2026-03-08 16:43:34 +05:30
import fs from "node:fs/promises" ;
import type { Dirent } from "node:fs" ;
import os from "node:os" ;
import path from "node:path" ;
import { fileURLToPath } from "node:url" ;
import type { AdapterExecutionContext , AdapterExecutionResult } from "@paperclipai/adapter-utils" ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
import {
adapterExecutionTargetIsRemote ,
adapterExecutionTargetPaperclipApiUrl ,
adapterExecutionTargetRemoteCwd ,
adapterExecutionTargetSessionIdentity ,
adapterExecutionTargetSessionMatches ,
adapterExecutionTargetUsesManagedHome ,
describeAdapterExecutionTarget ,
ensureAdapterExecutionTargetCommandResolvable ,
prepareAdapterExecutionTargetRuntime ,
readAdapterExecutionTarget ,
readAdapterExecutionTargetHomeDir ,
resolveAdapterExecutionTargetCommandForLogs ,
runAdapterExecutionTargetProcess ,
runAdapterExecutionTargetShellCommand ,
} from "@paperclipai/adapter-utils/execution-target" ;
2026-03-08 16:43:34 +05:30
import {
asBoolean ,
asNumber ,
asString ,
asStringArray ,
buildPaperclipEnv ,
2026-03-28 15:42:14 -05:00
buildInvocationEnvForLogs ,
2026-03-08 16:43:34 +05:30
ensureAbsoluteDirectory ,
2026-03-12 15:44:44 -05:00
ensurePaperclipSkillSymlink ,
2026-03-13 08:49:11 -05:00
joinPromptSections ,
2026-03-08 16:43:34 +05:30
ensurePathInEnv ,
2026-03-15 07:05:01 -05:00
readPaperclipRuntimeSkillEntries ,
resolvePaperclipDesiredSkillNames ,
2026-03-12 15:57:37 -05:00
removeMaintainerOnlySkillSymlinks ,
2026-03-08 16:43:34 +05:30
parseObject ,
renderTemplate ,
2026-03-28 09:55:41 -05:00
renderPaperclipWakePrompt ,
stringifyPaperclipWakePayload ,
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE ,
2026-03-08 16:43:34 +05:30
runChildProcess ,
} from "@paperclipai/adapter-utils/server-utils" ;
import { DEFAULT_GEMINI_LOCAL_MODEL } from "../index.js" ;
2026-03-09 15:16:15 +00:00
import {
describeGeminiFailure ,
detectGeminiAuthRequired ,
isGeminiTurnLimitResult ,
isGeminiUnknownSessionError ,
parseGeminiJsonl ,
} from "./parse.js" ;
2026-03-08 19:20:43 +05:30
import { firstNonEmptyLine } from "./utils.js" ;
2026-03-08 16:43:34 +05:30
const __moduleDir = path . dirname ( fileURLToPath ( import . meta . url ) ) ;
function hasNonEmptyEnvValue ( env : Record < string , string > , key : string ) : boolean {
const raw = env [ key ] ;
return typeof raw === "string" && raw . trim ( ) . length > 0 ;
}
function resolveGeminiBillingType ( env : Record < string , string > ) : "api" | "subscription" {
return hasNonEmptyEnvValue ( env , "GEMINI_API_KEY" ) || hasNonEmptyEnvValue ( env , "GOOGLE_API_KEY" )
? "api"
: "subscription" ;
}
function renderPaperclipEnvNote ( env : Record < string , string > ) : string {
const paperclipKeys = Object . keys ( env )
. filter ( ( key ) = > key . startsWith ( "PAPERCLIP_" ) )
. sort ( ) ;
if ( paperclipKeys . length === 0 ) return "" ;
return [
"Paperclip runtime note:" ,
` The following PAPERCLIP_* environment variables are available in this run: ${ paperclipKeys . join ( ", " ) } ` ,
"Do not assume these variables are missing without checking your shell environment." ,
"" ,
"" ,
] . join ( "\n" ) ;
}
2026-03-12 01:34:00 +00:00
function renderApiAccessNote ( env : Record < string , string > ) : string {
if ( ! hasNonEmptyEnvValue ( env , "PAPERCLIP_API_URL" ) || ! hasNonEmptyEnvValue ( env , "PAPERCLIP_API_KEY" ) ) return "" ;
return [
"Paperclip API access note:" ,
"Use run_shell_command with curl to make Paperclip API requests." ,
"GET example:" ,
` run_shell_command({ command: "curl -s -H \\ "Authorization: Bearer $ PAPERCLIP_API_KEY \\ " \\ " $ PAPERCLIP_API_URL/api/agents/me \\ "" }) ` ,
"POST/PATCH example:" ,
` run_shell_command({ command: "curl -s -X POST -H \\ "Authorization: Bearer $ PAPERCLIP_API_KEY \\ " -H 'Content-Type: application/json' -H \\ "X-Paperclip-Run-Id: $ PAPERCLIP_RUN_ID \\ " -d '{...}' \\ " $ PAPERCLIP_API_URL/api/issues/{id}/checkout \\ "" }) ` ,
"" ,
"" ,
] . join ( "\n" ) ;
}
2026-03-10 01:12:54 +00:00
function geminiSkillsHome ( ) : string {
return path . join ( os . homedir ( ) , ".gemini" , "skills" ) ;
}
2026-03-08 19:20:43 +05:30
/ * *
2026-03-10 01:12:54 +00:00
* Inject Paperclip skills directly into ` ~/.gemini/skills/ ` via symlinks .
