mirror of
https://github.com/alkimake/paperclip.git
synced 2026-06-14 01:50:39 +09:00
e4995bbb1c
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - The environments subsystem already models execution environments, but before this branch there was no end-to-end SSH-backed runtime path for agents to actually run work against a remote box > - That meant agents could be configured around environment concepts without a reliable way to execute adapter sessions remotely, sync workspace state, and preserve run context across supported adapters > - We also need environment selection to participate in normal Paperclip control-plane behavior: agent defaults, project/issue selection, route validation, and environment probing > - Because this capability is still experimental, the UI surface should be easy to hide and easy to remove later without undoing the underlying implementation > - This pull request adds SSH environment execution support across the runtime, adapters, routes, schema, and tests, then puts the visible environment-management UI behind an experimental flag > - The benefit is that we can validate real SSH-backed agent execution now while keeping the user-facing controls safely gated until the feature is ready to come out of experimentation ## What Changed - Added SSH-backed execution target support in the shared adapter runtime, including remote workspace preparation, skill/runtime asset sync, remote session handling, and workspace restore behavior after runs. - Added SSH execution coverage for supported local adapters, plus remote execution tests across Claude, Codex, Cursor, Gemini, OpenCode, and Pi. - Added environment selection and environment-management backend support needed for SSH execution, including route/service work, validation, probing, and agent default environment persistence. - Added CLI support for SSH environment lab verification and updated related docs/tests. - Added the `enableEnvironments` experimental flag and gated the environment UI behind it on company settings, agent configuration, and project configuration surfaces. ## Verification - `pnpm exec vitest run packages/adapters/claude-local/src/server/execute.remote.test.ts packages/adapters/cursor-local/src/server/execute.remote.test.ts packages/adapters/gemini-local/src/server/execute.remote.test.ts packages/adapters/opencode-local/src/server/execute.remote.test.ts packages/adapters/pi-local/src/server/execute.remote.test.ts` - `pnpm exec vitest run server/src/__tests__/environment-routes.test.ts` - `pnpm exec vitest run server/src/__tests__/instance-settings-routes.test.ts` - `pnpm exec vitest run ui/src/lib/new-agent-hire-payload.test.ts ui/src/lib/new-agent-runtime-config.test.ts` - `pnpm -r typecheck` - `pnpm build` - Manual verification on a branch-local dev server: - enabled the experimental flag - created an SSH environment - created a Linux Claude agent using that environment - confirmed a run executed on the Linux box and synced workspace changes back ## Risks - Medium: this touches runtime execution flow across multiple adapters, so regressions would likely show up in remote session setup, workspace sync, or environment selection precedence. - The UI flag reduces exposure, but the underlying runtime and route changes are still substantial and rely on migration correctness. - The change set is broad across adapters, control-plane services, migrations, and UI gating, so review should pay close attention to environment-selection precedence and remote workspace lifecycle behavior. ## Model Used - OpenAI Codex via Paperclip's local Codex adapter, GPT-5-class coding model with tool use and code execution in the local repo workspace. The local adapter does not surface a more specific public model version string in this branch workflow. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge
