyPlanBody,
|
|
|
|
|
source: "issue_description" as const,
|
|
|
|
|
}
|
|
|
|
|
: null,
|
|
|
|
|
};
|
|
|
|
|
},
|
|
|
|
|
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
listIssueDocuments: async (issueId: string, options: { includeSystem?: boolean } = {}) => {
|
2026-03-13 21:30:48 -05:00
|
|
|
const rows = await db
|
2026-03-26 08:24:57 -05:00
|
|
|
.select(issueDocumentSelect)
|
2026-03-13 21:30:48 -05:00
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(eq(issueDocuments.issueId, issueId))
|
|
|
|
|
.orderBy(asc(issueDocuments.key), desc(documents.updatedAt));
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
return filterSystemDocuments(rows, options.includeSystem ?? false).map((row) => mapIssueDocumentRow(row, true));
|
2026-03-13 21:30:48 -05:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
getIssueDocumentByKey: async (issueId: string, rawKey: string) => {
|
|
|
|
|
const key = normalizeDocumentKey(rawKey);
|
|
|
|
|
const row = await db
|
2026-03-26 08:24:57 -05:00
|
|
|
.select(issueDocumentSelect)
|
2026-03-13 21:30:48 -05:00
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, issueId), eq(issueDocuments.key, key)))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
return row ? mapIssueDocumentRow(row, true) : null;
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
listIssueDocumentRevisions: async (issueId: string, rawKey: string) => {
|
|
|
|
|
const key = normalizeDocumentKey(rawKey);
|
|
|
|
|
return db
|
|
|
|
|
.select({
|
|
|
|
|
id: documentRevisions.id,
|
|
|
|
|
companyId: documentRevisions.companyId,
|
|
|
|
|
documentId: documentRevisions.documentId,
|
|
|
|
|
issueId: issueDocuments.issueId,
|
|
|
|
|
key: issueDocuments.key,
|
|
|
|
|
revisionNumber: documentRevisions.revisionNumber,
|
2026-03-26 08:24:57 -05:00
|
|
|
title: documentRevisions.title,
|
|
|
|
|
format: documentRevisions.format,
|
2026-03-13 21:30:48 -05:00
|
|
|
body: documentRevisions.body,
|
|
|
|
|
changeSummary: documentRevisions.changeSummary,
|
|
|
|
|
createdByAgentId: documentRevisions.createdByAgentId,
|
|
|
|
|
createdByUserId: documentRevisions.createdByUserId,
|
|
|
|
|
createdAt: documentRevisions.createdAt,
|
|
|
|
|
})
|
|
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.innerJoin(documentRevisions, eq(documentRevisions.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, issueId), eq(issueDocuments.key, key)))
|
|
|
|
|
.orderBy(desc(documentRevisions.revisionNumber));
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
upsertIssueDocument: async (input: {
|
|
|
|
|
issueId: string;
|
|
|
|
|
key: string;
|
|
|
|
|
title?: string | null;
|
|
|
|
|
format: string;
|
|
|
|
|
body: string;
|
|
|
|
|
changeSummary?: string | null;
|
|
|
|
|
baseRevisionId?: string | null;
|
|
|
|
|
createdByAgentId?: string | null;
|
|
|
|
|
createdByUserId?: string | null;
|
2026-04-02 09:11:49 -05:00
|
|
|
createdByRunId?: string | null;
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedDocumentStrategy?: "conflict" | "create_new_document";
|
2026-03-13 21:30:48 -05:00
|
|
|
}) => {
|
|
|
|
|
const key = normalizeDocumentKey(input.key);
|
|
|
|
|
const issue = await db
|
|
|
|
|
.select({ id: issues.id, companyId: issues.companyId })
|
|
|
|
|
.from(issues)
|
|
|
|
|
.where(eq(issues.id, input.issueId))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
if (!issue) throw notFound("Issue not found");
|
|
|
|
|
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
const maxAttempts = input.lockedDocumentStrategy === "create_new_document" ? 3 : 1;
|
|
|
|
|
for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
|
|
|
|
|
try {
|
|
|
|
|
return await db.transaction(async (tx) => {
|
2026-03-13 21:30:48 -05:00
|
|
|
const now = new Date();
|
|
|
|
|
const existing = await tx
|
|
|
|
|
