70b1a9109d
## Thinking Path > - Paperclip is a control plane for AI-agent companies, with the CLI acting as a scriptable operator and agent interface to that control plane. > - The REST API surface has grown across companies, agents, issues, routines, plugins, auth, workspaces, secrets, and operational inspection commands. > - The CLI had drifted from that API surface: some commands were missing, some command shapes differed from docs/reference material, and several edge cases only failed during end-to-end local-source testing. > - The local development runbook requires these tests to be disposable and isolated from a real `~/.paperclip`, `~/.codex`, or `~/.claude` installation. > - This pull request adds broad CLI/API parity coverage, fixes the actionable bugs found during that pass, and records the reproducible test log under `doc/logs`. > - The benefit is a more complete, scriptable CLI surface with regression coverage for the command families exercised by the parity run. ## What Changed - Added or expanded CLI command coverage for access/auth, companies, agents, projects, goals, issues and subresources, routines, plugins, workspaces, activity/run/cost/dashboard inspection, assets, skills, secrets, tokens, prompt/wake flows, and local setup helpers. - Fixed CLI/API parity bugs found during the run, including context profile patching, issue interaction optional payloads, malformed tree-hold errors, environment duplicate handling, configure invalid-section exit codes, worktree pnpm invocation, token agent ID resolution, plugin tool worker lookup, and routine webhook secret cleanup. - Added missing CLI wrappers and route coverage for health/access, invite resolution URL forwarding, join status normalization, secret lifecycle commands, LLM docs routes, available-skill isolation, positive board-claim coverage, and interactive `connect` prompt-flow tests. - Added a schema-backed `/api/openapi.json` route sufficient for CLI parity and `paperclipai openapi --json` smoke coverage. - Added `doc/logs/2026-05-24-cli-api-parity-e2e-log.md` with the detailed living test/bug log and renamed the log directory from `doc/bugs` to `doc/logs`. - Added `doc/plans/2026-05-23-cli-api-parity.md` and the OpenAPI parity reference used during the pass. OpenAPI note: this PR intentionally does not try to subsume `feature/openapi-spec`. The OpenAPI implementation here is schema-backed and better than the earlier route-inventory stub, but `feature/openapi-spec` is the fuller/better OpenAPI branch because it includes exact mounted-route coverage tests and additional current route coverage. That branch should stay as its own PR and can supersede this OpenAPI route implementation. ## Verification Targeted automated checks run: - `pnpm exec vitest run server/src/__tests__/openapi-routes.test.ts` - `pnpm exec vitest run server/src/__tests__/board-claim.test.ts` - `pnpm exec vitest run cli/src/__tests__/connect.test.ts` - `pnpm exec vitest run cli/src/__tests__/agent-lifecycle.test.ts` - `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts` - `pnpm exec vitest run server/src/__tests__/routines-service.test.ts` - `pnpm --dir cli typecheck` - `pnpm --dir server typecheck` Manual/local E2E verification: - Ran the full disposable local-source CLI/API parity pass with isolated `PAPERCLIP_HOME`, `PAPERCLIP_CONFIG`, `PAPERCLIP_CONTEXT`, `PAPERCLIP_AUTH_STORE`, `CODEX_HOME`, and `CLAUDE_HOME` under `tmp/cli-api-parity`. - Verified `DATABASE_URL` and `DATABASE_MIGRATION_URL` stayed unset for the scratch server. - Verified live health and schema-backed OpenAPI responses on non-default port `3197`. - Revoked created board/agent tokens and cleaned up temporary plugins, secrets, non-default environments, and project workspaces. - See `doc/logs/2026-05-24-cli-api-parity-e2e-log.md` for the full command-by-command reproduction log. Not run: - Full `pnpm test`, `pnpm test:run`, or `pnpm build` were not run after the entire branch because the branch is broad and the parity pass used focused test/typecheck verification plus live isolated CLI reruns. ## Risks - This is a broad PR and touches many CLI command modules, so review surface is high. The changes are grouped around one theme, but a split may be easier if maintainers prefer narrower PRs. - The OpenAPI route in this PR is not the final/best OpenAPI implementation. `feature/openapi-spec` has stronger exact-route coverage and should remain the source for the dedicated OpenAPI PR. - The living log is intentionally detailed and large. It is useful for reproducibility but adds documentation weight. - No UI changes are intended; screenshots are not applicable. