2026-03-10 19:40:22 +05:30
|
|
|
/**
|
|
|
|
|
* Shared attachment content-type configuration.
|
|
|
|
|
*
|
2026-04-05 06:29:33 -05:00
|
|
|
* By default a curated set of image/document/text types are allowed. Set the
|
2026-03-10 19:40:22 +05:30
|
|
|
* `PAPERCLIP_ALLOWED_ATTACHMENT_TYPES` environment variable to a
|
|
|
|
|
* comma-separated list of MIME types or wildcard patterns to expand the
|
2026-04-05 06:29:33 -05:00
|
|
|
* allowed set for routes that use this allowlist.
|
2026-03-10 19:40:22 +05:30
|
|
|
*
|
|
|
|
|
* Examples:
|
|
|
|
|
* PAPERCLIP_ALLOWED_ATTACHMENT_TYPES=image/*,application/pdf
|
|
|
|
|
* PAPERCLIP_ALLOWED_ATTACHMENT_TYPES=image/*,application/pdf,text/*
|
|
|
|
|
*
|
|
|
|
|
* Supported pattern syntax:
|
|
|
|
|
* - Exact types: "application/pdf"
|
|
|
|
|
* - Wildcards: "image/*" or "application/vnd.openxmlformats-officedocument.*"
|
|
|
|
|
*/
|
[codex] Split backend control-plane QoL slice (#4700)
## Thinking Path
> - Paperclip is the control plane for autonomous AI companies, so
backend task ownership, recovery, review visibility, and company-scoped
limits need to stay enforceable without UI-only coupling.
> - Closed PR #4692 bundled those backend changes with UI workflow,
docs, skills, workflow, and lockfile churn.
> - PAP-2694 asks for a clean backend/control-plane slice from that
closed branch.
> - This branch starts from current `master` and mines only the `cli`,
`packages/db`, `packages/shared`, and `server` contracts/tests needed
for the backend behavior.
> - It explicitly excludes UI workflow/performance work,
`.github/workflows/pr.yml`, `pnpm-lock.yaml`, docs, skills,
package-script, adapter UI build-config, and perf fixture script
changes; the only UI files are fixture/test updates required by the
tightened shared `Company` contract.
> - The benefit is a smaller reviewable PR that preserves the
control-plane fixes while staying under Greptile s 100-file review
limit.
## What Changed
- Added company-scoped attachment-size limits through DB
schema/migrations, shared company portability contracts, CLI
import/export coverage, and server attachment upload enforcement.
- Added productivity review service/API behavior for no-comment streak,
long-active, and high-churn review issues, including request-depth
clamping and issue summary exposure.
- Hardened issue ownership and recovery/control-plane paths: peer-agent
mutation denial, issue tree pause/resume behavior, stranded recovery
origins, and related activity/test coverage.
- Preserved related backend contract updates for routine timestamp
variables and managed agent instruction bundles because they live in
shared/server contracts from the source branch.
- Addressed Greptile feedback by making `Company.attachmentMaxBytes`
non-optional, simplifying review request-depth clamping, fixing the
migration final newline, and enforcing the process-level attachment cap
as the final ceiling for uploads.
- Added minimal company fixtures needed for repo-wide typecheck/build
and kept the PR to 66 changed files with forbidden/non-slice paths
excluded.
## Verification
- `pnpm install --frozen-lockfile`
- `git diff --check origin/master..HEAD`
- `git diff --name-only origin/master..HEAD | wc -l` -> 66 files
- `git diff --name-only origin/master..HEAD -- .github/workflows/pr.yml
pnpm-lock.yaml package.json doc skills .agents scripts
packages/adapters` -> no output
- `pnpm exec vitest run --config vitest.config.ts
packages/shared/src/validators/issue.test.ts
packages/shared/src/routine-variables.test.ts
packages/shared/src/adapter-types.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
cli/src/__tests__/company.test.ts
server/src/__tests__/productivity-review-service.test.ts
server/src/__tests__/issue-tree-control-service.test.ts
server/src/__tests__/issue-tree-control-routes.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
server/src/__tests__/issue-attachment-routes.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts
server/src/__tests__/issues-service.test.ts` -> 12 files, 147 tests
passed
- `pnpm exec vitest run --config vitest.config.ts
cli/src/__tests__/company-delete.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
server/src/__tests__/productivity-review-service.test.ts` -> 3 files, 18
tests passed
- `pnpm exec vitest run --config vitest.config.ts
server/src/__tests__/issue-attachment-routes.test.ts` -> 1 file, 6 tests
passed
- `pnpm --filter @paperclipai/db typecheck && pnpm --filter
@paperclipai/shared typecheck && pnpm --filter @paperclipai/server
typecheck && pnpm --filter paperclipai typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm --filter @paperclipai/ui typecheck && pnpm --filter
@paperclipai/ui build`
## Risks
- Includes migrations `0073_shiny_salo.sql` and
`0074_striped_genesis.sql`; merge ordering matters if another PR adds
migrations first.
