2026-04-11 11:05:32 -05:00
|
|
|
import type { QueryClient } from "@tanstack/react-query";
|
|
|
|
|
import type { Issue } from "@paperclipai/shared";
|
|
|
|
|
import { issuesApi } from "@/api/issues";
|
|
|
|
|
import { queryKeys } from "@/lib/queryKeys";
|
|
|
|
|
|
|
|
|
|
const ISSUE_DETAIL_QUERY_PREFIX = ["issues", "detail"] as const;
|
2026-04-12 21:30:50 -05:00
|
|
|
export const ISSUE_DETAIL_STALE_TIME_MS = 60_000;
|
2026-04-11 11:05:32 -05:00
|
|
|
|
|
|
|
|
function isNonEmptyString(value: unknown): value is string {
|
|
|
|
|
return typeof value === "string" && value.length > 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function collectIssueRefs(
|
|
|
|
|
issueRef: string | null | undefined,
|
|
|
|
|
issue?: Pick<Issue, "id" | "identifier"> | null,
|
|
|
|
|
): string[] {
|
|
|
|
|
const refs = new Set<string>();
|
|
|
|
|
if (isNonEmptyString(issueRef)) refs.add(issueRef);
|
|
|
|
|
if (isNonEmptyString(issue?.id)) refs.add(issue.id);
|
|
|
|
|
if (isNonEmptyString(issue?.identifier)) refs.add(issue.identifier);
|
|
|
|
|
return Array.from(refs);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function matchesIssueRef(issue: Pick<Issue, "id" | "identifier">, refs: Iterable<string>) {
|
|
|
|
|
const refSet = refs instanceof Set ? refs : new Set(refs);
|
|
|
|
|
return refSet.has(issue.id) || (!!issue.identifier && refSet.has(issue.identifier));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function mergeIssueSnapshots(existing: Issue | undefined, incoming: Issue): Issue {
|
|
|
|
|
if (!existing) return incoming;
|
|
|
|
|
return {
|
|
|
|
|
...existing,
|
|
|
|
|
...incoming,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function getIssueDetailCacheRefs(issue: Pick<Issue, "id" | "identifier">): string[] {
|
|
|
|
|
return collectIssueRefs(null, issue);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function getCachedIssueDetail(
|
|
|
|
|
queryClient: QueryClient,
|
|
|
|
|
issueRef: string | null | undefined,
|
|
|
|
|
issue?: Pick<Issue, "id" | "identifier"> | null,
|
|
|
|
|
): Issue | undefined {
|
|
|
|
|
const refs = collectIssueRefs(issueRef, issue);
|
|
|
|
|
|
|
|
|
|
for (const ref of refs) {
|
|
|
|
|
const cached = queryClient.getQueryData<Issue>(queryKeys.issues.detail(ref));
|
|
|
|
|
if (cached) return cached;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const cachedEntries = queryClient.getQueriesData<Issue>({ queryKey: ISSUE_DETAIL_QUERY_PREFIX });
|
|
|
|
|
return cachedEntries
|
|
|
|
|
.map(([, cachedIssue]) => cachedIssue)
|
|
|
|
|
.find((cachedIssue): cachedIssue is Issue => !!cachedIssue && matchesIssueRef(cachedIssue, refs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function seedIssueDetailCache(
|
|
|
|
|
queryClient: QueryClient,
|
|
|
|
|
issue: Issue,
|
|
|
|
|
options?: {
|
|
|
|
|
issueRef?: string | null;
|
|
|
|
|
},
|
|
|
|
|
): Issue {
|
|
|
|
|
const refs = collectIssueRefs(options?.issueRef, issue);
|
|
|
|
|
const merged = mergeIssueSnapshots(getCachedIssueDetail(queryClient, options?.issueRef, issue), issue);
|
|
|
|
|
|
|
|
|
|
for (const ref of refs) {
|
|
|
|
|
queryClient.setQueryData<Issue>(
|
|
|
|
|
queryKeys.issues.detail(ref),
|
|
|
|
|
(existing) => mergeIssueSnapshots(existing, merged),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return merged;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export async function fetchIssueDetail(
|
|
|
|
|
queryClient: QueryClient,
|
|
|
|
|
issueRef: string,
|
|
|
|
|
): Promise<Issue> {
|
|
|
|
|
const issue = await issuesApi.get(issueRef);
|
|
|
|
|
return seedIssueDetailCache(queryClient, issue, { issueRef });
|
|
|
|
|
}
|
|
|
|
|
|
[codex] harden authenticated routes and issue editor reliability (#3741)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The control plane depends on authenticated routes enforcing company
boundaries and role permissions correctly
> - This branch also touches the issue detail and markdown editing flows
operators use while handling advisory and triage work
> - Partial issue cache seeds and fragile rich-editor parsing could
leave important issue content missing or blank at the moment an operator
needed it
> - Blocked issues becoming actionable again should wake their assignee
automatically instead of silently staying idle
> - This pull request rebases the advisory follow-up branch onto current
`master`, hardens authenticated route authorization, and carries the
issue-detail/editor reliability fixes forward with regression tests
> - The benefit is tighter authz on sensitive routes plus more reliable
issue/advisory editing and wakeup behavior on top of the latest base
## What Changed
- Hardened authenticated route authorization across agent, activity,
approval, access, project, plugin, health, execution-workspace,
portability, and related server paths, with new cross-tenant and
runtime-authz regression coverage.
