Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
export const COMPANY_STATUSES = ["active", "paused", "archived"] as const;
|
|
|
|
|
export type CompanyStatus = (typeof COMPANY_STATUSES)[number];
|
|
|
|
|
|
2026-02-23 09:14:08 -06:00
|
|
|
export const DEPLOYMENT_MODES = ["local_trusted", "authenticated"] as const;
|
|
|
|
|
export type DeploymentMode = (typeof DEPLOYMENT_MODES)[number];
|
|
|
|
|
|
|
|
|
|
export const DEPLOYMENT_EXPOSURES = ["private", "public"] as const;
|
|
|
|
|
export type DeploymentExposure = (typeof DEPLOYMENT_EXPOSURES)[number];
|
|
|
|
|
|
2026-04-10 07:32:16 -05:00
|
|
|
export const BIND_MODES = ["loopback", "lan", "tailnet", "custom"] as const;
|
|
|
|
|
export type BindMode = (typeof BIND_MODES)[number];
|
|
|
|
|
|
2026-02-23 09:14:08 -06:00
|
|
|
export const AUTH_BASE_URL_MODES = ["auto", "explicit"] as const;
|
|
|
|
|
export type AuthBaseUrlMode = (typeof AUTH_BASE_URL_MODES)[number];
|
|
|
|
|
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
export const AGENT_STATUSES = [
|
|
|
|
|
"active",
|
|
|
|
|
"paused",
|
|
|
|
|
"idle",
|
|
|
|
|
"running",
|
|
|
|
|
"error",
|
2026-02-19 09:10:38 -06:00
|
|
|
"pending_approval",
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
"terminated",
|
|
|
|
|
] as const;
|
2026-02-16 13:31:47 -06:00
|
|
|
export type AgentStatus = (typeof AGENT_STATUSES)[number];
|
|
|
|
|
|
2026-03-05 15:24:20 +01:00
|
|
|
export const AGENT_ADAPTER_TYPES = [
|
|
|
|
|
"process",
|
|
|
|
|
"http",
|
|
|
|
|
"claude_local",
|
|
|
|
|
"codex_local",
|
2026-04-01 14:07:47 +00:00
|
|
|
"gemini_local",
|
2026-03-05 15:24:20 +01:00
|
|
|
"opencode_local",
|
2026-03-06 18:47:44 -08:00
|
|
|
"pi_local",
|
2026-03-06 15:23:55 +00:00
|
|
|
"cursor",
|
2026-03-07 08:59:29 -06:00
|
|
|
"openclaw_gateway",
|
2026-03-05 15:24:20 +01:00
|
|
|
] as const;
|
2026-03-31 20:21:13 +01:00
|
|
|
export type AgentAdapterType = (typeof AGENT_ADAPTER_TYPES)[number] | (string & {});
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
|
2026-02-16 13:31:47 -06:00
|
|
|
export const AGENT_ROLES = [
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
"ceo",
|
|
|
|
|
"cto",
|
|
|
|
|
"cmo",
|
|
|
|
|
"cfo",
|
2026-02-16 13:31:47 -06:00
|
|
|
"engineer",
|
|
|
|
|
"designer",
|
|
|
|
|
"pm",
|
|
|
|
|
"qa",
|
|
|
|
|
"devops",
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
"researcher",
|
2026-02-16 13:31:47 -06:00
|
|
|
"general",
|
|
|
|
|
] as const;
|
|
|
|
|
export type AgentRole = (typeof AGENT_ROLES)[number];
|
|
|
|
|
|
2026-03-07 17:07:14 -08:00
|
|
|
export const AGENT_ROLE_LABELS: Record<AgentRole, string> = {
|
|
|
|
|
ceo: "CEO",
|
|
|
|
|
cto: "CTO",
|
|
|
|
|
cmo: "CMO",
|
|
|
|
|
cfo: "CFO",
|
|
|
|
|
engineer: "Engineer",
|
|
|
|
|
designer: "Designer",
|
|
|
|
|
pm: "PM",
|
|
|
|
|
qa: "QA",
|
|
|
|
|
devops: "DevOps",
|
|
|
|
|
researcher: "Researcher",
|
|
|
|
|
general: "General",
|
|
|
|
|
};
|
|
|
|
|
|
[codex] Improve agent runtime recovery and governance (#4086)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The heartbeat runtime, agent import path, and agent configuration
defaults determine whether work is dispatched safely and predictably.
> - Several accumulated fixes all touched agent execution recovery, wake
routing, import behavior, and runtime concurrency defaults.
> - Those changes need to land together so the heartbeat service and
agent creation defaults stay internally consistent.
> - This pull request groups the runtime/governance changes from the
split branch into one standalone branch.
> - The benefit is safer recovery for stranded runs, bounded high-volume
reads, imported-agent approval correctness, skill-template support, and
a clearer default concurrency policy.
## What Changed
- Fixed stranded continuation recovery so successful automatic retries
are requeued instead of incorrectly blocking the issue.
- Bounded high-volume issue/log reads across issue, heartbeat, agent,
project, and workspace paths.
- Fixed imported-agent approval and instruction-path permission
handling.
- Quarantined seeded worktree execution state during worktree
provisioning.
- Queued approval follow-up wakes and hardened SQL_ASCII heartbeat
output handling.
- Added reusable agent instruction templates for hiring flows.
- Set the default max concurrent agent runs to five and updated related
UI/tests/docs.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm exec vitest run server/src/__tests__/company-portability.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts
server/src/__tests__/heartbeat-comment-wake-batching.test.ts
server/src/__tests__/heartbeat-list.test.ts
server/src/__tests__/issues-service.test.ts
server/src/__tests__/agent-permissions-routes.test.ts
packages/adapter-utils/src/server-utils.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- Split integration check: merged this branch first, followed by the
other [PAP-1614](/PAP/issues/PAP-1614) branches, with no merge
conflicts.
- Confirmed this branch does not include `pnpm-lock.yaml`.
## Risks
- Medium risk: touches heartbeat recovery, queueing, and issue list
bounds in central runtime paths.
- Imported-agent and concurrency default behavior changes may affect
existing automation that assumes one-at-a-time default runs.
- No database migrations are included.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4 tool-enabled coding model, agentic
code-editing/runtime with local shell and GitHub CLI access; exact
context window and reasoning mode are not exposed by the Paperclip
harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:19:48 -05:00
|
|
|
export const AGENT_DEFAULT_MAX_CONCURRENT_RUNS = 5;
|
|
|
|
|
|
[codex] Respect manual workspace runtime controls (#4125)
## Thinking Path
> - Paperclip orchestrates AI agents inside execution and project
workspaces
> - Workspace runtime services can be controlled manually by operators
and reused by agent runs
> - Manual start/stop state was not preserved consistently across
workspace policies and routine launches
> - Routine launches also needed branch/workspace variables to default
from the selected workspace context
> - This pull request makes runtime policy state explicit, preserves
manual control, and auto-fills routine branch variables from workspace
data
> - The benefit is less surprising workspace service behavior and fewer
manual inputs when running workspace-scoped routines
## What Changed
- Added runtime-state handling for manual workspace control across
execution and project workspace validators, routes, and services.
- Updated heartbeat/runtime startup behavior so manually stopped
services are respected.
- Auto-filled routine workspace branch variables from available
workspace context.
- Added focused server and UI tests for workspace runtime and routine
variable behavior.
- Removed muted gray background styling from workspace pages and cards
for a cleaner workspace UI.
## Verification
- `pnpm install --frozen-lockfile --ignore-scripts`
- `pnpm exec vitest run server/src/__tests__/routines-service.test.ts
server/src/__tests__/workspace-runtime.test.ts
ui/src/components/RoutineRunVariablesDialog.test.tsx`
- Result: 55 tests passed, 21 skipped. The embedded Postgres routines
tests skipped on this host with the existing PGlite/Postgres init
warning; workspace-runtime and UI tests passed.
## Risks
- Medium risk: this touches runtime service start/stop policy and
heartbeat launch behavior.