348 lines
11 KiB
TypeScript
348 lines
11 KiB
TypeScript
import express from "express";
|
|
import request from "supertest";
|
|
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
|
|
const mockAgentService = vi.hoisted(() => ({
|
|
getById: vi.fn(),
|
|
update: vi.fn(),
|
|
resolveByReference: vi.fn(),
|
|
}));
|
|
|
|
const mockAgentInstructionsService = vi.hoisted(() => ({
|
|
getBundle: vi.fn(),
|
|
readFile: vi.fn(),
|
|
updateBundle: vi.fn(),
|
|
writeFile: vi.fn(),
|
|
deleteFile: vi.fn(),
|
|
exportFiles: vi.fn(),
|
|
ensureManagedBundle: vi.fn(),
|
|
materializeManagedBundle: vi.fn(),
|
|
}));
|
|
|
|
const mockAccessService = vi.hoisted(() => ({
|
|
canUser: vi.fn(),
|
|
hasPermission: vi.fn(),
|
|
}));
|
|
|
|
const mockSecretService = vi.hoisted(() => ({
|
|
resolveAdapterConfigForRuntime: vi.fn(),
|
|
normalizeAdapterConfigForPersistence: vi.fn(async (_companyId: string, config: Record<string, unknown>) => config),
|
|
}));
|
|
const mockEnvironmentService = vi.hoisted(() => ({
|
|
getById: vi.fn(),
|
|
}));
|
|
|
|
const mockLogActivity = vi.hoisted(() => vi.fn());
|
|
const mockSyncInstructionsBundleConfigFromFilePath = vi.hoisted(() => vi.fn());
|
|
const mockFindServerAdapter = vi.hoisted(() => vi.fn());
|
|
|
|
vi.mock("../services/index.js", () => ({
|
|
agentService: () => mockAgentService,
|
|
agentInstructionsService: () => mockAgentInstructionsService,
|
|
accessService: () => mockAccessService,
|
|
approvalService: () => ({}),
|
|
companySkillService: () => ({ listRuntimeSkillEntries: vi.fn() }),
|
|
budgetService: () => ({}),
|
|
environmentService: () => mockEnvironmentService,
|
|
heartbeatService: () => ({}),
|
|
issueApprovalService: () => ({}),
|
|
issueService: () => ({}),
|
|
logActivity: mockLogActivity,
|
|
secretService: () => mockSecretService,
|
|
syncInstructionsBundleConfigFromFilePath: mockSyncInstructionsBundleConfigFromFilePath,
|
|
workspaceOperationService: () => ({}),
|
|
}));
|
|
|
|
vi.mock("../adapters/index.js", () => ({
|
|
findServerAdapter: mockFindServerAdapter,
|
|
listAdapterModels: vi.fn(),
|
|
}));
|
|
|
|
function registerModuleMocks() {
|
|
vi.doMock("../services/index.js", () => ({
|
|
agentService: () => mockAgentService,
|
|
agentInstructionsService: () => mockAgentInstructionsService,
|
|
accessService: () => mockAccessService,
|
|
approvalService: () => ({}),
|
|
companySkillService: () => ({ listRuntimeSkillEntries: vi.fn() }),
|
|
budgetService: () => ({}),
|
|
heartbeatService: () => ({}),
|
|
issueApprovalService: () => ({}),
|
|
issueService: () => ({}),
|
|
logActivity: mockLogActivity,
|
|
secretService: () => mockSecretService,
|
|
syncInstructionsBundleConfigFromFilePath: mockSyncInstructionsBundleConfigFromFilePath,
|
|
workspaceOperationService: () => ({}),
|
|
}));
|
|
|
|
vi.doMock("../adapters/index.js", () => ({
|
|
findServerAdapter: mockFindServerAdapter,
|
|
listAdapterModels: vi.fn(),
|
|
}));
|
|
}
|
|
|
|
async function createApp() {
|
|
const [{ agentRoutes }, { errorHandler }] = await Promise.all([
|
|
vi.importActual<typeof import("../routes/agents.js")>("../routes/agents.js"),
|
|
vi.importActual<typeof import("../middleware/index.js")>("../middleware/index.js"),
|
|
]);
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use((req, _res, next) => {
|
|
(req as any).actor = {
|
|
type: "board",
|
|
userId: "local-board",
|
|
companyIds: ["company-1"],
|
|
source: "local_implicit",
|
|
isInstanceAdmin: false,
|
|
};
|
|
next();
|
|
});
|
|
app.use("/api", agentRoutes({} as any));
|
|
app.use(errorHandler);
|
|
return app;
|
|
}
|
|
|
|
function makeAgent() {
|
|
return {
|
|
id: "11111111-1111-4111-8111-111111111111",
|
|
companyId: "company-1",
