diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ad802136..fabaab1b 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -45,6 +45,15 @@ jobs: - name: Validate Dockerfile deps stage run: node ./scripts/check-docker-deps-stage.mjs + - name: Validate release package manifest + run: node ./scripts/release-package-map.mjs check + + - name: Verify release package bootstrap for changed manifests + run: | + mapfile -t changed_paths < <(git diff --name-only "${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }}") + PAPERCLIP_RELEASE_BOOTSTRAP_BASE_SHA="${{ github.event.pull_request.base.sha }}" \ + node ./scripts/check-release-package-bootstrap.mjs "${changed_paths[@]}" + - name: Validate dependency resolution when manifests change run: | changed="$(git diff --name-only "${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }}")" @@ -76,11 +85,11 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile - - name: Typecheck - run: pnpm -r typecheck + - name: Typecheck workspaces whose build scripts skip TypeScript + run: pnpm run typecheck:build-gaps - - name: Run tests - run: pnpm test:run + - name: Run general test suites + run: pnpm test:run:general - name: Verify release registry test coverage run: pnpm run test:release-registry @@ -88,7 +97,76 @@ jobs: - name: Build run: pnpm build - - name: Release canary dry run + verify_serialized_server: + name: Verify serialized server suites (${{ matrix.shard_label }}) + needs: [policy] + runs-on: ubuntu-latest + timeout-minutes: 20 + strategy: + fail-fast: false + matrix: + include: + - shard_index: 0 + shard_count: 4 + shard_label: 1/4 + - shard_index: 1 + shard_count: 4 + shard_label: 2/4 + - shard_index: 2 + shard_count: 4 + shard_label: 3/4 + - shard_index: 3 + shard_count: 4 + shard_label: 4/4 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9.15.4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 24 + cache: pnpm + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Run serialized server test shard + run: pnpm test:run:serialized -- --shard-index ${{ matrix.shard_index }} --shard-count ${{ matrix.shard_count }} + + canary_dry_run: + name: Canary Dry Run + needs: [policy] + runs-on: ubuntu-latest + timeout-minutes: 20 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9.15.4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 24 + cache: pnpm + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + # `release.sh` always executes its Step 2/7 workspace build, even when + # `--skip-verify` bypasses the initial verification gate. + - name: Release canary dry run via release.sh internal build run: | git checkout -B master HEAD git checkout -- pnpm-lock.yaml @@ -117,9 +195,6 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile - - name: Build - run: pnpm build - - name: Install Playwright run: npx playwright install --with-deps chromium diff --git a/Dockerfile b/Dockerfile index 6fa685d9..95c452c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,7 @@ COPY packages/mcp-server/package.json packages/mcp-server/ COPY packages/adapters/acpx-local/package.json packages/adapters/acpx-local/ COPY packages/adapters/claude-local/package.json packages/adapters/claude-local/ COPY packages/adapters/codex-local/package.json packages/adapters/codex-local/ +COPY packages/adapters/cursor-cloud/package.json packages/adapters/cursor-cloud/ COPY packages/adapters/cursor-local/package.json packages/adapters/cursor-local/ COPY packages/adapters/gemini-local/package.json packages/adapters/gemini-local/ COPY packages/adapters/openclaw-gateway/package.json packages/adapters/openclaw-gateway/ diff --git a/cli/package.json b/cli/package.json index 73ab7c24..2dffbeee 100644 --- a/cli/package.json +++ b/cli/package.json @@ -40,6 +40,7 @@ "@paperclipai/adapter-acpx-local": "workspace:*", "@paperclipai/adapter-claude-local": "workspace:*", "@paperclipai/adapter-codex-local": "workspace:*", + "@paperclipai/adapter-cursor-cloud": "workspace:*", "@paperclipai/adapter-cursor-local": "workspace:*", "@paperclipai/adapter-gemini-local": "workspace:*", "@paperclipai/adapter-opencode-local": "workspace:*", @@ -49,7 +50,7 @@ "@paperclipai/db": "workspace:*", "@paperclipai/server": "workspace:*", "@paperclipai/shared": "workspace:*", - "drizzle-orm": "0.38.4", + "drizzle-orm": "0.45.2", "dotenv": "^17.0.1", "commander": "^13.1.0", "embedded-postgres": "^18.1.0-beta.16", diff --git a/cli/src/__tests__/company.test.ts b/cli/src/__tests__/company.test.ts index 2e4fcdec..144b3147 100644 --- a/cli/src/__tests__/company.test.ts +++ b/cli/src/__tests__/company.test.ts @@ -244,6 +244,7 @@ describe("renderCompanyImportPreview", () => { billingCode: null, executionWorkspaceSettings: null, assigneeAdapterOverrides: null, + comments: [], metadata: null, }, ], @@ -460,6 +461,7 @@ describe("import selection catalog", () => { billingCode: null, executionWorkspaceSettings: null, assigneeAdapterOverrides: null, + comments: [], metadata: null, }, ], diff --git a/cli/src/__tests__/home-paths.test.ts b/cli/src/__tests__/home-paths.test.ts index 1d9c654e..f06d2c22 100644 --- a/cli/src/__tests__/home-paths.test.ts +++ b/cli/src/__tests__/home-paths.test.ts @@ -1,3 +1,4 @@ +import fs from "node:fs"; import os from "node:os"; import path from "node:path"; import { afterEach, describe, expect, it } from "vitest"; @@ -16,13 +17,14 @@ describe("home path resolution", () => { }); it("defaults to ~/.paperclip and default instance", () => { - delete process.env.PAPERCLIP_HOME; + const home = fs.mkdtempSync(path.join(os.tmpdir(), "paperclip-home-paths-")); + process.env.PAPERCLIP_HOME = home; delete process.env.PAPERCLIP_INSTANCE_ID; const paths = describeLocalInstancePaths(); - expect(paths.homeDir).toBe(path.resolve(os.homedir(), ".paperclip")); + expect(paths.homeDir).toBe(home); expect(paths.instanceId).toBe("default"); - expect(paths.configPath).toBe(path.resolve(os.homedir(), ".paperclip", "instances", "default", "config.json")); + expect(paths.configPath).toBe(path.resolve(home, "instances", "default", "config.json")); }); it("supports PAPERCLIP_HOME and explicit instance ids", () => { @@ -34,7 +36,7 @@ describe("home path resolution", () => { }); it("rejects invalid instance ids", () => { - expect(() => resolvePaperclipInstanceId("bad/id")).toThrow(/Invalid instance id/); + expect(() => resolvePaperclipInstanceId("bad/id")).toThrow(/Invalid PAPERCLIP_INSTANCE_ID/); }); it("expands ~ prefixes", () => { diff --git a/cli/src/__tests__/onboard.test.ts b/cli/src/__tests__/onboard.test.ts index b66c20fa..0c694f4b 100644 --- a/cli/src/__tests__/onboard.test.ts +++ b/cli/src/__tests__/onboard.test.ts @@ -6,6 +6,7 @@ import { onboard } from "../commands/onboard.js"; import type { PaperclipConfig } from "../config/schema.js"; const ORIGINAL_ENV = { ...process.env }; +const ORIGINAL_CWD = process.cwd(); function createExistingConfigFixture() { const root = fs.mkdtempSync(path.join(os.tmpdir(), "paperclip-onboard-")); @@ -85,10 +86,18 @@ describe("onboard", () => { delete process.env.PAPERCLIP_AGENT_JWT_SECRET; delete process.env.PAPERCLIP_SECRETS_MASTER_KEY; delete process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE; + delete process.env.PAPERCLIP_HOME; + delete process.env.PAPERCLIP_CONFIG; + delete process.env.PAPERCLIP_INSTANCE_ID; + delete process.env.PAPERCLIP_BIND; + delete process.env.PAPERCLIP_BIND_HOST; + delete process.env.PAPERCLIP_TAILNET_BIND_HOST; + delete process.env.HOST; }); afterEach(() => { process.env = { ...ORIGINAL_ENV }; + process.chdir(ORIGINAL_CWD); }); it("preserves an existing config when rerun without flags", async () => { @@ -125,6 +134,27 @@ describe("onboard", () => { expect(raw.server.host).toBe("127.0.0.1"); }); + it("creates instance-root config and data paths for a fresh PAPERCLIP_HOME", async () => { + const home = fs.mkdtempSync(path.join(os.tmpdir(), "paperclip-onboard-home-")); + const cwd = fs.mkdtempSync(path.join(os.tmpdir(), "paperclip-onboard-cwd-")); + process.chdir(cwd); + process.env.PAPERCLIP_HOME = home; + + await onboard({ yes: true, invokedByRun: true }); + + const instanceRoot = path.join(home, "instances", "default"); + const configPath = path.join(instanceRoot, "config.json"); + const raw = JSON.parse(fs.readFileSync(configPath, "utf8")) as PaperclipConfig; + + expect(raw.database.embeddedPostgresDataDir).toBe(path.join(instanceRoot, "db")); + expect(raw.database.backup.dir).toBe(path.join(instanceRoot, "data", "backups")); + expect(raw.logging.logDir).toBe(path.join(instanceRoot, "logs")); + expect(raw.storage.localDisk.baseDir).toBe(path.join(instanceRoot, "data", "storage")); + expect(raw.secrets.localEncrypted.keyFilePath).toBe(path.join(instanceRoot, "secrets", "master.key")); + expect(fs.existsSync(path.join(instanceRoot, ".env"))).toBe(true); + expect(fs.existsSync(path.join(instanceRoot, "secrets", "master.key"))).toBe(true); + }); + it("supports authenticated/private quickstart bind presets", async () => { const configPath = createFreshConfigPath(); process.env.PAPERCLIP_TAILNET_BIND_HOST = "100.64.0.8"; diff --git a/cli/src/__tests__/secrets.test.ts b/cli/src/__tests__/secrets.test.ts new file mode 100644 index 00000000..a1089ae0 --- /dev/null +++ b/cli/src/__tests__/secrets.test.ts @@ -0,0 +1,257 @@ +import { afterEach, beforeEach, describe, expect, it } from "vitest"; +import type { Agent, CompanySecret } from "@paperclipai/shared"; +import type { PaperclipConfig } from "../config/schema.js"; +import { secretsCheck } from "../checks/secrets-check.js"; +import { + buildInlineMigrationSecretName, + buildMigratedAgentEnv, + collectInlineSecretMigrationCandidates, + parseSecretsInclude, + toPlainEnvValue, +} from "../commands/client/secrets.js"; + +function agent(partial: Partial): Agent { + return { + id: "agent-12345678", + companyId: "company-1", + name: "Coder", + urlKey: "coder", + role: "engineer", + title: null, + icon: null, + status: "idle", + reportsTo: null, + capabilities: null, + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + budgetMonthlyCents: 0, + spentMonthlyCents: 0, + pauseReason: null, + pausedAt: null, + permissions: { + canCreateAgents: false, + }, + lastHeartbeatAt: null, + metadata: null, + createdAt: new Date("2026-04-26T00:00:00.000Z"), + updatedAt: new Date("2026-04-26T00:00:00.000Z"), + ...partial, + }; +} + +function secret(partial: Partial): CompanySecret { + return { + id: "secret-1", + companyId: "company-1", + key: "agent_agent-12_anthropic_api_key", + name: "agent_agent-12_anthropic_api_key", + provider: "local_encrypted", + status: "active", + managedMode: "paperclip_managed", + externalRef: null, + providerConfigId: null, + providerMetadata: null, + latestVersion: 1, + description: null, + lastResolvedAt: null, + lastRotatedAt: null, + deletedAt: null, + createdByAgentId: null, + createdByUserId: null, + createdAt: new Date("2026-04-26T00:00:00.000Z"), + updatedAt: new Date("2026-04-26T00:00:00.000Z"), + ...partial, + }; +} + +function configWithSecretsProvider(provider: PaperclipConfig["secrets"]["provider"]): PaperclipConfig { + return { + $meta: { + version: 1, + updatedAt: "2026-05-02T00:00:00.000Z", + source: "configure", + }, + database: { + mode: "embedded-postgres", + embeddedPostgresDataDir: "/tmp/paperclip/db", + embeddedPostgresPort: 55432, + backup: { + enabled: true, + intervalMinutes: 60, + retentionDays: 30, + dir: "/tmp/paperclip/backups", + }, + }, + logging: { + mode: "file", + logDir: "/tmp/paperclip/logs", + }, + server: { + deploymentMode: "local_trusted", + exposure: "private", + host: "127.0.0.1", + port: 3100, + allowedHostnames: [], + serveUi: true, + }, + auth: { + baseUrlMode: "auto", + disableSignUp: false, + }, + telemetry: { + enabled: true, + }, + storage: { + provider: "local_disk", + localDisk: { + baseDir: "/tmp/paperclip/storage", + }, + s3: { + bucket: "paperclip", + region: "us-east-1", + prefix: "", + forcePathStyle: false, + }, + }, + secrets: { + provider, + strictMode: true, + localEncrypted: { + keyFilePath: "/tmp/paperclip/secrets/master.key", + }, + }, + }; +} + +describe("secrets CLI helpers", () => { + const originalEnv = { ...process.env }; + + beforeEach(() => { + process.env = { ...originalEnv }; + delete process.env.PAPERCLIP_SECRETS_AWS_REGION; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; + delete process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID; + delete process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID; + }); + + afterEach(() => { + process.env = { ...originalEnv }; + }); + + it("parses declaration include filters", () => { + expect(parseSecretsInclude("agents,projects,tasks")).toEqual({ + company: false, + agents: true, + projects: true, + issues: true, + skills: false, + }); + }); + + it("detects inline sensitive env values that need migration", () => { + const rows = collectInlineSecretMigrationCandidates( + [ + agent({ + id: "agent-12345678", + adapterConfig: { + env: { + ANTHROPIC_API_KEY: "sk-ant-test", + GH_TOKEN: { + type: "plain", + value: "ghp-test", + }, + PATH: { + type: "plain", + value: "/usr/bin", + }, + OPENAI_API_KEY: { + type: "secret_ref", + secretId: "secret-existing", + }, + }, + }, + }), + ], + [ + secret({ + id: "secret-gh-token", + name: buildInlineMigrationSecretName("agent-12345678", "GH_TOKEN"), + }), + ], + ); + + expect(rows).toEqual([ + { + agentId: "agent-12345678", + agentName: "Coder", + envKey: "ANTHROPIC_API_KEY", + secretName: "agent_agent-12_anthropic_api_key", + existingSecretId: null, + }, + { + agentId: "agent-12345678", + agentName: "Coder", + envKey: "GH_TOKEN", + secretName: "agent_agent-12_gh_token", + existingSecretId: "secret-gh-token", + }, + ]); + }); + + it("builds migrated env bindings without preserving secret values", () => { + const next = buildMigratedAgentEnv( + { + ANTHROPIC_API_KEY: "sk-ant-test", + NODE_ENV: { + type: "plain", + value: "development", + }, + }, + new Map([["ANTHROPIC_API_KEY", "secret-1"]]), + ); + + expect(next).toEqual({ + ANTHROPIC_API_KEY: { + type: "secret_ref", + secretId: "secret-1", + version: "latest", + }, + NODE_ENV: { + type: "plain", + value: "development", + }, + }); + expect(JSON.stringify(next)).not.toContain("sk-ant-test"); + }); + + it("reads only explicit plain env values", () => { + expect(toPlainEnvValue("plain-value")).toBe("plain-value"); + expect(toPlainEnvValue({ type: "plain", value: "wrapped" })).toBe("wrapped"); + expect(toPlainEnvValue({ type: "secret_ref", secretId: "secret-1" })).toBeNull(); + }); + + it("reports the AWS bootstrap config required by doctor", () => { + const result = secretsCheck(configWithSecretsProvider("aws_secrets_manager")); + + expect(result.status).toBe("fail"); + expect(result.message).toContain("PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID"); + expect(result.repairHint).toContain("AWS SDK default credential chain"); + expect(result.repairHint).toContain("Do not store AWS root credentials"); + }); + + it("passes AWS doctor checks when non-secret provider config is present", () => { + process.env.PAPERCLIP_SECRETS_AWS_REGION = "us-east-1"; + process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID = "prod-us-1"; + process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID = + "arn:aws:kms:us-east-1:123456789012:key/test"; + process.env.AWS_PROFILE = "paperclip-prod"; + + const result = secretsCheck(configWithSecretsProvider("aws_secrets_manager")); + + expect(result.status).toBe("pass"); + expect(result.message).toContain("prod-us-1"); + expect(result.message).toContain("AWS_PROFILE/shared config"); + }); +}); diff --git a/cli/src/adapters/registry.ts b/cli/src/adapters/registry.ts index 59799cf4..d7d16f17 100644 --- a/cli/src/adapters/registry.ts +++ b/cli/src/adapters/registry.ts @@ -3,6 +3,7 @@ import { printAcpxStreamEvent } from "@paperclipai/adapter-acpx-local/cli"; import { printClaudeStreamEvent } from "@paperclipai/adapter-claude-local/cli"; import { printCodexStreamEvent } from "@paperclipai/adapter-codex-local/cli"; import { printCursorStreamEvent } from "@paperclipai/adapter-cursor-local/cli"; +import { printCursorCloudEvent } from "@paperclipai/adapter-cursor-cloud/cli"; import { printGeminiStreamEvent } from "@paperclipai/adapter-gemini-local/cli"; import { printOpenCodeStreamEvent } from "@paperclipai/adapter-opencode-local/cli"; import { printPiStreamEvent } from "@paperclipai/adapter-pi-local/cli"; @@ -40,6 +41,11 @@ const cursorLocalCLIAdapter: CLIAdapterModule = { formatStdoutEvent: printCursorStreamEvent, }; +const cursorCloudCLIAdapter: CLIAdapterModule = { + type: "cursor_cloud", + formatStdoutEvent: printCursorCloudEvent, +}; + const geminiLocalCLIAdapter: CLIAdapterModule = { type: "gemini_local", formatStdoutEvent: printGeminiStreamEvent, @@ -58,6 +64,7 @@ const adaptersByType = new Map( openCodeLocalCLIAdapter, piLocalCLIAdapter, cursorLocalCLIAdapter, + cursorCloudCLIAdapter, geminiLocalCLIAdapter, openclawGatewayCLIAdapter, processCLIAdapter, diff --git a/cli/src/checks/secrets-check.ts b/cli/src/checks/secrets-check.ts index 49c6a90b..73f9c040 100644 --- a/cli/src/checks/secrets-check.ts +++ b/cli/src/checks/secrets-check.ts @@ -5,6 +5,9 @@ import type { PaperclipConfig } from "../config/schema.js"; import type { CheckResult } from "./index.js"; import { resolveRuntimeLikePath } from "./path-resolver.js"; +const AWS_CREDENTIAL_SOURCE_HINT = + "Provide AWS runtime credentials through the AWS SDK default credential chain: IAM role/workload identity, AWS_PROFILE/SSO/shared credentials, web identity, container/instance metadata, or short-lived shell credentials"; + function decodeMasterKey(raw: string): Buffer | null { const trimmed = raw.trim(); if (!trimmed) return null; @@ -47,13 +50,16 @@ function withStrictModeNote( export function secretsCheck(config: PaperclipConfig, configPath?: string): CheckResult { const provider = config.secrets.provider; + if (provider === "aws_secrets_manager") { + return withStrictModeNote(awsSecretsManagerCheck(), config); + } if (provider !== "local_encrypted") { return { name: "Secrets adapter", status: "fail", - message: `${provider} is configured, but this build only supports local_encrypted`, + message: `${provider} is configured, but this build only supports local_encrypted and aws_secrets_manager`, canRepair: false, - repairHint: "Run `paperclipai configure --section secrets` and set provider to local_encrypted", + repairHint: "Run `paperclipai configure --section secrets` and choose local_encrypted or aws_secrets_manager", }; } @@ -135,12 +141,100 @@ export function secretsCheck(config: PaperclipConfig, configPath?: string): Chec }; } + const keyMode = fs.statSync(keyFilePath).mode & 0o777; + const permissionWarning = + (keyMode & 0o077) !== 0 + ? `; key file permissions are ${keyMode.toString(8)} (run chmod 600 ${keyFilePath})` + : ""; + return withStrictModeNote( { name: "Secrets adapter", - status: "pass", - message: `Local encrypted provider configured with key file ${keyFilePath}`, + status: permissionWarning ? "warn" : "pass", + message: `Local encrypted provider configured with key file ${keyFilePath}${permissionWarning}`, + repairHint: permissionWarning + ? "Restrict the local encrypted secrets key file to owner read/write permissions" + : undefined, }, config, ); } + +function awsSecretsManagerCheck(): CheckResult { + const missingConfig = missingAwsSecretsManagerConfig(); + if (missingConfig.length > 0) { + return { + name: "Secrets adapter", + status: "fail", + message: `AWS Secrets Manager provider is missing non-secret config: ${missingConfig.join(", ")}`, + canRepair: false, + repairHint: + `Set ${missingConfig.join(", ")} in the Paperclip server runtime. ${AWS_CREDENTIAL_SOURCE_HINT}. Do not store AWS root credentials or long-lived IAM user keys in Paperclip secrets.`, + }; + } + + const staticEnvCredentials = + process.env.AWS_ACCESS_KEY_ID?.trim() && process.env.AWS_SECRET_ACCESS_KEY?.trim(); + const credentialSource = detectedAwsCredentialSources().join(", "); + const message = + `AWS Secrets Manager provider configured for deployment ${process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID}; ` + + `runtime credentials source: ${credentialSource || "AWS SDK default credential chain"}`; + + if (staticEnvCredentials) { + return { + name: "Secrets adapter", + status: "warn", + message, + canRepair: false, + repairHint: + "AWS static environment credentials are visible. Use only short-lived shell credentials locally; prefer IAM role/workload identity for hosted deployments and never store AWS access keys in Paperclip company secrets.", + }; + } + + return { + name: "Secrets adapter", + status: "pass", + message, + }; +} + +function missingAwsSecretsManagerConfig(): string[] { + const missing: string[] = []; + if ( + !( + process.env.PAPERCLIP_SECRETS_AWS_REGION?.trim() || + process.env.AWS_REGION?.trim() || + process.env.AWS_DEFAULT_REGION?.trim() + ) + ) { + missing.push("PAPERCLIP_SECRETS_AWS_REGION or AWS_REGION/AWS_DEFAULT_REGION"); + } + if (!process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID?.trim()) { + missing.push("PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID"); + } + if (!process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID?.trim()) { + missing.push("PAPERCLIP_SECRETS_AWS_KMS_KEY_ID"); + } + return missing; +} + +function detectedAwsCredentialSources(): string[] { + const sources: string[] = []; + if (process.env.AWS_PROFILE?.trim()) sources.push("AWS_PROFILE/shared config"); + if (process.env.AWS_ACCESS_KEY_ID?.trim() && process.env.AWS_SECRET_ACCESS_KEY?.trim()) { + sources.push("temporary AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY environment credentials"); + } + if (process.env.AWS_WEB_IDENTITY_TOKEN_FILE?.trim() && process.env.AWS_ROLE_ARN?.trim()) { + sources.push("AWS web identity token"); + } + if ( + process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI?.trim() || + process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI?.trim() + ) { + sources.push("AWS container credentials endpoint"); + } + if (process.env.AWS_SHARED_CREDENTIALS_FILE?.trim() || process.env.AWS_CONFIG_FILE?.trim()) { + sources.push("custom AWS shared credentials/config file"); + } + return sources; +} diff --git a/cli/src/commands/client/secrets.ts b/cli/src/commands/client/secrets.ts new file mode 100644 index 00000000..98fb025d --- /dev/null +++ b/cli/src/commands/client/secrets.ts @@ -0,0 +1,501 @@ +import { Command } from "commander"; +import pc from "picocolors"; +import type { + Agent, + AgentEnvConfig, + CompanyPortabilityEnvInput, + CompanyPortabilityExportPreviewResult, + CompanyPortabilityInclude, + CompanySecret, + EnvBinding, + SecretProvider, + SecretProviderDescriptor, +} from "@paperclipai/shared"; +import { + addCommonClientOptions, + formatInlineRecord, + handleCommandError, + printOutput, + resolveCommandContext, + type BaseClientOptions, +} from "./common.js"; + +interface SecretListOptions extends BaseClientOptions { + companyId?: string; +} + +interface SecretDeclarationsOptions extends BaseClientOptions { + companyId?: string; + include?: string; + kind?: "all" | "secret" | "plain"; +} + +interface SecretCreateOptions extends BaseClientOptions { + companyId?: string; + name?: string; + key?: string; + provider?: SecretProvider; + value?: string; + valueEnv?: string; + description?: string; +} + +interface SecretLinkOptions extends BaseClientOptions { + companyId?: string; + name?: string; + key?: string; + provider?: SecretProvider; + externalRef?: string; + providerVersionRef?: string; + description?: string; +} + +interface SecretDoctorOptions extends BaseClientOptions { + companyId?: string; +} + +interface SecretMigrateInlineEnvOptions extends BaseClientOptions { + companyId?: string; + apply?: boolean; +} + +interface SecretProviderHealth { + provider: SecretProvider; + status: "ok" | "warn" | "error"; + message: string; + warnings?: string[]; + backupGuidance?: string[]; + details?: Record; +} + +interface SecretProviderHealthResponse { + providers: SecretProviderHealth[]; +} + +export interface InlineSecretMigrationCandidate { + agentId: string; + agentName: string; + envKey: string; + secretName: string; + existingSecretId: string | null; +} + +const SENSITIVE_ENV_KEY_RE = + /(^token$|[-_]?token$|api[-_]?key|access[-_]?token|auth(?:_?token)?|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)/i; + +const DEFAULT_DECLARATION_INCLUDE: CompanyPortabilityInclude = { + company: true, + agents: true, + projects: true, + issues: false, + skills: false, +}; + +export function parseSecretsInclude(input: string | undefined): CompanyPortabilityInclude { + if (!input?.trim()) return { ...DEFAULT_DECLARATION_INCLUDE }; + const values = input.split(",").map((part) => part.trim().toLowerCase()).filter(Boolean); + const include = { + company: values.includes("company"), + agents: values.includes("agents"), + projects: values.includes("projects"), + issues: values.includes("issues") || values.includes("tasks"), + skills: values.includes("skills"), + }; + if (!Object.values(include).some(Boolean)) { + throw new Error("Invalid --include value. Use one or more of: company,agents,projects,issues,tasks,skills"); + } + return include; +} + +export function isSensitiveEnvKey(key: string): boolean { + return SENSITIVE_ENV_KEY_RE.test(key); +} + +export function toPlainEnvValue(binding: unknown): string | null { + if (typeof binding === "string") return binding; + if (typeof binding !== "object" || binding === null || Array.isArray(binding)) return null; + const record = binding as Record; + if (record.type === "plain" && typeof record.value === "string") return record.value; + return null; +} + +export function buildInlineMigrationSecretName(agentId: string, key: string): string { + return `agent_${agentId.slice(0, 8)}_${key.toLowerCase()}`; +} + +export function collectInlineSecretMigrationCandidates( + agents: Agent[], + existingSecrets: CompanySecret[], +): InlineSecretMigrationCandidate[] { + const secretByName = new Map(existingSecrets.map((secret) => [secret.name, secret])); + const candidates: InlineSecretMigrationCandidate[] = []; + + for (const agent of agents) { + const env = asRecord(agent.adapterConfig.env); + if (!env) continue; + for (const [envKey, binding] of Object.entries(env)) { + if (!isSensitiveEnvKey(envKey)) continue; + const plain = toPlainEnvValue(binding); + if (plain === null || plain.trim().length === 0) continue; + const secretName = buildInlineMigrationSecretName(agent.id, envKey); + candidates.push({ + agentId: agent.id, + agentName: agent.name, + envKey, + secretName, + existingSecretId: secretByName.get(secretName)?.id ?? null, + }); + } + } + + return candidates; +} + +export function buildMigratedAgentEnv( + env: Record, + secretIdByEnvKey: Map, +): AgentEnvConfig { + const next: AgentEnvConfig = { ...(env as Record) }; + for (const [envKey, secretId] of secretIdByEnvKey) { + next[envKey] = { + type: "secret_ref", + secretId, + version: "latest", + }; + } + return next; +} + +function asRecord(value: unknown): Record | null { + if (typeof value !== "object" || value === null || Array.isArray(value)) return null; + return value as Record; +} + +function readValueFromOptions(opts: SecretCreateOptions): string { + if (opts.value !== undefined && opts.valueEnv !== undefined) { + throw new Error("Use only one of --value or --value-env."); + } + if (opts.valueEnv !== undefined) { + const value = process.env[opts.valueEnv]; + if (!value) throw new Error(`Environment variable ${opts.valueEnv} is empty or unset.`); + return value; + } + if (opts.value !== undefined) return opts.value; + throw new Error("Secret value is required. Pass --value or --value-env."); +} + +function renderDeclaration(input: CompanyPortabilityEnvInput): Record { + const scope = input.agentSlug + ? `agent:${input.agentSlug}` + : input.projectSlug + ? `project:${input.projectSlug}` + : "company"; + return { + key: input.key, + scope, + kind: input.kind, + requirement: input.requirement, + portability: input.portability, + hasDefault: input.defaultValue !== null && input.defaultValue.length > 0, + description: input.description, + }; +} + +function renderSecret(secret: CompanySecret): Record { + return { + id: secret.id, + name: secret.name, + key: secret.key, + provider: secret.provider, + status: secret.status, + managedMode: secret.managedMode, + latestVersion: secret.latestVersion, + externalRef: secret.externalRef ? "yes" : "no", + }; +} + +function printProviderHealth(rows: SecretProviderHealth[], json: boolean): void { + if (json) { + printOutput(rows, { json: true }); + return; + } + if (rows.length === 0) { + printOutput([], { json: false }); + return; + } + for (const row of rows) { + console.log( + formatInlineRecord({ + id: row.provider, + status: row.status, + message: row.message, + }), + ); + for (const warning of row.warnings ?? []) { + console.log(pc.yellow(`warning=${warning}`)); + } + const missingConfig = asStringArray(row.details?.missingConfig); + if (missingConfig.length > 0) { + console.log(pc.dim(`missingConfig=${missingConfig.join(",")}`)); + } + const credentialSource = typeof row.details?.credentialSource === "string" + ? row.details.credentialSource + : null; + if (credentialSource) { + console.log(pc.dim(`credentialSource=${credentialSource}`)); + } + const detectedCredentialSources = asStringArray(row.details?.detectedCredentialSources); + if (detectedCredentialSources.length > 0) { + console.log(pc.dim(`detectedCredentialSources=${detectedCredentialSources.join(",")}`)); + } + for (const guidance of row.backupGuidance ?? []) { + console.log(pc.dim(`backup=${guidance}`)); + } + } +} + +function asStringArray(value: unknown): string[] { + return Array.isArray(value) + ? value.filter((entry): entry is string => typeof entry === "string" && entry.length > 0) + : []; +} + +async function migrateInlineEnv(opts: SecretMigrateInlineEnvOptions): Promise { + const ctx = resolveCommandContext(opts, { requireCompany: true }); + const companyId = ctx.companyId!; + const agents = (await ctx.api.get(`/api/companies/${companyId}/agents`)) ?? []; + const secrets = (await ctx.api.get(`/api/companies/${companyId}/secrets`)) ?? []; + const candidates = collectInlineSecretMigrationCandidates(agents, secrets); + + if (!opts.apply) { + printOutput( + { + apply: false, + agentsToUpdate: new Set(candidates.map((candidate) => candidate.agentId)).size, + secretsToCreate: candidates.filter((candidate) => !candidate.existingSecretId).length, + secretsToRotate: candidates.filter((candidate) => candidate.existingSecretId).length, + candidates, + }, + { json: ctx.json }, + ); + if (!ctx.json) { + console.log(pc.dim("Re-run with --apply to create/rotate secrets and update agent env bindings.")); + } + return; + } + + const createdOrRotated = new Map(); + let createdSecrets = 0; + let rotatedSecrets = 0; + + for (const candidate of candidates) { + const agent = agents.find((row) => row.id === candidate.agentId); + const env = asRecord(agent?.adapterConfig.env); + const value = env ? toPlainEnvValue(env[candidate.envKey]) : null; + if (!value) continue; + + if (candidate.existingSecretId) { + await ctx.api.post(`/api/secrets/${candidate.existingSecretId}/rotate`, { value }); + createdOrRotated.set(`${candidate.agentId}:${candidate.envKey}`, candidate.existingSecretId); + rotatedSecrets += 1; + continue; + } + + const created = await ctx.api.post(`/api/companies/${companyId}/secrets`, { + name: candidate.secretName, + provider: "local_encrypted", + value, + description: `Migrated from agent ${candidate.agentId} env ${candidate.envKey}`, + }); + if (!created) throw new Error(`Secret create returned no data for ${candidate.secretName}`); + createdOrRotated.set(`${candidate.agentId}:${candidate.envKey}`, created.id); + createdSecrets += 1; + } + + let updatedAgents = 0; + for (const agent of agents) { + const env = asRecord(agent.adapterConfig.env); + if (!env) continue; + const secretIdByEnvKey = new Map(); + for (const [key] of Object.entries(env)) { + const secretId = createdOrRotated.get(`${agent.id}:${key}`); + if (secretId) secretIdByEnvKey.set(key, secretId); + } + if (secretIdByEnvKey.size === 0) continue; + const adapterConfig = { + ...agent.adapterConfig, + env: buildMigratedAgentEnv(env, secretIdByEnvKey), + }; + await ctx.api.patch(`/api/agents/${agent.id}`, { + adapterConfig, + replaceAdapterConfig: true, + }); + updatedAgents += 1; + } + + printOutput( + { + apply: true, + updatedAgents, + createdSecrets, + rotatedSecrets, + }, + { json: ctx.json }, + ); +} + +export function registerSecretCommands(program: Command): void { + const secrets = program.command("secrets").description("Secret declaration and provider operations"); + + addCommonClientOptions( + secrets + .command("list") + .description("List secret metadata for a company") + .requiredOption("-C, --company-id ", "Company ID") + .action(async (opts: SecretListOptions) => { + try { + const ctx = resolveCommandContext(opts, { requireCompany: true }); + const rows = (await ctx.api.get(`/api/companies/${ctx.companyId}/secrets`)) ?? []; + printOutput(ctx.json ? rows : rows.map(renderSecret), { json: ctx.json }); + } catch (err) { + handleCommandError(err); + } + }), + ); + + addCommonClientOptions( + secrets + .command("declarations") + .description("List portable env declarations emitted by company export") + .requiredOption("-C, --company-id ", "Company ID") + .option("--include ", "Comma-separated include set: company,agents,projects,issues,tasks,skills", "company,agents,projects") + .option("--kind ", "Filter declarations: all | secret | plain", "all") + .action(async (opts: SecretDeclarationsOptions) => { + try { + const ctx = resolveCommandContext(opts, { requireCompany: true }); + const kind = opts.kind ?? "all"; + if (!["all", "secret", "plain"].includes(kind)) { + throw new Error("Invalid --kind value. Use: all, secret, plain"); + } + const preview = await ctx.api.post( + `/api/companies/${ctx.companyId}/exports/preview`, + { include: parseSecretsInclude(opts.include) }, + ); + const declarations = (preview?.manifest.envInputs ?? []) + .filter((entry) => kind === "all" || entry.kind === kind); + printOutput(ctx.json ? declarations : declarations.map(renderDeclaration), { json: ctx.json }); + } catch (err) { + handleCommandError(err); + } + }), + ); + + addCommonClientOptions( + secrets + .command("create") + .description("Create a Paperclip-managed secret") + .requiredOption("-C, --company-id ", "Company ID") + .requiredOption("--name ", "Secret display name") + .option("--key ", "Portable secret key") + .option("--provider ", "Secret provider id") + .option("--value ", "Secret value") + .option("--value-env ", "Read secret value from an environment variable") + .option("--description ", "Description") + .action(async (opts: SecretCreateOptions) => { + try { + const ctx = resolveCommandContext(opts, { requireCompany: true }); + const created = await ctx.api.post(`/api/companies/${ctx.companyId}/secrets`, { + name: opts.name, + key: opts.key, + provider: opts.provider, + value: readValueFromOptions(opts), + description: opts.description, + }); + printOutput(ctx.json ? created : renderSecret(created!), { json: ctx.json }); + } catch (err) { + handleCommandError(err); + } + }), + ); + + addCommonClientOptions( + secrets + .command("link") + .description("Link an external provider-owned secret without storing its value in Paperclip") + .requiredOption("-C, --company-id ", "Company ID") + .requiredOption("--name ", "Secret display name") + .requiredOption("--provider ", "Secret provider id") + .requiredOption("--external-ref ", "Provider secret ARN/name/path/reference") + .option("--key ", "Portable secret key") + .option("--provider-version-ref ", "Provider version id or label") + .option("--description ", "Description") + .action(async (opts: SecretLinkOptions) => { + try { + const ctx = resolveCommandContext(opts, { requireCompany: true }); + const created = await ctx.api.post(`/api/companies/${ctx.companyId}/secrets`, { + name: opts.name, + key: opts.key, + provider: opts.provider, + managedMode: "external_reference", + externalRef: opts.externalRef, + providerVersionRef: opts.providerVersionRef, + description: opts.description, + }); + printOutput(ctx.json ? created : renderSecret(created!), { json: ctx.json }); + } catch (err) { + handleCommandError(err); + } + }), + ); + + addCommonClientOptions( + secrets + .command("doctor") + .description("Run secret provider health checks through the Paperclip API") + .requiredOption("-C, --company-id ", "Company ID") + .action(async (opts: SecretDoctorOptions) => { + try { + const ctx = resolveCommandContext(opts, { requireCompany: true }); + const health = await ctx.api.get( + `/api/companies/${ctx.companyId}/secret-providers/health`, + ); + printProviderHealth(health?.providers ?? [], ctx.json); + } catch (err) { + handleCommandError(err); + } + }), + ); + + addCommonClientOptions( + secrets + .command("providers") + .description("List configured secret provider descriptors") + .requiredOption("-C, --company-id ", "Company ID") + .action(async (opts: SecretDoctorOptions) => { + try { + const ctx = resolveCommandContext(opts, { requireCompany: true }); + const rows = (await ctx.api.get( + `/api/companies/${ctx.companyId}/secret-providers`, + )) ?? []; + printOutput(rows, { json: ctx.json }); + } catch (err) { + handleCommandError(err); + } + }), + ); + + addCommonClientOptions( + secrets + .command("migrate-inline-env") + .description("Migrate inline sensitive agent env values into secret references") + .requiredOption("-C, --company-id ", "Company ID") + .option("--apply", "Persist changes; default is a dry run", false) + .action(async (opts: SecretMigrateInlineEnvOptions) => { + try { + await migrateInlineEnv(opts); + } catch (err) { + handleCommandError(err); + } + }), + ); +} diff --git a/cli/src/config/home.ts b/cli/src/config/home.ts index ef4d8e09..86f1ab4a 100644 --- a/cli/src/config/home.ts +++ b/cli/src/config/home.ts @@ -1,32 +1,31 @@ -import os from "node:os"; import path from "node:path"; +import { + expandHomePrefix, + resolveDefaultBackupDir as resolveSharedDefaultBackupDir, + resolveDefaultEmbeddedPostgresDir as resolveSharedDefaultEmbeddedPostgresDir, + resolveDefaultLogsDir as resolveSharedDefaultLogsDir, + resolveDefaultSecretsKeyFilePath as resolveSharedDefaultSecretsKeyFilePath, + resolveDefaultStorageDir as resolveSharedDefaultStorageDir, + resolveHomeAwarePath, + resolvePaperclipConfigPathForInstance, + resolvePaperclipHomeDir, + resolvePaperclipInstanceId, + resolvePaperclipInstanceRoot as resolveSharedPaperclipInstanceRoot, +} from "@paperclipai/shared/home-paths"; -const DEFAULT_INSTANCE_ID = "default"; -const INSTANCE_ID_RE = /^[a-zA-Z0-9_-]+$/; - -export function resolvePaperclipHomeDir(): string { - const envHome = process.env.PAPERCLIP_HOME?.trim(); - if (envHome) return path.resolve(expandHomePrefix(envHome)); - return path.resolve(os.homedir(), ".paperclip"); -} - -export function resolvePaperclipInstanceId(override?: string): string { - const raw = override?.trim() || process.env.PAPERCLIP_INSTANCE_ID?.trim() || DEFAULT_INSTANCE_ID; - if (!INSTANCE_ID_RE.test(raw)) { - throw new Error( - `Invalid instance id '${raw}'. Allowed characters: letters, numbers, '_' and '-'.`, - ); - } - return raw; -} +export { + expandHomePrefix, + resolveHomeAwarePath, + resolvePaperclipHomeDir, + resolvePaperclipInstanceId, +}; export function resolvePaperclipInstanceRoot(instanceId?: string): string { - const id = resolvePaperclipInstanceId(instanceId); - return path.resolve(resolvePaperclipHomeDir(), "instances", id); + return resolveSharedPaperclipInstanceRoot({ instanceId }); } export function resolveDefaultConfigPath(instanceId?: string): string { - return path.resolve(resolvePaperclipInstanceRoot(instanceId), "config.json"); + return resolvePaperclipConfigPathForInstance({ instanceId }); } export function resolveDefaultContextPath(): string { @@ -38,29 +37,23 @@ export function resolveDefaultCliAuthPath(): string { } export function resolveDefaultEmbeddedPostgresDir(instanceId?: string): string { - return path.resolve(resolvePaperclipInstanceRoot(instanceId), "db"); + return resolveSharedDefaultEmbeddedPostgresDir({ instanceId }); } export function resolveDefaultLogsDir(instanceId?: string): string { - return path.resolve(resolvePaperclipInstanceRoot(instanceId), "logs"); + return resolveSharedDefaultLogsDir({ instanceId }); } export function resolveDefaultSecretsKeyFilePath(instanceId?: string): string { - return path.resolve(resolvePaperclipInstanceRoot(instanceId), "secrets", "master.key"); + return resolveSharedDefaultSecretsKeyFilePath({ instanceId }); } export function resolveDefaultStorageDir(instanceId?: string): string { - return path.resolve(resolvePaperclipInstanceRoot(instanceId), "data", "storage"); + return resolveSharedDefaultStorageDir({ instanceId }); } export function resolveDefaultBackupDir(instanceId?: string): string { - return path.resolve(resolvePaperclipInstanceRoot(instanceId), "data", "backups"); -} - -export function expandHomePrefix(value: string): string { - if (value === "~") return os.homedir(); - if (value.startsWith("~/")) return path.resolve(os.homedir(), value.slice(2)); - return value; + return resolveSharedDefaultBackupDir({ instanceId }); } export function describeLocalInstancePaths(instanceId?: string) { diff --git a/cli/src/index.ts b/cli/src/index.ts index bbec356f..f1a2084a 100644 --- a/cli/src/index.ts +++ b/cli/src/index.ts @@ -18,6 +18,7 @@ import { registerActivityCommands } from "./commands/client/activity.js"; import { registerDashboardCommands } from "./commands/client/dashboard.js"; import { registerRoutineCommands } from "./commands/routines.js"; import { registerFeedbackCommands } from "./commands/client/feedback.js"; +import { registerSecretCommands } from "./commands/client/secrets.js"; import { applyDataDirOverride, type DataDirOptionLike } from "./config/data-dir.js"; import { loadPaperclipEnvFile } from "./config/env.js"; import { initTelemetryFromConfigFile, flushTelemetry } from "./telemetry.js"; @@ -147,6 +148,7 @@ registerActivityCommands(program); registerDashboardCommands(program); registerRoutineCommands(program); registerFeedbackCommands(program); +registerSecretCommands(program); registerWorktreeCommands(program); registerEnvLabCommands(program); registerPluginCommands(program); diff --git a/cli/src/prompts/secrets.ts b/cli/src/prompts/secrets.ts index c65ef0bc..f1804bce 100644 --- a/cli/src/prompts/secrets.ts +++ b/cli/src/prompts/secrets.ts @@ -32,7 +32,7 @@ export async function promptSecrets(current?: SecretsConfig): Promise pnpm paperclipai agent local-cli claudecoder --company-id ``` +## Secrets Commands + +```sh +pnpm paperclipai secrets list --company-id +pnpm paperclipai secrets declarations --company-id [--include agents,projects] [--kind secret] +pnpm paperclipai secrets create --company-id --name anthropic-api-key --value-env ANTHROPIC_API_KEY +pnpm paperclipai secrets link --company-id --name prod-stripe-key --provider aws_secrets_manager --external-ref +pnpm paperclipai secrets doctor --company-id +pnpm paperclipai secrets migrate-inline-env --company-id [--apply] +``` + +Secret listing and declarations never print secret values. `create` accepts +`--value-env` so shell history does not capture the value. `link` records +provider-owned references without copying the secret value into Paperclip. +For AWS-backed secrets, `secrets doctor` reports missing non-secret provider +env and the expected AWS SDK runtime credential source; do not store AWS +bootstrap credentials in Paperclip secrets. + +Per-company provider vaults (multiple vault instances per provider, default +vault selection, coming-soon GCP/Vault) are configured from the board UI under +`Company Settings → Secrets → Provider vaults` or through +`/api/companies/{companyId}/secret-provider-configs`. There is no CLI surface +for vault management today. See the +[secrets deploy guide](../docs/deploy/secrets.md#provider-vaults) and +[API reference](../docs/api/secrets.md#provider-vaults) for the contract. + ## Approval Commands ```sh @@ -178,7 +204,28 @@ pnpm paperclipai heartbeat run --agent-id [--api-base http://localhos ## Local Storage Defaults -Default local instance root is `~/.paperclip/instances/default`: +Local Paperclip data lives under the selected instance root. `PAPERCLIP_HOME` chooses the home directory and `PAPERCLIP_INSTANCE_ID` chooses the instance. + +```text +~/.paperclip/ # PAPERCLIP_HOME +└── instances/ + └── default/ # instance root (PAPERCLIP_INSTANCE_ID) + ├── config.json # runtime config + ├── .env # instance env file + ├── db/ # embedded PostgreSQL data + ├── data/ + │ ├── storage/ # local_disk uploads + │ └── backups/ # automatic DB backups + ├── logs/ + ├── secrets/ + │ └── master.key # local_encrypted master key + ├── workspaces/ # default agent workspaces + ├── projects/ # project execution workspaces + ├── companies/ # per-company adapter homes (e.g. codex-home) + └── codex-home/ # per-instance codex home (when not company-scoped) +``` + +Default paths for the canonical install: - config: `~/.paperclip/instances/default/config.json` - embedded db: `~/.paperclip/instances/default/db` diff --git a/doc/DATABASE.md b/doc/DATABASE.md index 23abd32d..2e0ad661 100644 --- a/doc/DATABASE.md +++ b/doc/DATABASE.md @@ -171,6 +171,8 @@ For local/default installs, the active provider is `local_encrypted`: - Secret material is encrypted at rest with a local master key. - Default key file: `~/.paperclip/instances/default/secrets/master.key` (auto-created if missing). - CLI config location: `~/.paperclip/instances/default/config.json` under `secrets.localEncrypted.keyFilePath`. +- Backup/restore requires both the database metadata and the local master key file; either artifact alone is insufficient. +- The server best-effort enforces `0600` key file permissions and provider health reports permission warnings. Optional overrides: @@ -192,5 +194,10 @@ pnpm paperclipai configure --section secrets Inline secret migration command: ```sh +pnpm paperclipai secrets migrate-inline-env --company-id --apply + +# direct database maintenance fallback pnpm secrets:migrate-inline-env --apply ``` + +Hosted AWS provider notes live in [SECRETS-AWS-PROVIDER.md](./SECRETS-AWS-PROVIDER.md). diff --git a/doc/DEVELOPING.md b/doc/DEVELOPING.md index d95bb04d..f41465e2 100644 --- a/doc/DEVELOPING.md +++ b/doc/DEVELOPING.md @@ -157,6 +157,27 @@ See `doc/DOCKER.md` for API key wiring (`OPENAI_API_KEY` / `ANTHROPIC_API_KEY`) For a separate review-oriented container that keeps `codex`/`claude` login state in Docker volumes and checks out PRs into an isolated scratch workspace, see `doc/UNTRUSTED-PR-REVIEW.md`. +## Local Instance Layout + +Every local install keeps runtime state directly under the selected instance root: + +```text +~/.paperclip/instances/default/ # instance root + config.json # runtime config + .env # instance env file + db/ # embedded PostgreSQL data + data/ + storage/ # local_disk uploads + backups/ # automatic DB backups + logs/ + secrets/master.key # local_encrypted master key + workspaces// # default agent workspaces + projects/ # project execution workspaces + companies//codex-home/ # per-company codex_local home +``` + +`PAPERCLIP_HOME` and `PAPERCLIP_INSTANCE_ID` override the home root and instance id respectively. `paperclipai onboard` echoes the resolved values in its banner (`Local home: | instance: | config: `) so you can confirm where state will land before continuing. + ## Database in Dev (Auto-Handled) For local development, leave `DATABASE_URL` unset. @@ -164,7 +185,7 @@ The server will automatically use embedded PostgreSQL and persist data at: - `~/.paperclip/instances/default/db` -Override home and instance: +Override home or instance: ```sh PAPERCLIP_HOME=/custom/path PAPERCLIP_INSTANCE_ID=dev pnpm paperclipai run @@ -280,7 +301,7 @@ paperclipai worktree init --from-data-dir ~/.paperclip paperclipai worktree init --force ``` -Repair an already-created repo-managed worktree and reseed its isolated instance from the main default install: +Repair an already-created repo-managed worktree and reseed its isolated instance from the main default install. Point `--from-config` at the instance config: ```sh cd /path/to/paperclip/.paperclip/worktrees/PAP-884-ai-commits-component @@ -462,6 +483,7 @@ Agent env vars now support secret references. By default, secret values are stor - Default local key path: `~/.paperclip/instances/default/secrets/master.key` - Override key material directly: `PAPERCLIP_SECRETS_MASTER_KEY` - Override key file path: `PAPERCLIP_SECRETS_MASTER_KEY_FILE` +- Back up the key file and database together; either one alone is not enough to restore local encrypted secrets. Strict mode (recommended outside local trusted machines): @@ -470,12 +492,20 @@ PAPERCLIP_SECRETS_STRICT_MODE=true ``` When strict mode is enabled, sensitive env keys (for example `*_API_KEY`, `*_TOKEN`, `*_SECRET`) must use secret references instead of inline plain values. +Authenticated deployments default strict mode on unless explicitly overridden. CLI configuration support: - `pnpm paperclipai onboard` writes a default `secrets` config section (`local_encrypted`, strict mode off, key file path set) and creates a local key file when needed. - `pnpm paperclipai configure --section secrets` lets you update provider/strict mode/key path and creates the local key file when needed. -- `pnpm paperclipai doctor` validates secrets adapter configuration and can create a missing local key file with `--repair`. +- `pnpm paperclipai doctor` validates secrets adapter configuration, can create a missing local key file with `--repair`, and reports missing AWS Secrets Manager bootstrap env when that provider is selected. +- Provider health is available at `GET /api/companies/:companyId/secret-providers/health` and reports local key permission warnings plus backup guidance. + +Per-company provider vaults are configured in the board UI under +`Company Settings → Secrets → Provider vaults`, backed by +`/api/companies/{companyId}/secret-provider-configs`. The CLI does not own +vault lifecycle today. See `docs/deploy/secrets.md` (`Provider Vaults` section) +for the operator model. Migration helper for existing inline env secrets: diff --git a/doc/PUBLISHING.md b/doc/PUBLISHING.md index 784a12fd..c430d347 100644 --- a/doc/PUBLISHING.md +++ b/doc/PUBLISHING.md @@ -176,6 +176,58 @@ That means: See [doc/RELEASE-AUTOMATION-SETUP.md](RELEASE-AUTOMATION-SETUP.md) for the GitHub/npm setup steps. +## Release enrollment for new public packages + +Paperclip does not auto-publish every non-private workspace package anymore. +CI publishing is controlled by [`scripts/release-package-manifest.json`](../scripts/release-package-manifest.json). + +When you add a new public package: + +1. add it to the manifest and decide whether CI should publish it immediately +2. if CI should publish it, bootstrap the package on npm before merge +3. if CI should not publish it yet, keep `"publishFromCi": false` +4. only enable `"publishFromCi": true` after npm trusted publishing is configured for that package + +PR CI now checks changed release-enabled package manifests against npm. That catches a missing first-publish bootstrap before the change reaches `master`. + +### One-time bootstrap