70b1a9109d
## Thinking Path > - Paperclip is a control plane for AI-agent companies, with the CLI acting as a scriptable operator and agent interface to that control plane. > - The REST API surface has grown across companies, agents, issues, routines, plugins, auth, workspaces, secrets, and operational inspection commands. > - The CLI had drifted from that API surface: some commands were missing, some command shapes differed from docs/reference material, and several edge cases only failed during end-to-end local-source testing. > - The local development runbook requires these tests to be disposable and isolated from a real `~/.paperclip`, `~/.codex`, or `~/.claude` installation. > - This pull request adds broad CLI/API parity coverage, fixes the actionable bugs found during that pass, and records the reproducible test log under `doc/logs`. > - The benefit is a more complete, scriptable CLI surface with regression coverage for the command families exercised by the parity run. ## What Changed - Added or expanded CLI command coverage for access/auth, companies, agents, projects, goals, issues and subresources, routines, plugins, workspaces, activity/run/cost/dashboard inspection, assets, skills, secrets, tokens, prompt/wake flows, and local setup helpers. - Fixed CLI/API parity bugs found during the run, including context profile patching, issue interaction optional payloads, malformed tree-hold errors, environment duplicate handling, configure invalid-section exit codes, worktree pnpm invocation, token agent ID resolution, plugin tool worker lookup, and routine webhook secret cleanup. - Added missing CLI wrappers and route coverage for health/access, invite resolution URL forwarding, join status normalization, secret lifecycle commands, LLM docs routes, available-skill isolation, positive board-claim coverage, and interactive `connect` prompt-flow tests. - Added a schema-backed `/api/openapi.json` route sufficient for CLI parity and `paperclipai openapi --json` smoke coverage. - Added `doc/logs/2026-05-24-cli-api-parity-e2e-log.md` with the detailed living test/bug log and renamed the log directory from `doc/bugs` to `doc/logs`. - Added `doc/plans/2026-05-23-cli-api-parity.md` and the OpenAPI parity reference used during the pass. OpenAPI note: this PR intentionally does not try to subsume `feature/openapi-spec`. The OpenAPI implementation here is schema-backed and better than the earlier route-inventory stub, but `feature/openapi-spec` is the fuller/better OpenAPI branch because it includes exact mounted-route coverage tests and additional current route coverage. That branch should stay as its own PR and can supersede this OpenAPI route implementation. ## Verification Targeted automated checks run: - `pnpm exec vitest run server/src/__tests__/openapi-routes.test.ts` - `pnpm exec vitest run server/src/__tests__/board-claim.test.ts` - `pnpm exec vitest run cli/src/__tests__/connect.test.ts` - `pnpm exec vitest run cli/src/__tests__/agent-lifecycle.test.ts` - `pnpm exec vitest run server/src/__tests__/plugin-database.test.ts` - `pnpm exec vitest run server/src/__tests__/routines-service.test.ts` - `pnpm --dir cli typecheck` - `pnpm --dir server typecheck` Manual/local E2E verification: - Ran the full disposable local-source CLI/API parity pass with isolated `PAPERCLIP_HOME`, `PAPERCLIP_CONFIG`, `PAPERCLIP_CONTEXT`, `PAPERCLIP_AUTH_STORE`, `CODEX_HOME`, and `CLAUDE_HOME` under `tmp/cli-api-parity`. - Verified `DATABASE_URL` and `DATABASE_MIGRATION_URL` stayed unset for the scratch server. - Verified live health and schema-backed OpenAPI responses on non-default port `3197`. - Revoked created board/agent tokens and cleaned up temporary plugins, secrets, non-default environments, and project workspaces. - See `doc/logs/2026-05-24-cli-api-parity-e2e-log.md` for the full command-by-command reproduction log. Not run: - Full `pnpm test`, `pnpm test:run`, or `pnpm build` were not run after the entire branch because the branch is broad and the parity pass used focused test/typecheck verification plus live isolated CLI reruns. ## Risks - This is a broad PR and touches many CLI command modules, so review surface is high. The changes are grouped around one theme, but a split may be easier if maintainers prefer narrower PRs. - The OpenAPI route in this PR is not the final/best OpenAPI implementation. `feature/openapi-spec` has stronger exact-route coverage and should remain the source for the dedicated OpenAPI PR. - The living log is intentionally detailed and large. It is useful for reproducibility but adds documentation weight. - No UI changes are intended; screenshots are not applicable. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex, GPT-5-based coding agent in Codex desktop. Exact served model/context-window identifier was not exposed in the local app. Work used shell/Git/GitHub CLI tooling, local source inspection, targeted test execution, and live isolated Paperclip CLI/API smoke testing. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Devin Foley <devin@devinfoley.com>
141 lines
7.6 KiB
TypeScript
141 lines
7.6 KiB
TypeScript
import { Command } from "commander";
|
|
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
|
import { registerAccessCommands } from "../commands/client/access.js";
|
|
|
|
const COMPANY_ID = "22222222-2222-4222-8222-222222222222";
|
|
const USER_ID = "33333333-3333-4333-8333-333333333333";
|
|
const INVITE_ID = "44444444-4444-4444-8444-444444444444";
|
|
const JOIN_ID = "55555555-5555-4555-8555-555555555555";
|
|
const MEMBER_ID = "66666666-6666-4666-8666-666666666666";
|
|
|
|
function createProgram(): Command {
|
|
const program = new Command();
|
|
program.exitOverride();
|
|
program.configureOutput({ writeOut: () => {}, writeErr: () => {} });
|
|
registerAccessCommands(program);
|
|
return program;
|
|
}
|
|
|
|
async function run(args: string[]): Promise<void> {
|
|
await createProgram().parseAsync([...args, "--api-base", "http://localhost:3100", "--api-key", "board-token"], { from: "user" });
|
|
}
|
|
|
|
describe("access parity commands", () => {
|
|
beforeEach(() => {
|
|
vi.restoreAllMocks();
|
|
delete process.env.PAPERCLIP_API_KEY;
|
|
delete process.env.PAPERCLIP_API_URL;
|
|
vi.spyOn(console, "log").mockImplementation(() => {});
|
|
});
|
|
|
|
afterEach(() => {
|
|
vi.restoreAllMocks();
|
|
});
|
|
|
|
it("wraps auth, invites, joins, members, and admin endpoints", async () => {
|
|
const fetchMock = vi.fn().mockImplementation(() => Promise.resolve(jsonResponse()));
|
|
vi.stubGlobal("fetch", fetchMock);
|
|
|
|
await run(["health"]);
|
|
await run(["whoami"]);
|
|
await run(["access", "whoami"]);
|
|
await run(["profile", "session"]);
|
|
await run(["profile", "get"]);
|
|
await run(["profile", "update", "--payload-json", "{}"]);
|
|
await run(["invite", "list", "--company-id", COMPANY_ID]);
|
|
await run(["invite", "create", "--company-id", COMPANY_ID, "--payload-json", "{}"]);
|
|
await run(["invite", "revoke", INVITE_ID]);
|
|
await run(["invite", "show", "token-1"]);
|
|
await run(["invite", "test-resolution", "token-1", "--url", "http://localhost:3100/invite/token-1"]);
|
|
await run(["invite", "accept", "token-1"]);
|
|
await run(["join", "list", "--company-id", COMPANY_ID, "--status", "pending"]);
|
|
await run(["join", "approve", JOIN_ID, "--company-id", COMPANY_ID]);
|
|
await run(["join", "reject", JOIN_ID, "--company-id", COMPANY_ID]);
|
|
await run(["join", "claim-key", JOIN_ID, "--claim-secret", "secret"]);
|
|
await run(["member", "list", "--company-id", COMPANY_ID]);
|
|
await run(["member", "update", MEMBER_ID, "--company-id", COMPANY_ID, "--payload-json", "{}"]);
|
|
await run(["member", "archive", MEMBER_ID, "--company-id", COMPANY_ID]);
|
|
await run(["admin", "user", "list"]);
|
|
await run(["admin", "user", "promote", USER_ID]);
|
|
await run(["admin", "user", "company-access:update", USER_ID, "--payload-json", "{}"]);
|
|
|
|
expect(fetchMock.mock.calls.map((call) => [call[1]?.method ?? "GET", call[0]])).toEqual([
|
|
["GET", "http://localhost:3100/api/health"],
|
|
["GET", "http://localhost:3100/api/cli-auth/me"],
|
|
["GET", "http://localhost:3100/api/cli-auth/me"],
|
|
["GET", "http://localhost:3100/api/auth/get-session"],
|
|
["GET", "http://localhost:3100/api/auth/profile"],
|
|
["PATCH", "http://localhost:3100/api/auth/profile"],
|
|
["GET", `http://localhost:3100/api/companies/${COMPANY_ID}/invites`],
|
|
["POST", `http://localhost:3100/api/companies/${COMPANY_ID}/invites`],
|
|
["POST", `http://localhost:3100/api/invites/${INVITE_ID}/revoke`],
|
|
["GET", "http://localhost:3100/api/invites/token-1"],
|
|
