mirror of
https://github.com/alkimake/paperclip.git
synced 2026-06-19 20:10:39 +09:00
1f70fd9a22
## Thinking Path > - Paperclip orchestrates AI agents across isolated execution workspaces; the local cwd is the only persistence boundary between runs. > - Workspace lifecycle (worktree_prepare → execute → workspace_finalize) and the wake/accept flow are what guarantee that dependent issues see a consistent worktree. > - PAPA-380 / PAPA-431 / PAPA-432 / PAPA-440 surfaced three holes in that contract: silent env reuse across assignees, dependent wakes firing before finalize, and `issue.interaction.accept` advancing before finalize landed. > - PAPA-441 / PAPA-442 then needed to document the "no remote git" contract and prevent future adapter/runtime code from quietly reintroducing `git push` as a backdoor sync. > - This pull request lands those server fixes, the static `check-no-git-push` enforcement, the AUTHORING.md cross-link, and the Cody-review follow-ups on the PAPA-430 thread. > - The benefit is that finalize is a real barrier — board accepts, dependent wakes, and operator-set env all respect it — and adapter code can't bypass it via raw `git push`. ## What Changed - **server (PAPA-380, PAPA-431):** `execution-workspace-policy` refuses silent env reuse when the assignee's resolved env disagrees with the workspace it would inherit. The inheritance protection is now scoped to the actual inheritance signal — explicit issue-level `environmentId` is honored even when the agent's default env is `null`. - **server (PAPA-432):** `heartbeat.ts` gates dependent wakes on `listUnfinalizedExecutionWorkspaceIds`, and writes a `workspace_finalize` row on the succeeded path. Write failures now surface instead of being swallowed so dependents aren't silently stranded behind a missing row. - **server (PAPA-440):** `issue-thread-interactions.acceptInteraction` adds a workspace_finalize precondition for `request_confirmation` (not `suggest_tasks`). Accept returns 409 if finalize hasn't succeeded for the latest workspace operation. - **ci (PAPA-442):** new `scripts/check-no-git-push.mjs` static check scans `packages/adapters/`, `packages/adapter-utils/`, `server/src/`, and `cli/src/` for any `git push` invocation (string or args-array). Wired into the `policy` PR job and `test:release-registry`. Operators can opt in per-call with `// paperclip:allow-git-push: <reason>`. Release scripts are out of scope by design. - **docs (PAPA-441):** `AUTHORING.md` documents the no-remote-git contract and cross-links the static check so adapter authors learn the rule and the enforcement together. - **review follow-up (PAPA-430, Cody):** three fixes — env resolver bug, accept-gate scope (request_confirmation only), and finalize record write on the succeeded path. ## Verification - `pnpm exec vitest run server/src/__tests__/execution-workspace-policy.test.ts server/src/__tests__/issue-thread-interactions-service.test.ts` → 33/33 pass - `node scripts/check-no-git-push.test.mjs` → check covers string form, args-array form, comment exclusions, and per-line allow-comment. - Manual: server compiles; the policy job runs the check in <1s before heavier jobs. ## Risks - **Behavioral shift in accept:** boards accepting `request_confirmation` while finalize is in-flight now get 409s. This is intentional — they can retry — but it changes timing on a hot path. `suggest_tasks` is unaffected. - **Workspace policy:** the env-reuse refusal is a new error path. Issues that previously silently reused an env from a different-assignee workspace will now fail-loud; the resolver still honors explicit issue-level `executionWorkspaceSettings.environmentId`. - **CI rule:** any future legitimate `git push` in scoped dirs must be marked with the allow-comment, which is the intended ergonomic. ## Model Used - Claude Opus 4.7 (`claude-opus-4-7`, extended thinking), via Claude Code in the Paperclip executor adapter. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots (N/A — server/CI/docs only) - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge Closes related issues: PAPA-430, PAPA-380, PAPA-431, PAPA-432, PAPA-440, PAPA-441, PAPA-442 --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|---|---|---|
| .. | ||