|
|
name: "Agent",
|
|
role: "engineer",
|
|
title: "Engineer",
|
|
status: "active",
|
|
reportsTo: null,
|
|
capabilities: null,
|
|
adapterType: "codex_local",
|
|
adapterConfig: {},
|
|
runtimeConfig: {},
|
|
defaultEnvironmentId: null,
|
|
permissions: null,
|
|
updatedAt: new Date(),
|
|
};
|
|
}
|
|
|
|
describe("agent instructions bundle routes", () => {
|
|
beforeEach(() => {
|
|
vi.resetModules();
|
|
vi.doUnmock("../routes/agents.js");
|
|
vi.doUnmock("../routes/authz.js");
|
|
vi.doUnmock("../middleware/index.js");
|
|
registerModuleMocks();
|
|
vi.resetAllMocks();
|
|
mockSyncInstructionsBundleConfigFromFilePath.mockImplementation((_agent, config) => config);
|
|
mockFindServerAdapter.mockImplementation((_type: string) => ({ type: _type }));
|
|
mockAgentService.getById.mockResolvedValue(makeAgent());
|
|
mockAgentService.update.mockImplementation(async (_id: string, patch: Record<string, unknown>) => ({
|
|
...makeAgent(),
|
|
adapterConfig: patch.adapterConfig ?? {},
|
|
}));
|
|
mockAgentInstructionsService.getBundle.mockResolvedValue({
|
|
agentId: "11111111-1111-4111-8111-111111111111",
|
|
companyId: "company-1",
|
|
mode: "managed",
|
|
rootPath: "/tmp/agent-1",
|
|
managedRootPath: "/tmp/agent-1",
|
|
entryFile: "AGENTS.md",
|
|
resolvedEntryPath: "/tmp/agent-1/AGENTS.md",
|
|
editable: true,
|
|
warnings: [],
|
|
legacyPromptTemplateActive: false,
|
|
legacyBootstrapPromptTemplateActive: false,
|
|
files: [{
|
|
path: "AGENTS.md",
|
|
size: 12,
|
|
language: "markdown",
|
|
markdown: true,
|
|
isEntryFile: true,
|
|
editable: true,
|
|
deprecated: false,
|
|
virtual: false,
|
|
}],
|
|
});
|
|
mockAgentInstructionsService.readFile.mockResolvedValue({
|
|
path: "AGENTS.md",
|
|
size: 12,
|
|
language: "markdown",
|
|
markdown: true,
|
|
isEntryFile: true,
|
|
editable: true,
|
|
deprecated: false,
|
|
virtual: false,
|
|
content: "# Agent\n",
|
|
});
|
|
mockAgentInstructionsService.writeFile.mockResolvedValue({
|
|
bundle: null,
|
|
file: {
|
|
path: "AGENTS.md",
|
|
size: 18,
|
|
language: "markdown",
|
|
markdown: true,
|
|
isEntryFile: true,
|
|
editable: true,
|
|
deprecated: false,
|
|
virtual: false,
|
|
content: "# Updated Agent\n",
|
|
},
|
|
adapterConfig: {
|
|
instructionsBundleMode: "managed",
|
|
instructionsRootPath: "/tmp/agent-1",
|
|
instructionsEntryFile: "AGENTS.md",
|
|
instructionsFilePath: "/tmp/agent-1/AGENTS.md",
|
|
},
|
|
});
|
|
});
|
|
|
|
it("returns bundle metadata", async () => {
|
|
const res = await request(await createApp())
|
|
.get("/api/agents/11111111-1111-4111-8111-111111111111/instructions-bundle?companyId=company-1");
|
|
|
|
expect(res.status, JSON.stringify(res.body)).toBe(200);
|
|
expect(res.body).toMatchObject({
|
|
mode: "managed",
|
|
rootPath: "/tmp/agent-1",
|
|
managedRootPath: "/tmp/agent-1",
|
|
entryFile: "AGENTS.md",
|
|
});
|
|
expect(mockAgentInstructionsService.getBundle).toHaveBeenCalled();
|
|
});
|
|
|
|
it("writes a bundle file and persists compatibility config", async () => {
|
|
const res = await request(await createApp())
|
|
.put("/api/agents/11111111-1111-4111-8111-111111111111/instructions-bundle/file?companyId=company-1")
|
|
.send({
|
|
path: "AGENTS.md",
|
|
content: "# Updated Agent\n",
|
|
clearLegacyPromptTemplate: true,
|
|
});
|
|
|
|
expect(res.status, JSON.stringify(res.body)).toBe(200);
|
|
expect(mockAgentInstructionsService.writeFile).toHaveBeenCalledWith(
|
|
expect.objectContaining({ id: "11111111-1111-4111-8111-111111111111" }),
|
|
"AGENTS.md",
|
|
"# Updated Agent\n",
|
|
{ clearLegacyPromptTemplate: true },
|
|
);
|
|
expect(mockAgentService.update).toHaveBeenCalledWith(
|
|
"11111111-1111-4111-8111-111111111111",
|
|
expect.objectContaining({
|
|
adapterConfig: expect.objectContaining({
|