* This avoids needing GEMINI_CLI_HOME overrides , so the CLI naturally finds
* both its auth credentials and the injected skills in the real home directory .
2026-03-08 19:20:43 +05:30
* /
2026-03-10 01:12:54 +00:00
async function ensureGeminiSkillsInjected (
onLog : AdapterExecutionContext [ "onLog" ] ,
2026-03-16 18:27:20 -05:00
skillsEntries : Array < { key : string ; runtimeName : string ; source : string } > ,
2026-03-14 19:22:23 -05:00
desiredSkillNames? : string [ ] ,
2026-03-10 01:12:54 +00:00
) : Promise < void > {
2026-03-16 18:27:20 -05:00
const desiredSet = new Set ( desiredSkillNames ? ? skillsEntries . map ( ( entry ) = > entry . key ) ) ;
const selectedEntries = skillsEntries . filter ( ( entry ) = > desiredSet . has ( entry . key ) ) ;
2026-03-15 07:05:01 -05:00
if ( selectedEntries . length === 0 ) return ;
2026-03-10 01:12:54 +00:00
const skillsHome = geminiSkillsHome ( ) ;
try {
await fs . mkdir ( skillsHome , { recursive : true } ) ;
} catch ( err ) {
await onLog (
"stderr" ,
` [paperclip] Failed to prepare Gemini skills directory ${ skillsHome } : ${ err instanceof Error ? err.message : String ( err ) } \ n ` ,
) ;
return ;
}
2026-03-12 15:57:37 -05:00
const removedSkills = await removeMaintainerOnlySkillSymlinks (
skillsHome ,
2026-03-16 18:27:20 -05:00
selectedEntries . map ( ( entry ) = > entry . runtimeName ) ,
2026-03-12 15:57:37 -05:00
) ;
for ( const skillName of removedSkills ) {
await onLog (
"stderr" ,
` [paperclip] Removed maintainer-only Gemini skill " ${ skillName } " from ${ skillsHome } \ n ` ,
) ;
}
2026-03-10 01:12:54 +00:00
2026-03-15 07:05:01 -05:00
for ( const entry of selectedEntries ) {
2026-03-16 18:27:20 -05:00
const target = path . join ( skillsHome , entry . runtimeName ) ;
2026-03-10 01:12:54 +00:00
try {
2026-03-12 15:44:44 -05:00
const result = await ensurePaperclipSkillSymlink ( entry . source , target ) ;
if ( result === "skipped" ) continue ;
await onLog (
"stderr" ,
2026-03-16 18:27:20 -05:00
` [paperclip] ${ result === "repaired" ? "Repaired" : "Linked" } Gemini skill: ${ entry . key } \ n ` ,
2026-03-12 15:44:44 -05:00
) ;
2026-03-10 01:12:54 +00:00
} catch ( err ) {
await onLog (
"stderr" ,
2026-03-16 18:27:20 -05:00
` [paperclip] Failed to link Gemini skill " ${ entry . key } ": ${ err instanceof Error ? err.message : String ( err ) } \ n ` ,
2026-03-08 16:43:34 +05:30
) ;
}
}
}
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
async function buildGeminiSkillsDir (
config : Record < string , unknown > ,
) : Promise < string > {
const tmp = await fs . mkdtemp ( path . join ( os . tmpdir ( ) , "paperclip-gemini-skills-" ) ) ;
const target = path . join ( tmp , "skills" ) ;
await fs . mkdir ( target , { recursive : true } ) ;
const availableEntries = await readPaperclipRuntimeSkillEntries ( config , __moduleDir ) ;
const desiredNames = new Set ( resolvePaperclipDesiredSkillNames ( config , availableEntries ) ) ;
for ( const entry of availableEntries ) {
if ( ! desiredNames . has ( entry . key ) ) continue ;
await fs . symlink ( entry . source , path . join ( target , entry . runtimeName ) ) ;
}
return target ;
}
2026-03-08 16:43:34 +05:30
export async function execute ( ctx : AdapterExecutionContext ) : Promise < AdapterExecutionResult > {
2026-03-19 11:20:36 -05:00
const { runId , agent , runtime , config , context , onLog , onMeta , onSpawn , authToken } = ctx ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
const executionTarget = readAdapterExecutionTarget ( {
executionTarget : ctx.executionTarget ,
legacyRemoteExecution : ctx.executionTransport?.remoteExecution ,
} ) ;
const executionTargetIsRemote = adapterExecutionTargetIsRemote ( executionTarget ) ;
2026-03-08 16:43:34 +05:30
const promptTemplate = asString (
config . promptTemplate ,
[codex] Add run liveness continuations (#4083)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies.
> - Heartbeat runs are the control-plane record of each agent execution
window.