- The focused tests cover manual runtime state, routine variables, and
workspace runtime reuse paths.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex coding agent based on GPT-5, tool-enabled local shell and
GitHub workflow, exact runtime context window not exposed in this
session.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots, or documented why targeted component/service verification
is sufficient here
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 10:39:37 -05:00
|
|
|
export const WORKSPACE_BRANCH_ROUTINE_VARIABLE = "workspaceBranch";
|
|
|
|
|
|
2026-02-25 08:39:11 -06:00
|
|
|
export const AGENT_ICON_NAMES = [
|
|
|
|
|
"bot",
|
|
|
|
|
"cpu",
|
|
|
|
|
"brain",
|
|
|
|
|
"zap",
|
|
|
|
|
"rocket",
|
|
|
|
|
"code",
|
|
|
|
|
"terminal",
|
|
|
|
|
"shield",
|
|
|
|
|
"eye",
|
|
|
|
|
"search",
|
|
|
|
|
"wrench",
|
|
|
|
|
"hammer",
|
|
|
|
|
"lightbulb",
|
|
|
|
|
"sparkles",
|
|
|
|
|
"star",
|
|
|
|
|
"heart",
|
|
|
|
|
"flame",
|
|
|
|
|
"bug",
|
|
|
|
|
"cog",
|
|
|
|
|
"database",
|
|
|
|
|
"globe",
|
|
|
|
|
"lock",
|
|
|
|
|
"mail",
|
|
|
|
|
"message-square",
|
|
|
|
|
"file-code",
|
|
|
|
|
"git-branch",
|
|
|
|
|
"package",
|
|
|
|
|
"puzzle",
|
|
|
|
|
"target",
|
|
|
|
|
"wand",
|
|
|
|
|
"atom",
|
|
|
|
|
"circuit-board",
|
|
|
|
|
"radar",
|
|
|
|
|
"swords",
|
|
|
|
|
"telescope",
|
|
|
|
|
"microscope",
|
|
|
|
|
"crown",
|
|
|
|
|
"gem",
|
|
|
|
|
"hexagon",
|
|
|
|
|
"pentagon",
|
|
|
|
|
"fingerprint",
|
|
|
|
|
] as const;
|
|
|
|
|
export type AgentIconName = (typeof AGENT_ICON_NAMES)[number];
|
|
|
|
|
|
2026-02-16 13:31:47 -06:00
|
|
|
export const ISSUE_STATUSES = [
|
|
|
|
|
"backlog",
|
|
|
|
|
"todo",
|
|
|
|
|
"in_progress",
|
|
|
|
|
"in_review",
|
|
|
|
|
"done",
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
"blocked",
|
2026-02-16 13:31:47 -06:00
|
|
|
"cancelled",
|
|
|
|
|
] as const;
|
|
|
|
|
export type IssueStatus = (typeof ISSUE_STATUSES)[number];
|
|
|
|
|
|
2026-03-26 20:06:29 -05:00
|
|
|
export const INBOX_MINE_ISSUE_STATUSES = [
|
|
|
|
|
"backlog",
|
|
|
|
|
"todo",
|
|
|
|
|
"in_progress",
|
|
|
|
|
"in_review",
|
|
|
|
|
"blocked",
|
|
|
|
|
"done",
|
|
|
|
|
] as const;
|
|
|
|
|
export const INBOX_MINE_ISSUE_STATUS_FILTER = INBOX_MINE_ISSUE_STATUSES.join(",");
|
|
|
|
|
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
export const ISSUE_PRIORITIES = ["critical", "high", "medium", "low"] as const;
|
2026-02-16 13:31:47 -06:00
|
|
|
export type IssuePriority = (typeof ISSUE_PRIORITIES)[number];
|
|
|
|
|
|
2026-03-19 08:39:24 -05:00
|
|
|
export const ISSUE_ORIGIN_KINDS = ["manual", "routine_execution"] as const;
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
export type BuiltInIssueOriginKind = (typeof ISSUE_ORIGIN_KINDS)[number];
|
|
|
|
|
export type PluginIssueOriginKind = `plugin:${string}`;
|
|
|
|
|
export type IssueOriginKind = BuiltInIssueOriginKind | PluginIssueOriginKind;
|
2026-03-19 08:39:24 -05:00
|
|
|
|
2026-04-04 13:56:04 -05:00
|
|
|
export const ISSUE_RELATION_TYPES = ["blocks"] as const;
|
|
|
|
|
export type IssueRelationType = (typeof ISSUE_RELATION_TYPES)[number];
|
|
|
|
|
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
export const ISSUE_CONTINUATION_SUMMARY_DOCUMENT_KEY = "continuation-summary" as const;
|
|
|
|
|
export const SYSTEM_ISSUE_DOCUMENT_KEYS = [ISSUE_CONTINUATION_SUMMARY_DOCUMENT_KEY] as const;
|
|
|
|
|
export type SystemIssueDocumentKey = (typeof SYSTEM_ISSUE_DOCUMENT_KEYS)[number];
|
|
|
|
|
|
|
|
|
|
const SYSTEM_ISSUE_DOCUMENT_KEY_SET = new Set<string>(SYSTEM_ISSUE_DOCUMENT_KEYS);
|
|
|
|
|
|
|
|
|
|
export function isSystemIssueDocumentKey(key: string): key is SystemIssueDocumentKey {
|
|
|
|
|
return SYSTEM_ISSUE_DOCUMENT_KEY_SET.has(key);
|
|
|
|
|
}
|
Add first-class issue references (#4214)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Operators and agents coordinate through company-scoped issues,
comments, documents, and task relationships.
> - Issue text can mention other tickets, but those references were
previously plain markdown/text without durable relationship data.
> - That made it harder to understand related work, surface backlinks,
and keep cross-ticket context visible in the board.
> - This pull request adds first-class issue reference extraction,
storage, API responses, and UI surfaces.
> - The benefit is that issue references become queryable, navigable,
and visible without relying on ad hoc text scanning.
## What Changed
- Added shared issue-reference parsing utilities and exported
reference-related types/constants.
- Added an `issue_reference_mentions` table, idempotent migration DDL,
schema exports, and database documentation.
- Added server-side issue reference services, route integration,
activity summaries, and a backfill command for existing issue content.
- Added UI reference pills, related-work panels, markdown/editor mention
handling, and issue detail/property rendering updates.
- Added focused shared, server, and UI tests for parsing, persistence,
display, and related-work behavior.
- Rebased `PAP-735-first-class-task-references` cleanly onto
`public-gh/master`; no `pnpm-lock.yaml` changes are included.
## Verification
- `pnpm -r typecheck`
- `pnpm test:run packages/shared/src/issue-references.test.ts
server/src/__tests__/issue-references-service.test.ts
ui/src/components/IssueRelatedWorkPanel.test.tsx
ui/src/components/IssueProperties.test.tsx
ui/src/components/MarkdownBody.test.tsx`
## Risks
- Medium risk because this adds a new issue-reference persistence path
that touches shared parsing, database schema, server routes, and UI
rendering.
- Migration risk is mitigated by `CREATE TABLE IF NOT EXISTS`, guarded
foreign-key creation, and `CREATE INDEX IF NOT EXISTS` statements so
users who have applied an older local version of the numbered migration
can re-run safely.