sequence for a new package + +The first publish of a brand-new package still needs one human maintainer with npm write access. +After that, trusted publishing can take over. + +Example for `@paperclipai/adapter-acpx-local` from the repo root: + +```bash +# safe preview +pnpm run release:bootstrap-package -- @paperclipai/adapter-acpx-local + +# one-time first publish from an authenticated maintainer machine +pnpm run release:bootstrap-package -- @paperclipai/adapter-acpx-local --publish --otp 123456 +``` + +The helper script: + +- checks that the package does not already exist on npm +- builds the target package unless `--skip-build` is passed +- runs `npm pack --dry-run` in the package directory +- only runs the real `npm publish --access public` when `--publish --otp ` is provided + +For the real `--publish` step, the maintainer machine must already be authenticated to npm. +If `npm whoami` returns `401`, first run `npm logout --registry=https://registry.npmjs.org/` to clear any stale local auth, then run `npm login` or `npm adduser` locally as an npm org member, and finally rerun the helper. +That local human auth is fine for the one-time bootstrap publish; we just do not want the same auth model inside CI. +The helper now requires `--otp ` up front for `--publish`, so it fails before the real publish attempt if the one-time password is missing. + +After that first publish succeeds: + +1. open `https://www.npmjs.com/package/@paperclipai/adapter-acpx-local` +2. go to `Settings` → `Trusted publishing` +3. add repository `paperclipai/paperclip` +4. set workflow filename to `release.yml` +5. optionally go to `Settings` → `Publishing access` and enable `Require two-factor authentication and disallow tokens` +6. keep `publishFromCi: true` in [`scripts/release-package-manifest.json`](../scripts/release-package-manifest.json) + +Once those steps are done, future canary and stable publishes for that package are automated through GitHub OIDC. The manual step is only the first package creation on npm. + ## Rollback model Rollback does not unpublish anything. diff --git a/doc/RELEASE-AUTOMATION-SETUP.md b/doc/RELEASE-AUTOMATION-SETUP.md index 25982892..d6e08b9f 100644 --- a/doc/RELEASE-AUTOMATION-SETUP.md +++ b/doc/RELEASE-AUTOMATION-SETUP.md @@ -67,6 +67,27 @@ Why: - the single `release.yml` workflow handles both canary and stable publishing - GitHub environments `npm-canary` and `npm-stable` still enforce different approval rules on the GitHub side +### 2.2.1. Newly added public packages need a bootstrap phase + +Trusted publishing is configured on the npm package itself, not at the repo scope. +That means a brand-new public package must not be auto-enrolled into CI publishing until its npm package exists and its trusted publisher has been configured. + +Repo policy: + +1. add every non-private package to [`scripts/release-package-manifest.json`](../scripts/release-package-manifest.json) +2. set `"publishFromCi": true` only when CI is expected to publish that package +3. if the package is not ready for CI publishing yet, keep `"publishFromCi": false` +4. complete the package bootstrap before merging any PR that changes a release-enabled new package + +Bootstrap sequence for a new package: + +1. publish the package once from a trusted maintainer machine using normal npm auth +2. open that package on npm and add the `paperclipai/paperclip` trusted publisher for `.github/workflows/release.yml` +3. rerun or dry-run the release flow as needed to confirm CI publishing now works +4. only then enable `"publishFromCi": true` + +PR CI enforces this by checking changed release-enabled package manifests against npm. That keeps `master` canary publishing healthy while preserving the no-long-lived-token model for normal CI releases. + ### 2.3. Verify trusted publishing before removing old auth After the workflows are live: diff --git a/doc/SECRETS-AWS-PROVIDER.md b/doc/SECRETS-AWS-PROVIDER.md new file mode 100644 index 00000000..c7cce82e --- /dev/null +++ b/doc/SECRETS-AWS-PROVIDER.md @@ -0,0 +1,368 @@ +# AWS Secrets Manager Provider + +Operational contract for the hosted `aws_secrets_manager` secret provider used by Paperclip Cloud. + +## Scope + +- Hosted provider for Paperclip-managed secrets when Paperclip Cloud runs on AWS. +- Source of truth for secret values is AWS Secrets Manager, not Postgres. +- Paperclip stores only metadata needed for ownership, bindings, version selection, audit, and runtime resolution. +- AWS provider bootstrap credentials are deployment/runtime credentials, not Paperclip-managed company secrets. +- Remote import for existing AWS secrets is metadata-only. Preview/import uses + AWS inventory metadata and creates Paperclip external references; it does not + copy plaintext into Paperclip. +- Per-company AWS provider vaults (named instances of `aws_secrets_manager` + with their own region, namespace, prefix, KMS key id, and tags) are managed + in the board UI under `Company Settings → Secrets → Provider vaults`. See + [Provider Vaults](../docs/deploy/secrets.md#provider-vaults) for the operator + model and [Provider Vaults API](../docs/api/secrets.md#provider-vaults) for + the routes. The bootstrap trust model in this document still applies — vault + config carries non-sensitive routing metadata only, never AWS credentials. + +## Bootstrap Trust Model + +The AWS provider has a chicken-and-egg boundary: Paperclip cannot use +`company_secrets` to unlock the AWS provider that stores those secrets. The +initial AWS trust must exist before the Paperclip server starts. + +Allowed bootstrap locations: + +- Infrastructure IAM or workload identity attached to the Paperclip server + runtime. +- Process environment or orchestrator secret store used to start the Paperclip + server. +- Local AWS SDK sources such as `AWS_PROFILE`, AWS SSO/shared config, web + identity, container metadata, or instance metadata. +- Short-lived shell credentials for local development only. + +Do not ask operators to paste AWS root credentials or long-lived IAM user access +keys into the Paperclip board UI. Do not store those bootstrap keys in +`company_secrets`. + +## Paperclip Cloud Bootstrap + +Paperclip Cloud must provision the AWS backing resources before any board user +can create AWS-backed company secrets: + +1. Create or select the deployment KMS key. +2. Create the Paperclip server runtime role for the deployment. +3. Attach a minimum IAM policy scoped to the deployment Secrets Manager prefix + and the configured KMS key. +4. Configure the server runtime with the non-secret provider environment + variables below. +5. Run `paperclipai doctor` or the provider health endpoint from the deployed + runtime and confirm that the provider reports the expected region, prefix, + deployment id, KMS setting, and AWS SDK credential source. + +Once this is in place, the board UI can create Paperclip-managed AWS secrets and +Paperclip will write them under the deployment/company namespace. + +## Self-Hosted And Local Bootstrap + +Self-hosted AWS deployments should use the AWS SDK default credential provider +chain. Preferred sources are role-based: + +- EC2 instance profile. +- ECS task role. +- EKS IRSA or another OIDC web identity role. +- AWS SSO/shared config via `AWS_PROFILE`. + +Local development can use: + +```sh +aws sso login --profile paperclip-dev +AWS_PROFILE=paperclip-dev \ +PAPERCLIP_SECRETS_PROVIDER=aws_secrets_manager \ +PAPERCLIP_SECRETS_AWS_REGION=us-east-1 \ +PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID=dev-local \ +PAPERCLIP_SECRETS_AWS_KMS_KEY_ID=arn:aws:kms:us-east-1:123456789012:key/abcd-... \ +pnpm dev +``` + +Temporary `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` environment credentials +are acceptable only as a local break-glass or short-lived test source. They +should not be written to Paperclip config, committed to `.env` files, stored in +`company_secrets`, or used as the default Paperclip Cloud bootstrap path. + +## Deployment Config + +Required environment variables: + +```sh +PAPERCLIP_SECRETS_PROVIDER=aws_secrets_manager +PAPERCLIP_SECRETS_AWS_REGION=us-east-1 +PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID=prod-us-1 +PAPERCLIP_SECRETS_AWS_KMS_KEY_ID=arn:aws:kms:us-east-1:123456789012:key/abcd-... +``` + +Optional environment variables: + +```sh +PAPERCLIP_SECRETS_AWS_PREFIX=paperclip +PAPERCLIP_SECRETS_AWS_ENVIRONMENT=production +PAPERCLIP_SECRETS_AWS_PROVIDER_OWNER=paperclip +PAPERCLIP_SECRETS_AWS_ENDPOINT= +PAPERCLIP_SECRETS_AWS_DELETE_RECOVERY_DAYS=30 +``` + +Naming convention for Paperclip-managed secrets: + +```text +paperclip/{deploymentId}/{companyId}/{secretKey} +``` + +Tag set for Paperclip-managed secrets: + +- `paperclip:managed-by=paperclip` +- `paperclip:provider-owner=` +- `paperclip:deployment-id=` +- `paperclip:company-id=` +- `paperclip:secret-key=` +- `paperclip:environment=` + +## IAM And KMS Assumptions + +Launch posture: + +- One Paperclip app role per deployment. +- One deployment-scoped KMS key per deployment at launch. +- Future per-company KMS keys remain compatible because Paperclip stores provider refs and version metadata separately from values. + +Minimum IAM boundary: + +- Allow `secretsmanager:CreateSecret`, `PutSecretValue`, `GetSecretValue`, and `DeleteSecret`. +- Scope resources to the deployment prefix: + +```text +arn:aws:secretsmanager:::secret:paperclip//* +``` + +- Allow `kms:Encrypt`, `kms:Decrypt`, `kms:GenerateDataKey`, and `kms:DescribeKey` for the configured deployment CMK. +- Deny wildcard access outside the deployment prefix. +- Prefer workload identity / role-based auth. Do not store AWS credentials inline in Paperclip config. + +Example minimum policy shape: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PaperclipDeploymentSecrets", + "Effect": "Allow", + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:PutSecretValue", + "secretsmanager:GetSecretValue", + "secretsmanager:DeleteSecret" + ], + "Resource": "arn:aws:secretsmanager:::secret:paperclip//*" + }, + { + "Sid": "PaperclipDeploymentKms", + "Effect": "Allow", + "Action": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:GenerateDataKey", + "kms:DescribeKey" + ], + "Resource": "arn:aws:kms:::key/" + } + ] +} +``` + +Operational expectation: + +- Paperclip-managed secrets may be deleted only by Paperclip or an operator with equivalent break-glass access. +- External references may resolve through Paperclip runtime, but Paperclip should not delete the external secret resource. + +## Remote Import Inventory IAM + +Remote import preview needs one additional AWS permission: + +```json +{ + "Sid": "PaperclipRemoteSecretInventory", + "Effect": "Allow", + "Action": "secretsmanager:ListSecrets", + "Resource": "*" +} +``` + +This is intentionally separate from the managed create/rotate/delete policy. +AWS treats `ListSecrets` as an account/Region inventory action; do not document +secret ARNs, names, tags, or AWS request filters as an IAM boundary for it. Use +`Resource: "*"` and decide whether inventory exposure is acceptable for the AWS +account and Region behind each provider vault. + +Remote import preview/import must not call: + +- `secretsmanager:GetSecretValue` +- `secretsmanager:BatchGetSecretValue` +- `kms:Decrypt` + +Those permissions are only needed later when a bound runtime resolves an +imported external reference. For imported refs, scope read permissions to the +operator-approved external prefixes that Paperclip is allowed to consume: + +```json +{ + "Sid": "PaperclipResolveImportedExternalReferences", + "Effect": "Allow", + "Action": "secretsmanager:GetSecretValue", + "Resource": [ + "arn:aws:secretsmanager:::secret:/*" + ] +} +``` + +If selected external secrets use customer-managed KMS keys, also grant +`kms:Decrypt` and `kms:DescribeKey` on those keys. Keep managed write/delete +permissions scoped to `paperclip//*`; do not broaden them for +remote import. + +Safe scoping guidance: + +- Prefer one Paperclip runtime role per environment/account. +- Point provider vaults at the intended AWS account and Region instead of a + broad central admin role. +- Enable `ListSecrets` only in accounts where inventory exposure is acceptable. +- Keep preview/import board-only; agent API keys must not call these routes. +- Treat AWS tag/name filters as search UX only, not permission enforcement. + +Paperclip also blocks importing refs under its own managed namespace as +external references. Use the Paperclip-managed flow for +`paperclip/{deploymentId}/{companyId}/{secretKey}` resources. + +## Existing AWS Secrets + +V1 keeps existing AWS Secrets Manager entries as **linked external references**, not adopted +Paperclip-managed resources. + +Use the Paperclip-managed flow when Paperclip should create and rotate the value. The AWS +secret name is derived from deployment and company scope: + +```text +paperclip/{deploymentId}/{companyId}/{secretKey} +``` + +Use the external-reference flow when the secret already exists at an operator-owned path such +as: + +```text +/paperclip-bench/anthropic_api_key +``` + +In that mode Paperclip stores only the path or ARN, resolves it at runtime, and records +redacted access events. Operators rotate the actual value in AWS. Update the Paperclip +reference only when the AWS path, ARN, or pinned provider version changes. + +Paperclip does not currently offer an "adopt existing AWS secret" flow that takes over future +`PutSecretValue` writes for an arbitrary existing secret. Adding that later requires explicit +confirmation UX, scope validation, expected Paperclip tags, and security/cloud-ops review. + +## Data Custody + +- Paperclip stores `externalRef`, `providerVersionRef`, provider id, fingerprint hash, status, and binding metadata. +- Paperclip does not store AWS secret plaintext in `company_secret_versions.material`. +- Runtime resolution fetches the value from AWS only when a bound consumer needs it. + +## Rotation Runbook + +Manual Paperclip-managed rotation: + +1. Write the new value through the Paperclip secret rotate flow. +2. Paperclip creates a new AWS secret version with `PutSecretValue`. +3. Paperclip records the new `providerVersionRef` in `company_secret_versions`. +4. Re-run or restart affected workloads that consume `latest`, or pin consumers to a specific Paperclip version before rollout when you need staged release safety. + +Guidance: + +- Prefer pinned Paperclip secret versions for risky rollouts. +- Treat provider-native automatic rotation as a later enhancement; current V1 flow is explicit create-new-version plus controlled rollout. + +## Backup And Restore Runbook + +What must survive: + +- Paperclip database metadata for secret ownership, bindings, status, and provider version refs. +- AWS Secrets Manager namespace under the configured deployment prefix. +- The configured KMS key and its decrypt permissions. + +Restore checklist: + +1. Restore Paperclip database metadata. +2. Confirm the same AWS Secrets Manager namespace still exists. +3. Confirm the Paperclip runtime role can call `GetSecretValue` on the restored prefix. +4. Confirm the role still has decrypt access to the CMK referenced by `PAPERCLIP_SECRETS_AWS_KMS_KEY_ID`. +5. Run the live smoke below or a targeted runtime secret resolution test. + +## Provider Outage Runbook + +Symptoms: + +- Secret create/rotate/resolve operations fail with AWS provider errors. +- Agent runs fail before adapter invocation on required secret resolution. +- Remote import preview fails to list AWS inventory. + +Immediate actions: + +1. Confirm AWS regional health and Secrets Manager availability. +2. Confirm the runtime role still has `GetSecretValue` and KMS decrypt permissions. +3. Check for accidental prefix, region, deployment id, or KMS key config drift. +4. Retry a single resolution after AWS service health is green. +5. If outage persists, pause high-risk runs that require secret access rather than churning retries. + +Remote import-specific actions: + +- Missing list permission: add `secretsmanager:ListSecrets` with + `Resource: "*"` only when inventory import is approved for that vault's + AWS account and Region. +- Throttling: narrow the search, wait briefly, and retry with backoff. Avoid + full-account enumeration. +- Invalid or stale cursor: refresh the preview and discard the old + `NextToken`. +- Large account: load pages intentionally, keep one in-flight preview request + per vault/search, and do not run background full-account crawls. +- Runtime read failure after import: verify `GetSecretValue` and KMS decrypt + on the selected external secret. Visibility in `ListSecrets` does not prove + read permission. + +## Incident Response Runbook + +Potential incidents: + +- Cross-company access caused by IAM scoping drift. +- KMS policy drift causing decrypt failures or over-broad access. +- Suspected secret exposure in logs, transcripts, or downstream agent output. + +Response steps: + +1. Stop or pause affected Paperclip runs. +2. Audit recent Paperclip secret access events for impacted secret ids and consumers. +3. Audit AWS CloudTrail for `ListSecrets`, `GetSecretValue`, + `PutSecretValue`, and `DeleteSecret` calls on the relevant vault account, + Region, deployment prefix, and approved external prefixes. +4. Rotate impacted secrets in AWS through Paperclip-managed versioning. +5. Re-scope IAM and KMS policies before resuming normal traffic. +6. If a value may have reached an agent transcript or external system, treat it as exposed and rotate immediately. + +## Optional Live Smoke + +This is safe to skip locally. Run it only against a dedicated AWS test namespace. + +Prerequisites: + +- AWS credentials or workload identity with the deployment-scoped IAM permissions above. +- `PAPERCLIP_SECRETS_PROVIDER=aws_secrets_manager` +- The required `PAPERCLIP_SECRETS_AWS_*` environment variables set. + +Suggested smoke: + +1. Create a test secret through the Paperclip board or API under a throwaway company. +2. Confirm the resulting AWS secret name matches `paperclip/{deploymentId}/{companyId}/{secretKey}`. +3. Rotate the secret once and confirm a new `providerVersionRef` appears in Paperclip metadata. +4. Resolve the secret through a bound runtime path, not by adding a general-purpose reveal endpoint. +5. Delete the throwaway secret and confirm AWS schedules deletion with the configured recovery window. diff --git a/doc/assets/pap-3368/desktop-planning-detail.png b/doc/assets/pap-3368/desktop-planning-detail.png new file mode 100644 index 00000000..aeb69efa Binary files /dev/null and b/doc/assets/pap-3368/desktop-planning-detail.png differ diff --git a/doc/assets/pap-3368/desktop-planning-row.png b/doc/assets/pap-3368/desktop-planning-row.png new file mode 100644 index 00000000..78d6c802 Binary files /dev/null and b/doc/assets/pap-3368/desktop-planning-row.png differ diff --git a/doc/assets/pap-3368/desktop-standard-toggle.png b/doc/assets/pap-3368/desktop-standard-toggle.png new file mode 100644 index 00000000..fa6c25dc Binary files /dev/null and b/doc/assets/pap-3368/desktop-standard-toggle.png differ diff --git a/doc/assets/pap-3368/mobile-planning-detail.png b/doc/assets/pap-3368/mobile-planning-detail.png new file mode 100644 index 00000000..91dd0a19 Binary files /dev/null and b/doc/assets/pap-3368/mobile-planning-detail.png differ diff --git a/doc/assets/pap-3368/mobile-planning-row.png b/doc/assets/pap-3368/mobile-planning-row.png new file mode 100644 index 00000000..65a222fe Binary files /dev/null and b/doc/assets/pap-3368/mobile-planning-row.png differ diff --git a/doc/execution-semantics.md b/doc/execution-semantics.md index b014253b..b6d2d542 100644 --- a/doc/execution-semantics.md +++ b/doc/execution-semantics.md @@ -67,13 +67,15 @@ This is the right state for: - waiting on another issue - waiting on a human decision -- waiting on an external dependency or system +- waiting on an external dependency or system when Paperclip does not own a scheduled re-check - work that automatic recovery could not safely continue ### `in_review` Execution work is paused because the next move belongs to a reviewer or approver, not the current executor. +An external review service can also be a valid review path when the issue keeps an agent assignee and has an active one-shot monitor that will wake that assignee to check the service later. + ### `done` The work is complete and terminal. @@ -164,6 +166,7 @@ The valid action-path primitives are: - a queued wake or continuation that can be delivered to the responsible agent - a typed execution-policy participant, such as `executionState.currentParticipant` - a pending issue-thread interaction or linked approval that is waiting for a specific responder +- a one-shot issue monitor (`executionPolicy.monitor.nextCheckAt`) that will wake the assignee for a future check - a human owner via `assigneeUserId` - a first-class blocker chain whose unresolved leaf issues are themselves healthy - an open explicit recovery issue that names the owner and action needed to restore liveness @@ -180,6 +183,16 @@ A healthy dispatch state means at least one of these is true: An assigned `todo` issue is stalled when dispatch was interrupted, no wake remains queued or running, and no recovery path has been opened. +### Agent-assigned `backlog` + +This is parked state, not dispatch state. + +Assigning an issue normally implies executable intent. When create APIs receive an assignee and no explicit status, Paperclip defaults the issue to `todo` so the assignee has a wake path instead of silently inheriting the unassigned `backlog` default. + +An explicit assigned `backlog` issue remains valid when the creator is deliberately parking the work. It must not wake the assignee just because it has an assignee. Paperclip should make that choice visible in activity and UI so operators can distinguish intentional parking from a missed handoff. + +An assigned `backlog` issue becomes a liveness problem when another issue is blocked on it and there is no explicit waiting path such as a human owner, active run, queued wake, pending interaction or approval, monitor, or open recovery issue. In that case the blocked parent should surface "blocked by parked work" rather than treating the dependency chain as healthy. + ### Agent-assigned `in_progress` This is active-work state. @@ -188,6 +201,7 @@ A healthy active-work state means at least one of these is true: - there is an active run for the issue - there is already a queued continuation wake +- there is an active one-shot monitor that will wake the assignee for a future check - there is an open explicit recovery issue for the lost execution path An agent-owned `in_progress` issue is stalled when it has no active run, no queued continuation, and no explicit recovery surface. A still-running but silent process is not automatically stalled; it is handled by the active-run watchdog contract. @@ -202,11 +216,34 @@ A healthy `in_review` issue has at least one valid action path: - a pending issue-thread interaction or linked approval waiting for a named responder - a human owner via `assigneeUserId` - an active run or queued wake that is expected to process the review state +- an active one-shot monitor for an external service or async review loop that the assignee owns - an open explicit recovery issue for an ambiguous review handoff Agent-assigned `in_review` with no typed participant is only healthy when one of the other paths exists. Assignment to the same agent that produced the handoff is not, by itself, a review path. -An `in_review` issue is stalled when it has no typed participant, no pending interaction or approval, no user owner, no active run, no queued wake, and no explicit recovery issue. Paperclip should surface that state as recovery work rather than silently completing the issue or leaving blocker chains parked indefinitely. +An `in_review` issue is stalled when it has no typed participant, no pending interaction or approval, no user owner, no active monitor, no active run, no queued wake, and no explicit recovery issue. Paperclip should surface that state as recovery work rather than silently completing the issue or leaving blocker chains parked indefinitely. + +### Issue monitors + +An issue monitor is a one-shot deferred action path for agent-owned issues in `in_progress` or `in_review`. + +Use a monitor when the current assignee owns a future check against an async system or external service. Examples include Greptile review loops, GitHub checks, Vercel deployments, or provider jobs where the agent should come back later and decide what happens next. + +Monitor policy lives under `executionPolicy.monitor` and includes: + +- `nextCheckAt`: when Paperclip should wake the assignee +- `notes`: non-secret instructions for what the assignee should check +- `serviceName`: optional non-secret external-service context +- `externalRef`: optional external-service reference input; Paperclip treats it as secret-adjacent, redacts it before persistence/visibility, and omits it from activity and wake payloads +- `timeoutAt`, `maxAttempts`, and `recoveryPolicy`: optional recovery hints for bounded waits + +Monitors are not recurring intervals. When a monitor fires, Paperclip clears the scheduled monitor and queues an `issue_monitor_due` wake for the assignee. If the external service is still pending, the assignee must explicitly re-arm the monitor with a new `nextCheckAt`. If the issue moves to `done`, `cancelled`, an invalid status, or a human/unassigned owner, the monitor is cleared. + +Because `serviceName` and `notes` remain visible in issue activity and wake context, operators should keep them short and non-secret. Put enough context for the assignee to know what to inspect, but do not include signed URLs, bearer tokens, customer secrets, tenant-private identifiers, or provider links with embedded credentials. + +Monitor bounds are enforced. Paperclip rejects attempts to re-arm a monitor whose `timeoutAt` or `maxAttempts` is already exhausted. When a scheduled monitor reaches an exhausted bound at trigger time, Paperclip clears it and follows `recoveryPolicy`: `wake_owner` queues a bounded recovery wake for the assignee, `create_recovery_issue` opens visible recovery work, and `escalate_to_board` records a board-visible escalation comment/activity. + +Use `blocked` instead of a monitor when no Paperclip assignee owns a responsible polling path. In that case, name the external owner/action or create first-class recovery/blocker work. ### `blocked` diff --git a/doc/plans/2026-04-26-plugin-secret-ref-company-scope.md b/doc/plans/2026-04-26-plugin-secret-ref-company-scope.md new file mode 100644 index 00000000..ca689e19 --- /dev/null +++ b/doc/plans/2026-04-26-plugin-secret-ref-company-scope.md @@ -0,0 +1,86 @@ +# Plugin Secret Refs: Company Scope Reintroduction Plan + +Date: 2026-04-26 +Status: follow-up after fail-closed mitigation +Related issue: PAP-2394 + +## Current state + +`PAP-2394` now fails closed: + +- `POST /api/plugins/:pluginId/config` rejects any config containing plugin secret refs. +- `ctx.secrets.resolve()` is disabled for plugin workers. + +This removes the release-blocking cross-company exposure path, but it also disables plugin secret-ref support until the runtime carries company scope end to end. + +## Vulnerability summary + +The original design mixed an instance-global config store with company-scoped secret bindings: + +- [server/src/routes/plugins.ts](/Users/dotta/paperclip/.paperclip/worktrees/PAP-2339-secrets-make-a-plan/server/src/routes/plugins.ts:1898) saved one global plugin config row, then wrote bindings into `company_secret_bindings` grouped by each referenced secret's owning company. +- [packages/db/src/schema/plugin_config.ts](/Users/dotta/paperclip/.paperclip/worktrees/PAP-2339-secrets-make-a-plan/packages/db/src/schema/plugin_config.ts:15) stored one config row per plugin, with no company dimension. +- [packages/db/src/schema/company_secret_bindings.ts](/Users/dotta/paperclip/.paperclip/worktrees/PAP-2339-secrets-make-a-plan/packages/db/src/schema/company_secret_bindings.ts:5) already modeled bindings as company-scoped. +- [server/src/services/plugin-secrets-handler.ts](/Users/dotta/paperclip/.paperclip/worktrees/PAP-2339-secrets-make-a-plan/server/src/services/plugin-secrets-handler.ts:212) resolved by `pluginId` + secret UUID, with no active company context from the bridge call. +- [packages/plugins/sdk/src/worker-rpc-host.ts](/Users/dotta/paperclip/.paperclip/worktrees/PAP-2339-secrets-make-a-plan/packages/plugins/sdk/src/worker-rpc-host.ts:384) exposed `ctx.config.get()` and `ctx.secrets.resolve()` without a company parameter. + +This violated Least Privilege, Complete Mediation, and Secure Defaults. + +## Recommended end state + +Re-enable plugin secret refs only after both of these are true: + +1. Plugin config reads/writes are company-scoped. +2. Runtime secret resolution carries explicit company context and enforces it at resolution time. + +## Implementation plan + +### 1. Make plugin config company-scoped + +- Add `company_id` to `plugin_config`, with a unique index on `(plugin_id, company_id)`. +- Update registry helpers to require `companyId` for `getConfig`, `upsertConfig`, `patchConfig`, and `deleteConfig`. +- Update plugin config routes to require `companyId` and call `assertCompanyAccess(req, companyId)`. +- Keep instance-global plugin lifecycle state separate from company-scoped plugin config. + +### 2. Propagate company context through the worker runtime + +- Extend the SDK so `ctx.config.get()` and `ctx.secrets.resolve()` can receive or derive `companyId`. +- Introduce worker request context storage for handlers that already run with company scope: + - `getData` + - `performAction` + - scoped API routes + - tool executions + - environment driver calls +- Fail closed when plugin code tries to read company-scoped config or secrets outside an active company context. + +### 3. Rebind secrets by `(companyId, pluginId, configPath)` + +- On config save, validate every referenced secret belongs to the authorized company. +- Store bindings only for that company. +- Resolve secrets only by the current company-scoped binding, never by bare plugin ID plus UUID. +- Treat stale bindings as invalid and remove them on config replacement. + +### 4. Prevent cross-company config disclosure + +- When returning config to the UI, only materialize the selected company's secret refs. +- Never expose another company's secret UUIDs through the global plugin config surface. + +## Required regression coverage + +- Company A board user cannot save plugin config that references a Company B secret. +- Company A plugin execution cannot resolve a Company B secret even if the same plugin is configured for Company B. +- Company-scoped config reads only return the selected company's secret bindings. +- Config replacement removes stale bindings for the same `(companyId, pluginId)` target. +- Runtime calls without company context fail closed. + +## Migration notes + +- Existing `plugin_config` rows need a migration strategy before re-enable. +- Safest default: do not auto-assume a company for historical secret refs. +- Prefer one of: + - explicit admin migration per company, or + - import existing rows as non-secret config only and require re-entry of secret refs. + +## Release posture + +- Keep plugin secret refs disabled until all steps above land. +- Do not restore the feature behind a soft warning; the insecure path must remain unavailable by default. diff --git a/doc/plans/2026-05-06-llm-wiki-paperclip-asset-security-gate.md b/doc/plans/2026-05-06-llm-wiki-paperclip-asset-security-gate.md new file mode 100644 index 00000000..cb527ae7 --- /dev/null +++ b/doc/plans/2026-05-06-llm-wiki-paperclip-asset-security-gate.md @@ -0,0 +1,135 @@ +# LLM Wiki Paperclip Asset And Work-Product Security Gate + +Status: accepted Phase 5 policy +Date: 2026-05-06 +Owner: Security engineering +Scope: Paperclip-derived ingestion into the LLM Wiki before any asset or work-product content indexing ships + +## Decision + +Phase 5 remains **fail-closed** for Paperclip assets and work products. + +- Paperclip-derived **text extraction is allowed only** for issue titles/descriptions, issue comments, and issue documents. +- Paperclip **assets/attachments** and **issue work products** are **metadata-only** in Phase 5. +- **Linked summaries** and **content extraction** for assets/work products are **not approved** in Phase 5. +- No implementation may fetch `/api/assets/:id/content`, dereference a work-product `url`, scrape preview pages, or embed binary/blob content into source bundles or source snapshots. + +This keeps the secure path easier than the insecure one and avoids broadening the wiki into a second content-distribution channel. + +## Allowed Source Kinds + +These source kinds may contribute body text to Paperclip-derived source bundles: + +| Source kind | Allowed body fields | Reason | +| --- | --- | --- | +| Issue | `title`, `description`, identifier/status metadata | First-party Paperclip text under company ACL | +| Comment | `body` | First-party Paperclip text under company ACL | +| Document | `body`, `title`, `key`, revision metadata | First-party Paperclip text under company ACL | + +## Assets And Work Products + +### Assets / attachments + +Allowed in Phase 5: + +- metadata-only references built from allowlisted structured fields already stored in Paperclip +- recommended fields: `issueId`, `issueCommentId`, `attachmentId`, `assetId`, `originalFilename`, `contentType`, `byteSize`, `sha256`, `createdAt`, `createdByAgentId`, `createdByUserId` + +Disallowed in Phase 5: + +- fetching asset bytes from `/api/assets/:id/content` +- parsing any blob body, including `text/plain`, `text/markdown`, `application/json`, images, SVG, PDFs, archives, or office formats +- storing `contentPath` in wiki source bundles or source snapshots +- model summarization of attachment bodies + +### Work products + +Allowed in Phase 5: + +- metadata-only references built from allowlisted structured fields already stored in Paperclip +- recommended fields: `issueId`, `workProductId`, `type`, `provider`, `title`, `status`, `reviewState`, `healthStatus`, `externalId`, `isPrimary`, `createdAt`, `updatedAt` +- optional boolean/derived metadata such as `hasUrl: true` + +Disallowed in Phase 5: + +- fetching or crawling the work-product `url` +- scraping preview pages, artifacts, pull requests, branches, commits, or custom provider targets through the wiki ingestion path +- storing raw `url` values in wiki source bundles or source snapshots +- model-authored linked summaries derived from off-record content + +## MIME Allowlists And Size Caps + +No MIME allowlist is approved for asset content extraction in Phase 5 because **no asset body extraction is approved at all**. + +- Every asset MIME type is treated as opaque for Paperclip-derived indexing. +- Existing upload limits remain storage concerns, not ingestion approvals. +- Work-product destinations are also opaque regardless of MIME type or size. + +Any future issue that wants blob parsing must define: + +- a positive MIME allowlist +- per-type parser strategy +- per-source size caps +- sandbox/isolation requirements +- prompt-injection handling +- regression tests for refusal paths + +## Redaction Rules + +Metadata-only means **structured facts only**, not capability-bearing links. + +- Do not persist `contentPath` for assets. +- Do not persist raw work-product `url` values. +- Do not persist query strings, fragments, signed URL tokens, or userinfo. +- Prefer stable identifiers (`assetId`, `workProductId`, `externalId`) over links. + +This addresses Sensitive Information Disclosure, Unsafe Consumption of APIs, and Insecure Output Handling risks. + +## Provenance Rules + +Every metadata-only reference must preserve enough provenance to explain where it came from without reading the underlying content: + +- `companyId` +- `issueId` +- attachment/work-product id +- producer identity when available +- timestamps +- an explicit `metadata_only` marker in any future reference/snapshot schema + +## Review-Required Behavior + +Human review is **not** required for plain metadata-only references that stay inside the allowlisted fields above. + +Human review **is required**, with a separate security sign-off issue, before enabling any of the following: + +- asset body extraction +- work-product URL fetching +- linked summaries generated from asset/work-product content +- storing raw blob links or raw remote URLs in wiki source material +- non-default-space routing for Paperclip-derived asset/work-product references + +## Security Rationale + +This gate exists because the current host surfaces have different trust properties: + +- issue/comment/document text is first-party Paperclip content already exposed through company-scoped issue/document APIs +- asset content is a blob download surface (`/api/assets/:id/content`) and can carry prompt-injection or parser-risk payloads +- work products can point at arbitrary destinations through `url`, which reintroduces SSRF, token leakage, and prompt-injection risk if dereferenced automatically + +Relevant threat classes: + +- OWASP LLM Top 10: Prompt Injection, Sensitive Information Disclosure, Insecure Output Handling, Excessive Agency +- OWASP API Top 10: SSRF, Unsafe Consumption of APIs, Broken Object Property Level Authorization +- Saltzer & Schroeder: Least Privilege, Fail Securely, Complete Mediation, Secure Defaults + +## Follow-Up Implementation Scope + +A follow-up implementation issue is justified only for **metadata-only references**. + +That implementation must: + +- keep assets/work products out of source-bundle body text +- never fetch blob bytes or remote URLs +- redact capability-bearing link fields +- mark references as `metadata_only` +- ship tests proving source bundles/snapshots never contain `contentPath` or raw work-product `url` fields diff --git a/doc/plugins/PLUGIN_AUTHORING_GUIDE.md b/doc/plugins/PLUGIN_AUTHORING_GUIDE.md index e3c24378..fc43ae7b 100644 --- a/doc/plugins/PLUGIN_AUTHORING_GUIDE.md +++ b/doc/plugins/PLUGIN_AUTHORING_GUIDE.md @@ -13,7 +13,9 @@ It is intentionally narrower than [PLUGIN_SPEC.md](./PLUGIN_SPEC.md). The spec i - Plugin database migrations are restricted to a host-derived plugin namespace. - Plugin-owned JSON API routes must be declared in the manifest and are mounted only under `/api/plugins/:pluginId/api/*`. -- There is no host-provided shared React component kit for plugins yet. +- The host provides a small shared React component kit through + `@paperclipai/plugin-sdk/ui`; use it for common Paperclip controls before + building custom versions. - `ctx.assets` is not supported in the current runtime. ## Scaffold a plugin @@ -83,10 +85,11 @@ Worker: - database namespace via `ctx.db` - scoped JSON API routes declared with `apiRoutes` - entities -- projects and project workspaces +- projects, project workspaces, and plugin-managed projects - companies - issues, comments, namespaced `plugin:` origins, blocker relations, checkout assertions, assignment wakeups, and orchestration summaries -- agents and agent sessions +- agents, plugin-managed agents, and agent sessions +- plugin-managed routines - goals - data/actions - streams @@ -143,6 +146,161 @@ handler. The worker receives sanitized headers, route params, query, parsed JSON body, actor context, and company id. Do not use plugin routes to claim core paths; they always remain under `/api/plugins/:pluginId/api/*`. +## Managed Paperclip resources + +Plugins that provide durable Paperclip business objects should declare them in +the manifest and let the host create or relink the actual records per company. +Do this for plugin-owned agents, plugin-owned projects, and recurring automation. +Do not hide long-lived work behind private plugin state when it should be visible +to the board, scoped to a company, audited, budgeted, and assigned like normal +Paperclip work. + +Use these surfaces: + +- Managed agents: declare top-level `agents[]` and require + `agents.managed`. Use this when the plugin provides a named worker the board + should see in the org, budget, pause, invoke, and inspect. Managed agents are + normal Paperclip agents with plugin ownership metadata, not background plugin + workers. +- Managed projects: declare top-level `projects[]` and require + `projects.managed`. Use this when the plugin needs a stable company-scoped + project for its issues, routines, or workspace-oriented UI. Keep plugin work + in a project instead of scattering generated issues across unrelated projects. +- Managed routines: declare top-level `routines[]` and require + `routines.managed`. Use this for scheduled, webhook, or manually triggered + jobs that should create visible Paperclip issues. Prefer managed routines over + plugin `jobs[]` for recurring business work; plugin jobs are for plugin + runtime maintenance that does not need a board-visible task trail. + +Managed resources are resolved by stable plugin keys, not hardcoded database +ids. In a worker action or data handler, call `ctx.agents.managed.reconcile()`, +`ctx.projects.managed.reconcile()`, and `ctx.routines.managed.reconcile()` for +the current `companyId`. `reconcile()` creates the missing resource, relinks a +recoverable binding, or returns the existing resource. `reset()` reapplies the +manifest defaults when the operator wants to restore the plugin's suggested +configuration. + +Declare dependencies between managed resources with refs. A routine can point +at a managed agent through `assigneeRef` and at a managed project through +`projectRef`. Reconcile the referenced agent and project before reconciling the +routine; if a ref is still missing, the routine resolution reports +`missing_refs` instead of guessing. + +```ts +import type { PaperclipPluginManifestV1 } from "@paperclipai/plugin-sdk"; + +const manifest: PaperclipPluginManifestV1 = { + id: "example.research-plugin", + apiVersion: 1, + version: "0.1.0", + displayName: "Research Plugin", + description: "Creates a managed research agent and scheduled research routine.", + author: "Example", + categories: ["automation"], + capabilities: [ + "agents.managed", + "projects.managed", + "routines.managed", + "instance.settings.register", + ], + entrypoints: { + worker: "./dist/worker.js", + ui: "./dist/ui", + }, + agents: [ + { + agentKey: "researcher", + displayName: "Researcher", + role: "research", + title: "Research Agent", + capabilities: "Runs recurring research briefs for this company.", + adapterPreference: ["codex_local", "claude_local", "process"], + instructions: { + content: "Follow the Paperclip heartbeat and produce concise research briefs.", + }, + }, + ], + projects: [ + { + projectKey: "research", + displayName: "Research", + description: "Recurring research work created by the Research Plugin.", + status: "in_progress", + }, + ], + routines: [ + { + routineKey: "weekly-brief", + title: "Weekly research brief", + description: "Create a short research brief for the board.", + assigneeRef: { resourceKind: "agent", resourceKey: "researcher" }, + projectRef: { resourceKind: "project", resourceKey: "research" }, + priority: "medium", + triggers: [ + { + kind: "schedule", + label: "Monday morning", + cronExpression: "0 9 * * 1", + timezone: "America/Chicago", + enabled: false, + }, + ], + }, + ], + ui: { + slots: [ + { + type: "settingsPage", + id: "settings", + displayName: "Research", + exportName: "SettingsPage", + }, + ], + }, +}; + +export default manifest; +``` + +In the worker, expose a small setup action or settings-page action that +reconciles the resources for the selected company: + +```ts +import { definePlugin } from "@paperclipai/plugin-sdk"; + +export default definePlugin({ + setup(ctx) { + ctx.actions.register("setup-company", async (params) => { + const companyId = String(params.companyId ?? ""); + if (!companyId) throw new Error("companyId is required"); + + const project = await ctx.projects.managed.reconcile("research", companyId); + const agent = await ctx.agents.managed.reconcile("researcher", companyId); + const routine = await ctx.routines.managed.reconcile("weekly-brief", companyId); + + return { project, agent, routine }; + }); + }, +}); +``` + +Authoring rules: + +- Keep keys stable once published. Renaming `agentKey`, `projectKey`, or + `routineKey` creates a new managed resource from the host's point of view. +- Use managed agents for plugin-provided labor. Use `ctx.agents.invoke()` or + `ctx.agents.sessions` only after you have a real agent id, either selected by + the operator or resolved from `ctx.agents.managed`. +- Use managed routines for recurring or externally triggered work that should + produce tasks. Schedule, webhook, and API triggers are visible routine + triggers, and each run has the normal Paperclip issue/audit trail. +- Use managed projects to keep plugin-generated work organized and to give + project-scoped plugin UI a stable home. For filesystem access inside a + project, still resolve project workspaces through `ctx.projects`. +- Keep defaults conservative. Managed declarations are suggestions owned by the + plugin, but the resulting resources are normal Paperclip records that the + operator can inspect, pause, and adjust. + UI: - `usePluginData` @@ -168,6 +326,187 @@ Mount surfaces currently wired in the host include: - `commentAnnotation` - `commentContextMenuItem` +## Shared host components + +Use shared components from `@paperclipai/plugin-sdk/ui` when the plugin needs a +Paperclip-native control. The host owns the implementation, so plugins inherit +the board's current styling, ordering, recent selections, and dark-mode behavior +without importing `ui/src` internals. + +Currently exposed components include: + +- `MarkdownBlock` and `MarkdownEditor` for rendered and editable markdown. +- `FileTree` for serializable file and directory trees. +- `IssuesList` for a native company-scoped issue table. +- `AssigneePicker` for the same agent/user selector used in the new issue pane. + Use the controlled `value` format `agent:`, `user:`, or `""`. +- `ProjectPicker` for the same project selector used in the new issue pane. + Use the controlled project id value, or `""` for no project. +- `ManagedRoutinesList` for plugin-owned routine settings pages. + +```tsx +import { AssigneePicker, ProjectPicker } from "@paperclipai/plugin-sdk/ui"; + +export function PluginAssignmentControls({ companyId }: { companyId: string }) { + const [assignee, setAssignee] = useState(""); + const [projectId, setProjectId] = useState(""); + + return ( + <> + setAssignee(value)} + /> + + + ); +} +``` + +## File and path UI + +Plugin UI often needs to render a file tree, accept a folder path, or browse a +project workspace. There are three different surfaces for that, and they map to +different trust and data-flow boundaries. Pick the surface that matches the +data the plugin actually has. + +### When to use the shared `FileTree` + +Use `FileTree` from `@paperclipai/plugin-sdk/ui` whenever the plugin only needs +to render a serializable file/directory list and react to selection or +expand/collapse. The host owns the implementation, so plugin UI inherits the +board's icons, indent, focus ring, and dark-mode styling without importing host +internals. + +```tsx +import { + FileTree, + type FileTreeNode, +} from "@paperclipai/plugin-sdk/ui"; + +const nodes: FileTreeNode[] = [ + { name: "AGENTS.md", path: "AGENTS.md", kind: "file", children: [] }, + { + name: "wiki", + path: "wiki", + kind: "dir", + children: [ + { name: "index.md", path: "wiki/index.md", kind: "file", children: [] }, + ], + }, +]; + +export function WikiTree() { + const [expanded, setExpanded] = useState>(() => new Set(["wiki"])); + const [selected, setSelected] = useState(null); + + return ( + setSelected(path)} + onToggleDir={(path) => + setExpanded((current) => { + const next = new Set(current); + next.has(path) ? next.delete(path) : next.add(path); + return next; + }) + } + /> + ); +} +``` + +Good fits: + +- LLM Wiki page navigation in `packages/plugins/plugin-llm-wiki` builds a + `FileTreeNode[]` from worker query results and renders it through `FileTree`. +- The example `plugin-file-browser-example` lazily fetches a directory's + children through a `loadFileList` action when `onToggleDir` fires, then + merges the children into the local tree state — letting the shared component + handle rendering and selection. + +Boundary rules: + +- Keep the prop surface serializable (`nodes`, `expandedPaths`, `checkedPaths`, + `fileBadges`, `fileTones`). Do not pass arbitrary render functions across the + plugin/host boundary in v1; the supported escape hatches are + `fileBadges` (status pill keyed by path) and `fileTones` (row tone keyed by + path). +- Do not import the host's `FileTree.tsx` or any `ui/src/*` module. The SDK + declaration is the only supported import path for plugin UI. +- The shared `FileTree` is for rendering and selection. Plugin-specific editors, + ingest flows, query forms, and lint runs stay inside the plugin and do not + belong as `FileTree` props. + +### When to declare `localFolders` + +When the plugin needs operator-configured filesystem roots — typically for +trusted local plugins like wiki tooling — declare `localFolders[]` on the +manifest and add the `local.folders` capability. The host renders a settings +surface for the operator to set the absolute path, validates the path +server-side (containment, symlinks, required files/directories), and exposes +`ctx.localFolders.readText()` and `ctx.localFolders.writeTextAtomic()` in the +worker. + +```ts +export const manifest = { + capabilities: ["local.folders"], + localFolders: [ + { + folderKey: "content-root", + displayName: "Content root", + access: "readWrite", + requiredDirectories: ["sources", "pages"], + requiredFiles: ["schema.md"], + }, + ], +}; +``` + +Use this when: + +- The data lives outside any project workspace. +- Reads and writes need company-scoped configuration. +- The operator picks the path once in plugin settings and the worker resolves + files relative to that root. + +Do not use `localFolders` to grant the UI direct browser-side access to the +filesystem — there is no such capability. The browser still goes through the +worker via `getData` / `performAction`, and the worker only exposes paths it +chose to expose. + +### When to keep worker-mediated project workspace browsing + +When the data lives inside an existing project workspace, keep the browsing +flow worker-mediated: + +- The worker uses `ctx.projects.listWorkspaces()` to resolve the workspace + path, then reads its filesystem with normal Node APIs. +- The plugin UI calls a `getData` handler for the root listing and an action + for lazy children, then renders them through `FileTree`. +- The worker is the only side that touches the disk. The browser receives a + serializable tree and never sees raw absolute paths it can replay. + +The example `plugin-file-browser-example` is the reference for this pattern: +the worker registers `fileList` (data) and `loadFileList` (action) over the +same handler, and the UI uses the action for on-toggle directory loading so the +shared `FileTree` stays the rendering surface. + +### Mixing surfaces + +A single plugin can use more than one of these. The LLM Wiki uses +`localFolders` for its content root, then renders the resulting page list +through `FileTree`. The file browser example uses `ctx.projects.listWorkspaces` +to pick a workspace and renders its on-disk tree through `FileTree` with lazy +loading. Pick the boundary per data source, not per plugin. + ## Company routes Plugins may declare a `page` slot with `routePath` to own a company route like: diff --git a/doc/plugins/PLUGIN_SPEC.md b/doc/plugins/PLUGIN_SPEC.md index ed8dea6b..31b9c9d0 100644 --- a/doc/plugins/PLUGIN_SPEC.md +++ b/doc/plugins/PLUGIN_SPEC.md @@ -27,7 +27,7 @@ Current limitations to keep in mind: - Published npm packages are the intended install artifact for deployed plugins. - The repo example plugins under `packages/plugins/examples/` are development conveniences. They work from a source checkout and should not be assumed to exist in a generic published build unless they are explicitly shipped with that build. - Dynamic plugin install is not yet cloud-ready for horizontally scaled or ephemeral deployments. There is no shared artifact store, install coordination, or cross-node distribution layer yet. -- The current runtime does not yet ship a real host-provided plugin UI component kit, and it does not support plugin asset uploads/reads. Treat those as future-scope ideas in this spec, not current implementation promises. +- The current runtime ships a small host-provided plugin UI component kit through `@paperclipai/plugin-sdk/ui`, but does not support plugin asset uploads/reads yet. Treat plugin asset APIs as future-scope ideas, not current implementation promises. - Scoped plugin API routes are JSON-only and must be declared in `apiRoutes`. They mount under `/api/plugins/:pluginId/api/*`; plugins cannot shadow core API routes. @@ -976,13 +976,23 @@ export function DashboardWidget({ context }: PluginWidgetProps) { The SDK includes a `ui` subpath export that plugin frontends import. This subpath provides: -- **Bridge hooks**: `usePluginData(key, params)`, `usePluginAction(key)`, `useHostContext()` +- **Bridge hooks**: `usePluginData(key, params)`, `usePluginAction(key)`, `useHostContext()`, `useHostNavigation()` - **Design tokens**: colors, spacing, typography, shadows matching the host theme - **Shared components**: `MetricCard`, `StatusBadge`, `DataTable`, `LogView`, `ActionBar`, `Spinner`, etc. - **Type definitions**: `PluginPageProps`, `PluginWidgetProps`, `PluginDetailTabProps` Plugins are encouraged but not required to use the shared components. A plugin may render entirely custom UI as long as it communicates through the bridge. +`useHostNavigation()` is the supported way for plugin UI to navigate to +Paperclip-internal pages. It exposes `resolveHref(to)`, `navigate(to, +options?)