> - Long-running local agents can exhaust context or stop while still
holding useful next-step state.
> - Operators need that stop reason, next action, and continuation path
to be durable and visible.
> - This pull request adds run liveness metadata, continuation
summaries, and UI surfaces for issue run ledgers.
> - The benefit is that interrupted or long-running work can resume with
clearer context instead of losing the agent's last useful handoff.
## What Changed
- Added heartbeat-run liveness fields, continuation attempt tracking,
and an idempotent `0058` migration.
- Added server services and tests for run liveness, continuation
summaries, stop metadata, and activity backfill.
- Wired local and HTTP adapters to surface continuation/liveness context
through shared adapter utilities.
- Added shared constants, validators, and heartbeat types for liveness
continuation state.
- Added issue-detail UI surfaces for continuation handoffs and the run
ledger, with component tests.
- Updated agent runtime docs, heartbeat protocol docs, prompt guidance,
onboarding assets, and skills instructions to explain continuation
behavior.
- Addressed Greptile feedback by scoping document evidence by run,
excluding system continuation-summary documents from liveness evidence,
importing shared liveness types, surfacing hidden ledger run counts,
documenting bounded retry behavior, and moving run-ledger liveness
backfill off the request path.
## Verification
- `pnpm exec vitest run packages/adapter-utils/src/server-utils.test.ts
server/src/__tests__/run-continuations.test.ts
server/src/__tests__/run-liveness.test.ts
server/src/__tests__/activity-service.test.ts
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-continuation-summary.test.ts
server/src/services/heartbeat-stop-metadata.test.ts
ui/src/components/IssueRunLedger.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/components/IssueDocumentsSection.test.tsx`
- `pnpm --filter @paperclipai/db build`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm --filter @paperclipai/server typecheck`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/run-continuations.test.ts
ui/src/components/IssueRunLedger.test.tsx`
- `pnpm exec vitest run
server/src/__tests__/heartbeat-process-recovery.test.ts -t "treats a
plan document update"`
- `pnpm exec vitest run server/src/__tests__/activity-service.test.ts
server/src/__tests__/heartbeat-process-recovery.test.ts -t "activity
service|treats a plan document update"`
- Remote PR checks on head `e53b1a1d`: `verify`, `e2e`, `policy`, and
Snyk all passed.
- Confirmed `public-gh/master` is an ancestor of this branch after
fetching `public-gh master`.
- Confirmed `pnpm-lock.yaml` is not included in the branch diff.
- Confirmed migration `0058_wealthy_starbolt.sql` is ordered after
`0057` and uses `IF NOT EXISTS` guards for repeat application.
- Greptile inline review threads are resolved.
## Risks
- Medium risk: this touches heartbeat execution, liveness recovery,
activity rendering, issue routes, shared contracts, docs, and UI.
- Migration risk is mitigated by additive columns/indexes and idempotent
guards.
- Run-ledger liveness backfill is now asynchronous, so the first ledger
response can briefly show historical missing liveness until the
background backfill completes.
- UI screenshot coverage is not included in this packaging pass;
validation is currently through focused component tests.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5.4, local tool-use coding agent with terminal, git,
GitHub connector, GitHub CLI, and Paperclip API access.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
Screenshot note: no before/after screenshots were captured in this PR
packaging pass; the UI changes are covered by focused component tests
listed above.
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-04-20 06:01:49 -05:00
DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE ,
2026-03-08 16:43:34 +05:30
) ;
const command = asString ( config . command , "gemini" ) ;
const model = asString ( config . model , DEFAULT_GEMINI_LOCAL_MODEL ) . trim ( ) ;
2026-03-09 15:16:15 +00:00
const sandbox = asBoolean ( config . sandbox , false ) ;
2026-03-08 16:43:34 +05:30
const workspaceContext = parseObject ( context . paperclipWorkspace ) ;
const workspaceCwd = asString ( workspaceContext . cwd , "" ) ;
const workspaceSource = asString ( workspaceContext . source , "" ) ;
const workspaceId = asString ( workspaceContext . workspaceId , "" ) ;
const workspaceRepoUrl = asString ( workspaceContext . repoUrl , "" ) ;