- UI risk is limited by focused component coverage, but reviewers should
still manually inspect issue detail pages containing ticket references
before merge.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5-based coding agent, tool-using shell workflow with
repository inspection, git rebase/push, typecheck, and focused Vitest
verification.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: dotta <dotta@example.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-21 10:02:52 -05:00
|
|
|
export const ISSUE_REFERENCE_SOURCE_KINDS = ["title", "description", "comment", "document"] as const;
|
|
|
|
|
export type IssueReferenceSourceKind = (typeof ISSUE_REFERENCE_SOURCE_KINDS)[number];
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
|
2026-04-06 08:40:38 -05:00
|
|
|
export const ISSUE_EXECUTION_POLICY_MODES = ["normal", "auto"] as const;
|
|
|
|
|
export type IssueExecutionPolicyMode = (typeof ISSUE_EXECUTION_POLICY_MODES)[number];
|
|
|
|
|
|
|
|
|
|
export const ISSUE_EXECUTION_STAGE_TYPES = ["review", "approval"] as const;
|
|
|
|
|
export type IssueExecutionStageType = (typeof ISSUE_EXECUTION_STAGE_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
export const ISSUE_EXECUTION_STATE_STATUSES = ["idle", "pending", "changes_requested", "completed"] as const;
|
|
|
|
|
export type IssueExecutionStateStatus = (typeof ISSUE_EXECUTION_STATE_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const ISSUE_EXECUTION_DECISION_OUTCOMES = ["approved", "changes_requested"] as const;
|
|
|
|
|
export type IssueExecutionDecisionOutcome = (typeof ISSUE_EXECUTION_DECISION_OUTCOMES)[number];
|
|
|
|
|
|
2026-02-16 13:31:47 -06:00
|
|
|
export const GOAL_LEVELS = ["company", "team", "agent", "task"] as const;
|
|
|
|
|
export type GoalLevel = (typeof GOAL_LEVELS)[number];
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
|
|
|
|
|
export const GOAL_STATUSES = ["planned", "active", "achieved", "cancelled"] as const;
|
|
|
|
|
export type GoalStatus = (typeof GOAL_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const PROJECT_STATUSES = [
|
|
|
|
|
"backlog",
|
|
|
|
|
"planned",
|
|
|
|
|
"in_progress",
|
|
|
|
|
"completed",
|
|
|
|
|
"cancelled",
|
|
|
|
|
] as const;
|
|
|
|
|
export type ProjectStatus = (typeof PROJECT_STATUSES)[number];
|
|
|
|
|
|
2026-03-19 08:39:24 -05:00
|
|
|
export const ROUTINE_STATUSES = ["active", "paused", "archived"] as const;
|
|
|
|
|
export type RoutineStatus = (typeof ROUTINE_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const ROUTINE_CONCURRENCY_POLICIES = ["coalesce_if_active", "always_enqueue", "skip_if_active"] as const;
|
|
|
|
|
export type RoutineConcurrencyPolicy = (typeof ROUTINE_CONCURRENCY_POLICIES)[number];
|
|
|
|
|
|
|
|
|
|
export const ROUTINE_CATCH_UP_POLICIES = ["skip_missed", "enqueue_missed_with_cap"] as const;
|
|
|
|
|
export type RoutineCatchUpPolicy = (typeof ROUTINE_CATCH_UP_POLICIES)[number];
|
|
|
|
|
|
|
|
|
|
export const ROUTINE_TRIGGER_KINDS = ["schedule", "webhook", "api"] as const;
|
|
|
|
|
export type RoutineTriggerKind = (typeof ROUTINE_TRIGGER_KINDS)[number];
|
|
|
|
|
|
2026-03-27 23:15:55 -03:00
|
|
|
export const ROUTINE_TRIGGER_SIGNING_MODES = ["bearer", "hmac_sha256", "github_hmac", "none"] as const;
|
2026-03-19 08:39:24 -05:00
|
|
|
export type RoutineTriggerSigningMode = (typeof ROUTINE_TRIGGER_SIGNING_MODES)[number];
|
|
|
|
|
|
2026-04-02 11:38:57 -05:00
|
|
|
export const ROUTINE_VARIABLE_TYPES = ["text", "textarea", "number", "boolean", "select"] as const;
|
|
|
|
|
export type RoutineVariableType = (typeof ROUTINE_VARIABLE_TYPES)[number];
|
|
|
|
|
|
2026-03-19 08:39:24 -05:00
|
|
|
export const ROUTINE_RUN_STATUSES = [
|
|
|
|
|
"received",
|
|
|
|
|
"coalesced",
|
|
|
|
|
"skipped",
|
|
|
|
|
"issue_created",
|
|
|
|
|
"completed",
|
|
|
|
|
"failed",
|
|
|
|
|
] as const;
|
|
|
|
|
export type RoutineRunStatus = (typeof ROUTINE_RUN_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const ROUTINE_RUN_SOURCES = ["schedule", "manual", "api", "webhook"] as const;
|
|
|
|
|
export type RoutineRunSource = (typeof ROUTINE_RUN_SOURCES)[number];
|
|
|
|
|
|
2026-03-14 22:00:12 -05:00
|
|
|
export const PAUSE_REASONS = ["manual", "budget", "system"] as const;
|
|
|
|
|
export type PauseReason = (typeof PAUSE_REASONS)[number];
|
|
|
|
|
|
2026-02-23 09:14:08 -06:00
|
|
|
export const PROJECT_COLORS = [
|
|
|
|
|
"#6366f1", // indigo
|
|
|
|
|
"#8b5cf6", // violet
|
|
|
|
|
"#ec4899", // pink
|
|
|
|
|
"#ef4444", // red
|
|
|
|
|
"#f97316", // orange
|
|
|
|
|
"#eab308", // yellow
|
|
|
|
|
"#22c55e", // green
|
|
|
|
|
"#14b8a6", // teal
|
|
|
|
|
"#06b6d4", // cyan
|
|
|
|
|
"#3b82f6", // blue
|
|
|
|
|
] as const;
|
|
|
|
|
|
2026-04-06 10:36:31 -05:00
|
|
|
export const APPROVAL_TYPES = [
|
|
|
|
|
"hire_agent",
|
|
|
|
|
"approve_ceo_strategy",
|
|
|
|
|
"budget_override_required",
|
|
|
|
|
"request_board_approval",
|
|
|
|
|
] as const;
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
export type ApprovalType = (typeof APPROVAL_TYPES)[number];
|
|
|
|
|
|
2026-02-19 09:10:38 -06:00
|
|
|
export const APPROVAL_STATUSES = [
|
|
|
|
|
"pending",
|
|
|
|
|
"revision_requested",
|
|
|
|
|
"approved",
|
|
|
|
|
"rejected",
|
|
|
|
|
"cancelled",
|
|
|
|
|
] as const;
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
export type ApprovalStatus = (typeof APPROVAL_STATUSES)[number];
|
|
|
|
|
|
2026-02-19 15:43:43 -06:00
|
|
|
export const SECRET_PROVIDERS = [
|
|
|
|
|
"local_encrypted",
|
|
|
|
|
"aws_secrets_manager",
|
|
|
|
|
"gcp_secret_manager",
|
|
|
|
|
"vault",
|
|
|
|
|
] as const;
|
|
|
|
|
export type SecretProvider = (typeof SECRET_PROVIDERS)[number];
|
|
|
|
|
|
2026-02-20 10:31:56 -06:00
|
|
|
export const STORAGE_PROVIDERS = ["local_disk", "s3"] as const;
|
|
|
|
|
export type StorageProvider = (typeof STORAGE_PROVIDERS)[number];
|
|
|
|
|
|
2026-03-14 22:00:12 -05:00
|
|
|
export const BILLING_TYPES = [
|
|
|
|
|
"metered_api",
|
|
|
|
|
"subscription_included",
|
|
|
|
|
"subscription_overage",
|
|
|
|
|
"credits",
|
|
|
|
|
"fixed",
|
|
|
|
|
"unknown",
|
|
|
|
|
] as const;
|
|
|
|
|
export type BillingType = (typeof BILLING_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
export const FINANCE_EVENT_KINDS = [
|
|
|
|
|
"inference_charge",
|
|
|
|
|
"platform_fee",
|
|
|
|
|
"credit_purchase",
|
|
|
|
|
"credit_refund",
|
|
|
|
|
"credit_expiry",
|
|
|
|
|
"byok_fee",
|
|
|
|
|
"gateway_overhead",
|
|
|
|
|
"log_storage_charge",
|
|
|
|
|
"logpush_charge",
|
|
|
|
|
"provisioned_capacity_charge",
|
|
|
|
|
"training_charge",
|
|
|
|
|
"custom_model_import_charge",
|
|
|
|
|
"custom_model_storage_charge",
|
|
|
|
|
"manual_adjustment",
|
|
|
|
|
] as const;
|
|
|
|
|
export type FinanceEventKind = (typeof FINANCE_EVENT_KINDS)[number];
|
|
|
|
|
|
|
|
|
|
export const FINANCE_DIRECTIONS = ["debit", "credit"] as const;
|
|
|
|
|
export type FinanceDirection = (typeof FINANCE_DIRECTIONS)[number];
|
|
|
