7428fb956f5e2da0c6cc4bb74a669859ed06d864
1227 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
7428fb956f |
[codex] Guard git-sensitive adapter workspaces (#7644)
## Thinking Path > - Paperclip is the open source app people use to manage AI agents for work. > - The affected subsystem is the heartbeat execution path that turns issue assignment into adapter-backed work in a selected workspace. > - PAP-10409 and sibling follow-ups failed before useful adapter output because project/workspace identity became incoherent. > - A project-workspace-linked child issue could keep `projectWorkspaceId` / execution workspace state while losing `projectId`, then a git-sensitive local adapter could fall through toward an invalid fallback cwd. > - Paperclip needs to treat coherent workspace identity as part of the live-path contract, not only as post-failure cleanup. > - This pull request documents that rule, repairs issue inheritance, and blocks git-sensitive adapter launch before it can run from the wrong cwd. > - The benefit is a bounded recovery path: affected issues are repaired explicitly, future malformed workspaces fail fast with a clear recovery action, and the UI surfaces that reason. ## Linked Issues or Issue Description Refs #7646 Bug report fields: - Summary: adapter-backed follow-up issues can fail before doing work when issue creation/inheritance preserves workspace ids but drops project identity. - Affected issues: internal Paperclip issues PAP-10408 through PAP-10412, especially PAP-10409. - Steps to reproduce: create a project-scoped parent/follow-up tree where a child issue keeps `projectWorkspaceId` or an inherited execution workspace but has `projectId: null`, then launch a git-sensitive local adapter such as `codex_local`. - Expected behavior: Paperclip derives or preserves coherent project identity during issue creation, and heartbeat refuses malformed git-sensitive workspace launches with one clear recovery action. - Actual behavior before this PR: the run could reach adapter bootstrap with an incoherent workspace context and fail with git errors such as `fatal: not a git repository (or any parent up to mount point /srv)`. - Root cause: child/follow-up issue inheritance preserved workspace execution context without coherent project context. That let heartbeat workspace resolution/adapter launch reach a fallback cwd instead of refusing the malformed workspace state up front. ## What Changed - Documented the adapter workspace-coherence live-path precondition in `doc/execution-semantics.md`. - Updated issue creation/inheritance so workspace-inheriting issues preserve or derive project identity, while existing mismatch validation still rejects incoherent project/workspace combinations. - Added a heartbeat preflight guard for git-sensitive local adapters that validates effective cwd, persisted workspace identity, project workspace identity, and required git metadata before launch. - Added `workspace_validation` recovery actions for this failure class and ensured the source issue gets a visible, idempotent recovery comment. - Surfaced workspace-validation recovery state in issue rows, blocked notices, and recovery action cards, including the manual-repair wake policy label. - Added focused regression coverage for issue inheritance, all heartbeat workspace-validation guard branches, recovery display helpers, and UI recovery components. ## Verification - `pnpm exec vitest run server/src/__tests__/heartbeat-workspace-session.test.ts` - Result: 1 test file passed, 68 tests passed. - `pnpm exec vitest run ui/src/components/IssueRecoveryActionCard.test.tsx` - Result: 1 test file passed, 12 tests passed. - `pnpm exec vitest run ui/src/components/IssueBlockedNotice.test.tsx ui/src/components/IssueRecoveryActionCard.test.tsx` - Result: 2 test files passed, 18 tests passed. - `pnpm --filter @paperclipai/ui typecheck` - Result: passed. - `pnpm exec vitest run server/src/__tests__/heartbeat-plugin-environment.test.ts server/src/__tests__/issues-service.test.ts server/src/__tests__/heartbeat-workspace-session.test.ts server/src/__tests__/heartbeat-process-recovery.test.ts ui/src/components/IssueBlockedNotice.test.tsx ui/src/components/IssueRecoveryActionCard.test.tsx ui/src/lib/recovery-display.test.ts` - Result: 7 test files passed, 200 tests passed before the final guard-branch additions; the changed server file was re-run above. - UI coverage: `ui/storybook/stories/source-issue-recovery.stories.tsx` contains rendered scenarios for the generic recovery chip, workspace-validation recovery chip, blocked notice indicator, recovery action card, and issue-row chip. - Screenshot capture attempt: Storybook started successfully on `http://127.0.0.1:6016/`, but screenshots could not be captured in this runner because `agent-browser` launched an unusable Chrome binary and Playwright Chromium failed on missing system library `libatk-1.0.so.0`; the runner is non-root and lacks passwordless sudo for installing browser dependencies. - Hosted CI on final commit `969594e7` is green, including `verify`, `Build`, `Typecheck + Release Registry`, `General tests (server)`, workspace suites, serialized server suites, `Canary Dry Run`, and `e2e`. - Roadmap checked: no duplicate roadmap item; this is a tightly scoped reliability fix for existing heartbeat/workspace behavior. - Duplicate PR search checked: no open PR matched `workspace coherence adapter cwd`. ## Risks - Medium risk: heartbeat launch is stricter for git-sensitive local adapters and can now block malformed workspace states before adapter execution. - Mitigation: the guard is limited to local git-sensitive adapters and records a source-scoped recovery action with structured evidence instead of retrying indefinitely. - Compatibility: valid project/workspace execution paths continue normally; explicit project/workspace mismatches remain rejected. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used OpenAI Codex, GPT-5-based `codex_local` coding agent with terminal/tool use. Work was produced through Paperclip issue execution with focused local test runs. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have searched GitHub for duplicate or related PRs and linked them above - [x] I have either (a) linked existing issues with `Fixes: #` / `Closes #` / `Refs #` OR (b) described the issue in-PR following the relevant issue template - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] All Paperclip CI gates are green - [x] Greptile is 5/5 with no open P2s, recommendations, or follow-ups - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|
|
eaef47f4c7 |
Information Architecture + project/agent visual refresh (experimental) (#7543)
## Thinking Path > - Paperclip is the open source app people use to manage AI agents for work. > - The board UI is the control surface for issues, projects, agents, goals, workspaces, and operator settings. > - The existing navigation and list surfaces make several high-frequency workflows feel harder to scan than they should, especially around projects and agents. > - The product direction is to improve those surfaces without breaking the existing route model or forcing a new IA on every operator at once. > - This pull request now keeps the dependent IA, project identity, and agent-list visual refresh work together while the Issue-to-Task copy migration is split into #7651. > - The benefit is a clearer left nav, better project identity, denser agent/project list rows, and brand-aligned status treatment while preserving the classic default experience behind a flag. ## Linked Issues or Issue Description Refs #7645 Refs #7651 Internal planning/work references: PAP-53, PAP-56, PAP-58, PAP-59, PAP-60, PAP-61, PAP-68, PAP-69, PAP-70, PAP-71, PAP-72, PAP-75, PAP-76, PAP-80, PAP-85, PAP-86, PAP-87, PAP-88, PAP-89. ## What Changed - Adds `enableStreamlinedLeftNavigation`, defaulting off, and gates sidebar presentation so classic navigation remains the default. - Adds project icon persistence, validation, portability, picker UI, and `ProjectTile` rendering while defaulting new projects to neutral gray. - Adds projects-list task-count and budget summary data with focused server/shared/UI coverage. - Refreshes agent list rows, row actions, active/recent sidebar behavior, and status capsule/chip styling for the approved brand state system. - Removes the placeholder Conference room and Artifacts nav/routes from the finalized experimental nav direction. - Removes `pnpm-lock.yaml` and the Issue-to-Task copy migration from this PR diff; the copy migration now lives in #7651. ## Verification - Existing branch verification from the authored commits: UI typecheck, targeted unit tests, and light/dark visual checks for `/agents`, agent detail, and design-guide status states. - Maintainer cleanup verification on `75e34e5`: `git diff --check origin/master...HEAD` passed, the `design/` diff is empty, and the PR diff is 61 files, below Greptile's 100-file review limit. - `pnpm --filter @paperclipai/ui build` passed. - `NODE_ENV=test pnpm exec vitest run ui/src/components/Sidebar.test.tsx` passed: 1 file, 8 tests. - CI and Greptile should rerun on the latest push. ## Risks - Broad UI surface area: the experimental flag keeps the classic nav default, but changed shared components such as `EntityRow`, `ProjectTile`, and agent status badges could affect multiple pages. - Database migration: `projects.icon` is additive and nullable, but migration ordering and portability import/export must stay aligned. - The Issue-to-Task copy migration is now separated into #7651, so reviewers should evaluate this PR as IA/project/agent presentation work only. - Visual regressions are possible across smaller widths because the PR intentionally changes dense list-row layouts. ## Model Used Claude Opus 4.8 assisted the original feature commits. Paperclip-Paperclip agents assisted some planning/design commits. Codex / GPT-5-class coding agent with shell, GitHub CLI, and repository access performed this PR-readiness cleanup and split. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have searched GitHub for duplicate or related PRs and linked them above - [x] I have either (a) linked existing issues with `Fixes: #` / `Closes #` / `Refs #` OR (b) described the issue in-PR following the relevant issue template - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] All Paperclip CI gates are green - [x] Greptile is 5/5 with no open P2s, recommendations, or follow-ups - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: Dotta <bippadotta@protonmail.com> |
||
|
|
4d5322c821 |
[codex] Add checkbox confirmation issue interactions (#7649)
## Thinking Path > - Paperclip is the open source app people use to manage AI agents for work. > - Agent work is coordinated through issues, comments, interactions, and approval-style handoffs. > - Existing issue-thread interactions could ask questions, suggest tasks, and request confirmation, but they did not support a structured checkbox confirmation payload for choosing one or more options. > - That gap made board/user confirmations harder to validate consistently across API callers, plugin helpers, CLI tooling, and the UI. > - This pull request adds the shared checkbox confirmation contract, server handling, client helpers, and issue-thread UI needed to render and submit structured selections. > - The benefit is that agents can request bounded multi-select confirmations in the same audited issue-thread flow as other Paperclip interactions. ## Linked Issues or Issue Description - No public GitHub issue found for this exact branch. Internal Paperclip issue: PAP-10415 / PAP-10441 requested creating this PR for the checkbox confirmation issue-thread UI component work. - GitHub duplicate search performed for checkbox confirmation / issue-thread interaction PRs; no matching open PR was found. - Related issue search result `#7497` was unrelated company file cleanup work, so it is not linked as a related issue. ## What Changed - Added shared types, validators, constants, and tests for `request_checkbox_confirmation` interactions. - Extended server issue-thread interaction service and routes for checkbox confirmation creation, validation, expiration, and response handling. - Added CLI, MCP, and plugin SDK helper coverage so external callers can create the new interaction shape consistently. - Updated the issue-thread interaction UI to render checkbox confirmations with min/max bounds, selection summaries, stale-target states, and accept/decline flows. - Documented the checkbox confirmation interaction contract in the Paperclip skill/API reference. ## Verification - Rebased cleanly on `paperclipai/paperclip` `master` fetched into `public-gh/master` at `a4fa0eaf5`. - Confirmed the PR diff does not include `pnpm-lock.yaml` or `.github/workflows` changes. - Ran focused tests with `NODE_ENV=test`: ```sh NODE_ENV=test pnpm run preflight:workspace-links NODE_ENV=test pnpm exec vitest run packages/shared/src/issue-thread-interactions.test.ts server/src/__tests__/issue-thread-interaction-routes.test.ts server/src/__tests__/issue-thread-interactions-service.test.ts ui/src/components/IssueThreadInteractionCard.test.tsx ui/src/lib/issue-thread-interactions.test.ts cli/src/__tests__/issue-subresources.test.ts cli/src/__tests__/project-goal.test.ts packages/mcp-server/src/tools.test.ts packages/plugins/sdk/tests/testing-actions.test.ts ``` Result: 8 test files passed, 78 tests passed. - CI on latest head `63b9e55` is green. - Greptile Review passed on latest head; GraphQL review-thread check shows all Greptile threads resolved. ## Risks - Medium surface area because the interaction contract touches shared validators, server routes/services, UI rendering, CLI, MCP, plugin SDK helpers, and docs. - No database migrations are included. - `pnpm-lock.yaml` is intentionally excluded per repository lockfile policy. - UI screenshots are not attached because the task explicitly requested not to add design screenshots or images unless they were part of the work; component tests cover the new rendering and interaction states. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex coding agent based on GPT-5, with repository file access, shell command execution, git/GitHub CLI tooling, and Paperclip control-plane API access. Exact hosted model ID/context-window metadata is not exposed inside this runtime. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have searched GitHub for duplicate or related PRs and linked them above - [x] I have either (a) linked existing issues with `Fixes: #` / `Closes #` / `Refs #` OR (b) described the issue in-PR following the relevant issue template - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] All Paperclip CI gates are green - [x] Greptile is 5/5 with no open P2s, recommendations, or follow-ups - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|
|