.select({
|
|
|
|
|
id: documents.id,
|
|
|
|
|
companyId: documents.companyId,
|
|
|
|
|
issueId: issueDocuments.issueId,
|
|
|
|
|
key: issueDocuments.key,
|
|
|
|
|
title: documents.title,
|
|
|
|
|
format: documents.format,
|
|
|
|
|
latestBody: documents.latestBody,
|
|
|
|
|
latestRevisionId: documents.latestRevisionId,
|
|
|
|
|
latestRevisionNumber: documents.latestRevisionNumber,
|
|
|
|
|
createdByAgentId: documents.createdByAgentId,
|
|
|
|
|
createdByUserId: documents.createdByUserId,
|
|
|
|
|
updatedByAgentId: documents.updatedByAgentId,
|
|
|
|
|
updatedByUserId: documents.updatedByUserId,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: documents.lockedAt,
|
|
|
|
|
lockedByAgentId: documents.lockedByAgentId,
|
|
|
|
|
lockedByUserId: documents.lockedByUserId,
|
2026-03-13 21:30:48 -05:00
|
|
|
createdAt: documents.createdAt,
|
|
|
|
|
updatedAt: documents.updatedAt,
|
|
|
|
|
})
|
|
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, issue.id), eq(issueDocuments.key, key)))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
|
|
|
|
|
if (existing) {
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
if (existing.lockedAt) {
|
|
|
|
|
if (input.lockedDocumentStrategy === "create_new_document") {
|
|
|
|
|
const issueDocumentKeys = await tx
|
|
|
|
|
.select({ key: issueDocuments.key })
|
|
|
|
|
.from(issueDocuments)
|
|
|
|
|
.where(eq(issueDocuments.issueId, issue.id));
|
|
|
|
|
const fallbackKey = nextAvailableDocumentKey(key, issueDocumentKeys.map((row) => row.key));
|
|
|
|
|
|
|
|
|
|
const [document] = await tx
|
|
|
|
|
.insert(documents)
|
|
|
|
|
.values({
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
title: input.title ?? null,
|
|
|
|
|
format: input.format,
|
|
|
|
|
latestBody: input.body,
|
|
|
|
|
latestRevisionId: null,
|
|
|
|
|
latestRevisionNumber: 1,
|
|
|
|
|
createdByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
createdByUserId: input.createdByUserId ?? null,
|
|
|
|
|
updatedByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
updatedByUserId: input.createdByUserId ?? null,
|
|
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
|
|
|
|
createdAt: now,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
const [revision] = await tx
|
|
|
|
|
.insert(documentRevisions)
|
|
|
|
|
.values({
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
documentId: document.id,
|
|
|
|
|
revisionNumber: 1,
|
|
|
|
|
title: input.title ?? null,
|
|
|
|
|
format: input.format,
|
|
|
|
|
body: input.body,
|
|
|
|
|
changeSummary: input.changeSummary ?? null,
|
|
|
|
|
createdByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
createdByUserId: input.createdByUserId ?? null,
|
|
|
|
|
createdByRunId: input.createdByRunId ?? null,
|
|
|
|
|
createdAt: now,
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(documents)
|
|
|
|
|
.set({ latestRevisionId: revision.id })
|
|
|
|
|
.where(eq(documents.id, document.id));
|
|
|
|
|
|
|
|
|
|
await tx.insert(issueDocuments).values({
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
issueId: issue.id,
|
|
|
|
|
documentId: document.id,
|
|
|
|
|
key: fallbackKey,
|
|
|
|
|
createdAt: now,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
created: true as const,
|
|
|
|
|
redirectedFromLockedDocument: {
|
|
|
|
|
id: existing.id,
|
|
|
|
|
key: existing.key,
|
|
|
|
|
},
|
|
|
|
|
document: {
|
|
|
|
|
id: document.id,
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
issueId: issue.id,
|
|
|
|
|
key: fallbackKey,
|
|
|
|
|
title: document.title,
|
|
|
|
|
format: document.format,
|
|
|
|
|
body: document.latestBody,
|
|
|
|
|
latestRevisionId: revision.id,
|
|
|
|
|
latestRevisionNumber: 1,
|
|
|
|
|
createdByAgentId: document.createdByAgentId,
|
|
|
|
|
createdByUserId: document.createdByUserId,
|
|
|
|