|
|
|
|
|
|
|
export const FINANCE_UNITS = [
|
|
|
|
|
"input_token",
|
|
|
|
|
"output_token",
|
|
|
|
|
"cached_input_token",
|
|
|
|
|
"request",
|
|
|
|
|
"credit_usd",
|
|
|
|
|
"credit_unit",
|
|
|
|
|
"model_unit_minute",
|
|
|
|
|
"model_unit_hour",
|
|
|
|
|
"gb_month",
|
|
|
|
|
"train_token",
|
|
|
|
|
"unknown",
|
|
|
|
|
] as const;
|
|
|
|
|
export type FinanceUnit = (typeof FINANCE_UNITS)[number];
|
|
|
|
|
|
|
|
|
|
export const BUDGET_SCOPE_TYPES = ["company", "agent", "project"] as const;
|
|
|
|
|
export type BudgetScopeType = (typeof BUDGET_SCOPE_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
export const BUDGET_METRICS = ["billed_cents"] as const;
|
|
|
|
|
export type BudgetMetric = (typeof BUDGET_METRICS)[number];
|
|
|
|
|
|
|
|
|
|
export const BUDGET_WINDOW_KINDS = ["calendar_month_utc", "lifetime"] as const;
|
|
|
|
|
export type BudgetWindowKind = (typeof BUDGET_WINDOW_KINDS)[number];
|
|
|
|
|
|
|
|
|
|
export const BUDGET_THRESHOLD_TYPES = ["soft", "hard"] as const;
|
|
|
|
|
export type BudgetThresholdType = (typeof BUDGET_THRESHOLD_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
export const BUDGET_INCIDENT_STATUSES = ["open", "resolved", "dismissed"] as const;
|
|
|
|
|
export type BudgetIncidentStatus = (typeof BUDGET_INCIDENT_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const BUDGET_INCIDENT_RESOLUTION_ACTIONS = [
|
|
|
|
|
"keep_paused",
|
|
|
|
|
"raise_budget_and_resume",
|
|
|
|
|
] as const;
|
|
|
|
|
export type BudgetIncidentResolutionAction = (typeof BUDGET_INCIDENT_RESOLUTION_ACTIONS)[number];
|
|
|
|
|
|
2026-02-17 12:24:38 -06:00
|
|
|
export const HEARTBEAT_INVOCATION_SOURCES = [
|
|
|
|
|
"timer",
|
|
|
|
|
"assignment",
|
|
|
|
|
"on_demand",
|
|
|
|
|
"automation",
|
|
|
|
|
] as const;
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
export type HeartbeatInvocationSource = (typeof HEARTBEAT_INVOCATION_SOURCES)[number];
|
|
|
|
|
|
2026-02-17 12:24:38 -06:00
|
|
|
export const WAKEUP_TRIGGER_DETAILS = ["manual", "ping", "callback", "system"] as const;
|
|
|
|
|
export type WakeupTriggerDetail = (typeof WAKEUP_TRIGGER_DETAILS)[number];
|
|
|
|
|
|
|
|
|
|
export const WAKEUP_REQUEST_STATUSES = [
|
|
|
|
|
"queued",
|
2026-02-20 15:48:22 -06:00
|
|
|
"deferred_issue_execution",
|
2026-02-17 12:24:38 -06:00
|
|
|
"claimed",
|
|
|
|
|
"coalesced",
|
|
|
|
|
"skipped",
|
|
|
|
|
"completed",
|
|
|
|
|
"failed",
|
|
|
|
|
"cancelled",
|
|
|
|
|
] as const;
|
|
|
|
|
export type WakeupRequestStatus = (typeof WAKEUP_REQUEST_STATUSES)[number];
|
|
|
|
|
|
Expand data model with companies, approvals, costs, and heartbeats
Add new DB schemas: companies, agent_api_keys, approvals, cost_events,
heartbeat_runs, issue_comments. Add corresponding shared types and
validators. Update existing schemas (agents, goals, issues, projects)
with new fields for company association, budgets, and richer metadata.
Generate initial Drizzle migration. Update seed data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:22 -06:00
|
|
|
export const HEARTBEAT_RUN_STATUSES = [
|
|
|
|
|
"queued",
|
|
|
|
|
"running",
|
|
|
|
|
"succeeded",
|
|
|
|
|
"failed",
|
|
|
|
|
"cancelled",
|
|
|
|
|
"timed_out",
|
|
|
|
|
] as const;
|
|
|
|
|
export type HeartbeatRunStatus = (typeof HEARTBEAT_RUN_STATUSES)[number];
|
2026-02-17 12:24:38 -06:00
|
|
|
|
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
|
|
|
export const RUN_LIVENESS_STATES = [
|
|
|
|
|
"completed",
|
|
|
|
|
"advanced",
|
|
|
|
|
"plan_only",
|
|
|
|
|
"empty_response",
|
|
|
|
|
"blocked",
|
|
|
|
|
"failed",
|
|
|
|
|
"needs_followup",
|
|
|
|
|
] as const;
|
|
|
|
|
export type RunLivenessState = (typeof RUN_LIVENESS_STATES)[number];
|
|
|
|
|
|
2026-02-17 12:24:38 -06:00
|
|
|
export const LIVE_EVENT_TYPES = [
|
|
|
|
|
"heartbeat.run.queued",
|
|
|
|
|
"heartbeat.run.status",
|
|
|
|
|
"heartbeat.run.event",
|
|
|
|
|
"heartbeat.run.log",
|
|
|
|
|
"agent.status",
|
|
|
|
|
"activity.logged",
|
2026-03-13 16:22:34 -05:00
|
|
|
"plugin.ui.updated",
|
|
|
|
|
"plugin.worker.crashed",
|
|
|
|
|
"plugin.worker.restarted",
|
2026-02-17 12:24:38 -06:00
|
|
|
] as const;
|
|
|
|
|
export type LiveEventType = (typeof LIVE_EVENT_TYPES)[number];
|
2026-02-23 09:14:08 -06:00
|
|
|
|
|
|
|
|
export const PRINCIPAL_TYPES = ["user", "agent"] as const;
|
|
|
|
|
export type PrincipalType = (typeof PRINCIPAL_TYPES)[number];
|
|
|
|
|
|
[codex] Add access cleanup and user profile page (#4088)
## Thinking Path
> - Paperclip is moving from a solo local operator model toward teams
supervising AI-agent companies.
> - Human access management and human-visible profile surfaces are part
of that multiple-user path.
> - The branch included related access cleanup, archived-member removal,
permission protection, and a user profile page.
> - These changes share company membership, user attribution, and
access-service behavior.
> - This pull request groups those human access/profile changes into one
standalone branch.
> - The benefit is safer member removal behavior and a first profile
surface for user work, activity, and cost attribution.
## What Changed
- Added archived company member removal support across shared contracts,
server routes/services, and UI.
- Protected company member removal with stricter permission checks and
tests.
- Added company user profile API, shared types, route wiring, client
API, route, and UI page.
- Simplified the user profile page visual design to a neutral
typography-led layout.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm exec vitest run server/src/__tests__/access-service.test.ts
server/src/__tests__/user-profile-routes.test.ts
ui/src/pages/CompanyAccess.test.tsx --hookTimeout=30000`
- `pnpm exec vitest run server/src/__tests__/user-profile-routes.test.ts
--testTimeout=30000 --hookTimeout=30000` after an initial local
embedded-Postgres hook timeout in the combined run.
- Split integration check: merged after runtime/governance and
dev-infra/backups with no merge conflicts.
- Confirmed this branch does not include `pnpm-lock.yaml`.
## Risks
- Medium risk: changes member removal permissions and adds a new user
profile route with cross-table stats.
- The profile page is a new UI surface and may need visual follow-up in
browser QA.
- No database migrations are included.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4 tool-enabled coding model, agentic
code-editing/runtime with local shell and GitHub CLI access; exact
context window and reasoning mode are not exposed by the Paperclip
harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:10:20 -05:00
|
|
|
export const MEMBERSHIP_STATUSES = ["pending", "active", "suspended", "archived"] as const;
|
2026-02-23 09:14:08 -06:00
|
|
|
export type MembershipStatus = (typeof MEMBERSHIP_STATUSES)[number];
|
|
|
|
|
|
feat: implement multi-user access and invite flows (#3784)
## Thinking Path
> - Paperclip is the control plane for autonomous AI companies.
