mirror of
https://github.com/alkimake/paperclip.git
synced 2026-06-14 01:50:39 +09:00
8da50dbcf8
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies. > - Fresh self-hosted deployments need an operator path before any invite exists. > - Umbrel installs are private LAN deployments, so a one-time browser claim is appropriate only when the deployment is private and unclaimed. > - Public deployments and installs with active invites must keep the existing invite-only model so admin creation is not exposed broadly. > - GitHub PR #2927 established the useful direction, but it needed to be adapted onto current `master` rather than merged as-is. > - This pull request adds that adapted private-only claim flow across server, UI, docs, and regression coverage. > - The benefit is that a fresh private Umbrel-style install can be claimed from the browser without weakening public deployment access. ## What Changed - Added a first-admin claim service and access route support for one-time admin claim eligibility on private unclaimed deployments. - Updated the bootstrap/access UI so eligible private installs show a setup claim path, while public and invited deployments keep invite-first behavior. - Added a bootstrap-pending setup UX lab covering claim, invite, public, and signed-in access states. - Updated deployment and local development docs for authenticated private/public behavior and the Umbrel-style claim path. - Added server and UI regression tests for private claim, public no-claim, active invite fallback, existing board/no-access flows, and health exposure reporting. - Stabilized PR handoff verification by serializing the aggregate server Vitest workspace run, forcing `NODE_ENV=test`, and relaxing the heartbeat batching test around legitimate recovery follow-up runs. ## Verification - `pnpm -r typecheck` - `pnpm build` - `pnpm vitest --run server/src/__tests__/heartbeat-comment-wake-batching.test.ts` - `pnpm vitest --run server/src/__tests__/health-dev-server-token.test.ts` - `pnpm test:run` - QA validation: PAP-10115 passed browser validation with screenshots for private fresh install claim, active invite versus claim conflict, public invite-only/claim-absent behavior, existing invite fallback, and normal board/no-access flows. - GitHub closeout: issue #2579 and PR #2927 were updated with the accepted direction: adapt the implementation, do not direct-merge #2927 as-is. ## Risks - The claim endpoint must remain private-only and one-time; a regression here could expose admin creation on public deployments. - Existing invite behavior must remain intact for public deployments and installs that already have an active invite. - The stable Vitest harness now serializes the aggregate server workspace group; this is slower, but it avoids DB-backed suite collisions under root workspace mode. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected - check the roadmap first. See `CONTRIBUTING.md`. > > ROADMAP.md checked: this is a scoped deployment bootstrap/access fix and does not duplicate a listed roadmap project. ## Model Used - OpenAI GPT-5 Codex via Paperclip `codex_local` for product engineering, implementation, and verification, with tool-enabled local code execution. Paperclip QA browser validation was performed in PAP-10115 by the assigned QA agent; exact adapter model metadata for that QA run is not exposed in this PR context. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|---|---|---|
| .. | ||
| smoke | ||
| backfill-issue-reference-mentions.ts | ||
| backup-db.sh | ||
| bootstrap-npm-package.mjs | ||
| bootstrap-npm-package.test.mjs | ||
| build-npm.sh | ||
| build-standalone-public-packages.mjs | ||
| capture-acpx-skills-screenshots.mjs | ||
| capture-pap-2351-binding-picker.mjs | ||
| check-docker-deps-stage.mjs | ||
| check-forbidden-tokens.mjs | ||
| check-release-package-bootstrap.mjs | ||
| check-release-package-bootstrap.test.mjs | ||
| clean-onboard-git.sh | ||
| clean-onboard-npm.sh | ||
| clean-onboard-ref.sh | ||
| create-github-release.sh | ||
| dev-runner-output.mjs | ||
| dev-runner-output.ts | ||
| dev-runner-paths.mjs | ||
| dev-runner.mjs | ||
| dev-runner.ts | ||
| dev-service-profile.ts | ||
| dev-service.ts | ||
| discord-daily-digest.sh | ||
| docker-build-test.sh | ||
| docker-entrypoint.sh | ||
| docker-onboard-smoke.sh | ||
| ensure-plugin-build-deps.mjs | ||
| ensure-workspace-package-links.ts | ||
| generate-company-assets.ts | ||
| generate-npm-package-json.mjs | ||
| generate-org-chart-images.ts | ||
| generate-org-chart-satori-comparison.ts | ||
| generate-plugin-package-json.mjs | ||
| generate-ui-package-json.mjs | ||
| kill-agent-browsers.sh | ||
| kill-dev.sh | ||
| kill-vitest.sh | ||
| link-plugin-dev-sdk.mjs | ||
| measure-issue-chat-long-thread.mjs | ||
| migrate-inline-env-secrets.ts | ||
| paperclip-commit-metrics.ts | ||
| paperclip-issue-update.sh | ||
| prepare-server-ui-dist.sh | ||
| provision-worktree.sh | ||
| release-lib.sh | ||
| release-package-manifest.json | ||
| release-package-map.mjs | ||
| release-package-map.test.mjs | ||
| release.sh | ||
| rollback-latest.sh | ||
| run-typecheck-build-gaps.mjs | ||
| run-vitest-stable.mjs | ||
| screenshot-blocked-inbox.mjs | ||
| screenshot-pap2373.mjs | ||
| screenshot-recovery-card.cjs | ||
| screenshot-subissues.mjs | ||
| screenshot.cjs | ||
| verify-release-registry-state.mjs | ||
| verify-release-registry-state.test.mjs | ||