- This is intentionally backend-only apart from fixture/test updates
forced by shared type correctness; UI affordances from PR #4692 are not
present here and should land in separate UI slices.
- The worktree install emitted plugin SDK bin-link warnings for unbuilt
plugin packages, but the targeted tests and package typechecks completed
successfully.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected; check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub
workflow. Exact runtime context window was not exposed by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-28 16:46:45 -05:00
|
|
|
import { MAX_COMPANY_ATTACHMENT_MAX_BYTES } from "@paperclipai/shared";
|
2026-03-10 19:40:22 +05:30
|
|
|
|
|
|
|
|
export const DEFAULT_ALLOWED_TYPES: readonly string[] = [
|
|
|
|
|
"image/png",
|
|
|
|
|
"image/jpeg",
|
|
|
|
|
"image/jpg",
|
|
|
|
|
"image/webp",
|
|
|
|
|
"image/gif",
|
2026-03-13 21:30:48 -05:00
|
|
|
"application/pdf",
|
|
|
|
|
"text/markdown",
|
|
|
|
|
"text/plain",
|
|
|
|
|
"application/json",
|
|
|
|
|
"text/csv",
|
|
|
|
|
"text/html",
|
2026-03-10 19:40:22 +05:30
|
|
|
];
|
|
|
|
|
|
2026-04-05 06:29:33 -05:00
|
|
|
export const DEFAULT_ATTACHMENT_CONTENT_TYPE = "application/octet-stream";
|
|
|
|
|
export const SVG_CONTENT_TYPE = "image/svg+xml";
|
|
|
|
|
export const INLINE_ATTACHMENT_TYPES: readonly string[] = [
|
|
|
|
|
"image/*",
|
|
|
|
|
"application/pdf",
|
|
|
|
|
"text/plain",
|
|
|
|
|
"text/markdown",
|
|
|
|
|
"application/json",
|
|
|
|
|
"text/csv",
|
|
|
|
|
];
|
|
|
|
|
|
2026-03-10 19:40:22 +05:30
|
|
|
/**
|
|
|
|
|
* Parse a comma-separated list of MIME type patterns into a normalised array.
|
|
|
|
|
* Returns the default image-only list when the input is empty or undefined.
|
|
|
|
|
*/
|
|
|
|
|
export function parseAllowedTypes(raw: string | undefined): string[] {
|
|
|
|
|
if (!raw) return [...DEFAULT_ALLOWED_TYPES];
|
|
|
|
|
const parsed = raw
|
|
|
|
|
.split(",")
|
|
|
|
|
.map((s) => s.trim().toLowerCase())
|
|
|
|
|
.filter((s) => s.length > 0);
|
|
|
|
|
return parsed.length > 0 ? parsed : [...DEFAULT_ALLOWED_TYPES];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check whether `contentType` matches any entry in `allowedPatterns`.
|
|
|
|
|
*
|
|
|
|
|
* Supports exact matches ("application/pdf") and wildcard / prefix
|
|
|
|
|
* patterns ("image/*", "application/vnd.openxmlformats-officedocument.*").
|
|
|
|
|
*/
|
|
|
|
|
export function matchesContentType(contentType: string, allowedPatterns: string[]): boolean {
|
|
|
|
|
const ct = contentType.toLowerCase();
|
|
|
|
|
return allowedPatterns.some((pattern) => {
|
2026-03-10 20:01:08 +05:30
|
|
|
if (pattern === "*") return true;
|
2026-03-10 19:40:22 +05:30
|
|
|
if (pattern.endsWith("/*") || pattern.endsWith(".*")) {
|
|
|
|
|
return ct.startsWith(pattern.slice(0, -1));
|
|
|
|
|
}
|
|
|
|
|
return ct === pattern;
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-05 06:29:33 -05:00
|
|
|
export function normalizeContentType(contentType: string | null | undefined): string {
|
|
|
|
|
const normalized = (contentType ?? "").trim().toLowerCase();
|
|
|
|
|
return normalized || DEFAULT_ATTACHMENT_CONTENT_TYPE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function isInlineAttachmentContentType(contentType: string): boolean {
|
|
|
|
|
return matchesContentType(contentType, [...INLINE_ATTACHMENT_TYPES]);
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-10 19:40:22 +05:30
|
|
|
// ---------- Module-level singletons read once at startup ----------
|
|
|
|
|
|
|
|
|
|
const allowedPatterns: string[] = parseAllowedTypes(
|
|
|
|
|
process.env.PAPERCLIP_ALLOWED_ATTACHMENT_TYPES,
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/** Convenience wrapper using the process-level allowed list. */
|
|
|
|
|
export function isAllowedContentType(contentType: string): boolean {
|
|
|
|
|
return matchesContentType(contentType, allowedPatterns);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export const MAX_ATTACHMENT_BYTES =
|
|
|
|
|
Number(process.env.PAPERCLIP_ATTACHMENT_MAX_BYTES) || 10 * 1024 * 1024;
|
[codex] Split backend control-plane QoL slice (#4700)
## Thinking Path
> - Paperclip is the control plane for autonomous AI companies, so
backend task ownership, recovery, review visibility, and company-scoped
limits need to stay enforceable without UI-only coupling.