> - V1 needs to stay local-first while also supporting shared,
authenticated deployments.
> - Human operators need real identities, company membership, invite
flows, profile surfaces, and company-scoped access controls.
> - Agents and operators also need the existing issue, inbox, workspace,
approval, and plugin flows to keep working under those authenticated
boundaries.
> - This branch accumulated the multi-user implementation, follow-up QA
fixes, workspace/runtime refinements, invite UX improvements,
release-branch conflict resolution, and review hardening.
> - This pull request consolidates that branch onto the current `master`
branch as a single reviewable PR.
> - The benefit is a complete multi-user implementation path with tests
and docs carried forward without dropping existing branch work.
## What Changed
- Added authenticated human-user access surfaces: auth/session routes,
company user directory, profile settings, company access/member
management, join requests, and invite management.
- Added invite creation, invite landing, onboarding, logo/branding,
invite grants, deduped join requests, and authenticated multi-user E2E
coverage.
- Tightened company-scoped and instance-admin authorization across
board, plugin, adapter, access, issue, and workspace routes.
- Added profile-image URL validation hardening, avatar preservation on
name-only profile updates, and join-request uniqueness migration cleanup
for pending human requests.
- Added an atomic member role/status/grants update path so Company
Access saves no longer leave partially updated permissions.
- Improved issue chat, inbox, assignee identity rendering,
sidebar/account/company navigation, workspace routing, and execution
workspace reuse behavior for multi-user operation.
- Added and updated server/UI tests covering auth, invites, membership,
issue workspace inheritance, plugin authz, inbox/chat behavior, and
multi-user flows.
- Merged current `public-gh/master` into this branch, resolved all
conflicts, and verified no `pnpm-lock.yaml` change is included in this
PR diff.
## Verification
- `pnpm exec vitest run server/src/__tests__/issues-service.test.ts
ui/src/components/IssueChatThread.test.tsx ui/src/pages/Inbox.test.tsx`
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/plugin-routes-authz.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/workspace-runtime-service-authz.test.ts
server/src/__tests__/access-validators.test.ts`
- `pnpm exec vitest run
server/src/__tests__/authz-company-access.test.ts
server/src/__tests__/routines-routes.test.ts
server/src/__tests__/sidebar-preferences-routes.test.ts
server/src/__tests__/approval-routes-idempotency.test.ts
server/src/__tests__/openclaw-invite-prompt-route.test.ts
server/src/__tests__/agent-cross-tenant-authz-routes.test.ts
server/src/__tests__/routines-e2e.test.ts`
- `pnpm exec vitest run server/src/__tests__/auth-routes.test.ts
ui/src/pages/CompanyAccess.test.tsx`
- `pnpm --filter @paperclipai/shared typecheck && pnpm --filter
@paperclipai/db typecheck && pnpm --filter @paperclipai/server
typecheck`
- `pnpm --filter @paperclipai/shared typecheck && pnpm --filter
@paperclipai/server typecheck`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm db:generate`
- `npx playwright test --config tests/e2e/playwright.config.ts --list`
- Confirmed branch has no uncommitted changes and is `0` commits behind
`public-gh/master` before PR creation.
- Confirmed no `pnpm-lock.yaml` change is staged or present in the PR
diff.
## Risks
- High review surface area: this PR contains the accumulated multi-user
branch plus follow-up fixes, so reviewers should focus especially on
company-boundary enforcement and authenticated-vs-local deployment
behavior.
- UI behavior changed across invites, inbox, issue chat, access
settings, and sidebar navigation; no browser screenshots are included in
this branch-consolidation PR.
- Plugin install, upgrade, and lifecycle/config mutations now require
instance-admin access, which is intentional but may change expectations
for non-admin board users.
- A join-request dedupe migration rejects duplicate pending human
requests before creating unique indexes; deployments with unusual
historical duplicates should review the migration behavior.
- Company member role/status/grant saves now use a new combined
endpoint; older separate endpoints remain for compatibility.
- Full production build was not run locally in this heartbeat; CI should
cover the full matrix.
## Model Used
- OpenAI Codex coding agent, GPT-5-based model, CLI/tool-use
environment. Exact deployed model identifier and context window were not
exposed by the runtime.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Note on screenshots: this is a branch-consolidation PR for an
already-developed multi-user branch, and no browser screenshots were
captured during this heartbeat.
---------
Co-authored-by: dotta <dotta@example.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-17 09:44:19 -05:00
|
|
|
export const COMPANY_MEMBERSHIP_ROLES = [
|
|
|
|
|
"owner",
|
|
|
|
|
"admin",
|
|
|
|
|
"operator",
|
|
|
|
|
"viewer",
|
|
|
|
|
"member",
|
|
|
|
|
] as const;
|
|
|
|
|
export type CompanyMembershipRole = (typeof COMPANY_MEMBERSHIP_ROLES)[number];
|
|
|
|
|
|
|
|
|
|
export const HUMAN_COMPANY_MEMBERSHIP_ROLES = [
|
|
|
|
|
"owner",
|
|
|
|
|
"admin",
|
|
|
|
|
"operator",
|
|
|
|
|
"viewer",
|
|
|
|
|
] as const;
|
|
|
|
|
export type HumanCompanyMembershipRole = (typeof HUMAN_COMPANY_MEMBERSHIP_ROLES)[number];
|
|
|
|
|
|
|
|
|
|
export const HUMAN_COMPANY_MEMBERSHIP_ROLE_LABELS: Record<HumanCompanyMembershipRole, string> = {
|
|
|
|
|
owner: "Owner",
|
|
|
|
|
admin: "Admin",
|
|
|
|
|
operator: "Operator",
|
|
|
|
|
viewer: "Viewer",
|
|
|
|
|
};
|
|
|
|
|
|
2026-02-23 09:14:08 -06:00
|
|
|
export const INSTANCE_USER_ROLES = ["instance_admin"] as const;
|
|
|
|
|
export type InstanceUserRole = (typeof INSTANCE_USER_ROLES)[number];
|
|
|
|
|
|
|
|
|
|
export const INVITE_TYPES = ["company_join", "bootstrap_ceo"] as const;
|
|
|
|
|
export type InviteType = (typeof INVITE_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
export const INVITE_JOIN_TYPES = ["human", "agent", "both"] as const;
|
|
|
|
|
export type InviteJoinType = (typeof INVITE_JOIN_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
export const JOIN_REQUEST_TYPES = ["human", "agent"] as const;
|
|
|
|
|
export type JoinRequestType = (typeof JOIN_REQUEST_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
export const JOIN_REQUEST_STATUSES = ["pending_approval", "approved", "rejected"] as const;
|
|
|
|
|
export type JoinRequestStatus = (typeof JOIN_REQUEST_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const PERMISSION_KEYS = [
|
|
|
|
|
"agents:create",
|
|
|
|
|
"users:invite",
|
|
|
|
|
"users:manage_permissions",
|
|
|
|
|
"tasks:assign",
|
|
|
|
|
"tasks:assign_scope",
|
Harden API route authorization boundaries (#4122)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The REST API is the control-plane boundary for companies, agents,
plugins, adapters, costs, invites, and issue mutations.
> - Several routes still relied on broad board or company access checks
without consistently enforcing the narrower actor, company, and
active-checkout boundaries those operations require.
> - That can allow agents or non-admin users to mutate sensitive
resources outside the intended governance path.
> - This pull request hardens the route authorization layer and adds
regression coverage for the audited API surfaces.
> - The benefit is tighter multi-company isolation, safer plugin and
adapter administration, and stronger enforcement of active issue
ownership.
## What Changed
- Added route-level authorization checks for budgets, plugin
administration/scoped routes, adapter management, company import/export,
direct agent creation, invite test resolution, and issue mutation/write
surfaces.
- Enforced active checkout ownership for agent-authenticated issue
mutations, while preserving explicit management overrides for permitted
managers.