`, and `linkProps(to, options?)`. Plugin links should prefer +`linkProps()` so anchors keep real `href` values for copy-link, modifier-click, +middle-click, and open-in-new-tab behavior while plain left-clicks route through +the host SPA router. The host resolves company-scoped paths against the active +company prefix without double-prefixing already-prefixed paths. Plugin UI should +not use raw same-origin `href`s or `window.location.assign()` for internal +Paperclip navigation because those can force a full document reload. + ### 19.0.2 Bundle Isolation Plugin UI bundles are loaded as standard ES modules, not iframed. This gives plugins full rendering performance and access to the host's design tokens. @@ -1062,6 +1072,11 @@ The host SDK ships shared components that plugins can import to quickly build UI | `LogView` | Scrollable log output with timestamps | Webhook deliveries, job output, process logs | | `JsonTree` | Collapsible JSON tree for debugging | Raw API responses, plugin state inspection | | `Spinner` | Loading indicator | Data fetch states | +| `FileTree` | Host-styled file/directory tree | Wiki pages, workspace files, import previews | +| `IssuesList` | Host issue list | Plugin pages that need a native issue view | +| `AssigneePicker` | Host assignee picker for agents and board users | Creating issues, assigning routines, filtering work | +| `ProjectPicker` | Host project picker | Creating issues, scoping dashboards, filtering work | +| `ManagedRoutinesList` | Host routine list | Plugin settings pages that manage routines | Plugins may also use entirely custom components. The shared components exist to reduce boilerplate and keep visual consistency, not to limit what plugins can render. diff --git a/doc/pr/5429/env-editor-with-secrets.png b/doc/pr/5429/env-editor-with-secrets.png new file mode 100644 index 00000000..ad426135 Binary files /dev/null and b/doc/pr/5429/env-editor-with-secrets.png differ diff --git a/doc/pr/5429/secret-binding-picker.png b/doc/pr/5429/secret-binding-picker.png new file mode 100644 index 00000000..d5b0cc8a Binary files /dev/null and b/doc/pr/5429/secret-binding-picker.png differ diff --git a/doc/pr/5429/secrets-inventory.png b/doc/pr/5429/secrets-inventory.png new file mode 100644 index 00000000..13fb20f2 Binary files /dev/null and b/doc/pr/5429/secrets-inventory.png differ diff --git a/docs/api/routines.md b/docs/api/routines.md index eb6b9adc..2ad279a7 100644 --- a/docs/api/routines.md +++ b/docs/api/routines.md @@ -75,11 +75,28 @@ Fields: ``` PATCH /api/routines/{routineId} { - "status": "paused" + "status": "paused", + "baseRevisionId": "{latestRevisionId}" } ``` -All fields from create are updatable. **Agents can only update routines assigned to themselves and cannot reassign a routine to another agent.** +All fields from create are updatable. `baseRevisionId` is optional for backward compatibility; when provided, stale values return `409 Conflict` with the current revision id. **Agents can only update routines assigned to themselves and cannot reassign a routine to another agent.** + +## List Revisions + +``` +GET /api/routines/{routineId}/revisions +``` + +Returns append-only routine definition revisions newest first. Snapshots include routine fields and safe trigger metadata only; webhook secret values and `secretId` are never returned. + +## Restore Revision + +``` +POST /api/routines/{routineId}/revisions/{revisionId}/restore +``` + +Restores a historical routine definition by creating a new latest revision copied from the selected revision. Historical revision rows, routine run history, and activity history are preserved. If restoring a deleted webhook trigger requires recreating it, the response can include one-time replacement secret material for that trigger. ## Add Trigger diff --git a/docs/api/secrets-remote-import.md b/docs/api/secrets-remote-import.md new file mode 100644 index 00000000..8b3c9099 --- /dev/null +++ b/docs/api/secrets-remote-import.md @@ -0,0 +1,133 @@ +--- +title: Secrets Remote Import +summary: AWS Secrets Manager metadata-only remote import API +--- + +Remote import lets the board link existing AWS Secrets Manager entries as +Paperclip `external_reference` secrets without copying plaintext into +Paperclip. + +Both routes are board-only and company-scoped. The selected provider vault must +belong to the company, use `aws_secrets_manager`, and have a selectable status +(`ready` or `warning`). Disabled, coming-soon, or cross-company vaults are +rejected. + +Remote import is an inventory and metadata workflow. Preview calls AWS +`ListSecrets` only and import stores a Paperclip external reference plus +fingerprint/version metadata. Neither route calls `GetSecretValue` or +`BatchGetSecretValue`, requests `SecretString`, requires KMS decrypt, logs raw +remote metadata, or copies secret plaintext into Paperclip. + +## Preview Remote AWS Secrets + +``` +POST /api/companies/{companyId}/secrets/remote-import/preview +{ + "providerConfigId": "", + "query": "stripe", + "nextToken": "optional-provider-page-token", + "pageSize": 50 +} +``` + +`query` is optional and is sent to AWS as an inventory filter. Treat it as +non-secret metadata because AWS may record list request parameters in +CloudTrail. `nextToken` is an opaque AWS cursor; pass it back unchanged. +`pageSize` is capped at 100. + +Response: + +```json +{ + "providerConfigId": "", + "provider": "aws_secrets_manager", + "nextToken": null, + "candidates": [ + { + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/stripe", + "remoteName": "prod/stripe", + "name": "prod/stripe", + "key": "prod-stripe", + "providerVersionRef": null, + "providerMetadata": { + "lastChangedDate": "2026-05-06T00:00:00.000Z", + "hasDescription": true + }, + "status": "ready", + "importable": true, + "conflicts": [] + } + ] +} +``` + +Candidate `status` values: + +- `ready`: no existing exact external reference and no name/key collision. +- `duplicate`: an existing secret already has the exact provider `externalRef`. +- `conflict`: the suggested Paperclip `name` or `key` is already in use. + +Conflict `type` values are `exact_reference`, `name`, `key`, and +`provider_guardrail`. AWS refs under Paperclip's own managed namespace are +blocked as external references so one company cannot import another company's +Paperclip-managed AWS secret through a broad runtime role. + +## Import Remote AWS Secret References + +``` +POST /api/companies/{companyId}/secrets/remote-import +{ + "providerConfigId": "", + "secrets": [ + { + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/stripe", + "name": "Stripe production key", + "key": "stripe-production-key", + "description": "Stripe key used by production checkout", + "providerVersionRef": null, + "providerMetadata": { + "lastChangedDate": "2026-05-06T00:00:00.000Z", + "hasDescription": true + } + } + ] +} +``` + +The import response is row-level. Ready rows become active +`external_reference` secrets with version metadata only. Exact-reference +duplicates and name/key conflicts are skipped without failing the whole request. +The `secrets` array accepts 1-100 rows, and the backend re-checks duplicates and +conflicts at submit time. +Each row may include an optional Paperclip `description` entered during review; +blank descriptions are stored as `null`. AWS provider descriptions are not +copied into this field. + +```json +{ + "providerConfigId": "", + "provider": "aws_secrets_manager", + "importedCount": 1, + "skippedCount": 1, + "errorCount": 0, + "results": [ + { + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/stripe", + "name": "Stripe production key", + "key": "stripe-production-key", + "status": "imported", + "reason": null, + "secretId": "", + "conflicts": [] + } + ] +} +``` + +Activity logs record aggregate counts and provider/vault ids only, not remote +secret names, ARNs, tags, or values. + +Imported references may still fail during a future bound runtime resolution if +the Paperclip runtime role can list the AWS secret but lacks +`secretsmanager:GetSecretValue` or required KMS decrypt permission for that +specific secret. diff --git a/docs/api/secrets.md b/docs/api/secrets.md index 49a36e0e..93a56b60 100644 --- a/docs/api/secrets.md +++ b/docs/api/secrets.md @@ -25,16 +25,357 @@ POST /api/companies/{companyId}/secrets The value is encrypted at rest. Only the secret ID and metadata are returned. -## Update Secret +To link a provider-owned secret without copying the value into Paperclip, create +an external-reference secret: + +```json +{ + "name": "prod-stripe-key", + "provider": "aws_secrets_manager", + "managedMode": "external_reference", + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod/stripe", + "providerVersionRef": "version-id-or-label" +} +``` + +Paperclip stores the provider reference and a non-sensitive fingerprint only. +The value is resolved, when the provider is configured, through the server +runtime path that enforces binding context and records access events. + +## Provider Health ``` -PATCH /api/secrets/{secretId} +GET /api/companies/{companyId}/secret-providers/health +``` + +Returns provider setup diagnostics, warnings, and local backup guidance. Health +responses must not include secret values or provider credentials. + +For `aws_secrets_manager`, an unready health response names the missing +non-secret provider environment variables, the AWS SDK default credential source +expected by the server runtime, and the custody rule that AWS bootstrap +credentials must not be stored in Paperclip `company_secrets`. + +The equivalent CLI check is: + +```sh +pnpm paperclipai secrets doctor --company-id {companyId} +``` + +## Provider Vaults + +Provider vaults are named, company-scoped configurations that route secret +material to one of the supported provider backends. See the +[secrets deploy guide](/deploy/secrets#provider-vaults) for the operator model +and custody rules. + +All routes below require board auth and company access. Mutating routes emit +`secret_provider_config.*` activity-log entries. No route in this surface +returns provider credential values; submitting credential-shaped fields in +`config` is rejected at validation time. + +### List Vaults + +``` +GET /api/companies/{companyId}/secret-provider-configs +``` + +Returns every vault for the company (including disabled rows for audit), each +with id, provider, displayName, status, isDefault, non-sensitive `config`, +latest health snapshot (`healthStatus`, `healthCheckedAt`, `healthMessage`, +`healthDetails`), `disabledAt`, and audit columns. + +### Create Vault + +``` +POST /api/companies/{companyId}/secret-provider-configs +{ + "provider": "aws_secrets_manager", + "displayName": "Prod US-East", + "isDefault": true, + "config": { + "region": "us-east-1", + "namespace": "paperclip", + "secretNamePrefix": "paperclip", + "kmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/abcd-...", + "environmentTag": "production" + } +} +``` + +Per-provider `config` shapes: + +- `local_encrypted`: optional `backupReminderAcknowledged: boolean`. +- `aws_secrets_manager`: required `region`; optional `namespace`, + `secretNamePrefix`, `kmsKeyId`, `ownerTag`, `environmentTag`. +- `gcp_secret_manager` (coming soon): optional `projectId`, `location`, + `namespace`, `secretNamePrefix`. +- `vault` (coming soon): optional origin-only HTTPS `address`, `namespace`, + `mountPath`, `secretPathPrefix`. `address` values with embedded credentials, + paths, query strings, or fragments are rejected. + +`status` defaults to `ready` for `local_encrypted` and `aws_secrets_manager`, +and to `coming_soon` for `gcp_secret_manager` and `vault`. Coming-soon and +disabled vaults cannot be marked `isDefault`. Setting `isDefault: true` clears +the previous default for the same provider in the same transaction. + +### Get Vault + +``` +GET /api/secret-provider-configs/{id} +``` + +### Update Vault + +``` +PATCH /api/secret-provider-configs/{id} +{ + "displayName": "Prod US-East-2", + "config": { + "region": "us-east-2", + "kmsKeyId": "arn:aws:kms:us-east-2:123456789012:key/abcd-..." + } +} +``` + +`config` is replaced wholesale on update — pass the full provider config +payload, not a partial diff. Status transitions for `gcp_secret_manager` and +`vault` are constrained to `coming_soon` and `disabled` until their runtime +modules ship. + +### Disable Vault + +``` +DELETE /api/secret-provider-configs/{id} +``` + +Soft-deletes the vault: status flips to `disabled`, `isDefault` clears, and +`disabledAt` is stamped. Disabled vaults remain in `GET` results for audit +purposes but are no longer offered in the secret create/rotate flow. + +### Set Default + +``` +POST /api/secret-provider-configs/{id}/default +``` + +Marks the target vault as the default for its provider family and clears the +previous default. Returns 422 when the target is `coming_soon` or `disabled`. + +### Run Health Check + +``` +POST /api/secret-provider-configs/{id}/health +``` + +Runs a provider-specific health probe and persists the result on the vault. +Response shape: + +```json +{ + "configId": "", + "provider": "aws_secrets_manager", + "status": "ready" | "warning" | "error" | "coming_soon" | "disabled", + "message": "Provider vault is ready to handle managed writes", + "details": { + "code": "provider_ready", + "message": "...", + "guidance": ["..."] + }, + "checkedAt": "2026-05-06T14:00:00.000Z" +} +``` + +Health responses never include provider credentials or secret values. For AWS +vaults, `details.guidance` may include missing non-secret env names and the +expected AWS SDK credential source; coming-soon vaults always return +`status: "coming_soon"` with `code: "runtime_locked"` and never call into +provider modules. + +### Selecting A Vault When Creating Or Rotating Secrets + +`POST /api/companies/{companyId}/secrets` and +`POST /api/secrets/{secretId}/rotate` both accept an optional +`providerConfigId` field that pins the secret to a specific vault. When +omitted (or null), the operation runs through the deployment-level provider +configuration — the same path existing installs already use. The board UI +preselects the company's default vault for the chosen provider before +submitting, so callers should usually send an explicit `providerConfigId`. +Coming-soon and disabled vaults are rejected with a 422; a vault that does not +match the secret's provider is rejected the same way. + +```json +POST /api/companies/{companyId}/secrets +{ + "name": "prod-stripe-key", + "provider": "aws_secrets_manager", + "providerConfigId": "", + "managedMode": "external_reference", + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod/stripe" +} +``` + +### Response Redaction Rules + +Every route in this surface enforces the same redaction contract: + +- Secret values are never returned. The board UI never has a "reveal value" + affordance; resolution happens server-side at runtime under a binding. +- Provider credential values are never accepted, stored, returned, logged, or + echoed in error messages. Submitting credential-shaped fields fails + validation with a non-leaking error. +- Activity log entries record vault id, provider, displayName, status, and + isDefault transitions — never `config` payloads or health detail bodies. + +## Remote Import From AWS Secrets Manager + +Remote import links existing AWS Secrets Manager entries into Paperclip as +`external_reference` secrets. Import stores provider reference metadata only; it +does not copy the remote secret plaintext into Paperclip. + +The routes are board-only and company-scoped. `providerConfigId` must point to +a same-company AWS provider vault with status `ready` or `warning`. Disabled, +coming-soon, non-AWS, and cross-company vaults are rejected. Imported secrets +resolve later through the selected vault, so runtime reads still need +`secretsmanager:GetSecretValue` and any required KMS decrypt permission on the +selected external secret. + +### Preview Remote Import Candidates + +``` +POST /api/companies/{companyId}/secrets/remote-import/preview +{ + "providerConfigId": "", + "query": "stripe", + "nextToken": "opaque-provider-token", + "pageSize": 50 +} +``` + +`query` is optional and is passed to AWS Secrets Manager inventory filtering. +Treat it as non-secret metadata because AWS may record list request parameters +in CloudTrail. `nextToken` is an opaque AWS cursor; callers must pass it back +unchanged and must not synthesize offsets. `pageSize` is optional, defaults to +50 in the UI, and is capped at 100. + +Preview uses AWS `ListSecrets` only. It must not call `GetSecretValue` or +`BatchGetSecretValue`, must not request `SecretString`, and must not require KMS +decrypt. The response contains sanitized metadata for display and conflict +decisions: + +```json +{ + "providerConfigId": "", + "provider": "aws_secrets_manager", + "nextToken": null, + "candidates": [ + { + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/stripe", + "remoteName": "prod/stripe", + "name": "prod/stripe", + "key": "prod-stripe", + "providerVersionRef": null, + "providerMetadata": { + "createdDate": "2026-05-06T00:00:00.000Z", + "lastChangedDate": "2026-05-06T00:00:00.000Z", + "hasDescription": true, + "hasKmsKey": true, + "tagCount": 3 + }, + "status": "ready", + "importable": true, + "conflicts": [] + } + ] +} +``` + +Candidate statuses: + +- `ready`: the row can be selected for import. +- `duplicate`: a Paperclip secret already links the same canonical provider + reference for the same provider vault. +- `conflict`: the row has a name/key collision or provider guardrail failure. + +Conflict types are `exact_reference`, `name`, `key`, and +`provider_guardrail`. AWS refs under Paperclip's own managed namespace are +blocked as external references; use the Paperclip-managed secret flow for those +resources instead. + +### Import Selected Remote References + +``` +POST /api/companies/{companyId}/secrets/remote-import +{ + "providerConfigId": "", + "secrets": [ + { + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/stripe", + "name": "Stripe production key", + "key": "stripe-production-key", + "description": "Stripe key used by production checkout", + "providerVersionRef": null, + "providerMetadata": { + "createdDate": "2026-05-06T00:00:00.000Z" + } + } + ] +} +``` + +The `secrets` array accepts 1-100 rows. Each row may override the suggested +Paperclip `name`, `key`, optional Paperclip `description`, +`providerVersionRef`, and sanitized `providerMetadata`. Blank descriptions are +stored as `null`; AWS provider descriptions are not copied into Paperclip +descriptions. The backend re-checks duplicate refs and name/key conflicts at +submit time; a stale preview does not bypass those checks. + +The import response is row-level: + +```json +{ + "providerConfigId": "", + "provider": "aws_secrets_manager", + "importedCount": 1, + "skippedCount": 1, + "errorCount": 0, + "results": [ + { + "externalRef": "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/stripe", + "name": "Stripe production key", + "key": "stripe-production-key", + "status": "imported", + "reason": null, + "secretId": "", + "conflicts": [] + } + ] +} +``` + +Row statuses: + +- `imported`: Paperclip created an active `external_reference` secret and one + metadata-only version row. +- `skipped`: the row had an exact-reference duplicate or name/key conflict. +- `error`: the provider rejected the reference or the row failed validation. + +Activity logs for preview/import store aggregate counts, provider id, and vault +id only. They must not store remote secret names, ARNs, descriptions, tags, +plaintext values, provider credentials, or raw AWS error blobs. + +## Rotate Secret + +``` +POST /api/secrets/{secretId}/rotate { "value": "sk-ant-new-value..." } ``` -Creates a new version of the secret. Agents referencing `"version": "latest"` automatically get the new value on next heartbeat. +Creates a new version of the secret. Agents referencing `"version": "latest"` +automatically get the new value on next heartbeat. Pin to a specific version +when a bad `latest` rollout would affect many agents at once. ## Using Secrets in Agent Config @@ -52,4 +393,20 @@ Reference secrets in agent adapter config instead of inline values: } ``` -The server resolves and decrypts secret references at runtime, injecting the real value into the agent process environment. +The server resolves and decrypts secret references at runtime, injecting the +real value into the agent process environment. Paperclip's custody guarantees +end at injection: the agent process can read, log, or forward the value, so +treat any secret bound to an agent as exposed to that agent. See the custody +boundaries note in the [secrets deploy guide](/deploy/secrets#custody-boundaries). + +## Portability + +Company export/import APIs represent agent and project environment requirements +as declarations in the package manifest. Exports omit secret values, secret IDs, +provider references, and encrypted provider material. Use: + +```sh +pnpm paperclipai secrets declarations --company-id {companyId} +``` + +to inspect the declarations that an export would emit before moving a package. diff --git a/docs/assets/pr-5426/scheduled-retry-story-desktop.png b/docs/assets/pr-5426/scheduled-retry-story-desktop.png new file mode 100644 index 00000000..3f0c875d Binary files /dev/null and b/docs/assets/pr-5426/scheduled-retry-story-desktop.png differ diff --git a/docs/assets/pr-5426/scheduled-retry-story-mobile.png b/docs/assets/pr-5426/scheduled-retry-story-mobile.png new file mode 100644 index 00000000..97b02b7d Binary files /dev/null and b/docs/assets/pr-5426/scheduled-retry-story-mobile.png differ diff --git a/docs/cli/overview.md b/docs/cli/overview.md index 8bcf78aa..f160832b 100644 --- a/docs/cli/overview.md +++ b/docs/cli/overview.md @@ -57,6 +57,16 @@ pnpm paperclipai context set --api-key-env-var-name PAPERCLIP_API_KEY export PAPERCLIP_API_KEY=... ``` +Secret operations are available under `paperclipai secrets`: + +```sh +pnpm paperclipai secrets declarations --company-id --kind secret +pnpm paperclipai secrets create --company-id --name anthropic-api-key --value-env ANTHROPIC_API_KEY +pnpm paperclipai secrets link --company-id --name prod-stripe-key --provider aws_secrets_manager --external-ref +pnpm paperclipai secrets doctor --company-id +pnpm paperclipai secrets migrate-inline-env --company-id --apply +``` + Context is stored at `~/.paperclip/context.json`. ## Command Categories diff --git a/docs/cli/setup-commands.md b/docs/cli/setup-commands.md index bb3cf17f..f6284aba 100644 --- a/docs/cli/setup-commands.md +++ b/docs/cli/setup-commands.md @@ -67,7 +67,8 @@ Validates: - Server configuration - Database connectivity -- Secrets adapter configuration +- Secrets adapter configuration, including AWS Secrets Manager non-secret env + config when selected - Storage configuration - Missing key files @@ -81,6 +82,13 @@ pnpm paperclipai configure --section secrets pnpm paperclipai configure --section storage ``` +`--section secrets` updates the deployment-level provider used as the fallback +for secrets that do not target a specific company vault. Per-company provider +vaults (named instances, default vault selection, multiple vaults per provider, +coming-soon GCP/Vault) live in the board UI under +`Company Settings → Secrets → Provider vaults` and the +`/api/companies/{companyId}/secret-provider-configs` API. + ## `paperclipai env` Show resolved environment configuration: diff --git a/docs/deploy/secrets.md b/docs/deploy/secrets.md index 3ef1c689..41fa9df3 100644 --- a/docs/deploy/secrets.md +++ b/docs/deploy/secrets.md @@ -5,6 +5,52 @@ summary: Master key, encryption, and strict mode Paperclip encrypts secrets at rest using a local master key. Agent environment variables that contain sensitive values (API keys, tokens) are stored as encrypted secret references. +## Custody Boundaries + +Paperclip protects secret values up to the moment they are handed to an agent +or workload: + +- Storage: values are encrypted at rest by the active provider. The local + provider keeps them encrypted with a key that never leaves the host. +- Transport: values are decrypted server-side and injected into the agent + process environment, SSH command env, sandbox driver, or HTTP request + immediately before the call. Paperclip does not return decrypted values to + the board UI. +- Audit: each resolution records a non-sensitive event (secret id, version, + provider id, consumer, outcome) without the value or provider credentials. + +Once a value reaches the consuming process, Paperclip can no longer guarantee +secrecy. The agent (or sandbox, or remote host) can read the value, write it to +its own logs or transcript, or pass it to downstream tools. Treat any secret +you bind to an agent as exposed to that agent. Limit blast radius with bindings +(only bind what each agent needs), short-lived provider credentials where the +provider supports them, and rotation when an agent transcript or downstream +system might have captured a value. + +## Using Secrets In Runs + +Creating a company secret does not automatically create an environment variable. +You use a secret by binding it into an agent, project, environment, or plugin +configuration field that supports secret references. + +For agent and project environment variables: + +1. Create or link the secret in `Company Settings > Secrets`. +2. Open the agent's `Environment variables` field, or the project's `Env` + field. +3. Add the environment variable key the process expects, such as `GH_TOKEN` or + `OPENAI_API_KEY`. +4. Set the row source to `Secret`, select the stored secret, and choose either + `latest` or a pinned version. + +At runtime, Paperclip resolves the selected secret server-side and injects the +resolved value under the env key from the binding row. The stored secret name +can be human-readable; the binding key is what the agent process receives. + +Project env applies to every issue run in that project. When a project env key +matches an agent env key, the project value wins before Paperclip injects its +own `PAPERCLIP_*` runtime variables. + ## Default Provider: `local_encrypted` Secrets are encrypted with a local master key stored at: @@ -14,6 +60,13 @@ Secrets are encrypted with a local master key stored at: ``` This key is auto-created during onboarding. The key never leaves your machine. +Paperclip best-effort enforces `0600` permissions when it creates or loads the +key file. `paperclipai doctor` and the provider health API warn when the file is +readable by group or other users. + +Back up the key file together with database backups. A database backup without +the key cannot decrypt local secrets, and a key backup without the database +metadata is not enough to restore named secret versions. ## Configuration @@ -35,6 +88,7 @@ Validate secrets config: ```sh pnpm paperclipai doctor +pnpm paperclipai secrets doctor --company-id ``` ### Environment Overrides @@ -55,15 +109,279 @@ PAPERCLIP_SECRETS_STRICT_MODE=true Recommended for any deployment beyond local trusted. +Authenticated deployments default strict mode on unless explicitly overridden by +configuration or `PAPERCLIP_SECRETS_STRICT_MODE=false`. + +## External References + +Provider-owned secrets can be linked without copying values into Paperclip by +using `managedMode: "external_reference"` plus a provider `externalRef`. +Paperclip stores metadata and a non-sensitive fingerprint, never the value. +Runtime resolution remains server-side and binding-enforced. + +The built-in AWS, GCP, and Vault provider IDs currently accept external +reference metadata, but runtime resolution requires provider configuration in the +deployment. Their provider health check reports this as a warning until +configured. + +For hosted Paperclip Cloud on AWS, see the AWS Secrets Manager operational +contract — required env vars, IAM/KMS scoping, naming and tag conventions, and +backup/rotation/incident runbooks — in `doc/SECRETS-AWS-PROVIDER.md`. + +## Provider Vaults + +A *provider vault* is a named, company-scoped configuration that points secret +material at one of the supported provider backends. Each company can configure +multiple vaults, including more than one vault per provider family, and pick a +default vault per family for new secret operations. Existing secrets created +before any vault was configured continue to resolve through the deployment-level +default provider — no migration is required. + +### Where to configure + +Open `Company Settings → Secrets` in the board UI and switch to the +`Provider vaults` tab. From there you can: + +- Create a vault for any supported provider family. +- Edit the non-secret config of an existing vault. +- Set one ready vault per provider family as the company default. +- Disable a vault (a soft delete that keeps audit history). +- Run a health check against a vault and read the latest result inline. + +The same operations are exposed under +`/api/companies/{companyId}/secret-provider-configs` for automation. See the +[secrets API reference](/api/secrets#provider-vaults) for the full route table. + +### Custody Of Provider Credentials + +Provider vaults intentionally store only **non-sensitive** configuration: +region, project id, namespace, prefix, KMS key id, mount path, address, and +similar routing metadata. The API, UI, and activity log never accept, return, +or display provider credential values. Submitting fields with names like +`accessKeyId`, `secretAccessKey`, `token`, `password`, `serviceAccountJson`, +`privateKey`, `keyFile`, `unsealKey`, or any common credential alias is rejected +at validation time. + +That keeps the bootstrap rule from the AWS provider applicable to every +provider family: **provider credentials live in deployment infrastructure +identity, not in Paperclip company secrets**. Allowed credential sources are +workload identity attached to the Paperclip server (instance profile, IRSA, ECS +task role), `AWS_PROFILE` / SSO / shared config for local runs, an orchestrator +secret store that boots the server, or short-lived shell credentials for local +development. Do not paste long-lived API keys into the vault config. + +### Vault Status + +Each vault carries a status that drives what the runtime can do with it: + +| Status | Meaning | +|---------------|-----------------------------------------------------------------------------------------------| +| `ready` | Selectable for create/rotate/resolve. Eligible to be the default. | +| `warning` | Saved config exists but health needs attention (for example missing AWS env). Still selectable. | +| `coming_soon` | Visible and editable as draft metadata, but locked out of all runtime operations. | +| `disabled` | Soft-deleted. Hidden from the secret create/rotate flow. | + +`gcp_secret_manager` and `vault` are pinned to `coming_soon` until their +runtime modules ship. The settings UI lets you save draft configuration for +those providers (and surfaces them on the vault list), but secret create, +rotate, and resolve calls that target a coming-soon vault fail with a clear +runtime-locked error. + +### Default Vault Behavior + +A company can mark **one** ready (or warning) vault per provider family as the +default. The secret create and rotate dialogs preselect the default vault for +the chosen provider so operators don't have to remember which vault to pick. +Coming-soon and disabled vaults cannot be marked default; attempting to do so +returns a validation error. Setting a new default automatically clears the +previous default for that provider. + +If a secret is created without any `providerConfigId` (no vaults exist yet, or +the operator clears the selector), runtime resolution falls back to the +deployment-level provider configuration — the same path existing installs use. +This keeps secrets created before any provider vault was configured working +without migration. Picking the default in the UI is an explicit selection, not +a runtime fallback: the create call still sends an explicit `providerConfigId`. + +### Multiple Vaults Per Provider + +Multiple vaults from the same provider family are first-class. Common patterns: + +- Two AWS vaults pointing at different regions or KMS keys for environment + separation. +- A staging Vault address alongside a production address. +- A dedicated GCP project for a single product line while the rest of the + company uses another. + +Each vault has its own display name, status, default flag, and health record. +Operators choose the vault explicitly when creating or rotating a secret; the +default vault is preselected to avoid accidental routing to the wrong account. + +### Per-Vault Health Checks + +`POST /api/secret-provider-configs/{id}/health` runs a provider-specific health +probe and stores the result on the vault row. The settings UI exposes the same +action and renders the result inline. Health responses include a status, +operator-facing message, and structured guidance (such as missing env var +names, expected credential sources, and backup reminders). They never include +provider credentials or secret values. Coming-soon vaults always return a +`runtime_locked` health code and never call into provider modules. + +### Provider-Specific Notes + +**Local encrypted vaults** wrap the existing `local_encrypted` provider. The +master key path and rotation guidance described above still applies. A local +vault config is mostly bookkeeping plus an explicit acknowledgement that the +key file is backed up alongside the database. + +**AWS Secrets Manager vaults** read the per-vault `region`, `namespace`, +`secretNamePrefix`, `kmsKeyId`, `ownerTag`, and `environmentTag` to route +managed writes and external-reference reads. The vault config supplements (and +can override) the deployment-level `PAPERCLIP_SECRETS_AWS_*` env. Bootstrap +credentials still come from the AWS SDK default credential chain — see +`doc/SECRETS-AWS-PROVIDER.md` for the full IAM and KMS contract. + +**GCP Secret Manager** and **HashiCorp Vault** vaults are coming soon. You can +save draft `projectId`, `location`, `namespace`, `address`, and `mountPath` +metadata so the company is ready to flip them on when the provider modules +ship. Vault `address` values must be origin-only `http(s)://host[:port]` URLs; +addresses with embedded credentials, paths, query strings, or fragments are +rejected. + +### Remote Import From AWS Vaults + +AWS provider vaults can import existing AWS Secrets Manager entries as +Paperclip `external_reference` secrets. This is a metadata-only link: Paperclip +stores the AWS ARN/path, a fingerprint/version reference, and binding metadata. +It does not read, copy, store, log, or display the remote plaintext secret +value during preview or import. + +Operator flow in the board UI: + +1. Open `Company Settings -> Secrets`. +2. Confirm at least one AWS provider vault is `ready` or `warning`. +3. In the `Secrets` tab, choose `Import from vault`. +4. Select an AWS vault, search the remote inventory, and load more pages as + needed. +5. Check the rows to import, review/edit the Paperclip name and key, then + submit. +6. Review the result summary for created, skipped, and failed rows. + +The preview list is intentionally paged and search-first. AWS accounts can have +large per-Region inventories, and `ListSecrets` returns opaque `NextToken` +cursors. Do not expect Paperclip to crawl a whole account in the background; +load pages deliberately and retry throttled requests with backoff. + +Remote import exposes AWS secret metadata visible to the Paperclip runtime +role, including names/ARNs and safe derived fields such as dates, whether a +description or KMS key exists, and tag count. Treat names, ARNs, tags, and +search text as operational metadata that may be sensitive. The API and activity +log must not store raw descriptions, tags, plaintext values, provider +credentials, or raw AWS error blobs. + +Required AWS posture: + +- Preview needs optional `secretsmanager:ListSecrets` permission on + `Resource: "*"`. AWS does not support constraining `ListSecrets` to + individual secret ARNs or tags as an IAM boundary. +- Preview/import must not call `secretsmanager:GetSecretValue`, + `secretsmanager:BatchGetSecretValue`, or KMS decrypt. +- Runtime resolution of an imported reference still needs + `secretsmanager:GetSecretValue` on the selected external ARN/path and KMS + decrypt when that secret uses a customer-managed key. +- Keep managed create/rotate/delete permissions scoped to the Paperclip + deployment prefix. Do not broaden managed write/delete permissions just + because import inventory is enabled. + +Safe scoping comes from deployment posture rather than AWS list filtering: +dedicated Paperclip runtime roles per environment/account, AWS vaults pointed at +the intended account and Region, import-enabled roles only where inventory +exposure is acceptable, and board-only access to the import routes. Tags and +name filters are search aids, not a permission model. + +If import preview fails: + +- `AccessDenied` or `not authorized`: the runtime role is missing + `secretsmanager:ListSecrets`; add the optional inventory statement only if + remote import should be enabled for that vault. +- Throttling: retry after a short delay and narrow the search before loading + more pages. +- Invalid cursor: refresh the preview; AWS `NextToken` values are opaque and + can expire or become stale. +- Runtime resolution failure after import: verify `GetSecretValue` and KMS + decrypt scope for the selected external secret. Being visible in inventory is + not proof that the runtime role can read the value. + +### Backup And Restore + +Each provider family has a different backup story: + +- `local_encrypted`: back up the local master key file and the Paperclip + database together. Either alone is not enough to restore the encrypted + values, and the vault row only records the path and acknowledgement, not the + key bytes. +- `aws_secrets_manager`: back up Paperclip's database for vault metadata + (vault id, region, prefix, KMS key id, default flag, bindings, version + pointers). The actual secret values live in AWS Secrets Manager under the + configured prefix; restore by pointing the same Paperclip company at the + same AWS namespace and confirming the runtime role still has + `GetSecretValue` plus KMS decrypt. The full restore checklist lives in + `doc/SECRETS-AWS-PROVIDER.md`. +- `gcp_secret_manager` and `vault`: while these are coming soon, only the + draft vault config exists in Paperclip. Database backups capture it. There + is nothing to restore on the provider side until runtime support lands. + +### AWS Provider Bootstrap Boundary + +The AWS Secrets Manager provider cannot bootstrap itself from Paperclip +`company_secrets`. Its initial AWS access must be present before the server can +create or resolve AWS-backed company secrets, regardless of whether you use the +deployment-level default or a per-company vault. + +For Paperclip Cloud, provision the server runtime IAM role/workload identity, +KMS key, deployment prefix, and non-secret `PAPERCLIP_SECRETS_AWS_*` environment +configuration before enabling AWS-backed secrets in the board UI. For +self-hosted and local runs, use the AWS SDK default credential chain: instance +profile, ECS task role, EKS IRSA/OIDC web identity, AWS SSO/shared config via +`AWS_PROFILE`, or short-lived shell credentials for local development. + +Do not store AWS root credentials or long-lived IAM user access keys in +Paperclip secrets. Bootstrap material belongs in infrastructure IAM/workload +identity, the process environment, an AWS profile, or the orchestrator secret +store. + ## Migrating Inline Secrets If you have existing agents with inline API keys in their config, migrate them to encrypted secret refs: ```sh +pnpm paperclipai secrets migrate-inline-env --company-id +pnpm paperclipai secrets migrate-inline-env --company-id --apply + +# low-level script for direct database maintenance pnpm secrets:migrate-inline-env # dry run pnpm secrets:migrate-inline-env --apply # apply migration ``` +Use the CLI command for normal operations because it goes through the Paperclip +API, creates or rotates secret records, and updates agent env bindings with +audit logging. + +## Portable Declarations + +Company exports include only environment declarations. They do not include +secret IDs, provider references, encrypted material, or plaintext values. + +```sh +pnpm paperclipai secrets declarations --company-id --kind secret +``` + +Before importing a package into another instance, use those declarations to +create local values or link hosted provider references in the target deployment. +For hosted providers such as AWS Secrets Manager, the hosted provider remains +the value custodian; Paperclip stores metadata and provider version references, +not provider credentials or plaintext secret values. + ## Secret References in Agent Config Agent environment variables use secret references: diff --git a/docs/pr-screenshots/pap-2945/monitor-surfaces.png b/docs/pr-screenshots/pap-2945/monitor-surfaces.png new file mode 100644 index 00000000..a84ad637 Binary files /dev/null and b/docs/pr-screenshots/pap-2945/monitor-surfaces.png differ diff --git a/docs/pr-screenshots/pr-5291/after-issue-management.png b/docs/pr-screenshots/pr-5291/after-issue-management.png new file mode 100644 index 00000000..08f3bc25 Binary files /dev/null and b/docs/pr-screenshots/pr-5291/after-issue-management.png differ diff --git a/docs/pr-screenshots/pr-5291/after-navigation-layout.png b/docs/pr-screenshots/pr-5291/after-navigation-layout.png new file mode 100644 index 00000000..0b550691 Binary files /dev/null and b/docs/pr-screenshots/pr-5291/after-navigation-layout.png differ diff --git a/docs/pr-screenshots/pr-5291/after-projects-workspaces.png b/docs/pr-screenshots/pr-5291/after-projects-workspaces.png new file mode 100644 index 00000000..30a7a316 Binary files /dev/null and b/docs/pr-screenshots/pr-5291/after-projects-workspaces.png differ diff --git a/docs/pr-screenshots/pr-5291/after-status-language.png b/docs/pr-screenshots/pr-5291/after-status-language.png new file mode 100644 index 00000000..f37afc74 Binary files /dev/null and b/docs/pr-screenshots/pr-5291/after-status-language.png differ diff --git a/docs/pr-screenshots/pr-5291/before-issue-management.png b/docs/pr-screenshots/pr-5291/before-issue-management.png new file mode 100644 index 00000000..fa7e7462 Binary files /dev/null and b/docs/pr-screenshots/pr-5291/before-issue-management.png differ diff --git a/docs/pr-screenshots/pr-5291/before-navigation-layout.png b/docs/pr-screenshots/pr-5291/before-navigation-layout.png new file mode 100644 index 00000000..cedc6513 Binary files /dev/null and b/docs/pr-screenshots/pr-5291/before-navigation-layout.png differ diff --git a/docs/pr-screenshots/pr-5291/before-projects-workspaces.png b/docs/pr-screenshots/pr-5291/before-projects-workspaces.png new file mode 100644 index 00000000..7b3199a4 Binary files /dev/null and b/docs/pr-screenshots/pr-5291/before-projects-workspaces.png differ diff --git a/docs/pr-screenshots/pr-5356/issue-thread-notices-collapsed.png b/docs/pr-screenshots/pr-5356/issue-thread-notices-collapsed.png new file mode 100644 index 00000000..0dcefcc3 Binary files /dev/null and b/docs/pr-screenshots/pr-5356/issue-thread-notices-collapsed.png differ diff --git a/docs/pr-screenshots/pr-5356/issue-thread-notices-expanded.png b/docs/pr-screenshots/pr-5356/issue-thread-notices-expanded.png new file mode 100644 index 00000000..9213270e Binary files /dev/null and b/docs/pr-screenshots/pr-5356/issue-thread-notices-expanded.png differ diff --git a/docs/pr-screenshots/pr-5428/assigned-backlog-dark.png b/docs/pr-screenshots/pr-5428/assigned-backlog-dark.png new file mode 100644 index 00000000..d66fdea3 Binary files /dev/null and b/docs/pr-screenshots/pr-5428/assigned-backlog-dark.png differ diff --git a/docs/pr-screenshots/pr-5428/assigned-backlog-light.png b/docs/pr-screenshots/pr-5428/assigned-backlog-light.png new file mode 100644 index 00000000..3613ec24 Binary files /dev/null and b/docs/pr-screenshots/pr-5428/assigned-backlog-light.png differ diff --git a/package.json b/package.json index 7a9ec0c2..152fe471 100644 --- a/package.json +++ b/package.json @@ -15,9 +15,12 @@ "build-storybook": "pnpm --filter @paperclipai/ui build-storybook", "build": "pnpm run preflight:workspace-links && pnpm -r build", "typecheck": "pnpm run preflight:workspace-links && pnpm -r typecheck", + "typecheck:build-gaps": "pnpm run preflight:workspace-links && node scripts/run-typecheck-build-gaps.mjs", "test": "pnpm run test:run", "test:watch": "pnpm run preflight:workspace-links && vitest", "test:run": "pnpm run preflight:workspace-links && node scripts/run-vitest-stable.mjs", + "test:run:general": "pnpm run preflight:workspace-links && pnpm --filter @paperclipai/plugin-sdk build && node scripts/run-vitest-stable.mjs --mode general", + "test:run:serialized": "pnpm run preflight:workspace-links && pnpm --filter @paperclipai/plugin-sdk build && node scripts/run-vitest-stable.mjs --mode serialized", "db:generate": "pnpm --filter @paperclipai/db generate", "db:migrate": "pnpm --filter @paperclipai/db migrate", "issue-references:backfill": "pnpm run preflight:workspace-links && tsx scripts/backfill-issue-reference-mentions.ts", @@ -30,13 +33,14 @@ "release:stable": "./scripts/release.sh stable", "release:github": "./scripts/create-github-release.sh", "release:rollback": "./scripts/rollback-latest.sh", + "release:bootstrap-package": "node scripts/bootstrap-npm-package.mjs", "check:tokens": "node scripts/check-forbidden-tokens.mjs", "docs:dev": "cd docs && npx mintlify dev", "smoke:openclaw-join": "./scripts/smoke/openclaw-join.sh", "smoke:openclaw-docker-ui": "./scripts/smoke/openclaw-docker-ui.sh", "smoke:openclaw-sse-standalone": "./scripts/smoke/openclaw-sse-standalone.sh", "smoke:terminal-bench-loop-skill": "node scripts/smoke/terminal-bench-loop-skill-smoke.mjs", - "test:release-registry": "node --test scripts/verify-release-registry-state.test.mjs", + "test:release-registry": "node --test scripts/verify-release-registry-state.test.mjs scripts/release-package-map.test.mjs scripts/check-release-package-bootstrap.test.mjs", "test:e2e": "npx playwright test --config tests/e2e/playwright.config.ts", "test:e2e:headed": "npx playwright test --config tests/e2e/playwright.config.ts --headed", "test:e2e:multiuser-authenticated": "npx playwright test --config tests/e2e/playwright-multiuser-authenticated.config.ts", diff --git a/packages/adapter-utils/src/command-managed-runtime.test.ts b/packages/adapter-utils/src/command-managed-runtime.test.ts index 9be9c062..df0c55d2 100644 --- a/packages/adapter-utils/src/command-managed-runtime.test.ts +++ b/packages/adapter-utils/src/command-managed-runtime.test.ts @@ -55,9 +55,15 @@ describe("command managed runtime", () => { ...process.env, ...input.env, }; - const command = input.command === "sh" ? "/bin/sh" : input.command; + const command = + input.command === "sh" ? "/bin/sh" : input.command === "bash" ? "/bin/bash" : input.command; const args = [...