4693d770aa
## Thinking Path > - Paperclip is the open source app people use to manage AI agents for work. > - Operators need a way to inspect files and work products created by agents across a company without opening each issue one by one. > - The existing issue detail surfaces already show attachments and outputs, but there was no company-level artifacts index or search-result affordance for artifact-like records. > - The backend needed a company-scoped artifacts projection API that preserves issue/run attribution and safe links back to source records. > - The UI needed a first-class Artifacts page, sidebar entry, reusable artifact cards, and deep-link handling that keeps company prefixes intact. > - This pull request adds the company artifacts API and page, then wires artifacts into search and issue output surfaces. > - The benefit is a single place to browse, filter, and open generated work products and attachments while preserving company boundaries. ## Linked Issues or Issue Description Fixes #7622. Feature request fields: - Problem/motivation: company operators need a consolidated artifacts surface for attachments and work products produced by agents. - Proposed solution: add a company-scoped artifacts projection endpoint, a board Artifacts route, reusable cards, sidebar navigation, and artifact search integration. - Alternatives considered: keep artifact discovery only on individual issue pages; that forces operators to know the source issue before finding generated outputs. - Roadmap alignment: checked `ROADMAP.md`; this is a focused board UI/API improvement and does not duplicate a listed roadmap item. ## What Changed - Added shared artifact types and validators. - Added a company-scoped artifact projection service/API with tests for attachment/work-product attribution. - Added Artifacts board UI route, API client, sidebar link, cards, filters, and storybook coverage. - Added artifact result handling to company search and issue output/deep-link flows. - Rebased the branch onto the latest `public-gh/master` state and resolved the route-test conflict by preserving both upstream team-catalog coverage and artifact route coverage. - Fixed a local Sidebar test helper so it no longer depends on a runtime-undefined `React.act` export in this dependency install. ## Verification - `pnpm --filter @paperclipai/ui exec vitest run src/components/artifacts/ArtifactCard.test.tsx src/api/artifacts.test.ts src/lib/company-routes.test.ts` - `pnpm --filter @paperclipai/ui exec vitest run src/pages/Artifacts.test.tsx src/pages/Search.test.tsx src/components/Sidebar.test.tsx` - `pnpm exec vitest run server/src/__tests__/company-artifacts-service.test.ts server/src/__tests__/company-search-service.test.ts server/src/__tests__/company-search-rate-limit-routes.test.ts server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts` - Confirmed the PR diff does not include `pnpm-lock.yaml` or `.github/workflows/*`. - Duplicate search: no open PRs or issues found for `artifact page ArtifactCard` in `paperclipai/paperclip`. Screenshots are intentionally omitted per the internal task instruction not to add design screenshots or images to this PR unless they are specifically part of the work. I also attempted browser capture in this runner, but `agent-browser` failed to launch Chrome and Playwright Chromium is missing `libatk-1.0.so.0`. ## Risks - Low-to-medium risk: this adds a new API projection and UI surface, so attribution/link regressions could affect artifact navigation. - Company scoping is covered in the new service/API tests. - No database migrations are included. - No lockfile or workflow changes are included. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used OpenAI Codex, GPT-5 coding agent with tool use and local command execution. Exact hosted model identifier is not exposed in this runtime. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have searched GitHub for duplicate or related PRs and linked them above - [x] I have either (a) linked existing issues with `Fixes: #` / `Closes #` / `Refs #` OR (b) described the issue in-PR following the relevant issue template - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots (intentionally omitted per task instruction; browser capture unavailable in this runner) - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [ ] All Paperclip CI gates are green - [ ] Greptile is 5/5 with no open P2s, recommendations, or follow-ups - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
213 lines
5.9 KiB
TypeScript
213 lines
5.9 KiB
TypeScript
import express from "express";
|
|
import request from "supertest";
|
|
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
|
|
const mockCompanyService = vi.hoisted(() => ({
|
|
list: vi.fn(),
|
|
stats: vi.fn(),
|
|
getById: vi.fn(),
|
|
create: vi.fn(),
|
|
update: vi.fn(),
|
|
archive: vi.fn(),
|
|
remove: vi.fn(),
|
|
}));
|
|
|
|
const mockAgentService = vi.hoisted(() => ({
|
|
getById: vi.fn(),
|
|
}));
|
|
|
|
const mockAccessService = vi.hoisted(() => ({
|
|
ensureMembership: vi.fn(),
|
|
}));
|
|
|
|
const mockBudgetService = vi.hoisted(() => ({
|
|
upsertPolicy: vi.fn(),
|
|
}));
|
|
|
|
const mockCompanyPortabilityService = vi.hoisted(() => ({
|
|
exportBundle: vi.fn(),
|
|
previewExport: vi.fn(),
|
|
previewImport: vi.fn(),
|
|
importBundle: vi.fn(),
|
|
}));
|
|
|
|
const mockCompanyArtifactsService = vi.hoisted(() => ({
|
|
list: vi.fn(),
|
|
}));
|
|
|
|
const mockLogActivity = vi.hoisted(() => vi.fn());
|
|
const mockFeedbackService = vi.hoisted(() => ({
|
|
listIssueVotesForUser: vi.fn(),
|
|
listFeedbackTraces: vi.fn(),
|
|
getFeedbackTraceById: vi.fn(),
|
|
saveIssueVote: vi.fn(),
|
|
}));
|
|
|
|
vi.mock("../services/index.js", () => ({
|
|
accessService: () => mockAccessService,
|
|
agentService: () => mockAgentService,
|
|
budgetService: () => mockBudgetService,
|
|
companyArtifactsService: () => mockCompanyArtifactsService,
|
|
companyPortabilityService: () => mockCompanyPortabilityService,
|
|
companyService: () => mockCompanyService,
|
|
feedbackService: () => mockFeedbackService,
|
|
logActivity: mockLogActivity,
|
|
}));
|
|
|
|
function createCompany() {
|
|
const now = new Date("2026-03-19T02:00:00.000Z");
|
|
return {
|
|
id: "company-1",
|
|
name: "Paperclip",
|
|
description: null,
|
|
status: "active",
|
|
issuePrefix: "PAP",
|
|
issueCounter: 568,
|
|
budgetMonthlyCents: 0,
|
|
spentMonthlyCents: 0,
|
|
requireBoardApprovalForNewAgents: false,
|
|
brandColor: "#123456",
|
|
logoAssetId: "11111111-1111-4111-8111-111111111111",
|
|
logoUrl: "/api/assets/11111111-1111-4111-8111-111111111111/content",
|
|
createdAt: now,
|
|
updatedAt: now,
|
|
};
|
|
}
|
|
|
|
async function createApp(actor: Record<string, unknown>) {
|
|
const [{ companyRoutes }, { errorHandler }] = await Promise.all([
|
|
vi.importActual<typeof import("../routes/companies.js")>("../routes/companies.js"),
|
|
vi.importActual<typeof import("../middleware/index.js")>("../middleware/index.js"),
|
|
]);
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use((req, _res, next) => {
|
|
(req as any).actor = actor;
|
|
next();