- Restricted sensitive adapter and plugin management operations to
instance-admin or properly scoped actors.
- Tightened company portability and invite probing routes so agents
cannot cross company boundaries.
- Updated access constants and the Company Access UI copy for the new
active-checkout management grant.
- Added focused regression tests covering cross-company denial, agent
self-mutation denial, admin-only operations, and active checkout
ownership.
- Rebased the branch onto `public-gh/master` and fixed validation
fallout from the rebase: heartbeat-context route ordering and a company
import/export e2e fixture that now opts out of direct-hire approval
before using direct agent creation.
- Updated onboarding and signoff e2e setup to create seed agents through
`/agent-hires` plus board approval, so they remain compatible with the
approval-gated new-agent default.
- Addressed Greptile feedback by removing a duplicate company export API
alias, avoiding N+1 reporting-chain lookups in active-checkout override
checks, allowing agent mutations on unassigned `in_progress` issues, and
blocking NAT64 invite-probe targets.
## Verification
- `pnpm exec vitest run
server/src/__tests__/issues-goal-context-routes.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/adapter-routes-authz.test.ts
server/src/__tests__/agent-permissions-routes.test.ts
server/src/__tests__/company-portability-routes.test.ts
server/src/__tests__/costs-service.test.ts
server/src/__tests__/invite-test-resolution-route.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
server/src/__tests__/agent-adapter-validation-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/invite-test-resolution-route.test.ts`
- `pnpm -r typecheck`
- `pnpm --filter server typecheck`
- `pnpm --filter ui typecheck`
- `pnpm build`
- `pnpm test:e2e -- tests/e2e/onboarding.spec.ts
tests/e2e/signoff-policy.spec.ts`
- `pnpm test:e2e -- tests/e2e/signoff-policy.spec.ts`
- `pnpm test:run` was also run. It failed under default full-suite
parallelism with two order-dependent failures in
`plugin-routes-authz.test.ts` and `routines-e2e.test.ts`; both files
passed when rerun directly together with `pnpm exec vitest run
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/routines-e2e.test.ts`.
## Risks
- Medium risk: this changes authorization behavior across multiple
sensitive API surfaces, so callers that depended on broad board/company
access may now receive `403` or `409` until they use the correct
governance path.
- Direct agent creation now respects the company-level board-approval
requirement; integrations that need pending hires should use
`/api/companies/:companyId/agent-hires`.
- Active in-progress issue mutations now require checkout ownership or
an explicit management override, which may reveal workflow assumptions
in older automation.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
OpenAI Codex, GPT-5 coding agent, tool-using workflow with local shell,
Git, GitHub CLI, and repository tests.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [ ] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 10:56:48 -05:00
|
|
|
"tasks:manage_active_checkouts",
|
2026-02-23 09:14:08 -06:00
|
|
|
"joins:approve",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PermissionKey = (typeof PERMISSION_KEYS)[number];
|
2026-03-13 16:22:34 -05:00
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
// Plugin System — see doc/plugins/PLUGIN_SPEC.md for the full specification
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The current version of the Plugin API contract.
|
|
|
|
|
*
|
|
|
|
|
* Increment this value whenever a breaking change is made to the plugin API
|
|
|
|
|
* so that the host can reject incompatible plugin manifests.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §4 — Versioning
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_API_VERSION = 1 as const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Lifecycle statuses for an installed plugin.
|
|
|
|
|
*
|
|
|
|
|
* State machine: installed → ready | error, ready → disabled | error | upgrade_pending | uninstalled,
|
|
|
|
|
* disabled → ready | uninstalled, error → ready | uninstalled,
|
|
|
|
|
* upgrade_pending → ready | error | uninstalled, uninstalled → installed (reinstall).
|
|
|
|
|
*
|
|
|
|
|
* @see {@link PluginStatus} — inferred union type
|
|
|
|
|
* @see PLUGIN_SPEC.md §21.3 `plugins.status`
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_STATUSES = [
|
|
|
|
|
"installed",
|
|
|
|
|
"ready",
|
|
|
|
|
"disabled",
|
|
|
|
|
"error",
|
|
|
|
|
"upgrade_pending",
|
|
|
|
|
"uninstalled",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginStatus = (typeof PLUGIN_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Plugin classification categories. A plugin declares one or more categories
|
|
|
|
|
* in its manifest to describe its primary purpose.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §6.2
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_CATEGORIES = [
|
|
|
|
|
"connector",
|
|
|
|
|
"workspace",
|
|
|
|
|
"automation",
|
|
|
|
|
"ui",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginCategory = (typeof PLUGIN_CATEGORIES)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Named permissions the host grants to a plugin. Plugins declare required
|
|
|
|
|
* capabilities in their manifest; the host enforces them at runtime via the
|
|
|
|
|
* plugin capability validator.
|
|
|
|
|
*
|
|
|
|
|
* Grouped into: Data Read, Data Write, Plugin State, Runtime/Integration,
|
|
|
|
|
* Agent Tools, and UI.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §15 — Capability Model
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_CAPABILITIES = [
|
|
|
|
|
// Data Read
|
|
|
|
|
"companies.read",
|
|
|
|
|
"projects.read",
|
|
|
|
|
"project.workspaces.read",
|
|
|
|
|
"issues.read",
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
"issue.relations.read",
|
|
|
|
|
"issue.subtree.read",
|
2026-03-13 16:22:34 -05:00
|
|
|
"issue.comments.read",
|
2026-03-16 15:53:50 -06:00
|
|
|
"issue.documents.read",
|
2026-03-13 16:22:34 -05:00
|
|
|
"agents.read",
|
|
|
|
|
"goals.read",
|
|
|
|
|
"goals.create",
|
|
|
|
|
"goals.update",
|
|
|
|
|
"activity.read",
|
|
|
|
|
"costs.read",
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
"issues.orchestration.read",
|
|
|
|
|
"database.namespace.read",
|
2026-03-13 16:22:34 -05:00
|
|
|
// Data Write
|
|
|
|
|
"issues.create",
|
|
|
|
|
"issues.update",
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
"issue.relations.write",
|
|
|
|
|
"issues.checkout",
|
|
|
|
|
"issues.wakeup",
|
2026-03-13 16:22:34 -05:00
|
|
|
"issue.comments.create",
|
2026-03-16 15:53:50 -06:00
|
|
|
"issue.documents.write",
|
2026-03-13 16:22:34 -05:00
|
|
|
"agents.pause",
|
|
|
|
|
"agents.resume",
|
|
|
|
|
"agents.invoke",
|
|
|
|
|
"agent.sessions.create",
|
|
|
|
|
"agent.sessions.list",
|
|
|
|
|