["GET", "http://localhost:3100/api/invites/token-1/test-resolution?url=http%3A%2F%2Flocalhost%3A3100%2Finvite%2Ftoken-1"],
|
|
["POST", "http://localhost:3100/api/invites/token-1/accept"],
|
|
["GET", `http://localhost:3100/api/companies/${COMPANY_ID}/join-requests?status=pending_approval`],
|
|
["POST", `http://localhost:3100/api/companies/${COMPANY_ID}/join-requests/${JOIN_ID}/approve`],
|
|
["POST", `http://localhost:3100/api/companies/${COMPANY_ID}/join-requests/${JOIN_ID}/reject`],
|
|
["POST", `http://localhost:3100/api/join-requests/${JOIN_ID}/claim-api-key`],
|
|
["GET", `http://localhost:3100/api/companies/${COMPANY_ID}/members`],
|
|
["PATCH", `http://localhost:3100/api/companies/${COMPANY_ID}/members/${MEMBER_ID}`],
|
|
["POST", `http://localhost:3100/api/companies/${COMPANY_ID}/members/${MEMBER_ID}/archive`],
|
|
["GET", "http://localhost:3100/api/admin/users"],
|
|
["POST", `http://localhost:3100/api/admin/users/${USER_ID}/promote-instance-admin`],
|
|
["PUT", `http://localhost:3100/api/admin/users/${USER_ID}/company-access`],
|
|
]);
|
|
});
|
|
|
|
it("wraps instance, sidebar, llm, and openapi endpoints", async () => {
|
|
const fetchMock = vi.fn().mockImplementation(() => Promise.resolve(jsonResponse()));
|
|
vi.stubGlobal("fetch", fetchMock);
|
|
|
|
await run(["openapi"]);
|
|
await run(["instance", "scheduler-heartbeats"]);
|
|
await run(["instance", "settings:general"]);
|
|
await run(["instance", "settings:general:update", "--payload-json", "{}"]);
|
|
await run(["instance", "database-backup"]);
|
|
await run(["sidebar", "preferences"]);
|
|
await run(["sidebar", "preferences:update", "--payload-json", "{}"]);
|
|
await run(["sidebar", "project-preferences", "--company-id", COMPANY_ID]);
|
|
await run(["sidebar", "project-preferences:update", "--company-id", COMPANY_ID, "--payload-json", "{}"]);
|
|
await run(["sidebar", "badges", "--company-id", COMPANY_ID]);
|
|
await run(["inbox", "dismissals", "--company-id", COMPANY_ID]);
|
|
await run(["inbox", "dismiss", "--company-id", COMPANY_ID, "--payload-json", "{\"itemKey\":\"run:1\"}"]);
|
|
await run(["board-claim", "show", "claim-token"]);
|
|
await run(["board-claim", "claim", "claim-token", "--payload-json", "{}"]);
|
|
await run(["openclaw", "invite-prompt", "--company-id", COMPANY_ID, "--payload-json", "{}"]);
|
|
await run(["available-skill", "list"]);
|
|
await run(["available-skill", "index"]);
|
|
await run(["available-skill", "get", "paperclip"]);
|
|
await run(["llm", "agent-configuration"]);
|
|
await run(["llm", "agent-configuration:adapter", "codex_local"]);
|
|
|
|
expect(fetchMock.mock.calls.map((call) => [call[1]?.method ?? "GET", call[0]])).toEqual([
|
|
["GET", "http://localhost:3100/api/openapi.json"],
|
|
["GET", "http://localhost:3100/api/instance/scheduler-heartbeats"],
|
|
["GET", "http://localhost:3100/api/instance/settings/general"],
|
|
["PATCH", "http://localhost:3100/api/instance/settings/general"],
|
|
["POST", "http://localhost:3100/api/instance/database-backups"],
|
|
["GET", "http://localhost:3100/api/sidebar-preferences/me"],
|
|
["PUT", "http://localhost:3100/api/sidebar-preferences/me"],
|
|
["GET", `http://localhost:3100/api/companies/${COMPANY_ID}/sidebar-preferences/me`],
|
|
["PUT", `http://localhost:3100/api/companies/${COMPANY_ID}/sidebar-preferences/me`],
|
|
["GET", `http://localhost:3100/api/companies/${COMPANY_ID}/sidebar-badges`],
|
|
["GET", `http://localhost:3100/api/companies/${COMPANY_ID}/inbox-dismissals`],
|
|
["POST", `http://localhost:3100/api/companies/${COMPANY_ID}/inbox-dismissals`],
|
|
["GET", "http://localhost:3100/api/board-claim/claim-token"],
|
|
["POST", "http://localhost:3100/api/board-claim/claim-token/claim"],
|
|
["POST", `http://localhost:3100/api/companies/${COMPANY_ID}/openclaw/invite-prompt`],
|
|
["GET", "http://localhost:3100/api/skills/available"],
|
|
["GET", "http://localhost:3100/api/skills/index"],
|
|
["GET", "http://localhost:3100/api/skills/paperclip"],
|
|
["GET", "http://localhost:3100/api/llms/agent-configuration.txt"],
|
|
["GET", "http://localhost:3100/api/llms/agent-configuration/codex_local.txt"],
|
|
]);
|
|
});
|
|
});
|
|
|
|
function jsonResponse(body: unknown = { ok: true }, init: ResponseInit = { status: 200 }): Response {
|
|
return new Response(JSON.stringify(body), init);
|
|
}
|