|
updatedByAgentId: document.updatedByAgentId,
|
|
|
|
|
updatedByUserId: document.updatedByUserId,
|
|
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
|
|
|
|
createdAt: document.createdAt,
|
|
|
|
|
updatedAt: document.updatedAt,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
throw conflict("Document is locked", {
|
|
|
|
|
key: existing.key,
|
|
|
|
|
documentId: existing.id,
|
|
|
|
|
lockedAt: existing.lockedAt,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-13 21:30:48 -05:00
|
|
|
if (!input.baseRevisionId) {
|
|
|
|
|
throw conflict("Document update requires baseRevisionId", {
|
|
|
|
|
currentRevisionId: existing.latestRevisionId,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
if (input.baseRevisionId !== existing.latestRevisionId) {
|
|
|
|
|
throw conflict("Document was updated by someone else", {
|
|
|
|
|
currentRevisionId: existing.latestRevisionId,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const nextRevisionNumber = existing.latestRevisionNumber + 1;
|
|
|
|
|
const [revision] = await tx
|
|
|
|
|
.insert(documentRevisions)
|
|
|
|
|
.values({
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
documentId: existing.id,
|
|
|
|
|
revisionNumber: nextRevisionNumber,
|
2026-03-26 08:24:57 -05:00
|
|
|
title: input.title ?? null,
|
|
|
|
|
format: input.format,
|
2026-03-13 21:30:48 -05:00
|
|
|
body: input.body,
|
|
|
|
|
changeSummary: input.changeSummary ?? null,
|
|
|
|
|
createdByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
createdByUserId: input.createdByUserId ?? null,
|
2026-04-02 09:11:49 -05:00
|
|
|
createdByRunId: input.createdByRunId ?? null,
|
2026-03-13 21:30:48 -05:00
|
|
|
createdAt: now,
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(documents)
|
|
|
|
|
.set({
|
|
|
|
|
title: input.title ?? null,
|
|
|
|
|
format: input.format,
|
|
|
|
|
latestBody: input.body,
|
|
|
|
|
latestRevisionId: revision.id,
|
|
|
|
|
latestRevisionNumber: nextRevisionNumber,
|
|
|
|
|
updatedByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
updatedByUserId: input.createdByUserId ?? null,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
})
|
|
|
|
|
.where(eq(documents.id, existing.id));
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(issueDocuments)
|
|
|
|
|
.set({ updatedAt: now })
|
|
|
|
|
.where(eq(issueDocuments.documentId, existing.id));
|
|
|
|
|
|
|
|
|
|
return {
|
2026-03-14 09:17:46 -05:00
|
|
|
created: false as const,
|
|
|
|
|
document: {
|
|
|
|
|
...existing,
|
|
|
|
|
title: input.title ?? null,
|
|
|
|
|
format: input.format,
|
|
|
|
|
body: input.body,
|
|
|
|
|
latestRevisionId: revision.id,
|
|
|
|
|
latestRevisionNumber: nextRevisionNumber,
|
|
|
|
|
updatedByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
updatedByUserId: input.createdByUserId ?? null,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: existing.lockedAt,
|
|
|
|
|
lockedByAgentId: existing.lockedByAgentId,
|
|
|
|
|
lockedByUserId: existing.lockedByUserId,
|
2026-03-14 09:17:46 -05:00
|
|
|
updatedAt: now,
|
|
|
|
|
},
|
2026-03-13 21:30:48 -05:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (input.baseRevisionId) {
|
|
|
|
|
throw conflict("Document does not exist yet", { key });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const [document] = await tx
|
|
|
|
|
.insert(documents)
|
|
|
|
|
.values({
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
title: input.title ?? null,
|
|
|
|
|
format: input.format,
|
|
|
|
|
latestBody: input.body,
|
|
|
|
|
latestRevisionId: null,
|
|
|
|
|
latestRevisionNumber: 1,
|
|
|
|
|
createdByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
createdByUserId: input.createdByUserId ?? null,
|
|
|
|
|
updatedByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