"agent.sessions.send",
|
|
|
|
|
"agent.sessions.close",
|
|
|
|
|
"activity.log.write",
|
|
|
|
|
"metrics.write",
|
2026-03-31 13:18:50 -05:00
|
|
|
"telemetry.track",
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
"database.namespace.migrate",
|
|
|
|
|
"database.namespace.write",
|
2026-03-13 16:22:34 -05:00
|
|
|
// Plugin State
|
|
|
|
|
"plugin.state.read",
|
|
|
|
|
"plugin.state.write",
|
|
|
|
|
// Runtime / Integration
|
|
|
|
|
"events.subscribe",
|
|
|
|
|
"events.emit",
|
|
|
|
|
"jobs.schedule",
|
|
|
|
|
"webhooks.receive",
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
"api.routes.register",
|
2026-03-13 16:22:34 -05:00
|
|
|
"http.outbound",
|
|
|
|
|
"secrets.read-ref",
|
|
|
|
|
// Agent Tools
|
|
|
|
|
"agent.tools.register",
|
|
|
|
|
// UI
|
|
|
|
|
"instance.settings.register",
|
|
|
|
|
"ui.sidebar.register",
|
|
|
|
|
"ui.page.register",
|
|
|
|
|
"ui.detailTab.register",
|
|
|
|
|
"ui.dashboardWidget.register",
|
|
|
|
|
"ui.commentAnnotation.register",
|
|
|
|
|
"ui.action.register",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginCapability = (typeof PLUGIN_CAPABILITIES)[number];
|
|
|
|
|
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
export const PLUGIN_DATABASE_NAMESPACE_MODES = ["schema"] as const;
|
|
|
|
|
export type PluginDatabaseNamespaceMode = (typeof PLUGIN_DATABASE_NAMESPACE_MODES)[number];
|
|
|
|
|
|
|
|
|
|
export const PLUGIN_DATABASE_NAMESPACE_STATUSES = [
|
|
|
|
|
"active",
|
|
|
|
|
"migration_failed",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginDatabaseNamespaceStatus = (typeof PLUGIN_DATABASE_NAMESPACE_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const PLUGIN_DATABASE_MIGRATION_STATUSES = [
|
|
|
|
|
"applied",
|
|
|
|
|
"failed",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginDatabaseMigrationStatus = (typeof PLUGIN_DATABASE_MIGRATION_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
export const PLUGIN_DATABASE_CORE_READ_TABLES = [
|
|
|
|
|
"companies",
|
|
|
|
|
"projects",
|
|
|
|
|
"goals",
|
|
|
|
|
"agents",
|
|
|
|
|
"issues",
|
|
|
|
|
"issue_documents",
|
|
|
|
|
"issue_relations",
|
|
|
|
|
"issue_comments",
|
|
|
|
|
"heartbeat_runs",
|
|
|
|
|
"cost_events",
|
|
|
|
|
"approvals",
|
|
|
|
|
"issue_approvals",
|
|
|
|
|
"budget_incidents",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginDatabaseCoreReadTable = (typeof PLUGIN_DATABASE_CORE_READ_TABLES)[number];
|
|
|
|
|
|
|
|
|
|
export const PLUGIN_API_ROUTE_METHODS = ["GET", "POST", "PATCH", "DELETE"] as const;
|
|
|
|
|
export type PluginApiRouteMethod = (typeof PLUGIN_API_ROUTE_METHODS)[number];
|
|
|
|
|
|
|
|
|
|
export const PLUGIN_API_ROUTE_AUTH_MODES = ["board", "agent", "board-or-agent", "webhook"] as const;
|
|
|
|
|
export type PluginApiRouteAuthMode = (typeof PLUGIN_API_ROUTE_AUTH_MODES)[number];
|
|
|
|
|
|
|
|
|
|
export const PLUGIN_API_ROUTE_CHECKOUT_POLICIES = [
|
|
|
|
|
"none",
|
|
|
|
|
"required-for-agent-in-progress",
|
|
|
|
|
"always-for-agent",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginApiRouteCheckoutPolicy = (typeof PLUGIN_API_ROUTE_CHECKOUT_POLICIES)[number];
|
|
|
|
|
|
2026-03-13 16:22:34 -05:00
|
|
|
/**
|
|
|
|
|
* UI extension slot types. Each slot type corresponds to a mount point in the
|
|
|
|
|
* Paperclip UI where plugin components can be rendered.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §19 — UI Extension Model
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_UI_SLOT_TYPES = [
|
|
|
|
|
"page",
|
|
|
|
|
"detailTab",
|
|
|
|
|
"taskDetailView",
|
|
|
|
|
"dashboardWidget",
|
|
|
|
|
"sidebar",
|
|
|
|
|
"sidebarPanel",
|
|
|
|
|
"projectSidebarItem",
|
2026-03-14 15:05:04 -07:00
|
|
|
"globalToolbarButton",
|
2026-03-13 16:22:34 -05:00
|
|
|
"toolbarButton",
|
|
|
|
|
"contextMenuItem",
|
|
|
|
|
"commentAnnotation",
|
|
|
|
|
"commentContextMenuItem",
|
|
|
|
|
"settingsPage",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginUiSlotType = (typeof PLUGIN_UI_SLOT_TYPES)[number];
|
|
|
|
|
|
2026-03-14 09:26:45 -05:00
|
|
|
/**
|
|
|
|
|
* Reserved company-scoped route segments that plugin page routes may not claim.
|
|
|
|
|
*
|
|
|
|
|
* These map to first-class host pages under `/:companyPrefix/...`.
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_RESERVED_COMPANY_ROUTE_SEGMENTS = [
|
|
|
|
|
"dashboard",
|
|
|
|
|
"onboarding",
|
|
|
|
|
"companies",
|
|
|
|
|
"company",
|
|
|
|
|
"settings",
|
|
|
|
|
"plugins",
|
|
|
|
|
"org",
|
|
|
|
|
"agents",
|
|
|
|
|
"projects",
|
|
|
|
|
"issues",
|
|
|
|
|
"goals",
|
|
|
|
|
"approvals",
|
|
|
|
|
"costs",
|
|
|
|
|
"activity",
|
|
|
|
|
"inbox",
|
|
|
|
|
"design-guide",
|
|
|
|
|
"tests",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginReservedCompanyRouteSegment =
|
|
|
|
|
(typeof PLUGIN_RESERVED_COMPANY_ROUTE_SEGMENTS)[number];
|
|
|
|
|
|
2026-03-13 16:22:34 -05:00
|
|
|
/**
|
|
|
|
|
* Launcher placement zones describe where a plugin-owned launcher can appear
|
|
|
|
|
* in the host UI. These are intentionally aligned with current slot surfaces
|
|
|
|
|
* so manifest authors can describe launch intent without coupling to a single
|
|
|
|
|
* component implementation detail.
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_LAUNCHER_PLACEMENT_ZONES = [
|
|
|
|
|
"page",
|
|
|
|
|
"detailTab",
|
|
|
|
|
"taskDetailView",
|
|
|
|
|
"dashboardWidget",
|
|
|
|
|
"sidebar",
|
|
|
|
|
"sidebarPanel",
|
|
|
|
|
"projectSidebarItem",
|
2026-03-14 15:05:04 -07:00
|
|
|
"globalToolbarButton",
|
2026-03-13 16:22:34 -05:00
|
|
|
"toolbarButton",
|
|
|
|
|
"contextMenuItem",
|
|
|
|
|
"commentAnnotation",
|
|
|
|
|
"commentContextMenuItem",
|
|
|
|
|
"settingsPage",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginLauncherPlacementZone = (typeof PLUGIN_LAUNCHER_PLACEMENT_ZONES)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Launcher action kinds describe what the launcher does when activated.
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_LAUNCHER_ACTIONS = [
|
|
|
|
|
"navigate",
|
|
|
|
|
"openModal",
|
|
|
|
|
"openDrawer",
|
|
|
|
|
"openPopover",
|
|
|
|
|
"performAction",
|
|
|
|
|
"deepLink",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginLauncherAction = (typeof PLUGIN_LAUNCHER_ACTIONS)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Optional size hints the host can use when rendering plugin-owned launcher
|
|
|
|
|
* destinations such as overlays, drawers, or full page handoffs.
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_LAUNCHER_BOUNDS = [
|
|
|
|
|
"inline",
|
|
|
|
|
"compact",
|
|
|
|
|
"default",
|
|
|
|
|
"wide",
|
|
|
|
|
"full",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginLauncherBounds = (typeof PLUGIN_LAUNCHER_BOUNDS)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Render environments describe the container a launcher expects after it is
|
|
|
|
|
* activated. The current host may map these to concrete UI primitives.