|
instructionsBundleMode: "managed",
|
|
instructionsRootPath: "/tmp/agent-1",
|
|
instructionsEntryFile: "AGENTS.md",
|
|
instructionsFilePath: "/tmp/agent-1/AGENTS.md",
|
|
}),
|
|
}),
|
|
expect.any(Object),
|
|
);
|
|
});
|
|
|
|
it("preserves managed instructions config when switching adapters", async () => {
|
|
mockAgentService.getById.mockResolvedValue({
|
|
...makeAgent(),
|
|
adapterType: "codex_local",
|
|
adapterConfig: {
|
|
instructionsBundleMode: "managed",
|
|
instructionsRootPath: "/tmp/agent-1",
|
|
instructionsEntryFile: "AGENTS.md",
|
|
instructionsFilePath: "/tmp/agent-1/AGENTS.md",
|
|
model: "gpt-5.4",
|
|
},
|
|
});
|
|
|
|
const res = await request(await createApp())
|
|
.patch("/api/agents/11111111-1111-4111-8111-111111111111?companyId=company-1")
|
|
.send({
|
|
adapterType: "claude_local",
|
|
adapterConfig: {
|
|
model: "claude-sonnet-4",
|
|
},
|
|
});
|
|
|
|
expect(res.status, JSON.stringify(res.body)).toBe(200);
|
|
expect(mockAgentService.update).toHaveBeenCalledWith(
|
|
"11111111-1111-4111-8111-111111111111",
|
|
expect.objectContaining({
|
|
adapterType: "claude_local",
|
|
adapterConfig: expect.objectContaining({
|
|
model: "claude-sonnet-4",
|
|
instructionsBundleMode: "managed",
|
|
instructionsRootPath: "/tmp/agent-1",
|
|
instructionsEntryFile: "AGENTS.md",
|
|
instructionsFilePath: "/tmp/agent-1/AGENTS.md",
|
|
}),
|
|
}),
|
|
expect.any(Object),
|
|
);
|
|
});
|
|
|
|
it("merges same-adapter config patches so instructions metadata is not dropped", async () => {
|
|
mockAgentService.getById.mockResolvedValue({
|
|
...makeAgent(),
|
|
adapterType: "codex_local",
|
|
adapterConfig: {
|
|
instructionsBundleMode: "managed",
|
|
instructionsRootPath: "/tmp/agent-1",
|
|
instructionsEntryFile: "AGENTS.md",
|
|
instructionsFilePath: "/tmp/agent-1/AGENTS.md",
|
|
model: "gpt-5.4",
|
|
},
|
|
});
|
|
|
|
const res = await request(await createApp())
|
|
.patch("/api/agents/11111111-1111-4111-8111-111111111111?companyId=company-1")
|
|
.send({
|
|
adapterConfig: {
|
|
command: "codex --profile engineer",
|
|
},
|
|
});
|
|
|
|
expect(res.status, JSON.stringify(res.body)).toBe(200);
|
|
expect(mockAgentService.update).toHaveBeenCalledWith(
|
|
"11111111-1111-4111-8111-111111111111",
|
|
expect.objectContaining({
|
|
adapterConfig: expect.objectContaining({
|
|
command: "codex --profile engineer",
|
|
model: "gpt-5.4",
|
|
instructionsBundleMode: "managed",
|
|
instructionsRootPath: "/tmp/agent-1",
|
|
instructionsEntryFile: "AGENTS.md",
|
|
instructionsFilePath: "/tmp/agent-1/AGENTS.md",
|
|
}),
|
|
}),
|
|
expect.any(Object),
|
|
);
|
|
});
|
|
|
|
it("replaces adapter config when replaceAdapterConfig is true", async () => {
|
|
mockAgentService.getById.mockResolvedValue({
|
|
...makeAgent(),
|
|
adapterType: "codex_local",
|
|
adapterConfig: {
|
|
instructionsBundleMode: "managed",
|
|
instructionsRootPath: "/tmp/agent-1",
|
|
instructionsEntryFile: "AGENTS.md",
|
|
instructionsFilePath: "/tmp/agent-1/AGENTS.md",
|
|
model: "gpt-5.4",
|
|
},
|
|
});
|
|
|
|
const res = await request(await createApp())
|
|
.patch("/api/agents/11111111-1111-4111-8111-111111111111?companyId=company-1")
|
|
.send({
|
|
replaceAdapterConfig: true,
|
|
adapterConfig: {
|
|
command: "codex --profile engineer",
|
|
},
|
|
});
|
|
|
|
expect(res.status, JSON.stringify(res.body)).toBe(200);
|
|
expect(res.body.adapterConfig).toMatchObject({
|
|
command: "codex --profile engineer",
|
|
});
|
|
expect(res.body.adapterConfig.instructionsBundleMode).toBeUndefined();
|
|
expect(res.body.adapterConfig.instructionsRootPath).toBeUndefined();
|
|
expect(res.body.adapterConfig.instructionsEntryFile).toBeUndefined();
|
|
expect(res.body.adapterConfig.instructionsFilePath).toBeUndefined();
|
|
});
|
|
});
|