(input.args ?? [])]; - if (input.stdin != null && input.command === "sh" && args[0] === "-lc" && typeof args[1] === "string") { + if ( + input.stdin != null && + (input.command === "sh" || input.command === "bash") && + (args[0] === "-c" || args[0] === "-lc") && + typeof args[1] === "string" + ) { env.PAPERCLIP_TEST_STDIN = input.stdin; args[1] = `printf '%s' \"$PAPERCLIP_TEST_STDIN\" | (${args[1]})`; } @@ -125,4 +131,90 @@ describe("command managed runtime", () => { .toMatchObject({ code: "ENOENT" }); expect(calls.every((call) => call.stdin == null)).toBe(true); }); + + it("runs setup commands from a stable root cwd when staging into a nested remote workspace dir", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-command-runtime-nested-")); + cleanupDirs.push(rootDir); + + const localWorkspaceDir = path.join(rootDir, "local-workspace"); + const remoteBaseDir = path.join(rootDir, "remote-base"); + const remoteWorkspaceDir = path.join(remoteBaseDir, ".paperclip-runtime", "runs", "test", "workspace"); + await mkdir(localWorkspaceDir, { recursive: true }); + await mkdir(remoteBaseDir, { recursive: true }); + await writeFile(path.join(localWorkspaceDir, "README.md"), "local workspace\n", "utf8"); + + const calls: Array<{ + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string; + timeoutMs?: number; + }> = []; + const runner = { + execute: async (input: { + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string; + timeoutMs?: number; + }): Promise => { + calls.push({ ...input }); + const startedAt = new Date().toISOString(); + try { + const result = await execFile(input.command === "sh" ? "/bin/sh" : input.command, input.args ?? [], { + cwd: input.cwd, + env: { + ...process.env, + ...input.env, + }, + maxBuffer: 32 * 1024 * 1024, + timeout: input.timeoutMs, + }); + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: result.stdout, + stderr: result.stderr, + pid: null, + startedAt, + }; + } catch (error) { + const err = error as NodeJS.ErrnoException & { + stdout?: string; + stderr?: string; + code?: string | number | null; + signal?: NodeJS.Signals | null; + killed?: boolean; + }; + return { + exitCode: typeof err.code === "number" ? err.code : null, + signal: err.signal ?? null, + timedOut: Boolean(err.killed && input.timeoutMs), + stdout: err.stdout ?? "", + stderr: err.stderr ?? "", + pid: null, + startedAt, + }; + } + }, + }; + + await prepareCommandManagedRuntime({ + runner, + spec: { + remoteCwd: remoteBaseDir, + timeoutMs: 30_000, + }, + adapterKey: "codex", + workspaceLocalDir: localWorkspaceDir, + workspaceRemoteDir: remoteWorkspaceDir, + }); + + expect(calls.length).toBeGreaterThan(0); + expect(calls.every((call) => call.cwd === "/")).toBe(true); + await expect(readFile(path.join(remoteWorkspaceDir, "README.md"), "utf8")).resolves.toBe("local workspace\n"); + }); }); diff --git a/packages/adapter-utils/src/command-managed-runtime.ts b/packages/adapter-utils/src/command-managed-runtime.ts index 706c3fd7..dbcd5ab9 100644 --- a/packages/adapter-utils/src/command-managed-runtime.ts +++ b/packages/adapter-utils/src/command-managed-runtime.ts @@ -6,6 +6,7 @@ import { type SandboxManagedRuntimeClient, type SandboxRemoteExecutionSpec, } from "./sandbox-managed-runtime.js"; +import { preferredShellForSandbox, shellCommandArgs } from "./sandbox-shell.js"; import type { RunProcessResult } from "./server-utils.js"; export interface CommandManagedRuntimeRunner { @@ -23,10 +24,10 @@ export interface CommandManagedRuntimeRunner { export interface CommandManagedRuntimeSpec { providerKey?: string | null; + shellCommand?: "bash" | "sh" | null; leaseId?: string | null; remoteCwd: string; timeoutMs?: number | null; - paperclipApiUrl?: string | null; } export type CommandManagedRuntimeAsset = SandboxManagedRuntimeAsset; @@ -56,14 +57,16 @@ function requireSuccessfulResult(result: RunProcessResult, action: string): void export function createCommandManagedRuntimeClient(input: { runner: CommandManagedRuntimeRunner; - remoteCwd: string; + commandCwd: string; timeoutMs: number; + shellCommand?: "bash" | "sh" | null; }): SandboxManagedRuntimeClient { + const shellCommand = preferredShellForSandbox(input.shellCommand); const runShell = async (script: string, opts: { stdin?: string; timeoutMs?: number } = {}) => { const result = await input.runner.execute({ - command: "sh", - args: ["-lc", script], - cwd: input.remoteCwd, + command: shellCommand, + args: shellCommandArgs(script), + cwd: input.commandCwd, stdin: opts.stdin, timeoutMs: opts.timeoutMs ?? input.timeoutMs, }); @@ -112,18 +115,18 @@ export function createCommandManagedRuntimeClient(input: { }, remove: async (remotePath) => { const result = await input.runner.execute({ - command: "sh", - args: ["-lc", `rm -rf ${shellQuote(remotePath)}`], - cwd: input.remoteCwd, + command: shellCommand, + args: shellCommandArgs(`rm -rf ${shellQuote(remotePath)}`), + cwd: input.commandCwd, timeoutMs: input.timeoutMs, }); requireSuccessfulResult(result, `remove ${remotePath}`); }, run: async (command, options) => { const result = await input.runner.execute({ - command: "sh", - args: ["-lc", command], - cwd: input.remoteCwd, + command: shellCommand, + args: shellCommandArgs(command), + cwd: input.commandCwd, timeoutMs: options.timeoutMs, }); requireSuccessfulResult(result, command); @@ -141,9 +144,15 @@ export async function prepareCommandManagedRuntime(input: { preserveAbsentOnRestore?: string[]; assets?: CommandManagedRuntimeAsset[]; installCommand?: string | null; + /** When provided alongside `installCommand`, skip the install if `command -v ` succeeds. */ + detectCommand?: string | null; }): Promise { const timeoutMs = input.spec.timeoutMs && input.spec.timeoutMs > 0 ? input.spec.timeoutMs : 300_000; const workspaceRemoteDir = input.workspaceRemoteDir ?? input.spec.remoteCwd; + // Managed-runtime sync/restore scripts use absolute paths throughout, so + // run them from a stable cwd. The target workspace itself may be removed or + // recreated during a run, which breaks shell startup if we chdir into it. + const commandCwd = "/"; const runtimeSpec: SandboxRemoteExecutionSpec = { transport: "sandbox", provider: input.spec.providerKey ?? "sandbox", @@ -151,22 +160,62 @@ export async function prepareCommandManagedRuntime(input: { remoteCwd: workspaceRemoteDir, timeoutMs, apiKey: null, - paperclipApiUrl: input.spec.paperclipApiUrl ?? null, }; const client = createCommandManagedRuntimeClient({ runner: input.runner, - remoteCwd: workspaceRemoteDir, + commandCwd, timeoutMs, + shellCommand: input.spec.shellCommand, }); + const shellCommand = preferredShellForSandbox(input.spec.shellCommand); if (input.installCommand?.trim()) { + const installCommand = input.installCommand.trim(); + const detectCommand = input.detectCommand?.trim(); + // Skip the install when the binary is already on PATH. Without this + // probe the install runs unconditionally on every execute() call (and + // also runs a second time after `ensureAdapterExecutionTargetCommandResolvable` + // has already installed it during the resolvability gate). + if (detectCommand) { + const probe = await input.runner.execute({ + command: shellCommand, + args: shellCommandArgs(`command -v ${shellQuote(detectCommand)} >/dev/null 2>&1`), + cwd: commandCwd, + timeoutMs, + }); + if (!probe.timedOut && (probe.exitCode ?? 1) === 0) { + return await prepareSandboxManagedRuntime({ + spec: runtimeSpec, + client, + adapterKey: input.adapterKey, + workspaceLocalDir: input.workspaceLocalDir, + workspaceRemoteDir, + workspaceExclude: mergeRuntimeExcludes(input.workspaceExclude), + preserveAbsentOnRestore: input.preserveAbsentOnRestore, + assets: input.assets, + }); + } + } const result = await input.runner.execute({ - command: "sh", - args: ["-lc", input.installCommand.trim()], - cwd: workspaceRemoteDir, + command: shellCommand, + args: shellCommandArgs(installCommand), + cwd: commandCwd, timeoutMs, }); - requireSuccessfulResult(result, input.installCommand.trim()); + // A failed install is not always fatal: the CLI may already be on PATH + // from a previous lease, the template image, or another path entry. Log + // and continue rather than aborting the agent run; downstream code that + // exec's the CLI will surface a clear "command not found" if it is in + // fact missing. The test path's `maybeRunSandboxInstallCommand` already + // honors this contract — keep them consistent. + if (result.timedOut || (result.exitCode ?? 0) !== 0) { + const tail = (text: string) => + text.split(/\r?\n/).filter((line) => line.trim().length > 0).slice(-3).join(" | ").slice(0, 480); + const reason = result.timedOut ? "timed out" : `exited ${result.exitCode ?? "?"}`; + console.warn( + `[paperclip] managed-runtime install command ${reason}: ${installCommand} :: ${tail(result.stderr || result.stdout)}`, + ); + } } return await prepareSandboxManagedRuntime({ diff --git a/packages/adapter-utils/src/execution-target-sandbox.test.ts b/packages/adapter-utils/src/execution-target-sandbox.test.ts index cda63354..92f964bc 100644 --- a/packages/adapter-utils/src/execution-target-sandbox.test.ts +++ b/packages/adapter-utils/src/execution-target-sandbox.test.ts @@ -5,8 +5,12 @@ import path from "node:path"; import { afterEach, describe, expect, it, vi } from "vitest"; import { + DEFAULT_REMOTE_SANDBOX_ADAPTER_TIMEOUT_SEC, adapterExecutionTargetSessionIdentity, adapterExecutionTargetToRemoteSpec, + adapterExecutionTargetUsesPaperclipBridge, + ensureAdapterExecutionTargetCommandResolvable, + resolveAdapterExecutionTargetTimeoutSec, runAdapterExecutionTargetProcess, runAdapterExecutionTargetShellCommand, startAdapterExecutionTargetPaperclipBridge, @@ -18,6 +22,7 @@ describe("sandbox adapter execution targets", () => { const cleanupDirs: string[] = []; afterEach(async () => { + vi.unstubAllEnvs(); while (cleanupDirs.length > 0) { const dir = cleanupDirs.pop(); if (!dir) continue; @@ -39,7 +44,8 @@ describe("sandbox adapter execution targets", () => { onSpawn?: (meta: { pid: number; startedAt: string }) => Promise; }) => { counter += 1; - return runChildProcess(`sandbox-run-${counter}`, input.command, input.args ?? [], { + const command = input.command === "bash" ? "/bin/bash" : input.command; + return runChildProcess(`sandbox-run-${counter}`, command, input.args ?? [], { cwd: input.cwd ?? process.cwd(), env: input.env ?? {}, stdin: input.stdin, @@ -103,10 +109,92 @@ describe("sandbox adapter execution targets", () => { environmentId: "env-1", leaseId: "lease-1", remoteCwd: "/workspace", - paperclipTransport: "bridge", }); }); + it("applies the remote sandbox fallback when adapter timeoutSec is unset", () => { + const sandboxTarget: AdapterSandboxExecutionTarget = { + kind: "remote", + transport: "sandbox", + remoteCwd: "/workspace", + runner: createLocalSandboxRunner(), + }; + + expect(resolveAdapterExecutionTargetTimeoutSec(sandboxTarget, 0)).toBe( + DEFAULT_REMOTE_SANDBOX_ADAPTER_TIMEOUT_SEC, + ); + expect(resolveAdapterExecutionTargetTimeoutSec(sandboxTarget, 90)).toBe(90); + expect(resolveAdapterExecutionTargetTimeoutSec({ + kind: "remote", + transport: "ssh", + remoteCwd: "/workspace", + spec: { + host: "127.0.0.1", + port: 22, + username: "fixture", + remoteWorkspacePath: "/workspace", + remoteCwd: "/workspace", + privateKey: "KEY", + knownHosts: "host key", + strictHostKeyChecking: true, + }, + }, 0)).toBe(0); + }); + + it("uses the caller timeout override when installing a missing sandbox command", async () => { + const runner = { + execute: vi.fn() + .mockResolvedValueOnce({ + exitCode: 1, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }) + .mockResolvedValueOnce({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }) + .mockResolvedValueOnce({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "/usr/bin/opencode\n", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }), + }; + const target: AdapterSandboxExecutionTarget = { + kind: "remote", + transport: "sandbox", + remoteCwd: "/workspace", + timeoutMs: 300_000, + runner, + }; + + await ensureAdapterExecutionTargetCommandResolvable( + "opencode", + target, + "/local/workspace", + {}, + { installCommand: "npm install -g opencode", timeoutSec: 1800 }, + ); + + expect(runner.execute).toHaveBeenNthCalledWith(2, expect.objectContaining({ + command: "sh", + args: ["-c", "npm install -g opencode"], + timeoutMs: 1_800_000, + })); + }); + it("runs shell commands through the same runner", async () => { const runner = { execute: vi.fn(async () => ({ @@ -134,7 +222,155 @@ describe("sandbox adapter execution targets", () => { expect(runner.execute).toHaveBeenCalledWith(expect.objectContaining({ command: "sh", - args: ["-lc", 'printf %s "$HOME"'], + args: ["-c", 'printf %s "$HOME"'], + cwd: "/workspace", + timeoutMs: 7000, + })); + }); + + it("strips inherited host identity env before sandbox execution", async () => { + vi.stubEnv("PATH", "/host/bin:/usr/bin"); + vi.stubEnv("HOME", "/Users/local"); + vi.stubEnv("TMPDIR", "/var/folders/local/T"); + + const runner = { + execute: vi.fn(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "ok\n", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + })), + }; + const target: AdapterSandboxExecutionTarget = { + kind: "remote", + transport: "sandbox", + remoteCwd: "/workspace", + runner, + }; + + await runAdapterExecutionTargetProcess("run-1b", target, "agent-cli", ["--json"], { + cwd: "/local/workspace", + env: { + PATH: "/host/bin:/usr/bin", + HOME: "/Users/local", + TMPDIR: "/var/folders/local/T", + SAFE_VALUE: "visible", + }, + timeoutSec: 5, + graceSec: 1, + onLog: async () => {}, + }); + + expect(runner.execute).toHaveBeenCalledWith(expect.objectContaining({ + env: { + SAFE_VALUE: "visible", + }, + })); + }); + + it("preserves explicit remote identity env overrides for sandbox execution", async () => { + vi.stubEnv("PATH", "/host/bin:/usr/bin"); + vi.stubEnv("HOME", "/Users/local"); + + const runner = { + execute: vi.fn(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "ok\n", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + })), + }; + const target: AdapterSandboxExecutionTarget = { + kind: "remote", + transport: "sandbox", + remoteCwd: "/workspace", + runner, + }; + + await runAdapterExecutionTargetProcess("run-1c", target, "agent-cli", ["--json"], { + cwd: "/local/workspace", + env: { + PATH: "/custom/remote/bin:/usr/bin", + HOME: "/home/sandbox", + SAFE_VALUE: "visible", + }, + timeoutSec: 5, + graceSec: 1, + onLog: async () => {}, + }); + + expect(runner.execute).toHaveBeenCalledWith(expect.objectContaining({ + env: { + PATH: "/custom/remote/bin:/usr/bin", + HOME: "/home/sandbox", + SAFE_VALUE: "visible", + }, + })); + }); + + it("treats SSH targets as bridge-only", () => { + const target = { + kind: "remote" as const, + transport: "ssh" as const, + remoteCwd: "/workspace", + spec: { + host: "ssh.example.test", + port: 22, + username: "paperclip", + remoteWorkspacePath: "/workspace", + remoteCwd: "/workspace", + privateKey: null, + knownHosts: null, + strictHostKeyChecking: true, + }, + }; + + expect(adapterExecutionTargetUsesPaperclipBridge(target)).toBe(true); + expect(adapterExecutionTargetSessionIdentity(target)).toEqual({ + transport: "ssh", + host: "ssh.example.test", + port: 22, + username: "paperclip", + remoteCwd: "/workspace", + }); + }); + + it("uses the provider-declared shell for sandbox helper commands", async () => { + const runner = { + execute: vi.fn(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "/home/sandbox", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + })), + }; + const target: AdapterSandboxExecutionTarget = { + kind: "remote", + transport: "sandbox", + providerKey: "custom-provider", + shellCommand: "bash", + remoteCwd: "/workspace", + runner, + }; + + await runAdapterExecutionTargetShellCommand("run-2b", target, 'printf %s "$HOME"', { + cwd: "/local/workspace", + env: {}, + timeoutSec: 7, + }); + + expect(runner.execute).toHaveBeenCalledWith(expect.objectContaining({ + command: "bash", + args: ["-c", 'printf %s "$HOME"'], cwd: "/workspace", timeoutMs: 7000, })); @@ -174,7 +410,6 @@ describe("sandbox adapter execution targets", () => { environmentId: "env-1", leaseId: "lease-1", remoteCwd, - paperclipTransport: "bridge", runner: createLocalSandboxRunner(), timeoutMs: 30_000, }; @@ -214,6 +449,60 @@ describe("sandbox adapter execution targets", () => { } }); + it("uses the effective adapter timeout when starting the sandbox callback bridge", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-execution-target-bridge-timeout-")); + cleanupDirs.push(rootDir); + const remoteCwd = path.join(rootDir, "workspace"); + const runtimeRootDir = path.join(remoteCwd, ".paperclip-runtime", "codex"); + await mkdir(runtimeRootDir, { recursive: true }); + + const delegateRunner = createLocalSandboxRunner(); + const runner = { + execute: vi.fn(async (input: Parameters[0]) => delegateRunner.execute(input)), + }; + const apiServer = createServer((req, res) => { + res.writeHead(200, { "content-type": "application/json" }); + res.end(JSON.stringify({ ok: true })); + }); + await new Promise((resolve, reject) => { + apiServer.once("error", reject); + apiServer.listen(0, "127.0.0.1", () => resolve()); + }); + const address = apiServer.address(); + if (!address || typeof address === "string") { + throw new Error("Expected the bridge timeout test API server to listen on a TCP port."); + } + + const target: AdapterSandboxExecutionTarget = { + kind: "remote", + transport: "sandbox", + providerKey: "cloudflare", + environmentId: "env-1", + leaseId: "lease-1", + remoteCwd, + runner, + timeoutMs: 30_000, + }; + + const bridge = await startAdapterExecutionTargetPaperclipBridge({ + runId: "run-bridge-timeout", + target, + runtimeRootDir, + adapterKey: "codex", + timeoutSec: DEFAULT_REMOTE_SANDBOX_ADAPTER_TIMEOUT_SEC, + hostApiToken: "real-run-jwt", + hostApiUrl: `http://127.0.0.1:${address.port}`, + }); + try { + expect(bridge).not.toBeNull(); + expect(runner.execute).toHaveBeenCalled(); + expect(runner.execute.mock.calls.some(([input]) => input.timeoutMs === 1_800_000)).toBe(true); + } finally { + await bridge?.stop(); + await new Promise((resolve) => apiServer.close(() => resolve())); + } + }); + it("fails oversized host responses with a 502 before returning them to the sandbox client", async () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-execution-target-bridge-limit-")); cleanupDirs.push(rootDir); @@ -252,7 +541,6 @@ describe("sandbox adapter execution targets", () => { environmentId: "env-1", leaseId: "lease-1", remoteCwd, - paperclipTransport: "bridge", runner: createLocalSandboxRunner(), timeoutMs: 30_000, }; diff --git a/packages/adapter-utils/src/execution-target.test.ts b/packages/adapter-utils/src/execution-target.test.ts index 8a3b1ddb..d608e76c 100644 --- a/packages/adapter-utils/src/execution-target.test.ts +++ b/packages/adapter-utils/src/execution-target.test.ts @@ -1,14 +1,18 @@ import { afterEach, describe, expect, it, vi } from "vitest"; import * as ssh from "./ssh.js"; +import * as serverUtils from "./server-utils.js"; import { adapterExecutionTargetUsesManagedHome, + ensureAdapterExecutionTargetRuntimeCommandInstalled, resolveAdapterExecutionTargetCwd, + runAdapterExecutionTargetProcess, runAdapterExecutionTargetShellCommand, } from "./execution-target.js"; describe("runAdapterExecutionTargetShellCommand", () => { afterEach(() => { vi.restoreAllMocks(); + vi.unstubAllEnvs(); }); it("quotes remote shell commands with the shared SSH quoting helper", async () => { @@ -41,16 +45,68 @@ describe("runAdapterExecutionTargetShellCommand", () => { }, ); + // runSshCommand owns profile sourcing and the outer shell wrapper — + // the caller passes the raw command string. Wrapping it here would + // double-nest the login shell and re-source profiles after the explicit + // env override, silently undoing identity-var preservation. expect(runSshCommandSpy).toHaveBeenCalledWith( expect.objectContaining({ host: "ssh.example.test", username: "ssh-user", }), - `sh -lc ${ssh.shellQuote(`printf '%s\\n' "$HOME" && echo "it's ok"`)}`, + `printf '%s\\n' "$HOME" && echo "it's ok"`, expect.any(Object), ); }); + it("sanitizes inherited host env before SSH shell execution", async () => { + vi.stubEnv("PATH", "/host/bin:/usr/bin"); + vi.stubEnv("HOME", "/Users/local"); + + const runSshCommandSpy = vi.spyOn(ssh, "runSshCommand").mockResolvedValue({ + stdout: "", + stderr: "", + }); + + await runAdapterExecutionTargetShellCommand( + "run-1b", + { + kind: "remote", + transport: "ssh", + remoteCwd: "/srv/paperclip/workspace", + spec: { + host: "ssh.example.test", + port: 22, + username: "ssh-user", + remoteCwd: "/srv/paperclip/workspace", + remoteWorkspacePath: "/srv/paperclip/workspace", + privateKey: null, + knownHosts: null, + strictHostKeyChecking: true, + }, + }, + "env", + { + cwd: "/tmp/local", + env: { + PATH: "/host/bin:/usr/bin", + HOME: "/Users/local", + SAFE_VALUE: "visible", + }, + }, + ); + + expect(runSshCommandSpy).toHaveBeenCalledWith( + expect.any(Object), + expect.any(String), + expect.objectContaining({ + env: { + SAFE_VALUE: "visible", + }, + }), + ); + }); + it("returns a timedOut result when the SSH shell command times out", async () => { vi.spyOn(ssh, "runSshCommand").mockRejectedValue(Object.assign(new Error("timed out"), { code: "ETIMEDOUT", @@ -161,6 +217,145 @@ describe("runAdapterExecutionTargetShellCommand", () => { }); }); +describe("runAdapterExecutionTargetProcess", () => { + afterEach(() => { + vi.restoreAllMocks(); + vi.unstubAllEnvs(); + }); + + it("sanitizes inherited host env before SSH process execution", async () => { + vi.stubEnv("PATH", "/host/bin:/usr/bin"); + vi.stubEnv("HOME", "/Users/local"); + + const runChildProcessSpy = vi.spyOn(serverUtils, "runChildProcess").mockResolvedValue({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }); + + await runAdapterExecutionTargetProcess( + "run-ssh-process", + { + kind: "remote", + transport: "ssh", + remoteCwd: "/srv/paperclip/workspace", + spec: { + host: "ssh.example.test", + port: 22, + username: "ssh-user", + remoteCwd: "/srv/paperclip/workspace", + remoteWorkspacePath: "/srv/paperclip/workspace", + privateKey: null, + knownHosts: null, + strictHostKeyChecking: true, + }, + }, + "agent-cli", + ["--json"], + { + cwd: "/tmp/local", + env: { + PATH: "/host/bin:/usr/bin", + HOME: "/Users/local", + SAFE_VALUE: "visible", + }, + timeoutSec: 5, + graceSec: 1, + onLog: async () => {}, + }, + ); + + expect(runChildProcessSpy).toHaveBeenCalledWith( + "run-ssh-process", + "agent-cli", + ["--json"], + expect.objectContaining({ + env: { + SAFE_VALUE: "visible", + }, + }), + ); + }); +}); + +describe("ensureAdapterExecutionTargetRuntimeCommandInstalled", () => { + afterEach(() => { + vi.restoreAllMocks(); + }); + + it("runs install commands for sandbox targets", async () => { + const runner = { + execute: vi.fn(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + })), + }; + + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId: "run-install", + target: { + kind: "remote", + transport: "sandbox", + providerKey: "e2b", + remoteCwd: "/remote/workspace", + runner, + }, + installCommand: "npm install -g @google/gemini-cli", + cwd: "/local/workspace", + env: { PATH: "/usr/bin" }, + timeoutSec: 30, + }); + + expect(runner.execute).toHaveBeenCalledWith(expect.objectContaining({ + command: "sh", + args: ["-c", "npm install -g @google/gemini-cli"], + cwd: "/remote/workspace", + env: { PATH: "/usr/bin" }, + timeoutMs: 30_000, + })); + }); + + it("skips install commands for SSH targets", async () => { + const runSshCommandSpy = vi.spyOn(ssh, "runSshCommand").mockResolvedValue({ + stdout: "", + stderr: "", + }); + + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId: "run-skip", + target: { + kind: "remote", + transport: "ssh", + remoteCwd: "/srv/paperclip/workspace", + spec: { + host: "ssh.example.test", + port: 22, + username: "ssh-user", + remoteCwd: "/srv/paperclip/workspace", + remoteWorkspacePath: "/srv/paperclip/workspace", + privateKey: null, + knownHosts: null, + strictHostKeyChecking: true, + }, + }, + installCommand: "npm install -g @google/gemini-cli", + cwd: "/tmp/local", + env: {}, + }); + + expect(runSshCommandSpy).not.toHaveBeenCalled(); + }); +}); + describe("resolveAdapterExecutionTargetCwd", () => { const sshTarget = { kind: "remote" as const, diff --git a/packages/adapter-utils/src/execution-target.ts b/packages/adapter-utils/src/execution-target.ts index 58c128e8..8b6d5bbb 100644 --- a/packages/adapter-utils/src/execution-target.ts +++ b/packages/adapter-utils/src/execution-target.ts @@ -18,7 +18,7 @@ import { startSandboxCallbackBridgeServer, startSandboxCallbackBridgeWorker, } from "./sandbox-callback-bridge.js"; -import { parseSshRemoteExecutionSpec, runSshCommand, shellQuote } from "./ssh.js"; +import { createSshCommandManagedRuntimeRunner, parseSshRemoteExecutionSpec, runSshCommand, shellQuote } from "./ssh.js"; import { ensureCommandResolvable, resolveCommandForLogs, @@ -26,6 +26,8 @@ import { type RunProcessResult, type TerminalResultCleanupOptions, } from "./server-utils.js"; +import { sanitizeRemoteExecutionEnv } from "./remote-execution-env.js"; +import { preferredShellForSandbox, shellCommandArgs } from "./sandbox-shell.js"; export interface AdapterLocalExecutionTarget { kind: "local"; @@ -39,7 +41,6 @@ export interface AdapterSshExecutionTarget { environmentId?: string | null; leaseId?: string | null; remoteCwd: string; - paperclipApiUrl?: string | null; spec: SshRemoteExecutionSpec; } @@ -47,11 +48,10 @@ export interface AdapterSandboxExecutionTarget { kind: "remote"; transport: "sandbox"; providerKey?: string | null; + shellCommand?: "bash" | "sh" | null; environmentId?: string | null; leaseId?: string | null; remoteCwd: string; - paperclipApiUrl?: string | null; - paperclipTransport?: "direct" | "bridge"; timeoutMs?: number | null; runner?: CommandManagedRuntimeRunner; } @@ -67,6 +67,7 @@ export type AdapterManagedRuntimeAsset = RemoteManagedRuntimeAsset; export interface PreparedAdapterExecutionTargetRuntime { target: AdapterExecutionTarget; + workspaceRemoteDir: string | null; runtimeRootDir: string | null; assetDirs: Record; restoreWorkspace(): Promise; @@ -96,6 +97,10 @@ export interface AdapterExecutionTargetPaperclipBridgeHandle { stop(): Promise; } +export { sanitizeRemoteExecutionEnv } from "./remote-execution-env.js"; + +export const DEFAULT_REMOTE_SANDBOX_ADAPTER_TIMEOUT_SEC = 1_800; + function parseObject(value: unknown): Record { return value && typeof value === "object" && !Array.isArray(value) ? (value as Record) @@ -126,13 +131,9 @@ function resolveDefaultPaperclipApiUrl(): string { return `http://${runtimeHost}:${runtimePort}`; } -function resolveSandboxPaperclipTransport( - target: Pick, -): "direct" | "bridge" { - if (target.paperclipTransport === "direct" || target.paperclipTransport === "bridge") { - return target.paperclipTransport; - } - return target.paperclipApiUrl ? "direct" : "bridge"; +function isBridgeDebugEnabled(env: NodeJS.ProcessEnv): boolean { + const value = env.PAPERCLIP_BRIDGE_DEBUG?.trim().toLowerCase(); + return value === "1" || value === "true" || value === "yes"; } function isAdapterExecutionTargetInstance(value: unknown): value is AdapterExecutionTarget { @@ -169,6 +170,33 @@ export function adapterExecutionTargetRemoteCwd( return target?.kind === "remote" ? target.remoteCwd : localCwd; } +export function overrideAdapterExecutionTargetRemoteCwd( + target: AdapterExecutionTarget | null | undefined, + remoteCwd: string | null | undefined, +): AdapterExecutionTarget | null | undefined { + const nextRemoteCwd = remoteCwd?.trim(); + if (!target || target.kind !== "remote" || !nextRemoteCwd) { + return target; + } + if (target.remoteCwd === nextRemoteCwd) { + return target; + } + if (target.transport === "ssh") { + return { + ...target, + remoteCwd: nextRemoteCwd, + spec: { + ...target.spec, + remoteCwd: nextRemoteCwd, + }, + }; + } + return { + ...target, + remoteCwd: nextRemoteCwd, + }; +} + export function resolveAdapterExecutionTargetCwd( target: AdapterExecutionTarget | null | undefined, configuredCwd: string | null | undefined, @@ -180,21 +208,10 @@ export function resolveAdapterExecutionTargetCwd( return adapterExecutionTargetRemoteCwd(target, localFallbackCwd); } -export function adapterExecutionTargetPaperclipApiUrl( - target: AdapterExecutionTarget | null | undefined, -): string | null { - if (target?.kind !== "remote") return null; - if (target.transport === "ssh") return target.paperclipApiUrl ?? target.spec.paperclipApiUrl ?? null; - if (resolveSandboxPaperclipTransport(target) === "bridge") return null; - return target.paperclipApiUrl ?? null; -} - export function adapterExecutionTargetUsesPaperclipBridge( target: AdapterExecutionTarget | null | undefined, ): boolean { - return target?.kind === "remote" && - target.transport === "sandbox" && - resolveSandboxPaperclipTransport(target) === "bridge"; + return target?.kind === "remote"; } export function describeAdapterExecutionTarget( @@ -207,6 +224,26 @@ export function describeAdapterExecutionTarget( return `sandbox environment${target.providerKey ? ` (${target.providerKey})` : ""}`; } +export function resolveAdapterExecutionTargetTimeoutSec( + target: AdapterExecutionTarget | null | undefined, + configuredTimeoutSec: number | null | undefined, +): number { + const normalizedConfiguredTimeoutSec = + typeof configuredTimeoutSec === "number" && Number.isFinite(configuredTimeoutSec) && configuredTimeoutSec > 0 + ? Math.floor(configuredTimeoutSec) + : 0; + if (normalizedConfiguredTimeoutSec > 0) return normalizedConfiguredTimeoutSec; + // Local and SSH adapters preserve the historical "0 means no adapter + // timeout" behavior. Sandbox-backed runs execute through provider RPCs + // that usually apply their own shorter command defaults, so request an + // explicit longer timeout for full adapter runs when the adapter leaves + // timeoutSec unset. + if (target?.kind === "remote" && target.transport === "sandbox") { + return DEFAULT_REMOTE_SANDBOX_ADAPTER_TIMEOUT_SEC; + } + return 0; +} + function requireSandboxRunner(target: AdapterSandboxExecutionTarget): CommandManagedRuntimeRunner { if (target.runner) return target.runner; throw new Error( @@ -214,13 +251,47 @@ function requireSandboxRunner(target: AdapterSandboxExecutionTarget): CommandMan ); } +function preferredSandboxShell(target: AdapterSandboxExecutionTarget): "bash" | "sh" { + return preferredShellForSandbox(target.shellCommand); +} + +type AdapterCommandCapableExecutionTarget = AdapterSshExecutionTarget | AdapterSandboxExecutionTarget; + +function adapterExecutionTargetCommandRunner(target: AdapterCommandCapableExecutionTarget): CommandManagedRuntimeRunner { + if (target.transport === "ssh") { + return createSshCommandManagedRuntimeRunner({ + spec: target.spec, + defaultCwd: target.remoteCwd, + maxBufferBytes: DEFAULT_SANDBOX_CALLBACK_BRIDGE_MAX_BODY_BYTES * 4, + }); + } + return requireSandboxRunner(target); +} + +function adapterExecutionTargetShellCommand(target: AdapterCommandCapableExecutionTarget): "bash" | "sh" { + return target.transport === "ssh" ? "sh" : preferredSandboxShell(target); +} + +function adapterExecutionTargetTimeoutMs( + target: AdapterCommandCapableExecutionTarget, +): number | null | undefined { + return target.transport === "sandbox" ? target.timeoutMs : undefined; +} + export async function ensureAdapterExecutionTargetCommandResolvable( command: string, target: AdapterExecutionTarget | null | undefined, cwd: string, env: NodeJS.ProcessEnv, + options: { installCommand?: string | null; timeoutSec?: number | null } = {}, ) { if (target?.kind === "remote" && target.transport === "sandbox") { + await ensureSandboxCommandResolvable( + command, + target, + options.installCommand?.trim() || null, + options.timeoutSec, + ); return; } await ensureCommandResolvable(command, cwd, env, { @@ -228,6 +299,87 @@ export async function ensureAdapterExecutionTargetCommandResolvable( }); } +async function probeSandboxCommandResolvable( + command: string, + target: AdapterSandboxExecutionTarget, +): Promise<{ resolved: boolean; timedOut: boolean; stderr: string }> { + const runner = requireSandboxRunner(target); + const probeScript = `command -v ${shellQuote(command)}`; + const result = await runner.execute({ + command: "sh", + args: ["-c", probeScript], + cwd: target.remoteCwd, + timeoutMs: target.timeoutMs ?? 15_000, + }); + return { + resolved: !result.timedOut && (result.exitCode ?? 1) === 0, + timedOut: result.timedOut, + stderr: result.stderr.trim(), + }; +} + +async function ensureSandboxCommandResolvable( + command: string, + target: AdapterSandboxExecutionTarget, + installCommand: string | null, + timeoutSec?: number | null, +): Promise { + // Probe whether the binary is resolvable inside the sandbox. We previously + // short-circuited this for sandbox targets, which let the caller report a + // success message even when the CLI was missing from the image. Now we run + // a real `command -v` through the same runner the hello probe will use, so + // the first step honestly reflects whether the binary is on PATH. The + // sandbox provider is responsible for sourcing login profiles (e2b mirrors + // SSH's buildSshSpawnTarget) so this and the hello probe agree on PATH. + let probe = await probeSandboxCommandResolvable(command, target); + if (probe.resolved) return; + if (probe.timedOut) { + throw new Error(`Timed out checking command "${command}" on sandbox target.`); + } + + // If the caller supplied an install command, attempt the install once via + // the sandbox runner (which the sandbox provider wraps in a login shell) + // and re-probe before reporting failure. This lets fresh sandbox leases + // bring up the CLI before the resolvability gate, mirroring the test path. + let installFailureDetail: string | null = null; + if (installCommand) { + const runner = requireSandboxRunner(target); + const installTimeoutMs = + typeof timeoutSec === "number" && Number.isFinite(timeoutSec) && timeoutSec > 0 + ? Math.floor(timeoutSec * 1000) + : target.timeoutMs ?? 300_000; + try { + const installResult = await runner.execute({ + command: "sh", + args: shellCommandArgs(installCommand), + cwd: target.remoteCwd, + timeoutMs: installTimeoutMs, + }); + if (installResult.timedOut) { + installFailureDetail = `install command timed out: ${installCommand}`; + } else if ((installResult.exitCode ?? 0) !== 0) { + const tail = (text: string) => + text.split(/\r?\n/).filter((line) => line.trim().length > 0).slice(-2).join(" | ").slice(0, 240); + const reason = tail(installResult.stderr || installResult.stdout) || `exit ${installResult.exitCode ?? "?"}`; + installFailureDetail = `install command exited ${installResult.exitCode ?? "?"}: ${reason}`; + } + } catch (err) { + installFailureDetail = `install command threw: ${err instanceof Error ? err.message : String(err)}`; + } + probe = await probeSandboxCommandResolvable(command, target); + if (probe.resolved) return; + if (probe.timedOut) { + throw new Error(`Timed out checking command "${command}" on sandbox target.`); + } + } + + const probeStderr = probe.stderr.length > 0 ? ` probe stderr: ${probe.stderr}` : ""; + const installDetail = installFailureDetail ? `; ${installFailureDetail}` : ""; + throw new Error( + `Command "${command}" is not installed or not on PATH in the sandbox environment${installDetail}.${probeStderr}`, + ); +} + export async function resolveAdapterExecutionTargetCommandForLogs( command: string, target: AdapterExecutionTarget | null | undefined, @@ -251,11 +403,12 @@ export async function runAdapterExecutionTargetProcess( ): Promise { if (target?.kind === "remote" && target.transport === "sandbox") { const runner = requireSandboxRunner(target); + const env = sanitizeRemoteExecutionEnv(options.env); return await runner.execute({ command, args, cwd: target.remoteCwd, - env: options.env, + env, stdin: options.stdin, timeoutMs: options.timeoutSec > 0 ? options.timeoutSec * 1000 : target.timeoutMs ?? undefined, onLog: options.onLog, @@ -265,9 +418,14 @@ export async function runAdapterExecutionTargetProcess( }); } + const env = + target?.kind === "remote" && target.transport === "ssh" + ? sanitizeRemoteExecutionEnv(options.env) + : options.env; + return await runChildProcess(runId, command, args, { cwd: options.cwd, - env: options.env, + env, stdin: options.stdin, timeoutSec: options.timeoutSec, graceSec: options.graceSec, @@ -287,9 +445,16 @@ export async function runAdapterExecutionTargetShellCommand( const onLog = options.onLog ?? (async () => {}); if (target?.kind === "remote") { const startedAt = new Date().toISOString(); + const env = sanitizeRemoteExecutionEnv(options.env); if (target.transport === "ssh") { try { - const result = await runSshCommand(target.spec, `sh -lc ${shellQuote(command)}`, { + // Pass the raw command — `runSshCommand` owns profile sourcing and + // the outer shell wrapper. Wrapping again here would nest a second + // shell after the explicit `env KEY=VAL` overrides, re-sourcing + // login profiles AFTER the override and silently undoing any + // identity var (NVM_DIR / PATH / etc.) that a profile re-exports. + const result = await runSshCommand(target.spec, command, { + env, timeoutMs: (options.timeoutSec ?? 15) * 1000, }); if (result.stdout) await onLog("stdout", result.stdout); @@ -341,11 +506,12 @@ export async function runAdapterExecutionTargetShellCommand( } } + const shellCommand = preferredSandboxShell(target); return await requireSandboxRunner(target).execute({ - command: "sh", - args: ["-lc", command], + command: shellCommand, + args: shellCommandArgs(command), cwd: target.remoteCwd, - env: options.env, + env, timeoutMs: (options.timeoutSec ?? 15) * 1000, onLog, }); @@ -366,6 +532,111 @@ export async function runAdapterExecutionTargetShellCommand( ); } +export interface AdapterSandboxInstallCommandCheck { + code: string; + level: "info" | "warn" | "error"; + message: string; + detail?: string; + hint?: string; +} + +// Best-effort run of an adapter-supplied install command on a sandbox target +// before the resolvability + hello probe. Returns null for non-sandbox +// targets so callers can no-op. Returns a structured check otherwise — never +// throws — so the rest of the test still runs and reports the post-install +// state honestly. Caller pushes the check into its result array; the test +// report shows whether install was attempted and what came back. +export async function maybeRunSandboxInstallCommand(input: { + runId: string; + target: AdapterExecutionTarget | null | undefined; + adapterKey: string; + installCommand: string; + /** When provided, skip the install if `command -v ` succeeds. */ + detectCommand?: string | null; + env?: Record; + timeoutSec?: number; +}): Promise { + const { target, adapterKey, installCommand } = input; + if (!target || target.kind !== "remote" || target.transport !== "sandbox") { + return null; + } + const trimmed = installCommand.trim(); + if (trimmed.length === 0) return null; + + const code = `${adapterKey}_install_command_run`; + + // Skip install when the binary is already on PATH. Avoids running + // network-dependent installers (e.g. `curl ... | bash`) on every test + // probe when the CLI is preinstalled on the lease/template. + const detectCommand = input.detectCommand?.trim(); + if (detectCommand) { + try { + const probe = await runAdapterExecutionTargetShellCommand( + input.runId, + target, + `command -v ${shellQuote(detectCommand)} >/dev/null 2>&1`, + { + cwd: target.remoteCwd, + env: input.env ?? {}, + timeoutSec: 30, + graceSec: 5, + }, + ); + if (!probe.timedOut && probe.exitCode === 0) { + return { + code, + level: "info", + message: `${detectCommand} already on PATH; skipped install.`, + }; + } + } catch { + // Fall through to actually running the install — failure to probe + // is not a reason to skip the install gate. + } + } + + let result; + try { + result = await runAdapterExecutionTargetShellCommand(input.runId, target, trimmed, { + cwd: target.remoteCwd, + env: input.env ?? {}, + timeoutSec: input.timeoutSec ?? 240, + graceSec: 10, + }); + } catch (err) { + return { + code, + level: "warn", + message: "Install command threw before completion.", + detail: err instanceof Error ? err.message : String(err), + }; + } + const tail = (text: string) => + text.split(/\r?\n/).filter((line) => line.trim().length > 0).slice(-3).join(" | ").slice(0, 480); + if (result.timedOut) { + return { + code, + level: "warn", + message: `Install command timed out: ${trimmed}`, + detail: tail(result.stderr || result.stdout), + }; + } + if ((result.exitCode ?? 1) === 0) { + return { + code, + level: "info", + message: `Install command ran: ${trimmed}`, + ...(tail(result.stdout) ? { detail: tail(result.stdout) } : {}), + }; + } + return { + code, + level: "warn", + message: `Install command exited ${result.exitCode}: ${trimmed}`, + detail: tail(result.stderr || result.stdout), + }; +} + export async function readAdapterExecutionTargetHomeDir( runId: string, target: AdapterExecutionTarget | null | undefined, @@ -381,6 +652,91 @@ export async function readAdapterExecutionTargetHomeDir( return homeDir.length > 0 ? homeDir : null; } +export async function ensureAdapterExecutionTargetRuntimeCommandInstalled(input: { + runId: string; + target: AdapterExecutionTarget | null | undefined; + installCommand?: string | null; + detectCommand?: string | null; + cwd: string; + env: Record; + timeoutSec?: number; + graceSec?: number; + onLog?: AdapterExecutionTargetShellOptions["onLog"]; +}): Promise { + const installCommand = input.installCommand?.trim(); + if (!installCommand || input.target?.kind !== "remote" || input.target.transport !== "sandbox") { + return; + } + + const detectCommand = input.detectCommand?.trim(); + if (detectCommand) { + const probe = await runAdapterExecutionTargetShellCommand( + input.runId, + input.target, + `command -v ${shellQuote(detectCommand)} >/dev/null 2>&1`, + { + cwd: input.cwd, + env: input.env, + timeoutSec: input.timeoutSec, + graceSec: input.graceSec, + }, + ); + if (!probe.timedOut && probe.exitCode === 0) { + return; + } + } + + const result = await runAdapterExecutionTargetShellCommand( + input.runId, + input.target, + installCommand, + { + cwd: input.cwd, + env: input.env, + timeoutSec: input.timeoutSec, + graceSec: input.graceSec, + onLog: input.onLog, + }, + ); + + // A failed or timed-out install is not necessarily fatal: the CLI may already + // be on PATH from a previous lease's install, the template image, or another + // path entry. Re-run the detect probe (when one is configured) so a transient + // install failure does not abort the agent run when the binary is reachable. + const installFailed = result.timedOut || (result.exitCode ?? 0) !== 0; + if (!installFailed) { + return; + } + if (detectCommand) { + const recheck = await runAdapterExecutionTargetShellCommand( + input.runId, + input.target, + `command -v ${shellQuote(detectCommand)} >/dev/null 2>&1`, + { + cwd: input.cwd, + env: input.env, + timeoutSec: input.timeoutSec, + graceSec: input.graceSec, + }, + ); + if (!recheck.timedOut && recheck.exitCode === 0) { + if (input.onLog) { + const reason = result.timedOut ? "timed out" : `exited ${result.exitCode ?? "?"}`; + await input.onLog( + "stderr", + `[paperclip] Install command ${reason} (${installCommand}) but ${detectCommand} is on PATH; continuing.\n`, + ); + } + return; + } + } + + if (result.timedOut) { + throw new Error(`Timed out while installing the adapter runtime command via: ${installCommand}`); + } + throw new Error(`Failed to install the adapter runtime command via: ${installCommand}`); +} + export async function ensureAdapterExecutionTargetFile( runId: string, target: AdapterExecutionTarget | null | undefined, @@ -458,15 +814,12 @@ export function adapterExecutionTargetSessionIdentity( ): Record | null { if (!target || target.kind === "local") return null; if (target.transport === "ssh") return buildRemoteExecutionSessionIdentity(target.spec); - const paperclipTransport = resolveSandboxPaperclipTransport(target); return { transport: "sandbox", providerKey: target.providerKey ?? null, environmentId: target.environmentId ?? null, leaseId: target.leaseId ?? null, remoteCwd: target.remoteCwd, - paperclipTransport, - ...(paperclipTransport === "direct" && target.paperclipApiUrl ? { paperclipApiUrl: target.paperclipApiUrl } : {}), }; } @@ -485,9 +838,7 @@ export function adapterExecutionTargetSessionMatches( readStringMeta(parsedSaved, "providerKey") === current?.providerKey && readStringMeta(parsedSaved, "environmentId") === current?.environmentId && readStringMeta(parsedSaved, "leaseId") === current?.leaseId && - readStringMeta(parsedSaved, "remoteCwd") === current?.remoteCwd && - readStringMeta(parsedSaved, "paperclipTransport") === (current?.paperclipTransport ?? null) && - readStringMeta(parsedSaved, "paperclipApiUrl") === (current?.paperclipApiUrl ?? null) + readStringMeta(parsedSaved, "remoteCwd") === current?.remoteCwd ); } @@ -512,14 +863,12 @@ export function parseAdapterExecutionTarget(value: unknown): AdapterExecutionTar environmentId: readStringMeta(parsed, "environmentId"), leaseId: readStringMeta(parsed, "leaseId"), remoteCwd: spec.remoteCwd, - paperclipApiUrl: readStringMeta(parsed, "paperclipApiUrl") ?? spec.paperclipApiUrl ?? null, spec, }; } if (kind === "remote" && readStringMeta(parsed, "transport") === "sandbox") { const remoteCwd = readStringMeta(parsed, "remoteCwd"); - const paperclipTransport = readStringMeta(parsed, "paperclipTransport"); if (!remoteCwd) return null; return { kind: "remote", @@ -528,11 +877,6 @@ export function parseAdapterExecutionTarget(value: unknown): AdapterExecutionTar environmentId: readStringMeta(parsed, "environmentId"), leaseId: readStringMeta(parsed, "leaseId"), remoteCwd, - paperclipApiUrl: readStringMeta(parsed, "paperclipApiUrl"), - paperclipTransport: - paperclipTransport === "direct" || paperclipTransport === "bridge" - ? paperclipTransport - : undefined, timeoutMs: typeof parsed.timeoutMs === "number" ? parsed.timeoutMs : null, }; } @@ -553,7 +897,6 @@ export function adapterExecutionTargetFromRemoteExecution( environmentId: metadata.environmentId ?? null, leaseId: metadata.leaseId ?? null, remoteCwd: ssh.remoteCwd, - paperclipApiUrl: ssh.paperclipApiUrl ?? null, spec: ssh, }; } @@ -575,18 +918,24 @@ export function readAdapterExecutionTarget(input: { } export async function prepareAdapterExecutionTargetRuntime(input: { + runId: string; target: AdapterExecutionTarget | null | undefined; adapterKey: string; workspaceLocalDir: string; + timeoutSec?: number; + workspaceRemoteDir?: string; workspaceExclude?: string[]; preserveAbsentOnRestore?: string[]; assets?: AdapterManagedRuntimeAsset[]; installCommand?: string | null; + /** When provided alongside `installCommand`, skip the install if the binary is already on PATH. */ + detectCommand?: string | null; }): Promise { const target = input.target ?? { kind: "local" as const }; if (target.kind === "local") { return { target, + workspaceRemoteDir: null, runtimeRootDir: null, assetDirs: {}, restoreWorkspace: async () => {}, @@ -596,12 +945,15 @@ export async function prepareAdapterExecutionTargetRuntime(input: { if (target.transport === "ssh") { const prepared = await prepareRemoteManagedRuntime({ spec: target.spec, + runId: input.runId, adapterKey: input.adapterKey, workspaceLocalDir: input.workspaceLocalDir, + workspaceRemoteDir: input.workspaceRemoteDir, assets: input.assets, }); return { target, + workspaceRemoteDir: prepared.workspaceRemoteDir, runtimeRootDir: prepared.runtimeRootDir, assetDirs: prepared.assetDirs, restoreWorkspace: prepared.restoreWorkspace, @@ -612,20 +964,26 @@ export async function prepareAdapterExecutionTargetRuntime(input: { runner: requireSandboxRunner(target), spec: { providerKey: target.providerKey, + shellCommand: target.shellCommand, leaseId: target.leaseId, remoteCwd: target.remoteCwd, - timeoutMs: target.timeoutMs, - paperclipApiUrl: target.paperclipApiUrl, + timeoutMs: + input.timeoutSec && input.timeoutSec > 0 + ? input.timeoutSec * 1000 + : target.timeoutMs, }, adapterKey: input.adapterKey, workspaceLocalDir: input.workspaceLocalDir, + workspaceRemoteDir: input.workspaceRemoteDir, workspaceExclude: input.workspaceExclude, preserveAbsentOnRestore: input.preserveAbsentOnRestore, assets: input.assets, installCommand: input.installCommand, + detectCommand: input.detectCommand, }); return { target, + workspaceRemoteDir: prepared.workspaceRemoteDir, runtimeRootDir: prepared.runtimeRootDir, assetDirs: prepared.assetDirs, restoreWorkspace: prepared.restoreWorkspace, @@ -695,6 +1053,7 @@ export async function startAdapterExecutionTargetPaperclipBridge(input: { target: AdapterExecutionTarget | null | undefined; runtimeRootDir: string | null | undefined; adapterKey: string; + timeoutSec?: number | null; hostApiToken: string | null | undefined; hostApiUrl?: string | null; onLog?: (stream: "stdout" | "stderr", chunk: string) => Promise; @@ -703,7 +1062,7 @@ export async function startAdapterExecutionTargetPaperclipBridge(input: { if (!adapterExecutionTargetUsesPaperclipBridge(input.target)) { return null; } - if (!input.target || input.target.kind !== "remote" || input.target.transport !== "sandbox") { + if (!input.target || input.target.kind !== "remote") { return null; } @@ -731,6 +1090,12 @@ export async function startAdapterExecutionTargetPaperclipBridge(input: { process.env.PAPERCLIP_RUNTIME_API_URL?.trim() || process.env.PAPERCLIP_API_URL?.trim() || resolveDefaultPaperclipApiUrl(); + const shellCommand = adapterExecutionTargetShellCommand(target); + const runner = adapterExecutionTargetCommandRunner(target); + const bridgeTimeoutMs = + typeof input.timeoutSec === "number" && Number.isFinite(input.timeoutSec) && input.timeoutSec > 0 + ? Math.trunc(input.timeoutSec * 1000) + : adapterExecutionTargetTimeoutMs(target); await onLog( "stdout", @@ -742,15 +1107,30 @@ export async function startAdapterExecutionTargetPaperclipBridge(input: { let worker: Awaited> | null = null; try { const client = createCommandManagedSandboxCallbackBridgeQueueClient({ - runner: requireSandboxRunner(target), + runner, remoteCwd: target.remoteCwd, - timeoutMs: target.timeoutMs, + timeoutMs: bridgeTimeoutMs, + shellCommand, }); + // PAPERCLIP_BRIDGE_DEBUG opts into verbose stdout logs of every bridge + // proxy request/response. The query string is logged verbatim, so callers + // who pass auth tokens or other sensitive values as query parameters + // should be aware those values appear in the host process's stdout when + // this flag is enabled. Only intended for active debugging in trusted + // environments. + const bridgeDebugEnabled = isBridgeDebugEnabled(process.env); worker = await startSandboxCallbackBridgeWorker({ client, queueDir, maxBodyBytes, handleRequest: async (request) => { + const method = request.method.trim().toUpperCase() || "GET"; + if (bridgeDebugEnabled) { + await onLog( + "stdout", + `[paperclip] Bridge proxy ${method} ${request.path}${request.query ? `?${request.query}` : ""}\n`, + ); + } const headers = new Headers(); for (const [key, value] of Object.entries(request.headers)) { if (value.trim().length === 0) continue; @@ -758,13 +1138,18 @@ export async function startAdapterExecutionTargetPaperclipBridge(input: { } headers.set("authorization", `Bearer ${hostApiToken}`); headers.set("x-paperclip-run-id", input.runId); - const method = request.method.trim().toUpperCase() || "GET"; const response = await fetch(buildBridgeForwardUrl(hostApiUrl, request), { method, headers, ...(method === "GET" || method === "HEAD" ? {} : { body: request.body }), signal: AbortSignal.timeout(30_000), }); + if (bridgeDebugEnabled) { + await onLog( + "stdout", + `[paperclip] Bridge proxy response ${response.status} for ${method} ${request.path}${request.query ? `?