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_LAUNCHER_RENDER_ENVIRONMENTS = [
|
|
|
|
|
"hostInline",
|
|
|
|
|
"hostOverlay",
|
|
|
|
|
"hostRoute",
|
|
|
|
|
"external",
|
|
|
|
|
"iframe",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginLauncherRenderEnvironment =
|
|
|
|
|
(typeof PLUGIN_LAUNCHER_RENDER_ENVIRONMENTS)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Entity types that a `detailTab` UI slot can attach to.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §19.3 — Detail Tabs
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_UI_SLOT_ENTITY_TYPES = [
|
|
|
|
|
"project",
|
|
|
|
|
"issue",
|
|
|
|
|
"agent",
|
|
|
|
|
"goal",
|
|
|
|
|
"run",
|
|
|
|
|
"comment",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginUiSlotEntityType = (typeof PLUGIN_UI_SLOT_ENTITY_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Scope kinds for plugin state storage. Determines the granularity at which
|
|
|
|
|
* a plugin stores key-value state data.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §21.3 `plugin_state.scope_kind`
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_STATE_SCOPE_KINDS = [
|
|
|
|
|
"instance",
|
|
|
|
|
"company",
|
|
|
|
|
"project",
|
|
|
|
|
"project_workspace",
|
|
|
|
|
"agent",
|
|
|
|
|
"issue",
|
|
|
|
|
"goal",
|
|
|
|
|
"run",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginStateScopeKind = (typeof PLUGIN_STATE_SCOPE_KINDS)[number];
|
|
|
|
|
|
|
|
|
|
/** Statuses for a plugin's scheduled job definition. */
|
|
|
|
|
export const PLUGIN_JOB_STATUSES = [
|
|
|
|
|
"active",
|
|
|
|
|
"paused",
|
|
|
|
|
"failed",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginJobStatus = (typeof PLUGIN_JOB_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
/** Statuses for individual job run executions. */
|
|
|
|
|
export const PLUGIN_JOB_RUN_STATUSES = [
|
|
|
|
|
"pending",
|
|
|
|
|
"queued",
|
|
|
|
|
"running",
|
|
|
|
|
"succeeded",
|
|
|
|
|
"failed",
|
|
|
|
|
"cancelled",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginJobRunStatus = (typeof PLUGIN_JOB_RUN_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
/** What triggered a particular job run. */
|
|
|
|
|
export const PLUGIN_JOB_RUN_TRIGGERS = [
|
|
|
|
|
"schedule",
|
|
|
|
|
"manual",
|
|
|
|
|
"retry",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginJobRunTrigger = (typeof PLUGIN_JOB_RUN_TRIGGERS)[number];
|
|
|
|
|
|
|
|
|
|
/** Statuses for inbound webhook deliveries. */
|
|
|
|
|
export const PLUGIN_WEBHOOK_DELIVERY_STATUSES = [
|
|
|
|
|
"pending",
|
|
|
|
|
"success",
|
|
|
|
|
"failed",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginWebhookDeliveryStatus = (typeof PLUGIN_WEBHOOK_DELIVERY_STATUSES)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Core domain event types that plugins can subscribe to via the
|
|
|
|
|
* `events.subscribe` capability.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §16 — Event System
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_EVENT_TYPES = [
|
|
|
|
|
"company.created",
|
|
|
|
|
"company.updated",
|
|
|
|
|
"project.created",
|
|
|
|
|
"project.updated",
|
|
|
|
|
"project.workspace_created",
|
|
|
|
|
"project.workspace_updated",
|
|
|
|
|
"project.workspace_deleted",
|
|
|
|
|
"issue.created",
|
|
|
|
|
"issue.updated",
|
|
|
|
|
"issue.comment.created",
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
"issue.document.created",
|
|
|
|
|
"issue.document.updated",
|
|
|
|
|
"issue.document.deleted",
|
|
|
|
|
"issue.relations.updated",
|
|
|
|
|
"issue.checked_out",
|
|
|
|
|
"issue.released",
|
|
|
|
|
"issue.assignment_wakeup_requested",
|
2026-03-13 16:22:34 -05:00
|
|
|
"agent.created",
|
|
|
|
|
"agent.updated",
|
|
|
|
|
"agent.status_changed",
|
|
|
|
|
"agent.run.started",
|
|
|
|
|
"agent.run.finished",
|
|
|
|
|
"agent.run.failed",
|
|
|
|
|
"agent.run.cancelled",
|
|
|
|
|
"goal.created",
|
|
|
|
|
"goal.updated",
|
|
|
|
|
"approval.created",
|
|
|
|
|
"approval.decided",
|
[codex] Add plugin orchestration host APIs (#4114)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - The plugin system is the extension path for optional capabilities
that should not require core product changes for every integration.
> - Plugins need scoped host APIs for issue orchestration, documents,
wakeups, summaries, activity attribution, and isolated database state.
> - Without those host APIs, richer plugins either cannot coordinate
Paperclip work safely or need privileged core-side special cases.
> - This pull request adds the plugin orchestration host surface, scoped
route dispatch, a database namespace layer, and a smoke plugin that
exercises the contract.
> - The benefit is a broader plugin API that remains company-scoped,
auditable, and covered by tests.
## What Changed
- Added plugin orchestration host APIs for issue creation, document
access, wakeups, summaries, plugin-origin activity, and scoped API route
dispatch.
- Added plugin database namespace tables, schema exports, migration
checks, and idempotent replay coverage under migration
`0059_plugin_database_namespaces`.
- Added shared plugin route/API types and validators used by server and
SDK boundaries.
- Expanded plugin SDK types, protocol helpers, worker RPC host behavior,
and testing utilities for orchestration flows.
- Added the `plugin-orchestration-smoke-example` package to exercise
scoped routes, restricted database namespaces, issue orchestration,
documents, wakeups, summaries, and UI status surfaces.
- Kept the new orchestration smoke fixture out of the root pnpm
workspace importer so this PR preserves the repository policy of not
committing `pnpm-lock.yaml`.
- Updated plugin docs and database docs for the new orchestration and
database namespace surfaces.
- Rebased the branch onto `public-gh/master`, resolved conflicts, and
removed `pnpm-lock.yaml` from the final PR diff.
## Verification
- `pnpm install --frozen-lockfile`
- `pnpm --filter @paperclipai/db typecheck`
- `pnpm exec vitest run packages/db/src/client.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts
server/src/__tests__/plugin-orchestration-apis.test.ts
server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/plugin-scoped-api-routes.test.ts
server/src/__tests__/plugin-sdk-orchestration-contract.test.ts`
- From `packages/plugins/examples/plugin-orchestration-smoke-example`:
`pnpm exec vitest run --config ./vitest.config.ts`
- `pnpm --dir
packages/plugins/examples/plugin-orchestration-smoke-example run
typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- PR CI on latest head `293fc67c`: `policy`, `verify`, `e2e`, and
`security/snyk` all passed.
## Risks
- Medium risk: this expands plugin host authority, so route auth,
company scoping, and plugin-origin activity attribution need careful
review.
- Medium risk: database namespace migration behavior must remain
idempotent for environments that may have seen earlier branch versions.
- Medium risk: the orchestration smoke fixture is intentionally excluded
from the root workspace importer to avoid a `pnpm-lock.yaml` PR diff;
direct fixture verification remains listed above.
- Low operational risk from the PR setup itself: the branch is rebased
onto current `master`, the migration is ordered after upstream
`0057`/`0058`, and `pnpm-lock.yaml` is not in the final diff.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
Roadmap checked: this work aligns with the completed Plugin system
milestone and extends the plugin surface rather than duplicating an
unrelated planned core feature.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in a tool-enabled CLI
environment. Exact hosted model build and context-window size are not
exposed by the runtime; reasoning/tool use were enabled for repository
inspection, editing, testing, git operations, and PR creation.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots (N/A: no core UI screen change; example plugin UI contract
is covered by tests)
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 08:52:51 -05:00
|
|
|
"budget.incident.opened",
|
|
|
|
|
"budget.incident.resolved",
|
2026-03-13 16:22:34 -05:00
|
|
|
"cost_event.created",
|
|
|
|
|
"activity.logged",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginEventType = (typeof PLUGIN_EVENT_TYPES)[number];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Error codes returned by the plugin bridge when a UI → worker call fails.
|
|
|
|
|
*
|
|
|
|
|
* @see PLUGIN_SPEC.md §19.7 — Error Propagation Through The Bridge
|
|
|
|
|
*/
|
|
|
|
|
export const PLUGIN_BRIDGE_ERROR_CODES = [
|
|
|
|
|
"WORKER_UNAVAILABLE",
|
|
|
|
|
"CAPABILITY_DENIED",
|
|
|
|
|
"WORKER_ERROR",
|
|
|
|
|
"TIMEOUT",
|
|
|
|
|
"UNKNOWN",
|
|
|
|
|
] as const;
|
|
|
|
|
export type PluginBridgeErrorCode = (typeof PLUGIN_BRIDGE_ERROR_CODES)[number];
|