20aea356cc |
refactor(deps-dev): bump vitest from 3.2.4 to 4.1.8 (#7581)
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Test infrastructure across server, ui, packages/* runs on Vitest > - Dependabot opened a narrow bump (3.2.4 → 3.2.6), but the wider workspace is on 3.2.4 and the major-version bridge to v4 needs a coordinated change set across configs and tests > - Staying on 3.x indefinitely leaves us behind on Vitest 4 (perf, pool, and config improvements) and forces repeated patch-only dependabot churn > - This pull request upgrades Vitest to 4.1.8 across the workspace, updates `server/vitest.config.ts` and `scripts/run-vitest-stable.mjs` for the new API, and adjusts two UI tests for the new assertion semantics > - The benefit is a single, coherent Vitest 4 upgrade that supersedes #7570 and gets us on the supported major line ## What Changed - Bump `vitest` from `3.2.4` to `4.1.8` across root, `server`, `ui`, and all `packages/*` (including plugin examples and sandbox providers) - Update `server/vitest.config.ts` for Vitest 4 config surface - Update `scripts/run-vitest-stable.mjs` to match the new runner behavior - Adjust `ui/src/components/CommentThread.test.tsx` and `ui/src/components/MarkdownEditor.test.tsx` for Vitest 4 matcher/timing semantics - Refresh `pnpm-lock.yaml` ## Verification - `pnpm install` resolves cleanly with the new lockfile - `pnpm -w -r test` (server, ui, packages) runs under Vitest 4.1.8 ## Risks - Major-version Vitest bump: behavioral changes in pools, fake timers, and matcher strictness can surface flake. Test config and the two UI tests were updated to match v4 semantics; broader test runs should be watched on CI before merge. - Supersedes dependabot PR #7570 (3.2.4 → 3.2.6); that PR should be closed. ## Model Used - Claude (Anthropic) — `claude-opus-4-7`, extended thinking, tool use enabled ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [ ] I have run tests locally and they pass - [ ] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [ ] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge Closes #7570 |
||
|
|
4693d770aa |
Add company artifacts page (#7621)
## Thinking Path > - Paperclip is the open source app people use to manage AI agents for work. > - Operators need a way to inspect files and work products created by agents across a company without opening each issue one by one. > - The existing issue detail surfaces already show attachments and outputs, but there was no company-level artifacts index or search-result affordance for artifact-like records. > - The backend needed a company-scoped artifacts projection API that preserves issue/run attribution and safe links back to source records. > - The UI needed a first-class Artifacts page, sidebar entry, reusable artifact cards, and deep-link handling that keeps company prefixes intact. > - This pull request adds the company artifacts API and page, then wires artifacts into search and issue output surfaces. > - The benefit is a single place to browse, filter, and open generated work products and attachments while preserving company boundaries. ## Linked Issues or Issue Description Fixes #7622. Feature request fields: - Problem/motivation: company operators need a consolidated artifacts surface for attachments and work products produced by agents. - Proposed solution: add a company-scoped artifacts projection endpoint, a board Artifacts route, reusable cards, sidebar navigation, and artifact search integration. - Alternatives considered: keep artifact discovery only on individual issue pages; that forces operators to know the source issue before finding generated outputs. - Roadmap alignment: checked `ROADMAP.md`; this is a focused board UI/API improvement and does not duplicate a listed roadmap item. ## What Changed - Added shared artifact types and validators. - Added a company-scoped artifact projection service/API with tests for attachment/work-product attribution. - Added Artifacts board UI route, API client, sidebar link, cards, filters, and storybook coverage. - Added artifact result handling to company search and issue output/deep-link flows. - Rebased the branch onto the latest `public-gh/master` state and resolved the route-test conflict by preserving both upstream team-catalog coverage and artifact route coverage. - Fixed a local Sidebar test helper so it no longer depends on a runtime-undefined `React.act` export in this dependency install. ## Verification - `pnpm --filter @paperclipai/ui exec vitest run src/components/artifacts/ArtifactCard.test.tsx src/api/artifacts.test.ts src/lib/company-routes.test.ts` - `pnpm --filter @paperclipai/ui exec vitest run src/pages/Artifacts.test.tsx src/pages/Search.test.tsx src/components/Sidebar.test.tsx` - `pnpm exec vitest run server/src/__tests__/company-artifacts-service.test.ts server/src/__tests__/company-search-service.test.ts server/src/__tests__/company-search-rate-limit-routes.test.ts server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts` - Confirmed the PR diff does not include `pnpm-lock.yaml` or `.github/workflows/*`. - Duplicate search: no open PRs or issues found for `artifact page ArtifactCard` in `paperclipai/paperclip`. Screenshots are intentionally omitted per the internal task instruction not to add design screenshots or images to this PR unless they are specifically part of the work. I also attempted browser capture in this runner, but `agent-browser` failed to launch Chrome and Playwright Chromium is missing `libatk-1.0.so.0`. ## Risks - Low-to-medium risk: this adds a new API projection and UI surface, so attribution/link regressions could affect artifact navigation. - Company scoping is covered in the new service/API tests. - No database migrations are included. - No lockfile or workflow changes are included. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used OpenAI Codex, GPT-5 coding agent with tool use and local command execution. Exact hosted model identifier is not exposed in this runtime. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have searched GitHub for duplicate or related PRs and linked them above - [x] I have either (a) linked existing issues with `Fixes: #` / `Closes #` / `Refs #` OR (b) described the issue in-PR following the relevant issue template - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots (intentionally omitted per task instruction; browser capture unavailable in this runner) - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [ ] All Paperclip CI gates are green - [ ] Greptile is 5/5 with no open P2s, recommendations, or follow-ups - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|
|
dbebf30c89 |
Add low-trust review containment (#7530)
## Thinking Path > - Paperclip is a control plane for AI-agent companies, so execution policy and trust boundaries are part of the product's safety contract. > - Low-trust review work needs narrower authority than normal same-company agents because hostile PRs, comments, attachments, and generated output can carry prompt-injection payloads. > - The current V1 shape gives trusted workers broad company context, which is useful for normal execution but too permissive for a reviewer assigned to hostile content. > - This branch adds a `low_trust_review` preset, source-trust tagging, route-level containment, and quarantine handling so low-trust output does not automatically flow into higher-trust wake context. > - The branch has been rebased onto current `origin/master`, and the low-trust migration was renumbered to `0097_low_trust_source_trust.sql` to avoid collisions with existing `0091` through `0096` migrations. > - Greptile feedback was addressed by tightening low-trust detection, preserving project-level trust policy checks, fixing issue-kind promotion lookup, removing duplicate post-lease isolation assertion, documenting fail-closed source-trust behavior, bounding ancestry checks, enforcing runtime issue context for CEOs, awaiting accepted-plan monitor authorization, and making low-trust issue source-trust tagging atomic. > - The benefit is a first production slice of deny-by-default review containment with regression coverage for the main control-plane pivot surfaces. Fixes #7531. ## What Changed - Added shared trust-policy types and validators, plus database/source-trust fields for issues, comments, documents, and work products. - Implemented server enforcement for low-trust issue scope, agent self-view redaction, secret/plugin/runtime denial paths, promotion checks, and quarantined continuation/wake context. - Added focused low-trust regression tests for resolver behavior, source trust, route authorization, heartbeat preflight ordering, runtime containment, and quarantine redaction. - Added board UI affordances for selecting/reviewing the low-trust preset and surfacing source-trust badges in relevant issue views. - Added `doc/LOW-TRUST-PRESETS.md`, updated `doc/SPEC-implementation.md`, and committed the low-trust review contract plan under `doc/plans/`. - Rebasing note: the original `0097_low_trust_source_trust.sql` migration was renamed to `0097_low_trust_source_trust.sql`; the SQL uses `ADD COLUMN IF NOT EXISTS` so users who already applied the old-numbered migration are not broken by the renumbered migration. ## Verification - Rebased branch onto current `origin/master` and force-pushed with lease to `origin/PAP-10211-low-trust-agent` at head `2719f31e3`. - Confirmed the PR diff does not include `pnpm-lock.yaml` or `.github/workflows` changes. - Resolved upstream UI/comment conflicts by preserving deleted-comment tombstone behavior and low-trust source-trust badges/metadata. - Renumbered the low-trust source-trust migration to `0097_low_trust_source_trust.sql`; the SQL uses `ADD COLUMN IF NOT EXISTS` so users who already applied an old-numbered copy are not broken. - `pnpm exec vitest run ui/src/lib/issue-chat-messages.test.ts server/src/__tests__/heartbeat-workspace-session.test.ts` - `pnpm exec vitest run server/src/__tests__/source-trust.test.ts server/src/__tests__/workspace-runtime-service-authz.test.ts ui/src/lib/trust-policy-ui.test.ts ui/src/components/TrustPresetSection.test.tsx` - `pnpm run typecheck:build-gaps` - `git diff --check` - GitHub checks pass on head `2719f31e3`: build, typecheck/release registry, general tests, serialized server suites, e2e, canary, verify, policy/review, Socket, and Snyk. - Greptile Review passes with Confidence Score 5/5 and zero unresolved Greptile review threads. - No design screenshots/images were added because the task explicitly says not to add them unless they are specifically part of the work. ## Risks - Medium risk: this touches shared trust-policy contracts, server authorization paths, heartbeat context generation, migration metadata, and UI preset controls. - Low-trust containment is intentionally deny-by-default; legitimate future review workflows may need explicit allowlisted exceptions. - Plugin/runtime/security surfaces are broad, so regression tests cover the current known routes but future integrations must route through the same containment layer. - The PR is ready for review; GitHub checks are green and Greptile is 5/5. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex, GPT-5 coding agent, tool-enabled shell and GitHub CLI workflow. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] UI changes are covered by focused tests; no screenshots were added per task instruction not to add design images unless specifically required - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|
|
b2a33d0184 |
[codex] Filter document artifacts from issue outputs (#7608)
## Thinking Path > - Paperclip is the open source app people use to manage AI agents for work > - Issue detail pages promote certain artifact work products into the dedicated Output surface while also listing raw attachments below > - Document-like artifacts such as plan markdown can currently be promoted like binary outputs, which makes the same work product story look like both an output and a document/attachment > - The output surface should stay focused on inspectable generated media, archives, PDFs, WebAssembly, SVG/images, and true binary deliverables while document-like artifacts remain in the document or attachment flow > - This pull request filters document-like artifact metadata out of the Output section and avoids duplicating the attachments that back promoted outputs > - The benefit is a cleaner issue detail page where plans and markdown reports do not appear as binary outputs, while real output files still get highlighted ## Linked Issues or Issue Description Fixes #7609 Refs PAP-10354 Refs PAP-10369 ## What Changed - Added output MIME-type normalization and eligibility checks for issue artifact work products. - Filtered markdown, text, JSON, XML, CSV, YAML, source-like files, and generic binary artifacts with document-like filenames out of promoted issue outputs. - Kept video, image including SVG, PDF, ZIP, WebAssembly, and true binary artifacts eligible for the Output section. - Hid attachments that back promoted outputs while leaving filtered document-like artifact attachments visible. - Preserved the full image attachment set for chat image gallery lookup even when promoted image outputs are hidden from the attachment list. - Added focused tests for output eligibility, glyph labeling, output promotion, attachment filtering, gallery image preservation, and the output section render behavior. ## Verification - `pnpm vitest run ui/src/lib/issue-output.test.ts ui/src/pages/IssueDetail.test.tsx ui/src/components/issue-output/IssueOutputSection.test.tsx` - GitHub PR checks are green on `7d1b80f9702f20ab86cc502bffce599b13f1b088`. - Greptile confidence score is 5/5 and both Greptile review threads are resolved. ## Risks - Low risk. The change only affects UI classification of Paperclip artifact work products. The main behavioral risk is an uncommon text-like generated artifact no longer appearing in the Output section; it remains available through the normal attachment/document surfaces. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used OpenAI GPT-5 Codex via Paperclip CodexCoder, with repository tool use and local command execution. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have searched GitHub for duplicate or related PRs and linked them above - [x] I have either (a) linked existing issues with `Fixes: #` / `Closes #` / `Refs #` OR (b) described the issue in-PR following the relevant issue template - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] All Paperclip CI gates are green - [x] Greptile is 5/5 with no open P2s, recommendations, or follow-ups - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|
|
fff3832a01 |
[codex] Add teams catalog extraction (#7550)