const workspaceRepoRef = asString ( workspaceContext . repoRef , "" ) ;
2026-03-14 00:36:53 -07:00
const agentHome = asString ( workspaceContext . agentHome , "" ) ;
2026-03-08 16:43:34 +05:30
const workspaceHints = Array . isArray ( context . paperclipWorkspaces )
? context . paperclipWorkspaces . filter (
2026-03-08 19:20:43 +05:30
( value ) : value is Record < string , unknown > = > typeof value === "object" && value !== null ,
)
2026-03-08 16:43:34 +05:30
: [ ] ;
const configuredCwd = asString ( config . cwd , "" ) ;
const useConfiguredInsteadOfAgentHome = workspaceSource === "agent_home" && configuredCwd . length > 0 ;
const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd ;
const cwd = effectiveWorkspaceCwd || configuredCwd || process . cwd ( ) ;
await ensureAbsoluteDirectory ( cwd , { createIfMissing : true } ) ;
2026-03-15 07:05:01 -05:00
const geminiSkillEntries = await readPaperclipRuntimeSkillEntries ( config , __moduleDir ) ;
const desiredGeminiSkillNames = resolvePaperclipDesiredSkillNames ( config , geminiSkillEntries ) ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
if ( ! executionTargetIsRemote ) {
await ensureGeminiSkillsInjected ( onLog , geminiSkillEntries , desiredGeminiSkillNames ) ;
}
2026-03-08 16:43:34 +05:30
const envConfig = parseObject ( config . env ) ;
const hasExplicitApiKey =
typeof envConfig . PAPERCLIP_API_KEY === "string" && envConfig . PAPERCLIP_API_KEY . trim ( ) . length > 0 ;
const env : Record < string , string > = { . . . buildPaperclipEnv ( agent ) } ;
env . PAPERCLIP_RUN_ID = runId ;
const wakeTaskId =
( typeof context . taskId === "string" && context . taskId . trim ( ) . length > 0 && context . taskId . trim ( ) ) ||
( typeof context . issueId === "string" && context . issueId . trim ( ) . length > 0 && context . issueId . trim ( ) ) ||
null ;
const wakeReason =
typeof context . wakeReason === "string" && context . wakeReason . trim ( ) . length > 0
? context . wakeReason . trim ( )
: null ;
const wakeCommentId =
( typeof context . wakeCommentId === "string" && context . wakeCommentId . trim ( ) . length > 0 && context . wakeCommentId . trim ( ) ) ||
( typeof context . commentId === "string" && context . commentId . trim ( ) . length > 0 && context . commentId . trim ( ) ) ||
null ;
const approvalId =
typeof context . approvalId === "string" && context . approvalId . trim ( ) . length > 0
? context . approvalId . trim ( )
: null ;
const approvalStatus =
typeof context . approvalStatus === "string" && context . approvalStatus . trim ( ) . length > 0
? context . approvalStatus . trim ( )
: null ;
const linkedIssueIds = Array . isArray ( context . issueIds )
? context . issueIds . filter ( ( value ) : value is string = > typeof value === "string" && value . trim ( ) . length > 0 )
: [ ] ;
2026-03-28 09:55:41 -05:00
const wakePayloadJson = stringifyPaperclipWakePayload ( context . paperclipWake ) ;
2026-03-08 16:43:34 +05:30
if ( wakeTaskId ) env . PAPERCLIP_TASK_ID = wakeTaskId ;
if ( wakeReason ) env . PAPERCLIP_WAKE_REASON = wakeReason ;
if ( wakeCommentId ) env . PAPERCLIP_WAKE_COMMENT_ID = wakeCommentId ;
if ( approvalId ) env . PAPERCLIP_APPROVAL_ID = approvalId ;
if ( approvalStatus ) env . PAPERCLIP_APPROVAL_STATUS = approvalStatus ;
if ( linkedIssueIds . length > 0 ) env . PAPERCLIP_LINKED_ISSUE_IDS = linkedIssueIds . join ( "," ) ;
2026-03-28 09:55:41 -05:00
if ( wakePayloadJson ) env . PAPERCLIP_WAKE_PAYLOAD_JSON = wakePayloadJson ;
2026-03-08 16:43:34 +05:30
if ( effectiveWorkspaceCwd ) env . PAPERCLIP_WORKSPACE_CWD = effectiveWorkspaceCwd ;
if ( workspaceSource ) env . PAPERCLIP_WORKSPACE_SOURCE = workspaceSource ;
if ( workspaceId ) env . PAPERCLIP_WORKSPACE_ID = workspaceId ;
if ( workspaceRepoUrl ) env . PAPERCLIP_WORKSPACE_REPO_URL = workspaceRepoUrl ;
if ( workspaceRepoRef ) env . PAPERCLIP_WORKSPACE_REPO_REF = workspaceRepoRef ;
2026-03-14 00:36:53 -07:00
if ( agentHome ) env . AGENT_HOME = agentHome ;
2026-03-08 16:43:34 +05:30
if ( workspaceHints . length > 0 ) env . PAPERCLIP_WORKSPACES_JSON = JSON . stringify ( workspaceHints ) ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
const targetPaperclipApiUrl = adapterExecutionTargetPaperclipApiUrl ( executionTarget ) ;
if ( targetPaperclipApiUrl ) env . PAPERCLIP_API_URL = targetPaperclipApiUrl ;
2026-03-08 16:43:34 +05:30
for ( const [ key , value ] of Object . entries ( envConfig ) ) {
if ( typeof value === "string" ) env [ key ] = value ;
}
if ( ! hasExplicitApiKey && authToken ) {
env . PAPERCLIP_API_KEY = authToken ;
}
2026-03-14 22:00:12 -05:00
const effectiveEnv = Object . fromEntries (