${request.query}` : ""}\n`, + ); + } return { status: response.status, headers: buildBridgeResponseHeaders(response), @@ -773,14 +1158,15 @@ export async function startAdapterExecutionTargetPaperclipBridge(input: { }, }); server = await startSandboxCallbackBridgeServer({ - runner: requireSandboxRunner(target), + runner, remoteCwd: target.remoteCwd, assetRemoteDir, queueDir, bridgeToken, bridgeAsset, - timeoutMs: target.timeoutMs, + timeoutMs: bridgeTimeoutMs, maxBodyBytes, + shellCommand, }); } catch (error) { await Promise.allSettled([ diff --git a/packages/adapter-utils/src/index.ts b/packages/adapter-utils/src/index.ts index 0c144b7a..fa5b7632 100644 --- a/packages/adapter-utils/src/index.ts +++ b/packages/adapter-utils/src/index.ts @@ -27,6 +27,7 @@ export type { ConfigFieldOption, ConfigFieldSchema, AdapterConfigSchema, + AdapterRuntimeCommandSpec, ServerAdapterModule, QuotaWindow, ProviderQuotaResult, @@ -59,6 +60,7 @@ export { REDACTED_COMMAND_TEXT_VALUE, redactCommandText, } from "./command-redaction.js"; +export { buildSandboxNpmInstallCommand } from "./sandbox-install-command.js"; export { inferOpenAiCompatibleBiller } from "./billing.js"; // Keep the root adapter-utils entry browser-safe because the UI imports it. // The sandbox callback bridge stays available via its dedicated subpath export. diff --git a/packages/adapter-utils/src/remote-execution-env.ts b/packages/adapter-utils/src/remote-execution-env.ts new file mode 100644 index 00000000..9bc90022 --- /dev/null +++ b/packages/adapter-utils/src/remote-execution-env.ts @@ -0,0 +1,49 @@ +const REMOTE_EXECUTION_ENV_IDENTITY_KEYS = new Set([ + "PATH", + "HOME", + "PWD", + "SHELL", + "USER", + "LOGNAME", + "NVM_DIR", + "TMPDIR", + "TMP", + "TEMP", + "XDG_CONFIG_HOME", + "XDG_CACHE_HOME", + "XDG_DATA_HOME", + "XDG_STATE_HOME", + "XDG_RUNTIME_DIR", +]); + +function readEnvValueCaseInsensitive(env: NodeJS.ProcessEnv, key: string): string | undefined { + const direct = env[key]; + if (typeof direct === "string") return direct; + const upper = key.toUpperCase(); + for (const [candidateKey, candidateValue] of Object.entries(env)) { + if (candidateKey.toUpperCase() === upper && typeof candidateValue === "string") { + return candidateValue; + } + } + return undefined; +} + +export function sanitizeRemoteExecutionEnv( + env: Record, + inheritedEnv: NodeJS.ProcessEnv = process.env, +): Record { + const sanitized: Record = {}; + for (const [key, value] of Object.entries(env)) { + const normalizedKey = key.toUpperCase(); + if (!REMOTE_EXECUTION_ENV_IDENTITY_KEYS.has(normalizedKey)) { + sanitized[key] = value; + continue; + } + const inheritedValue = readEnvValueCaseInsensitive(inheritedEnv, key); + if (typeof inheritedValue === "string" && inheritedValue === value) { + continue; + } + sanitized[key] = value; + } + return sanitized; +} diff --git a/packages/adapter-utils/src/remote-managed-runtime.ts b/packages/adapter-utils/src/remote-managed-runtime.ts index 089ff46a..900824b4 100644 --- a/packages/adapter-utils/src/remote-managed-runtime.ts +++ b/packages/adapter-utils/src/remote-managed-runtime.ts @@ -5,6 +5,7 @@ import { restoreWorkspaceFromSshExecution, syncDirectoryToSsh, } from "./ssh.js"; +import { captureDirectorySnapshot } from "./workspace-restore-merge.js"; export interface RemoteManagedRuntimeAsset { key: string; @@ -44,7 +45,6 @@ export function buildRemoteExecutionSessionIdentity(spec: SshRemoteExecutionSpec port: spec.port, username: spec.username, remoteCwd: spec.remoteCwd, - ...(spec.paperclipApiUrl ? { paperclipApiUrl: spec.paperclipApiUrl } : {}), } as const; } @@ -58,26 +58,37 @@ export function remoteExecutionSessionMatches(saved: unknown, current: SshRemote asString(parsedSaved.host) === currentIdentity.host && asNumber(parsedSaved.port) === currentIdentity.port && asString(parsedSaved.username) === currentIdentity.username && - asString(parsedSaved.remoteCwd) === currentIdentity.remoteCwd && - asString(parsedSaved.paperclipApiUrl) === asString(currentIdentity.paperclipApiUrl) + asString(parsedSaved.remoteCwd) === currentIdentity.remoteCwd ); } export async function prepareRemoteManagedRuntime(input: { spec: SshRemoteExecutionSpec; + runId: string; adapterKey: string; workspaceLocalDir: string; workspaceRemoteDir?: string; assets?: RemoteManagedRuntimeAsset[]; }): Promise { - const workspaceRemoteDir = input.workspaceRemoteDir ?? input.spec.remoteCwd; + const baseWorkspaceRemoteDir = input.workspaceRemoteDir ?? input.spec.remoteCwd; + const workspaceRemoteDir = path.posix.join( + baseWorkspaceRemoteDir, + ".paperclip-runtime", + "runs", + input.runId, + "workspace", + ); const runtimeRootDir = path.posix.join(workspaceRemoteDir, ".paperclip-runtime", input.adapterKey); - await prepareWorkspaceForSshExecution({ + const preparedWorkspace = await prepareWorkspaceForSshExecution({ spec: input.spec, localDir: input.workspaceLocalDir, remoteDir: workspaceRemoteDir, }); + const restoreExclude = preparedWorkspace.gitBacked ? [".git", ".paperclip-runtime"] : [".paperclip-runtime"]; + const baselineSnapshot = await captureDirectorySnapshot(input.workspaceLocalDir, { + exclude: restoreExclude, + }); const assetDirs: Record = {}; try { @@ -97,6 +108,8 @@ export async function prepareRemoteManagedRuntime(input: { spec: input.spec, localDir: input.workspaceLocalDir, remoteDir: workspaceRemoteDir, + baselineSnapshot, + restoreGitHistory: preparedWorkspace.gitBacked, }); throw error; } @@ -112,6 +125,8 @@ export async function prepareRemoteManagedRuntime(input: { spec: input.spec, localDir: input.workspaceLocalDir, remoteDir: workspaceRemoteDir, + baselineSnapshot, + restoreGitHistory: preparedWorkspace.gitBacked, }); }, }; diff --git a/packages/adapter-utils/src/sandbox-callback-bridge.test.ts b/packages/adapter-utils/src/sandbox-callback-bridge.test.ts index d036771d..c0ada020 100644 --- a/packages/adapter-utils/src/sandbox-callback-bridge.test.ts +++ b/packages/adapter-utils/src/sandbox-callback-bridge.test.ts @@ -3,14 +3,17 @@ import { mkdir, mkdtemp, readFile, readdir, rm, writeFile } from "node:fs/promis import os from "node:os"; import path from "node:path"; import { promisify } from "node:util"; -import { afterEach, describe, expect, it } from "vitest"; +import { afterEach, describe, expect, it, vi } from "vitest"; import { prepareCommandManagedRuntime } from "./command-managed-runtime.js"; import { + authorizeSandboxCallbackBridgeRequestWithRoutes, + createCommandManagedSandboxCallbackBridgeQueueClient, createFileSystemSandboxCallbackBridgeQueueClient, createSandboxCallbackBridgeAsset, createSandboxCallbackBridgeToken, sandboxCallbackBridgeDirectories, + syncSandboxCallbackBridgeEntrypoint, startSandboxCallbackBridgeServer, startSandboxCallbackBridgeWorker, } from "./sandbox-callback-bridge.js"; @@ -37,9 +40,15 @@ describe("sandbox callback bridge", () => { ...process.env, ...input.env, }; - const command = input.command === "sh" ? "/bin/sh" : input.command; + const command = + input.command === "sh" ? "/bin/sh" : input.command === "bash" ? "/bin/bash" : input.command; const args = [...(input.args ?? [])]; - if (input.stdin != null && input.command === "sh" && args[0] === "-lc" && typeof args[1] === "string") { + if ( + input.stdin != null && + (input.command === "sh" || input.command === "bash") && + (args[0] === "-c" || args[0] === "-lc") && + typeof args[1] === "string" + ) { env.PAPERCLIP_TEST_STDIN = input.stdin; args[1] = `printf '%s' \"$PAPERCLIP_TEST_STDIN\" | (${args[1]})`; } @@ -413,6 +422,145 @@ describe("sandbox callback bridge", () => { ); }); + it("handles SSH queue polling failures without emitting an unhandled rejection", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-bridge-ssh-failure-")); + cleanupDirs.push(rootDir); + + const queueDir = path.posix.join(rootDir, "queue"); + const unhandled: unknown[] = []; + const onUnhandledRejection = (reason: unknown) => { + unhandled.push(reason); + }; + process.on("unhandledRejection", onUnhandledRejection); + + try { + const worker = await startSandboxCallbackBridgeWorker({ + client: { + makeDir: async () => {}, + listJsonFiles: async () => { + throw new Error( + "list /remote/.paperclip-runtime/gemini/paperclip-bridge/queue/requests failed with exit code 255: kex_exchange_identification: read: Connection reset by peer", + ); + }, + readTextFile: async () => { + throw new Error("unexpected readTextFile"); + }, + writeTextFile: async () => { + throw new Error("unexpected writeTextFile"); + }, + rename: async () => { + throw new Error("unexpected rename"); + }, + remove: async () => {}, + }, + queueDir, + authorizeRequest: async () => null, + handleRequest: async () => ({ + status: 200, + body: "ok", + }), + }); + + await new Promise((resolve) => setTimeout(resolve, 50)); + await worker.stop(); + expect(unhandled).toEqual([]); + } finally { + process.off("unhandledRejection", onUnhandledRejection); + } + }); + + it("serializes remote response writes so stop does not recreate a late orphaned response", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-bridge-response-lock-")); + cleanupDirs.push(rootDir); + + const localWorkspaceDir = path.join(rootDir, "local-workspace"); + const remoteWorkspaceDir = path.join(rootDir, "remote-workspace"); + await mkdir(localWorkspaceDir, { recursive: true }); + await mkdir(remoteWorkspaceDir, { recursive: true }); + await writeFile(path.join(localWorkspaceDir, "README.md"), "bridge response lock test\n", "utf8"); + + const runner = createExecRunner(); + const bridgeAsset = await createSandboxCallbackBridgeAsset(); + cleanupFns.push(bridgeAsset.cleanup); + const prepared = await prepareCommandManagedRuntime({ + runner, + spec: { + remoteCwd: remoteWorkspaceDir, + timeoutMs: 30_000, + }, + adapterKey: "codex", + workspaceLocalDir: localWorkspaceDir, + assets: [{ key: "bridge", localDir: bridgeAsset.localDir }], + }); + + const queueDir = path.posix.join(prepared.runtimeRootDir, "paperclip-bridge"); + const directories = sandboxCallbackBridgeDirectories(queueDir); + const bridgeToken = createSandboxCallbackBridgeToken(); + const seenRequestIds: string[] = []; + + const worker = await startSandboxCallbackBridgeWorker({ + client: createCommandManagedSandboxCallbackBridgeQueueClient({ + runner, + remoteCwd: remoteWorkspaceDir, + timeoutMs: 30_000, + }), + queueDir, + authorizeRequest: async () => null, + handleRequest: async (request) => { + seenRequestIds.push(request.id); + await new Promise((resolve) => setTimeout(resolve, 250)); + return { + status: 200, + headers: { "content-type": "application/json" }, + body: JSON.stringify({ ok: true, id: request.id }), + }; + }, + }); + cleanupFns.push(async () => { + await worker.stop(); + }); + + const bridge = await startSandboxCallbackBridgeServer({ + runner, + remoteCwd: remoteWorkspaceDir, + assetRemoteDir: prepared.assetDirs.bridge, + queueDir, + bridgeToken, + timeoutMs: 30_000, + }); + cleanupFns.push(async () => { + await bridge.stop(); + }); + + const responsePromise = fetch(`${bridge.baseUrl}/api/agents/me`, { + headers: { + authorization: `Bearer ${bridgeToken}`, + }, + }); + + for (let attempt = 0; attempt < 50 && seenRequestIds.length === 0; attempt += 1) { + await new Promise((resolve) => setTimeout(resolve, 5)); + } + + expect(seenRequestIds).toHaveLength(1); + await worker.stop({ drainTimeoutMs: 10 }); + + const response = await responsePromise; + expect(response.status).toBe(503); + await expect(response.json()).resolves.toEqual({ + error: "Bridge worker stopped before request could be handled.", + }); + + await new Promise((resolve) => setTimeout(resolve, 300)); + + await expect(readdir(directories.responsesDir)).resolves.toEqual([]); + await expect( + readdir(directories.responsesDir).then((entries) => + entries.filter((entry) => entry.endsWith(".tmp") || entry.includes(".paperclip-write.lock")), + ), + ).resolves.toEqual([]); + }); + it("rejects non-JSON request bodies and full queues at the bridge server", async () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-bridge-server-guards-")); cleanupDirs.push(rootDir); @@ -607,4 +755,229 @@ describe("sandbox callback bridge", () => { error: expect.stringMatching(/JSON|Unexpected|Unterminated/i), }); }); + + it("reuses an already-uploaded bridge entrypoint when the remote file hash matches", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-bridge-sync-")); + cleanupDirs.push(rootDir); + + const remoteWorkspaceDir = path.join(rootDir, "remote-workspace"); + const remoteAssetDir = path.posix.join( + remoteWorkspaceDir, + ".paperclip-runtime", + "codex", + "paperclip-bridge", + "server", + ); + await mkdir(remoteWorkspaceDir, { recursive: true }); + + const bridgeAsset = await createSandboxCallbackBridgeAsset(); + cleanupFns.push(bridgeAsset.cleanup); + const originalSource = await readFile(bridgeAsset.entrypoint, "utf8"); + const expandedSource = `${originalSource}\n// bridge payload padding\n`; + await writeFile(bridgeAsset.entrypoint, expandedSource, "utf8"); + + const runner = createExecRunner(); + + const first = await syncSandboxCallbackBridgeEntrypoint({ + runner, + remoteCwd: remoteWorkspaceDir, + assetRemoteDir: remoteAssetDir, + bridgeAsset, + timeoutMs: 30_000, + }); + const second = await syncSandboxCallbackBridgeEntrypoint({ + runner, + remoteCwd: remoteWorkspaceDir, + assetRemoteDir: remoteAssetDir, + bridgeAsset, + timeoutMs: 30_000, + }); + + expect(first.uploaded).toBe(true); + expect(second.uploaded).toBe(false); + await expect(readFile(path.posix.join(remoteAssetDir, "paperclip-bridge-server.mjs"), "utf8")).resolves.toBe(expandedSource); + await expect( + readdir(remoteAssetDir).then((entries) => + entries.filter( + (entry) => + entry.endsWith(".paperclip-upload.b64") || + entry.endsWith(".partial") || + entry === ".paperclip-bridge-upload.lock", + ), + ), + ).resolves.toEqual([]); + }); + + it("rejects a corrupted bridge entrypoint upload without committing a torn remote file", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-bridge-sync-corrupt-")); + cleanupDirs.push(rootDir); + + const remoteWorkspaceDir = path.join(rootDir, "remote-workspace"); + const remoteAssetDir = path.posix.join( + remoteWorkspaceDir, + ".paperclip-runtime", + "codex", + "paperclip-bridge", + "server", + ); + await mkdir(remoteWorkspaceDir, { recursive: true }); + + const bridgeAsset = await createSandboxCallbackBridgeAsset(); + cleanupFns.push(bridgeAsset.cleanup); + const runner = { + execute: async (input: { + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string; + timeoutMs?: number; + }) => + await createExecRunner().execute({ + ...input, + stdin: input.stdin != null ? "" : input.stdin, + }), + }; + + await expect( + syncSandboxCallbackBridgeEntrypoint({ + runner, + remoteCwd: remoteWorkspaceDir, + assetRemoteDir: remoteAssetDir, + bridgeAsset, + timeoutMs: 30_000, + }), + ).rejects.toThrow(/sha mismatch/i); + + await expect(readFile(path.posix.join(remoteAssetDir, "paperclip-bridge-server.mjs"), "utf8")).rejects.toThrow(); + await expect( + readdir(remoteAssetDir).then((entries) => + entries.filter( + (entry) => + entry.endsWith(".paperclip-upload.b64") || + entry.endsWith(".partial") || + entry === ".paperclip-bridge-upload.lock", + ), + ), + ).resolves.toEqual([]); + }); + + it("permits the documented heartbeat surface and denies unrelated routes", () => { + const allowed: Array<{ method: string; path: string }> = [ + { method: "GET", path: "/api/agents/me" }, + { method: "GET", path: "/api/agents/me/inbox-lite" }, + { method: "GET", path: "/api/agents/me/inbox/mine" }, + { method: "GET", path: "/api/agents/agent-1" }, + { method: "GET", path: "/api/agents/agent-1/skills" }, + { method: "POST", path: "/api/agents/agent-1/skills/sync" }, + { method: "PATCH", path: "/api/agents/agent-1/instructions-path" }, + { method: "GET", path: "/api/companies/co-1" }, + { method: "GET", path: "/api/companies/co-1/dashboard" }, + { method: "GET", path: "/api/companies/co-1/agents" }, + { method: "GET", path: "/api/companies/co-1/issues" }, + { method: "GET", path: "/api/companies/co-1/projects" }, + { method: "GET", path: "/api/companies/co-1/goals" }, + { method: "GET", path: "/api/companies/co-1/org" }, + { method: "GET", path: "/api/companies/co-1/approvals" }, + { method: "GET", path: "/api/companies/co-1/routines" }, + { method: "GET", path: "/api/companies/co-1/skills" }, + { method: "GET", path: "/api/projects/proj-1" }, + { method: "GET", path: "/api/goals/goal-1" }, + { method: "GET", path: "/api/issues/issue-1" }, + { method: "GET", path: "/api/issues/issue-1/heartbeat-context" }, + { method: "GET", path: "/api/issues/issue-1/comments" }, + { method: "GET", path: "/api/issues/issue-1/comments/c-1" }, + { method: "POST", path: "/api/issues/issue-1/comments" }, + { method: "GET", path: "/api/issues/issue-1/documents" }, + { method: "GET", path: "/api/issues/issue-1/documents/plan" }, + { method: "GET", path: "/api/issues/issue-1/documents/plan/revisions" }, + { method: "PUT", path: "/api/issues/issue-1/documents/plan" }, + { method: "POST", path: "/api/issues/issue-1/checkout" }, + { method: "POST", path: "/api/issues/issue-1/release" }, + { method: "PATCH", path: "/api/issues/issue-1" }, + { method: "GET", path: "/api/issues/issue-1/approvals" }, + { method: "GET", path: "/api/issues/issue-1/interactions" }, + { method: "GET", path: "/api/issues/issue-1/interactions/inter-1" }, + { method: "POST", path: "/api/issues/issue-1/interactions" }, + { method: "POST", path: "/api/issues/issue-1/interactions/inter-1/accept" }, + { method: "POST", path: "/api/issues/issue-1/interactions/inter-1/reject" }, + { method: "POST", path: "/api/issues/issue-1/interactions/inter-1/respond" }, + { method: "POST", path: "/api/companies/co-1/issues" }, + { method: "GET", path: "/api/approvals/ap-1" }, + { method: "GET", path: "/api/approvals/ap-1/issues" }, + { method: "GET", path: "/api/approvals/ap-1/comments" }, + { method: "POST", path: "/api/approvals/ap-1/comments" }, + { method: "POST", path: "/api/companies/co-1/approvals" }, + { method: "GET", path: "/api/execution-workspaces/ws-1" }, + { method: "POST", path: "/api/execution-workspaces/ws-1/runtime-services/start" }, + { method: "POST", path: "/api/execution-workspaces/ws-1/runtime-services/stop" }, + { method: "POST", path: "/api/execution-workspaces/ws-1/runtime-services/restart" }, + { method: "GET", path: "/api/routines/r-1" }, + { method: "GET", path: "/api/routines/r-1/runs" }, + { method: "POST", path: "/api/companies/co-1/routines" }, + { method: "PATCH", path: "/api/routines/r-1" }, + { method: "POST", path: "/api/routines/r-1/run" }, + { method: "POST", path: "/api/routines/r-1/triggers" }, + { method: "PATCH", path: "/api/routine-triggers/t-1" }, + { method: "DELETE", path: "/api/routine-triggers/t-1" }, + ]; + for (const request of allowed) { + expect(authorizeSandboxCallbackBridgeRequestWithRoutes(request)).toBeNull(); + } + + const denied: Array<{ method: string; path: string }> = [ + { method: "DELETE", path: "/api/secrets" }, + // Pin the runtime-services regex to start/stop/restart only — anything + // else (delete, reset, wipe, etc.) must stay denied even if the API + // grows new actions later. + { method: "POST", path: "/api/execution-workspaces/ws-1/runtime-services/delete" }, + { method: "POST", path: "/api/companies/co-1/agents" }, + { method: "POST", path: "/api/agents/agent-1/pause" }, + { method: "POST", path: "/api/agents/agent-1/terminate" }, + { method: "POST", path: "/api/agents/agent-1/keys" }, + { method: "POST", path: "/api/companies/co-1/exports" }, + { method: "POST", path: "/api/companies/co-1/imports/apply" }, + { method: "POST", path: "/api/companies/co-1/archive" }, + { method: "DELETE", path: "/api/issues/issue-1/documents/plan" }, + { method: "DELETE", path: "/api/issues/issue-1/approvals/ap-1" }, + { method: "POST", path: "/api/approvals/ap-1/approve" }, + { method: "POST", path: "/api/approvals/ap-1/reject" }, + { method: "POST", path: "/api/companies/co-1/logo" }, + { method: "GET", path: "/api/companies/co-1/secrets" }, + { method: "PATCH", path: "/api/secrets/secret-1" }, + ]; + for (const request of denied) { + expect(authorizeSandboxCallbackBridgeRequestWithRoutes(request)).toBe( + `Route not allowed: ${request.method} ${request.path}`, + ); + } + }); + + it("marks command-managed bridge operations with the bridge execution channel", async () => { + const runner = { + execute: vi.fn(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + })), + }; + + const client = createCommandManagedSandboxCallbackBridgeQueueClient({ + runner, + remoteCwd: "/workspace", + timeoutMs: 30_000, + }); + + await client.makeDir("/workspace/.paperclip-runtime/codex/paperclip-bridge/queue"); + + expect(runner.execute).toHaveBeenCalledWith(expect.objectContaining({ + env: { + PAPERCLIP_SANDBOX_EXEC_CHANNEL: "bridge", + }, + })); + }); }); diff --git a/packages/adapter-utils/src/sandbox-callback-bridge.ts b/packages/adapter-utils/src/sandbox-callback-bridge.ts index 013a3bbb..c673e80e 100644 --- a/packages/adapter-utils/src/sandbox-callback-bridge.ts +++ b/packages/adapter-utils/src/sandbox-callback-bridge.ts @@ -1,9 +1,10 @@ -import { randomBytes, randomUUID } from "node:crypto"; +import { createHash, randomBytes, randomUUID } from "node:crypto"; import { promises as fs } from "node:fs"; import os from "node:os"; import path from "node:path"; import type { CommandManagedRuntimeRunner } from "./command-managed-runtime.js"; +import { preferredShellForSandbox, shellCommandArgs } from "./sandbox-shell.js"; import type { RunProcessResult } from "./server-utils.js"; const DEFAULT_BRIDGE_TOKEN_BYTES = 24; @@ -14,6 +15,8 @@ const DEFAULT_BRIDGE_MAX_QUEUE_DEPTH = 64; const DEFAULT_BRIDGE_MAX_BODY_BYTES = 256 * 1024; const REMOTE_WRITE_BASE64_CHUNK_SIZE = 32 * 1024; const SANDBOX_CALLBACK_BRIDGE_ENTRYPOINT = "paperclip-bridge-server.mjs"; +const SANDBOX_EXEC_CHANNEL_ENV = "PAPERCLIP_SANDBOX_EXEC_CHANNEL"; +const SANDBOX_EXEC_CHANNEL_BRIDGE = "bridge"; export const DEFAULT_SANDBOX_CALLBACK_BRIDGE_MAX_BODY_BYTES = DEFAULT_BRIDGE_MAX_BODY_BYTES; @@ -22,15 +25,76 @@ export interface SandboxCallbackBridgeRouteRule { path: RegExp; } +// Routes the in-sandbox heartbeat skill is documented to call. The server +// still enforces actor-level permissions on top of this allowlist; the list +// exists to bound the surface area a compromised CLI could reach via the +// reverse bridge. Keep this in sync with the Paperclip skill in +// `skills/paperclip/SKILL.md` and `references/api-reference.md`. export const DEFAULT_SANDBOX_CALLBACK_BRIDGE_ROUTE_ALLOWLIST: readonly SandboxCallbackBridgeRouteRule[] = [ + // Identity, inbox, agent self-management { method: "GET", path: /^\/api\/agents\/me$/ }, + { method: "GET", path: /^\/api\/agents\/me\/inbox-lite$/ }, + { method: "GET", path: /^\/api\/agents\/me\/inbox\/mine$/ }, + { method: "GET", path: /^\/api\/agents\/[^/]+$/ }, + { method: "GET", path: /^\/api\/agents\/[^/]+\/skills$/ }, + { method: "POST", path: /^\/api\/agents\/[^/]+\/skills\/sync$/ }, + { method: "PATCH", path: /^\/api\/agents\/[^/]+\/instructions-path$/ }, + + // Company-level reads used to discover work and context + { method: "GET", path: /^\/api\/companies\/[^/]+$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/dashboard$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/agents$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/issues$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/projects$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/goals$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/org$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/approvals$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/routines$/ }, + { method: "GET", path: /^\/api\/companies\/[^/]+\/skills$/ }, + { method: "GET", path: /^\/api\/projects\/[^/]+$/ }, + { method: "GET", path: /^\/api\/goals\/[^/]+$/ }, + + // Issue lifecycle: read context, checkout, update, comment, document, release + { method: "GET", path: /^\/api\/issues\/[^/]+$/ }, { method: "GET", path: /^\/api\/issues\/[^/]+\/heartbeat-context$/ }, { method: "GET", path: /^\/api\/issues\/[^/]+\/comments(?:\/[^/]+)?$/ }, - { method: "GET", path: /^\/api\/issues\/[^/]+\/documents(?:\/[^/]+)?$/ }, - { method: "POST", path: /^\/api\/issues\/[^/]+\/checkout$/ }, { method: "POST", path: /^\/api\/issues\/[^/]+\/comments$/ }, - { method: "POST", path: /^\/api\/issues\/[^/]+\/interactions(?:\/[^/]+)?$/ }, + { method: "GET", path: /^\/api\/issues\/[^/]+\/documents(?:\/[^/]+)?$/ }, + { method: "GET", path: /^\/api\/issues\/[^/]+\/documents\/[^/]+\/revisions$/ }, + { method: "PUT", path: /^\/api\/issues\/[^/]+\/documents\/[^/]+$/ }, + { method: "POST", path: /^\/api\/issues\/[^/]+\/checkout$/ }, + { method: "POST", path: /^\/api\/issues\/[^/]+\/release$/ }, { method: "PATCH", path: /^\/api\/issues\/[^/]+$/ }, + { method: "GET", path: /^\/api\/issues\/[^/]+\/approvals$/ }, + + // Issue-thread interactions (suggest tasks, ask questions, request confirmation) + { method: "GET", path: /^\/api\/issues\/[^/]+\/interactions(?:\/[^/]+)?$/ }, + { method: "POST", path: /^\/api\/issues\/[^/]+\/interactions$/ }, + { method: "POST", path: /^\/api\/issues\/[^/]+\/interactions\/[^/]+\/(?:accept|reject|respond)$/ }, + + // Subtasks / delegation + { method: "POST", path: /^\/api\/companies\/[^/]+\/issues$/ }, + + // Approvals (request, read, comment) + { method: "GET", path: /^\/api\/approvals\/[^/]+$/ }, + { method: "GET", path: /^\/api\/approvals\/[^/]+\/issues$/ }, + { method: "GET", path: /^\/api\/approvals\/[^/]+\/comments$/ }, + { method: "POST", path: /^\/api\/approvals\/[^/]+\/comments$/ }, + { method: "POST", path: /^\/api\/companies\/[^/]+\/approvals$/ }, + + // Execution workspaces and runtime services (start/stop/restart dev servers) + { method: "GET", path: /^\/api\/execution-workspaces\/[^/]+$/ }, + { method: "POST", path: /^\/api\/execution-workspaces\/[^/]+\/runtime-services\/(?:start|stop|restart)$/ }, + + // Routines (agents manage their own routines and triggers) + { method: "GET", path: /^\/api\/routines\/[^/]+$/ }, + { method: "GET", path: /^\/api\/routines\/[^/]+\/runs$/ }, + { method: "POST", path: /^\/api\/companies\/[^/]+\/routines$/ }, + { method: "PATCH", path: /^\/api\/routines\/[^/]+$/ }, + { method: "POST", path: /^\/api\/routines\/[^/]+\/run$/ }, + { method: "POST", path: /^\/api\/routines\/[^/]+\/triggers$/ }, + { method: "PATCH", path: /^\/api\/routine-triggers\/[^/]+$/ }, + { method: "DELETE", path: /^\/api\/routine-triggers\/[^/]+$/ }, ] as const; export const DEFAULT_SANDBOX_CALLBACK_BRIDGE_HEADER_ALLOWLIST = [ @@ -83,6 +147,13 @@ export interface SandboxCallbackBridgeQueueClient { listJsonFiles(remotePath: string): Promise; readTextFile(remotePath: string): Promise; writeTextFile(remotePath: string, body: string): Promise; + writeResponseFile?( + responsePath: string, + body: string, + options?: { + requestPath?: string | null; + }, + ): Promise<{ wrote: boolean }>; rename(fromPath: string, toPath: string): Promise; remove(remotePath: string): Promise; } @@ -133,12 +204,18 @@ async function runShell( cwd: string, script: string, timeoutMs: number, + shellCommand: "bash" | "sh" = "sh", + stdin?: string, ): Promise { return await runner.execute({ - command: "sh", - args: ["-lc", script], + command: shellCommand, + args: shellCommandArgs(script), cwd, + env: { + [SANDBOX_EXEC_CHANNEL_ENV]: SANDBOX_EXEC_CHANNEL_BRIDGE, + }, timeoutMs, + stdin, }); } @@ -155,6 +232,43 @@ function base64Chunks(body: string): string[] { return out; } +async function pathExists(filePath: string): Promise { + return await fs.stat(filePath).then(() => true).catch(() => false); +} + +function buildRemotePidLockAcquireScript(lockDirExpr: string, timeoutMessage: string): string[] { + return [ + "attempts=0", + `while ! mkdir ${lockDirExpr} 2>/dev/null; do`, + " holder_pid=\"\"", + ` if [ -s ${lockDirExpr}/pid ]; then`, + ` holder_pid="$(cat ${lockDirExpr}/pid 2>/dev/null || true)"`, + " fi", + " if [ -n \"$holder_pid\" ] && ! kill -0 \"$holder_pid\" 2>/dev/null; then", + ` rm -rf ${lockDirExpr}`, + " continue", + " fi", + " attempts=$((attempts + 1))", + " if [ \"$attempts\" -ge 600 ]; then", + ` echo ${shellQuote(timeoutMessage)} >&2`, + " exit 1", + " fi", + " sleep 0.05", + "done", + `printf '%s\\n' "$$" > ${lockDirExpr}/pid`, + ]; +} + +function buildRemotePidLockCleanupScript(lockDirExpr: string, cleanupLines: string[]): string[] { + return [ + "cleanup() {", + ...cleanupLines.map((line) => ` ${line}`), + ` rm -rf ${lockDirExpr}`, + "}", + "trap cleanup EXIT INT TERM", + ]; +} + export function createSandboxCallbackBridgeToken(bytes = DEFAULT_BRIDGE_TOKEN_BYTES): string { return randomBytes(bytes).toString("base64url"); } @@ -252,6 +366,80 @@ export function createFileSystemSandboxCallbackBridgeQueueClient(): SandboxCallb await fs.mkdir(path.posix.dirname(remotePath), { recursive: true }); await fs.writeFile(remotePath, body, "utf8"); }, + writeResponseFile: async (responsePath, body, options = {}) => { + const responseDir = path.posix.dirname(responsePath); + const tempPath = `${responsePath}.tmp`; + const lockDir = `${responsePath}.paperclip-write.lock`; + const lockPidFile = `${lockDir}/pid`; + if (options.requestPath) { + const requestExists = await pathExists(options.requestPath); + if (!requestExists) { + return { wrote: false }; + } + } + await fs.mkdir(responseDir, { recursive: true }); + // PID-liveness mkdir-mutex: mirrors the shell-based bridge mutex so a + // crashed holder (SIGKILL / OOM) doesn't deadlock subsequent writers + // for the full timeout window. + let attempts = 0; + while (true) { + try { + await fs.mkdir(lockDir); + await fs.writeFile(lockPidFile, `${process.pid}\n`, "utf8"); + break; + } catch (error) { + const code = (error as NodeJS.ErrnoException)?.code; + if (code !== "EEXIST") { + throw error; + } + let holderPid: number | null = null; + try { + const raw = await fs.readFile(lockPidFile, "utf8"); + const parsed = Number.parseInt(raw.trim(), 10); + if (Number.isFinite(parsed) && parsed > 0) holderPid = parsed; + } catch { + // pid file missing or unreadable — treat as stale lock + } + let holderAlive = false; + if (holderPid !== null) { + try { + process.kill(holderPid, 0); + holderAlive = true; + } catch { + holderAlive = false; + } + } + if (!holderAlive) { + await fs.rm(lockDir, { recursive: true, force: true }).catch(() => undefined); + continue; + } + attempts += 1; + if (attempts >= 600) { + throw new Error("Timed out acquiring sandbox callback bridge response lock."); + } + await new Promise((resolve) => setTimeout(resolve, 50)); + } + } + + try { + if (options.requestPath) { + const requestExists = await pathExists(options.requestPath); + if (!requestExists) { + return { wrote: false }; + } + } + const responseExists = await pathExists(responsePath); + if (responseExists) { + return { wrote: false }; + } + await fs.writeFile(tempPath, body, "utf8"); + await fs.rename(tempPath, responsePath); + return { wrote: true }; + } finally { + await fs.rm(tempPath, { force: true }).catch(() => undefined); + await fs.rm(lockDir, { recursive: true, force: true }).catch(() => undefined); + } + }, rename: async (fromPath, toPath) => { await fs.mkdir(path.posix.dirname(toPath), { recursive: true }); await fs.rename(fromPath, toPath); @@ -266,10 +454,12 @@ export function createCommandManagedSandboxCallbackBridgeQueueClient(input: { runner: CommandManagedRuntimeRunner; remoteCwd: string; timeoutMs?: number | null; + shellCommand?: "bash" | "sh" | null; }): SandboxCallbackBridgeQueueClient { const timeoutMs = normalizeTimeoutMs(input.timeoutMs, DEFAULT_BRIDGE_RESPONSE_TIMEOUT_MS); + const shellCommand = preferredShellForSandbox(input.shellCommand); const runChecked = async (action: string, script: string) => - requireSuccessfulResult(action, await runShell(input.runner, input.remoteCwd, script, timeoutMs)); + requireSuccessfulResult(action, await runShell(input.runner, input.remoteCwd, script, timeoutMs, shellCommand)); return { makeDir: async (remotePath) => { @@ -288,6 +478,7 @@ export function createCommandManagedSandboxCallbackBridgeQueueClient(input: { "fi", ].join("\n"), timeoutMs, + shellCommand, ); requireSuccessfulResult(`list ${remotePath}`, result); return result.stdout @@ -319,6 +510,53 @@ export function createCommandManagedSandboxCallbackBridgeQueueClient(input: { `base64 -d < ${shellQuote(tempPath)} > ${shellQuote(remotePath)} && rm -f ${shellQuote(tempPath)}`, ); }, + writeResponseFile: async (responsePath, body, options = {}) => { + const responseDir = path.posix.dirname(responsePath); + const tempPath = `${responsePath}.tmp`; + const lockDir = `${responsePath}.paperclip-write.lock`; + const requestPath = options.requestPath?.trim() || ""; + const result = await runShell( + input.runner, + input.remoteCwd, + [ + "set -eu", + `response_dir=${shellQuote(responseDir)}`, + `response_path=${shellQuote(responsePath)}`, + `temp_path=${shellQuote(tempPath)}`, + `lock_dir=${shellQuote(lockDir)}`, + `request_path=${shellQuote(requestPath)}`, + "mkdir -p \"$response_dir\"", + ...buildRemotePidLockAcquireScript("\"$lock_dir\"", "Timed out acquiring sandbox callback bridge response lock."), + ...buildRemotePidLockCleanupScript("\"$lock_dir\"", [ + "rm -f \"$temp_path\"", + ]), + "if [ -n \"$request_path\" ] && [ ! -f \"$request_path\" ]; then", + " printf '{\"wrote\":false}\\n'", + " exit 0", + "fi", + "if [ -f \"$response_path\" ]; then", + " printf '{\"wrote\":false}\\n'", + " exit 0", + "fi", + "cat > \"$temp_path\"", + "mv \"$temp_path\" \"$response_path\"", + "printf '{\"wrote\":true}\\n'", + ].join("\n"), + timeoutMs, + shellCommand, + body, + ); + requireSuccessfulResult(`write bridge response ${responsePath}`, result); + try { + return { + wrote: JSON.parse(result.stdout.trim())?.wrote === true, + }; + } catch (error) { + throw new Error( + `Sandbox callback bridge response write wrote invalid result JSON: ${error instanceof Error ? error.message : String(error)}`, + ); + } + }, rename: async (fromPath, toPath) => { await runChecked( `rename ${fromPath}`, @@ -333,11 +571,18 @@ export function createCommandManagedSandboxCallbackBridgeQueueClient(input: { async function writeBridgeResponse( client: SandboxCallbackBridgeQueueClient, + requestPath: string, responsePath: string, response: SandboxCallbackBridgeResponse, + options: { requireRequestPath?: boolean } = {}, ) { + const body = `${JSON.stringify(response)}\n`; + if (client.writeResponseFile) { + await client.writeResponseFile(responsePath, body, options.requireRequestPath === false ? {} : { requestPath }); + return; + } const tempPath = `${responsePath}.tmp`; - await client.writeTextFile(tempPath, `${JSON.stringify(response)}\n`); + await client.writeTextFile(tempPath, body); await client.rename(tempPath, responsePath); } @@ -371,6 +616,8 @@ export async function startSandboxCallbackBridgeWorker(input: { }); const authorizeRequest = input.authorizeRequest ?? ((request: SandboxCallbackBridgeRequest) => authorizeSandboxCallbackBridgeRequestWithRoutes(request)); + const buildWorkerFailureMessage = (error: unknown) => + `Sandbox callback bridge worker failed: ${error instanceof Error ? error.message : String(error)}`; const processRequestFile = async (fileName: string) => { const requestPath = path.posix.join(directories.requestsDir, fileName); @@ -381,7 +628,7 @@ export async function startSandboxCallbackBridgeWorker(input: { request = JSON.parse(raw) as SandboxCallbackBridgeRequest; } catch { const requestId = fileName.replace(/\.json$/i, "") || randomUUID(); - await writeBridgeResponse(input.client, responsePath, { + await writeBridgeResponse(input.client, requestPath, responsePath, { id: requestId, status: 400, headers: { "content-type": "application/json" }, @@ -394,7 +641,7 @@ export async function startSandboxCallbackBridgeWorker(input: { const denialReason = await authorizeRequest(request); if (denialReason) { - await writeBridgeResponse(input.client, responsePath, { + await writeBridgeResponse(input.client, requestPath, responsePath, { id: request.id, status: 403, headers: { "content-type": "application/json" }, @@ -411,7 +658,7 @@ export async function startSandboxCallbackBridgeWorker(input: { if (Buffer.byteLength(responseBody, "utf8") > maxBodyBytes) { throw new Error(`Bridge response body exceeded the configured size limit of ${maxBodyBytes} bytes.`); } - await writeBridgeResponse(input.client, responsePath, { + await writeBridgeResponse(input.client, requestPath, responsePath, { id: request.id, status: result.status, headers: result.headers ?? {}, @@ -422,7 +669,7 @@ export async function startSandboxCallbackBridgeWorker(input: { console.warn( `[paperclip] sandbox callback bridge handler failed for ${request.id}: ${error instanceof Error ? error.message : String(error)}`, ); - await writeBridgeResponse(input.client, responsePath, { + await writeBridgeResponse(input.client, requestPath, responsePath, { id: request.id, status: 502, headers: { "content-type": "application/json" }, @@ -445,12 +692,15 @@ export async function startSandboxCallbackBridgeWorker(input: { try { const raw = await input.client.readTextFile(requestPath); const parsed = JSON.parse(raw) as Partial; - await writeBridgeResponse(input.client, responsePath, { + await input.client.remove(requestPath).catch(() => undefined); + await writeBridgeResponse(input.client, requestPath, responsePath, { id: typeof parsed.id === "string" && parsed.id.length > 0 ? parsed.id : requestId, status: 503, headers: { "content-type": "application/json" }, body: JSON.stringify({ error: message }), completedAt: new Date().toISOString(), + }, { + requireRequestPath: false, }); } catch (error) { console.warn( @@ -486,6 +736,16 @@ export async function startSandboxCallbackBridgeWorker(input: { break; } } + } catch (error) { + const message = buildWorkerFailureMessage(error); + console.warn(`[paperclip] ${message}`); + try { + await failPendingRequests(message); + } catch (failPendingError) { + console.warn( + `[paperclip] sandbox callback bridge failed to abort queued requests after worker failure: ${failPendingError instanceof Error ? failPendingError.message : String(failPendingError)}`, + ); + } } finally { settled = true; if (settleResolve) { @@ -512,6 +772,99 @@ export async function startSandboxCallbackBridgeWorker(input: { }; } +export async function syncSandboxCallbackBridgeEntrypoint(input: { + runner: CommandManagedRuntimeRunner; + remoteCwd: string; + assetRemoteDir: string; + bridgeAsset: SandboxCallbackBridgeAsset; + timeoutMs?: number | null; + shellCommand?: "bash" | "sh" | null; +}): Promise<{ remoteEntrypoint: string; sha256: string; uploaded: boolean }> { + const timeoutMs = normalizeTimeoutMs(input.timeoutMs, DEFAULT_BRIDGE_RESPONSE_TIMEOUT_MS); + const shellCommand = preferredShellForSandbox(input.shellCommand); + const remoteEntrypoint = path.posix.join(input.assetRemoteDir, SANDBOX_CALLBACK_BRIDGE_ENTRYPOINT); + const remoteEntrypointPartial = `${remoteEntrypoint}.partial`; + const remoteUploadPath = `${remoteEntrypoint}.paperclip-upload.b64`; + const remoteLockDir = path.posix.join(input.assetRemoteDir, ".paperclip-bridge-upload.lock"); + const entrypointSource = await fs.readFile(input.bridgeAsset.entrypoint, "utf8"); + const entrypointBase64 = toBuffer(Buffer.from(entrypointSource, "utf8")).toString("base64"); + const sha256 = createHash("sha256").update(entrypointSource, "utf8").digest("hex"); + + const syncResult = await runShell( + input.runner, + input.remoteCwd, + [ + "set -eu", + `remote_dir=${shellQuote(input.assetRemoteDir)}`, + `remote_path=${shellQuote(remoteEntrypoint)}`, + `remote_partial=${shellQuote(remoteEntrypointPartial)}`, + `remote_upload=${shellQuote(remoteUploadPath)}`, + `lock_dir=${shellQuote(remoteLockDir)}`, + `expected_sha=${shellQuote(sha256)}`, + "hash_file() {", + " if command -v sha256sum >/dev/null 2>&1; then", + " sha256sum \"$1\" | awk '{print $1}'", + " return 0", + " fi", + " if command -v shasum >/dev/null 2>&1; then", + " shasum -a 256 \"$1\" | awk '{print $1}'", + " return 0", + " fi", + " return 127", + "}", + "mkdir -p \"$remote_dir\"", + ...buildRemotePidLockAcquireScript("\"$lock_dir\"", "Timed out acquiring sandbox callback bridge upload lock."), + ...buildRemotePidLockCleanupScript("\"$lock_dir\"", [ + "rm -f \"$remote_upload\" \"$remote_partial\"", + ]), + "current_sha=\"\"", + "if [ -f \"$remote_path\" ]; then", + " current_sha=\"$(hash_file \"$remote_path\" 2>/dev/null)\" || current_sha=\"\"", + "fi", + "if [ -n \"$current_sha\" ] && [ \"$current_sha\" = \"$expected_sha\" ]; then", + " printf '{\"uploaded\":false}\\n'", + " exit 0", + "fi", + "rm -f \"$remote_upload\" \"$remote_partial\"", + "cat > \"$remote_upload\"", + "base64 -d < \"$remote_upload\" > \"$remote_partial\"", + // Verify upload integrity. If neither sha256sum nor shasum is on PATH + // (minimal Alpine/scratch images), surface the missing-tool error + // instead of a misleading "sha mismatch" — the verify step is then + // best-effort and we trust base64-decode + atomic rename below. + "if partial_sha=\"$(hash_file \"$remote_partial\" 2>/dev/null)\"; then", + " if [ \"$partial_sha\" != \"$expected_sha\" ]; then", + " echo \"Sandbox callback bridge entrypoint upload sha mismatch.\" >&2", + " exit 1", + " fi", + "else", + " echo \"Sandbox callback bridge entrypoint sha verify skipped: no sha256sum/shasum on remote.\" >&2", + "fi", + "mv \"$remote_partial\" \"$remote_path\"", + "printf '{\"uploaded\":true}\\n'", + ].join("\n"), + timeoutMs, + shellCommand, + entrypointBase64, + ); + requireSuccessfulResult("sync sandbox callback bridge entrypoint", syncResult); + + let uploaded = false; + try { + uploaded = JSON.parse(syncResult.stdout.trim())?.uploaded === true; + } catch (error) { + throw new Error( + `Sandbox callback bridge sync wrote invalid result JSON: ${error instanceof Error ? error.message : String(error)}`, + ); + } + + return { + remoteEntrypoint, + sha256, + uploaded, + }; +} + export async function startSandboxCallbackBridgeServer(input: { runner: CommandManagedRuntimeRunner; remoteCwd: string; @@ -525,21 +878,24 @@ export async function startSandboxCallbackBridgeServer(input: { responseTimeoutMs?: number | null; timeoutMs?: number | null; nodeCommand?: string; + shellCommand?: "bash" | "sh" | null; maxQueueDepth?: number | null; maxBodyBytes?: number | null; }): Promise { const timeoutMs = normalizeTimeoutMs(input.timeoutMs, DEFAULT_BRIDGE_RESPONSE_TIMEOUT_MS); + const shellCommand = preferredShellForSandbox(input.shellCommand); const directories = sandboxCallbackBridgeDirectories(input.queueDir); - const remoteEntrypoint = path.posix.join(input.assetRemoteDir, SANDBOX_CALLBACK_BRIDGE_ENTRYPOINT); + let remoteEntrypoint = path.posix.join(input.assetRemoteDir, SANDBOX_CALLBACK_BRIDGE_ENTRYPOINT); if (input.bridgeAsset) { - const assetClient = createCommandManagedSandboxCallbackBridgeQueueClient({ + const assetSync = await syncSandboxCallbackBridgeEntrypoint({ runner: input.runner, remoteCwd: input.remoteCwd, + assetRemoteDir: input.assetRemoteDir, + bridgeAsset: input.bridgeAsset, timeoutMs, + shellCommand, }); - await assetClient.makeDir(input.assetRemoteDir); - const entrypointSource = await fs.readFile(input.bridgeAsset.entrypoint, "utf8"); - await assetClient.writeTextFile(remoteEntrypoint, entrypointSource); + remoteEntrypoint = assetSync.remoteEntrypoint; } const env = buildSandboxCallbackBridgeEnv({ queueDir: input.queueDir, @@ -553,9 +909,8 @@ export async function startSandboxCallbackBridgeServer(input: { }); const nodeCommand = input.nodeCommand?.trim() || "node"; const startResult = await input.runner.execute({ - command: "sh", - args: [ - "-lc", + command: shellCommand, + args: shellCommandArgs( [ `mkdir -p ${shellQuote(directories.requestsDir)} ${shellQuote(directories.responsesDir)} ${shellQuote(directories.logsDir)}`, `rm -f ${shellQuote(directories.readyFile)} ${shellQuote(directories.pidFile)}`, @@ -566,8 +921,11 @@ export async function startSandboxCallbackBridgeServer(input: { `printf '%s\\n' \"$pid\" > ${shellQuote(directories.pidFile)}`, "printf '{\"pid\":%s}\\n' \"$pid\"", ].join("\n"), - ], + ), cwd: input.remoteCwd, + env: { + [SANDBOX_EXEC_CHANNEL_ENV]: SANDBOX_EXEC_CHANNEL_BRIDGE, + }, timeoutMs, }); requireSuccessfulResult("start sandbox callback bridge", startResult); @@ -594,6 +952,7 @@ export async function startSandboxCallbackBridgeServer(input: { "exit 1", ].join("\n"), timeoutMs, + shellCommand, ); requireSuccessfulResult("wait for sandbox callback bridge readiness", readyResult); @@ -626,9 +985,8 @@ export async function startSandboxCallbackBridgeServer(input: { directories, stop: async () => { const stopResult = await input.runner.execute({ - command: "sh", - args: [ - "-lc", + command: shellCommand, + args: shellCommandArgs( [ `if [ -s ${shellQuote(directories.pidFile)} ]; then`, ` pid="$(cat ${shellQuote(directories.pidFile)})"`, @@ -641,8 +999,11 @@ export async function startSandboxCallbackBridgeServer(input: { "fi", `rm -f ${shellQuote(directories.pidFile)} ${shellQuote(directories.readyFile)}`, ].join("\n"), - ], + ), cwd: input.remoteCwd, + env: { + [SANDBOX_EXEC_CHANNEL_ENV]: SANDBOX_EXEC_CHANNEL_BRIDGE, + }, timeoutMs, }); if (stopResult.timedOut) { diff --git a/packages/adapter-utils/src/sandbox-install-command.test.ts b/packages/adapter-utils/src/sandbox-install-command.test.ts new file mode 100644 index 00000000..454d227e --- /dev/null +++ b/packages/adapter-utils/src/sandbox-install-command.test.ts @@ -0,0 +1,14 @@ +import { describe, expect, it } from "vitest"; +import { buildSandboxNpmInstallCommand } from "./sandbox-install-command.js"; + +describe("buildSandboxNpmInstallCommand", () => { + it("installs globally as root, via sudo when available, and under ~/.local otherwise", () => { + expect(buildSandboxNpmInstallCommand("@google/gemini-cli")).toBe( + 'if [ "$(id -u)" -eq 0 ]; then npm install -g \'@google/gemini-cli\'; elif command -v sudo >/dev/null 2>&1 && sudo -n true >/dev/null 2>&1; then sudo -E npm install -g \'@google/gemini-cli\'; else mkdir -p "$HOME/.local" && npm install -g --prefix "$HOME/.local" \'@google/gemini-cli\'; fi', + ); + }); + + it("shell-quotes package names", () => { + expect(buildSandboxNpmInstallCommand("odd'pkg")).toContain("'odd'\"'\"'pkg'"); + }); +}); diff --git a/packages/adapter-utils/src/sandbox-install-command.ts b/packages/adapter-utils/src/sandbox-install-command.ts new file mode 100644 index 00000000..ceede21d --- /dev/null +++ b/packages/adapter-utils/src/sandbox-install-command.ts @@ -0,0 +1,16 @@ +function shellSingleQuote(value: string): string { + return `'${value.replaceAll("'", `'\"'\"'`)}'`; +} + +export function buildSandboxNpmInstallCommand(packageName: string): string { + const quotedPackageName = shellSingleQuote(packageName); + return [ + 'if [ "$(id -u)" -eq 0 ]; then', + `npm install -g ${quotedPackageName};`, + 'elif command -v sudo >/dev/null 2>&1 && sudo -n true >/dev/null 2>&1; then', + `sudo -E npm install -g ${quotedPackageName};`, + "else", + `mkdir -p "$HOME/.local" && npm install -g --prefix "$HOME/.local" ${quotedPackageName};`, + "fi", + ].join(" "); +} diff --git a/packages/adapter-utils/src/sandbox-managed-runtime.test.ts b/packages/adapter-utils/src/sandbox-managed-runtime.test.ts index 4f8532c1..5f51faaa 100644 --- a/packages/adapter-utils/src/sandbox-managed-runtime.test.ts +++ b/packages/adapter-utils/src/sandbox-managed-runtime.test.ts @@ -84,7 +84,7 @@ describe("sandbox managed runtime", () => { await rm(remotePath, { recursive: true, force: true }); }, run: async (command) => { - await execFile("sh", ["-lc", command], { + await execFile("sh", ["-c", command], { maxBuffer: 32 * 1024 * 1024, }); }, @@ -126,7 +126,7 @@ describe("sandbox managed runtime", () => { await expect(readFile(path.join(localWorkspaceDir, "README.md"), "utf8")).resolves.toBe("remote workspace\n"); await expect(readFile(path.join(localWorkspaceDir, "remote-only.txt"), "utf8")).resolves.toBe("sync back\n"); - await expect(readFile(path.join(localWorkspaceDir, "local-stale.txt"), "utf8")).rejects.toMatchObject({ code: "ENOENT" }); + await expect(readFile(path.join(localWorkspaceDir, "local-stale.txt"), "utf8")).resolves.toBe("remove\n"); await expect(readFile(path.join(localWorkspaceDir, ".claude", "settings.json"), "utf8")).resolves.toBe("{\"local\":true}\n"); await expect(readFile(path.join(localWorkspaceDir, ".paperclip-runtime", "state.json"), "utf8")).resolves.toBe("{}\n"); }); diff --git a/packages/adapter-utils/src/sandbox-managed-runtime.ts b/packages/adapter-utils/src/sandbox-managed-runtime.ts index 518cc80a..62375d7d 100644 --- a/packages/adapter-utils/src/sandbox-managed-runtime.ts +++ b/packages/adapter-utils/src/sandbox-managed-runtime.ts @@ -3,6 +3,7 @@ import { constants as fsConstants, promises as fs } from "node:fs"; import os from "node:os"; import path from "node:path"; import { promisify } from "node:util"; +import { captureDirectorySnapshot, mergeDirectoryWithBaseline } from "./workspace-restore-merge.js"; const execFile = promisify(execFileCallback); @@ -13,7 +14,6 @@ export interface SandboxRemoteExecutionSpec { remoteCwd: string; timeoutMs: number; apiKey: string | null; - paperclipApiUrl?: string | null; } export interface SandboxManagedRuntimeAsset { @@ -85,7 +85,6 @@ export function parseSandboxRemoteExecutionSpec(value: unknown): SandboxRemoteEx remoteCwd, timeoutMs, apiKey: asString(parsed.apiKey).trim() || null, - paperclipApiUrl: asString(parsed.paperclipApiUrl).trim() || null, }; } @@ -96,7 +95,6 @@ export function buildSandboxExecutionSessionIdentity(spec: SandboxRemoteExecutio provider: spec.provider, sandboxId: spec.sandboxId, remoteCwd: spec.remoteCwd, - ...(spec.paperclipApiUrl ? { paperclipApiUrl: spec.paperclipApiUrl } : {}), } as const; } @@ -108,8 +106,7 @@ export function sandboxExecutionSessionMatches(saved: unknown, current: SandboxR asString(parsedSaved.transport) === currentIdentity.transport && asString(parsedSaved.provider) === currentIdentity.provider && asString(parsedSaved.sandboxId) === currentIdentity.sandboxId && - asString(parsedSaved.remoteCwd) === currentIdentity.remoteCwd && - asString(parsedSaved.paperclipApiUrl) === asString(currentIdentity.paperclipApiUrl) + asString(parsedSaved.remoteCwd) === currentIdentity.remoteCwd ); } @@ -252,6 +249,9 @@ export async function prepareSandboxManagedRuntime(input: { }): Promise { const workspaceRemoteDir = input.workspaceRemoteDir ?? input.spec.remoteCwd; const runtimeRootDir = path.posix.join(workspaceRemoteDir, ".paperclip-runtime", input.adapterKey); + const baselineSnapshot = await captureDirectorySnapshot(input.workspaceLocalDir, { + exclude: [...new Set([".paperclip-runtime", ...(input.preserveAbsentOnRestore ?? []), ...(input.workspaceExclude ?? [])])], + }); await withTempDir("paperclip-sandbox-sync-", async (tempDir) => { const workspaceTarPath = path.join(tempDir, "workspace.tar"); @@ -267,7 +267,7 @@ export async function prepareSandboxManagedRuntime(input: { const preservedNames = new Set([".paperclip-runtime", ...(input.preserveAbsentOnRestore ?? [])]); const findPreserveArgs = [...preservedNames].map((entry) => `! -name ${shellQuote(entry)}`).join(" "); await input.client.run( - `sh -lc ${shellQuote( + `sh -c ${shellQuote( `mkdir -p ${shellQuote(workspaceRemoteDir)} && ` + `find ${shellQuote(workspaceRemoteDir)} -mindepth 1 -maxdepth 1 ${findPreserveArgs} -exec rm -rf -- {} + && ` + `tar -xf ${shellQuote(remoteWorkspaceTar)} -C ${shellQuote(workspaceRemoteDir)} && ` + @@ -289,7 +289,7 @@ export async function prepareSandboxManagedRuntime(input: { const remoteAssetTar = path.posix.join(runtimeRootDir, `${asset.key}-upload.tar`); await input.client.writeFile(remoteAssetTar, toArrayBuffer(assetTarBytes)); await input.client.run( - `sh -lc ${shellQuote( + `sh -c ${shellQuote( `rm -rf ${shellQuote(remoteAssetDir)} && ` + `mkdir -p ${shellQuote(remoteAssetDir)} && ` + `tar -xf ${shellQuote(remoteAssetTar)} -C ${shellQuote(remoteAssetDir)} && ` + @@ -314,7 +314,7 @@ export async function prepareSandboxManagedRuntime(input: { await withTempDir("paperclip-sandbox-restore-", async (tempDir) => { const remoteWorkspaceTar = path.posix.join(runtimeRootDir, "workspace-download.tar"); await input.client.run( - `sh -lc ${shellQuote( + `sh -c ${shellQuote( `mkdir -p ${shellQuote(runtimeRootDir)} && ` + `tar -cf ${shellQuote(remoteWorkspaceTar)} -C ${shellQuote(workspaceRemoteDir)} ` + `${tarExcludeFlags(input.workspaceExclude)} .