Fixes #7551 ## Thinking Path > - Paperclip is the control plane for AI-agent companies, and reusable company/team setup is part of making those companies faster to launch. > - The teams catalog work introduces app-shipped team templates that can be browsed, previewed, and installed into a company. > - Catalog installation crosses several contracts: bundled package contents, shared API types, server import/install behavior, CLI workflows, and the board UI. > - Agents also need a safe path through catalog installs: scoped company selection, explicit source policy, approval fallback for agent creation, and preserved catalog provenance. > - This pull request extracts the completed teams catalog branch into one reviewable PR on top of `public-gh/master`. > - The benefit is a reusable teams catalog foundation with server, CLI, package, docs, and hidden UI surfaces kept in sync. ## What Changed - Added the `@paperclipai/teams-catalog` package with bundled/optional team definitions, generated manifest, validators, catalog builder tests, and migration notes. - Added shared teams catalog types/validators plus server routes and services for listing, previewing, and installing catalog teams. - Integrated catalog install with company portability, skill/source policy checks, provenance metadata, origin hashes, target-manager reparenting, and installed/out-of-date detection. - Added CLI `teams` commands and agent-safe company selection behavior, including `company current` and approval fallback for forbidden agent-run installs. - Added hidden Team Catalog UI/API/query surfaces, Storybook fixtures, and targeted UI tests while keeping the UI route out of primary navigation. - Added docs for CLI/company/teams catalog behavior and removed generated screenshot artifacts from the PR diff. ## Verification - `pnpm exec vitest run cli/src/__tests__/company.test.ts cli/src/__tests__/teams.test.ts packages/teams-catalog/src/catalog-builder.test.ts packages/teams-catalog/src/shipped-catalog.test.ts server/src/__tests__/agent-permissions-service.test.ts server/src/__tests__/company-portability.test.ts server/src/__tests__/company-skills-service.test.ts server/src/__tests__/teams-catalog-routes.test.ts server/src/__tests__/teams-catalog-service.test.ts server/src/__tests__/teams-catalog-install-no-overrides.test.ts ui/src/lib/company-routes.test.ts ui/src/pages/TeamCard.test.tsx ui/src/pages/TeamCatalog.test.tsx ui/src/pages/useInstallTeamCatalogEntry.test.tsx` - `pnpm --filter @paperclipai/shared typecheck && pnpm --filter @paperclipai/teams-catalog typecheck && pnpm --filter paperclipai typecheck && pnpm --filter @paperclipai/server typecheck && pnpm --filter @paperclipai/ui typecheck` - Confirmed branch is rebased onto `public-gh/master` (`78dc3625a`) and `public-gh/master` is an ancestor of `HEAD`. - Confirmed PR diff excludes `pnpm-lock.yaml`, `.github/workflows/*`, generated screenshot images, and screenshot helper scripts. ## Risks - Medium review surface: this crosses package generation, shared contracts, server install behavior, CLI, docs, and hidden UI code. - Catalog install behavior creates agents/projects/tasks/skills and must keep company scoping, permissions, source policy, and provenance checks strict. - `pnpm-lock.yaml` is intentionally excluded per repo policy; CI/default-branch automation owns lockfile refresh. - The Team Catalog UI is included but hidden from primary navigation, so future enablement should re-check visual QA before exposure. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. > > ROADMAP checked: this aligns with reusable companies/templates and plugin-adjacent onboarding work. This PR packages work already developed on the Paperclip task branch for review. ## Model Used - OpenAI Codex, GPT-5 series coding agent in this Paperclip session; exact runtime context window was not exposed. Used shell, git, `gh`, and local test/typecheck tooling. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots, or documented why screenshots are intentionally omitted - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> |
||
|
|
3657854e5e |
Merge pull request #7554 from paperclipai/codex/pap-10343-comment-redaction
[codex] Redact deleted issue comments |
||
|
|
487361a5cc |
Merge pull request #7553 from paperclipai/codex/pap-10343-operator-qol-pr
[codex] Group operator QoL fixes |
||
|
|
31b210cdcc |
build(deps): bump @assistant-ui/react from 0.14.13 to 0.14.14 (#7569)
Bumps [@assistant-ui/react](https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react) from 0.14.13 to 0.14.14. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/assistant-ui/assistant-ui/blob/main/packages/react/CHANGELOG.md">@assistant-ui/react's changelog</a>.</em></p> <blockquote> <h2>0.14.14</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4212">#4212</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/5fe118d6e61fd661859ee0d6b5ef10a370992a84"><code>5fe118d</code></a> - feat: add MCP server support to generative toolkits (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4213">#4213</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/dcd5897f6dd6ca6bfe6978c3c03371e070965eab"><code>dcd5897</code></a> - feat: add provider-executed tool support to generative toolkits (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4127">#4127</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/606c9d41f515925ed531876d451e53a564cc4253"><code>606c9d4</code></a> - feat(assistant-transport): honour <code>Aui-Replay-Content-Length</code> to split sync-server replay from live bytes (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <p><code>useAssistantTransportRuntime</code> now reads the <code>Aui-Replay-Content-Length</code> response header on resume and gates the body at that byte boundary. The replay prefix is decoded while <code>isLoading: true</code> has rendered through React, then the reader pauses until <code>isLoading: false</code> has rendered before releasing live bytes. Tool calls in the replayed portion are recorded as historical and skip <code>streamCall</code> / <code>execute</code>, while tool calls that begin after the replay boundary fire normally. Responses without the header behave as today.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4208">#4208</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/0558db28952fcd1c05a2ea3f15020cf50ca52489"><code>0558db2</code></a> - feat: add <code>updateCustom</code> to thread list runtimes, adapters, and clients (<a href="https://github.com/okisdev"><code>@okisdev</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4214">#4214</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/69540af906f4301af0fd453b0ab425fd62703a46"><code>69540af</code></a> - feat: add renderText helpers for tool call status text (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4199">#4199</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/d9b311977759818fcdcea6037c938e7070276f47"><code>d9b3119</code></a> - feat: a <code>defineToolkit</code> entry may now be an already-formed <code>ToolDefinition</code> (carrying its own <code>type</code>), not only an inline definition whose <code>type</code> the compiler infers. This is what lets a factory like <code>new JSONGenerativeUI({ library }).present()</code> be used directly as a tool. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <p>Renames the authoring types to match <code>defineToolkit</code>: <code>ToolkitDeclaration</code> → <code>ToolkitDefinition</code>, and adds <code>ToolkitDefinitionEntry</code> (the union of an inline tool definition and a pre-formed <code>ToolDefinition</code>). The per-tool inline type is now an internal <code>ToolkitDefinitionInput</code> and is no longer exported.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4236">#4236</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/ae54c55c8c8b0f9e9ef455ced1498f37d998c6cb"><code>ae54c55</code></a> - feat: add <code>stubTool()</code> and experimental <code>useAuiToolOverrides()</code> for locally executed generative toolkit tools (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4235">#4235</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/7640b319f704414bd5eb197f34e11ae0b2324a1d"><code>7640b31</code></a> - Deprecate component tool registration APIs in favor of toolkit registrations. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/cba2b42c26083e730ae07194186ab4473f9f4cf3"><code>cba2b42</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/4145caaa23452f38c71366b55c03f8ec4da3fd54"><code>4145caa</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/58f80e09b51a9d025403f8692c3f41adc6d403e0"><code>58f80e0</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/78ff336028ce125608a4b716a93a2519ad6d9eab"><code>78ff336</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/5fe118d6e61fd661859ee0d6b5ef10a370992a84"><code>5fe118d</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/dcd5897f6dd6ca6bfe6978c3c03371e070965eab"><code>dcd5897</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/0558db28952fcd1c05a2ea3f15020cf50ca52489"><code>0558db2</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/69540af906f4301af0fd453b0ab425fd62703a46"><code>69540af</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/d9b311977759818fcdcea6037c938e7070276f47"><code>d9b3119</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/ae54c55c8c8b0f9e9ef455ced1498f37d998c6cb"><code>ae54c55</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/7640b319f704414bd5eb197f34e11ae0b2324a1d"><code>7640b31</code></a>]:</p> <ul> <li>assistant-stream@0.3.20</li> <li><code>@assistant-ui/core</code><a href="https://github.com/0"><code>@0</code></a>.2.10</li> <li>assistant-cloud@0.1.31</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/assistant-ui/assistant-ui/commits/HEAD/packages/react">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
36ea5d3d79 |
build(deps-dev): bump @storybook/addon-a11y from 10.3.5 to 10.4.2 (#7568)
Bumps [@storybook/addon-a11y](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/a11y) from 10.3.5 to 10.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/storybookjs/storybook/releases">@storybook/addon-a11y's releases</a>.</em></p> <blockquote> <h2>v10.4.2</h2> <h2>10.4.2</h2> <ul> <li>Bug: Fix Windows command resolution for non-Node package managers - <a href="https://redirect.github.com/storybookjs/storybook/pull/33534">#33534</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> <li>Build: Upgrade type-fest to latest version 5.6.0 - <a href="https://redirect.github.com/storybookjs/storybook/pull/34791">#34791</a>, thanks <a href="https://github.com/tobiasdiez"><code>@tobiasdiez</code></a>!</li> <li>CSF: Fix parsing of string literal export names - <a href="https://redirect.github.com/storybookjs/storybook/pull/34901">#34901</a>, thanks <a href="https://github.com/shilman"><code>@shilman</code></a>!</li> <li>Publish: Add npm provenance attestations - <a href="https://redirect.github.com/storybookjs/storybook/pull/34936">#34936</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> </ul> <h2>v10.4.1</h2> <h2>10.4.1</h2> <ul> <li>Angular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - <a href="https://redirect.github.com/storybookjs/storybook/pull/34833">#34833</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Build: Upgrade type-fest to latest version 5.6.0 - <a href="https://redirect.github.com/storybookjs/storybook/pull/34791">#34791</a>, thanks <a href="https://github.com/tobiasdiez"><code>@tobiasdiez</code></a>!</li> <li>CLI: Run `npx expo install --fix` after init for Expo projects - <a href="https://redirect.github.com/storybookjs/storybook/pull/34803">#34803</a>, thanks <a href="https://github.com/ndelangen"><code>@ndelangen</code></a>!</li> <li>CLI: Support `peerDependencies` in framework detection for component libraries - <a href="https://redirect.github.com/storybookjs/storybook/pull/34516">#34516</a>, thanks <a href="https://github.com/zhyd1997"><code>@zhyd1997</code></a>!</li> <li>Next.js: Add useLinkStatus mock to next/link export mock - <a href="https://redirect.github.com/storybookjs/storybook/pull/34593">#34593</a>, thanks <a href="https://github.com/philwolstenholme"><code>@philwolstenholme</code></a>!</li> <li>Vue3: Specify a specific version for non-dev dependency - <a href="https://redirect.github.com/storybookjs/storybook/pull/34794">#34794</a>, thanks <a href="https://github.com/ScopeyNZ"><code>@ScopeyNZ</code></a>!</li> </ul> <h2>v10.4.0</h2> <h2>10.4.0</h2> <blockquote> <p><em>AI-assisted setup, change-aware review, and stronger framework support</em></p> </blockquote> <p>Storybook 10.4 contains hundreds of fixes and improvements including:</p> <ul> <li>🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding</li> <li>🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes</li> <li>🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar</li> <li>⚛️ TanStack React: New `@storybook/tanstack-react` framework with routing and server function support</li> <li>🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server</li> <li>📱 React Native: Zero config RN project initialization</li> <li>🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic</li> </ul> <!-- raw HTML omitted --> <ul> <li>A11y: Add aria-live announcements via <code>@react-aria/live-announcer</code> - <a href="https://redirect.github.com/storybookjs/storybook/pull/33970">#33970</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> <li>A11y: Improve boolean control contrast in forced colors mode - <a href="https://redirect.github.com/storybookjs/storybook/pull/34204">#34204</a>, thanks <a href="https://github.com/anchmelev"><code>@anchmelev</code></a>!</li> <li>Actions: Fix state mutation and keep newest actions when limit reached - <a href="https://redirect.github.com/storybookjs/storybook/pull/34286">#34286</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Addon-Docs: Add Reset story button to re-render stories in docs - <a href="https://redirect.github.com/storybookjs/storybook/pull/34086">#34086</a>, thanks <a href="https://github.com/6810779s"><code>@6810779s</code></a>!</li> <li>Addon-Docs: Avoid rerendering static Source blocks - <a href="https://redirect.github.com/storybookjs/storybook/pull/34206">#34206</a>, thanks <a href="https://github.com/anchmelev"><code>@anchmelev</code></a>!</li> <li>Addon-Vitest: Use Vitest's provide-API for injecting values - <a href="https://redirect.github.com/storybookjs/storybook/pull/34518">#34518</a>, thanks <a href="https://github.com/JReinhold"><code>@JReinhold</code></a>!