Pino logged full Authorization headers in plaintext to server.log,
exposing JWT tokens to any process with filesystem read access.
Add redact paths so Bearer values appear as [Redacted] in log output.
Closes#2385
On the Paused tab every visible agent is paused, so applying
opacity-50 to all of them is redundant and makes the whole view
dim. Skip the dimming when tab === "paused" in both list and org
chart views. Pass tab prop through to OrgTreeNode for consistency.
Add test confirming that when a package's .paperclip.yaml extension
block omits the role field, the agent role is read from AGENTS.md
frontmatter instead of defaulting to "agent".
Long goal descriptions pushed the Create button below the viewport
with no way to scroll, making it impossible to submit the form. Add
overflow-y-auto and max-h-[50vh] to the description container so it
scrolls within the dialog while keeping the footer visible.
Closes#2631
Empty status columns took the same 260px width as populated ones,
wasting horizontal space and forcing unnecessary scrolling. Collapse
empty columns to 48px (showing only the status icon) and expand
them back when an issue is dragged over for drop targeting.
Closes#2279
Clearing the extra args field set the overlay value to undefined,
which gets dropped during object spread when building the PATCH
payload. The existing extraArgs from the agent config survived the
merge, making it impossible to clear the field. Use null so the
value explicitly overwrites the existing config entry.
Closes#2350
Paused agents were visually identical to active agents in both the
list view and org chart, making it hard to distinguish them at a
glance. Add opacity-50 to agent rows when pausedAt is set.
Closes#2199
Package imports defaulted every agent's role to "agent" when the
extension block omitted the role field, even when the YAML frontmatter
contained the correct role (e.g. "ceo"). Read from frontmatter as a
fallback before the "agent" default so imported CEOs retain their role.
Closes#1990
Issue 1: add executionAgentNameKey = null alongside executionRunId in
Fix B (status change, reassignment) and Fix C (staleness clear UPDATE),
matching the existing pattern used everywhere else in the codebase.
Issue 2: wrap Fix C staleness pre-check in a db.transaction with
SELECT ... FOR UPDATE to make the read + conditional clear atomic,
consistent with the enqueueWakeup() pattern.
When a comment has both helpful/needswork feedback buttons and a run link,
the run link now appears right-aligned in the same row instead of a separate
section below. Comments with only a run link (no feedback buttons) still
show the run link in its own bordered row.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The "Don't allow" button in the feedback sharing preference modal
should be visually distinct from "Always allow" by using an outline
variant instead of the default solid primary style.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Part A: Move executionRunId assignment from enqueueWakeup() to
claimQueuedRun() — lazy locking prevents stale locks on queued runs.
Part B: Clear executionRunId when assigneeAgentId changes in issues.ts
line 759, matching existing checkoutRunId clear behavior.
Part C: Add staleness detection at checkout path.
Fixes: 4 confirmed incidents where stale executionRunId caused 409
checkout conflicts on new and reassigned issues.
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The web UI includes an agent detail page with an Instructions tab
for editing agent prompts
> - The Instructions tab used `max-w-6xl` (1152px) to constrain its
two-panel layout (file tree + editor)
> - The floating Cancel/Save buttons used `float-right` at the full page
width, disconnecting them from the constrained content
> - This also left a large empty margin on the right side at wider
viewports
> - This pull request removes `max-w-6xl` so the flex layout fills
available width
> - The benefit is buttons now align with the content edge, and the
right margin is eliminated
## What Changed
- Removed `max-w-6xl` from the `PromptsTab` container in
`ui/src/pages/AgentDetail.tsx:1920`
- The file panel + editor flex layout now fills the available page width
naturally
## Verification
- Navigate to any agent's Instructions tab at a wide viewport (1920px+)
- Before: content stops at 1152px with a gap to the right; Cancel/Save
buttons float to the far edge
- After: content fills available width; Cancel/Save buttons sit flush
with the editor panel
## Risks
- Low risk — only removes a max-width constraint on a single tab's
container. Other tabs (Configuration, Skills, etc.) are unaffected.
## CI Note
The test failure in `feedback-service.test.ts:714` is **pre-existing**
and unrelated to this change. A PII redaction filter is incorrectly
treating a UUID segment (`5618-4783`) as a phone number, producing
`[REDACTED_PHONE]` in the expected UUID value.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [ ] I have run tests locally and they pass
- [ ] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [ ] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Contributors submit pull requests to improve the codebase
> - We have a PR template at `.github/PULL_REQUEST_TEMPLATE.md` that
standardizes PR descriptions
> - But PRs created via the API or other tooling sometimes bypass the
template
> - We also require Greptile automated review and passing tests, but
this wasn't clearly documented
> - This PR updates CONTRIBUTING.md to explicitly require use of the PR
template, a 5/5 Greptile score, and passing tests
> - The benefit is contributors have clear, upfront expectations for
what a mergeable PR looks like
## What Changed
- Added a new "PR Requirements (all PRs)" section to CONTRIBUTING.md
with three subsections:
- **Use the PR Template** — links to `.github/PULL_REQUEST_TEMPLATE.md`
and explains it must be used even when creating PRs outside the GitHub
UI
- **Tests Must Pass** — requires local test runs and green CI
- **Greptile Review** — requires 5/5 score with all comments addressed
- Updated Path 1 and Path 2 bullet points to reference the PR template,
Greptile 5/5, and CI requirements specifically
- Updated "Writing a Good PR message" section to link to the PR template
and clarify all sections are required
## Verification
- Read the updated CONTRIBUTING.md and verify it clearly references the
PR template, Greptile 5/5 requirement, and test requirements
- Verify all links to `.github/PULL_REQUEST_TEMPLATE.md` resolve
correctly
## Risks
- Low risk — documentation-only change, no code affected
## Model Used
- Provider: Anthropic Claude
- Model ID: claude-opus-4-6 (1M context)
- Capabilities: tool use, code editing
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - The UI includes an inline markdown editor (MDXEditor) for editing
agent instruction files like AGENTS.md
> - The editor should render in monospace to match how markdown/code
files look in a text editor
> - The `AgentDetail.tsx` component already passes `font-mono` via
Tailwind's `contentClassName`, but it wasn't taking effect
> - Two CSS rules in `index.css` set `font-family: inherit`, which
overrode the Tailwind utility due to specificity/source order
> - This PR removes those overrides so `font-mono` applies correctly
> - The benefit is the markdown editor now renders in monospace
(Menlo/SF Mono), matching user expectations for code/config files
## What Changed
- Removed `font-family: inherit` from `.paperclip-mdxeditor
[class*="_placeholder_"]` in `ui/src/index.css`
- Removed `font-family: inherit` from `.paperclip-mdxeditor-content` in
`ui/src/index.css`
## Verification
- Navigate to any agent's Instructions tab in the Paperclip UI
- Confirm the markdown editor content renders in a monospace font
(Menlo/SF Mono)
- Visually verified by user on a live dev server
## Risks
- Low risk. Only removes two CSS declarations. Non-monospace editors are
unaffected since `font-mono` is only applied to agent instruction files
via `contentClassName` in `AgentDetail.tsx`.