- Switched issue detail queries from `initialData` to placeholder-based
hydration so list/quicklook seeds still refetch full issue bodies.
- Normalized advisory-style HTML images before mounting the markdown
editor and strengthened fallback behavior when the rich editor silently
fails or rejects the content.
- Woke assigned agents when blocked issues move back to `todo`, with
route coverage for reopen and unblock transitions.
- Rebasing note: this branch now sits cleanly on top of the latest
`master` tip used for the PR base.
## Verification
- `pnpm exec vitest run ui/src/lib/issueDetailQuery.test.tsx
ui/src/components/MarkdownEditor.test.tsx
server/src/__tests__/issue-comment-reopen-routes.test.ts
server/src/__tests__/activity-routes.test.ts
server/src/__tests__/agent-cross-tenant-authz-routes.test.ts`
- Confirmed `pnpm-lock.yaml` is not part of the PR diff.
- Rebased the branch onto current `public-gh/master` before publishing.
## Risks
- Broad authz tightening may expose existing flows that were relying on
permissive board or agent access and now need explicit grants.
- Markdown editor fallback changes could affect focus or rendering in
edge-case content that mixes HTML-like advisory markup with normal
markdown.
- This verification was intentionally scoped to touched regressions and
did not run the full repository suite.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in the Codex CLI environment
with tool use for terminal, git, and GitHub operations. The exact
runtime model identifier is not exposed inside this session.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, it is behavior-only and does not
need before/after screenshots
- [x] I have updated relevant documentation to reflect my changes, or no
documentation changes were needed for these internal fixes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-15 08:41:15 -05:00
|
|
|
export function getIssueDetailQueryOptions(
|
|
|
|
|
queryClient: QueryClient,
|
|
|
|
|
issueRef: string,
|
|
|
|
|
options?: {
|
|
|
|
|
placeholderIssue?: Pick<Issue, "id" | "identifier"> | null;
|
|
|
|
|
},
|
|
|
|
|
) {
|
|
|
|
|
return {
|
|
|
|
|
queryKey: queryKeys.issues.detail(issueRef),
|
|
|
|
|
queryFn: () => fetchIssueDetail(queryClient, issueRef),
|
|
|
|
|
placeholderData: getCachedIssueDetail(queryClient, issueRef, options?.placeholderIssue ?? undefined),
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-11 11:05:32 -05:00
|
|
|
export function prefetchIssueDetail(
|
|
|
|
|
queryClient: QueryClient,
|
|
|
|
|
issueRef: string,
|
|
|
|
|
options?: {
|
|
|
|
|
issue?: Issue | null;
|
|
|
|
|
},
|
|
|
|
|
) {
|
|
|
|
|
if (options?.issue) {
|
|
|
|
|
seedIssueDetailCache(queryClient, options.issue, { issueRef });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return queryClient.prefetchQuery({
|
|
|
|
|
queryKey: queryKeys.issues.detail(issueRef),
|
|
|
|
|
queryFn: () => fetchIssueDetail(queryClient, issueRef),
|
|
|
|
|
staleTime: ISSUE_DETAIL_STALE_TIME_MS,
|
|
|
|
|
});
|
|
|
|
|
}
|