</li> <li>Agentic Setup: Add --extensive for an extra prompt - <a href="https://redirect.github.com/storybookjs/storybook/pull/34730">#34730</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Agentic Setup: Allow failed stories to persist - <a href="https://redirect.github.com/storybookjs/storybook/pull/34717">#34717</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Agentic Setup: Keep sample content if users want onboarding - <a href="https://redirect.github.com/storybookjs/storybook/pull/34704">#34704</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Agentic Setup: Rework ai-init-opt-in logic - <a href="https://redirect.github.com/storybookjs/storybook/pull/34739">#34739</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Angular: Use Story ID for renderer IDs (including standalone stories) - <a href="https://redirect.github.com/storybookjs/storybook/pull/33982">#33982</a>, thanks <a href="https://github.com/ValentinFunk"><code>@ValentinFunk</code></a>!</li> <li>Automigration: Move RN on-device addons to `deviceAddons` - <a href="https://redirect.github.com/storybookjs/storybook/pull/34659">#34659</a>, thanks <a href="https://github.com/ndelangen"><code>@ndelangen</code></a>!</li> <li>Builder-Vite: Add onModuleGraphChange method - <a href="https://redirect.github.com/storybookjs/storybook/pull/34323">#34323</a>, thanks <a href="https://github.com/ghengeveld"><code>@ghengeveld</code></a>!</li> <li>CLI: Add automigrate check for 'storybook' package name conflict - <a href="https://redirect.github.com/storybookjs/storybook/pull/34290">#34290</a>, thanks <a href="https://github.com/whdjh"><code>@whdjh</code></a>!</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md">@storybook/addon-a11y's changelog</a>.</em></p> <blockquote> <h2>10.4.2</h2> <ul> <li>Bug: Fix Windows command resolution for non-Node package managers - <a href="https://redirect.github.com/storybookjs/storybook/pull/33534">#33534</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> <li>Build: Upgrade type-fest to latest version 5.6.0 - <a href="https://redirect.github.com/storybookjs/storybook/pull/34791">#34791</a>, thanks <a href="https://github.com/tobiasdiez"><code>@tobiasdiez</code></a>!</li> <li>CSF: Fix parsing of string literal export names - <a href="https://redirect.github.com/storybookjs/storybook/pull/34901">#34901</a>, thanks <a href="https://github.com/shilman"><code>@shilman</code></a>!</li> <li>Publish: Add npm provenance attestations - <a href="https://redirect.github.com/storybookjs/storybook/pull/34936">#34936</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> </ul> <h2>10.4.1</h2> <ul> <li>Angular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - <a href="https://redirect.github.com/storybookjs/storybook/pull/34833">#34833</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Build: Upgrade type-fest to latest version 5.6.0 - <a href="https://redirect.github.com/storybookjs/storybook/pull/34791">#34791</a>, thanks <a href="https://github.com/tobiasdiez"><code>@tobiasdiez</code></a>!</li> <li>CLI: Run <code>npx expo install --fix</code> after init for Expo projects - <a href="https://redirect.github.com/storybookjs/storybook/pull/34803">#34803</a>, thanks <a href="https://github.com/ndelangen"><code>@ndelangen</code></a>!</li> <li>CLI: Support <code>peerDependencies</code> in framework detection for component libraries - <a href="https://redirect.github.com/storybookjs/storybook/pull/34516">#34516</a>, thanks <a href="https://github.com/zhyd1997"><code>@zhyd1997</code></a>!</li> <li>Next.js: Add useLinkStatus mock to next/link export mock - <a href="https://redirect.github.com/storybookjs/storybook/pull/34593">#34593</a>, thanks <a href="https://github.com/philwolstenholme"><code>@philwolstenholme</code></a>!</li> <li>Vue3: Specify a specific version for non-dev dependency - <a href="https://redirect.github.com/storybookjs/storybook/pull/34794">#34794</a>, thanks <a href="https://github.com/ScopeyNZ"><code>@ScopeyNZ</code></a>!</li> </ul> <h2>10.4.0</h2> <blockquote> <p><em>AI-assisted setup, change-aware review, and stronger framework support</em></p> </blockquote> <p>Storybook 10.4 contains hundreds of fixes and improvements including:</p> <ul> <li>🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding</li> <li>🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes</li> <li>🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar</li> <li>⚛️ TanStack React: New <code>@storybook/tanstack-react</code> framework with routing and server function support</li> <li>🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server</li> <li>📱 React Native: Zero config RN project initialization</li> <li>🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic</li> </ul> <!-- raw HTML omitted --> <ul> <li>A11y: Add aria-live announcements via <code>@react-aria/live-announcer</code> - <a href="https://redirect.github.com/storybookjs/storybook/pull/33970">#33970</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> <li>A11y: Improve boolean control contrast in forced colors mode - <a href="https://redirect.github.com/storybookjs/storybook/pull/34204">#34204</a>, thanks <a href="https://github.com/anchmelev"><code>@anchmelev</code></a>!</li> <li>Actions: Fix state mutation and keep newest actions when limit reached - <a href="https://redirect.github.com/storybookjs/storybook/pull/34286">#34286</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Addon-Docs: Add Reset story button to re-render stories in docs - <a href="https://redirect.github.com/storybookjs/storybook/pull/34086">#34086</a>, thanks <a href="https://github.com/6810779s"><code>@6810779s</code></a>!</li> <li>Addon-Docs: Avoid rerendering static Source blocks - <a href="https://redirect.github.com/storybookjs/storybook/pull/34206">#34206</a>, thanks <a href="https://github.com/anchmelev"><code>@anchmelev</code></a>!</li> <li>Addon-Vitest: Use Vitest's provide-API for injecting values - <a href="https://redirect.github.com/storybookjs/storybook/pull/34518">#34518</a>, thanks <a href="https://github.com/JReinhold"><code>@JReinhold</code></a>!</li> <li>Agentic Setup: Add --extensive for an extra prompt - <a href="https://redirect.github.com/storybookjs/storybook/pull/34730">#34730</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Agentic Setup: Allow failed stories to persist - <a href="https://redirect.github.com/storybookjs/storybook/pull/34717">#34717</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Agentic Setup: Keep sample content if users want onboarding - <a href="https://redirect.github.com/storybookjs/storybook/pull/34704">#34704</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Agentic Setup: Rework ai-init-opt-in logic - <a href="https://redirect.github.com/storybookjs/storybook/pull/34739">#34739</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> <li>Angular: Use Story ID for renderer IDs (including standalone stories) - <a href="https://redirect.github.com/storybookjs/storybook/pull/33982">#33982</a>, thanks <a href="https://github.com/ValentinFunk"><code>@ValentinFunk</code></a>!</li> <li>Automigration: Move RN on-device addons to <code>deviceAddons</code> - <a href="https://redirect.github.com/storybookjs/storybook/pull/34659">#34659</a>, thanks <a href="https://github.com/ndelangen"><code>@ndelangen</code></a>!</li> <li>Builder-Vite: Add onModuleGraphChange method - <a href="https://redirect.github.com/storybookjs/storybook/pull/34323">#34323</a>, thanks <a href="https://github.com/ghengeveld"><code>@ghengeveld</code></a>!</li> <li>CLI: Add automigrate check for 'storybook' package name conflict - <a href="https://redirect.github.com/storybookjs/storybook/pull/34290">#34290</a>, thanks <a href="https://github.com/whdjh"><code>@whdjh</code></a>!</li> <li>CLI: Add react-vite to tanstack-react automigration - <a href="https://redirect.github.com/storybookjs/storybook/pull/34718">#34718</a>, thanks <a href="https://github.com/huang-julien"><code>@huang-julien</code></a>!</li> <li>CLI: Change mock event detection - <a href="https://redirect.github.com/storybookjs/storybook/pull/34586">#34586</a>, thanks <a href="https://github.com/yannbf"><code>@yannbf</code></a>!</li> <li>CLI: Explicitly tell whether smoke tests passed or failed - <a href="https://redirect.github.com/storybookjs/storybook/pull/34419">#34419</a>, thanks <a href="https://github.com/Sidnioulz"><code>@Sidnioulz</code></a>!</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/storybookjs/storybook/commit/298dea20c6370e5c670178d88a79fc9e9ff436b2"><code>298dea2</code></a> Bump version from "10.4.1" to "10.4.2" [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/cc19ae1a2145e8f7cda8dc869f1b90d5346dcedb"><code>cc19ae1</code></a> Bump version from "10.4.0" to "10.4.1" [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/f8c16d115cfcf0f79125b358266c37e5343bb70d"><code>f8c16d1</code></a> Bump version from "10.4.0-beta.0" to "10.4.0" [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/e02da0b0d4cf9673999184b8f11c85b026954b69"><code>e02da0b</code></a> Bump version from "10.4.0-alpha.19" to "10.4.0-beta.0" [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/429fb3e42609382e9d578cce3c8aa9817182c3c1"><code>429fb3e</code></a> Bump version from "10.4.0-alpha.18" to "10.4.0-alpha.19" [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/488dd0840b7e489b33c2c65975a195bcc991bec7"><code>488dd08</code></a> Bump version from "10.4.0-alpha.17" to "10.4.0-alpha.18" [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/b8bcdf88606eacfb84b543356c8b05b1444c0b26"><code>b8bcdf8</code></a> Merge branch 'next' into valentin/viral-sharing</li> <li><a href="https://github.com/storybookjs/storybook/commit/3ff136ccbbb6913bcb779936765f05116f25d190"><code>3ff136c</code></a> Merge remote-tracking branch 'origin/next' into valentin/viral-sharing</li> <li><a href="https://github.com/storybookjs/storybook/commit/f191df779aabd461fa3f5e65f57f2171681db255"><code>f191df7</code></a> Bump version from "10.4.0-alpha.16" to "10.4.0-alpha.17" [skip ci]</li> <li><a href="https://github.com/storybookjs/storybook/commit/381d6adcf5e52dd04ed22cca2ce36469a1fe9122"><code>381d6ad</code></a> Update <code>@storybook/icons</code> to 2.0.2 and use PopOutIcon for isolation mode</li> <li>Additional commits viewable in <a href="https://github.com/storybookjs/storybook/commits/v10.4.2/code/addons/a11y">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1afa337841 |
Address Greptile deleted-comment feedback
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
af0c43b205 | Address operator QoL review feedback | ||
|
|
fb13e1f6a9 | Hide archived routines from routines page | ||
|
|
5f481d50f1 |
Allow inline video attachment previews
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
5d91c1bb29 | Fix document comment panel layering | ||
|
|
ed941ec089 |
Default routines view by project
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
39e0fba65f | Filter issues by plan document | ||
|
|
96d4079324 | Render other answers as text links | ||
|
|
4afe5ab7cb | Add other answers to issue questions | ||
|
|
6c46f11f89 |
Preserve experimental settings with retired flags
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
d87b14ff4f | test comment deletion cleanup regressions | ||
|
|
17fa6fe0fe | Add deleted comment regression coverage | ||
|
|
7f70759e61 | Redact deleted issue comments | ||
|
|
1227bb8ead |
Improve OpenAPI spec coverage and auth metadata (#4579)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Its REST API is the control-plane contract for the board UI, agents,
plugins, and external integrations
> - This branch adds `/api/openapi.json`, which makes the generated
OpenAPI document part of that contract instead of an internal
implementation detail
> - Once the spec is published, it has to match the mounted Express
routes, auth model, and real HTTP behavior closely enough for client
generation and review
> - The existing spec drifted from the live server: it missed mounted
routes, documented a few nonexistent ones, omitted auth semantics, and
normalized response codes too aggressively
> - This pull request makes the generated spec track the real API
surface, exposes security requirements, and adds regression coverage so
drift is caught automatically
> - The benefit is that Paperclip's published API description becomes
trustworthy for integrators, SDK generation, and review without changing
runtime auth enforcement
## What Changed
- Added the OpenAPI endpoint wiring under `server/src/routes/openapi.ts`
so `/api/openapi.json` is generated from the current route-backed
OpenAPI builder.
- Replaced generic request/response bodies with typed schemas where
available so the generated document carries useful structure instead of
opaque blobs.
- Expanded the generated spec to cover the mounted route set, including
access/member flows, CLI auth challenge routes, invite acceptance, issue
thread interaction routes, adapter environment testing, budget policy
routes, resource memberships, secret provider routes, cloud upstream
routes, and `/api/openapi.json` itself.
- Corrected documented path mismatches such as `skills/scan` vs
`skills/scan-projects`, and other route-name/path drift.
- Added security schemes plus operation-level security metadata so
public, authenticated, board-only, and instance-admin endpoints are
distinguishable in the generated contract.
- Fixed reviewed response-code mismatches for create/accept flows and
authz failures, including `201`, `202`, and `403` cases that were
previously flattened away.
- Added `server/src/__tests__/openapi-routes.test.ts` to diff the
generated spec against mounted server routes and assert key
auth/response invariants.
- Hardened the route-drift test after review feedback: it now handles
single/double/template route literals, fails on unlisted route files
that declare router methods, and filters OpenAPI path-item keys to HTTP
methods only.
## Verification
- `pnpm exec vitest run server/src/__tests__/openapi-routes.test.ts`
- `pnpm --filter @paperclipai/ui exec vitest run
src/pages/Inbox.test.tsx`
- `pnpm -r typecheck`
- `pnpm test:run`
- `pnpm build`
Manual notes:
- Confirmed the generated spec now matches the mounted route set in the
focused regression test.
- Confirmed `/api/plugins/install` is marked privileged in the generated
security metadata.
- Confirmed `POST /api/invites/{token}/accept` documents `202`.
- Addressed the Greptile route coverage comments and reran the focused
OpenAPI test, typecheck, and build successfully.
## Risks
- Medium-low risk. The main risk is ongoing spec drift if new routes are
added without updating the OpenAPI builder, but the regression test now
fails on unknown route files that declare router methods.
- The auth metadata is descriptive only; it does not change runtime
enforcement. If reviewers assume this PR hardens server auth behavior,
that would be an incorrect expectation.
- This change increases the amount of hand-maintained OpenAPI mapping in
`server/src/routes/openapi.ts`, so future API additions still need
discipline.
> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected. See `CONTRIBUTING.md`.