`, @@ -330,8 +330,10 @@ export async function prepareSandboxManagedRuntime(input: { archivePath: localArchivePath, localDir: extractedDir, }); - await mirrorDirectory(extractedDir, input.workspaceLocalDir, { - preserveAbsent: [".paperclip-runtime", ...(input.preserveAbsentOnRestore ?? [])], + await mergeDirectoryWithBaseline({ + baseline: baselineSnapshot, + sourceDir: extractedDir, + targetDir: input.workspaceLocalDir, }); }); }, diff --git a/packages/adapter-utils/src/sandbox-shell.ts b/packages/adapter-utils/src/sandbox-shell.ts new file mode 100644 index 00000000..965f0299 --- /dev/null +++ b/packages/adapter-utils/src/sandbox-shell.ts @@ -0,0 +1,7 @@ +export function preferredShellForSandbox(shellCommand: string | null | undefined): "bash" | "sh" { + return shellCommand === "bash" ? "bash" : "sh"; +} + +export function shellCommandArgs(script: string): string[] { + return ["-c", script]; +} diff --git a/packages/adapter-utils/src/server-utils.test.ts b/packages/adapter-utils/src/server-utils.test.ts index 16ad5303..654b1929 100644 --- a/packages/adapter-utils/src/server-utils.test.ts +++ b/packages/adapter-utils/src/server-utils.test.ts @@ -9,9 +9,13 @@ import { buildInvocationEnvForLogs, DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE, materializePaperclipSkillCopy, + refreshPaperclipWorkspaceEnvForExecution, renderPaperclipWakePrompt, runningProcesses, runChildProcess, + sanitizeSshRemoteEnv, + shapePaperclipWorkspaceEnvForExecution, + rewriteWorkspaceCwdEnvVarsForExecution, stringifyPaperclipWakePayload, } from "./server-utils.js"; @@ -60,6 +64,86 @@ describe("buildInvocationEnvForLogs", () => { }); }); +describe("sanitizeSshRemoteEnv", () => { + it("drops inherited host shell identity variables for SSH remote execution", () => { + expect( + sanitizeSshRemoteEnv( + { + PATH: "/host/bin:/usr/bin", + HOME: "/Users/local", + NVM_DIR: "/Users/local/.nvm", + TMPDIR: "/var/folders/local/T", + XDG_CONFIG_HOME: "/Users/local/.config", + SAFE_VALUE: "visible", + }, + { + PATH: "/host/bin:/usr/bin", + HOME: "/Users/local", + NVM_DIR: "/Users/local/.nvm", + TMPDIR: "/var/folders/local/T", + XDG_CONFIG_HOME: "/Users/local/.config", + }, + ), + ).toEqual({ + SAFE_VALUE: "visible", + }); + }); + + it("preserves explicit remote overrides even for filtered key names", () => { + expect( + sanitizeSshRemoteEnv( + { + PATH: "/custom/remote/bin:/usr/bin", + HOME: "/home/agent", + TMPDIR: "/tmp", + SAFE_VALUE: "visible", + }, + { + PATH: "/host/bin:/usr/bin", + HOME: "/Users/local", + TMPDIR: "/var/folders/local/T", + }, + ), + ).toEqual({ + PATH: "/custom/remote/bin:/usr/bin", + HOME: "/home/agent", + TMPDIR: "/tmp", + SAFE_VALUE: "visible", + }); + }); + + it("filters identity keys via case-insensitive match against the inherited env", () => { + expect( + sanitizeSshRemoteEnv( + { + // Caller passed PATH in upper case while the inherited (Windows-style) + // host env exposes it as Path. The lookup must still treat them as + // equal so the leaked host PATH gets stripped. + PATH: "/host/bin:/usr/bin", + HOME: "/host/home", + }, + { + Path: "/host/bin:/usr/bin", + home: "/host/home", + }, + ), + ).toEqual({}); + }); + + it("preserves explicitly-set identity keys when the inherited env disagrees in case but not in value", () => { + expect( + sanitizeSshRemoteEnv( + { + PATH: "/explicit/remote/bin", + }, + { + Path: "/host/bin:/usr/bin", + }, + ), + ).toEqual({ PATH: "/explicit/remote/bin" }); + }); +}); + describe("materializePaperclipSkillCopy", () => { it("refuses to materialize into an ancestor of the source", async () => { const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-skill-copy-")); @@ -336,6 +420,9 @@ describe("renderPaperclipWakePrompt", () => { it("keeps the default local-agent prompt action-oriented", () => { expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("Start actionable work in this heartbeat"); expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("do not stop at a plan"); + expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("clear final disposition"); + expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("evidence, not valid liveness paths by themselves"); + expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("keep `in_progress` only when a live continuation path exists"); expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("Prefer the smallest verification that proves the change"); expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("Use child issues"); expect(DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE).toContain("instead of polling agents, sessions, or processes"); @@ -369,8 +456,118 @@ describe("renderPaperclipWakePrompt", () => { expect(prompt).toContain("## Paperclip Wake Payload"); expect(prompt).toContain("Execution contract: take concrete action in this heartbeat"); - expect(prompt).toContain("use child issues instead of polling"); - expect(prompt).toContain("mark blocked work with the unblock owner/action"); + expect(prompt).toContain("clear final disposition"); + expect(prompt).toContain("evidence, not valid liveness paths by themselves"); + expect(prompt).toContain("Use child issues for long or parallel delegated work instead of polling"); + expect(prompt).toContain("named unblock owner/action"); + }); + + it("renders planning-mode directives for assignment and comment wakes", () => { + const assignmentPrompt = renderPaperclipWakePrompt({ + reason: "issue_assigned", + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + status: "in_progress", + workMode: "planning", + }, + commentWindow: { requestedCount: 0, includedCount: 0, missingCount: 0 }, + comments: [], + fallbackFetchNeeded: false, + }); + + expect(assignmentPrompt).toContain("- issue work mode: planning"); + expect(assignmentPrompt).toContain("Make the plan only. Do not write code or perform implementation work."); + + const commentPrompt = renderPaperclipWakePrompt({ + reason: "issue_commented", + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + status: "in_progress", + workMode: "planning", + }, + commentIds: ["comment-1"], + latestCommentId: "comment-1", + commentWindow: { requestedCount: 1, includedCount: 1, missingCount: 0 }, + comments: [{ id: "comment-1", body: "Revise the plan" }], + fallbackFetchNeeded: false, + }); + + expect(commentPrompt).toContain("Update the plan only. Do not write code or perform implementation work."); + }); + + it("does not render stale accepted-plan continuation guidance for later planning comment wakes", () => { + const prompt = renderPaperclipWakePrompt({ + reason: "issue_commented", + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + status: "in_progress", + workMode: "planning", + }, + interactionKind: "request_confirmation", + interactionStatus: "accepted", + commentIds: ["comment-1"], + latestCommentId: "comment-1", + commentWindow: { requestedCount: 1, includedCount: 1, missingCount: 0 }, + comments: [{ id: "comment-1", body: "Revise the plan" }], + fallbackFetchNeeded: false, + }); + + expect(prompt).toContain("Update the plan only. Do not write code or perform implementation work."); + expect(prompt).not.toContain("accepted-plan continuation"); + expect(prompt).not.toContain("Create child issues from the approved plan only"); + }); + + it("renders accepted-plan continuation guidance for planning issues", () => { + const prompt = renderPaperclipWakePrompt({ + reason: "issue_commented", + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + status: "in_progress", + workMode: "planning", + }, + interactionKind: "request_confirmation", + interactionStatus: "accepted", + commentWindow: { requestedCount: 0, includedCount: 0, missingCount: 0 }, + comments: [], + fallbackFetchNeeded: false, + }); + + expect(prompt).toContain("accepted-plan continuation"); + expect(prompt).toContain("Create child issues from the approved plan only"); + expect(prompt).toContain("may create child implementation issues"); + expect(prompt).toContain("must not start implementation work on the planning issue itself"); + }); + + it("keeps accepted-plan guidance when stale comment ids have no loaded comments", () => { + const prompt = renderPaperclipWakePrompt({ + reason: "issue_commented", + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + status: "in_progress", + workMode: "planning", + }, + interactionKind: "request_confirmation", + interactionStatus: "accepted", + commentIds: ["stale-comment-1"], + latestCommentId: "stale-comment-1", + commentWindow: { requestedCount: 1, includedCount: 0, missingCount: 1 }, + comments: [], + fallbackFetchNeeded: true, + }); + + expect(prompt).toContain("accepted-plan continuation"); + expect(prompt).toContain("Create child issues from the approved plan only"); + expect(prompt).not.toContain("Update the plan only"); }); it("renders dependency-blocked interaction guidance", () => { @@ -551,6 +748,183 @@ describe("applyPaperclipWorkspaceEnv", () => { }); }); +describe("shapePaperclipWorkspaceEnvForExecution", () => { + it("rewrites workspace env paths for remote execution", () => { + const shaped = shapePaperclipWorkspaceEnvForExecution({ + workspaceCwd: "/tmp/workspace", + workspaceWorktreePath: "/tmp/worktree", + workspaceHints: [ + { + workspaceId: "workspace-1", + cwd: "/tmp/workspace", + repoUrl: "https://github.com/paperclipai/paperclip.git", + }, + { + workspaceId: "workspace-2", + cwd: "/tmp/other-workspace", + repoUrl: "https://github.com/paperclipai/paperclip.git", + }, + { + workspaceId: "workspace-3", + repoUrl: "https://github.com/paperclipai/paperclip.git", + }, + ], + executionTargetIsRemote: true, + executionCwd: "/remote/workspace", + }); + + expect(shaped).toEqual({ + workspaceCwd: "/remote/workspace", + workspaceWorktreePath: null, + workspaceHints: [ + { + workspaceId: "workspace-1", + cwd: "/remote/workspace", + repoUrl: "https://github.com/paperclipai/paperclip.git", + }, + { + workspaceId: "workspace-2", + repoUrl: "https://github.com/paperclipai/paperclip.git", + }, + { + workspaceId: "workspace-3", + repoUrl: "https://github.com/paperclipai/paperclip.git", + }, + ], + }); + }); + + it("leaves local execution workspace paths unchanged", () => { + const workspaceHints = [{ workspaceId: "workspace-1", cwd: "/tmp/workspace" }]; + const shaped = shapePaperclipWorkspaceEnvForExecution({ + workspaceCwd: "/tmp/workspace", + workspaceWorktreePath: "/tmp/worktree", + workspaceHints, + executionTargetIsRemote: false, + executionCwd: "/remote/workspace", + }); + + expect(shaped).toEqual({ + workspaceCwd: "/tmp/workspace", + workspaceWorktreePath: "/tmp/worktree", + workspaceHints, + }); + }); +}); + +describe("rewriteWorkspaceCwdEnvVarsForExecution", () => { + it("rewrites custom *_WORKSPACE_CWD env vars for remote execution", () => { + const env = rewriteWorkspaceCwdEnvVarsForExecution({ + workspaceCwd: "/host/workspace", + executionCwd: "/remote/workspace", + executionTargetIsRemote: true, + env: { + QA_PROJECT_WORKSPACE_CWD: "/host/workspace", + RANDOM_WORKSPACE_CWD: "/host/workspace", + OTHER_ENV: "/host/workspace", + }, + }); + + expect(env).toEqual({ + QA_PROJECT_WORKSPACE_CWD: "/remote/workspace", + RANDOM_WORKSPACE_CWD: "/remote/workspace", + OTHER_ENV: "/host/workspace", + }); + }); + + it("does not rewrite matching values for local execution", () => { + const env = rewriteWorkspaceCwdEnvVarsForExecution({ + workspaceCwd: "/host/workspace", + executionCwd: "/remote/workspace", + executionTargetIsRemote: false, + env: { + QA_PROJECT_WORKSPACE_CWD: "/host/workspace", + RANDOM_WORKSPACE_CWD_TOKEN: "/host/workspace", + }, + }); + + expect(env).toEqual({ + QA_PROJECT_WORKSPACE_CWD: "/host/workspace", + RANDOM_WORKSPACE_CWD_TOKEN: "/host/workspace", + }); + }); + + it("only rewrites matching *_WORKSPACE_CWD string values", () => { + const env = rewriteWorkspaceCwdEnvVarsForExecution({ + workspaceCwd: "/host/workspace", + executionCwd: "/remote/workspace", + executionTargetIsRemote: true, + env: { + MATCHING_WORKSPACE_CWD: "/host/workspace/.", + DIFFERENT_WORKSPACE_CWD: "/host/other-workspace", + BLANK_WORKSPACE_CWD: " ", + NON_STRING_WORKSPACE_CWD: 42, + }, + }); + + expect(env).toEqual({ + MATCHING_WORKSPACE_CWD: "/remote/workspace", + DIFFERENT_WORKSPACE_CWD: "/host/other-workspace", + BLANK_WORKSPACE_CWD: " ", + }); + }); +}); + +describe("refreshPaperclipWorkspaceEnvForExecution", () => { + it("rewrites Paperclip workspace env to the prepared remote runtime cwd", () => { + const env: Record = { + PAPERCLIP_WORKSPACE_CWD: "/remote/workspace", + PAPERCLIP_WORKSPACE_WORKTREE_PATH: "/host/worktree", + PAPERCLIP_WORKSPACES_JSON: JSON.stringify([ + { workspaceId: "workspace-1", cwd: "/remote/workspace" }, + { workspaceId: "workspace-2", cwd: "/tmp/other" }, + ]), + QA_PROJECT_WORKSPACE_CWD: "/remote/workspace", + }; + + const shaped = refreshPaperclipWorkspaceEnvForExecution({ + env, + envConfig: { + QA_PROJECT_WORKSPACE_CWD: "/host/workspace", + }, + workspaceCwd: "/host/workspace", + workspaceWorktreePath: "/host/worktree", + workspaceHints: [ + { workspaceId: "workspace-1", cwd: "/host/workspace" }, + { workspaceId: "workspace-2", cwd: "/tmp/other" }, + ], + executionTargetIsRemote: true, + executionCwd: "/remote/workspace/.paperclip-runtime/runs/run-1/workspace", + }); + + expect(shaped).toEqual({ + workspaceCwd: "/remote/workspace/.paperclip-runtime/runs/run-1/workspace", + workspaceWorktreePath: null, + workspaceHints: [ + { + workspaceId: "workspace-1", + cwd: "/remote/workspace/.paperclip-runtime/runs/run-1/workspace", + }, + { + workspaceId: "workspace-2", + }, + ], + }); + expect(env.PAPERCLIP_WORKSPACE_CWD).toBe("/remote/workspace/.paperclip-runtime/runs/run-1/workspace"); + expect(env.PAPERCLIP_WORKSPACE_WORKTREE_PATH).toBeUndefined(); + expect(env.QA_PROJECT_WORKSPACE_CWD).toBe("/remote/workspace/.paperclip-runtime/runs/run-1/workspace"); + expect(JSON.parse(env.PAPERCLIP_WORKSPACES_JSON ?? "[]")).toEqual([ + { + workspaceId: "workspace-1", + cwd: "/remote/workspace/.paperclip-runtime/runs/run-1/workspace", + }, + { + workspaceId: "workspace-2", + }, + ]); + }); +}); + describe("appendWithByteCap", () => { it("keeps valid UTF-8 when trimming through multibyte text", () => { const output = appendWithByteCap("prefix ", "hello — world", 7); diff --git a/packages/adapter-utils/src/server-utils.ts b/packages/adapter-utils/src/server-utils.ts index bb4eb40d..4624f637 100644 --- a/packages/adapter-utils/src/server-utils.ts +++ b/packages/adapter-utils/src/server-utils.ts @@ -1,7 +1,9 @@ import { spawn, type ChildProcess } from "node:child_process"; import { createHash, randomUUID } from "node:crypto"; import { constants as fsConstants, promises as fs, type Dirent } from "node:fs"; +import os from "node:os"; import path from "node:path"; +import { sanitizeRemoteExecutionEnv } from "./remote-execution-env.js"; import { buildSshSpawnTarget, type SshRemoteExecutionSpec } from "./ssh.js"; import { redactCommandText } from "./command-redaction.js"; import type { @@ -77,6 +79,8 @@ export const runningProcesses = new Map(); export const MAX_CAPTURE_BYTES = 4 * 1024 * 1024; export const MAX_EXCERPT_BYTES = 32 * 1024; const TERMINAL_RESULT_SCAN_OVERLAP_CHARS = 64 * 1024; +const DEFAULT_PAPERCLIP_INSTANCE_ID = "default"; +const PATH_SEGMENT_RE = /^[a-zA-Z0-9_-]+$/; const SENSITIVE_ENV_KEY = /(key|token|secret|password|passwd|authorization|cookie)/i; const REDACTED_LOG_VALUE = "***REDACTED***"; const PAPERCLIP_SKILL_ROOT_RELATIVE_CANDIDATES = [ @@ -87,12 +91,33 @@ const MATERIALIZED_SKILL_SENTINEL = ".paperclip-materialized-skill.json"; const MATERIALIZED_SKILL_LOCK_OWNER = "owner.json"; const MATERIALIZED_SKILL_LOCK_STALE_MS = 30_000; +function expandHomePrefix(value: string): string { + if (value === "~") return os.homedir(); + if (value.startsWith("~/")) return path.resolve(os.homedir(), value.slice(2)); + return value; +} + +export function resolvePaperclipInstanceRootForAdapter(input: { + homeDir?: string; + instanceId?: string; + env?: NodeJS.ProcessEnv; +} = {}): string { + const env = input.env ?? process.env; + const homeRaw = input.homeDir?.trim() || env.PAPERCLIP_HOME?.trim(); + const homeDir = path.resolve(homeRaw ? expandHomePrefix(homeRaw) : path.resolve(os.homedir(), ".paperclip")); + const instanceId = input.instanceId?.trim() || env.PAPERCLIP_INSTANCE_ID?.trim() || DEFAULT_PAPERCLIP_INSTANCE_ID; + if (!PATH_SEGMENT_RE.test(instanceId)) throw new Error(`Invalid PAPERCLIP_INSTANCE_ID '${instanceId}'.`); + return path.resolve(homeDir, "instances", instanceId); +} + export const DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE = [ "You are agent {{agent.id}} ({{agent.name}}). Continue your Paperclip work.", "", "Execution contract:", "- Start actionable work in this heartbeat; do not stop at a plan unless the issue asks for planning.", - "- Leave durable progress in comments, documents, or work products with a clear next action.", + "- Leave durable progress in comments, documents, or work products, then update the issue to a clear final disposition before ending the heartbeat.", + "- Comments, documents, screenshots, work products, and `Remaining` bullets are evidence, not valid liveness paths by themselves.", + "- Final disposition checklist: mark `done` when complete; use `in_review` only with a real reviewer, approval, interaction, or monitor path; use `blocked` only with first-class blockers or a named unblock owner/action; create delegated follow-up issues with blockers when another agent owns the next step; keep `in_progress` only when a live continuation path exists.", "- Prefer the smallest verification that proves the change; do not default to full workspace typecheck/build/test on every heartbeat unless the task scope warrants it.", "- Use child issues for parallel or long delegated work instead of polling agents, sessions, or processes.", "- If woken by a human comment on a dependency-blocked issue, respond or triage the comment without treating the blocked deliverable work as unblocked.", @@ -280,6 +305,7 @@ type PaperclipWakeIssue = { identifier: string | null; title: string | null; status: string | null; + workMode: string | null; priority: string | null; }; @@ -365,6 +391,8 @@ type PaperclipWakePayload = { executionStage: PaperclipWakeExecutionStage | null; continuationSummary: PaperclipWakeContinuationSummary | null; livenessContinuation: PaperclipWakeLivenessContinuation | null; + interactionKind: string | null; + interactionStatus: string | null; childIssueSummaries: PaperclipWakeChildIssueSummary[]; childIssueSummaryTruncated: boolean; commentIds: string[]; @@ -383,6 +411,7 @@ function normalizePaperclipWakeIssue(value: unknown): PaperclipWakeIssue | null const identifier = asString(issue.identifier, "").trim() || null; const title = asString(issue.title, "").trim() || null; const status = asString(issue.status, "").trim() || null; + const workMode = asString(issue.workMode, "").trim() || null; const priority = asString(issue.priority, "").trim() || null; if (!id && !identifier && !title) return null; return { @@ -390,6 +419,7 @@ function normalizePaperclipWakeIssue(value: unknown): PaperclipWakeIssue | null identifier, title, status, + workMode, priority, }; } @@ -572,6 +602,8 @@ export function normalizePaperclipWakePayload(value: unknown): PaperclipWakePayl executionStage, continuationSummary, livenessContinuation, + interactionKind: asString(payload.interactionKind, "").trim() || null, + interactionStatus: asString(payload.interactionStatus, "").trim() || null, childIssueSummaries, childIssueSummaryTruncated: asBoolean(payload.childIssueSummaryTruncated, false), commentIds, @@ -591,6 +623,15 @@ export function stringifyPaperclipWakePayload(value: unknown): string | null { return JSON.stringify(normalized); } +export function readPaperclipIssueWorkModeFromContext(value: unknown): string | null { + const context = parseObject(value); + const issue = parseObject(context.paperclipIssue); + const direct = asString(issue.workMode, "").trim(); + if (direct) return direct; + const wake = normalizePaperclipWakePayload(context.paperclipWake); + return wake?.issue?.workMode ?? null; +} + export function renderPaperclipWakePrompt( value: unknown, options: { resumedSession?: boolean } = {}, @@ -614,7 +655,7 @@ export function renderPaperclipWakePrompt( "Focus on the new wake delta below and continue the current task without restating the full heartbeat boilerplate.", "Fetch the API thread only when `fallbackFetchNeeded` is true or you need broader history than this batch.", "", - "Execution contract: take concrete action in this heartbeat when the issue is actionable; do not stop at a plan unless planning was requested. Leave durable progress with a clear next action, use child issues instead of polling for long or parallel work, and mark blocked work with the unblock owner/action.", + "Execution contract: take concrete action in this heartbeat when the issue is actionable; do not stop at a plan unless planning was requested. Leave durable progress and then give the issue a clear final disposition before ending the heartbeat: `done`, `in_review` with a real reviewer/approval/interaction path, `blocked` with first-class blockers or a named unblock owner/action, delegated follow-up issues with blockers, or `in_progress` only when a live continuation path exists. Use child issues for long or parallel delegated work instead of polling. Comments, documents, screenshots, work products, and `Remaining` bullets are evidence, not valid liveness paths by themselves.", "", `- reason: ${normalized.reason ?? "unknown"}`, `- issue: ${normalized.issue?.identifier ?? normalized.issue?.id ?? "unknown"}${normalized.issue?.title ? ` ${normalized.issue.title}` : ""}`, @@ -631,7 +672,7 @@ export function renderPaperclipWakePrompt( "Use this inline wake data first before refetching the issue thread.", "Only fetch the API thread when `fallbackFetchNeeded` is true or you need broader history than this batch.", "", - "Execution contract: take concrete action in this heartbeat when the issue is actionable; do not stop at a plan unless planning was requested. Leave durable progress with a clear next action, use child issues instead of polling for long or parallel work, and mark blocked work with the unblock owner/action.", + "Execution contract: take concrete action in this heartbeat when the issue is actionable; do not stop at a plan unless planning was requested. Leave durable progress and then give the issue a clear final disposition before ending the heartbeat: `done`, `in_review` with a real reviewer/approval/interaction path, `blocked` with first-class blockers or a named unblock owner/action, delegated follow-up issues with blockers, or `in_progress` only when a live continuation path exists. Use child issues for long or parallel delegated work instead of polling. Comments, documents, screenshots, work products, and `Remaining` bullets are evidence, not valid liveness paths by themselves.", "", `- reason: ${normalized.reason ?? "unknown"}`, `- issue: ${normalized.issue?.identifier ?? normalized.issue?.id ?? "unknown"}${normalized.issue?.title ? ` ${normalized.issue.title}` : ""}`, @@ -643,9 +684,31 @@ export function renderPaperclipWakePrompt( if (normalized.issue?.status) { lines.push(`- issue status: ${normalized.issue.status}`); } + if (normalized.issue?.workMode) { + lines.push(`- issue work mode: ${normalized.issue.workMode}`); + } if (normalized.issue?.priority) { lines.push(`- issue priority: ${normalized.issue.priority}`); } + if (normalized.issue?.workMode === "planning") { + const hasWakeComments = normalized.comments.length > 0; + const acceptedPlanContinuation = + !hasWakeComments && + normalized.interactionKind === "request_confirmation" && normalized.interactionStatus === "accepted"; + let directive = "Make the plan only. Do not write code or perform implementation work."; + if (hasWakeComments) { + directive = "Update the plan only. Do not write code or perform implementation work."; + } + if (acceptedPlanContinuation) { + directive = "Create child issues from the approved plan only. Do not write code or perform implementation work on the planning issue."; + } + lines.push(`- planning directive: ${directive}`); + if (acceptedPlanContinuation) { + lines.push( + "- accepted-plan continuation: you may create child implementation issues from the approved plan, but must not start implementation work on the planning issue itself", + ); + } + } if (normalized.checkedOutByHarness) { lines.push("- checkout: already claimed by the harness for this run"); } @@ -885,6 +948,177 @@ export function applyPaperclipWorkspaceEnv( return env; } +export function shapePaperclipWorkspaceEnvForExecution(input: { + workspaceCwd?: string | null; + workspaceWorktreePath?: string | null; + workspaceHints?: Array>; + executionTargetIsRemote?: boolean; + executionCwd?: string | null; +}): { + workspaceCwd: string | null; + workspaceWorktreePath: string | null; + workspaceHints: Array>; +} { + const workspaceCwd = + typeof input.workspaceCwd === "string" && input.workspaceCwd.trim().length > 0 + ? input.workspaceCwd.trim() + : null; + const workspaceWorktreePath = + typeof input.workspaceWorktreePath === "string" && input.workspaceWorktreePath.trim().length > 0 + ? input.workspaceWorktreePath.trim() + : null; + const workspaceHints = Array.isArray(input.workspaceHints) ? input.workspaceHints : []; + + if (!input.executionTargetIsRemote) { + return { + workspaceCwd, + workspaceWorktreePath, + workspaceHints, + }; + } + + const executionCwd = + typeof input.executionCwd === "string" && input.executionCwd.trim().length > 0 + ? input.executionCwd.trim() + : null; + // On a remote target we must never fall back to the local workspaceCwd — + // doing so leaks host paths into the remote env (the exact failure mode + // this helper exists to prevent). Callers are expected to resolve + // executionCwd via adapterExecutionTargetRemoteCwd before calling this + // helper, which always returns a non-empty string. Surface a warning so + // future callers don't silently regress to the leak. + if (executionCwd === null) { + // eslint-disable-next-line no-console + console.warn( + "[paperclip] shapePaperclipWorkspaceEnvForExecution called with executionCwd=null on a remote target; " + + "stripping workspaceCwd to avoid leaking local paths into the remote environment.", + ); + } + const realizedWorkspaceCwd = executionCwd; + const localWorkspaceCwd = workspaceCwd ? path.resolve(workspaceCwd) : null; + const shapedWorkspaceHints = workspaceHints.map((hint) => { + const nextHint = { ...hint }; + const hintCwd = typeof nextHint.cwd === "string" ? nextHint.cwd.trim() : ""; + if (!hintCwd) return nextHint; + + if (localWorkspaceCwd && path.resolve(hintCwd) === localWorkspaceCwd) { + if (realizedWorkspaceCwd) { + nextHint.cwd = realizedWorkspaceCwd; + } else { + delete nextHint.cwd; + } + return nextHint; + } + + delete nextHint.cwd; + return nextHint; + }); + + return { + workspaceCwd: realizedWorkspaceCwd, + workspaceWorktreePath: null, + workspaceHints: shapedWorkspaceHints, + }; +} + +export function rewriteWorkspaceCwdEnvVarsForExecution(input: { + env: Record; + workspaceCwd?: string | null; + executionCwd?: string | null; + executionTargetIsRemote?: boolean; +}): Record { + const nextEnv = Object.fromEntries( + Object.entries(input.env) + .filter((entry): entry is [string, string] => typeof entry[1] === "string"), + ) as Record; + const localWorkspaceCwd = typeof input.workspaceCwd === "string" && input.workspaceCwd.trim().length > 0 + ? path.resolve(input.workspaceCwd) + : null; + // executionCwd is a remote path on the target host; we deliberately do not + // run `path.resolve` against it because that applies host-Node semantics + // (current working directory, host path separator) to a path that lives on + // the remote shell. Callers always pass absolute remote paths, so we + // forward the trimmed value verbatim. + const remoteWorkspaceCwd = typeof input.executionCwd === "string" && input.executionCwd.trim().length > 0 + ? input.executionCwd.trim() + : null; + + if (!input.executionTargetIsRemote || !localWorkspaceCwd || !remoteWorkspaceCwd) { + return nextEnv; + } + + for (const [key, value] of Object.entries(nextEnv)) { + if (!key.endsWith("_WORKSPACE_CWD")) continue; + const trimmed = value.trim(); + if (!trimmed) continue; + if (path.resolve(trimmed) !== localWorkspaceCwd) continue; + nextEnv[key] = remoteWorkspaceCwd; + } + + return nextEnv; +} + +export function refreshPaperclipWorkspaceEnvForExecution(input: { + env: Record; + envConfig?: Record; + workspaceCwd?: string | null; + workspaceSource?: string | null; + workspaceStrategy?: string | null; + workspaceId?: string | null; + workspaceRepoUrl?: string | null; + workspaceRepoRef?: string | null; + workspaceBranch?: string | null; + workspaceWorktreePath?: string | null; + workspaceHints?: Array>; + agentHome?: string | null; + executionTargetIsRemote?: boolean; + executionCwd?: string | null; +}): { + workspaceCwd: string | null; + workspaceWorktreePath: string | null; + workspaceHints: Array>; +} { + const shapedWorkspaceEnv = shapePaperclipWorkspaceEnvForExecution({ + workspaceCwd: input.workspaceCwd, + workspaceWorktreePath: input.workspaceWorktreePath, + workspaceHints: input.workspaceHints, + executionTargetIsRemote: input.executionTargetIsRemote, + executionCwd: input.executionCwd, + }); + + delete input.env.PAPERCLIP_WORKSPACE_CWD; + delete input.env.PAPERCLIP_WORKSPACE_WORKTREE_PATH; + delete input.env.PAPERCLIP_WORKSPACES_JSON; + + applyPaperclipWorkspaceEnv(input.env, { + workspaceCwd: shapedWorkspaceEnv.workspaceCwd, + workspaceSource: input.workspaceSource, + workspaceStrategy: input.workspaceStrategy, + workspaceId: input.workspaceId, + workspaceRepoUrl: input.workspaceRepoUrl, + workspaceRepoRef: input.workspaceRepoRef, + workspaceBranch: input.workspaceBranch, + workspaceWorktreePath: shapedWorkspaceEnv.workspaceWorktreePath, + agentHome: input.agentHome, + }); + + if (shapedWorkspaceEnv.workspaceHints.length > 0) { + input.env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(shapedWorkspaceEnv.workspaceHints); + } + + const shapedEnvConfig = rewriteWorkspaceCwdEnvVarsForExecution({ + env: input.envConfig ?? {}, + workspaceCwd: input.workspaceCwd, + executionCwd: shapedWorkspaceEnv.workspaceCwd, + executionTargetIsRemote: input.executionTargetIsRemote, + }); + for (const [key, value] of Object.entries(shapedEnvConfig)) { + input.env[key] = value; + } + + return shapedWorkspaceEnv; +} + export function sanitizeInheritedPaperclipEnv(baseEnv: NodeJS.ProcessEnv): NodeJS.ProcessEnv { const env: NodeJS.ProcessEnv = { ...baseEnv }; for (const key of Object.keys(env)) { @@ -966,6 +1200,13 @@ function quoteForCmd(arg: string) { return /[\s"&<>|^()]/.test(escaped) ? `"${escaped}"` : escaped; } +export function sanitizeSshRemoteEnv( + env: Record, + inheritedEnv: NodeJS.ProcessEnv = process.env, +): Record { + return sanitizeRemoteExecutionEnv(env, inheritedEnv); +} + function resolveWindowsCmdShell(env: NodeJS.ProcessEnv): string { const fallbackRoot = env.SystemRoot || process.env.SystemRoot || "C:\\Windows"; return path.join(fallbackRoot, "System32", "cmd.exe"); diff --git a/packages/adapter-utils/src/session-compaction.ts b/packages/adapter-utils/src/session-compaction.ts index c42cbf8f..1de7f3d6 100644 --- a/packages/adapter-utils/src/session-compaction.ts +++ b/packages/adapter-utils/src/session-compaction.ts @@ -40,6 +40,7 @@ export const LEGACY_SESSIONED_ADAPTER_TYPES = new Set([ "acpx_local", "claude_local", "codex_local", + "cursor_cloud", "cursor", "gemini_local", "hermes_local", @@ -63,6 +64,11 @@ export const ADAPTER_SESSION_MANAGEMENT: Record { return await new Promise((resolve, reject) => { @@ -28,6 +32,28 @@ async function git(cwd: string, args: string[]): Promise { }); } +async function startSshEnvLabFixtureOrSkip(statePath: string, label: string) { + if (sshEnvLabUnsupportedReason) { + console.warn(`Skipping ${label}: ${sshEnvLabUnsupportedReason}`); + return null; + } + + const support = await getSshEnvLabSupport(); + if (!support.supported) { + sshEnvLabUnsupportedReason = support.reason ?? "unsupported environment"; + console.warn(`Skipping ${label}: ${sshEnvLabUnsupportedReason}`); + return null; + } + + try { + return await startSshEnvLabFixture({ statePath }); + } catch (error) { + sshEnvLabUnsupportedReason = error instanceof Error ? error.message : String(error); + console.warn(`Skipping ${label}: ${sshEnvLabUnsupportedReason}`); + return null; + } +} + describe("ssh env-lab fixture", () => { const cleanupDirs: string[] = []; @@ -40,24 +66,17 @@ describe("ssh env-lab fixture", () => { }); it("starts an isolated sshd fixture and executes commands through it", async () => { - const support = await getSshEnvLabSupport(); - if (!support.supported) { - console.warn( - `Skipping SSH env-lab fixture test: ${support.reason ?? "unsupported environment"}`, - ); - return; - } - const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); cleanupDirs.push(rootDir); const statePath = path.join(rootDir, "state.json"); - const started = await startSshEnvLabFixture({ statePath }); + const started = await startSshEnvLabFixtureOrSkip(statePath, "SSH env-lab fixture test"); + if (!started) return; const config = await buildSshEnvLabFixtureConfig(started); const quotedWorkspace = JSON.stringify(started.workspaceDir); const result = await runSshCommand( config, - `sh -lc 'cd ${quotedWorkspace} && pwd'`, + `cd ${quotedWorkspace} && pwd`, ); expect(result.stdout.trim()).toBe(started.workspaceDir); @@ -68,22 +87,44 @@ describe("ssh env-lab fixture", () => { const stopped = await readSshEnvLabFixtureStatus(statePath); expect(stopped.running).toBe(false); - }); - - it("does not treat an unrelated reused pid as the running fixture", async () => { - const support = await getSshEnvLabSupport(); - if (!support.supported) { - console.warn( - `Skipping SSH env-lab fixture test: ${support.reason ?? "unsupported environment"}`, - ); - return; - } + }, SSH_FIXTURE_TEST_TIMEOUT_MS); + it("forwards stdin to remote SSH commands", async () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); cleanupDirs.push(rootDir); const statePath = path.join(rootDir, "state.json"); - const started = await startSshEnvLabFixture({ statePath }); + const started = await startSshEnvLabFixtureOrSkip(statePath, "SSH stdin forwarding test"); + if (!started) return; + const config = await buildSshEnvLabFixtureConfig(started); + const remotePath = path.posix.join(started.workspaceDir, "stdin-forwarded.txt"); + + await runSshCommand( + config, + `cat > ${JSON.stringify(remotePath)}`, + { + stdin: "hello over ssh stdin\n", + timeoutMs: 30_000, + maxBuffer: 256 * 1024, + }, + ); + + const result = await runSshCommand( + config, + `cat ${JSON.stringify(remotePath)}`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + + expect(result.stdout).toBe("hello over ssh stdin\n"); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); + + it("does not treat an unrelated reused pid as the running fixture", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); + cleanupDirs.push(rootDir); + const statePath = path.join(rootDir, "state.json"); + + const started = await startSshEnvLabFixtureOrSkip(statePath, "SSH env-lab fixture test"); + if (!started) return; await stopSshEnvLabFixture(statePath); await mkdir(path.dirname(statePath), { recursive: true }); @@ -96,11 +137,12 @@ describe("ssh env-lab fixture", () => { const staleStatus = await readSshEnvLabFixtureStatus(statePath); expect(staleStatus.running).toBe(false); - const restarted = await startSshEnvLabFixture({ statePath }); + const restarted = await startSshEnvLabFixtureOrSkip(statePath, "SSH env-lab fixture restart test"); + if (!restarted) return; expect(restarted.pid).not.toBe(process.pid); await stopSshEnvLabFixture(statePath); - }); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); it("rejects invalid environment variable keys when constructing SSH spawn targets", async () => { await expect( @@ -125,14 +167,6 @@ describe("ssh env-lab fixture", () => { }); it("syncs a local directory into the remote fixture workspace", async () => { - const support = await getSshEnvLabSupport(); - if (!support.supported) { - console.warn( - `Skipping SSH env-lab fixture test: ${support.reason ?? "unsupported environment"}`, - ); - return; - } - const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); cleanupDirs.push(rootDir); const statePath = path.join(rootDir, "state.json"); @@ -142,7 +176,8 @@ describe("ssh env-lab fixture", () => { await writeFile(path.join(localDir, "message.txt"), "hello from paperclip\n", "utf8"); await writeFile(path.join(localDir, "._message.txt"), "should never sync\n", "utf8"); - const started = await startSshEnvLabFixture({ statePath }); + const started = await startSshEnvLabFixtureOrSkip(statePath, "SSH env-lab fixture test"); + if (!started) return; const config = await buildSshEnvLabFixtureConfig(started); const remoteDir = path.posix.join(started.workspaceDir, "overlay"); @@ -157,22 +192,14 @@ describe("ssh env-lab fixture", () => { const result = await runSshCommand( config, - `sh -lc 'cat ${JSON.stringify(path.posix.join(remoteDir, "message.txt"))} && if [ -e ${JSON.stringify(path.posix.join(remoteDir, "._message.txt"))} ]; then echo appledouble-present; fi'`, + `cat ${JSON.stringify(path.posix.join(remoteDir, "message.txt"))} && if [ -e ${JSON.stringify(path.posix.join(remoteDir, "._message.txt"))} ]; then echo appledouble-present; fi`, ); expect(result.stdout).toContain("hello from paperclip"); expect(result.stdout).not.toContain("appledouble-present"); - }); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); it("can dereference local symlinks while syncing to the remote fixture", async () => { - const support = await getSshEnvLabSupport(); - if (!support.supported) { - console.warn( - `Skipping SSH symlink sync test: ${support.reason ?? "unsupported environment"}`, - ); - return; - } - const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); cleanupDirs.push(rootDir); const statePath = path.join(rootDir, "state.json"); @@ -184,7 +211,8 @@ describe("ssh env-lab fixture", () => { await writeFile(path.join(sourceDir, "auth.json"), "{\"token\":\"secret\"}\n", "utf8"); await symlink(path.join(sourceDir, "auth.json"), path.join(localDir, "auth.json")); - const started = await startSshEnvLabFixture({ statePath }); + const started = await startSshEnvLabFixtureOrSkip(statePath, "SSH symlink sync test"); + if (!started) return; const config = await buildSshEnvLabFixtureConfig(started); const remoteDir = path.posix.join(started.workspaceDir, "overlay-follow-links"); @@ -200,29 +228,22 @@ describe("ssh env-lab fixture", () => { const result = await runSshCommand( config, - `sh -lc 'if [ -L ${JSON.stringify(path.posix.join(remoteDir, "auth.json"))} ]; then echo symlink; else echo regular; fi && cat ${JSON.stringify(path.posix.join(remoteDir, "auth.json"))}'`, + `if [ -L ${JSON.stringify(path.posix.join(remoteDir, "auth.json"))} ]; then echo symlink; else echo regular; fi && cat ${JSON.stringify(path.posix.join(remoteDir, "auth.json"))}`, ); expect(result.stdout).toContain("regular"); expect(result.stdout).toContain("{\"token\":\"secret\"}"); - }); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); it("round-trips a git workspace through the SSH fixture", async () => { - const support = await getSshEnvLabSupport(); - if (!support.supported) { - console.warn( - `Skipping SSH workspace round-trip test: ${support.reason ?? "unsupported environment"}`, - ); - return; - } - const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); cleanupDirs.push(rootDir); const statePath = path.join(rootDir, "state.json"); const localRepo = path.join(rootDir, "local-workspace"); await mkdir(localRepo, { recursive: true }); - await git(localRepo, ["init", "-b", "main"]); + await git(localRepo, ["init"]); + await git(localRepo, ["checkout", "-b", "main"]); await git(localRepo, ["config", "user.name", "Paperclip Test"]); await git(localRepo, ["config", "user.email", "test@paperclip.dev"]); await writeFile(path.join(localRepo, "tracked.txt"), "base\n", "utf8"); @@ -233,7 +254,8 @@ describe("ssh env-lab fixture", () => { await writeFile(path.join(localRepo, "tracked.txt"), "dirty local\n", "utf8"); await writeFile(path.join(localRepo, "untracked.txt"), "from local\n", "utf8"); - const started = await startSshEnvLabFixture({ statePath }); + const started = await startSshEnvLabFixtureOrSkip(statePath, "SSH workspace round-trip test"); + if (!started) return; const config = await buildSshEnvLabFixtureConfig(started); const spec = { ...config, @@ -248,7 +270,7 @@ describe("ssh env-lab fixture", () => { const remoteStatus = await runSshCommand( config, - `sh -lc 'cd ${JSON.stringify(started.workspaceDir)} && git status --short'`, + `cd ${JSON.stringify(started.workspaceDir)} && git status --short`, ); expect(remoteStatus.stdout).toContain("M tracked.txt"); expect(remoteStatus.stdout).toContain("?? untracked.txt"); @@ -256,7 +278,7 @@ describe("ssh env-lab fixture", () => { await runSshCommand( config, - `sh -lc 'cd ${JSON.stringify(started.workspaceDir)} && git config user.name "Paperclip SSH" && git config user.email "ssh@paperclip.dev" && git add tracked.txt untracked.txt && git commit -m "remote update" >/dev/null && printf "remote dirty\\n" > tracked.txt && printf "remote extra\\n" > remote-only.txt'`, + `cd ${JSON.stringify(started.workspaceDir)} && git config user.name "Paperclip SSH" && git config user.email "ssh@paperclip.dev" && git add tracked.txt untracked.txt && git commit -m "remote update" >/dev/null && printf "remote dirty\\n" > tracked.txt && printf "remote extra\\n" > remote-only.txt`, { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, ); @@ -271,5 +293,222 @@ describe("ssh env-lab fixture", () => { expect(await git(localRepo, ["log", "-1", "--pretty=%s"])).toBe("remote update"); expect(await git(localRepo, ["status", "--short"])).toContain("M tracked.txt"); expect(await git(localRepo, ["status", "--short"])).not.toContain("._tracked.txt"); - }); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); + + it("preserves both concurrent SSH restores in a shared git workspace", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); + cleanupDirs.push(rootDir); + const statePath = path.join(rootDir, "state.json"); + const localRepo = path.join(rootDir, "local-workspace"); + + await mkdir(localRepo, { recursive: true }); + await git(localRepo, ["init"]); + await git(localRepo, ["checkout", "-b", "main"]); + await git(localRepo, ["config", "user.name", "Paperclip Test"]); + await git(localRepo, ["config", "user.email", "test@paperclip.dev"]); + await writeFile(path.join(localRepo, "tracked.txt"), "base\n", "utf8"); + await git(localRepo, ["add", "tracked.txt"]); + await git(localRepo, ["commit", "-m", "initial"]); + + const started = await startSshEnvLabFixtureOrSkip(statePath, "concurrent SSH restore test"); + if (!started) return; + const config = await buildSshEnvLabFixtureConfig(started); + const spec = { + ...config, + remoteCwd: started.workspaceDir, + } as const; + + const preparedA = await prepareRemoteManagedRuntime({ + spec, + runId: "run-a", + adapterKey: "test-adapter", + workspaceLocalDir: localRepo, + }); + const preparedB = await prepareRemoteManagedRuntime({ + spec, + runId: "run-b", + adapterKey: "test-adapter", + workspaceLocalDir: localRepo, + }); + + expect(preparedA.workspaceRemoteDir).not.toBe(preparedB.workspaceRemoteDir); + + await runSshCommand( + config, + `printf "from run a\\n" > ${JSON.stringify(path.posix.join(preparedA.workspaceRemoteDir, "run-a.txt"))}`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + await runSshCommand( + config, + `printf "from run b\\n" > ${JSON.stringify(path.posix.join(preparedB.workspaceRemoteDir, "run-b.txt"))}`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + + await Promise.all([ + preparedA.restoreWorkspace(), + preparedB.restoreWorkspace(), + ]); + + await expect(readFile(path.join(localRepo, "run-a.txt"), "utf8")).resolves.toBe("from run a\n"); + await expect(readFile(path.join(localRepo, "run-b.txt"), "utf8")).resolves.toBe("from run b\n"); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); + + it("preserves nested per-run files across sequential SSH restores with stale baselines", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); + cleanupDirs.push(rootDir); + const statePath = path.join(rootDir, "state.json"); + const localRepo = path.join(rootDir, "local-workspace"); + + await mkdir(localRepo, { recursive: true }); + await git(localRepo, ["init"]); + await git(localRepo, ["checkout", "-b", "main"]); + await git(localRepo, ["config", "user.name", "Paperclip Test"]); + await git(localRepo, ["config", "user.email", "test@paperclip.dev"]); + await writeFile(path.join(localRepo, "tracked.txt"), "base\n", "utf8"); + await git(localRepo, ["add", "tracked.txt"]); + await git(localRepo, ["commit", "-m", "initial"]); + + const started = await startSshEnvLabFixtureOrSkip(statePath, "sequential nested SSH restore test"); + if (!started) return; + const config = await buildSshEnvLabFixtureConfig(started); + const spec = { + ...config, + remoteCwd: started.workspaceDir, + } as const; + + const preparedA = await prepareRemoteManagedRuntime({ + spec, + runId: "run-a", + adapterKey: "test-adapter", + workspaceLocalDir: localRepo, + }); + const preparedB = await prepareRemoteManagedRuntime({ + spec, + runId: "run-b", + adapterKey: "test-adapter", + workspaceLocalDir: localRepo, + }); + + await runSshCommand( + config, + `mkdir -p ${JSON.stringify(path.posix.join(preparedA.workspaceRemoteDir, "manual-qa/environment-matrix/ssh"))} && printf "from run a\\n" > ${JSON.stringify(path.posix.join(preparedA.workspaceRemoteDir, "manual-qa/environment-matrix/ssh/claude_local.md"))}`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + await runSshCommand( + config, + `mkdir -p ${JSON.stringify(path.posix.join(preparedB.workspaceRemoteDir, "manual-qa/environment-matrix/ssh"))} && printf "from run b\\n" > ${JSON.stringify(path.posix.join(preparedB.workspaceRemoteDir, "manual-qa/environment-matrix/ssh/codex_local.md"))}`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + + await preparedA.restoreWorkspace(); + await preparedB.restoreWorkspace(); + + await expect(readFile(path.join(localRepo, "manual-qa/environment-matrix/ssh/claude_local.md"), "utf8")).resolves + .toBe("from run a\n"); + await expect(readFile(path.join(localRepo, "manual-qa/environment-matrix/ssh/codex_local.md"), "utf8")).resolves + .toBe("from run b\n"); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); + + it("round-trips remote git commits through the managed runtime restore path", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); + cleanupDirs.push(rootDir); + const statePath = path.join(rootDir, "state.json"); + const localRepo = path.join(rootDir, "local-workspace"); + + await mkdir(localRepo, { recursive: true }); + await git(localRepo, ["init"]); + await git(localRepo, ["checkout", "-b", "main"]); + await git(localRepo, ["config", "user.name", "Paperclip Test"]); + await git(localRepo, ["config", "user.email", "test@paperclip.dev"]); + await writeFile(path.join(localRepo, "tracked.txt"), "base\n", "utf8"); + await git(localRepo, ["add", "tracked.txt"]); + await git(localRepo, ["commit", "-m", "initial"]); + + const started = await startSshEnvLabFixtureOrSkip(statePath, "managed-runtime SSH git round-trip test"); + if (!started) return; + const config = await buildSshEnvLabFixtureConfig(started); + const spec = { + ...config, + remoteCwd: started.workspaceDir, + } as const; + + const prepared = await prepareRemoteManagedRuntime({ + spec, + runId: "run-commit", + adapterKey: "test-adapter", + workspaceLocalDir: localRepo, + }); + + await runSshCommand( + config, + `cd ${JSON.stringify(prepared.workspaceRemoteDir)} && git config user.name "Paperclip SSH" && git config user.email "ssh@paperclip.dev" && printf "committed\\n" > tracked.txt && git add tracked.txt && git commit -m "remote update" >/dev/null && printf "dirty remote\\n" > tracked.txt`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + + await prepared.restoreWorkspace(); + + expect(await git(localRepo, ["log", "-1", "--pretty=%s"])).toBe("remote update"); + await expect(readFile(path.join(localRepo, "tracked.txt"), "utf8")).resolves.toBe("dirty remote\n"); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); + + it("merges concurrent remote commits through the managed runtime restore path", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-fixture-")); + cleanupDirs.push(rootDir); + const statePath = path.join(rootDir, "state.json"); + const localRepo = path.join(rootDir, "local-workspace"); + + await mkdir(localRepo, { recursive: true }); + await git(localRepo, ["init"]); + await git(localRepo, ["checkout", "-b", "main"]); + await git(localRepo, ["config", "user.name", "Paperclip Test"]); + await git(localRepo, ["config", "user.email", "test@paperclip.dev"]); + await writeFile(path.join(localRepo, "tracked.txt"), "base\n", "utf8"); + await git(localRepo, ["add", "tracked.txt"]); + await git(localRepo, ["commit", "-m", "initial"]); + + const started = await startSshEnvLabFixtureOrSkip(statePath, "concurrent managed-runtime SSH git merge test"); + if (!started) return; + const config = await buildSshEnvLabFixtureConfig(started); + const spec = { + ...config, + remoteCwd: started.workspaceDir, + } as const; + + const preparedA = await prepareRemoteManagedRuntime({ + spec, + runId: "run-commit-a", + adapterKey: "test-adapter", + workspaceLocalDir: localRepo, + }); + const preparedB = await prepareRemoteManagedRuntime({ + spec, + runId: "run-commit-b", + adapterKey: "test-adapter", + workspaceLocalDir: localRepo, + }); + + await runSshCommand( + config, + `cd ${JSON.stringify(preparedA.workspaceRemoteDir)} && git config user.name "Paperclip SSH" && git config user.email "ssh@paperclip.dev" && printf "from run a\\n" > run-a.txt && git add run-a.txt && git commit -m "remote update a" >/dev/null`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + await runSshCommand( + config, + `cd ${JSON.stringify(preparedB.workspaceRemoteDir)} && git config user.name "Paperclip SSH" && git config user.email "ssh@paperclip.dev" && printf "from run b\\n" > run-b.txt && git add run-b.txt && git commit -m "remote update b" >/dev/null`, + { timeoutMs: 30_000, maxBuffer: 256 * 1024 }, + ); + + await Promise.all([ + preparedA.restoreWorkspace(), + preparedB.restoreWorkspace(), + ]); + + await expect(readFile(path.join(localRepo, "run-a.txt"), "utf8")).resolves.toBe("from run a\n"); + await expect(readFile(path.join(localRepo, "run-b.txt"), "utf8")).resolves.toBe("from run b\n"); + expect(await git(localRepo, ["log", "-1", "--pretty=%s"])).toContain("Paperclip SSH sync merge"); + + const recentSubjects = await git(localRepo, ["log", "--pretty=%s", "-3"]); + expect(recentSubjects).toContain("remote update a"); + expect(recentSubjects).toContain("remote update b"); + }, SSH_FIXTURE_TEST_TIMEOUT_MS); }); diff --git a/packages/adapter-utils/src/ssh.ts b/packages/adapter-utils/src/ssh.ts index 2e41829c..abf15940 100644 --- a/packages/adapter-utils/src/ssh.ts +++ b/packages/adapter-utils/src/ssh.ts @@ -1,8 +1,13 @@ +import { randomUUID } from "node:crypto"; import { execFile, spawn } from "node:child_process"; import { constants as fsConstants, createReadStream, createWriteStream, promises as fs } from "node:fs"; import net from "node:net"; import os from "node:os"; import path from "node:path"; +import type { CommandManagedRuntimeRunner } from "./command-managed-runtime.js"; +import type { RunProcessResult } from "./server-utils.js"; +import type { DirectorySnapshot } from "./workspace-restore-merge.js"; +import { mergeDirectoryWithBaseline } from "./workspace-restore-merge.js"; export interface SshConnectionConfig { host: string; @@ -21,7 +26,85 @@ export interface SshCommandResult { export interface SshRemoteExecutionSpec extends SshConnectionConfig { remoteCwd: string; - paperclipApiUrl?: string | null; +} + +export function createSshCommandManagedRuntimeRunner(input: { + spec: SshRemoteExecutionSpec; + defaultCwd?: string | null; + maxBufferBytes?: number | null; +}): CommandManagedRuntimeRunner { + const defaultCwd = input.defaultCwd?.trim() || input.spec.remoteCwd; + const maxBufferBytes = + typeof input.maxBufferBytes === "number" && Number.isFinite(input.maxBufferBytes) && input.maxBufferBytes > 0 + ? Math.trunc(input.maxBufferBytes) + : 1024 * 1024; + + return { + execute: async (commandInput): Promise => { + const startedAt = new Date().toISOString(); + const command = commandInput.command.trim(); + const args = commandInput.args ?? []; + const cwd = commandInput.cwd?.trim() || defaultCwd; + const envEntries = Object.entries(commandInput.env ?? {}) + .filter((entry): entry is [string, string] => typeof entry[1] === "string"); + const envPrefix = envEntries.length > 0 + ? `env ${envEntries.map(([key, value]) => `${key}=${shellQuote(value)}`).join(" ")} ` + : ""; + const exportPrefix = envEntries.length > 0 + ? envEntries.map(([key, value]) => `export ${key}=${shellQuote(value)};`).join(" ") + " " + : ""; + const commandScript = command === "sh" || command === "bash" + ? (args[0] === "-c" || args[0] === "-lc") && typeof args[1] === "string" + ? `${exportPrefix}${args[1]}` + : `${envPrefix}exec ${[shellQuote(command), ...args.map((arg) => shellQuote(arg))].join(" ")}` + : `${envPrefix}exec ${[shellQuote(command), ...args.map((arg) => shellQuote(arg))].join(" ")}`; + const remoteCommand = `cd ${shellQuote(cwd)} && ${commandScript}`; + + try { + const result = await runSshCommand(input.spec, remoteCommand, { + stdin: commandInput.stdin, + timeoutMs: commandInput.timeoutMs, + maxBuffer: maxBufferBytes, + }); + if (result.stdout) await commandInput.onLog?.