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex, GPT-5-based coding agent in Codex desktop. Exact served model/context-window identifier was not exposed in the local app. Work used shell/Git/GitHub CLI tooling, local source inspection, targeted test execution, and live isolated Paperclip CLI/API smoke testing. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Devin Foley <devin@devinfoley.com>
208 lines
7.1 KiB
TypeScript
208 lines
7.1 KiB
TypeScript
import { z } from "zod";
|
|
import {
|
|
AGENT_ADAPTER_TYPES,
|
|
HUMAN_COMPANY_MEMBERSHIP_ROLES,
|
|
INVITE_JOIN_TYPES,
|
|
JOIN_REQUEST_STATUSES,
|
|
JOIN_REQUEST_TYPES,
|
|
PERMISSION_KEYS,
|
|
} from "../constants.js";
|
|
import { optionalAgentAdapterTypeSchema } from "../adapter-type.js";
|
|
|
|
export const createCompanyInviteSchema = z.object({
|
|
allowedJoinTypes: z.enum(INVITE_JOIN_TYPES).default("both"),
|
|
humanRole: z.enum(HUMAN_COMPANY_MEMBERSHIP_ROLES).optional().nullable(),
|
|
defaultsPayload: z.record(z.string(), z.unknown()).optional().nullable(),
|
|
agentMessage: z.string().max(4000).optional().nullable(),
|
|
});
|
|
|
|
export type CreateCompanyInvite = z.infer<typeof createCompanyInviteSchema>;
|
|
|
|
export const createOpenClawInvitePromptSchema = z.object({
|
|
agentMessage: z.string().max(4000).optional().nullable(),
|
|
});
|
|
|
|
export type CreateOpenClawInvitePrompt = z.infer<
|
|
typeof createOpenClawInvitePromptSchema
|
|
>;
|
|
|
|
export const acceptInviteSchema = z.object({
|
|
requestType: z.enum(JOIN_REQUEST_TYPES),
|
|
agentName: z.string().min(1).max(120).optional(),
|
|
adapterType: optionalAgentAdapterTypeSchema,
|
|
capabilities: z.string().max(4000).optional().nullable(),
|
|
agentDefaultsPayload: z.record(z.string(), z.unknown()).optional().nullable(),
|
|
// OpenClaw join compatibility fields accepted at top level.
|
|
responsesWebhookUrl: z.string().max(4000).optional().nullable(),
|
|
responsesWebhookMethod: z.string().max(32).optional().nullable(),
|
|
responsesWebhookHeaders: z.record(z.string(), z.unknown()).optional().nullable(),
|
|
paperclipApiUrl: z.string().max(4000).optional().nullable(),
|
|
webhookAuthHeader: z.string().max(4000).optional().nullable(),
|
|
});
|
|
|
|
export type AcceptInvite = z.infer<typeof acceptInviteSchema>;
|
|
|
|
export const listJoinRequestsQuerySchema = z.object({
|
|
status: z.enum(JOIN_REQUEST_STATUSES).optional(),
|
|
requestType: z.enum(JOIN_REQUEST_TYPES).optional(),
|
|
});
|
|
|
|
export type ListJoinRequestsQuery = z.infer<typeof listJoinRequestsQuerySchema>;
|
|
|
|
export const listCompanyInvitesQuerySchema = z.object({
|
|
state: z.enum(["active", "revoked", "accepted", "expired"]).optional(),
|
|
limit: z.coerce.number().int().min(1).max(100).optional().default(20),
|
|
offset: z.coerce.number().int().min(0).optional().default(0),
|
|
});
|
|
|
|
export type ListCompanyInvitesQuery = z.infer<typeof listCompanyInvitesQuerySchema>;
|
|
|
|
export const claimJoinRequestApiKeySchema = z.object({
|
|
claimSecret: z.string().min(16).max(256),
|
|
});
|
|
|
|
export type ClaimJoinRequestApiKey = z.infer<typeof claimJoinRequestApiKeySchema>;
|
|
|
|
export const boardCliAuthAccessLevelSchema = z.enum([
|
|
"board",
|
|
"instance_admin_required",
|
|
]);
|
|
|
|
export type BoardCliAuthAccessLevel = z.infer<typeof boardCliAuthAccessLevelSchema>;
|
|
|
|
export const createCliAuthChallengeSchema = z.object({
|
|
command: z.string().min(1).max(240),
|
|
clientName: z.string().max(120).optional().nullable(),
|
|
requestedAccess: boardCliAuthAccessLevelSchema.default("board"),
|
|
requestedCompanyId: z.string().uuid().optional().nullable(),
|
|
});
|
|
|
|
export type CreateCliAuthChallenge = z.infer<typeof createCliAuthChallengeSchema>;
|
|
|
|
export const resolveCliAuthChallengeSchema = z.object({
|
|
token: z.string().min(16).max(256),
|
|
});
|
|
|
|
export type ResolveCliAuthChallenge = z.infer<typeof resolveCliAuthChallengeSchema>;