## Model Used
- OpenAI Codex, GPT-5-based coding agent in Codex desktop. Exact
internal model variant/version and context-window size are not exposed
in this environment. Tool-enabled coding workflow with terminal
execution, git, and GitHub integration.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots or confirmed screenshots are not applicable
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|
|
bc0a076e13 |
fix(ui): stop linking foreign tracker keys as Paperclip issues (#7511)
Fixes #7514 — the prefix-validation piece of the #5456 auto-linker 404-storm umbrella. The remaining pieces (404 retry guard, word-boundary tightening, comment edit/soft-delete) stay open under #5456. Part of #5456. ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Agents and humans cross-reference work in markdown — issue descriptions, comments, documents — which the UI renders through a shared `MarkdownBody` > - That renderer auto-links any `IDENT-123`-shaped token to an internal `/issues/IDENT-123` link > - But foreign tracker keys share that exact shape: a Jira `TREE-604` (or any external `ORG-123`) mentioned in prose becomes a link to a Paperclip issue that does not exist — it 404s, and the renderer also fires a wasted issue-fetch for the bogus identifier > - The set of real issue prefixes is already in the browser: every company carries an `issuePrefix`, exposed via `CompanyContext` > - This PR gates bare-token auto-linking to known company prefixes, leaving explicit `issue://` / `/issues/` references and real markdown links untouched > - The benefit is no dead internal links from foreign keys, with no new query, cache, or server change — and zero regression when prefixes aren't yet known ## What Changed - **`ui/src/lib/issue-reference.ts`** — `parseIssueReferenceFromHref` takes an optional `knownPrefixes` set and rejects a bare `IDENT-123` token whose prefix isn't in it; threaded through `remarkLinkIssueReferences(options)` → tree rewrite → text and inline-code paths. An omitted/empty set keeps the legacy permissive behavior. Explicit `issue://` scheme and `/issues/` path forms are never gated. - **`ui/src/context/CompanyContext.tsx`** — adds `useOptionalCompany()`, a non-throwing variant of `useCompany()` (returns `null` outside a provider). - **`ui/src/components/MarkdownBody.tsx`** — reads company prefixes via `useOptionalCompany()` and passes them to the linkifier. The non-throwing read keeps `MarkdownBody` renderable in provider-less surfaces (e.g. standalone/exported markdown). - Tests extended in `issue-reference.test.ts` (gating + remark-plugin cases) and `MarkdownBody.test.tsx` (gating, empty-companies permissive, explicit-path bypass). ## Verification - `pnpm --filter @paperclipai/ui exec vitest run src/lib/issue-reference.test.ts src/components/MarkdownBody.test.tsx` — green (17 + 40 tests). - Full UI suite: `pnpm --filter @paperclipai/ui exec vitest run` — **1161 passed / 183 files**; pre-existing `MarkdownBody` link tests pass unmodified (they hit the permissive `null`-context path), confirming no regression. - `pnpm --filter @paperclipai/ui run typecheck` — clean. - _Screenshots pending — opening as draft; before/after images to follow before marking ready._ - Manual (before/after): in an issue description containing both a real Paperclip identifier and a Jira key — _before_ both render as `/issues/...` links (the Jira one dead); _after_ only the real identifier links and the Jira key is plain text. ## Risks - **Low risk.** No server/API/migration change; pure client rendering logic. - A referenced issue whose company isn't in the viewer's `companies` list stops auto-linking — acceptable, since that internal link wouldn't resolve for that viewer anyway; explicit `/issues/IDENT` references still render. - During initial load (companies not yet fetched) behavior is identical to today (permissive), so no new flicker. ## Model Used - **Anthropic Claude Opus 4.8** (`claude-opus-4-8`), 1M-token context, extended thinking + tool use. Plan authored and implemented with the model; all decisions reviewed by the human contributor. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes (no doc changes required — behavior gated, no public API/doc surface affected) - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|
|
2a77c65189 |
build(deps-dev): bump @tailwindcss/vite from 4.1.18 to 4.3.0 (#7327)
Bumps [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) from 4.1.18 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">@tailwindcss/vite's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h3>Added</h3> <ul> <li>Add <code>@container-size</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18901">#18901</a>)</li> <li>Add <code>scrollbar-{auto,thin,none}</code> utilities for <code>scrollbar-width</code>, and <code>scrollbar-thumb-*</code> / <code>scrollbar-track-*</code> color utilities for <code>scrollbar-color</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19981">#19981</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20019">#20019</a>)</li> <li>Add <code>scrollbar-gutter-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20018">#20018</a>)</li> <li>Add <code>zoom-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20020">#20020</a>)</li> <li>Add <code>tab-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20022">#20022</a>)</li> <li>Allow using <code>@variant</code> with stacked variants (e.g. <code>@variant hover:focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Allow using <code>@variant</code> with compound variants (e.g. <code>@variant hover, focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Support <code>--default(…)</code> in <code>--value(…)</code> and <code>--modifier(…)</code> for functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19989">#19989</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Ensure <code>@plugin</code> resolves package JavaScript entries instead of browser CSS entries when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19949">#19949</a>)</li> <li>Fix relative <code>@import</code> and <code>@plugin</code> paths resolving from the wrong directory when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19965">#19965</a>)</li> <li>Ensure CSS files containing <code>@variant</code> are processed by <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19966">#19966</a>)</li> <li>Resolve imports relative to <code>base</code> when <code>result.opts.from</code> is not provided when using <code>@tailwindcss/postcss</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19980">#19980</a>)</li> <li>Canonicalization: preserve significant <code>_</code> whitespace in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. <code>w-[calc(100%---spacing(60))]</code> → <code>w-[calc(100%-(--spacing(60)))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. <code>-mt-[20in]</code> → <code>mt-[-20in]</code>, not <code>mt-[-1920px]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19988">#19988</a>)</li> <li>Canonicalization: migrate arbitrary <code>:has()</code> variants from <code>[&:has(…)]</code> to <code>has-[…]</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19991">#19991</a>)</li> <li>Upgrade: don’t migrate inline <code>style</code> attributes (e.g. <code>style="flex-grow: 1"</code> → <code>style="flex-grow: 1"</code>, not <code>style="grow: 1"</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19918">#19918</a>)</li> <li>Allow multiple <code>@utility</code> definitions with the same name but different value types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19777">#19777</a>)</li> <li>Export missing <code>PluginWithConfig</code> type from <code>tailwindcss/plugin</code> to fix errors when inferring plugin config types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19707">#19707</a>)</li> <li>Ensure <code>start</code> and <code>end</code> legacy utilities without values do not generate CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20003">#20003</a>)</li> <li>Ensure <code>--value(…)</code> is required in functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20005">#20005</a>)</li> <li>Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. <code>-left-[(var(--a)+var(--b))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20011">#20011</a>)</li> </ul> <h2>v4.2.4</h2> <h3>Fixed</h3> <ul> <li>Ensure imports in <code>@import</code> and <code>@plugin</code> still resolve correctly when using Vite aliases in <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19947">#19947</a>)</li> </ul> <h2>v4.2.3</h2> <h3>Fixed</h3> <ul> <li>Canonicalization: improve canonicalizations for <code>tracking-*</code> utilities by preferring non-negative utilities (e.g. <code>-tracking-tighter</code> → <code>tracking-wider</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19827">#19827</a>)</li> <li>Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19829">#19829</a>)</li> <li>Ensure query params in imports are considered unique resources when using <code>@tailwindcss/webpack</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19723">#19723</a>)</li> <li>Canonicalization: collapse arbitrary values into shorthand utilities (e.g. <code>px-[1.2rem] py-[1.2rem]</code> → <code>p-[1.2rem]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19837">#19837</a>)</li> <li>Canonicalization: collapse <code>border-{t,b}-*</code> into <code>border-y-*</code>, <code>border-{l,r}-*</code> into <code>border-x-*</code>, and <code>border-{t,r,b,l}-*</code> into <code>border-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-m{t,b}-*</code> into <code>scroll-my-*</code>, <code>scroll-m{l,r}-*</code> into <code>scroll-mx-*</code>, and <code>scroll-m{t,r,b,l}-*</code> into <code>scroll-m-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-p{t,b}-*</code> into <code>scroll-py-*</code>, <code>scroll-p{l,r}-*</code> into <code>scroll-px-*</code>, and <code>scroll-p{t,r,b,l}-*</code> into <code>scroll-p-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overflow-{x,y}-*</code> into <code>overflow-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overscroll-{x,y}-*</code> into <code>overscroll-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Read from <code>--placeholder-color</code> instead of <code>--background-color</code> for <code>placeholder-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19843">#19843</a>)</li> <li>Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19846">#19846</a>)</li> <li>Upgrade: use <code>config.content</code> when migrating from Tailwind CSS v3 to Tailwind CSS v4 (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19846">#19846</a>)</li> <li>Upgrade: never migrate files that are ignored by git (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19846">#19846</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">@tailwindcss/vite's changelog</a>.</em></p> <blockquote> <h2>[4.3.0] - 2026-05-08</h2> <h3>Added</h3> <ul> <li>Add <code>@container-size</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18901">#18901</a>)</li> <li>Add <code>scrollbar-{auto,thin,none}</code> utilities for <code>scrollbar-width</code>, and <code>scrollbar-thumb-*</code> / <code>scrollbar-track-*</code> color utilities for <code>scrollbar-color</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19981">#19981</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20019">#20019</a>)</li> <li>Add <code>scrollbar-gutter-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20018">#20018</a>)</li> <li>Add <code>zoom-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20020">#20020</a>)</li> <li>Add <code>tab-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20022">#20022</a>)</li> <li>Allow using <code>@variant</code> with stacked variants (e.g. <code>@variant hover:focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Allow using <code>@variant</code> with compound variants (e.g. <code>@variant hover, focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Support <code>--default(…)</code> in <code>--value(…)</code> and <code>--modifier(…)</code> for functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19989">#19989</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Ensure <code>@plugin</code> resolves package JavaScript entries instead of browser CSS entries when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19949">#19949</a>)</li> <li>Fix relative <code>@import</code> and <code>@plugin</code> paths resolving from the wrong directory when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19965">#19965</a>)</li> <li>Ensure CSS files containing <code>@variant</code> are processed by <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19966">#19966</a>)</li> <li>Resolve imports relative to <code>base</code> when <code>result.opts.from</code> is not provided when using <code>@tailwindcss/postcss</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19980">#19980</a>)</li> <li>Canonicalization: preserve significant <code>_</code> whitespace in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. <code>w-[calc(100%---spacing(60))]</code> → <code>w-[calc(100%-(--spacing(60)))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. <code>-mt-[20in]</code> → <code>mt-[-20in]</code>, not <code>mt-[-1920px]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19988">#19988</a>)</li> <li>Canonicalization: migrate arbitrary <code>:has()</code> variants from <code>[&:has(…)]</code> to <code>has-[…]</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19991">#19991</a>)</li> <li>Upgrade: don’t migrate inline <code>style</code> attributes (e.g. <code>style="flex-grow: 1"</code> → <code>style="flex-grow: 1"</code>, not <code>style="grow: 1"</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19918">#19918</a>)</li> <li>Allow multiple <code>@utility</code> definitions with the same name but different value types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19777">#19777</a>)</li> <li>Export missing <code>PluginWithConfig</code> type from <code>tailwindcss/plugin</code> to fix errors when inferring plugin config types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19707">#19707</a>)</li> <li>Ensure <code>start</code> and <code>end</code> legacy utilities without values do not generate CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20003">#20003</a>)</li> <li>Ensure <code>--value(…)</code> is required in functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20005">#20005</a>)</li> <li>Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. <code>-left-[(var(--a)+var(--b))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20011">#20011</a>)</li> </ul> <h2>[4.2.4] - 2026-04-21</h2> <h3>Fixed</h3> <ul> <li>Ensure imports in <code>@import</code> and <code>@plugin</code> still resolve correctly when using Vite aliases in <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19947">#19947</a>)</li> </ul> <h2>[4.2.3] - 2026-04-20</h2> <h3>Fixed</h3> <ul> <li>Canonicalization: improve canonicalization for <code>tracking-*</code> utilities by preferring non-negative utilities (e.g. <code>-tracking-tighter</code> → <code>tracking-wider</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19827">#19827</a>)</li> <li>Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19829">#19829</a>)</li> <li>Ensure query params in imports are considered unique resources when using <code>@tailwindcss/webpack</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19723">#19723</a>)</li> <li>Canonicalization: collapse arbitrary values into shorthand utilities (e.g. <code>px-[1.2rem] py-[1.2rem]</code> → <code>p-[1.2rem]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19837">#19837</a>)</li> <li>Canonicalization: collapse <code>border-{t,b}-*</code> into <code>border-y-*</code>, <code>border-{l,r}-*</code> into <code>border-x-*</code>, and <code>border-{t,r,b,l}-*</code> into <code>border-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-m{t,b}-*</code> into <code>scroll-my-*</code>, <code>scroll-m{l,r}-*</code> into <code>scroll-mx-*</code>, and <code>scroll-m{t,r,b,l}-*</code> into <code>scroll-m-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-p{t,b}-*</code> into <code>scroll-py-*</code>, <code>scroll-p{l,r}-*</code> into <code>scroll-px-*</code>, and <code>scroll-p{t,r,b,l}-*</code> into <code>scroll-p-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overflow-{x,y}-*</code> into <code>overflow-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overscroll-{x,y}-*</code> into <code>overscroll-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Read from <code>--placeholder-color</code> instead of <code>--background-color</code> for <code>placeholder-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19843">#19843</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/588bd7371f4cae96426e1387819b7fd1d99765f9"><code>588bd73</code></a> 4.3.0 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/20023">#20023</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/d194d4c3e656313421f1cfa1954db8f58eec0fcd"><code>d194d4c</code></a> docs: fix various typos in comments and documentation (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19878">#19878</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/db27049caaae08978995f25b61f8336f543a4640"><code>db27049</code></a> fix(<code>@tailwindcss/vite</code>): include <a href="https://github.com/variant"><code>@variant</code></a> in feature detection (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19966">#19966</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/5a799900d4b43ca4902398a38c6f0a5b37a98ed9"><code>5a79990</code></a> Always resolve relative files, relative to the current .css file (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19965">#19965</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/f3fdda2a5cb9de50c897c79003aa58182cd9269b"><code>f3fdda2</code></a> fix(vite): avoid resolving JS plugins to browser CSS entries (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19949">#19949</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/69ad7cc5ec091125842aba783c5bfce536e9c234"><code>69ad7cc</code></a> 4.2.4 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19948">#19948</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/685c19e266a6b75842747acab6fe7076e82df62d"><code>685c19e</code></a> Fix issue around resolving paths in <code>@tailwindcss/vite</code> (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19947">#19947</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/2e3fa490a535a8341fd2853d75098f0d4dbcc825"><code>2e3fa49</code></a> 4.2.3 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19944">#19944</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/5cb1efdf416a6d37012d31cc1306c41cb35bbdc1"><code>5cb1efd</code></a> fix(vite): resolve tsconfig paths in CSS and JS resolvers (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19803">#19803</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/d596b0c43d36ad5099c983930fb155e089cbc291"><code>d596b0c</code></a> 4.2.2 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19821">#19821</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-vite">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@tailwindcss/vite</code> since your current version.</p> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3d9bd326c9 |