## Screenshots
Before:
<img width="934" height="1228" alt="Screenshot 2026-04-02 at 10 46
06 PM"
src="https://github.com/user-attachments/assets/5d84f913-cbea-4206-9d41-3f283209c009"
/>
After:
<img width="1068" height="1324" alt="PNG image"
src="https://github.com/user-attachments/assets/2040e812-d9ca-4b37-b73b-ce05cf52168c"
/>
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Paperclip <noreply@paperclip.ing>
Two code paths in issueService.checkout() used rows[0]! when
re-reading an issue after stale-run adoption or self-ownership
verification. If the issue is deleted concurrently (company cascade,
API delete), rows[0] is undefined and withIssueLabels crashes with
an unhandled TypeError.
Replace both with rows[0] ?? null and throw notFound when the row
is missing, returning a clean 404 instead of an uncaught exception.
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Agents run shell commands during workspace provisioning (git
worktree creation, runtime services)
> - When `process.env.SHELL` is unset, the code falls back to `/bin/sh`
> - But on Windows with Git Bash, `/bin/sh` doesn't exist as an absolute
path — Git Bash provides `sh` on PATH instead
> - This causes `child_process.spawn` to throw `ENOENT`, crashing
workspace provisioning on Windows
> - This PR extracts a `resolveShell()` helper that uses `$SHELL` when
set, falls back to `sh` (bare) on Windows or `/bin/sh` on Unix
> - The benefit is that agents running on Windows via Git Bash can
provision workspaces without shell resolution errors
## Summary
- `workspace-runtime.ts` falls back to `/bin/sh` when
`process.env.SHELL` is unset
- On Windows, `/bin/sh` doesn't exist → `spawn /bin/sh ENOENT`
- Fix: extract `resolveShell()` helper that uses `$SHELL` when set,
falls back to `sh` on Windows (Git Bash PATH lookup) or `/bin/sh` on
Unix
Three call sites updated to use the new helper.
Fixes#892
## Root cause
When Paperclip spawns shell commands in workspace operations (e.g., git
worktree creation), it uses `process.env.SHELL` if set, otherwise
defaults to `/bin/sh`. On Windows with Git Bash, `$SHELL` is typically
unset and `/bin/sh` is not a valid path — Git Bash provides `sh` on PATH
but not at the absolute `/bin/sh` location. This causes
`child_process.spawn` to throw `ENOENT`.
## Approach
Rather than hard-coding a Windows-specific absolute path (e.g.,
`C:\Program Files\Git\bin\sh.exe`), we use the bare `"sh"` command which
relies on PATH resolution. This works because:
1. Git Bash adds its `usr/bin` directory to PATH, making `sh` resolvable
2. On Unix/macOS, `/bin/sh` remains the correct default (it's the POSIX
standard location)
3. `process.env.SHELL` takes priority when set, so this only affects the
fallback
## Test plan
- [x] 7 unit tests for `resolveShell()`: SHELL set, trimmed, empty,
whitespace-only, linux/darwin/win32 fallbacks
- [x] Run a workspace provision command on Windows with `git_worktree`
strategy
- [x] Verify Unix/macOS is unaffected
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Devin Foley <devin@devinfoley.com>
Add a required "Model Used" section to the PR template so contributors
document which AI model (with version, context window, reasoning mode,
and other capability details) was used for each change. Also adds a
corresponding checklist item.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Agents receiving issue context via GET /issues/:id/heartbeat-context
had no way to discover file attachments — the endpoint returned issue
metadata, ancestors, project, goal, and comment cursor but omitted
attachments entirely. Users attaching files through the UI would then
see agents ask for documents that were already uploaded.
Fetch attachments in parallel with the existing queries and append a
lightweight summary (id, filename, contentType, byteSize, contentPath)
to the response so agents can detect and retrieve attached files on
their first heartbeat without an extra round-trip.
Closes#2536
The agent.task_completed event was sending adapterType (e.g. "claude_local")
as the agent_role dimension instead of the actual role (e.g. "engineer").
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Expose telemetry.track through the plugin SDK and server host bridge, forward plugin-prefixed events into the shared telemetry client, and demonstrate the capability in the kitchen sink example.\n\nCo-Authored-By: Paperclip <noreply@paperclip.ing>