("stdout", result.stdout); + if (result.stderr) await commandInput.onLog?.("stderr", result.stderr); + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: result.stdout, + stderr: result.stderr, + pid: null, + startedAt, + }; + } catch (error) { + const failure = error as { + stdout?: unknown; + stderr?: unknown; + code?: unknown; + signal?: unknown; + killed?: unknown; + }; + const stdout = typeof failure.stdout === "string" ? failure.stdout : ""; + const stderr = typeof failure.stderr === "string" + ? failure.stderr + : error instanceof Error + ? error.message + : String(error); + if (stdout) await commandInput.onLog?.("stdout", stdout); + if (stderr) await commandInput.onLog?.("stderr", stderr); + return { + exitCode: typeof failure.code === "number" ? failure.code : null, + signal: typeof failure.signal === "string" ? failure.signal : null, + timedOut: failure.killed === true, + stdout, + stderr, + pid: null, + startedAt, + }; + } + }, + }; } export interface SshEnvLabSupport { @@ -83,10 +166,6 @@ export function parseSshRemoteExecutionSpec(value: unknown): SshRemoteExecutionS port: portValue, username, remoteCwd, - paperclipApiUrl: - typeof parsed.paperclipApiUrl === "string" && parsed.paperclipApiUrl.trim().length > 0 - ? parsed.paperclipApiUrl.trim() - : null, remoteWorkspacePath: typeof parsed.remoteWorkspacePath === "string" && parsed.remoteWorkspacePath.trim().length > 0 ? parsed.remoteWorkspacePath.trim() @@ -98,50 +177,6 @@ export function parseSshRemoteExecutionSpec(value: unknown): SshRemoteExecutionS }; } -function normalizeHttpUrlCandidate(value: string): string | null { - const trimmed = value.trim(); - if (!trimmed) return null; - try { - const parsed = new URL(trimmed); - if (parsed.protocol !== "http:" && parsed.protocol !== "https:") { - return null; - } - return parsed.origin; - } catch { - return null; - } -} - -export async function findReachablePaperclipApiUrlOverSsh(input: { - config: SshConnectionConfig; - candidates: string[]; - timeoutMs?: number; -}): Promise { - const uniqueCandidates = Array.from( - new Set( - input.candidates - .map((candidate) => normalizeHttpUrlCandidate(candidate)) - .filter((candidate): candidate is string => candidate !== null), - ), - ); - - for (const candidate of uniqueCandidates) { - const healthUrl = new URL("/api/health", candidate).toString(); - try { - await runSshCommand( - input.config, - `sh -lc ${shellQuote(`curl -fsS -m ${Math.max(1, Math.ceil((input.timeoutMs ?? 5_000) / 1000))} ${shellQuote(healthUrl)} >/dev/null`)}`, - { timeoutMs: input.timeoutMs ?? 5_000 }, - ); - return candidate; - } catch { - continue; - } - } - - return null; -} - async function execFileText( file: string, args: string[], @@ -172,6 +207,113 @@ async function execFileText( }); } +async function spawnText( + file: string, + args: string[], + options: { + stdin?: string; + timeout?: number; + maxBuffer?: number; + } = {}, +): Promise { + return await new Promise((resolve, reject) => { + const child = spawn(file, args, { + stdio: [options.stdin != null ? "pipe" : "ignore", "pipe", "pipe"], + }); + + const maxBuffer = options.maxBuffer ?? 1024 * 128; + let stdout = ""; + let stderr = ""; + let settled = false; + let timedOut = false; + + const finishReject = (error: Error & { stdout?: string; stderr?: string; code?: number | null; killed?: boolean }) => { + if (settled) return; + settled = true; + error.stdout = stdout; + error.stderr = stderr; + error.killed = timedOut; + reject(error); + }; + + const append = ( + streamName: "stdout" | "stderr", + chunk: unknown, + ) => { + const text = String(chunk); + if (streamName === "stdout") { + stdout += text; + } else { + stderr += text; + } + if (Buffer.byteLength(stdout, "utf8") > maxBuffer || Buffer.byteLength(stderr, "utf8") > maxBuffer) { + child.kill("SIGTERM"); + finishReject(Object.assign(new Error(`Process output exceeded maxBuffer of ${maxBuffer} bytes.`), { + code: null, + })); + } + }; + + let killEscalation: NodeJS.Timeout | null = null; + const timeout = options.timeout && options.timeout > 0 + ? setTimeout(() => { + timedOut = true; + child.kill("SIGTERM"); + // Escalate to SIGKILL after a 5s grace window so a hung remote + // command that ignores SIGTERM cannot keep the child alive + // indefinitely. + killEscalation = setTimeout(() => { + try { + child.kill("SIGKILL"); + } catch { + // child may have already exited between the SIGTERM and the + // escalation — that's fine. + } + }, 5_000); + killEscalation.unref?.(); + }, options.timeout) + : null; + + const clearTimers = () => { + if (timeout) clearTimeout(timeout); + if (killEscalation) clearTimeout(killEscalation); + }; + + child.stdout?.on("data", (chunk) => { + append("stdout", chunk); + }); + child.stderr?.on("data", (chunk) => { + append("stderr", chunk); + }); + + child.on("error", (error) => { + clearTimers(); + finishReject(Object.assign(error, { code: null })); + }); + + child.on("close", (code, signal) => { + clearTimers(); + if (settled) return; + settled = true; + if (code === 0) { + resolve({ stdout, stderr }); + return; + } + reject(Object.assign(new Error(stderr.trim() || stdout.trim() || `Process exited with code ${code ?? -1}`), { + stdout, + stderr, + code, + signal, + killed: timedOut, + })); + }); + + if (options.stdin != null && child.stdin) { + child.stdin.end(options.stdin); + } + }); +} + async function runLocalGit( localDir: string, args: string[], @@ -189,7 +331,7 @@ async function commandExists(command: string): Promise { async function resolveCommandPath(command: string): Promise { try { - const result = await execFileText("sh", ["-lc", `command -v ${shellQuote(command)}`], { + const result = await execFileText("sh", ["-c", `command -v ${shellQuote(command)}`], { timeout: 5_000, maxBuffer: 8 * 1024, }); @@ -277,7 +419,7 @@ async function runSshScript( ): Promise { return await runSshCommand( config, - `sh -lc ${shellQuote(script)}`, + script, options, ); } @@ -358,7 +500,7 @@ async function streamLocalFileToSsh(input: { "-p", String(input.spec.port), `${input.spec.username}@${input.spec.host}`, - `sh -lc ${shellQuote(input.remoteScript)}`, + `sh -c ${shellQuote(input.remoteScript)}`, ]; await new Promise((resolve, reject) => { @@ -407,7 +549,7 @@ async function streamSshToLocalFile(input: { "-p", String(input.spec.port), `${input.spec.username}@${input.spec.host}`, - `sh -lc ${shellQuote(input.remoteScript)}`, + `sh -c ${shellQuote(input.remoteScript)}`, ]; await new Promise((resolve, reject) => { @@ -455,7 +597,9 @@ async function importGitWorkspaceToSsh(input: { }): Promise { const bundleDir = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-bundle-")); const bundlePath = path.join(bundleDir, "workspace.bundle"); - const tempRef = "refs/paperclip/ssh-sync/import"; + // Per-import unique ref so concurrent imports against the same local repo + // can't race on `update-ref` between this run's update and bundle create. + const tempRef = `refs/paperclip/ssh-sync/import/${randomUUID()}`; try { await runLocalGit(input.localDir, ["update-ref", tempRef, input.snapshot.headCommit], { @@ -480,6 +624,8 @@ async function importGitWorkspaceToSsh(input: { : `git -C ${shellQuote(input.remoteDir)} -c advice.detachedHead=false checkout --force --detach ${shellQuote(input.snapshot.headCommit)} >/dev/null`, `git -C ${shellQuote(input.remoteDir)} reset --hard ${shellQuote(input.snapshot.headCommit)} >/dev/null`, `git -C ${shellQuote(input.remoteDir)} clean -fdx -e .paperclip-runtime >/dev/null`, + // Drop the per-import ref on the remote side too so it can't accumulate. + `git -C ${shellQuote(input.remoteDir)} update-ref -d ${shellQuote(tempRef)} >/dev/null 2>&1 || true`, ].join("\n"); await streamLocalFileToSsh({ @@ -500,10 +646,12 @@ async function exportGitWorkspaceFromSsh(input: { spec: SshRemoteExecutionSpec; remoteDir: string; localDir: string; -}): Promise { + importedRef?: string; + resetLocalWorkspace?: boolean; +}): Promise { const bundleDir = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-bundle-")); const bundlePath = path.join(bundleDir, "workspace.bundle"); - const importedRef = "refs/paperclip/ssh-sync/imported"; + const importedRef = input.importedRef ?? `refs/paperclip/ssh-sync/imported/${randomUUID()}`; try { const exportScript = [ @@ -527,19 +675,97 @@ async function exportGitWorkspaceFromSsh(input: { timeout: 60_000, maxBuffer: 1024 * 1024, }); - await runLocalGit(input.localDir, ["reset", "--hard", importedRef], { - timeout: 60_000, - maxBuffer: 1024 * 1024, - }); - } finally { - await runLocalGit(input.localDir, ["update-ref", "-d", importedRef], { + if (input.resetLocalWorkspace !== false) { + await runLocalGit(input.localDir, ["reset", "--hard", importedRef], { + timeout: 60_000, + maxBuffer: 1024 * 1024, + }); + } + const importedHead = await runLocalGit(input.localDir, ["rev-parse", importedRef], { timeout: 10_000, maxBuffer: 16 * 1024, - }).catch(() => undefined); + }); + return importedHead.stdout.trim(); + } finally { + if (input.resetLocalWorkspace !== false) { + await runLocalGit(input.localDir, ["update-ref", "-d", importedRef], { + timeout: 10_000, + maxBuffer: 16 * 1024, + }).catch(() => undefined); + } await fs.rm(bundleDir, { recursive: true, force: true }).catch(() => undefined); } } +async function integrateImportedGitHead(input: { + localDir: string; + importedHead: string; +}): Promise { + const snapshot = await readLocalGitWorkspaceSnapshot(input.localDir); + if (!snapshot) return; + + const currentHead = snapshot.headCommit; + if (!currentHead || currentHead === input.importedHead) return; + + const headRef = snapshot.branchName ? `refs/heads/${snapshot.branchName}` : "HEAD"; + const mergeBase = await runLocalGit(input.localDir, ["merge-base", currentHead, input.importedHead], { + timeout: 10_000, + maxBuffer: 16 * 1024, + }).catch(() => null); + const mergeBaseHead = mergeBase?.stdout.trim() ?? ""; + + if (mergeBaseHead === input.importedHead) { + return; + } + + if (mergeBaseHead === currentHead) { + await runLocalGit(input.localDir, ["update-ref", headRef, input.importedHead, currentHead], { + timeout: 10_000, + maxBuffer: 16 * 1024, + }); + return; + } + + let mergedTree; + try { + mergedTree = await runLocalGit(input.localDir, ["merge-tree", "--write-tree", currentHead, input.importedHead], { + timeout: 60_000, + maxBuffer: 256 * 1024, + }); + } catch (error) { + const reason = error instanceof Error ? error.message : String(error); + throw new Error( + `Failed to merge concurrent SSH git histories for ${currentHead.slice(0, 12)} and ${input.importedHead.slice(0, 12)}: ${reason}`, + ); + } + const mergedTreeId = mergedTree.stdout.trim().split("\n")[0]?.trim() ?? ""; + if (!mergedTreeId) { + throw new Error("Failed to compute a merged git tree for SSH workspace restore."); + } + + const mergeCommit = await runLocalGit( + input.localDir, + [ + "commit-tree", + mergedTreeId, + "-p", + currentHead, + "-p", + input.importedHead, + "-m", + `Paperclip SSH sync merge ${input.importedHead.slice(0, 12)}`, + ], + { + timeout: 60_000, + maxBuffer: 64 * 1024, + }, + ); + await runLocalGit(input.localDir, ["update-ref", headRef, mergeCommit.stdout.trim(), currentHead], { + timeout: 10_000, + maxBuffer: 16 * 1024, + }); +} + async function clearRemoteDirectory(input: { spec: SshConnectionConfig; remoteDir: string; @@ -661,6 +887,13 @@ async function isSshEnvLabFixtureProcess(state: Pick { + if (process.platform === "darwin" && process.env.PAPERCLIP_ENABLE_DARWIN_SSH_ENV_LAB !== "1") { + return { + supported: false, + reason: "SSH env-lab fixture is disabled on macOS; set PAPERCLIP_ENABLE_DARWIN_SSH_ENV_LAB=1 to opt in.", + }; + } + for (const command of ["ssh", "sshd", "ssh-keygen"]) { if (!(await commandExists(command))) { return { @@ -688,6 +921,8 @@ export async function runSshCommand( config: SshConnectionConfig, remoteCommand: string, options: { + env?: Record; + stdin?: string; timeoutMs?: number; maxBuffer?: number; } = {}, @@ -697,18 +932,45 @@ export async function runSshCommand( const auth = await createSshAuthArgs(config); cleanup = auth.cleanup; const sshArgs = [...auth.args]; + const envEntries = Object.entries(options.env ?? {}) + .filter((entry): entry is [string, string] => typeof entry[1] === "string"); + for (const [key] of envEntries) { + if (!isValidShellEnvKey(key)) { + throw new Error(`Invalid SSH environment variable key: ${key}`); + } + } + + // Mirror buildSshSpawnTarget: source login profiles first, then run + // `env KEY=VAL cmd` so user-supplied identity overrides win over anything + // a profile re-exports. Without this, a remote profile that resets HOME + // / NVM_DIR / etc. would silently undo the explicit env passed in here. + const envArgs = envEntries.map(([key, value]) => `${key}=${shellQuote(value)}`); + const remoteScript = [ + 'if [ -f "$HOME/.profile" ]; then . "$HOME/.profile" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.bash_profile" ]; then . "$HOME/.bash_profile" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.zprofile" ]; then . "$HOME/.zprofile" >/dev/null 2>&1 || true; fi', + envArgs.length > 0 + ? `exec env ${envArgs.join(" ")} sh -c ${shellQuote(remoteCommand)}` + : `exec sh -c ${shellQuote(remoteCommand)}`, + ].join(" && "); sshArgs.push( "-p", String(config.port), `${config.username}@${config.host}`, - remoteCommand, + `sh -c ${shellQuote(remoteScript)}`, ); - return await execFileText("ssh", sshArgs, { - timeout: options.timeoutMs ?? 15_000, - maxBuffer: options.maxBuffer ?? 1024 * 128, - }); + return options.stdin != null + ? await spawnText("ssh", sshArgs, { + stdin: options.stdin, + timeout: options.timeoutMs ?? 15_000, + maxBuffer: options.maxBuffer ?? 1024 * 128, + }) + : await execFileText("ssh", sshArgs, { + timeout: options.timeoutMs ?? 15_000, + maxBuffer: options.maxBuffer ?? 1024 * 128, + }); } finally { await cleanup(); } @@ -751,7 +1013,7 @@ export async function buildSshSpawnTarget(input: { "-p", String(input.spec.port), `${input.spec.username}@${input.spec.host}`, - `sh -lc ${shellQuote(remoteScript)}`, + `sh -c ${shellQuote(remoteScript)}`, ); return { @@ -774,7 +1036,7 @@ export async function syncDirectoryToSsh(input: { "-p", String(input.spec.port), `${input.spec.username}@${input.spec.host}`, - `sh -lc ${shellQuote(`mkdir -p ${shellQuote(input.remoteDir)} && tar -xf - -C ${shellQuote(input.remoteDir)}`)}`, + `sh -c ${shellQuote(`mkdir -p ${shellQuote(input.remoteDir)} && tar -xf - -C ${shellQuote(input.remoteDir)}`)}`, ]; await new Promise((resolve, reject) => { @@ -870,7 +1132,7 @@ export async function syncDirectoryFromSsh(input: { "-p", String(input.spec.port), `${input.spec.username}@${input.spec.host}`, - `sh -lc ${shellQuote(remoteTarScript)}`, + `sh -c ${shellQuote(remoteTarScript)}`, ]; try { @@ -947,7 +1209,7 @@ export async function prepareWorkspaceForSshExecution(input: { spec: SshRemoteExecutionSpec; localDir: string; remoteDir?: string; -}): Promise { +}): Promise<{ gitBacked: boolean }> { const remoteDir = input.remoteDir ?? input.spec.remoteCwd; const gitSnapshot = await readLocalGitWorkspaceSnapshot(input.localDir); @@ -969,7 +1231,7 @@ export async function prepareWorkspaceForSshExecution(input: { remoteDir, deletedPaths: gitSnapshot.deletedPaths, }); - return; + return { gitBacked: true }; } await clearRemoteDirectory({ @@ -983,14 +1245,64 @@ export async function prepareWorkspaceForSshExecution(input: { remoteDir, exclude: [".paperclip-runtime"], }); + return { gitBacked: false }; } export async function restoreWorkspaceFromSshExecution(input: { spec: SshRemoteExecutionSpec; localDir: string; remoteDir?: string; + baselineSnapshot?: DirectorySnapshot; + restoreGitHistory?: boolean; }): Promise { const remoteDir = input.remoteDir ?? input.spec.remoteCwd; + if (input.baselineSnapshot) { + const stagingDir = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-ssh-sync-back-")); + const importedRef = input.restoreGitHistory + ? `refs/paperclip/ssh-sync/imported/${randomUUID()}` + : null; + try { + const importedHead = input.restoreGitHistory + ? await exportGitWorkspaceFromSsh({ + spec: input.spec, + remoteDir, + localDir: input.localDir, + importedRef: importedRef ?? undefined, + resetLocalWorkspace: false, + }) + : null; + await syncDirectoryFromSsh({ + spec: input.spec, + remoteDir, + localDir: stagingDir, + exclude: input.baselineSnapshot.exclude, + }); + await mergeDirectoryWithBaseline({ + baseline: input.baselineSnapshot, + sourceDir: stagingDir, + targetDir: input.localDir, + // Git history advances via integrateImportedGitHead; the working tree + // still comes from the remote file snapshot so dirty remote edits win. + beforeApply: importedHead + ? async () => { + await integrateImportedGitHead({ + localDir: input.localDir, + importedHead, + }); + } + : undefined, + }); + } finally { + if (importedRef) { + await runLocalGit(input.localDir, ["update-ref", "-d", importedRef], { + timeout: 10_000, + maxBuffer: 16 * 1024, + }).catch(() => undefined); + } + await fs.rm(stagingDir, { recursive: true, force: true }).catch(() => undefined); + } + return; + } const gitSnapshot = await readLocalGitWorkspaceSnapshot(input.localDir); if (gitSnapshot) { @@ -1022,7 +1334,7 @@ export async function ensureSshWorkspaceReady( ): Promise<{ remoteCwd: string }> { const result = await runSshCommand( config, - `sh -lc ${shellQuote(`mkdir -p ${shellQuote(config.remoteWorkspacePath)} && cd ${shellQuote(config.remoteWorkspacePath)} && pwd`)}`, + `mkdir -p ${shellQuote(config.remoteWorkspacePath)} && cd ${shellQuote(config.remoteWorkspacePath)} && pwd`, ); return { remoteCwd: result.stdout.trim(), diff --git a/packages/adapter-utils/src/types.ts b/packages/adapter-utils/src/types.ts index 54e456a2..3d87f7a2 100644 --- a/packages/adapter-utils/src/types.ts +++ b/packages/adapter-utils/src/types.ts @@ -125,6 +125,7 @@ export interface AdapterExecutionContext { runtime: AdapterRuntime; config: Record; context: Record; + runtimeCommandSpec?: AdapterRuntimeCommandSpec | null; executionTarget?: AdapterExecutionTarget | null; /** * Legacy remote transport view. Prefer `executionTarget`, which is the @@ -328,6 +329,23 @@ export interface AdapterConfigSchema { fields: ConfigFieldSchema[]; } +export interface AdapterRuntimeCommandSpec { + /** + * The command Paperclip should execute for this adapter in the current config. + */ + command: string; + /** + * Optional command name/path to probe for availability before launch. + * Defaults to `command` when omitted by the consumer. + */ + detectCommand?: string | null; + /** + * Optional shell snippet that can install or expose the adapter command in a + * fresh remote runtime. It should be idempotent. + */ + installCommand?: string | null; +} + export interface ServerAdapterModule { type: string; execute(ctx: AdapterExecutionContext): Promise; @@ -406,6 +424,11 @@ export interface ServerAdapterModule { * rather than reading config.paperclipRuntimeSkills. */ requiresMaterializedRuntimeSkills?: boolean; + /** + * Optional: describe how this adapter's runtime command should be launched + * and provisioned in fresh remote environments such as sandboxes. + */ + getRuntimeCommandSpec?: (config: Record) => AdapterRuntimeCommandSpec | null; } // --------------------------------------------------------------------------- diff --git a/packages/adapter-utils/src/workspace-restore-merge.test.ts b/packages/adapter-utils/src/workspace-restore-merge.test.ts new file mode 100644 index 00000000..32ad9582 --- /dev/null +++ b/packages/adapter-utils/src/workspace-restore-merge.test.ts @@ -0,0 +1,61 @@ +import { mkdir, mkdtemp, readFile, rm, writeFile } from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; + +import { captureDirectorySnapshot, mergeDirectoryWithBaseline } from "./workspace-restore-merge.js"; + +describe("workspace restore merge", () => { + const cleanupDirs: string[] = []; + + afterEach(async () => { + while (cleanupDirs.length > 0) { + const dir = cleanupDirs.pop(); + if (!dir) continue; + await rm(dir, { recursive: true, force: true }).catch(() => undefined); + } + }); + + it("preserves sibling files when sequential stale-baseline restores create the same nested directory tree", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-restore-merge-")); + cleanupDirs.push(rootDir); + + const targetDir = path.join(rootDir, "target"); + const sourceADir = path.join(rootDir, "source-a"); + const sourceBDir = path.join(rootDir, "source-b"); + await mkdir(targetDir, { recursive: true }); + await mkdir(path.join(sourceADir, "manual-qa", "environment-matrix", "ssh"), { recursive: true }); + await mkdir(path.join(sourceBDir, "manual-qa", "environment-matrix", "ssh"), { recursive: true }); + + const baseline = await captureDirectorySnapshot(targetDir, { exclude: [] }); + + await writeFile( + path.join(sourceADir, "manual-qa", "environment-matrix", "ssh", "claude_local.md"), + "ssh claude\n", + "utf8", + ); + await writeFile( + path.join(sourceBDir, "manual-qa", "environment-matrix", "ssh", "codex_local.md"), + "ssh codex\n", + "utf8", + ); + + await mergeDirectoryWithBaseline({ + baseline, + sourceDir: sourceADir, + targetDir, + }); + await mergeDirectoryWithBaseline({ + baseline, + sourceDir: sourceBDir, + targetDir, + }); + + await expect( + readFile(path.join(targetDir, "manual-qa", "environment-matrix", "ssh", "claude_local.md"), "utf8"), + ).resolves.toBe("ssh claude\n"); + await expect( + readFile(path.join(targetDir, "manual-qa", "environment-matrix", "ssh", "codex_local.md"), "utf8"), + ).resolves.toBe("ssh codex\n"); + }); +}); diff --git a/packages/adapter-utils/src/workspace-restore-merge.ts b/packages/adapter-utils/src/workspace-restore-merge.ts new file mode 100644 index 00000000..df75b236 --- /dev/null +++ b/packages/adapter-utils/src/workspace-restore-merge.ts @@ -0,0 +1,257 @@ +import { createHash } from "node:crypto"; +import { createReadStream } from "node:fs"; +import { constants as fsConstants, promises as fs } from "node:fs"; +import path from "node:path"; + +type SnapshotEntry = + | { kind: "dir" } + | { kind: "file"; mode: number; hash: string } + | { kind: "symlink"; target: string }; + +export interface DirectorySnapshot { + exclude: string[]; + entries: Map; +} + +function isRelativePathOrDescendant(relative: string, candidate: string): boolean { + return relative === candidate || relative.startsWith(`${candidate}/`); +} + +function shouldExclude(relative: string, exclude: readonly string[]): boolean { + return exclude.some((candidate) => isRelativePathOrDescendant(relative, candidate)); +} + +async function hashFile(filePath: string): Promise { + return await new Promise((resolve, reject) => { + const hash = createHash("sha256"); + const stream = createReadStream(filePath); + stream.on("data", (chunk) => hash.update(chunk)); + stream.on("error", reject); + stream.on("end", () => resolve(hash.digest("hex"))); + }); +} + +async function walkDirectory( + root: string, + exclude: readonly string[], + relative = "", + out: Map = new Map(), +): Promise> { + const current = relative ? path.join(root, relative) : root; + const entries = await fs.readdir(current, { withFileTypes: true }).catch(() => []); + entries.sort((left, right) => left.name.localeCompare(right.name)); + + for (const entry of entries) { + const nextRelative = relative ? path.posix.join(relative, entry.name) : entry.name; + if (shouldExclude(nextRelative, exclude)) continue; + + const fullPath = path.join(root, nextRelative); + const stats = await fs.lstat(fullPath); + if (stats.isDirectory()) { + out.set(nextRelative, { kind: "dir" }); + await walkDirectory(root, exclude, nextRelative, out); + continue; + } + + if (stats.isSymbolicLink()) { + out.set(nextRelative, { + kind: "symlink", + target: await fs.readlink(fullPath), + }); + continue; + } + + out.set(nextRelative, { + kind: "file", + mode: stats.mode, + hash: await hashFile(fullPath), + }); + } + + return out; +} + +async function readSnapshotEntry(root: string, relative: string): Promise { + const fullPath = path.join(root, relative); + let stats; + try { + stats = await fs.lstat(fullPath); + } catch { + return null; + } + + if (stats.isDirectory()) return { kind: "dir" }; + if (stats.isSymbolicLink()) { + return { + kind: "symlink", + target: await fs.readlink(fullPath), + }; + } + return { + kind: "file", + mode: stats.mode, + hash: await hashFile(fullPath), + }; +} + +function entriesMatch(left: SnapshotEntry | null | undefined, right: SnapshotEntry | null | undefined): boolean { + if (!left || !right) return false; + if (left.kind !== right.kind) return false; + if (left.kind === "dir") return true; + if (left.kind === "symlink" && right.kind === "symlink") { + return left.target === right.target; + } + if (left.kind === "file" && right.kind === "file") { + return left.mode === right.mode && left.hash === right.hash; + } + return false; +} + +async function isHolderAlive(lockDir: string): Promise { + try { + const raw = await fs.readFile(path.join(lockDir, "owner.json"), "utf8"); + const owner = JSON.parse(raw) as { pid?: unknown }; + const pid = typeof owner.pid === "number" && Number.isFinite(owner.pid) && owner.pid > 0 ? owner.pid : null; + if (pid === null) { + // Owner record is unparseable / missing pid — treat as stale. + return false; + } + try { + process.kill(pid, 0); + return true; + } catch { + return false; + } + } catch { + // owner.json missing or unreadable — treat as stale. + return false; + } +} + +async function acquireDirectoryMergeLock(lockDir: string): Promise<() => Promise> { + const deadline = Date.now() + 30_000; + while (true) { + try { + await fs.mkdir(lockDir); + await fs.writeFile( + path.join(lockDir, "owner.json"), + `${JSON.stringify({ pid: process.pid, createdAt: new Date().toISOString() })}\n`, + "utf8", + ); + return async () => { + await fs.rm(lockDir, { recursive: true, force: true }).catch(() => undefined); + }; + } catch (error) { + const code = error && typeof error === "object" ? (error as { code?: unknown }).code : null; + if (code !== "EEXIST") throw error; + // Stale-lock detection: if the owner PID is dead (SIGKILL / OOM / crash), + // the lockDir would otherwise persist forever and stall restores. Mirror + // the materializePaperclipSkillCopy lock pattern — remove and retry. + if (!(await isHolderAlive(lockDir))) { + await fs.rm(lockDir, { recursive: true, force: true }).catch(() => undefined); + continue; + } + if (Date.now() >= deadline) { + throw new Error(`Timed out waiting for workspace restore lock at ${lockDir}`); + } + await new Promise((resolve) => setTimeout(resolve, 50)); + } + } +} + +export async function withDirectoryMergeLock( + targetDir: string, + fn: () => Promise, +): Promise { + const releaseLock = await acquireDirectoryMergeLock(`${targetDir}.paperclip-restore.lock`); + try { + return await fn(); + } finally { + await releaseLock(); + } +} + +async function copySnapshotEntry(sourceDir: string, targetDir: string, relative: string, entry: SnapshotEntry): Promise { + const sourcePath = path.join(sourceDir, relative); + const targetPath = path.join(targetDir, relative); + + if (entry.kind === "dir") { + const existing = await fs.lstat(targetPath).catch(() => null); + if (existing?.isDirectory()) { + return; + } + if (existing) { + await fs.rm(targetPath, { recursive: true, force: true }).catch(() => undefined); + } + await fs.mkdir(targetPath, { recursive: true }); + return; + } + + await fs.mkdir(path.dirname(targetPath), { recursive: true }); + await fs.rm(targetPath, { recursive: true, force: true }).catch(() => undefined); + if (entry.kind === "symlink") { + await fs.symlink(entry.target, targetPath); + return; + } + + await fs.copyFile(sourcePath, targetPath, fsConstants.COPYFILE_FICLONE).catch(async () => { + await fs.copyFile(sourcePath, targetPath); + }); + await fs.chmod(targetPath, entry.mode); +} + +export async function captureDirectorySnapshot( + rootDir: string, + options: { exclude?: string[] } = {}, +): Promise { + const exclude = [...new Set(options.exclude ?? [])]; + return { + exclude, + entries: await walkDirectory(rootDir, exclude), + }; +} + +export async function mergeDirectoryWithBaseline(input: { + baseline: DirectorySnapshot; + sourceDir: string; + targetDir: string; + beforeApply?: () => Promise; +}): Promise { + const source = await captureDirectorySnapshot(input.sourceDir, { exclude: input.baseline.exclude }); + await withDirectoryMergeLock(input.targetDir, async () => { + await input.beforeApply?.(); + const current = await captureDirectorySnapshot(input.targetDir, { exclude: input.baseline.exclude }); + const deletedLeafEntries = [...input.baseline.entries.entries()] + .filter(([relative, entry]) => entry.kind !== "dir" && !source.entries.has(relative)) + .sort(([left], [right]) => right.length - left.length); + + for (const [relative, baselineEntry] of deletedLeafEntries) { + if (!entriesMatch(current.entries.get(relative), baselineEntry)) continue; + await fs.rm(path.join(input.targetDir, relative), { recursive: true, force: true }).catch(() => undefined); + } + + const deletedDirs = [...input.baseline.entries.entries()] + .filter(([relative, entry]) => entry.kind === "dir" && !source.entries.has(relative)) + .sort(([left], [right]) => right.length - left.length); + + for (const [relative] of deletedDirs) { + await fs.rmdir(path.join(input.targetDir, relative)).catch(() => undefined); + } + + const changedSourceEntries = [...source.entries.entries()] + .filter(([relative, entry]) => !entriesMatch(input.baseline.entries.get(relative), entry)) + .sort(([left], [right]) => left.localeCompare(right)); + + for (const [relative, entry] of changedSourceEntries) { + await copySnapshotEntry(input.sourceDir, input.targetDir, relative, entry); + } + }); +} + +export async function directoryEntryMatchesBaseline( + rootDir: string, + relative: string, + baselineEntry: SnapshotEntry, +): Promise { + return entriesMatch(await readSnapshotEntry(rootDir, relative), baselineEntry); +} diff --git a/packages/adapters/acpx-local/src/index.ts b/packages/adapters/acpx-local/src/index.ts index 1e4933c0..dcbba953 100644 --- a/packages/adapters/acpx-local/src/index.ts +++ b/packages/adapters/acpx-local/src/index.ts @@ -1,3 +1,5 @@ +import type { AdapterModel } from "@paperclipai/adapter-utils"; + export const type = "acpx_local"; export const label = "ACPX (local)"; @@ -6,6 +8,7 @@ export const DEFAULT_ACPX_LOCAL_MODE = "persistent"; export const DEFAULT_ACPX_LOCAL_PERMISSION_MODE = "approve-all"; export const DEFAULT_ACPX_LOCAL_NON_INTERACTIVE_PERMISSIONS = "deny"; export const DEFAULT_ACPX_LOCAL_TIMEOUT_SEC = 0; +export const DEFAULT_ACPX_LOCAL_WARM_HANDLE_IDLE_MS = 0; export const acpxAgentOptions = [ { id: "claude", label: "Claude via ACPX" }, @@ -13,6 +16,8 @@ export const acpxAgentOptions = [ { id: "custom", label: "Custom ACP command" }, ] as const; +export const models: AdapterModel[] = []; + export const agentConfigurationDoc = `# acpx_local agent configuration Adapter: acpx_local @@ -30,7 +35,7 @@ Don't use when: Core fields: - agent (string, optional): claude, codex, or custom. Defaults to claude. - agentCommand (string, optional): custom ACP command when agent=custom, or an override for a built-in ACP agent command. -- mode (string, optional): persistent or oneshot. Defaults to persistent. +- mode (string, optional): persistent or oneshot. Defaults to persistent. Paperclip keeps session state persistent and may close the live process between runs. - cwd (string, optional): default absolute working directory fallback for the agent process. - permissionMode (string, optional): defaults to approve-all, meaning ACPX permission requests are auto-approved. - nonInteractivePermissions (string, optional): fallback behavior when ACPX cannot ask interactively. Supported values are deny and fail. @@ -38,7 +43,11 @@ Core fields: - instructionsFilePath (string, optional): absolute path to a markdown instructions file used by Paperclip prompt construction. - promptTemplate (string, optional): run prompt template. - bootstrapPromptTemplate (string, optional): first-run bootstrap prompt template. +- model (string, optional): requested ACP model. Claude and Codex ACP agents both receive this through ACP session config. +- effort/modelReasoningEffort (string, optional): requested thinking effort. Claude uses effort; Codex uses modelReasoningEffort/reasoning_effort. +- fastMode (boolean, optional): for ACPX Codex, request Codex fast mode through ACP session config. - timeoutSec (number, optional): run timeout in seconds. Defaults to 0, meaning no adapter timeout. +- warmHandleIdleMs (number, optional): live ACPX process idle window after a successful persistent run. Defaults to 0, meaning Paperclip shuts the process down after each run while retaining ACPX session state. - env (object, optional): KEY=VALUE environment variables or secret bindings. Dependency decision: diff --git a/packages/adapters/acpx-local/src/server/config-schema.ts b/packages/adapters/acpx-local/src/server/config-schema.ts index 87100917..ca41aaac 100644 --- a/packages/adapters/acpx-local/src/server/config-schema.ts +++ b/packages/adapters/acpx-local/src/server/config-schema.ts @@ -1,10 +1,9 @@ import type { AdapterConfigSchema } from "@paperclipai/adapter-utils"; import { DEFAULT_ACPX_LOCAL_AGENT, - DEFAULT_ACPX_LOCAL_MODE, DEFAULT_ACPX_LOCAL_NON_INTERACTIVE_PERMISSIONS, - DEFAULT_ACPX_LOCAL_PERMISSION_MODE, DEFAULT_ACPX_LOCAL_TIMEOUT_SEC, + DEFAULT_ACPX_LOCAL_WARM_HANDLE_IDLE_MS, acpxAgentOptions, } from "../index.js"; @@ -26,27 +25,6 @@ export function getConfigSchema(): AdapterConfigSchema { type: "text", hint: "Required for custom agents; optional override for built-in Claude or Codex ACP commands.", }, - { - key: "mode", - label: "Session mode", - type: "select", - default: DEFAULT_ACPX_LOCAL_MODE, - options: [ - { value: "persistent", label: "Persistent" }, - { value: "oneshot", label: "One shot" }, - ], - }, - { - key: "permissionMode", - label: "Permission mode", - type: "select", - default: DEFAULT_ACPX_LOCAL_PERMISSION_MODE, - options: [ - { value: "approve-all", label: "Approve all" }, - { value: "default", label: "Approve reads" }, - ], - hint: "Defaults to maximum permissions. Approve reads grants read-only requests and asks for approval on writes.", - }, { key: "nonInteractivePermissions", label: "Non-interactive permissions", @@ -56,6 +34,7 @@ export function getConfigSchema(): AdapterConfigSchema { { value: "deny", label: "Deny" }, { value: "fail", label: "Fail" }, ], + hint: "Fallback if the ACP agent asks for input outside an interactive session. Paperclip still auto-approves permissions by default.", }, { key: "cwd", @@ -70,20 +49,12 @@ export function getConfigSchema(): AdapterConfigSchema { hint: "Optional ACPX session state directory. Defaults to Paperclip-managed company/agent scoped storage.", }, { - key: "instructionsFilePath", - label: "Instructions file", - type: "text", - hint: "Optional absolute path to markdown instructions injected into the run prompt.", - }, - { - key: "promptTemplate", - label: "Prompt template", - type: "textarea", - }, - { - key: "bootstrapPromptTemplate", - label: "Bootstrap prompt template", - type: "textarea", + key: "fastMode", + label: "Codex fast mode", + type: "toggle", + default: false, + hint: "Only applies when ACP agent is Codex. Requests Codex Fast mode through ACP session config.", + meta: { visibleWhen: { key: "agent", values: ["codex"] } }, }, { key: "timeoutSec", @@ -91,6 +62,13 @@ export function getConfigSchema(): AdapterConfigSchema { type: "number", default: DEFAULT_ACPX_LOCAL_TIMEOUT_SEC, }, + { + key: "warmHandleIdleMs", + label: "Warm process idle ms", + type: "number", + default: DEFAULT_ACPX_LOCAL_WARM_HANDLE_IDLE_MS, + hint: "Defaults to 0, which closes the ACPX process after each run while retaining persistent session state.", + }, { key: "env", label: "Environment JSON", diff --git a/packages/adapters/acpx-local/src/server/execute.test.ts b/packages/adapters/acpx-local/src/server/execute.test.ts index 5ebc239e..b009b1bc 100644 --- a/packages/adapters/acpx-local/src/server/execute.test.ts +++ b/packages/adapters/acpx-local/src/server/execute.test.ts @@ -56,7 +56,13 @@ function buildRuntime() { }; } -async function runExecutor(config: Record) { +async function runExecutor( + config: Record, + options: { + context?: Record; + executionTransport?: Record; + } = {}, +) { const runtimeOptions: Record[] = []; const meta: Record[] = []; const logs: Array<{ stream: string; text: string }> = []; @@ -73,12 +79,13 @@ async function runExecutor(config: Record) { id: "agent-1", companyId: "company-1", }, - runtime: {}, - config, - context: {}, - onLog: async (stream: "stdout" | "stderr", text: string) => { - logs.push({ stream, text }); - }, + runtime: {}, + config, + context: options.context ?? {}, + executionTransport: options.executionTransport, + onLog: async (stream: "stdout" | "stderr", text: string) => { + logs.push({ stream, text }); + }, onMeta: async (payload: unknown) => { meta.push(payload as Record); }, @@ -257,6 +264,57 @@ describe("acpx_local runtime skill isolation", () => { expect(env).not.toContain("old-key"); }); + it("shapes ACPX wrapper workspace env for remote execution identities", async () => { + const root = await makeTempRoot(); + const stateDir = path.join(root, "state"); + const workspaceDir = path.join(root, "workspace"); + await fs.mkdir(workspaceDir, { recursive: true }); + + await runExecutor( + { + agentCommand: "node ./fake-acp.js", + stateDir, + }, + { + context: { + paperclipWorkspace: { + cwd: workspaceDir, + source: "project_primary", + strategy: "git_worktree", + workspaceId: "workspace-1", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + branchName: "feature/remote-acpx", + worktreePath: workspaceDir, + }, + }, + executionTransport: { + remoteExecution: { + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteWorkspacePath: "/remote/workspace", + remoteCwd: "/remote/workspace", + privateKey: "PRIVATE KEY", + knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", + strictHostKeyChecking: true, + }, + }, + }, + ); + + const wrappers = await fs.readdir(path.join(stateDir, "wrappers")); + const envPath = path.join( + stateDir, + "wrappers", + wrappers.find((name) => name.endsWith(".env"))!, + ); + const env = await fs.readFile(envPath, "utf8"); + + expect(env).toContain("PAPERCLIP_WORKSPACE_CWD='/remote/workspace'"); + expect(env).not.toContain("PAPERCLIP_WORKSPACE_WORKTREE_PATH="); + }); + it("cleans aged credential wrapper scripts across ACPX agent changes", async () => { const root = await makeTempRoot(); const stateDir = path.join(root, "state"); diff --git a/packages/adapters/acpx-local/src/server/execute.ts b/packages/adapters/acpx-local/src/server/execute.ts index 6c2840e0..4914af44 100644 --- a/packages/adapters/acpx-local/src/server/execute.ts +++ b/packages/adapters/acpx-local/src/server/execute.ts @@ -18,9 +18,13 @@ import { materializePaperclipSkillCopy, parseObject, readPaperclipRuntimeSkillEntries, + readPaperclipIssueWorkModeFromContext, renderPaperclipWakePrompt, renderTemplate, + resolvePaperclipInstanceRootForAdapter, resolvePaperclipDesiredSkillNames, + rewriteWorkspaceCwdEnvVarsForExecution, + shapePaperclipWorkspaceEnvForExecution, stringifyPaperclipWakePayload, type PaperclipSkillEntry, } from "@paperclipai/adapter-utils/server-utils"; @@ -44,10 +48,10 @@ import { DEFAULT_ACPX_LOCAL_NON_INTERACTIVE_PERMISSIONS, DEFAULT_ACPX_LOCAL_PERMISSION_MODE, DEFAULT_ACPX_LOCAL_TIMEOUT_SEC, + DEFAULT_ACPX_LOCAL_WARM_HANDLE_IDLE_MS, } from "../index.js"; const __moduleDir = path.dirname(fileURLToPath(import.meta.url)); -const DEFAULT_WARM_HANDLE_IDLE_MS = 15 * 60 * 1000; const WRAPPER_CLEANUP_RETENTION_MS = 15 * 60 * 1000; const PAPERCLIP_MANAGED_CODEX_SKILLS_MANIFEST = ".paperclip-managed-skills.json"; @@ -58,6 +62,7 @@ interface RuntimeCacheEntry { handle: AcpRuntimeHandle; fingerprint: string; lastUsedAt: number; + cleanupTimer?: NodeJS.Timeout; } interface ExecuteDeps { @@ -78,6 +83,9 @@ interface AcpxPreparedRuntime { stateDir: string; permissionMode: "approve-all" | "approve-reads" | "deny-all"; nonInteractivePermissions: "deny" | "fail"; + requestedModel: string; + requestedThinkingEffort: string; + fastMode: boolean; timeoutSec: number; sessionKey: string; fingerprint: string; @@ -108,7 +116,10 @@ function shortHash(value: unknown): string { function defaultPaperclipInstanceDir(): string { const home = process.env.PAPERCLIP_HOME?.trim() || path.join(os.homedir(), ".paperclip"); const instanceId = process.env.PAPERCLIP_INSTANCE_ID?.trim() || "default"; - return path.join(home, "instances", instanceId); + return resolvePaperclipInstanceRootForAdapter({ + homeDir: home, + instanceId, + }); } function defaultStateDir(companyId: string, agentId: string): string { @@ -503,6 +514,15 @@ function normalizeNonInteractivePermissions(config: Record): "d : "deny"; } +function normalizeRequestedThinkingEffort(config: Record): string { + return ( + asString(config.modelReasoningEffort, "") || + asString(config.reasoningEffort, "") || + asString(config.thinkingEffort, "") || + asString(config.effort, "") + ).trim(); +} + function isCompatibleSession( params: Record, runtime: Pick, @@ -533,6 +553,9 @@ function buildSessionParams(input: { mode: prepared.mode, stateDir: prepared.stateDir, configFingerprint: prepared.fingerprint, + ...(prepared.requestedModel ? { model: prepared.requestedModel } : {}), + ...(prepared.requestedThinkingEffort ? { thinkingEffort: prepared.requestedThinkingEffort } : {}), + ...(prepared.fastMode ? { fastMode: true } : {}), skills: prepared.skillsIdentity, ...(prepared.workspaceId ? { workspaceId: prepared.workspaceId } : {}), ...(prepared.workspaceRepoUrl ? { repoUrl: prepared.workspaceRepoUrl } : {}), @@ -622,12 +645,31 @@ async function buildRuntime(input: { const useConfiguredInsteadOfAgentHome = workspaceSource === "agent_home" && configuredCwd.length > 0; const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd; const cwd = effectiveWorkspaceCwd || configuredCwd || process.cwd(); + const executionTarget = readAdapterExecutionTarget({ + executionTarget: input.ctx.executionTarget, + legacyRemoteExecution: input.ctx.executionTransport?.remoteExecution, + }); + const remoteExecutionIdentity = adapterExecutionTargetSessionIdentity(executionTarget); + const effectiveExecutionCwd = + remoteExecutionIdentity && typeof remoteExecutionIdentity.remoteCwd === "string" + ? remoteExecutionIdentity.remoteCwd + : cwd; + const executionTargetIsRemote = remoteExecutionIdentity !== null; + const shapedWorkspaceEnv = shapePaperclipWorkspaceEnvForExecution({ + workspaceCwd: effectiveWorkspaceCwd, + workspaceWorktreePath, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, + }); await ensureAbsoluteDirectory(cwd, { createIfMissing: true }); const acpxAgent = normalizeAgent(config); const mode = normalizeMode(config); const permissionMode = normalizePermissionMode(config); const nonInteractivePermissions = normalizeNonInteractivePermissions(config); + const requestedModel = asString(config.model, "").trim(); + const requestedThinkingEffort = normalizeRequestedThinkingEffort(config); + const fastMode = acpxAgent === "codex" && config.fastMode === true; const timeoutSec = asNumber(config.timeoutSec, DEFAULT_ACPX_LOCAL_TIMEOUT_SEC); const stateDir = path.resolve(asString(config.stateDir, "") || defaultStateDir(agent.companyId, agent.id)); await fs.mkdir(stateDir, { recursive: true }); @@ -651,7 +693,9 @@ async function buildRuntime(input: { ? context.issueIds.filter((value): value is string => typeof value === "string" && value.trim().length > 0) : []; const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); if (wakeTaskId) env.PAPERCLIP_TASK_ID = wakeTaskId; + if (issueWorkMode) env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; if (wakeReason) env.PAPERCLIP_WAKE_REASON = wakeReason; if (wakeCommentId) env.PAPERCLIP_WAKE_COMMENT_ID = wakeCommentId; if (approvalId) env.PAPERCLIP_APPROVAL_ID = approvalId; @@ -659,17 +703,23 @@ async function buildRuntime(input: { if (linkedIssueIds.length > 0) env.PAPERCLIP_LINKED_ISSUE_IDS = linkedIssueIds.join(","); if (wakePayloadJson) env.PAPERCLIP_WAKE_PAYLOAD_JSON = wakePayloadJson; applyPaperclipWorkspaceEnv(env, { - workspaceCwd: effectiveWorkspaceCwd, + workspaceCwd: shapedWorkspaceEnv.workspaceCwd, workspaceSource, workspaceStrategy, workspaceId, workspaceRepoUrl, workspaceRepoRef, workspaceBranch, - workspaceWorktreePath, + workspaceWorktreePath: shapedWorkspaceEnv.workspaceWorktreePath, agentHome, }); - for (const [key, value] of Object.entries(envConfig)) { + const shapedEnvConfig = rewriteWorkspaceCwdEnvVarsForExecution({ + env: envConfig, + workspaceCwd: effectiveWorkspaceCwd, + executionCwd: shapedWorkspaceEnv.workspaceCwd, + executionTargetIsRemote, + }); + for (const [key, value] of Object.entries(shapedEnvConfig)) { if (typeof value === "string") env[key] = value; } if (!hasExplicitApiKey && authToken) env.PAPERCLIP_API_KEY = authToken; @@ -718,11 +768,6 @@ async function buildRuntime(input: { const wrapperPath = wrapper?.wrapperPath ?? null; const overrides = wrapperPath ? { [acpxAgent]: wrapperPath } : undefined; const agentRegistry = createAgentRegistry({ overrides }); - const executionTarget = readAdapterExecutionTarget({ - executionTarget: input.ctx.executionTarget, - legacyRemoteExecution: input.ctx.executionTransport?.remoteExecution, - }); - const remoteExecutionIdentity = adapterExecutionTargetSessionIdentity(executionTarget); const fingerprint = shortHash({ acpxAgent, agentCommand: agentCommand ?? acpxAgent, @@ -730,6 +775,9 @@ async function buildRuntime(input: { mode, permissionMode, nonInteractivePermissions, + requestedModel, + requestedThinkingEffort, + fastMode, remoteExecutionIdentity, skillsIdentity, skillPromptInstructions, @@ -755,13 +803,16 @@ async function buildRuntime(input: { stateDir, permissionMode, nonInteractivePermissions, + requestedModel, + requestedThinkingEffort, + fastMode, timeoutSec, sessionKey, fingerprint, agentCommand, agentRegistry, remoteExecutionIdentity, - skillPromptInstructions, + skillPromptInstructions, skillsIdentity: { ...skillsIdentity, commandNotes: skillCommandNotes, @@ -769,6 +820,51 @@ async function buildRuntime(input: { }; } +function sessionConfigOptions(prepared: AcpxPreparedRuntime): Array<{ key: string; value: string }> { + const options: Array<{ key: string; value: string }> = []; + if (prepared.requestedModel) options.push({ key: "model", value: prepared.requestedModel }); + if (prepared.requestedThinkingEffort) { + options.push({ + key: prepared.acpxAgent === "codex" ? "reasoning_effort" : "effort", + value: prepared.requestedThinkingEffort, + }); + } + if (prepared.fastMode) { + options.push( + { key: "service_tier", value: "fast" }, + { key: "features.fast_mode", value: "true" }, + ); + } + return options; +} + +async function applySessionConfigOptions(input: { + runtime: AcpRuntime; + handle: AcpRuntimeHandle; + prepared: AcpxPreparedRuntime; + onLog: AdapterExecutionContext["onLog"]; +}) { + const options = sessionConfigOptions(input.prepared); + if (options.length === 0) return; + if (!input.runtime.setConfigOption) { + const message = + "ACPX runtime does not expose session config controls; upgrade ACPX or remove configured model, effort, and fast mode overrides."; + await input.onLog("stderr", `[paperclip] ${message}\n`); + throw new Error(message); + } + for (const option of options) { + await input.runtime.setConfigOption({ + handle: input.handle, + key: option.key, + value: option.value, + }); + await input.onLog( + "stdout", + `[paperclip] Applied ACPX ${input.prepared.acpxAgent} config ${option.key}=${option.value}\n`, + ); + } +} + async function buildPrompt(ctx: AdapterExecutionContext, resumedSession: boolean): Promise<{ prompt: string; promptMetrics: Record; @@ -940,20 +1036,77 @@ async function cleanupIdleHandles(input: { now: number; idleMs: number; }) { + if (input.idleMs <= 0) return; + const stale: Array<[string, RuntimeCacheEntry]> = []; for (const entry of input.handles.entries()) { if (input.now - entry[1].lastUsedAt >= input.idleMs) stale.push(entry); } for (const [key, entry] of stale) { - input.handles.delete(key); - await entry.runtime.close({ - handle: entry.handle, + await closeWarmHandle({ + handles: input.handles, + key, + entry, reason: "paperclip idle cleanup", - discardPersistentState: false, - }).catch(() => {}); + }); } } +function clearWarmHandleTimer(entry: RuntimeCacheEntry) { + if (!entry.cleanupTimer) return; + clearTimeout(entry.cleanupTimer); + entry.cleanupTimer = undefined; +} + +async function closeWarmHandle(input: { + handles: Map; + key: string; + entry: RuntimeCacheEntry; + reason: string; + discardPersistentState?: boolean; +}) { + if (input.handles.get(input.key) === input.entry) { + input.handles.delete(input.key); + } + clearWarmHandleTimer(input.entry); + await input.entry.runtime.close({ + handle: input.entry.handle, + reason: input.reason, + discardPersistentState: input.discardPersistentState ?? false, + }).catch(() => {}); +} + +function scheduleIdleHandleCleanup(input: { + handles: Map; + key: string; + entry: RuntimeCacheEntry; + idleMs: number; + now: () => number; +}) { + clearWarmHandleTimer(input.entry); + if (input.idleMs <= 0) return; + + const delayMs = Math.max(1, input.entry.lastUsedAt + input.idleMs - input.now()); + input.entry.cleanupTimer = setTimeout(() => { + void (async () => { + const current = input.handles.get(input.key); + if (current !