|
|
|
|
export const createBoardApiKeySchema = z.object({
|
|
name: z.string().trim().min(1).max(120).default("paperclipai cli"),
|
|
expiresAt: z.coerce.date().optional().nullable(),
|
|
requestedCompanyId: z.string().uuid().optional().nullable(),
|
|
});
|
|
|
|
export type CreateBoardApiKey = z.infer<typeof createBoardApiKeySchema>;
|
|
|
|
export const updateMemberPermissionsSchema = z.object({
|
|
grants: z.array(
|
|
z.object({
|
|
permissionKey: z.enum(PERMISSION_KEYS),
|
|
scope: z.record(z.string(), z.unknown()).optional().nullable(),
|
|
}),
|
|
),
|
|
});
|
|
|
|
export type UpdateMemberPermissions = z.infer<typeof updateMemberPermissionsSchema>;
|
|
|
|
const editableMembershipStatuses = ["pending", "active", "suspended"] as const;
|
|
|
|
export const updateCompanyMemberSchema = z.object({
|
|
membershipRole: z.enum(HUMAN_COMPANY_MEMBERSHIP_ROLES).optional().nullable(),
|
|
status: z.enum(editableMembershipStatuses).optional(),
|
|
}).refine((value) => value.membershipRole !== undefined || value.status !== undefined, {
|
|
message: "membershipRole or status is required",
|
|
});
|
|
|
|
export type UpdateCompanyMember = z.infer<typeof updateCompanyMemberSchema>;
|
|
|
|
export const updateCompanyMemberWithPermissionsSchema = z.object({
|
|
membershipRole: z.enum(HUMAN_COMPANY_MEMBERSHIP_ROLES).optional().nullable(),
|
|
status: z.enum(editableMembershipStatuses).optional(),
|
|
grants: updateMemberPermissionsSchema.shape.grants.default([]),
|
|
}).refine((value) => value.membershipRole !== undefined || value.status !== undefined, {
|
|
message: "membershipRole or status is required",
|
|
});
|
|
|
|
export type UpdateCompanyMemberWithPermissions = z.infer<typeof updateCompanyMemberWithPermissionsSchema>;
|
|
|
|
export const archiveCompanyMemberSchema = z.object({
|
|
reassignment: z
|
|
.object({
|
|
assigneeAgentId: z.string().uuid().optional().nullable(),
|
|
assigneeUserId: z.string().uuid().optional().nullable(),
|
|
})
|
|
.optional()
|
|
.nullable(),
|
|
}).superRefine((value, ctx) => {
|
|
if (value.reassignment?.assigneeAgentId && value.reassignment.assigneeUserId) {
|
|
ctx.addIssue({
|
|
code: z.ZodIssueCode.custom,
|
|
message: "Choose either an agent or user reassignment target",
|
|
path: ["reassignment"],
|
|
});
|
|
}
|
|
});
|
|
|
|
export type ArchiveCompanyMember = z.infer<typeof archiveCompanyMemberSchema>;
|
|
|
|
export const updateUserCompanyAccessSchema = z.object({
|
|
companyIds: z.array(z.string().uuid()).default([]),
|
|
});
|
|
|
|
export type UpdateUserCompanyAccess = z.infer<typeof updateUserCompanyAccessSchema>;
|
|
|
|
export const searchAdminUsersQuerySchema = z.object({
|
|
query: z.string().trim().max(120).optional().default(""),
|
|
});
|
|
|
|
export type SearchAdminUsersQuery = z.infer<typeof searchAdminUsersQuerySchema>;
|
|
|
|
const profileImageAssetPathPattern = /^\/api\/assets\/[^/?#]+\/content(?:\?[^#]*)?(?:#.*)?$/;
|
|
|
|
function isValidProfileImage(value: string): boolean {
|
|
if (profileImageAssetPathPattern.test(value)) return true;
|
|
|
|
try {
|
|
const url = new URL(value);
|
|
return url.protocol === "https:" || url.protocol === "http:";
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
const profileImageSchema = z
|
|
.string()
|
|
.trim()
|
|
.min(1)
|
|
.max(4000)
|
|
.refine(isValidProfileImage, { message: "Invalid profile image URL" });
|
|
|
|
export const currentUserProfileSchema = z.object({
|
|
id: z.string().min(1),
|
|
email: z.string().email().nullable(),
|
|
name: z.string().min(1).max(120).nullable(),
|
|
image: profileImageSchema.nullable(),
|
|
});
|
|
|
|
export type CurrentUserProfile = z.infer<typeof currentUserProfileSchema>;
|
|
|
|
export const authSessionSchema = z.object({
|
|
session: z.object({
|
|
id: z.string().min(1),
|
|
userId: z.string().min(1),
|
|
}),
|
|
user: currentUserProfileSchema,
|
|
});
|
|
|
|
export type AuthSession = z.infer<typeof authSessionSchema>;
|
|
|
|
export const updateCurrentUserProfileSchema = z.object({
|
|
name: z.string().trim().min(1).max(120),
|
|
image: z
|
|
.union([profileImageSchema, z.literal(""), z.null()])
|
|
.optional()
|
|
.transform((value) => value === "" ? null : value),
|
|
});
|
|
|
|
export type UpdateCurrentUserProfile = z.infer<typeof updateCurrentUserProfileSchema>;
|