build(deps): bump react-router-dom from 7.13.0 to 7.16.0 (#7325)
Bumps [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) from 7.13.0 to 7.16.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md">react-router-dom's changelog</a>.</em></p> <blockquote> <h2>v7.16.0</h2> <h3>Patch Changes</h3> <ul> <li>Remove stale/invalid <code>unpkg</code> field from <code>package.json</code>. This was removed from other packages with the release of v7 but missed in the <code>react-router-dom</code> re-export package (<a href="https://redirect.github.com/remix-run/react-router/pull/15075">#15075</a>)</li> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.16.0"><code>react-router@7.16.0</code></a></li> </ul> </li> </ul> <h2>v7.15.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.15.1"><code>react-router@7.15.1</code></a></li> </ul> </li> </ul> <h2>v7.15.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.15.0"><code>react-router@7.15.0</code></a></li> </ul> </li> </ul> <h2>v7.14.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.14.2"><code>react-router@7.14.2</code></a></li> </ul> </li> </ul> <h2>v7.14.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.14.1"><code>react-router@7.14.1</code></a></li> </ul> </li> </ul> <h2>7.14.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><code>react-router@7.14.0</code></li> </ul> </li> </ul> <h2>7.13.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><code>react-router@7.13.2</code></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remix-run/react-router/commit/8984d23f86ca7ae5655711744b77816090bda4e6"><code>8984d23</code></a> Release v7.16.0 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15105">#15105</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/3ed77afcde0ad9aea79f1afe5f05a700b201f289"><code>3ed77af</code></a> chore: format</li> <li><a href="https://github.com/remix-run/react-router/commit/e96962bc6159a2290632849b55872a3878753342"><code>e96962b</code></a> fix: remove stale unpkg field from react-router-dom (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15075">#15075</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/587d08fca6ca61e00f44c1eda95bf6e6a9ab76ef"><code>587d08f</code></a> Release v7.15.1 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15038">#15038</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/97c8de79c38f107acd15f74d8295c7bf75894a5d"><code>97c8de7</code></a> Release v7.15.0 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15018">#15018</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/cf1d25003aa1217dc21c16e95d483601940ae9af"><code>cf1d250</code></a> Release v7.14.2 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14993">#14993</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/197674ba9fc1b72b452e17894e5e783bdab7a087"><code>197674b</code></a> Release 7.14.1 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14973">#14973</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/a87774f997d8ba497c97562840f0766250c3e4ce"><code>a87774f</code></a> Add new release process (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14916">#14916</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/e31077b0c380d9764dbced4c753e9ff99387045d"><code>e31077b</code></a> chore: Update version for release (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14945">#14945</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/6683e85a9d7d607a45a3f6374afcc598a474f602"><code>6683e85</code></a> chore: Update version for release (pre) (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14943">#14943</a>)</li> <li>Additional commits viewable in <a href="https://github.com/remix-run/react-router/commits/react-router-dom@7.16.0/packages/react-router-dom">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
cc938d0366 |
build(deps): bump @assistant-ui/react from 0.12.23 to 0.14.13 (#7324)
Bumps [@assistant-ui/react](https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react) from 0.12.23 to 0.14.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/assistant-ui/assistant-ui/releases">@assistant-ui/react's releases</a>.</em></p> <blockquote> <h2><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.13</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: add the <code>ToolkitDeclaration</code> / <code>ToolkitDeclarationDefinition</code> types for authoring a toolkit permissively (a backend tool may declare <code>description</code>/<code>parameters</code>/<code>execute</code>); the canonical <code>Toolkit</code> keeps those fields erased. Author with <code>defineToolkit()</code> from <code>@assistant-ui/react</code>, which the <code>"use generative"</code> compiler strips per build. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: move the <code>defineToolkit</code> and <code>hitl</code> use-generative markers from <code>@assistant-ui/next</code> into <code>@assistant-ui/core/react</code>, so they ship once from every distribution (<code>@assistant-ui/react</code>, <code>@assistant-ui/react-native</code>, <code>@assistant-ui/react-ink</code>) and stay portable across build targets. Import them from <code>@assistant-ui/react</code> instead of <code>@assistant-ui/next</code>; they remain no-op markers stripped at build time by a <code>"use generative"</code> compiler. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>]:</p> <ul> <li>assistant-stream@0.3.19</li> <li><code>@assistant-ui/core</code><a href="https://github.com/0"><code>@0</code></a>.2.9</li> </ul> </li> </ul> <h2><code>@assistant-ui/react-langgraph</code><a href="https://github.com/0"><code>@0</code></a>.14.4</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4125">#4125</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/e639a11838642aa111644077ba51acf6277051f2"><code>e639a11</code></a> - chore: drop tracker-behaviour explainer comments left behind in satellite runtimes (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</li> </ul> <h2><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.11</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4125">#4125</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/e639a11838642aa111644077ba51acf6277051f2"><code>e639a11</code></a> - chore: drop tracker-behaviour explainer comments left behind in satellite runtimes (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</li> </ul> <h2><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.9</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4120">#4120</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/372d4f0c538a766fd9a849fef74e413dde86d74a"><code>372d4f0</code></a> - feat: simplify <code>MessagePrimitive.GroupedParts</code> API and add <code>groupPartByType</code> helper. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <ul> <li>New <code>groupPartByType({ ... })</code> helper builds a <code>groupBy</code> from a <code>part.type → group-key path</code> lookup. The map keys are typed against <code>PartState["type"]</code> (autocomplete + typo rejection), missing keys leave the part ungrouped, and the returned function carries an internal memo fingerprint so the tree survives unrelated re-renders even when reconstructed inline.</li> <li>Special map key <code>"mcp-app"</code> matches tool-call parts that point at an assistant-ui MCP app resource (<code>ui://...</code>). It takes precedence over the <code>"tool-call"</code> entry for those parts, so MCP apps can be routed separately (e.g. rendered outside a chain-of-thought wrapper).</li> <li><code>groupBy</code> signature simplified from <code>(part, index, parts) => string | string[] | null | undefined</code> to <code>(part) => readonly \</code>group-${string}`[] | null<code>. The 2nd/3rd args were unused in practice. Arrays are required (no bare-string shorthand); </code>null<code>is accepted as an alias for</code>[]` to soften the migration.</li> <li>Internal memoization now uses the helper's memo fingerprint when present, otherwise rebuilds the tree per render (O(n), cheap). The previous "pass a stable reference" advice is dropped — inline <code>groupBy</code> is fine.</li> <li>Docs and examples updated to lead with <code>groupPartByType</code>. The <code>getMcpAppFromToolPart</code> branch in <code>packages/ui</code> switches to <code>"mcp-app": []</code> via the helper.</li> </ul> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4107">#4107</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/32ae846a91b61eccd01330693868a48f2f3bb0c4"><code>32ae846</code></a> - feat: surface AI SDK v6 tool approvals as a first-class <code>respondToApproval</code> prop on tool components. tool-call parts in the <code>approval-requested</code> state now carry <code>part.approval = { id, isAutomatic? }</code>; tool components call <code>respondToApproval({ approved, reason? })</code> to ack the gate without threading <code>chatHelpers</code> through application context. also fixes a transient <code>requires-action</code> flicker for the <code>approval-responded</code> state and tightens the external-message converter so interrupt vs pending tool calls are distinguished by an actual <code>interrupt</code>/<code>approval</code> field rather than by <code>result === undefined</code>. (<a href="https://github.com/okisdev"><code>@okisdev</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/372d4f0c538a766fd9a849fef74e413dde86d74a"><code>372d4f0</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/d4f1db428b1a1fe5c122150e1e366a377e9adb5f"><code>d4f1db4</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/32ae846a91b61eccd01330693868a48f2f3bb0c4"><code>32ae846</code></a>]:</p> <ul> <li><code>@assistant-ui/core</code><a href="https://github.com/0"><code>@0</code></a>.2.6</li> <li>assistant-stream@0.3.17</li> </ul> </li> </ul> <h2><code>@assistant-ui/react-syntax-highlighter</code><a href="https://github.com/0"><code>@0</code></a>.14.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4085">#4085</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/01244a56026ee92bd4e49cb985136f9eb6d45154"><code>01244a5</code></a> - chore: update dependencies (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/b02b7012cff158b4e73b82503b9ea90638b7398d"><code>b02b701</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/0a0c306286598ea885b046a1dfb85016f720051c"><code>0a0c306</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/01244a56026ee92bd4e49cb985136f9eb6d45154"><code>01244a5</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/f2ec01ce0f01317a8444b779d88f9b6a26d691c5"><code>f2ec01c</code></a>]:</p> <ul> <li><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.8</li> <li><code>@assistant-ui/react-markdown</code><a href="https://github.com/0"><code>@0</code></a>.14.1</li> </ul> </li> </ul> <h2><code>@assistant-ui/react-langgraph</code><a href="https://github.com/0"><code>@0</code></a>.14.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/3967">#3967</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/0a0c306286598ea885b046a1dfb85016f720051c"><code>0a0c306</code></a> - feat(core, react): add <code>MessagePrimitive.GenerativeUI</code> primitive (<a href="https://github.com/samdickson22"><code>@samdickson22</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/assistant-ui/assistant-ui/blob/main/packages/react/CHANGELOG.md">@assistant-ui/react's changelog</a>.</em></p> <blockquote> <h2>0.14.13</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: add the <code>ToolkitDeclaration</code> / <code>ToolkitDeclarationDefinition</code> types for authoring a toolkit permissively (a backend tool may declare <code>description</code>/<code>parameters</code>/<code>execute</code>); the canonical <code>Toolkit</code> keeps those fields erased. Author with <code>defineToolkit()</code> from <code>@assistant-ui/react</code>, which the <code>"use generative"</code> compiler strips per build. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: move the <code>defineToolkit</code> and <code>hitl</code> use-generative markers from <code>@assistant-ui/next</code> into <code>@assistant-ui/core/react</code>, so they ship once from every distribution (<code>@assistant-ui/react</code>, <code>@assistant-ui/react-native</code>, <code>@assistant-ui/react-ink</code>) and stay portable across build targets. Import them from <code>@assistant-ui/react</code> instead of <code>@assistant-ui/next</code>; they remain no-op markers stripped at build time by a <code>"use generative"</code> compiler. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>]:</p> <ul> <li>assistant-stream@0.3.19</li> <li><code>@assistant-ui/core</code><a href="https://github.com/0"><code>@0</code></a>.2.9</li> </ul> </li> </ul> <h2>0.14.12</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4172">#4172</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/13157895e4d69ad4266d6ab278edfc2e3ea1de92"><code>1315789</code></a> - feat: add the <code>ToolkitDeclaration</code> / <code>ToolkitDeclarationDefinition</code> types for authoring a toolkit permissively (a backend tool may declare <code>description</code>/<code>parameters</code>/<code>execute</code>); the canonical <code>Toolkit</code> keeps those fields erased. Author with <code>defineToolkit()</code> from <code>@assistant-ui/next</code>, which the <code>"use generative"</code> compiler strips per build. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4151">#4151</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/299d4488c8a5bbec0679680866f5975055fe71b3"><code>299d448</code></a> - chore: drop stale <code>biome-ignore</code> pragmas now that the repo lints with oxlint (<a href="https://github.com/okisdev"><code>@okisdev</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4136">#4136</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/4429aa32f6bd4fd50a7a8ddbad1e19f6ccad192b"><code>4429aa3</code></a> - centralize thread-level shared options forwarding across runtime wrapper hooks. follow-up to <a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4135">#4135</a>. (<a href="https://github.com/okisdev"><code>@okisdev</code></a>)</p> <p>new public exports from <code>@assistant-ui/core</code> (re-exported from <code>@assistant-ui/react</code>):</p> <ul> <li><code>ExternalStoreSharedOptions</code>, a typed <code>Pick</code> over <code>ExternalStoreAdapter</code> covering the four thread-level optional fields every wrapper forwards: <code>isDisabled</code>, <code>isSendDisabled</code>, <code>unstable_capabilities</code>, <code>suggestions</code>.</li> <li><code>pickExternalStoreSharedOptions(options)</code>, plucks those four fields from a wider options object. the body uses <code>satisfies Required<...></code> so adding a key to the type without copying it in the function is a compile error rather than a silent missing-field bug.</li> <li><code>useExternalStoreSharedOptions(options)</code> (from <code>@assistant-ui/core/react</code>), a memoized variant for wrappers that wrap their store in <code>useMemo</code>. lets the wrapper list a single stable <code>shared</code> reference as a dep instead of enumerating the four fields. same <code>satisfies</code> guard internally so the destructure stays in sync with the type.</li> </ul> <p>internal: every runtime wrapper hook (<code>useChatRuntime</code>, <code>useAISDKRuntime</code>, <code>useLangGraphRuntime</code>, <code>useA2ARuntime</code>, <code>useAgUiRuntime</code>, <code>useAdkRuntime</code>, <code>useStreamRuntime</code>, <code>useOpenCodeRuntime</code>) now uses these helpers instead of inlining the conditional spreads added in <a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4135">#4135</a>. each wrapper sheds 20 to 40 lines of duplicated declarations and conditional spreads; future additions to the shared option set propagate through a single edit in <code>pickExternalStoreSharedOptions</code> instead of touching every wrapper. no user-facing behavior change.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4141">#4141</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/0b999594ff30ded9f804896093eab0478ac5ce46"><code>0b99959</code></a> - fix(react): stop subtree mutations from snapping a scrolled-up viewport back to bottom; loosen at-bottom threshold for high-DPR displays (<a href="https://github.com/vaniyokk"><code>@vaniyokk</code></a>)</p> <p><code>useThreadViewportAutoScroll</code> had two related bugs surfaced on Chrome macOS at <code>devicePixelRatio: 2</code>:</p> <ol> <li>subtree mutations snapped the viewport back to bottom after the user scrolled away. <code>scrollingToBottomBehaviorRef</code> was planted on <code>thread.runStart</code> / <code>useOnScrollToBottom</code> / initialize / thread switch and only cleared in <code>handleScroll</code> once <code>newIsAtBottom</code> became true. while the ref stayed set, every non-style subtree mutation (a Radix <code>data-state</code> flip, a markdown re-render, an image lazy-load, an attribute toggle on a child) re-entered <code>useOnResizeContent</code>'s callback and called <code>scrollToBottom(scrollBehavior)</code>, locking the viewport to the bottom until reload.