Object . entries ( { . . . process . env , . . . env } ) . filter (
( entry ) : entry is [ string , string ] = > typeof entry [ 1 ] === "string" ,
) ,
) ;
const billingType = resolveGeminiBillingType ( effectiveEnv ) ;
const runtimeEnv = ensurePathInEnv ( effectiveEnv ) ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
await ensureAdapterExecutionTargetCommandResolvable ( command , executionTarget , cwd , runtimeEnv ) ;
const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs ( command , executionTarget , cwd , runtimeEnv ) ;
2026-03-28 15:42:14 -05:00
const loggedEnv = buildInvocationEnvForLogs ( env , {
runtimeEnv ,
includeRuntimeKeys : [ "HOME" ] ,
resolvedCommand ,
} ) ;
2026-03-08 16:43:34 +05:30
const timeoutSec = asNumber ( config . timeoutSec , 0 ) ;
const graceSec = asNumber ( config . graceSec , 20 ) ;
const extraArgs = ( ( ) = > {
const fromExtraArgs = asStringArray ( config . extraArgs ) ;
if ( fromExtraArgs . length > 0 ) return fromExtraArgs ;
return asStringArray ( config . args ) ;
} ) ( ) ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
const effectiveExecutionCwd = adapterExecutionTargetRemoteCwd ( executionTarget , cwd ) ;
let restoreRemoteWorkspace : ( ( ) = > Promise < void > ) | null = null ;
let remoteSkillsDir : string | null = null ;
let localSkillsDir : string | null = null ;
if ( executionTargetIsRemote ) {
try {
localSkillsDir = await buildGeminiSkillsDir ( config ) ;
await onLog (
"stdout" ,
` [paperclip] Syncing workspace and Gemini runtime assets to ${ describeAdapterExecutionTarget ( executionTarget ) } . \ n ` ,
) ;
const preparedExecutionTargetRuntime = await prepareAdapterExecutionTargetRuntime ( {
target : executionTarget ,
adapterKey : "gemini" ,
workspaceLocalDir : cwd ,
assets : [ {
key : "skills" ,
localDir : localSkillsDir ,
followSymlinks : true ,
} ] ,
} ) ;
restoreRemoteWorkspace = ( ) = > preparedExecutionTargetRuntime . restoreWorkspace ( ) ;
const managedHome = adapterExecutionTargetUsesManagedHome ( executionTarget ) ;
if ( managedHome && preparedExecutionTargetRuntime . runtimeRootDir ) {
env . HOME = preparedExecutionTargetRuntime . runtimeRootDir ;
}
const remoteHomeDir = managedHome && preparedExecutionTargetRuntime . runtimeRootDir
? preparedExecutionTargetRuntime . runtimeRootDir
: await readAdapterExecutionTargetHomeDir ( runId , executionTarget , {
cwd ,
env ,
timeoutSec ,
graceSec ,
onLog ,
} ) ;
if ( remoteHomeDir && preparedExecutionTargetRuntime . assetDirs . skills ) {
remoteSkillsDir = path . posix . join ( remoteHomeDir , ".gemini" , "skills" ) ;
await runAdapterExecutionTargetShellCommand (
runId ,
executionTarget ,
` mkdir -p ${ JSON . stringify ( path . posix . dirname ( remoteSkillsDir ) ) } && rm -rf ${ JSON . stringify ( remoteSkillsDir ) } && cp -a ${ JSON . stringify ( preparedExecutionTargetRuntime . assetDirs . skills ) } ${ JSON . stringify ( remoteSkillsDir ) } ` ,
{ cwd , env , timeoutSec , graceSec , onLog } ,
) ;
}
} catch ( error ) {
await Promise . allSettled ( [
restoreRemoteWorkspace ? . ( ) ,
localSkillsDir ? fs . rm ( path . dirname ( localSkillsDir ) , { recursive : true , force : true } ) . catch ( ( ) = > undefined ) : Promise . resolve ( ) ,
] ) ;
throw error ;
}
}
2026-03-08 16:43:34 +05:30
const runtimeSessionParams = parseObject ( runtime . sessionParams ) ;
const runtimeSessionId = asString ( runtimeSessionParams . sessionId , runtime . sessionId ? ? "" ) ;
const runtimeSessionCwd = asString ( runtimeSessionParams . cwd , "" ) ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
const runtimeRemoteExecution = parseObject ( runtimeSessionParams . remoteExecution ) ;
2026-03-08 16:43:34 +05:30
const canResumeSession =
runtimeSessionId . length > 0 &&
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
( runtimeSessionCwd . length === 0 || path . resolve ( runtimeSessionCwd ) === path . resolve ( effectiveExecutionCwd ) ) &&
adapterExecutionTargetSessionMatches ( runtimeRemoteExecution , executionTarget ) ;
2026-03-08 16:43:34 +05:30
const sessionId = canResumeSession ? runtimeSessionId : null ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
if ( executionTargetIsRemote && runtimeSessionId && ! canResumeSession ) {
2026-03-08 16:43:34 +05:30
await onLog (
2026-03-18 21:16:37 -05:00
"stdout" ,
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
` [paperclip] Gemini session " ${ runtimeSessionId } " does not match the current remote execution identity and will not be resumed in " ${ effectiveExecutionCwd } ". Starting a fresh remote session. \ n ` ,
) ;