updatedByUserId: input.createdByUserId ?? null,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
2026-03-13 21:30:48 -05:00
|
|
|
createdAt: now,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
const [revision] = await tx
|
|
|
|
|
.insert(documentRevisions)
|
|
|
|
|
.values({
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
documentId: document.id,
|
|
|
|
|
revisionNumber: 1,
|
2026-03-26 08:24:57 -05:00
|
|
|
title: input.title ?? null,
|
|
|
|
|
format: input.format,
|
2026-03-13 21:30:48 -05:00
|
|
|
body: input.body,
|
|
|
|
|
changeSummary: input.changeSummary ?? null,
|
|
|
|
|
createdByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
createdByUserId: input.createdByUserId ?? null,
|
2026-04-02 09:11:49 -05:00
|
|
|
createdByRunId: input.createdByRunId ?? null,
|
2026-03-13 21:30:48 -05:00
|
|
|
createdAt: now,
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(documents)
|
|
|
|
|
.set({ latestRevisionId: revision.id })
|
|
|
|
|
.where(eq(documents.id, document.id));
|
|
|
|
|
|
|
|
|
|
await tx.insert(issueDocuments).values({
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
issueId: issue.id,
|
|
|
|
|
documentId: document.id,
|
|
|
|
|
key,
|
|
|
|
|
createdAt: now,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return {
|
2026-03-14 09:17:46 -05:00
|
|
|
created: true as const,
|
|
|
|
|
document: {
|
|
|
|
|
id: document.id,
|
|
|
|
|
companyId: issue.companyId,
|
|
|
|
|
issueId: issue.id,
|
|
|
|
|
key,
|
|
|
|
|
title: document.title,
|
|
|
|
|
format: document.format,
|
|
|
|
|
body: document.latestBody,
|
|
|
|
|
latestRevisionId: revision.id,
|
|
|
|
|
latestRevisionNumber: 1,
|
|
|
|
|
createdByAgentId: document.createdByAgentId,
|
|
|
|
|
createdByUserId: document.createdByUserId,
|
|
|
|
|
updatedByAgentId: document.updatedByAgentId,
|
|
|
|
|
updatedByUserId: document.updatedByUserId,
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockedAt: document.lockedAt,
|
|
|
|
|
lockedByAgentId: document.lockedByAgentId,
|
|
|
|
|
lockedByUserId: document.lockedByUserId,
|
2026-03-14 09:17:46 -05:00
|
|
|
createdAt: document.createdAt,
|
|
|
|
|
updatedAt: document.updatedAt,
|
|
|
|
|
},
|
2026-03-13 21:30:48 -05:00
|
|
|
};
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
});
|
|
|
|
|
} catch (error) {
|
|
|
|
|
if (isUniqueViolation(error)) {
|
|
|
|
|
if (input.lockedDocumentStrategy === "create_new_document" && attempt < maxAttempts - 1) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
throw conflict("Document key already exists on this issue", { key });
|
|
|
|
|
}
|
|
|
|
|
throw error;
|
2026-03-13 21:30:48 -05:00
|
|
|
}
|
|
|
|
|
}
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
|
|
|
|
|
throw conflict("Unable to choose a new document key for locked document", { key });
|
2026-03-13 21:30:48 -05:00
|
|
|
},
|
|
|
|
|
|
2026-03-26 08:24:57 -05:00
|
|
|
restoreIssueDocumentRevision: async (input: {
|
|
|
|
|
issueId: string;
|
|
|
|
|
key: string;
|
|
|
|
|
revisionId: string;
|
|
|
|
|
createdByAgentId?: string | null;
|
|
|
|
|
createdByUserId?: string | null;
|
|
|
|
|
}) => {
|
|
|
|
|
const key = normalizeDocumentKey(input.key);
|
2026-03-13 21:30:48 -05:00
|
|
|
return db.transaction(async (tx) => {
|
|
|
|
|
const existing = await tx
|
2026-03-26 08:24:57 -05:00
|
|
|
.select(issueDocumentSelect)
|
|
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, input.issueId), eq(issueDocuments.key, key)))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
|
|
|
|
|
if (!existing) throw notFound("Document not found");
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
if (existing.lockedAt) {
|
|
|
|
|
throw conflict("Document is locked", {
|
|
|
|
|
key: existing.key,
|
|
|
|
|
documentId: existing.id,
|
|
|
|
|
lockedAt: existing.lockedAt,
|
|
|
|
|
});
|
|
|