</li> <li><code>isAtBottom</code> never registered as <code>true</code> on high-DPR displays. <code>Math.abs(scrollHeight - scrollTop - clientHeight) < 1</code> is strict-less-than, and Chrome macOS at <code>devicePixelRatio: 2</code> clips <code>scrollTop</code> one pixel short of <code>scrollHeight - clientHeight</code> (<code>Math.abs(1) < 1 === false</code>), so the store never updated and <code>ScrollToBottom</code> never moved into its disabled state.</li> </ol> <p>the fix combines two layers. <code>handleScroll</code> now tracks <code>lastScrollHeight</code> alongside <code>lastScrollTop</code> and releases the auto-stick intent when the user scrolls up with content size unchanged, ruling out content-driven scrollTop shifts. the resize callback also bails when neither <code>scrollHeight</code> nor <code>clientHeight</code> has changed since the last fire, so mutations that don't move layout never re-enter the snap path. at-bottom auto-follow during streaming is preserved (verified by appending a synthetic 600px child while scrolled to bottom; viewport follows to new bottom). the threshold becomes <code><= 1</code> to absorb the 1px sub-pixel clip.</p> <p>closes <a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4140">#4140</a>.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4160">#4160</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/e76611fcb80a39d7b6071d82bcfaf1bb7345110b"><code>e76611f</code></a> - feat: add <code>indicator</code> support to <code>MessagePrimitive.GroupedParts</code>. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <p>Restores loading-state handling that was dropped from the grouped renderer. <code>GroupedParts</code> now emits a synthetic <code>{ part: { type: "indicator" } }</code> render call you handle with <code>case "indicator"</code> in your <code>switch (part.type)</code> — render a "thinking…" dot or any loading affordance.</p> <ul> <li>The indicator is only ever emitted while the message is <strong>running</strong>, so its presence alone means "render loading UI here" — there's no <code>status</code> to branch on.</li> <li>New <code>indicator</code> prop restricts which running states qualify: <code>"never"</code>, <code>"empty"</code> (no parts yet), <code>"no-text"</code> (default — last part isn't <code>text</code>/<code>reasoning</code>, e.g. the model ended on a tool call), or <code>"always"</code> (any running state).</li> </ul> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4162">#4162</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/eef724efe4a9075337577c626d7ea7aead45cfbe"><code>eef724e</code></a> - fix: drop phantom sibling messages when an external store swaps an optimistic message id mid-run (<a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4037">#4037</a>). (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <p>Messages can now be flagged <code>metadata.isOptimistic</code>. Optimistic messages are treated as ephemeral: they only ever live on the current head branch (the repository evicts off-branch optimistic messages whenever the head moves) and they are never written to persisted state (<code>export()</code> omits them). The AI SDK v6 adapter flags the streaming assistant message as optimistic, so when its client-generated id is replaced by a server-provided one mid-run, the stale placeholder no longer lingers as a phantom branch (e.g. <code>BranchPicker</code> showing <code>2/2</code> on a turn the user never branched). Unlike the reverted blanket id-diff (<a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4040">#4040</a>), only explicitly-optimistic messages are affected, so legitimate <code>onEdit</code> / <code>onReload</code> / <code>switchToBranch</code> branches are preserved.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4175">#4175</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/2dec3aeba0431178f4ca26e470b304f5a89390ba"><code>2dec3ae</code></a> - chore: update dependencies (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/426c4acd6eeb81c2b4ef8368eb7669f1fe03f431"><code>426c4ac</code></a> chore: update versions (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4177">#4177</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> feat: move use-generative markers to core/react, extract the compiler, add <a href="https://github.com/a"><code>@a</code></a>...</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/275aef6774a4118a186abb39afda220ce4aa9a58"><code>275aef6</code></a> chore: update versions (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4129">#4129</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/2dec3aeba0431178f4ca26e470b304f5a89390ba"><code>2dec3ae</code></a> chore: update dependencies (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4175">#4175</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/eef724efe4a9075337577c626d7ea7aead45cfbe"><code>eef724e</code></a> fix: drop phantom siblings on optimistic message id swap (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4037">#4037</a>) (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4162">#4162</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/13157895e4d69ad4266d6ab278edfc2e3ea1de92"><code>1315789</code></a> feat: add <code>@assistant-ui/next</code> + "use generative" toolkit support (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4172">#4172</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/fcb6baf161a9ee7dda65191e0b42de12b368724d"><code>fcb6baf</code></a> feat(core): tool <code>display</code> hint + <code>standalone-tool-call</code> grouping (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4167">#4167</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/299d4488c8a5bbec0679680866f5975055fe71b3"><code>299d448</code></a> chore: drop stale biome-ignore pragmas after migrating to oxlint (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4151">#4151</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/0b999594ff30ded9f804896093eab0478ac5ce46"><code>0b99959</code></a> fix(react): release auto-stick intent on user scroll-up; fix retina at-bottom...</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/4429aa32f6bd4fd50a7a8ddbad1e19f6ccad192b"><code>4429aa3</code></a> refactor: centralize thread-level shared options helper (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4136">#4136</a>)</li> <li>Additional commits viewable in <a href="https://github.com/assistant-ui/assistant-ui/commits/@assistant-ui/react@0.14.13/packages/react">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
93206f73fa |
fix: Stop archived companies from waking agents (#7478)
## Thinking Path
> - Paperclip orchestrates AI agents for zero-human companies
> - Each agent has a heartbeat scheduler that wakes it on timers and on
events; every wake spawns an adapter (Claude / Codex / …) run that bills
the operator's subscription
> - When an operator archives a company, the agents inside it remain in
invokable states — the heartbeat scheduler never consults company status
— so timers keep firing and event-driven wakes (comments, mentions,
blockers-resolved, etc.) keep cascading
> - On real deployments this silently drains the operator's
subscription: idle archived companies wake their CEOs hourly, plus any
cross-company event cascade
> - This pull request enforces "archived ⇒ never spawns a run" as a
structural invariant by guarding the wake path AND cascading agent state
on archive/reactivate
> - The benefit is that archived companies stop billing the operator,
and the UI/queue stays consistent with the invariant
## What Changed
- `server/src/services/heartbeat.ts`:
- `enqueueWakeup()` loads the company and short-circuits when status is
not `active`. Background sources (timer, automation, events) write a
`company.inactive` skipped wake and return `null`; explicit user invokes
throw a `conflict` so the UI surfaces the real reason.
- `tickTimers()` joins agents to active companies so the scheduler does
not iterate archived-company agents at all (no skip-row noise).
- `server/src/services/companies.ts`:
- `archive(id, actor?)` pauses runnable agents with `pauseReason =
"company_archived"` inside the transaction (preserving
`pending_approval`, `terminated`, and agents paused for unrelated
reasons), then cancels `queued`/`running` heartbeat runs after the
transaction commits.
- `update(id, data, actor?)` reverses the cascade only for agents whose
`pauseReason === "company_archived"` on the `archived → active`
transition; manually-paused agents stay paused.
- Both methods emit activity-log entries (`company.archived` with
`agentsPaused` + `runsCancelled`, `company.reactivated` with
`agentsRestored`) so the audit trail fires regardless of caller.
- `packages/shared/src/constants.ts` + `server/src/services/budgets.ts`:
add `company_archived` to the legal `PauseReason` union so the
restorable marker is a first-class value.
-
`packages/db/src/migrations/0094_backfill_archived_company_agent_pauses.sql`:
backfill so existing archived-company agents become `paused /
company_archived` (excludes `pending_approval`).
- `ui/src/lib/activity-format.ts`: add the `company.reactivated` label.
## Verification
- `npx vitest run src/__tests__/companies-service.test.ts` — archive
cascade, reactivate cascade, and activity-log entries (with counts) all
pass.
- `npx vitest run
src/__tests__/heartbeat-archived-company-guard.test.ts` — timer +
on-demand + event-wake paths all blocked for archived companies;
`company.inactive` skipped-wake row written; user-initiated wakes throw
`conflict`.
- `pnpm typecheck` — clean.
- Manual repro from the bug description: archive a company, wait an
interval / post a comment on one of its issues, observe zero new
heartbeat runs.
## Risks
- Migration `0094` is a single bulk UPDATE on `agents` joined to
archived `companies`. On large deployments it briefly holds row locks on
archived-company agent rows; should be quick because the predicate is
narrow (`status NOT IN (paused, terminated, pending_approval)` and
`companies.status = 'archived'`).
- New `pauseReason` value (`company_archived`) is opaque to older
clients that only know the previous union. Acceptable because the union
is read as plain text and the contract is sync'd in the same change.
- Behavior change for users: invoking an agent in an archived company
now fails with a conflict instead of silently spawning a run. Intended.
## Model Used
- Claude (Anthropic) — model `claude-opus-4-7` ("Opus 4.7"), Claude Code
CLI, with tool use (Read/Edit/Bash/Grep). No extended thinking mode.
## Checklist
- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots — N/A, no UI changes beyond an activity-log label string
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
## Related Work
Fixes #1348 (`[Bug] Archived companies still running heartbeats and
consuming tokens`).
Prior attempts and parallel work in this area:
- #1365 and #1429 by @hungdqdesign (March 2026) — both closed without
merging. Same three-layer shape (`tickTimers` / `enqueueWakeup` /
`resumeQueuedRuns` + archive-route cancellation) targeting #1348. Credit
for first publicly proposing the wake-path-guard approach.
- #5865 by @stubbi (May 2026, open) — adds the same `companies.status !=
'archived'` joins to `tickTimers`, `enqueueWakeup`, `resumeQueuedRuns`,
**and** routines `tickScheduledTriggers`, bundled with plugin-table
tenant isolation (`plugin_entities` / `plugin_job_runs` / `plugin_logs`
/ `plugin_webhook_deliveries` get a `companyId` FK with `ON DELETE
CASCADE`). This PR is narrower — it does not touch routines or plugin
tables — but adds the **archive cascade** (pause agents with
`pauseReason = "company_archived"`), the **reactivate reverse**
(un-pause only that subset), the **`company_archived` pause-reason
marker**, and a **backfill migration** for pre-existing archived
companies, which #5865 does not include. Happy to coordinate sequencing
or rebase if #5865 lands first.
|
||
|
|
6460ea2616 |
Merge pull request #7360 from paperclipai/pap-10195-pwa-controls
[codex] Add standalone PWA browser controls |
||
|
|
2997a47fec |
Guard markdown filename previews by content type
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
fbfac2ff22 | fix(ui): type standalone controls test shim | ||
|
|
a18776c627 |
Narrow IssueDetail hook-order warning assertion
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
4aa6a22686 | fix(ui): initialize standalone controls synchronously | ||
|
|
0da56d780f |
Align attachment video detection with server
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
3f80d7cd25 | test(ui): cover chromeless display modes | ||
|
|
cfcdf2dea9 | fix(ui): align PWA display-mode listeners | ||
|
|
54c1ca5eec |
Avoid attachment fixture secret false positive
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
63a2b5ba1c | Fix attachment preview test act helpers | ||
|
|
8af359b656 |
Detect misclassified video attachments
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
e86d000c7b |
Render rich issue attachment previews
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
7ce96e36a0 |
fix(ui): add standalone PWA browser controls
Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
bbf77fcb69 | Harden issue artifact metadata | ||
|
|
96d266109b |
Add issue Output UI for artifact playback (PAP-10168)
Surface attachment-backed artifact work products as a first-class Output section on the issue detail page so cloud users can watch and download agent-generated videos without host filesystem access. - ui/src/lib/issue-output.ts: formatBytes/formatDuration/getOutputFileGlyph helpers + getIssueOutputs selector that validates the Phase-2 attachment artifact metadata contract and tolerates malformed metadata (degraded). - issue-output components: IssueOutputSection, OutputPrimaryCard (native <video>/image/generic), OutputRow, OutputVideoPlayer, OutputFileTile. - IssueDetail: fetch work products and render the Output section between Documents and Attachments; reuse formatBytes in the attachments list. - DesignGuide: showcase multiple-output, degraded, and empty states. - Focused tests for video output, empty state, multiple outputs, and failed attachment metadata (15 tests). Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
|
aea35fe695 |
exe.dev config UX: advanced-options disclosure, form-default fix, SSH key handling (PAPA-407) (#7025)
## Thinking Path
> - Paperclip orchestrates AI agents and provisions sandboxed execution
environments for them; one of those provisioners is the exe.dev plugin,
which runs each agent inside a long-lived VM reached over SSH.
> - The instance-config form for that plugin is rendered generically by
`JsonSchemaForm` from the plugin's `instanceConfigSchema`, so any UX
problem with the form is split between the shared form component and the
plugin's schema/runtime code.
> - Users coming in cold hit a 12-field flat config they couldn't reason
about (PAPA-407), a form that silently submitted `cpu: 0` for untouched
optional fields (PAPA-407 root cause), a `sshPrivateKey` textarea that
truncated RSA-4096 keys at 4096 chars (PAPA-449), a save flow that
accepted clearly-malformed keys and only blew up at lease time with raw
SSH stderr (PAPA-450, PAPA-451), and a manifest that didn't distinguish
"essential" from "advanced" knobs (PAPA-410 / PAPA-411 — duplicate
sub-issues with identical scope; PAPA-418 reconciliation kept PAPA-410
canonical).
> - These problems all point at the same surface (exe.dev sandbox
config) and are tightly coupled in code — PAPA-449/450/451 patch fields
that PAPA-410/411 introduce — so they get reviewed together.
> - This pull request lands the shared-form changes (advanced-options
disclosure, optional-scalar defaults) and the exe.dev-specific changes
(manifest restructure, longer `maxLength`, stderr translation, save-time
key validation) as five focused commits stacked on `master`.
> - The benefit is a config form that defaults to the two fields a new
user actually needs (API key + SSH private key) with a collapsible
disclosure for the rest, no silent truncation or zero-default
submissions, and SSH key problems surfaced at save time with actionable
messages instead of cryptic post-provision failures.
## What Changed
- **JsonSchemaForm advanced-options disclosure** (PAPA-410, PAPA-411 —
same scope, see note above): adds `x-paperclip-advanced` /
`x-paperclip-group` schema annotations and renders flagged fields behind
a collapsible "Advanced options" disclosure that auto-opens when a
hidden field has a validation error. Exe.dev manifest is restructured to
use the new annotations, so essentials (`apiKey`, `sshPrivateKey`) show
by default while the long tail of optional knobs is grouped under "SSH
access" / "VM resources" / "More options" headings.
- **Omit optional scalar defaults** (PAPA-407): `getDefaultForSchema` no
longer materialises `0` / `""` for optional
`number`/`integer`/`string`/`secret-ref` fields without an explicit
`default`. Object recursion drops properties whose default is
`undefined`. Fields that declare a `default` (e.g. `sshPort: 22`) still
round-trip. Adds a regression test against `getDefaultValues`.
- **Raise `sshPrivateKey` `maxLength`** (PAPA-449): bumps the exe.dev
manifest cap from 4096 to 8192 so RSA-4096 OpenSSH private keys (which
can exceed 4 KB with comments/metadata) aren't silently truncated at
submit.