|
|
});
|
|
app.use("/api/companies", companyRoutes({} as any));
|
|
app.use(errorHandler);
|
|
return app;
|
|
}
|
|
|
|
describe("PATCH /api/companies/:companyId/branding", () => {
|
|
beforeEach(() => {
|
|
vi.resetModules();
|
|
vi.doUnmock("../routes/companies.js");
|
|
vi.doUnmock("../routes/authz.js");
|
|
vi.doUnmock("../middleware/index.js");
|
|
vi.clearAllMocks();
|
|
});
|
|
|
|
it("rejects non-CEO agent callers", async () => {
|
|
mockAgentService.getById.mockResolvedValue({
|
|
id: "agent-1",
|
|
companyId: "company-1",
|
|
role: "engineer",
|
|
});
|
|
const app = await createApp({
|
|
type: "agent",
|
|
agentId: "agent-1",
|
|
companyId: "company-1",
|
|
source: "agent_key",
|
|
runId: "run-1",
|
|
});
|
|
|
|
const res = await request(app)
|
|
.patch("/api/companies/company-1/branding")
|
|
.send({ logoAssetId: "11111111-1111-4111-8111-111111111111" });
|
|
|
|
expect(res.status).toBe(403);
|
|
expect(res.body.error).toContain("Only CEO agents");
|
|
expect(mockCompanyService.update).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it("allows CEO agent callers to update branding fields", async () => {
|
|
const company = createCompany();
|
|
mockAgentService.getById.mockResolvedValue({
|
|
id: "agent-1",
|
|
companyId: "company-1",
|
|
role: "ceo",
|
|
});
|
|
mockCompanyService.update.mockResolvedValue(company);
|
|
const app = await createApp({
|
|
type: "agent",
|
|
agentId: "agent-1",
|
|
companyId: "company-1",
|
|
source: "agent_key",
|
|
runId: "run-1",
|
|
});
|
|
|
|
const res = await request(app)
|
|
.patch("/api/companies/company-1/branding")
|
|
.send({
|
|
logoAssetId: "11111111-1111-4111-8111-111111111111",
|
|
brandColor: "#123456",
|
|
});
|
|
|
|
expect(res.status).toBe(200);
|
|
expect(res.body.logoAssetId).toBe(company.logoAssetId);
|
|
expect(mockCompanyService.update).toHaveBeenCalledWith("company-1", {
|
|
logoAssetId: "11111111-1111-4111-8111-111111111111",
|
|
brandColor: "#123456",
|
|
});
|
|
expect(mockLogActivity).toHaveBeenCalledWith(
|
|
expect.anything(),
|
|
expect.objectContaining({
|
|
companyId: "company-1",
|
|
actorType: "agent",
|
|
actorId: "agent-1",
|
|
agentId: "agent-1",
|
|
runId: "run-1",
|
|
action: "company.branding_updated",
|
|
details: {
|
|
logoAssetId: "11111111-1111-4111-8111-111111111111",
|
|
brandColor: "#123456",
|
|
},
|
|
}),
|
|
);
|
|
});
|
|
|
|
it("allows board callers to update branding fields", async () => {
|
|
const company = createCompany();
|
|
mockCompanyService.update.mockResolvedValue({
|
|
...company,
|
|
brandColor: null,
|
|
logoAssetId: null,
|
|
logoUrl: null,
|
|
});
|
|
const app = await createApp({
|
|
type: "board",
|
|
userId: "user-1",
|
|
source: "local_implicit",
|
|
});
|
|
|
|
const res = await request(app)
|
|
.patch("/api/companies/company-1/branding")
|
|
.send({ brandColor: null, logoAssetId: null });
|
|
|
|
expect(res.status).toBe(200);
|
|
expect(res.body.brandColor ?? null).toBeNull();
|
|
expect(res.body.logoAssetId ?? null).toBeNull();
|
|
});
|
|
|
|
it("rejects non-branding fields in the request body", async () => {
|
|
const app = await createApp({
|
|
type: "board",
|
|
userId: "user-1",
|
|
source: "local_implicit",
|
|
});
|
|
|
|
const res = await request(app)
|
|
.patch("/api/companies/company-1/branding")
|
|
.send({
|
|
logoAssetId: "11111111-1111-4111-8111-111111111111",
|
|
status: "archived",
|
|
});
|
|
|
|
expect(res.status).toBe(400);
|
|
expect(res.body.error).toBe("Validation error");
|
|
expect(mockCompanyService.update).not.toHaveBeenCalled();
|
|
});
|
|
});
|