dbebf30c89
## Thinking Path > - Paperclip is a control plane for AI-agent companies, so execution policy and trust boundaries are part of the product's safety contract. > - Low-trust review work needs narrower authority than normal same-company agents because hostile PRs, comments, attachments, and generated output can carry prompt-injection payloads. > - The current V1 shape gives trusted workers broad company context, which is useful for normal execution but too permissive for a reviewer assigned to hostile content. > - This branch adds a `low_trust_review` preset, source-trust tagging, route-level containment, and quarantine handling so low-trust output does not automatically flow into higher-trust wake context. > - The branch has been rebased onto current `origin/master`, and the low-trust migration was renumbered to `0097_low_trust_source_trust.sql` to avoid collisions with existing `0091` through `0096` migrations. > - Greptile feedback was addressed by tightening low-trust detection, preserving project-level trust policy checks, fixing issue-kind promotion lookup, removing duplicate post-lease isolation assertion, documenting fail-closed source-trust behavior, bounding ancestry checks, enforcing runtime issue context for CEOs, awaiting accepted-plan monitor authorization, and making low-trust issue source-trust tagging atomic. > - The benefit is a first production slice of deny-by-default review containment with regression coverage for the main control-plane pivot surfaces. Fixes #7531. ## What Changed - Added shared trust-policy types and validators, plus database/source-trust fields for issues, comments, documents, and work products. - Implemented server enforcement for low-trust issue scope, agent self-view redaction, secret/plugin/runtime denial paths, promotion checks, and quarantined continuation/wake context. - Added focused low-trust regression tests for resolver behavior, source trust, route authorization, heartbeat preflight ordering, runtime containment, and quarantine redaction. - Added board UI affordances for selecting/reviewing the low-trust preset and surfacing source-trust badges in relevant issue views. - Added `doc/LOW-TRUST-PRESETS.md`, updated `doc/SPEC-implementation.md`, and committed the low-trust review contract plan under `doc/plans/`. - Rebasing note: the original `0097_low_trust_source_trust.sql` migration was renamed to `0097_low_trust_source_trust.sql`; the SQL uses `ADD COLUMN IF NOT EXISTS` so users who already applied the old-numbered migration are not broken by the renumbered migration. ## Verification - Rebased branch onto current `origin/master` and force-pushed with lease to `origin/PAP-10211-low-trust-agent` at head `2719f31e3`. - Confirmed the PR diff does not include `pnpm-lock.yaml` or `.github/workflows` changes. - Resolved upstream UI/comment conflicts by preserving deleted-comment tombstone behavior and low-trust source-trust badges/metadata. - Renumbered the low-trust source-trust migration to `0097_low_trust_source_trust.sql`; the SQL uses `ADD COLUMN IF NOT EXISTS` so users who already applied an old-numbered copy are not broken. - `pnpm exec vitest run ui/src/lib/issue-chat-messages.test.ts server/src/__tests__/heartbeat-workspace-session.test.ts` - `pnpm exec vitest run server/src/__tests__/source-trust.test.ts server/src/__tests__/workspace-runtime-service-authz.test.ts ui/src/lib/trust-policy-ui.test.ts ui/src/components/TrustPresetSection.test.tsx` - `pnpm run typecheck:build-gaps` - `git diff --check` - GitHub checks pass on head `2719f31e3`: build, typecheck/release registry, general tests, serialized server suites, e2e, canary, verify, policy/review, Socket, and Snyk. - Greptile Review passes with Confidence Score 5/5 and zero unresolved Greptile review threads. - No design screenshots/images were added because the task explicitly says not to add them unless they are specifically part of the work. ## Risks - Medium risk: this touches shared trust-policy contracts, server authorization paths, heartbeat context generation, migration metadata, and UI preset controls. - Low-trust containment is intentionally deny-by-default; legitimate future review workflows may need explicit allowlisted exceptions. - Plugin/runtime/security surfaces are broad, so regression tests cover the current known routes but future integrations must route through the same containment layer. - The PR is ready for review; GitHub checks are green and Greptile is 5/5. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex, GPT-5 coding agent, tool-enabled shell and GitHub CLI workflow. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] UI changes are covered by focused tests; no screenshots were added per task instruction not to add design images unless specifically required - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
146 lines
7.5 KiB
TypeScript
146 lines
7.5 KiB
TypeScript
import { sql } from "drizzle-orm";
|
|
import {
|
|
type AnyPgColumn,
|
|
pgTable,
|
|
uuid,
|
|
text,
|
|
timestamp,
|
|
integer,
|
|
jsonb,
|
|
index,
|
|
uniqueIndex,
|
|
} from "drizzle-orm/pg-core";
|
|
import { agents } from "./agents.js";
|
|
import { projects } from "./projects.js";
|
|
import { goals } from "./goals.js";
|
|
import { companies } from "./companies.js";
|
|
import { heartbeatRuns } from "./heartbeat_runs.js";
|
|
import { projectWorkspaces } from "./project_workspaces.js";
|
|
import { executionWorkspaces } from "./execution_workspaces.js";
|
|
import type { SourceTrustMetadata } from "@paperclipai/shared";
|
|
|
|
export const issues = pgTable(
|
|
"issues",
|
|
{
|
|
id: uuid("id").primaryKey().defaultRandom(),
|
|
companyId: uuid("company_id").notNull().references(() => companies.id),
|
|
projectId: uuid("project_id").references(() => projects.id),
|
|
projectWorkspaceId: uuid("project_workspace_id").references(() => projectWorkspaces.id, { onDelete: "set null" }),
|
|
goalId: uuid("goal_id").references(() => goals.id),
|
|
parentId: uuid("parent_id").references((): AnyPgColumn => issues.id),
|
|
title: text("title").notNull(),
|
|
description: text("description"),
|
|
status: text("status").notNull().default("backlog"),
|
|
workMode: text("work_mode").notNull().default("standard"),
|
|
priority: text("priority").notNull().default("medium"),
|
|
assigneeAgentId: uuid("assignee_agent_id").references(() => agents.id),
|
|
assigneeUserId: text("assignee_user_id"),
|
|
checkoutRunId: uuid("checkout_run_id").references(() => heartbeatRuns.id, { onDelete: "set null" }),
|
|
executionRunId: uuid("execution_run_id").references(() => heartbeatRuns.id, { onDelete: "set null" }),
|
|
executionAgentNameKey: text("execution_agent_name_key"),
|
|
executionLockedAt: timestamp("execution_locked_at", { withTimezone: true }),
|
|
createdByAgentId: uuid("created_by_agent_id").references(() => agents.id),
|
|
createdByUserId: text("created_by_user_id"),
|
|
issueNumber: integer("issue_number"),
|
|
identifier: text("identifier"),
|
|
originKind: text("origin_kind").notNull().default("manual"),
|
|
originId: text("origin_id"),
|
|
originRunId: text("origin_run_id"),
|
|
originFingerprint: text("origin_fingerprint").notNull().default("default"),
|
|
requestDepth: integer("request_depth").notNull().default(0),
|
|
billingCode: text("billing_code"),
|
|
assigneeAdapterOverrides: jsonb("assignee_adapter_overrides").$type<Record<string, unknown>>(),
|
|
executionPolicy: jsonb("execution_policy").$type<Record<string, unknown>>(),
|
|
executionState: jsonb("execution_state").$type<Record<string, unknown>>(),
|
|
monitorNextCheckAt: timestamp("monitor_next_check_at", { withTimezone: true }),
|
|
monitorWakeRequestedAt: timestamp("monitor_wake_requested_at", { withTimezone: true }),
|
|
monitorLastTriggeredAt: timestamp("monitor_last_triggered_at", { withTimezone: true }),
|
|
monitorAttemptCount: integer("monitor_attempt_count").notNull().default(0),
|
|
monitorNotes: text("monitor_notes"),
|
|
monitorScheduledBy: text("monitor_scheduled_by"),
|
|
executionWorkspaceId: uuid("execution_workspace_id")
|
|
.references((): AnyPgColumn => executionWorkspaces.id, { onDelete: "set null" }),
|
|
executionWorkspacePreference: text("execution_workspace_preference"),
|
|
executionWorkspaceSettings: jsonb("execution_workspace_settings").$type<Record<string, unknown>>(),