> - Closed PR #4692 bundled those backend changes with UI workflow,
docs, skills, workflow, and lockfile churn.
> - PAP-2694 asks for a clean backend/control-plane slice from that
closed branch.
> - This branch starts from current `master` and mines only the `cli`,
`packages/db`, `packages/shared`, and `server` contracts/tests needed
for the backend behavior.
> - It explicitly excludes UI workflow/performance work,
`.github/workflows/pr.yml`, `pnpm-lock.yaml`, docs, skills,
package-script, adapter UI build-config, and perf fixture script
changes; the only UI files are fixture/test updates required by the
tightened shared `Company` contract.
> - The benefit is a smaller reviewable PR that preserves the
control-plane fixes while staying under Greptile s 100-file review
limit.
## What Changed
- Added company-scoped attachment-size limits through DB
schema/migrations, shared company portability contracts, CLI
import/export coverage, and server attachment upload enforcement.
- Added productivity review service/API behavior for no-comment streak,
long-active, and high-churn review issues, including request-depth
clamping and issue summary exposure.
- Hardened issue ownership and recovery/control-plane paths: peer-agent
mutation denial, issue tree pause/resume behavior, stranded recovery
origins, and related activity/test coverage.
- Preserved related backend contract updates for routine timestamp
variables and managed agent instruction bundles because they live in
shared/server contracts from the source branch.
- Addressed Greptile feedback by making `Company.attachmentMaxBytes`
non-optional, simplifying review request-depth clamping, fixing the
migration final newline, and enforcing the process-level attachment cap
as the final ceiling for uploads.
- Added minimal company fixtures needed for repo-wide typecheck/build
and kept the PR to 66 changed files with forbidden/non-slice paths
excluded.
## Verification
- `pnpm install --frozen-lockfile`
- `git diff --check origin/master..HEAD`
- `git diff --name-only origin/master..HEAD | wc -l` -> 66 files
- `git diff --name-only origin/master..HEAD -- .github/workflows/pr.yml
pnpm-lock.yaml package.json doc skills .agents scripts
packages/adapters` -> no output
- `pnpm exec vitest run --config vitest.config.ts
packages/shared/src/validators/issue.test.ts
packages/shared/src/routine-variables.test.ts
packages/shared/src/adapter-types.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
cli/src/__tests__/company.test.ts
server/src/__tests__/productivity-review-service.test.ts
server/src/__tests__/issue-tree-control-service.test.ts
server/src/__tests__/issue-tree-control-routes.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
server/src/__tests__/issue-attachment-routes.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts
server/src/__tests__/issues-service.test.ts` -> 12 files, 147 tests
passed
- `pnpm exec vitest run --config vitest.config.ts
cli/src/__tests__/company-delete.test.ts
cli/src/__tests__/company-import-export-e2e.test.ts
server/src/__tests__/productivity-review-service.test.ts` -> 3 files, 18
tests passed
- `pnpm exec vitest run --config vitest.config.ts
server/src/__tests__/issue-attachment-routes.test.ts` -> 1 file, 6 tests
passed
- `pnpm --filter @paperclipai/db typecheck && pnpm --filter
@paperclipai/shared typecheck && pnpm --filter @paperclipai/server
typecheck && pnpm --filter paperclipai typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm --filter @paperclipai/ui typecheck && pnpm --filter
@paperclipai/ui build`
## Risks
- Includes migrations `0073_shiny_salo.sql` and
`0074_striped_genesis.sql`; merge ordering matters if another PR adds
migrations first.
- This is intentionally backend-only apart from fixture/test updates
forced by shared type correctness; UI affordances from PR #4692 are not
present here and should land in separate UI slices.
- The worktree install emitted plugin SDK bin-link warnings for unbuilt
plugin packages, but the targeted tests and package typechecks completed
successfully.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected; check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub
workflow. Exact runtime context window was not exposed by the harness.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-28 16:46:45 -05:00
|
|
|
|
|
|
|
|
export function normalizeIssueAttachmentMaxBytes(value: number | null | undefined): number {
|
|
|
|
|
if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) {
|
|
|
|
|
return MAX_ATTACHMENT_BYTES;
|
|
|
|
|
}
|
|
|
|
|
return Math.min(Math.floor(value), MAX_COMPANY_ATTACHMENT_MAX_BYTES, MAX_ATTACHMENT_BYTES);
|
|
|
|
|
}
|