|
|
}
|
2026-03-26 08:24:57 -05:00
|
|
|
|
|
|
|
|
const revision = await tx
|
2026-03-13 21:30:48 -05:00
|
|
|
.select({
|
2026-03-26 08:24:57 -05:00
|
|
|
id: documentRevisions.id,
|
|
|
|
|
companyId: documentRevisions.companyId,
|
|
|
|
|
documentId: documentRevisions.documentId,
|
|
|
|
|
revisionNumber: documentRevisions.revisionNumber,
|
|
|
|
|
title: documentRevisions.title,
|
|
|
|
|
format: documentRevisions.format,
|
|
|
|
|
body: documentRevisions.body,
|
|
|
|
|
})
|
|
|
|
|
.from(documentRevisions)
|
|
|
|
|
.where(and(eq(documentRevisions.id, input.revisionId), eq(documentRevisions.documentId, existing.id)))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
|
|
|
|
|
if (!revision) throw notFound("Document revision not found");
|
|
|
|
|
if (existing.latestRevisionId === revision.id) {
|
|
|
|
|
throw conflict("Selected revision is already the latest revision", {
|
|
|
|
|
currentRevisionId: existing.latestRevisionId,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const now = new Date();
|
|
|
|
|
const nextRevisionNumber = existing.latestRevisionNumber + 1;
|
|
|
|
|
const [restoredRevision] = await tx
|
|
|
|
|
.insert(documentRevisions)
|
|
|
|
|
.values({
|
|
|
|
|
companyId: existing.companyId,
|
|
|
|
|
documentId: existing.id,
|
|
|
|
|
revisionNumber: nextRevisionNumber,
|
|
|
|
|
title: revision.title ?? null,
|
|
|
|
|
format: revision.format,
|
|
|
|
|
body: revision.body,
|
|
|
|
|
changeSummary: `Restored from revision ${revision.revisionNumber}`,
|
|
|
|
|
createdByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
createdByUserId: input.createdByUserId ?? null,
|
|
|
|
|
createdAt: now,
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(documents)
|
|
|
|
|
.set({
|
|
|
|
|
title: revision.title ?? null,
|
|
|
|
|
format: revision.format,
|
|
|
|
|
latestBody: revision.body,
|
|
|
|
|
latestRevisionId: restoredRevision.id,
|
|
|
|
|
latestRevisionNumber: nextRevisionNumber,
|
|
|
|
|
updatedByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
updatedByUserId: input.createdByUserId ?? null,
|
|
|
|
|
updatedAt: now,
|
2026-03-13 21:30:48 -05:00
|
|
|
})
|
2026-03-26 08:24:57 -05:00
|
|
|
.where(eq(documents.id, existing.id));
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(issueDocuments)
|
|
|
|
|
.set({ updatedAt: now })
|
|
|
|
|
.where(eq(issueDocuments.documentId, existing.id));
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
restoredFromRevisionId: revision.id,
|
|
|
|
|
restoredFromRevisionNumber: revision.revisionNumber,
|
|
|
|
|
document: {
|
|
|
|
|
...existing,
|
|
|
|
|
title: revision.title ?? null,
|
|
|
|
|
format: revision.format,
|
|
|
|
|
body: revision.body,
|
|
|
|
|
latestRevisionId: restoredRevision.id,
|
|
|
|
|
latestRevisionNumber: nextRevisionNumber,
|
|
|
|
|
updatedByAgentId: input.createdByAgentId ?? null,
|
|
|
|
|
updatedByUserId: input.createdByUserId ?? null,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
lockIssueDocument: async (input: {
|
|
|
|
|
issueId: string;
|
|
|
|
|
key: string;
|
|
|
|
|
lockedByAgentId?: string | null;
|
|
|
|
|
lockedByUserId?: string | null;
|
|
|
|
|
}) => {
|
|
|
|
|
const key = normalizeDocumentKey(input.key);
|
|
|
|
|
return db.transaction(async (tx) => {
|
|
|
|
|
const existing = await tx
|
|
|
|
|
.select(issueDocumentSelect)
|
|
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, input.issueId), eq(issueDocuments.key, key)))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
|
|
|
|
|
if (!existing) throw notFound("Document not found");
|
|
|
|
|
if (existing.lockedAt) {
|
|
|
|
|
return {
|
|
|
|
|
changed: false as const,
|
|
|
|
|
document: mapIssueDocumentRow(existing, true),
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const now = new Date();
|
|
|
|
|
await tx
|