|
|
sourceTrust: jsonb("source_trust").$type<SourceTrustMetadata | null>(),
|
|
startedAt: timestamp("started_at", { withTimezone: true }),
|
|
completedAt: timestamp("completed_at", { withTimezone: true }),
|
|
cancelledAt: timestamp("cancelled_at", { withTimezone: true }),
|
|
hiddenAt: timestamp("hidden_at", { withTimezone: true }),
|
|
createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
|
|
updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(),
|
|
},
|
|
(table) => ({
|
|
companyStatusIdx: index("issues_company_status_idx").on(table.companyId, table.status),
|
|
assigneeStatusIdx: index("issues_company_assignee_status_idx").on(
|
|
table.companyId,
|
|
table.assigneeAgentId,
|
|
table.status,
|
|
),
|
|
assigneeUserStatusIdx: index("issues_company_assignee_user_status_idx").on(
|
|
table.companyId,
|
|
table.assigneeUserId,
|
|
table.status,
|
|
),
|
|
parentIdx: index("issues_company_parent_idx").on(table.companyId, table.parentId),
|
|
projectIdx: index("issues_company_project_idx").on(table.companyId, table.projectId),
|
|
originIdx: index("issues_company_origin_idx").on(table.companyId, table.originKind, table.originId),
|
|
projectWorkspaceIdx: index("issues_company_project_workspace_idx").on(table.companyId, table.projectWorkspaceId),
|
|
executionWorkspaceIdx: index("issues_company_execution_workspace_idx").on(table.companyId, table.executionWorkspaceId),
|
|
dueMonitorIdx: index("issues_company_monitor_due_idx").on(table.companyId, table.monitorNextCheckAt),
|
|
identifierIdx: uniqueIndex("issues_identifier_idx").on(table.identifier),
|
|
titleSearchIdx: index("issues_title_search_idx").using("gin", table.title.op("gin_trgm_ops")),
|
|
identifierSearchIdx: index("issues_identifier_search_idx").using("gin", table.identifier.op("gin_trgm_ops")),
|
|
descriptionSearchIdx: index("issues_description_search_idx").using("gin", table.description.op("gin_trgm_ops")),
|
|
openRoutineExecutionIdx: uniqueIndex("issues_open_routine_execution_uq")
|
|
.on(table.companyId, table.originKind, table.originId, table.originFingerprint)
|
|
.where(
|
|
sql`${table.originKind} = 'routine_execution'
|
|
and ${table.originId} is not null
|
|
and ${table.hiddenAt} is null
|
|
and ${table.executionRunId} is not null
|
|
and ${table.status} in ('backlog', 'todo', 'in_progress', 'in_review', 'blocked')`,
|
|
),
|
|
activeLivenessRecoveryIncidentIdx: uniqueIndex("issues_active_liveness_recovery_incident_uq")
|
|
.on(table.companyId, table.originKind, table.originId)
|
|
.where(
|
|
sql`${table.originKind} = 'harness_liveness_escalation'
|
|
and ${table.originId} is not null
|
|
and ${table.hiddenAt} is null
|
|
and ${table.status} not in ('done', 'cancelled')`,
|
|
),
|
|
activeLivenessRecoveryLeafIdx: uniqueIndex("issues_active_liveness_recovery_leaf_uq")
|
|
.on(table.companyId, table.originKind, table.originFingerprint)
|
|
.where(
|
|
sql`${table.originKind} = 'harness_liveness_escalation'
|
|
and ${table.originFingerprint} <> 'default'
|
|
and ${table.hiddenAt} is null
|
|
and ${table.status} not in ('done', 'cancelled')`,
|
|
),
|
|
activeStaleRunEvaluationIdx: uniqueIndex("issues_active_stale_run_evaluation_uq")
|
|
.on(table.companyId, table.originKind, table.originId)
|
|
.where(
|
|
sql`${table.originKind} = 'stale_active_run_evaluation'
|
|
and ${table.originId} is not null
|
|
and ${table.hiddenAt} is null
|
|
and ${table.status} not in ('done', 'cancelled')`,
|
|
),
|
|
activeProductivityReviewIdx: uniqueIndex("issues_active_productivity_review_uq")
|
|
.on(table.companyId, table.originKind, table.originId)
|
|
.where(
|
|
sql`${table.originKind} = 'issue_productivity_review'
|
|
and ${table.originId} is not null
|
|
and ${table.hiddenAt} is null
|
|
and ${table.status} not in ('done', 'cancelled')`,
|
|
),
|
|
activeStrandedIssueRecoveryIdx: uniqueIndex("issues_active_stranded_issue_recovery_uq")
|
|
.on(table.companyId, table.originKind, table.originId)
|
|
.where(
|
|
sql`${table.originKind} = 'stranded_issue_recovery'
|
|
and ${table.originId} is not null
|
|
and ${table.hiddenAt} is null
|
|
and ${table.status} not in ('done', 'cancelled')`,
|
|
),
|
|
}),
|
|
);
|