} else if ( runtimeSessionId && ! canResumeSession ) {
await onLog (
"stdout" ,
` [paperclip] Gemini session " ${ runtimeSessionId } " was saved for cwd " ${ runtimeSessionCwd } " and will not be resumed in " ${ effectiveExecutionCwd } ". \ n ` ,
2026-03-08 16:43:34 +05:30
) ;
}
const instructionsFilePath = asString ( config . instructionsFilePath , "" ) . trim ( ) ;
const instructionsDir = instructionsFilePath ? ` ${ path . dirname ( instructionsFilePath ) } / ` : "" ;
let instructionsPrefix = "" ;
if ( instructionsFilePath ) {
try {
const instructionsContents = await fs . readFile ( instructionsFilePath , "utf8" ) ;
instructionsPrefix =
` ${ instructionsContents } \ n \ n ` +
` The above agent instructions were loaded from ${ instructionsFilePath } . ` +
` Resolve any relative file references from ${ instructionsDir } . \ n \ n ` ;
} catch ( err ) {
const reason = err instanceof Error ? err.message : String ( err ) ;
await onLog (
2026-03-18 21:16:37 -05:00
"stdout" ,
2026-03-08 16:43:34 +05:30
` [paperclip] Warning: could not read agent instructions file " ${ instructionsFilePath } ": ${ reason } \ n ` ,
) ;
}
}
const commandNotes = ( ( ) = > {
2026-03-14 21:36:05 -05:00
const notes : string [ ] = [ "Prompt is passed to Gemini via --prompt for non-interactive execution." ] ;
2026-03-12 01:34:00 +00:00
notes . push ( "Added --approval-mode yolo for unattended execution." ) ;
2026-03-08 16:43:34 +05:30
if ( ! instructionsFilePath ) return notes ;
if ( instructionsPrefix . length > 0 ) {
notes . push (
` Loaded agent instructions from ${ instructionsFilePath } ` ,
` Prepended instructions + path directive to prompt (relative references from ${ instructionsDir } ). ` ,
) ;
return notes ;
}
notes . push (
` Configured instructionsFilePath ${ instructionsFilePath } , but file could not be read; continuing without injected instructions. ` ,
) ;
return notes ;
} ) ( ) ;
2026-03-13 08:49:11 -05:00
const bootstrapPromptTemplate = asString ( config . bootstrapPromptTemplate , "" ) ;
const templateData = {
2026-03-08 16:43:34 +05:30
agentId : agent.id ,
companyId : agent.companyId ,
runId ,
company : { id : agent.companyId } ,
agent ,
run : { id : runId , source : "on_demand" } ,
context ,
2026-03-13 08:49:11 -05:00
} ;
const renderedBootstrapPrompt =
! sessionId && bootstrapPromptTemplate . trim ( ) . length > 0
? renderTemplate ( bootstrapPromptTemplate , templateData ) . trim ( )
: "" ;
2026-03-28 10:33:40 -05:00
const wakePrompt = renderPaperclipWakePrompt ( context . paperclipWake , { resumedSession : Boolean ( sessionId ) } ) ;
const shouldUseResumeDeltaPrompt = Boolean ( sessionId ) && wakePrompt . length > 0 ;
const renderedPrompt = shouldUseResumeDeltaPrompt ? "" : renderTemplate ( promptTemplate , templateData ) ;
2026-03-13 08:49:11 -05:00
const sessionHandoffNote = asString ( context . paperclipSessionHandoffMarkdown , "" ) . trim ( ) ;
2026-03-08 16:43:34 +05:30
const paperclipEnvNote = renderPaperclipEnvNote ( env ) ;
2026-03-12 01:34:00 +00:00
const apiAccessNote = renderApiAccessNote ( env ) ;
2026-03-13 08:49:11 -05:00
const prompt = joinPromptSections ( [
instructionsPrefix ,
renderedBootstrapPrompt ,
2026-03-28 09:55:41 -05:00
wakePrompt ,
2026-03-13 08:49:11 -05:00
sessionHandoffNote ,
paperclipEnvNote ,
apiAccessNote ,
renderedPrompt ,
] ) ;
const promptMetrics = {
promptChars : prompt.length ,
instructionsChars : instructionsPrefix.length ,
bootstrapPromptChars : renderedBootstrapPrompt.length ,
2026-03-28 09:55:41 -05:00
wakePromptChars : wakePrompt.length ,
2026-03-13 08:49:11 -05:00
sessionHandoffChars : sessionHandoffNote.length ,
runtimeNoteChars : paperclipEnvNote.length + apiAccessNote . length ,
heartbeatPromptChars : renderedPrompt.length ,
} ;
2026-03-08 16:43:34 +05:30
const buildArgs = ( resumeSessionId : string | null ) = > {
const args = [ "--output-format" , "stream-json" ] ;
if ( resumeSessionId ) args . push ( "--resume" , resumeSessionId ) ;
if ( model && model !== DEFAULT_GEMINI_LOCAL_MODEL ) args . push ( "--model" , model ) ;
2026-03-12 01:34:00 +00:00
args . push ( "--approval-mode" , "yolo" ) ;
2026-03-09 15:16:15 +00:00
if ( sandbox ) {
args . push ( "--sandbox" ) ;
} else {
args . push ( "--sandbox=none" ) ;
}
2026-03-08 16:43:34 +05:30
if ( extraArgs . length > 0 ) args . push ( . . . extraArgs ) ;
2026-03-14 21:36:05 -05:00
args . push ( "--prompt" , prompt ) ;
2026-03-08 16:43:34 +05:30
return args ;
} ;
const runAttempt = async ( resumeSessionId : string | null ) = > {
const args = buildArgs ( resumeSessionId ) ;
if ( onMeta ) {
await onMeta ( {
adapterType : "gemini_local" ,