| meta | ||
| 0000_mature_masked_marvel.sql | ||
| 0001_fast_northstar.sql | ||
| 0002_big_zaladane.sql | ||
| 0003_shallow_quentin_quire.sql | ||
| 0004_issue_identifiers.sql | ||
| 0005_chief_luke_cage.sql | ||
| 0006_overjoyed_mister_sinister.sql | ||
| 0007_new_quentin_quire.sql | ||
| 0008_amused_zzzax.sql | ||
| 0009_fast_jackal.sql | ||
| 0010_stale_justin_hammer.sql | ||
| 0011_windy_corsair.sql | ||
| 0012_perpetual_ser_duncan.sql | ||
| 0013_dashing_wasp.sql | ||
| 0014_many_mikhail_rasputin.sql | ||
| 0015_project_color_archived.sql | ||
| 0016_agent_icon.sql | ||
| 0017_tiresome_gabe_jones.sql | ||
| 0018_flat_sleepwalker.sql | ||
| 0019_public_victor_mancha.sql | ||
| 0020_white_anita_blake.sql | ||
| 0021_chief_vindicator.sql | ||
| 0022_company_brand_color.sql | ||
| 0023_fair_lethal_legion.sql | ||
| 0024_far_beast.sql | ||
| 0025_nasty_salo.sql | ||
| 0026_lying_pete_wisdom.sql | ||
| 0027_tranquil_tenebrous.sql | ||
| 0028_harsh_goliath.sql | ||
| 0029_plugin_tables.sql | ||
| 0030_rich_magneto.sql | ||
| 0031_zippy_magma.sql | ||
| 0032_pretty_doctor_octopus.sql | ||
| 0033_shiny_black_tarantula.sql | ||
| 0034_fat_dormammu.sql | ||
| 0035_marvelous_satana.sql | ||
| 0036_cheerful_nitro.sql | ||
| 0037_friendly_eddie_brock.sql | ||
| 0038_careless_iron_monger.sql | ||
| 0039_fat_magneto.sql | ||
| 0040_eager_shotgun.sql | ||
| 0041_curly_maria_hill.sql | ||
| 0042_spotty_the_renegades.sql | ||
| 0043_reflective_captain_universe.sql | ||
| 0044_illegal_toad.sql | ||
| 0045_workable_shockwave.sql | ||
| 0046_smooth_sentinels.sql | ||
| 0047_overjoyed_groot.sql | ||
| 0048_flashy_marrow.sql | ||
| 0049_flawless_abomination.sql | ||
| 0050_stiff_luckman.sql | ||
| 0051_young_korg.sql | ||
| 0052_mushy_trauma.sql | ||
| 0053_sharp_wild_child.sql | ||
| 0054_draft_routines.sql | ||
| 0055_kind_weapon_omega.sql | ||
| 0056_spooky_ultragirl.sql | ||
| 0057_tidy_join_requests.sql | ||
| 0058_wealthy_starbolt.sql | ||
| 0059_plugin_database_namespaces.sql | ||
| 0060_orange_annihilus.sql | ||
| 0061_lively_thor_girl.sql | ||
| 0062_routine_run_dispatch_fingerprint.sql | ||
| 0063_issue_thread_interactions.sql | ||
| 0064_issue_thread_interaction_idempotency.sql | ||
| 0065_environments.sql | ||
| 0066_issue_tree_holds.sql | ||
| 0067_agent_default_environment.sql | ||
| 0068_environment_local_driver_unique.sql | ||
| 0069_liveness_recovery_dedupe.sql | ||
| 0070_active_run_output_watchdog.sql | ||
| 0071_default_hire_approval_off.sql | ||
| 0072_large_sandman.sql | ||
| 0073_shiny_salo.sql | ||
| 0074_striped_genesis.sql | ||
| 0075_cultured_sebastian_shaw.sql | ||
| 0076_useful_elektra.sql | ||
| 0077_unusual_karnak.sql | ||
| 0078_white_darwin.sql | ||
| 0079_company_search_document_indexes.sql | ||
| 0080_company_search_fuzzystrmatch.sql | ||
| 0081_optimal_dormammu.sql | ||
| 0082_dry_vision.sql | ||
| 0083_company_secret_provider_configs.sql | ||
| 0084_issue_recovery_actions.sql | ||
| 0085_tranquil_the_executioner.sql | ||
| 0086_routine_env_runtime_contract.sql | ||
| 0087_backfill_environment_manage_human_defaults.sql | ||
| 0088_backfill_principal_access_compatibility.sql | ||
| 0089_cloud_upstreams.sql | ||
| 0090_resource_memberships.sql | ||
| 0091_old_swarm.sql | ||
| 0092_mighty_puma.sql | ||
| 0093_giant_green_goblin.sql | ||