ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-15 10:30:37 +09:00
Code Issues Projects Releases Packages Wiki Activity
paperclip/server/src/routes/workspace-command-authz.ts

116 lines
3.6 KiB
TypeScript
Raw Normal View History

[codex] harden authenticated routes and issue editor reliability (#3741) ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - The control plane depends on authenticated routes enforcing company boundaries and role permissions correctly > - This branch also touches the issue detail and markdown editing flows operators use while handling advisory and triage work > - Partial issue cache seeds and fragile rich-editor parsing could leave important issue content missing or blank at the moment an operator needed it > - Blocked issues becoming actionable again should wake their assignee automatically instead of silently staying idle > - This pull request rebases the advisory follow-up branch onto current `master`, hardens authenticated route authorization, and carries the issue-detail/editor reliability fixes forward with regression tests > - The benefit is tighter authz on sensitive routes plus more reliable issue/advisory editing and wakeup behavior on top of the latest base ## What Changed - Hardened authenticated route authorization across agent, activity, approval, access, project, plugin, health, execution-workspace, portability, and related server paths, with new cross-tenant and runtime-authz regression coverage. - Switched issue detail queries from `initialData` to placeholder-based hydration so list/quicklook seeds still refetch full issue bodies. - Normalized advisory-style HTML images before mounting the markdown editor and strengthened fallback behavior when the rich editor silently fails or rejects the content. - Woke assigned agents when blocked issues move back to `todo`, with route coverage for reopen and unblock transitions. - Rebasing note: this branch now sits cleanly on top of the latest `master` tip used for the PR base. ## Verification - `pnpm exec vitest run ui/src/lib/issueDetailQuery.test.tsx ui/src/components/MarkdownEditor.test.tsx server/src/__tests__/issue-comment-reopen-routes.test.ts server/src/__tests__/activity-routes.test.ts server/src/__tests__/agent-cross-tenant-authz-routes.test.ts` - Confirmed `pnpm-lock.yaml` is not part of the PR diff. - Rebased the branch onto current `public-gh/master` before publishing. ## Risks - Broad authz tightening may expose existing flows that were relying on permissive board or agent access and now need explicit grants. - Markdown editor fallback changes could affect focus or rendering in edge-case content that mixes HTML-like advisory markup with normal markdown. - This verification was intentionally scoped to touched regressions and did not run the full repository suite. ## Model Used - OpenAI Codex, GPT-5-based coding agent in the Codex CLI environment with tool use for terminal, git, and GitHub operations. The exact runtime model identifier is not exposed inside this session. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, it is behavior-only and does not need before/after screenshots - [x] I have updated relevant documentation to reflect my changes, or no documentation changes were needed for these internal fixes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-15 08:41:15 -05:00
import type { Request } from "express";
import { forbidden } from "../errors.js";
function isRecord(value: unknown): value is Record<string, unknown> {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function hasOwn(value: Record<string, unknown>, key: string) {
return Object.prototype.hasOwnProperty.call(value, key);
}
function prefixPath(prefix: string, key: string) {
return prefix.length > 0 ? `${prefix}.${key}` : key;
}
function collectWorkspaceStrategyCommandPaths(raw: unknown, prefix: string): string[] {
if (!isRecord(raw)) return [];
const paths: string[] = [];
if (hasOwn(raw, "provisionCommand")) {
paths.push(prefixPath(prefix, "provisionCommand"));
}
if (hasOwn(raw, "teardownCommand")) {
paths.push(prefixPath(prefix, "teardownCommand"));
}
return paths;
}
function collectExecutionWorkspaceConfigCommandPaths(raw: unknown, prefix: string): string[] {
if (!isRecord(raw)) return [];
const paths: string[] = [];
if (hasOwn(raw, "provisionCommand")) {
paths.push(prefixPath(prefix, "provisionCommand"));
}
if (hasOwn(raw, "teardownCommand")) {
paths.push(prefixPath(prefix, "teardownCommand"));
}
if (hasOwn(raw, "cleanupCommand")) {
paths.push(prefixPath(prefix, "cleanupCommand"));
}
return paths;
}
export function assertNoAgentHostWorkspaceCommandMutation(req: Request, paths: string[]) {
if (req.actor.type !== "agent" || paths.length === 0) return;
throw forbidden(
`Agent keys cannot modify host-executed workspace commands (${paths.join(", ")}).`,
);
}
export function collectAgentAdapterWorkspaceCommandPaths(adapterConfig: unknown): string[] {
if (!isRecord(adapterConfig)) return [];
return collectWorkspaceStrategyCommandPaths(
adapterConfig.workspaceStrategy,
"adapterConfig.workspaceStrategy",
);
}
export function collectProjectExecutionWorkspaceCommandPaths(policy: unknown): string[] {
if (!isRecord(policy)) return [];
return collectWorkspaceStrategyCommandPaths(
policy.workspaceStrategy,
"executionWorkspacePolicy.workspaceStrategy",
);
}
export function collectProjectWorkspaceCommandPaths(
workspacePatch: unknown,
prefix = "",
): string[] {
if (!isRecord(workspacePatch)) return [];
return hasOwn(workspacePatch, "cleanupCommand")
? [prefixPath(prefix, "cleanupCommand")]
: [];
}
export function collectIssueWorkspaceCommandPaths(input: {
executionWorkspaceSettings?: unknown;
assigneeAdapterOverrides?: unknown;
}): string[] {
const paths: string[] = [];
if (isRecord(input.executionWorkspaceSettings)) {
paths.push(
...collectWorkspaceStrategyCommandPaths(
input.executionWorkspaceSettings.workspaceStrategy,
"executionWorkspaceSettings.workspaceStrategy",
),
);
}
if (isRecord(input.assigneeAdapterOverrides)) {
const adapterConfig = input.assigneeAdapterOverrides.adapterConfig;
if (isRecord(adapterConfig)) {
paths.push(
...collectWorkspaceStrategyCommandPaths(
adapterConfig.workspaceStrategy,
"assigneeAdapterOverrides.adapterConfig.workspaceStrategy",
),
);
}
}
return paths;
}
export function collectExecutionWorkspaceCommandPaths(input: {
config?: unknown;
metadata?: unknown;
}): string[] {
const paths: string[] = [];
if (input.config !== undefined) {
paths.push(...collectExecutionWorkspaceConfigCommandPaths(input.config, "config"));
}
if (isRecord(input.metadata) && hasOwn(input.metadata, "config")) {
paths.push(...collectExecutionWorkspaceConfigCommandPaths(input.metadata.config, "metadata.config"));
}
return paths;
}
Reference in a new issue Copy permalink