- **Translate `invalid format` SSH stderr** (PAPA-450):
`formatSshFailure` now recognises `Load key … invalid format` in
combined stderr/stdout and returns a specific message naming the
key-format problem ("isn't an OpenSSH/PEM private key — confirm the
secret starts with `-----BEGIN … PRIVATE KEY-----` and isn't the `.pub`
or a PuTTY `.ppk` export") instead of dumping the raw stderr.
- **Save-time SSH key validation** (PAPA-451):
`onEnvironmentValidateConfig` inline-parses `sshPrivateKey` and rejects
common failure modes — pasted public keys, PuTTY `.ppk` format, missing
`-----END-----` footer, non-base64 body — so the form surfaces an inline
error before any VM is provisioned. Secret-ref bindings (UUIDs) are
still passed through unchanged.
## Verification
CI gates (`pnpm typecheck`, `pnpm test`, the targeted vitest suites
below) all pass.
Run locally:
```bash
# Shared form
pnpm --filter @paperclipai/ui exec vitest run src/components/JsonSchemaForm
# 9 tests pass — includes the new "omits optional scalar fields" regression
# and the three advanced-options-disclosure tests.
# exe.dev plugin
cd packages/plugins/sandbox-providers/exe-dev && pnpm test
# 32 tests pass — includes the new sshPrivateKey-validation cases
# and the new "invalid format" stderr-translation case.
```
Manual smoke (after reinstalling the plugin so the DB manifest
refreshes):
1. Open the exe.dev environment config page. **Default view shows API
Key + SSH Private Key only**, with an "Advanced options" disclosure for
everything else (PAPA-410 / PAPA-411).
2. Paste a `.pub` file's contents into SSH Private Key, click Save.
**Inline error** rejecting the wrong-format key (PAPA-451).
3. Re-paste a valid OpenSSH/PEM private key longer than 4096 bytes —
saves cleanly (PAPA-449).
4. Save the form with everything optional left blank — server no longer
rejects with `"cpu must be greater than 0 when provided"` (PAPA-407).
5. Force a bad key through via a stored secret-ref binding and lease a
VM — failure message names the key-format problem instead of dumping raw
SSH stderr (PAPA-450).
## Risks
- **PAPA-410 / PAPA-411 manifest restructure** is the largest surface
here. Schemas using `x-paperclip-*` extensions are forward-compatible
with stricter JSON Schema validators (extensions are ignored by
default), and the form gracefully renders a flat layout when no field
opts in.
- **PAPA-407** changes form-default behaviour: optional scalar fields
that previously round-tripped as `""` / `0` will now be `undefined` and
absent from the submitted payload. Downstream consumers that expected
the empty-string/zero shape need to treat the field as optional.
Spot-checked the existing exe.dev driver — it already uses
`parseOptionalString` / `parseOptionalInteger`, which treat missing
fields as `null` rather than `0`/`""`.
- **PAPA-451** adds a save-time check, so a
previously-saved-but-malformed `sshPrivateKey` raw value will now fail
to re-save. Bound secret-refs are unaffected, matching how the user
reaches the bad-key state today (via the secrets picker).
- **PAPA-449** simply raises a cap; no semantic risk.
- **PAPA-450** only kicks in on the "invalid format" code path; existing
onboarding-marker branch is untouched.
## Model Used
- Provider: Anthropic
- Model: Claude Opus 4.7 (`claude-opus-4-7`)
- Capabilities used: code reading, code editing, test execution, git/PR
mechanics, Paperclip API for issue coordination
## Checklist
- [x] PR body sections present (Thinking Path, What Changed,
Verification, Risks, Model Used, Checklist)
- [x] Unit tests added for the new behaviours (JsonSchemaForm
default-value omission + advanced disclosure; exe.dev plugin validation
+ stderr translation)
- [x] Existing tests still pass locally (`vitest run` on both packages)
- [x] No raw secrets, IP addresses, or machine-local config in commits
or PR body
- [x] Commits are atomic per linked issue (PAPA-410 / PAPA-411,
PAPA-407, PAPA-449, PAPA-450, PAPA-451)
- [x] Branch is up-to-date with `origin/master`
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
|
||
|
|
5153b01ada |
[codex] Add Claude model refresh (#6953)
## Thinking Path > - Paperclip orchestrates AI-agent companies through adapter-backed local and external runtimes. > - The agent configuration UI lets operators choose adapter models and refresh model lists when adapters support live discovery. > - Codex already had a live refresh path, but Claude Local only exposed static fallback models and the UI hid the refresh action for Claude. > - A newly available Claude Opus model should not require a code release every time the model catalog changes. > - This pull request adds Anthropic model discovery for Claude Local, keeps the static fallback current with Claude Opus 4.8, and exposes the existing refresh button in the Claude Local dropdown. > - The benefit is that operators can refresh Claude models from the same model selector flow they already use for Codex. ## What Changed - Added `claude-opus-4-8` to the Claude Local fallback model list. - Added Claude model discovery through Anthropic-compatible `GET /v1/models` when `ANTHROPIC_API_KEY` is available. - Added normal cache reuse, forced refresh support, a SHA-256-based API-key fingerprint for cache keys, and warning logging for discovery errors before fallback. - Wired `claude_local.refreshModels` into the server adapter registry. - Enabled the existing `Refresh models` dropdown action for `claude_local` in `AgentConfigForm`. - Added tests for Claude fallback, live discovery, API-failure fallback, forced refresh, and the UI refresh-button gate. ## Verification - `pnpm exec vitest run server/src/__tests__/adapter-models.test.ts` - `pnpm exec vitest run ui/src/components/AgentConfigForm.test.ts` - `pnpm --filter @paperclipai/adapter-claude-local typecheck` - `pnpm --filter @paperclipai/server typecheck` - `pnpm --filter @paperclipai/ui typecheck` - Greptile review reached Confidence Score: 5/5 on commit `b796cf4f1` with addressed threads resolved. UI note: the visible change is a conditional action row inside the existing model dropdown; the regression test covers that `claude_local` now receives the refresh action. ## Risks - Low risk. Without `ANTHROPIC_API_KEY`, Claude Local still uses the static fallback list. - If Anthropic model discovery fails or times out, Paperclip falls back to the existing cached or static list. - Bedrock environments remain on Bedrock-native model IDs. ## Model Used OpenAI GPT-5 via Codex local coding agent, with repository file access, shell command execution, git operations, and targeted test/typecheck verification. Exact context window is not exposed by the runtime. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge |
||
|
|
d9f91576a0 |
Add accepted-plan decomposition exact-once guards and UI state (#6831)
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies, so planning approvals and child-issue fan-out are part of the core control-plane loop. > - Accepted plans are supposed to be a safe bridge from planning into execution, especially when agents wake from review decisions and reuse isolated workspaces. > - The duplicate-subtask incident showed that an accepted plan revision could be interpreted more than once across overlapping runs, which broke the single-source-of-truth model for issue decomposition. > - Fixing that required tightening the backend contract first: accepted-plan decomposition needs an exact-once fingerprint, durable claim state, and retry-safe child creation. > - Once that backend behavior existed, the board still needed visibility into what happened, so the issue detail view needed a dedicated decomposition section instead of forcing operators to reconstruct child creation from raw activity. > - This pull request adds the exact-once decomposition primitive, hardens wake routing and regressions around the incident, and surfaces decomposition state in the UI so future incidents are both prevented and easier to inspect. ## What Changed - Added accepted-plan decomposition semantics to `doc/execution-semantics.md`, including the exact-once fingerprint, durable claim/result expectations, and retry/resume behavior. - Added persistent accepted-plan decomposition claims in the backend, including schema, shared types/validators, service logic, and issue routes for creating and listing decomposition state. - Hardened heartbeat routing so an accepted-plan continuation stays scoped to the relevant planning issue instead of opportunistically re-decomposing another accepted issue on the same assignee. - Added regression coverage for the original failure modes: concurrent same-parent retries, cross-issue accepted-plan isolation, and partial child recreation under the same fingerprint. - Added the `Plan decomposition` issue-detail section plus supporting API/query-key/activity formatting updates so operators can see revision status, owner, child counts, and the linked child issues directly in the UI. - Included the small follow-up UI fix so the decomposition section still renders when the issue work mode is no longer `planning`. ## Verification - `pnpm --filter @paperclipai/server typecheck` - `pnpm --filter @paperclipai/ui typecheck` - `pnpm --filter @paperclipai/db typecheck` - `pnpm exec vitest run server/src/__tests__/issues-service.test.ts` - `pnpm exec vitest run server/src/__tests__/issues-service.test.ts -t "lists persisted decompositions with child issue summaries"` - `pnpm exec vitest run server/src/__tests__/issues-service.test.ts -t "accepted plan decomposition" server/src/__tests__/heartbeat-accepted-plan-workspace-refresh.test.ts server/src/__tests__/heartbeat-context-summary.test.ts` - Manual UI path: create a planning issue without an isolated execution workspace, add a `plan` document, accept the `request_confirmation`, let Paperclip create child issues, then reopen the parent issue detail page and confirm the `Plan decomposition` section shows the accepted revision, status, idempotent-claim badge, and child links. - Separate follow-up bug noted during manual UI validation: accepting a plan on an issue whose run never records `workspace_finalize` is tracked in `PAPA-445` and is not part of this PR’s fix scope. ## Risks - This adds a new migration and a large Drizzle snapshot update; reviewers should confirm the schema shape and generated metadata match the intended decomposition table. - The exact-once claim changes sit on the accepted-plan fan-out path, so regressions there could block legitimate child creation or mis-handle retries if the claim state machine is wrong. - The new UI only appears when decomposition records exist; reviewers should use the manual verification path above rather than expecting existing issues on a stale local instance to show the section automatically. - `PAPA-445` remains an open follow-up for the `workspace_finalize` accept gate when a planning handoff never records finalize; that bug can interfere with reproducing the UI flow on isolated workspaces but does not change the correctness of the exact-once decomposition feature itself. > Checked `ROADMAP.md`: this PR is a bug fix / control-plane hardening change for accepted-plan decomposition, not a new uncoordinated roadmap feature. ## Model Used - OpenAI Codex via Paperclip `codex_local` (GPT-5-based coding agent; exact backend model ID/context window not exposed in the run context), with repository tool use, shell execution, and code-editing capabilities. <img width="806" height="1069" alt="Screenshot 2026-05-27 at 11 05 48 PM" src="https://github.com/user-attachments/assets/5b00b670-96cd-4470-b0a3-581743bcae28" /> ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |
||
|
|
9eac727cf1 |
[codex] Add skills CLI and catalog management (#6782)
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies through company-scoped control-plane workflows. > - Agents need reusable, inspectable skills that can be installed, reset, audited, exported, and assigned without bespoke local setup. > - The existing skill truth model needed cleanup so bundled skills, optional catalog skills, runtime skills, and adapter-provided skills have clear provenance. > - Operators also need a practical CLI and board UI for discovering and managing company skills. > - This pull request adds the skills CLI, packaged skills catalog, company skills APIs, and catalog-aware board UI. > - The benefit is a more reusable Paperclip company setup where skills are portable, auditable, and easier for operators and agents to manage. ## What Changed - Added `paperclipai skills` CLI commands and coverage for catalog listing, installing, resetting, and inspecting company skills. - Added a packaged `@paperclipai/skills-catalog` workspace with bundled and optional skill content plus validation/build tests. - Added shared company-skill types and validators used across CLI, server, and UI contracts. - Added server catalog APIs/services for company skill catalog operations, reset semantics, audit behavior, and portability provenance. - Updated adapter skill handling so runtime/catalog provenance remains explicit across local adapters. - Added board UI support for browsing and managing catalog-backed company skills. - Updated docs for the skills CLI/catalog flow and the company skills Paperclip skill reference. - Rebased the branch onto current `paperclipai/paperclip:master`; no `pnpm-lock.yaml`, `.github/workflows`, or migration files are included in the final PR diff. ## Verification - Passed: `pnpm run preflight:workspace-links && pnpm exec vitest run cli/src/__tests__/skills.test.ts packages/skills-catalog/src/catalog-builder.test.ts packages/skills-catalog/src/shipped-catalog.test.ts packages/shared/src/validators/company-skill.test.ts packages/adapter-utils/src/server-utils.test.ts packages/plugins/create-paperclip-plugin/src/entrypoints.test.ts server/src/__tests__/company-skills-catalog-service.test.ts server/src/__tests__/company-skills-routes.test.ts server/src/__tests__/company-portability.test.ts`. - Passed: `pnpm exec vitest run server/src/__tests__/workspace-runtime.test.ts -t "default branch|origin/master|symbolic-ref"`. - Attempted: full `server/src/__tests__/workspace-runtime.test.ts`. Four provisioning tests failed while seeding an isolated worktree database from the local Paperclip instance because the local plugin schema dump contains a duplicate-column foreign key (`plugin_content_machine_18a7bc327b.content_case_signals`). The default-branch tests touched by the rebase conflict passed in the focused run above. - Checked final diff: no `pnpm-lock.yaml`, no `.github/workflows`, and no migration-file changes relative to `master`. ## Risks - Medium: this is a broad skills/catalog change touching CLI, server APIs, shared contracts, adapter skill sync, and UI. - Catalog validation and reset semantics need careful reviewer attention because they affect reusable company setup and portability. - No database migrations are included in this PR, so there is no migration ordering/idempotency risk in the final diff. - No lockfile is included by design; dependency resolution will be handled by the repository lockfile workflow. ## Model Used - OpenAI Codex coding agent based on GPT-5, running in Paperclip via the `codex_local` adapter with shell, git, GitHub CLI, and code-editing tool access. Exact hosted model build/context-window metadata is not exposed in this runtime. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run targeted tests locally and documented the local workspace-runtime seed failure above - [x] I have added or updated tests where applicable - [x] If this change affects the UI, screenshots were intentionally omitted per PAP-10124 instructions; UI behavior is covered by tests and reviewer inspection - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing> |