mirror of
https://github.com/alkimake/paperclip.git
synced 2026-06-15 18:30:39 +09:00
705c1b8d81
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies. > - Scheduled routines are the control-plane path for recurring agent work. > - Routines already had dispatch/history, but their runtime environment did not carry routine-owned secret bindings through execution. > - Operators need routine-specific secrets that can override project/agent env without exposing secret values in history, logs, or access events. > - This pull request adds the routine env runtime contract, wires it into execution, and makes the routine UI/history surfaces show safe secret metadata. > - The benefit is that routine executions can use scoped secret refs predictably while preserving company boundaries and auditability. ## What Changed - Added routine env persistence/runtime support, including `routines.env`, `routine_runs.routine_revision_id`, revision snapshots, and idempotent migration `0086_routine_env_runtime_contract`. - Resolved routine env during heartbeat adapter config assembly with precedence `agent < project < routine` and secret access events recorded against the routine consumer. - Added secret binding synchronization for routine create/update/restore flows and guarded cross-company, missing, disabled, and deleted secret cases. - Added a Secrets tab to routine detail, env/secret history diff rendering, and Storybook coverage for the new UI states. - Added server/UI regression tests, including an embedded-Postgres QA path for routine secret execution and restore behavior. - Updated implementation/database docs for routine env and secret-binding behavior. ## Verification - `pnpm install --frozen-lockfile` after rebasing onto `public-gh/master` to refresh workspace links for the newly-added upstream Grok adapter package. - `pnpm exec vitest run server/src/__tests__/heartbeat-project-env.test.ts server/src/__tests__/routines-service.test.ts server/src/__tests__/secrets-service.test.ts server/src/__tests__/qa-routine-secrets-e2e.test.ts ui/src/components/RoutineHistoryTab.test.tsx` passed: 5 files, 92 tests. - `pnpm -r typecheck` passed across the workspace. - `pnpm build` passed. Vite emitted the existing large-chunk/dynamic-import warnings. - UI screenshots were captured locally during QA in `artifacts/pap-9521/` and `artifacts/pap-9522/`; generated screenshots are not committed to avoid adding binary artifacts to the repo. ## Risks - Migration risk is limited by `IF NOT EXISTS` guards for the new columns, FK, and index, and the migration is ordered as `0086` immediately after upstream `0085`. - Runtime behavior changes env precedence for routine executions by adding routine env as the highest-precedence layer; tests cover agent/project/routine precedence. - Secret handling is security-sensitive; tests cover value-free manifests/events/errors, disabled/missing/deleted secrets, and cross-company rejection. - UI history now renders routine env/secret diffs; tests and Storybook stories cover the main rendering paths. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex coding agent based on GPT-5, with shell/tool use and medium reasoning effort. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|---|---|---|
| .. | ||
| meta | ||
| 0000_mature_masked_marvel.sql | ||
| 0001_fast_northstar.sql | ||
| 0002_big_zaladane.sql | ||
| 0003_shallow_quentin_quire.sql | ||
| 0004_issue_identifiers.sql | ||
| 0005_chief_luke_cage.sql | ||
| 0006_overjoyed_mister_sinister.sql | ||
| 0007_new_quentin_quire.sql | ||
| 0008_amused_zzzax.sql | ||
| 0009_fast_jackal.sql | ||
| 0010_stale_justin_hammer.sql | ||
| 0011_windy_corsair.sql | ||
| 0012_perpetual_ser_duncan.sql | ||
| 0013_dashing_wasp.sql | ||
| 0014_many_mikhail_rasputin.sql | ||
| 0015_project_color_archived.sql | ||
| 0016_agent_icon.sql | ||
| 0017_tiresome_gabe_jones.sql | ||
| 0018_flat_sleepwalker.sql | ||
| 0019_public_victor_mancha.sql | ||
| 0020_white_anita_blake.sql | ||
| 0021_chief_vindicator.sql | ||
| 0022_company_brand_color.sql | ||
| 0023_fair_lethal_legion.sql | ||
| 0024_far_beast.sql | ||
| 0025_nasty_salo.sql | ||
| 0026_lying_pete_wisdom.sql | ||
| 0027_tranquil_tenebrous.sql | ||
| 0028_harsh_goliath.sql | ||
| 0029_plugin_tables.sql | ||
| 0030_rich_magneto.sql | ||
| 0031_zippy_magma.sql | ||
| 0032_pretty_doctor_octopus.sql | ||
| 0033_shiny_black_tarantula.sql | ||
| 0034_fat_dormammu.sql | ||
| 0035_marvelous_satana.sql | ||
| 0036_cheerful_nitro.sql | ||
| 0037_friendly_eddie_brock.sql | ||
| 0038_careless_iron_monger.sql | ||
| 0039_fat_magneto.sql | ||
| 0040_eager_shotgun.sql | ||
| 0041_curly_maria_hill.sql | ||
| 0042_spotty_the_renegades.sql | ||
| 0043_reflective_captain_universe.sql | ||
| 0044_illegal_toad.sql | ||
| 0045_workable_shockwave.sql | ||
| 0046_smooth_sentinels.sql | ||
| 0047_overjoyed_groot.sql | ||
| 0048_flashy_marrow.sql | ||
| 0049_flawless_abomination.sql | ||
| 0050_stiff_luckman.sql | ||
| 0051_young_korg.sql | ||
| 0052_mushy_trauma.sql | ||
| 0053_sharp_wild_child.sql | ||
| 0054_draft_routines.sql | ||
| 0055_kind_weapon_omega.sql | ||
| 0056_spooky_ultragirl.sql | ||
| 0057_tidy_join_requests.sql | ||
| 0058_wealthy_starbolt.sql | ||
| 0059_plugin_database_namespaces.sql | ||
| 0060_orange_annihilus.sql | ||
| 0061_lively_thor_girl.sql | ||
| 0062_routine_run_dispatch_fingerprint.sql | ||
| 0063_issue_thread_interactions.sql | ||
| 0064_issue_thread_interaction_idempotency.sql | ||
| 0065_environments.sql | ||
| 0066_issue_tree_holds.sql | ||
| 0067_agent_default_environment.sql | ||
| 0068_environment_local_driver_unique.sql | ||
| 0069_liveness_recovery_dedupe.sql | ||
| 0070_active_run_output_watchdog.sql | ||
| 0071_default_hire_approval_off.sql | ||
| 0072_large_sandman.sql | ||
| 0073_shiny_salo.sql | ||
| 0074_striped_genesis.sql | ||
| 0075_cultured_sebastian_shaw.sql | ||
| 0076_useful_elektra.sql | ||
| 0077_unusual_karnak.sql | ||
| 0078_white_darwin.sql | ||
| 0079_company_search_document_indexes.sql | ||
| 0080_company_search_fuzzystrmatch.sql | ||
| 0081_optimal_dormammu.sql | ||
| 0082_dry_vision.sql | ||
| 0083_company_secret_provider_configs.sql | ||
| 0084_issue_recovery_actions.sql | ||
| 0085_tranquil_the_executioner.sql | ||
| 0086_routine_env_runtime_contract.sql | ||