2026-03-28 15:42:14 -05:00
command : resolvedCommand ,
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
cwd : effectiveExecutionCwd ,
2026-03-08 16:43:34 +05:30
commandNotes ,
commandArgs : args.map ( ( value , index ) = > (
index === args . length - 1 ? ` <prompt ${ prompt . length } chars> ` : value
) ) ,
2026-03-28 15:42:14 -05:00
env : loggedEnv ,
2026-03-08 16:43:34 +05:30
prompt ,
2026-03-13 08:49:11 -05:00
promptMetrics ,
2026-03-08 16:43:34 +05:30
context ,
} ) ;
}
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
const proc = await runAdapterExecutionTargetProcess ( runId , executionTarget , command , args , {
2026-03-08 16:43:34 +05:30
cwd ,
env ,
timeoutSec ,
graceSec ,
2026-03-19 11:20:36 -05:00
onSpawn ,
2026-03-08 16:43:34 +05:30
onLog ,
} ) ;
return {
proc ,
parsed : parseGeminiJsonl ( proc . stdout ) ,
} ;
} ;
const toResult = (
attempt : {
proc : {
exitCode : number | null ;
signal : string | null ;
timedOut : boolean ;
stdout : string ;
stderr : string ;
} ;
parsed : ReturnType < typeof parseGeminiJsonl > ;
} ,
clearSessionOnMissingSession = false ,
2026-03-09 15:16:15 +00:00
isRetry = false ,
2026-03-08 16:43:34 +05:30
) : AdapterExecutionResult = > {
2026-03-09 15:16:15 +00:00
const authMeta = detectGeminiAuthRequired ( {
parsed : attempt.parsed.resultEvent ,
stdout : attempt.proc.stdout ,
stderr : attempt.proc.stderr ,
} ) ;
2026-03-08 16:43:34 +05:30
if ( attempt . proc . timedOut ) {
return {
exitCode : attempt.proc.exitCode ,
signal : attempt.proc.signal ,
timedOut : true ,
errorMessage : ` Timed out after ${ timeoutSec } s ` ,
2026-03-09 15:16:15 +00:00
errorCode : authMeta.requiresAuth ? "gemini_auth_required" : null ,
2026-03-08 16:43:34 +05:30
clearSession : clearSessionOnMissingSession ,
} ;
}
2026-03-09 15:16:15 +00:00
const clearSessionForTurnLimit = isGeminiTurnLimitResult ( attempt . parsed . resultEvent , attempt . proc . exitCode ) ;
// On retry, don't fall back to old session ID — the old session was stale
const canFallbackToRuntimeSession = ! isRetry ;
const resolvedSessionId = attempt . parsed . sessionId
? ? ( canFallbackToRuntimeSession ? ( runtimeSessionId ? ? runtime . sessionId ? ? null ) : null ) ;
2026-03-08 16:43:34 +05:30
const resolvedSessionParams = resolvedSessionId
? ( {
2026-03-08 19:20:43 +05:30
sessionId : resolvedSessionId ,
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
cwd : effectiveExecutionCwd ,
2026-03-08 19:20:43 +05:30
. . . ( workspaceId ? { workspaceId } : { } ) ,
. . . ( workspaceRepoUrl ? { repoUrl : workspaceRepoUrl } : { } ) ,
. . . ( workspaceRepoRef ? { repoRef : workspaceRepoRef } : { } ) ,
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
. . . ( executionTargetIsRemote
? {
remoteExecution : adapterExecutionTargetSessionIdentity ( executionTarget ) ,
}
: { } ) ,
2026-03-08 19:20:43 +05:30
} as Record < string , unknown > )
2026-03-08 16:43:34 +05:30
: null ;
const parsedError = typeof attempt . parsed . errorMessage === "string" ? attempt . parsed . errorMessage . trim ( ) : "" ;
const stderrLine = firstNonEmptyLine ( attempt . proc . stderr ) ;
2026-03-09 15:16:15 +00:00
const structuredFailure = attempt . parsed . resultEvent
? describeGeminiFailure ( attempt . parsed . resultEvent )
: null ;
2026-03-08 16:43:34 +05:30
const fallbackErrorMessage =
parsedError ||
2026-03-09 15:16:15 +00:00
structuredFailure ||
2026-03-08 16:43:34 +05:30
stderrLine ||
` Gemini exited with code ${ attempt . proc . exitCode ? ? - 1 } ` ;
return {
exitCode : attempt.proc.exitCode ,
signal : attempt.proc.signal ,
timedOut : false ,
errorMessage : ( attempt . proc . exitCode ? ? 0 ) === 0 ? null : fallbackErrorMessage ,
2026-03-10 01:15:20 +00:00
errorCode : ( attempt . proc . exitCode ? ? 0 ) !== 0 && authMeta . requiresAuth ? "gemini_auth_required" : null ,
2026-03-08 16:43:34 +05:30
usage : attempt.parsed.usage ,
sessionId : resolvedSessionId ,
sessionParams : resolvedSessionParams ,
sessionDisplayId : resolvedSessionId ,
provider : "google" ,
2026-03-14 22:00:12 -05:00
biller : "google" ,
2026-03-08 16:43:34 +05:30
model ,
billingType ,
costUsd : attempt.parsed.costUsd ,
2026-03-09 15:16:15 +00:00
resultJson : attempt.parsed.resultEvent ? ? {
2026-03-08 16:43:34 +05:30
stdout : attempt.proc.stdout ,
stderr : attempt.proc.stderr ,
} ,
summary : attempt.parsed.summary ,
2026-03-12 01:34:00 +00:00
question : attempt.parsed.question ,
2026-03-09 15:16:15 +00:00
clearSession : clearSessionForTurnLimit || Boolean ( clearSessionOnMissingSession && ! resolvedSessionId ) ,
2026-03-08 16:43:34 +05:30
} ;
} ;