|
|
|
|
.update(documents)
|
|
|
|
|
.set({
|
|
|
|
|
lockedAt: now,
|
|
|
|
|
lockedByAgentId: input.lockedByAgentId ?? null,
|
|
|
|
|
lockedByUserId: input.lockedByUserId ?? null,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
})
|
|
|
|
|
.where(eq(documents.id, existing.id));
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(issueDocuments)
|
|
|
|
|
.set({ updatedAt: now })
|
|
|
|
|
.where(eq(issueDocuments.documentId, existing.id));
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
changed: true as const,
|
|
|
|
|
document: {
|
|
|
|
|
...mapIssueDocumentRow(existing, true),
|
|
|
|
|
lockedAt: now,
|
|
|
|
|
lockedByAgentId: input.lockedByAgentId ?? null,
|
|
|
|
|
lockedByUserId: input.lockedByUserId ?? null,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
unlockIssueDocument: async (issueId: string, rawKey: string) => {
|
|
|
|
|
const key = normalizeDocumentKey(rawKey);
|
|
|
|
|
return db.transaction(async (tx) => {
|
|
|
|
|
const existing = await tx
|
|
|
|
|
.select(issueDocumentSelect)
|
|
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, issueId), eq(issueDocuments.key, key)))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
|
|
|
|
|
if (!existing) throw notFound("Document not found");
|
|
|
|
|
if (!existing.lockedAt) {
|
|
|
|
|
return {
|
|
|
|
|
changed: false as const,
|
|
|
|
|
document: mapIssueDocumentRow(existing, true),
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const now = new Date();
|
|
|
|
|
await tx
|
|
|
|
|
.update(documents)
|
|
|
|
|
.set({
|
|
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
})
|
|
|
|
|
.where(eq(documents.id, existing.id));
|
|
|
|
|
|
|
|
|
|
await tx
|
|
|
|
|
.update(issueDocuments)
|
|
|
|
|
.set({ updatedAt: now })
|
|
|
|
|
.where(eq(issueDocuments.documentId, existing.id));
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
changed: true as const,
|
|
|
|
|
document: {
|
|
|
|
|
...mapIssueDocumentRow(existing, true),
|
|
|
|
|
lockedAt: null,
|
|
|
|
|
lockedByAgentId: null,
|
|
|
|
|
lockedByUserId: null,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
|
2026-03-26 08:24:57 -05:00
|
|
|
deleteIssueDocument: async (issueId: string, rawKey: string) => {
|
|
|
|
|
const key = normalizeDocumentKey(rawKey);
|
|
|
|
|
return db.transaction(async (tx) => {
|
|
|
|
|
const existing = await tx
|
|
|
|
|
.select(issueDocumentSelect)
|
2026-03-13 21:30:48 -05:00
|
|
|
.from(issueDocuments)
|
|
|
|
|
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
|
|
|
|
|
.where(and(eq(issueDocuments.issueId, issueId), eq(issueDocuments.key, key)))
|
|
|
|
|
.then((rows) => rows[0] ?? null);
|
|
|
|
|
|
|
|
|
|
if (!existing) return null;
|
[codex] Add issue document locking (#6009)
## Thinking Path
> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.
## What Changed
- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.
## Verification
- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.
## Risks
- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.
## Model Used
- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-15 08:54:55 -05:00
|
|
|
if (existing.lockedAt) {
|
|
|
|
|
throw conflict("Document is locked", {
|
|
|
|
|
key: existing.key,
|
|
|
|
|
documentId: existing.id,
|
|
|
|
|
lockedAt: existing.lockedAt,
|
|
|
|
|
});
|
|
|
|
|
}
|
2026-03-13 21:30:48 -05:00
|
|
|
|
|
|
|
|
await tx.delete(issueDocuments).where(eq(issueDocuments.documentId, existing.id));
|
|
|
|
|
await tx.delete(documents).where(eq(documents.id, existing.id));
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
...existing,
|
|
|
|
|
body: existing.latestBody,
|
2026-03-13 22:17:49 -05:00
|
|
|
latestRevisionId: existing.latestRevisionId ?? null,
|
2026-03-13 21:30:48 -05:00
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|