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
try {
const initial = await runAttempt ( sessionId ) ;
if (
sessionId &&
! initial . proc . timedOut &&
( initial . proc . exitCode ? ? 0 ) !== 0 &&
isGeminiUnknownSessionError ( initial . proc . stdout , initial . proc . stderr )
) {
await onLog (
"stdout" ,
` [paperclip] Gemini resume session " ${ sessionId } " is unavailable; retrying with a fresh session. \ n ` ,
) ;
const retry = await runAttempt ( null ) ;
return toResult ( retry , true , true ) ;
}
2026-03-10 01:12:54 +00:00
Add SSH environment support (#4358)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The environments subsystem already models execution environments,
but before this branch there was no end-to-end SSH-backed runtime path
for agents to actually run work against a remote box
> - That meant agents could be configured around environment concepts
without a reliable way to execute adapter sessions remotely, sync
workspace state, and preserve run context across supported adapters
> - We also need environment selection to participate in normal
Paperclip control-plane behavior: agent defaults, project/issue
selection, route validation, and environment probing
> - Because this capability is still experimental, the UI surface should
be easy to hide and easy to remove later without undoing the underlying
implementation
> - This pull request adds SSH environment execution support across the
runtime, adapters, routes, schema, and tests, then puts the visible
environment-management UI behind an experimental flag
> - The benefit is that we can validate real SSH-backed agent execution
now while keeping the user-facing controls safely gated until the
feature is ready to come out of experimentation
## What Changed
- Added SSH-backed execution target support in the shared adapter
runtime, including remote workspace preparation, skill/runtime asset
sync, remote session handling, and workspace restore behavior after
runs.
- Added SSH execution coverage for supported local adapters, plus remote
execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi.
- Added environment selection and environment-management backend support
needed for SSH execution, including route/service work, validation,
probing, and agent default environment persistence.
- Added CLI support for SSH environment lab verification and updated
related docs/tests.
- Added the `enableEnvironments` experimental flag and gated the
environment UI behind it on company settings, agent configuration, and
project configuration surfaces.
## Verification
- `pnpm exec vitest run
packages/adapters/claude-local/src/server/execute.remote.test.ts
packages/adapters/cursor-local/src/server/execute.remote.test.ts
packages/adapters/gemini-local/src/server/execute.remote.test.ts
packages/adapters/opencode-local/src/server/execute.remote.test.ts
packages/adapters/pi-local/src/server/execute.remote.test.ts`
- `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts`
- `pnpm exec vitest run
server/src/__tests__/instance-settings-routes.test.ts`
- `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts
ui/src/lib/new-agent-runtime-config.test.ts`
- `pnpm -r typecheck`
- `pnpm build`
- Manual verification on a branch-local dev server:
- enabled the experimental flag
- created an SSH environment
- created a Linux Claude agent using that environment
- confirmed a run executed on the Linux box and synced workspace changes
back
## Risks
- Medium: this touches runtime execution flow across multiple adapters,
so regressions would likely show up in remote session setup, workspace
sync, or environment selection precedence.
- The UI flag reduces exposure, but the underlying runtime and route
changes are still substantial and rely on migration correctness.
- The change set is broad across adapters, control-plane services,
migrations, and UI gating, so review should pay close attention to
environment-selection precedence and remote workspace lifecycle
behavior.
## Model Used
- OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding
model with tool use and code execution in the local repo workspace. The
local adapter does not surface a more specific public model version
string in this branch workflow.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-23 19:15:22 -07:00
return toResult ( initial ) ;
} finally {
await Promise . all ( [
restoreRemoteWorkspace ? . ( ) ,
localSkillsDir ? fs . rm ( path . dirname ( localSkillsDir ) , { recursive : true , force : true } ) . catch ( ( ) = > undefined ) : Promise . resolve ( ) ,
] ) ;
}
2026-03-08 16:43:34 +05:30
}