== input.entry) return; + const idleForMs = input.now() - input.entry.lastUsedAt; + if (idleForMs < input.idleMs) { + scheduleIdleHandleCleanup(input); + return; + } + await closeWarmHandle({ + handles: input.handles, + key: input.key, + entry: input.entry, + reason: "paperclip idle cleanup", + }); + })(); + }, delayMs); + input.entry.cleanupTimer.unref?.(); +} + function warmHandleMatches( entry: RuntimeCacheEntry | undefined, runtime: AcpRuntime, @@ -969,7 +1122,7 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { return async function executeAcpxLocal(ctx: AdapterExecutionContext): Promise { const prepared = await buildRuntime({ ctx }); - const warmIdleMs = asNumber(ctx.config.warmHandleIdleMs, DEFAULT_WARM_HANDLE_IDLE_MS); + const warmIdleMs = asNumber(ctx.config.warmHandleIdleMs, DEFAULT_ACPX_LOCAL_WARM_HANDLE_IDLE_MS); await cleanupIdleHandles({ handles: warmHandles, now: now(), idleMs: warmIdleMs }); const previousParams = parseObject(ctx.runtime.sessionParams); @@ -985,6 +1138,7 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { timeoutMs: prepared.timeoutSec > 0 ? prepared.timeoutSec * 1000 : undefined, }; const runtime = cached?.runtime ?? createRuntime(runtimeOptions); + if (cached) clearWarmHandleTimer(cached); if (!canResume && asString(previousParams.runtimeSessionName, "")) { await ctx.onLog( "stdout", @@ -1033,7 +1187,7 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { errorMessage: message, ...classified, provider: "acpx", - model: null, + model: prepared.requestedModel || null, clearSession, resultJson: { phase: "ensure_session" }, summary: message, @@ -1048,12 +1202,52 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { errorMessage: "ACPX did not return a runtime session handle.", errorCode: "acpx_runtime_error", provider: "acpx", - model: null, + model: prepared.requestedModel || null, resultJson: { phase: "ensure_session" }, summary: "ACPX did not return a runtime session handle.", }; } const sessionHandle = handle; + try { + await applySessionConfigOptions({ + runtime, + handle: sessionHandle, + prepared, + onLog: ctx.onLog, + }); + } catch (err) { + const classified = classifyError(err); + const message = err instanceof Error ? err.message : String(err); + await emitAcpxLog(ctx, { type: "acpx.error", message, ...classified.errorMeta }); + await runtime.close({ + handle: sessionHandle, + reason: "paperclip config cleanup", + discardPersistentState: false, + }).catch(() => {}); + const existing = warmHandles.get(prepared.sessionKey); + if (warmHandleMatches(existing, runtime, sessionHandle) && existing) { + clearWarmHandleTimer(existing); + warmHandles.delete(prepared.sessionKey); + } + return { + exitCode: 1, + signal: null, + timedOut: false, + errorMessage: message, + ...classified, + provider: "acpx", + model: prepared.requestedModel || null, + clearSession, + resultJson: { + phase: "configure_session", + agent: prepared.acpxAgent, + requestedModel: prepared.requestedModel || null, + requestedThinkingEffort: prepared.requestedThinkingEffort || null, + fastMode: prepared.fastMode, + }, + summary: message, + }; + } const { prompt, promptMetrics, commandNotes } = await buildPrompt(ctx, resumedSession); const runPrompt = joinPromptSections([prepared.skillPromptInstructions, prompt]); await emitAcpxLog(ctx, { @@ -1065,6 +1259,9 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { runtimeSessionName: sessionHandle.runtimeSessionName, mode: prepared.mode, permissionMode: prepared.permissionMode, + model: prepared.requestedModel || null, + thinkingEffort: prepared.requestedThinkingEffort || null, + fastMode: prepared.fastMode, }); if (ctx.onMeta) { await ctx.onMeta({ @@ -1074,6 +1271,9 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { commandNotes: [ `ACPX runtime embedded in Paperclip with ${prepared.mode} session mode.`, `Effective ACPX permission mode: ${prepared.permissionMode}.`, + ...(prepared.requestedModel ? [`Requested ACPX model: ${prepared.requestedModel}.`] : []), + ...(prepared.requestedThinkingEffort ? [`Requested ACPX thinking effort: ${prepared.requestedThinkingEffort}.`] : []), + ...(prepared.fastMode ? ["Requested ACPX Codex fast mode."] : []), ...(Array.isArray(prepared.skillsIdentity.commandNotes) ? prepared.skillsIdentity.commandNotes.filter((note): note is string => typeof note === "string") : []), @@ -1119,15 +1319,23 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { const terminal = await turn.result; if (timeout) clearTimeout(timeout); if (terminal.status === "failed" || terminal.status === "cancelled" || timedOut) { - if (warmHandleMatches(warmHandles.get(prepared.sessionKey), runtime, sessionHandle)) { - warmHandles.delete(prepared.sessionKey); + const existing = warmHandles.get(prepared.sessionKey); + if (warmHandleMatches(existing, runtime, sessionHandle) && existing) { + await closeWarmHandle({ + handles: warmHandles, + key: prepared.sessionKey, + entry: existing, + reason: timedOut ? "paperclip timeout cleanup" : `paperclip turn ${terminal.status}`, + discardPersistentState: terminal.status === "cancelled" || timedOut, + }); + } else { + await runtime.close({ + handle: sessionHandle, + reason: timedOut ? "paperclip timeout cleanup" : `paperclip turn ${terminal.status}`, + discardPersistentState: terminal.status === "cancelled" || timedOut, + }).catch(() => {}); } - await runtime.close({ - handle: sessionHandle, - reason: timedOut ? "paperclip timeout cleanup" : `paperclip turn ${terminal.status}`, - discardPersistentState: terminal.status === "cancelled" || timedOut, - }).catch(() => {}); - } else if (prepared.mode === "persistent") { + } else if (prepared.mode === "persistent" && warmIdleMs > 0) { const existing = warmHandles.get(prepared.sessionKey); if (existing && !warmHandleMatches(existing, runtime, sessionHandle)) { await runtime.close({ @@ -1136,13 +1344,37 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { discardPersistentState: false, }).catch(() => {}); } else { - warmHandles.set(prepared.sessionKey, { + const entry: RuntimeCacheEntry = { runtime, handle: sessionHandle, fingerprint: prepared.fingerprint, lastUsedAt: now(), + }; + warmHandles.set(prepared.sessionKey, entry); + scheduleIdleHandleCleanup({ + handles: warmHandles, + key: prepared.sessionKey, + entry, + idleMs: warmIdleMs, + now, }); } + } else { + const existing = warmHandles.get(prepared.sessionKey); + if (warmHandleMatches(existing, runtime, sessionHandle) && existing) { + await closeWarmHandle({ + handles: warmHandles, + key: prepared.sessionKey, + entry: existing, + reason: "paperclip completed turn cleanup", + }); + } else { + await runtime.close({ + handle: sessionHandle, + reason: "paperclip completed turn cleanup", + discardPersistentState: false, + }).catch(() => {}); + } } const errorMessage = timedOut @@ -1165,7 +1397,7 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { sessionParams: buildSessionParams({ prepared, handle: sessionHandle }), sessionDisplayId: sessionHandle.agentSessionId ?? sessionHandle.backendSessionId ?? sessionHandle.runtimeSessionName, provider: "acpx", - model: null, + model: prepared.requestedModel || null, billingType: "unknown", costUsd: null, resultJson: { @@ -1173,6 +1405,9 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { stopReason: terminalStopReason, permissionMode: prepared.permissionMode, mode: prepared.mode, + requestedModel: prepared.requestedModel || null, + requestedThinkingEffort: prepared.requestedThinkingEffort || null, + fastMode: prepared.fastMode, }, summary: textParts.join("").trim() || terminalStopReason || terminal.status, clearSession, @@ -1188,7 +1423,9 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { reason: timedOut ? "paperclip timeout cleanup" : "paperclip error cleanup", discardPersistentState: timedOut, }).catch(() => {}); - if (warmHandleMatches(warmHandles.get(prepared.sessionKey), runtime, sessionHandle)) { + const existing = warmHandles.get(prepared.sessionKey); + if (warmHandleMatches(existing, runtime, sessionHandle) && existing) { + clearWarmHandleTimer(existing); warmHandles.delete(prepared.sessionKey); } await emitAcpxLog(ctx, { type: "acpx.error", message, ...classified.errorMeta }); @@ -1200,7 +1437,7 @@ export function createAcpxLocalExecutor(deps: ExecuteDeps = {}) { errorCode: timedOut ? "acpx_timeout" : classified.errorCode, errorMeta: classified.errorMeta, provider: "acpx", - model: null, + model: prepared.requestedModel || null, clearSession: clearSession || timedOut, resultJson: { phase: "turn" }, summary: message, diff --git a/packages/adapters/acpx-local/src/ui/build-config.ts b/packages/adapters/acpx-local/src/ui/build-config.ts index 445686dc..729d16c1 100644 --- a/packages/adapters/acpx-local/src/ui/build-config.ts +++ b/packages/adapters/acpx-local/src/ui/build-config.ts @@ -5,6 +5,7 @@ import { DEFAULT_ACPX_LOCAL_NON_INTERACTIVE_PERMISSIONS, DEFAULT_ACPX_LOCAL_PERMISSION_MODE, DEFAULT_ACPX_LOCAL_TIMEOUT_SEC, + DEFAULT_ACPX_LOCAL_WARM_HANDLE_IDLE_MS, } from "../index.js"; function parseCommaArgs(value: string): string[] { @@ -80,13 +81,15 @@ function readNumber(value: unknown, fallback: number): number { export function buildAcpxLocalConfig(v: CreateConfigValues): Record { const schemaValues = v.adapterSchemaValues ?? {}; + const agent = String(schemaValues.agent || DEFAULT_ACPX_LOCAL_AGENT); const ac: Record = { - agent: schemaValues.agent || DEFAULT_ACPX_LOCAL_AGENT, + agent, mode: schemaValues.mode || DEFAULT_ACPX_LOCAL_MODE, permissionMode: schemaValues.permissionMode || DEFAULT_ACPX_LOCAL_PERMISSION_MODE, nonInteractivePermissions: schemaValues.nonInteractivePermissions || DEFAULT_ACPX_LOCAL_NON_INTERACTIVE_PERMISSIONS, timeoutSec: readNumber(schemaValues.timeoutSec, DEFAULT_ACPX_LOCAL_TIMEOUT_SEC), + warmHandleIdleMs: readNumber(schemaValues.warmHandleIdleMs, DEFAULT_ACPX_LOCAL_WARM_HANDLE_IDLE_MS), }; for (const key of [ @@ -105,6 +108,11 @@ export function buildAcpxLocalConfig(v: CreateConfigValues): Record ({ runChildProcess: vi.fn(async () => ({ exitCode: 0, @@ -26,9 +27,17 @@ const { })), ensureCommandResolvable: vi.fn(async () => undefined), resolveCommandForLogs: vi.fn(async () => "ssh://fixture@127.0.0.1:2222/remote/workspace :: claude"), - prepareWorkspaceForSshExecution: vi.fn(async () => undefined), + prepareWorkspaceForSshExecution: vi.fn(async () => ({ gitBacked: false })), restoreWorkspaceFromSshExecution: vi.fn(async () => undefined), syncDirectoryToSsh: vi.fn(async () => undefined), + startAdapterExecutionTargetPaperclipBridge: vi.fn(async () => ({ + env: { + PAPERCLIP_API_URL: "http://127.0.0.1:4310", + PAPERCLIP_API_KEY: "bridge-token", + PAPERCLIP_API_BRIDGE_MODE: "queue_v1", + }, + stop: async () => {}, + })), })); vi.mock("@paperclipai/adapter-utils/server-utils", async () => { @@ -55,6 +64,16 @@ vi.mock("@paperclipai/adapter-utils/ssh", async () => { }; }); +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + startAdapterExecutionTargetPaperclipBridge, + }; +}); + import { execute } from "./execute.js"; describe("claude remote execution", () => { @@ -73,8 +92,11 @@ describe("claude remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-claude-remote-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const alternateWorkspaceDir = path.join(rootDir, "workspace-other"); const instructionsPath = path.join(rootDir, "instructions.md"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-1/workspace"; await mkdir(workspaceDir, { recursive: true }); + await mkdir(alternateWorkspaceDir, { recursive: true }); await writeFile(instructionsPath, "Use the remote workspace.\n", "utf8"); await execute({ @@ -95,12 +117,37 @@ describe("claude remote execution", () => { config: { command: "claude", instructionsFilePath: instructionsPath, + env: { + QA_PROJECT_WORKSPACE_CWD: workspaceDir, + RANDOM_WORKSPACE_CWD: workspaceDir, + OTHER_ENV: workspaceDir, + }, }, context: { paperclipWorkspace: { cwd: workspaceDir, source: "project_primary", + strategy: "git_worktree", + workspaceId: "workspace-1", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + branchName: "feature/remote-claude", + worktreePath: workspaceDir, }, + paperclipWorkspaces: [ + { + workspaceId: "workspace-1", + cwd: workspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + cwd: alternateWorkspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ], }, executionTransport: { remoteExecution: { @@ -112,7 +159,6 @@ describe("claude remote execution", () => { privateKey: "PRIVATE KEY", knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", strictHostKeyChecking: true, - paperclipApiUrl: "http://198.51.100.10:3102", }, }, onLog: async () => {}, @@ -121,11 +167,11 @@ describe("claude remote execution", () => { expect(prepareWorkspaceForSshExecution).toHaveBeenCalledTimes(1); expect(prepareWorkspaceForSshExecution).toHaveBeenCalledWith(expect.objectContaining({ localDir: workspaceDir, - remoteDir: "/remote/workspace", + remoteDir: managedRemoteWorkspace, })); expect(syncDirectoryToSsh).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledWith(expect.objectContaining({ - remoteDir: "/remote/workspace/.paperclip-runtime/claude/skills", + remoteDir: `${managedRemoteWorkspace}/.paperclip-runtime/claude/skills`, followSymlinks: true, })); expect(runChildProcess).toHaveBeenCalledTimes(1); @@ -133,15 +179,37 @@ describe("claude remote execution", () => { | [string, string, string[], { env: Record; remoteExecution?: { remoteCwd: string } | null }] | undefined; expect(call?.[2]).toContain("--append-system-prompt-file"); - expect(call?.[2]).toContain("/remote/workspace/.paperclip-runtime/claude/skills/agent-instructions.md"); + expect(call?.[2]).toContain( + `${managedRemoteWorkspace}/.paperclip-runtime/claude/skills/agent-instructions.md`, + ); expect(call?.[2]).toContain("--add-dir"); - expect(call?.[2]).toContain("/remote/workspace/.paperclip-runtime/claude/skills"); - expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://198.51.100.10:3102"); - expect(call?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + expect(call?.[2]).toContain(`${managedRemoteWorkspace}/.paperclip-runtime/claude/skills`); + expect(call?.[3].env.PAPERCLIP_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(call?.[3].env.PAPERCLIP_WORKSPACE_WORKTREE_PATH).toBeUndefined(); + expect(JSON.parse(call?.[3].env.PAPERCLIP_WORKSPACES_JSON ?? "[]")).toEqual([ + { + workspaceId: "workspace-1", + cwd: managedRemoteWorkspace, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ]); + expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://127.0.0.1:4310"); + expect(call?.[3].env.PAPERCLIP_API_BRIDGE_MODE).toBe("queue_v1"); + expect(call?.[3].env.QA_PROJECT_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(call?.[3].env.RANDOM_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(call?.[3].env.OTHER_ENV).toBe(workspaceDir); + expect(call?.[3].remoteExecution?.remoteCwd).toBe(managedRemoteWorkspace); + expect(startAdapterExecutionTargetPaperclipBridge).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledWith(expect.objectContaining({ localDir: workspaceDir, - remoteDir: "/remote/workspace", + remoteDir: managedRemoteWorkspace, })); }); @@ -202,6 +270,7 @@ describe("claude remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-claude-remote-resume-match-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-ssh-resume/workspace"; await mkdir(workspaceDir, { recursive: true }); await execute({ @@ -217,13 +286,13 @@ describe("claude remote execution", () => { sessionId: "session-123", sessionParams: { sessionId: "session-123", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", + remoteCwd: managedRemoteWorkspace, }, }, sessionDisplayId: "session-123", diff --git a/packages/adapters/claude-local/src/server/execute.ts b/packages/adapters/claude-local/src/server/execute.ts index f047383a..828d686f 100644 --- a/packages/adapters/claude-local/src/server/execute.ts +++ b/packages/adapters/claude-local/src/server/execute.ts @@ -5,16 +5,18 @@ import type { AdapterExecutionContext, AdapterExecutionResult } from "@paperclip import type { RunProcessResult } from "@paperclipai/adapter-utils/server-utils"; import { adapterExecutionTargetIsRemote, - adapterExecutionTargetPaperclipApiUrl, adapterExecutionTargetRemoteCwd, + overrideAdapterExecutionTargetRemoteCwd, adapterExecutionTargetSessionIdentity, adapterExecutionTargetSessionMatches, adapterExecutionTargetUsesManagedHome, adapterExecutionTargetUsesPaperclipBridge, describeAdapterExecutionTarget, ensureAdapterExecutionTargetCommandResolvable, + ensureAdapterExecutionTargetRuntimeCommandInstalled, prepareAdapterExecutionTargetRuntime, readAdapterExecutionTarget, + resolveAdapterExecutionTargetTimeoutSec, resolveAdapterExecutionTargetCommandForLogs, runAdapterExecutionTargetProcess, runAdapterExecutionTargetShellCommand, @@ -30,12 +32,16 @@ import { applyPaperclipWorkspaceEnv, buildPaperclipEnv, readPaperclipRuntimeSkillEntries, + readPaperclipIssueWorkModeFromContext, joinPromptSections, buildInvocationEnvForLogs, ensureAbsoluteDirectory, ensurePathInEnv, + refreshPaperclipWorkspaceEnvForExecution, renderTemplate, renderPaperclipWakePrompt, + rewriteWorkspaceCwdEnvVarsForExecution, + shapePaperclipWorkspaceEnvForExecution, stringifyPaperclipWakePayload, DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE, } from "@paperclipai/adapter-utils/server-utils"; @@ -53,6 +59,8 @@ import { prepareClaudeConfigSeed } from "./claude-config.js"; import { resolveClaudeDesiredSkillNames } from "./skills.js"; import { isBedrockModelId } from "./models.js"; import { prepareClaudePromptBundle } from "./prompt-cache.js"; +import { buildClaudeExecutionPermissionArgs } from "./permissions.js"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; const __moduleDir = path.dirname(fileURLToPath(import.meta.url)); @@ -61,8 +69,10 @@ interface ClaudeExecutionInput { agent: AdapterExecutionContext["agent"]; config: Record; context: Record; + runtimeCommandSpec?: AdapterExecutionContext["runtimeCommandSpec"]; executionTarget?: ReturnType; authToken?: string; + onLog?: (stream: "stdout" | "stderr", chunk: string) => Promise; } interface ClaudeRuntimeConfig { @@ -112,7 +122,8 @@ function resolveClaudeBillingType(env: Record): "api" | "subscri } async function buildClaudeRuntimeConfig(input: ClaudeExecutionInput): Promise { - const { runId, agent, config, context, executionTarget, authToken } = input; + const { runId, agent, config, context, runtimeCommandSpec, executionTarget, authToken } = input; + const onLog = input.onLog ?? (async () => {}); const command = asString(config.command, "claude"); const workspaceContext = parseObject(context.paperclipWorkspace); @@ -145,6 +156,15 @@ async function buildClaudeRuntimeConfig(input: ClaudeExecutionInput): Promise 0; const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd; const cwd = effectiveWorkspaceCwd || configuredCwd || process.cwd(); + const executionTargetIsRemote = adapterExecutionTargetIsRemote(executionTarget); + let effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); + const shapedWorkspaceEnv = shapePaperclipWorkspaceEnvForExecution({ + workspaceCwd: effectiveWorkspaceCwd, + workspaceWorktreePath, + workspaceHints, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, + }); await ensureAbsoluteDirectory(cwd, { createIfMissing: true }); const envConfig = parseObject(config.env); @@ -177,10 +197,14 @@ async function buildClaudeRuntimeConfig(input: ClaudeExecutionInput): Promise typeof value === "string" && value.trim().length > 0) : []; const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); if (wakeTaskId) { env.PAPERCLIP_TASK_ID = wakeTaskId; } + if (issueWorkMode) { + env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; + } if (wakeReason) { env.PAPERCLIP_WAKE_REASON = wakeReason; } @@ -200,18 +224,18 @@ async function buildClaudeRuntimeConfig(input: ClaudeExecutionInput): Promise 0) { - env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(workspaceHints); + if (shapedWorkspaceEnv.workspaceHints.length > 0) { + env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(shapedWorkspaceEnv.workspaceHints); } if (runtimeServiceIntents.length > 0) { env.PAPERCLIP_RUNTIME_SERVICE_INTENTS_JSON = JSON.stringify(runtimeServiceIntents); @@ -222,12 +246,13 @@ async function buildClaudeRuntimeConfig(input: ClaudeExecutionInput): Promise typeof entry[1] === "string", + ), + ); + const timeoutSec = resolveAdapterExecutionTargetTimeoutSec( + executionTarget, + asNumber(config.timeoutSec, 0), + ); + const graceSec = asNumber(config.graceSec, 20); + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId, + target: executionTarget, + installCommand: runtimeCommandSpec?.installCommand, + detectCommand: runtimeCommandSpec?.detectCommand, + cwd, + env: runtimeEnv, + timeoutSec, + graceSec, + onLog, + }); + await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv, { + installCommand: SANDBOX_INSTALL_COMMAND, + timeoutSec, + }); const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs(command, executionTarget, cwd, runtimeEnv); const loggedEnv = buildInvocationEnvForLogs(env, { runtimeEnv, @@ -244,8 +292,6 @@ async function buildClaudeRuntimeConfig(input: ClaudeExecutionInput): Promise { const fromExtraArgs = asStringArray(config.extraArgs); if (fromExtraArgs.length > 0) return fromExtraArgs; @@ -311,6 +357,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise => typeof value === "object" && value !== null, + ) + : []; + const configuredCwd = asString(config.cwd, ""); + const useConfiguredInsteadOfAgentHome = workspaceSource === "agent_home" && configuredCwd.length > 0; + const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd; const hasExplicitClaudeConfigDir = typeof configEnv.CLAUDE_CONFIG_DIR === "string" && configEnv.CLAUDE_CONFIG_DIR.trim().length > 0; const instructionsFilePath = asString(config.instructionsFilePath, "").trim(); @@ -331,8 +393,10 @@ export async function execute(ctx: AdapterExecutionContext): Promise preparedExecutionTargetRuntime.restoreWorkspace() : null; @@ -469,12 +557,13 @@ export async function execute(ctx: AdapterExecutionContext): Promise> = null; - if (executionTargetIsRemote && adapterExecutionTargetUsesPaperclipBridge(executionTarget)) { + if (executionTargetIsRemote && adapterExecutionTargetUsesPaperclipBridge(runtimeExecutionTarget)) { paperclipBridge = await startAdapterExecutionTargetPaperclipBridge({ runId, - target: executionTarget, + target: runtimeExecutionTarget, runtimeRootDir: preparedExecutionTargetRuntime?.runtimeRootDir, adapterKey: "claude", + timeoutSec, hostApiToken: env.PAPERCLIP_API_KEY, onLog, }); @@ -503,7 +592,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0 && hasMatchingPromptBundle && (runtimeSessionCwd.length === 0 || path.resolve(runtimeSessionCwd) === path.resolve(effectiveExecutionCwd)) && - adapterExecutionTargetSessionMatches(runtimeRemoteExecution, executionTarget); + adapterExecutionTargetSessionMatches(runtimeRemoteExecution, runtimeExecutionTarget); const sessionId = canResumeSession ? runtimeSessionId : null; if ( executionTargetIsRemote && @@ -576,7 +665,10 @@ export async function execute(ctx: AdapterExecutionContext): Promise { const args = ["--print", "-", "--output-format", "stream-json", "--verbose"]; if (resumeSessionId) args.push("--resume", resumeSessionId); - if (dangerouslySkipPermissions) args.push("--dangerously-skip-permissions"); + args.push(...buildClaudeExecutionPermissionArgs({ + dangerouslySkipPermissions, + targetIsSandbox: executionTargetIsSandbox, + })); if (chrome) args.push("--chrome"); // For Bedrock: only pass --model when the ID is a Bedrock-native identifier // (e.g. "us.anthropic.*" or ARN). Anthropic-style IDs like "claude-opus-4-6" are invalid @@ -620,6 +712,11 @@ export async function execute(ctx: AdapterExecutionContext): Promise = { ...parsed, + ...(failed && clearSessionForMaxTurns ? { stopReason: "max_turns_exhausted" } : {}), ...(transientUpstream ? { errorFamily: "transient_upstream" } : {}), ...(transientRetryNotBefore ? { retryNotBefore: transientRetryNotBefore.toISOString() } : {}), ...(transientRetryNotBefore ? { transientRetryNotBefore: transientRetryNotBefore.toISOString() } : {}), diff --git a/packages/adapters/claude-local/src/server/parse.ts b/packages/adapters/claude-local/src/server/parse.ts index 4591aaad..f645c4f2 100644 --- a/packages/adapters/claude-local/src/server/parse.ts +++ b/packages/adapters/claude-local/src/server/parse.ts @@ -170,11 +170,19 @@ export function isClaudeMaxTurnsResult(parsed: Record | null | const subtype = asString(parsed.subtype, "").trim().toLowerCase(); if (subtype === "error_max_turns") return true; - const stopReason = asString(parsed.stop_reason, "").trim().toLowerCase(); - if (stopReason === "max_turns") return true; + const structuredStopReasons = [ + parsed.stop_reason, + parsed.stopReason, + parsed.error_code, + parsed.errorCode, + ].map((value) => asString(value, "").trim().toLowerCase()); - const resultText = asString(parsed.result, "").trim(); - return /max(?:imum)?\s+turns?/i.test(resultText); + return structuredStopReasons.some((reason) => + reason === "max_turns" || + reason === "max_turns_exhausted" || + reason === "turn_limit" || + reason === "turn_limit_exhausted", + ); } export function isClaudeUnknownSessionError(parsed: Record): boolean { diff --git a/packages/adapters/claude-local/src/server/permissions.ts b/packages/adapters/claude-local/src/server/permissions.ts new file mode 100644 index 00000000..6326fe48 --- /dev/null +++ b/packages/adapters/claude-local/src/server/permissions.ts @@ -0,0 +1,43 @@ +// Explicit allowlist of Claude Code tools we permit when running inside a +// sandbox. We use this instead of `--dangerously-skip-permissions` for sandbox +// targets because the permission-approval prompts can't be answered by a +// human inside a non-interactive sandbox, but blanket-allowing every tool +// would defeat the point of having a separate sandbox code path. +// +// Maintenance: this list must be reviewed when Claude Code releases a new +// tool. The canonical list of built-in tools is documented at +// https://docs.claude.com/en/docs/claude-code/built-in-tools — when a tool +// is added there, decide whether it should be allowed in sandbox runs and +// either add it here or document the deliberate exclusion. Omitting a tool +// silently disables it inside sandboxes, which can look like the tool is +// "broken" rather than intentionally gated. +const SANDBOX_ALLOWED_TOOLS = + "Task AskUserQuestion Bash(*) CronCreate CronDelete CronList Edit " + + "EnterPlanMode EnterWorktree ExitPlanMode ExitWorktree Glob Grep Monitor " + + "NotebookEdit PushNotification Read RemoteTrigger ScheduleWakeup Skill " + + "TaskOutput TaskStop TodoWrite ToolSearch WebFetch WebSearch Write"; + +export function buildClaudeProbePermissionArgs(input: { + dangerouslySkipPermissions: boolean; + targetIsSandbox: boolean; +}): string[] { + if (!input.dangerouslySkipPermissions) return []; + // For sandbox targets, mirror the execution path: pass `--allowedTools` + // with the curated allowlist instead of dropping the flag entirely. The + // hello probe is a one-shot prompt that should never trigger a tool, but + // if a future probe prompt does, we don't want Claude CLI to stall on an + // interactive permission prompt that no human can answer. + if (input.targetIsSandbox) return ["--allowedTools", SANDBOX_ALLOWED_TOOLS]; + return ["--dangerously-skip-permissions"]; +} + +export function buildClaudeExecutionPermissionArgs(input: { + dangerouslySkipPermissions: boolean; + targetIsSandbox: boolean; +}): string[] { + if (!input.dangerouslySkipPermissions) return []; + if (input.targetIsSandbox) { + return ["--allowedTools", SANDBOX_ALLOWED_TOOLS]; + } + return ["--dangerously-skip-permissions"]; +} diff --git a/packages/adapters/claude-local/src/server/prompt-cache.ts b/packages/adapters/claude-local/src/server/prompt-cache.ts index ce719799..19c18809 100644 --- a/packages/adapters/claude-local/src/server/prompt-cache.ts +++ b/packages/adapters/claude-local/src/server/prompt-cache.ts @@ -1,12 +1,13 @@ import { constants as fsConstants } from "node:fs"; import fs from "node:fs/promises"; -import os from "node:os"; import path from "node:path"; import { createHash, type Hash } from "node:crypto"; import type { AdapterExecutionContext } from "@paperclipai/adapter-utils"; -import { ensurePaperclipSkillSymlink, type PaperclipSkillEntry } from "@paperclipai/adapter-utils/server-utils"; - -const DEFAULT_PAPERCLIP_INSTANCE_ID = "default"; +import { + ensurePaperclipSkillSymlink, + resolvePaperclipInstanceRootForAdapter, + type PaperclipSkillEntry, +} from "@paperclipai/adapter-utils/server-utils"; type SkillEntry = PaperclipSkillEntry; @@ -25,12 +26,13 @@ function resolveManagedClaudePromptCacheRoot( env: NodeJS.ProcessEnv, companyId: string, ): string { - const paperclipHome = nonEmpty(env.PAPERCLIP_HOME) ?? path.resolve(os.homedir(), ".paperclip"); - const instanceId = nonEmpty(env.PAPERCLIP_INSTANCE_ID) ?? DEFAULT_PAPERCLIP_INSTANCE_ID; + const instanceRoot = resolvePaperclipInstanceRootForAdapter({ + homeDir: nonEmpty(env.PAPERCLIP_HOME) ?? undefined, + instanceId: nonEmpty(env.PAPERCLIP_INSTANCE_ID) ?? undefined, + env, + }); return path.resolve( - paperclipHome, - "instances", - instanceId, + instanceRoot, "companies", companyId, "claude-prompt-cache", diff --git a/packages/adapters/claude-local/src/server/test.ts b/packages/adapters/claude-local/src/server/test.ts index ba736c8a..4b23fcb0 100644 --- a/packages/adapters/claude-local/src/server/test.ts +++ b/packages/adapters/claude-local/src/server/test.ts @@ -14,6 +14,7 @@ import { import { ensureAdapterExecutionTargetCommandResolvable, ensureAdapterExecutionTargetDirectory, + maybeRunSandboxInstallCommand, runAdapterExecutionTargetProcess, describeAdapterExecutionTarget, resolveAdapterExecutionTargetCwd, @@ -21,6 +22,8 @@ import { import path from "node:path"; import { detectClaudeLoginRequired, parseClaudeStreamJson } from "./parse.js"; import { isBedrockModelId } from "./models.js"; +import { buildClaudeProbePermissionArgs } from "./permissions.js"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; function summarizeStatus(checks: AdapterEnvironmentCheck[]): AdapterEnvironmentTestResult["status"] { if (checks.some((check) => check.level === "error")) return "fail"; @@ -62,6 +65,7 @@ export async function testEnvironment( const command = asString(config.command, "claude"); const target = ctx.executionTarget ?? null; const targetIsRemote = target?.kind === "remote"; + const targetIsSandbox = target?.kind === "remote" && target.transport === "sandbox"; const cwd = resolveAdapterExecutionTargetCwd(target, asString(config.cwd, ""), process.cwd()); const targetLabel = targetIsRemote ? ctx.environmentName ?? describeAdapterExecutionTarget(target) @@ -102,6 +106,15 @@ export async function testEnvironment( if (typeof value === "string") env[key] = value; } const runtimeEnv = ensurePathInEnv({ ...process.env, ...env }); + const installCheck = await maybeRunSandboxInstallCommand({ + runId, + target, + adapterKey: "claude", + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, + env, + }); + if (installCheck) checks.push(installCheck); try { await ensureAdapterExecutionTargetCommandResolvable(command, target, cwd, runtimeEnv); checks.push({ @@ -189,7 +202,7 @@ export async function testEnvironment( })(); const args = ["--print", "-", "--output-format", "stream-json", "--verbose"]; - if (dangerouslySkipPermissions) args.push("--dangerously-skip-permissions"); + args.push(...buildClaudeProbePermissionArgs({ dangerouslySkipPermissions, targetIsSandbox })); if (chrome) args.push("--chrome"); // For Bedrock: only pass --model when the ID is a Bedrock-native identifier. if (model && (!hasBedrock || isBedrockModelId(model))) { diff --git a/packages/adapters/codex-local/src/index.ts b/packages/adapters/codex-local/src/index.ts index ae271820..d869dda8 100644 --- a/packages/adapters/codex-local/src/index.ts +++ b/packages/adapters/codex-local/src/index.ts @@ -3,6 +3,8 @@ import type { AdapterModelProfileDefinition } from "@paperclipai/adapter-utils"; export const type = "codex_local"; export const label = "Codex (local)"; +export const SANDBOX_INSTALL_COMMAND = "npm install -g @openai/codex"; + export const DEFAULT_CODEX_LOCAL_MODEL = "gpt-5.3-codex"; export const DEFAULT_CODEX_LOCAL_BYPASS_APPROVALS_AND_SANDBOX = true; export const CODEX_LOCAL_FAST_MODE_SUPPORTED_MODELS = ["gpt-5.4"] as const; diff --git a/packages/adapters/codex-local/src/server/codex-args.test.ts b/packages/adapters/codex-local/src/server/codex-args.test.ts index 7b4eaa00..435859b5 100644 --- a/packages/adapters/codex-local/src/server/codex-args.test.ts +++ b/packages/adapters/codex-local/src/server/codex-args.test.ts @@ -67,4 +67,22 @@ describe("buildCodexExecArgs", () => { "-", ]); }); + + it("adds --skip-git-repo-check when requested", () => { + const result = buildCodexExecArgs( + { + model: "gpt-5.3-codex", + }, + { skipGitRepoCheck: true }, + ); + + expect(result.args).toEqual([ + "exec", + "--json", + "--skip-git-repo-check", + "--model", + "gpt-5.3-codex", + "-", + ]); + }); }); diff --git a/packages/adapters/codex-local/src/server/codex-args.ts b/packages/adapters/codex-local/src/server/codex-args.ts index f8081aad..615f4996 100644 --- a/packages/adapters/codex-local/src/server/codex-args.ts +++ b/packages/adapters/codex-local/src/server/codex-args.ts @@ -30,7 +30,10 @@ function formatFastModeSupportedModels(): string { export function buildCodexExecArgs( config: unknown, - options: { resumeSessionId?: string | null } = {}, + options: { + resumeSessionId?: string | null; + skipGitRepoCheck?: boolean; + } = {}, ): BuildCodexExecArgsResult { const record = asRecord(config); const model = asString(record.model, "").trim(); @@ -48,6 +51,7 @@ export function buildCodexExecArgs( const extraArgs = readExtraArgs(record); const args = ["exec", "--json"]; + if (options.skipGitRepoCheck) args.push("--skip-git-repo-check"); if (search) args.unshift("--search"); if (bypass) args.push("--dangerously-bypass-approvals-and-sandbox"); if (model) args.push("--model", model); diff --git a/packages/adapters/codex-local/src/server/codex-home.ts b/packages/adapters/codex-local/src/server/codex-home.ts index c032fd24..0cb737bb 100644 --- a/packages/adapters/codex-local/src/server/codex-home.ts +++ b/packages/adapters/codex-local/src/server/codex-home.ts @@ -2,11 +2,11 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import type { AdapterExecutionContext } from "@paperclipai/adapter-utils"; +import { resolvePaperclipInstanceRootForAdapter } from "@paperclipai/adapter-utils/server-utils"; const TRUTHY_ENV_RE = /^(1|true|yes|on)$/i; const COPIED_SHARED_FILES = ["config.json", "config.toml", "instructions.md"] as const; const SYMLINKED_SHARED_FILES = ["auth.json"] as const; -const DEFAULT_PAPERCLIP_INSTANCE_ID = "default"; function nonEmpty(value: string | undefined): string | null { return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; @@ -31,11 +31,14 @@ export function resolveManagedCodexHomeDir( env: NodeJS.ProcessEnv, companyId?: string, ): string { - const paperclipHome = nonEmpty(env.PAPERCLIP_HOME) ?? path.resolve(os.homedir(), ".paperclip"); - const instanceId = nonEmpty(env.PAPERCLIP_INSTANCE_ID) ?? DEFAULT_PAPERCLIP_INSTANCE_ID; + const instanceRoot = resolvePaperclipInstanceRootForAdapter({ + homeDir: nonEmpty(env.PAPERCLIP_HOME) ?? undefined, + instanceId: nonEmpty(env.PAPERCLIP_INSTANCE_ID) ?? undefined, + env, + }); return companyId - ? path.resolve(paperclipHome, "instances", instanceId, "companies", companyId, "codex-home") - : path.resolve(paperclipHome, "instances", instanceId, "codex-home"); + ? path.resolve(instanceRoot, "companies", companyId, "codex-home") + : path.resolve(instanceRoot, "codex-home"); } async function ensureParentDir(target: string): Promise { @@ -71,33 +74,71 @@ async function ensureCopiedFile(target: string, source: string): Promise { await fs.copyFile(source, target); } +/** + * Writes an `auth.json` containing only `OPENAI_API_KEY` so the codex CLI can + * authenticate via API key. Overwrites any existing file or symlink at that + * path. Required because the codex CLI (>= 0.122) ignores the `OPENAI_API_KEY` + * environment variable and only reads credentials from `$CODEX_HOME/auth.json`. + */ +export async function writeApiKeyAuthJson(home: string, apiKey: string): Promise { + await fs.mkdir(home, { recursive: true }); + const target = path.join(home, "auth.json"); + await fs.rm(target, { force: true }); + await fs.writeFile(target, JSON.stringify({ OPENAI_API_KEY: apiKey }), { mode: 0o600 }); +} + export async function prepareManagedCodexHome( env: NodeJS.ProcessEnv, onLog: AdapterExecutionContext["onLog"], companyId?: string, + options: { apiKey?: string | null } = {}, ): Promise { const targetHome = resolveManagedCodexHomeDir(env, companyId); + const apiKey = nonEmpty(options.apiKey ?? undefined); const sourceHome = resolveSharedCodexHomeDir(env); - if (path.resolve(sourceHome) === path.resolve(targetHome)) return targetHome; + const seedFromShared = path.resolve(sourceHome) !== path.resolve(targetHome); await fs.mkdir(targetHome, { recursive: true }); - for (const name of SYMLINKED_SHARED_FILES) { - const source = path.join(sourceHome, name); - if (!(await pathExists(source))) continue; - await ensureSymlink(path.join(targetHome, name), source); + // If a previous run wrote an apikey-mode auth.json (regular file) and this + // run has no apiKey, remove it so the chatgpt-mode symlink can be restored. + // Without this cleanup, ensureSymlink bails on a non-symlink and Codex keeps + // authenticating with the stale key after it is removed from configuration. + if (!apiKey && seedFromShared) { + const authPath = path.join(targetHome, "auth.json"); + const existing = await fs.lstat(authPath).catch(() => null); + if (existing && !existing.isSymbolicLink()) { + await fs.rm(authPath, { force: true }); + } } - for (const name of COPIED_SHARED_FILES) { - const source = path.join(sourceHome, name); - if (!(await pathExists(source))) continue; - await ensureCopiedFile(path.join(targetHome, name), source); + if (seedFromShared) { + for (const name of SYMLINKED_SHARED_FILES) { + const source = path.join(sourceHome, name); + if (!(await pathExists(source))) continue; + await ensureSymlink(path.join(targetHome, name), source); + } + + for (const name of COPIED_SHARED_FILES) { + const source = path.join(sourceHome, name); + if (!(await pathExists(source))) continue; + await ensureCopiedFile(path.join(targetHome, name), source); + } + + await onLog( + "stdout", + `[paperclip] Using ${isWorktreeMode(env) ? "worktree-isolated" : "Paperclip-managed"} Codex home "${targetHome}" (seeded from "${sourceHome}").\n`, + ); + } + + if (apiKey) { + await writeApiKeyAuthJson(targetHome, apiKey); + await onLog( + "stdout", + `[paperclip] Wrote API-key auth.json into Codex home "${targetHome}" from configured OPENAI_API_KEY.\n`, + ); } - await onLog( - "stdout", - `[paperclip] Using ${isWorktreeMode(env) ? "worktree-isolated" : "Paperclip-managed"} Codex home "${targetHome}" (seeded from "${sourceHome}").\n`, - ); return targetHome; } diff --git a/packages/adapters/codex-local/src/server/execute.remote.test.ts b/packages/adapters/codex-local/src/server/execute.remote.test.ts index 8e22f7b3..dc9582de 100644 --- a/packages/adapters/codex-local/src/server/execute.remote.test.ts +++ b/packages/adapters/codex-local/src/server/execute.remote.test.ts @@ -10,6 +10,7 @@ const { prepareWorkspaceForSshExecution, restoreWorkspaceFromSshExecution, syncDirectoryToSsh, + startAdapterExecutionTargetPaperclipBridge, } = vi.hoisted(() => ({ runChildProcess: vi.fn(async () => ({ exitCode: 1, @@ -22,9 +23,17 @@ const { })), ensureCommandResolvable: vi.fn(async () => undefined), resolveCommandForLogs: vi.fn(async () => "/usr/bin/codex"), - prepareWorkspaceForSshExecution: vi.fn(async () => undefined), + prepareWorkspaceForSshExecution: vi.fn(async () => ({ gitBacked: false })), restoreWorkspaceFromSshExecution: vi.fn(async () => undefined), syncDirectoryToSsh: vi.fn(async () => undefined), + startAdapterExecutionTargetPaperclipBridge: vi.fn(async () => ({ + env: { + PAPERCLIP_API_URL: "http://127.0.0.1:4310", + PAPERCLIP_API_KEY: "bridge-token", + PAPERCLIP_API_BRIDGE_MODE: "queue_v1", + }, + stop: async () => {}, + })), })); vi.mock("@paperclipai/adapter-utils/server-utils", async () => { @@ -51,6 +60,16 @@ vi.mock("@paperclipai/adapter-utils/ssh", async () => { }; }); +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + startAdapterExecutionTargetPaperclipBridge, + }; +}); + import { execute } from "./execute.js"; describe("codex remote execution", () => { @@ -70,10 +89,13 @@ describe("codex remote execution", () => { cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); const codexHomeDir = path.join(rootDir, "codex-home"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-1/workspace"; await mkdir(workspaceDir, { recursive: true }); await mkdir(codexHomeDir, { recursive: true }); await writeFile(path.join(rootDir, "instructions.md"), "Use the remote workspace.\n", "utf8"); await writeFile(path.join(codexHomeDir, "auth.json"), "{}", "utf8"); + const alternateWorkspaceDir = path.join(rootDir, "alternate-workspace"); + await mkdir(alternateWorkspaceDir, { recursive: true }); await execute({ runId: "run-1", @@ -100,7 +122,27 @@ describe("codex remote execution", () => { paperclipWorkspace: { cwd: workspaceDir, source: "project_primary", + strategy: "git_worktree", + workspaceId: "workspace-1", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + branchName: "feature/remote-codex", + worktreePath: workspaceDir, }, + paperclipWorkspaces: [ + { + workspaceId: "workspace-1", + cwd: workspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + cwd: alternateWorkspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ], }, executionTransport: { remoteExecution: { @@ -120,12 +162,12 @@ describe("codex remote execution", () => { expect(prepareWorkspaceForSshExecution).toHaveBeenCalledTimes(1); expect(prepareWorkspaceForSshExecution).toHaveBeenCalledWith(expect.objectContaining({ localDir: workspaceDir, - remoteDir: "/remote/workspace", + remoteDir: managedRemoteWorkspace, })); expect(syncDirectoryToSsh).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledWith(expect.objectContaining({ localDir: codexHomeDir, - remoteDir: "/remote/workspace/.paperclip-runtime/codex/home", + remoteDir: `${managedRemoteWorkspace}/.paperclip-runtime/codex/home`, followSymlinks: true, })); @@ -133,12 +175,31 @@ describe("codex remote execution", () => { const call = runChildProcess.mock.calls[0] as unknown as | [string, string, string[], { env: Record; remoteExecution?: { remoteCwd: string } | null }] | undefined; - expect(call?.[3].env.CODEX_HOME).toBe("/remote/workspace/.paperclip-runtime/codex/home"); - expect(call?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + expect(call?.[2]).not.toContain("--skip-git-repo-check"); + expect(call?.[3].env.CODEX_HOME).toBe(`${managedRemoteWorkspace}/.paperclip-runtime/codex/home`); + expect(call?.[3].env.PAPERCLIP_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(call?.[3].env.PAPERCLIP_WORKSPACE_WORKTREE_PATH).toBeUndefined(); + expect(JSON.parse(call?.[3].env.PAPERCLIP_WORKSPACES_JSON ?? "[]")).toEqual([ + { + workspaceId: "workspace-1", + cwd: managedRemoteWorkspace, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ]); + expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://127.0.0.1:4310"); + expect(call?.[3].env.PAPERCLIP_API_BRIDGE_MODE).toBe("queue_v1"); + expect(call?.[3].remoteExecution?.remoteCwd).toBe(managedRemoteWorkspace); + expect(startAdapterExecutionTargetPaperclipBridge).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledWith(expect.objectContaining({ localDir: workspaceDir, - remoteDir: "/remote/workspace", + remoteDir: managedRemoteWorkspace, })); }); @@ -210,6 +271,7 @@ describe("codex remote execution", () => { cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); const codexHomeDir = path.join(rootDir, "codex-home"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-ssh-resume/workspace"; await mkdir(workspaceDir, { recursive: true }); await mkdir(codexHomeDir, { recursive: true }); await writeFile(path.join(codexHomeDir, "auth.json"), "{}", "utf8"); @@ -227,13 +289,13 @@ describe("codex remote execution", () => { sessionId: "session-123", sessionParams: { sessionId: "session-123", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", + remoteCwd: managedRemoteWorkspace, }, }, sessionDisplayId: "session-123", @@ -282,6 +344,7 @@ describe("codex remote execution", () => { cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); const codexHomeDir = path.join(rootDir, "codex-home"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-target/workspace"; await mkdir(workspaceDir, { recursive: true }); await mkdir(codexHomeDir, { recursive: true }); await writeFile(path.join(codexHomeDir, "auth.json"), "{}", "utf8"); @@ -299,13 +362,13 @@ describe("codex remote execution", () => { sessionId: "session-123", sessionParams: { sessionId: "session-123", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", + remoteCwd: managedRemoteWorkspace, }, }, sessionDisplayId: "session-123", @@ -353,7 +416,7 @@ describe("codex remote execution", () => { "session-123", "-", ]); - expect(call?.[3].env.CODEX_HOME).toBe("/remote/workspace/.paperclip-runtime/codex/home"); - expect(call?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + expect(call?.[3].env.CODEX_HOME).toBe(`${managedRemoteWorkspace}/.paperclip-runtime/codex/home`); + expect(call?.[3].remoteExecution?.remoteCwd).toBe(managedRemoteWorkspace); }); }); diff --git a/packages/adapters/codex-local/src/server/execute.ts b/packages/adapters/codex-local/src/server/execute.ts index f4ca5c13..7a02b058 100644 --- a/packages/adapters/codex-local/src/server/execute.ts +++ b/packages/adapters/codex-local/src/server/execute.ts @@ -4,15 +4,17 @@ import { fileURLToPath } from "node:url"; import { inferOpenAiCompatibleBiller, type AdapterExecutionContext, type AdapterExecutionResult } from "@paperclipai/adapter-utils"; import { adapterExecutionTargetIsRemote, - adapterExecutionTargetPaperclipApiUrl, adapterExecutionTargetRemoteCwd, + overrideAdapterExecutionTargetRemoteCwd, adapterExecutionTargetSessionIdentity, adapterExecutionTargetSessionMatches, adapterExecutionTargetUsesPaperclipBridge, describeAdapterExecutionTarget, ensureAdapterExecutionTargetCommandResolvable, + ensureAdapterExecutionTargetRuntimeCommandInstalled, prepareAdapterExecutionTargetRuntime, readAdapterExecutionTarget, + resolveAdapterExecutionTargetTimeoutSec, resolveAdapterExecutionTargetCommandForLogs, runAdapterExecutionTargetProcess, startAdapterExecutionTargetPaperclipBridge, @@ -21,13 +23,14 @@ import { asString, asNumber, parseObject, - applyPaperclipWorkspaceEnv, buildPaperclipEnv, buildInvocationEnvForLogs, ensureAbsoluteDirectory, ensurePaperclipSkillSymlink, ensurePathInEnv, + refreshPaperclipWorkspaceEnvForExecution, readPaperclipRuntimeSkillEntries, + readPaperclipIssueWorkModeFromContext, resolvePaperclipDesiredSkillNames, renderTemplate, renderPaperclipWakePrompt, @@ -44,6 +47,7 @@ import { import { pathExists, prepareManagedCodexHome, resolveManagedCodexHomeDir, resolveSharedCodexHomeDir } from "./codex-home.js"; import { resolveCodexDesiredSkillNames } from "./skills.js"; import { buildCodexExecArgs } from "./codex-args.js"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; const __moduleDir = path.dirname(fileURLToPath(import.meta.url)); const CODEX_ROLLOUT_NOISE_RE = @@ -331,8 +335,16 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0 + ? envConfig.OPENAI_API_KEY.trim() + : null; const preparedManagedCodexHome = - configuredCodexHome ? null : await prepareManagedCodexHome(process.env, onLog, agent.companyId); + configuredCodexHome + ? null + : await prepareManagedCodexHome(process.env, onLog, agent.companyId, { + apiKey: configuredOpenAiApiKey, + }); const defaultCodexHome = resolveManagedCodexHomeDir(process.env, agent.companyId); const effectiveCodexHome = configuredCodexHome ?? preparedManagedCodexHome ?? defaultCodexHome; await fs.mkdir(effectiveCodexHome, { recursive: true }); @@ -347,7 +359,12 @@ export async function execute(ctx: AdapterExecutionContext): Promise { await onLog( @@ -355,9 +372,13 @@ export async function execute(ctx: AdapterExecutionContext): Promise preparedExecutionTargetRuntime.restoreWorkspace() : null; @@ -404,9 +431,13 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof value === "string" && value.trim().length > 0) : []; const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); if (wakeTaskId) { env.PAPERCLIP_TASK_ID = wakeTaskId; } + if (issueWorkMode) { + env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; + } if (wakeReason) { env.PAPERCLIP_WAKE_REASON = wakeReason; } @@ -425,7 +456,9 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0) { - env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(workspaceHints); - } if (runtimeServiceIntents.length > 0) { env.PAPERCLIP_RUNTIME_SERVICE_INTENTS_JSON = JSON.stringify(runtimeServiceIntents); } @@ -448,23 +481,17 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof entry[1] === "string", + ), + ); + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId, + target: executionTarget, + installCommand: ctx.runtimeCommandSpec?.installCommand, + detectCommand: ctx.runtimeCommandSpec?.detectCommand, + cwd, + env: runtimeEnv, + timeoutSec, + graceSec, + onLog, + }); await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv); const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs(command, executionTarget, cwd, runtimeEnv); const loggedEnv = buildInvocationEnvForLogs(env, { @@ -487,9 +529,6 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0 && (runtimeSessionCwd.length === 0 || path.resolve(runtimeSessionCwd) === path.resolve(effectiveExecutionCwd)) && - adapterExecutionTargetSessionMatches(runtimeRemoteExecution, executionTarget); + adapterExecutionTargetSessionMatches(runtimeRemoteExecution, runtimeExecutionTarget); const codexTransientFallbackMode = readCodexTransientFallbackMode(context); const forceSaferInvocation = fallbackModeUsesSaferInvocation(codexTransientFallbackMode); const forceFreshSession = fallbackModeUsesFreshSession(codexTransientFallbackMode); @@ -614,6 +653,11 @@ export async function execute(ctx: AdapterExecutionContext): Promise { const execArgs = buildCodexExecArgs( forceSaferInvocation ? { ...config, fastMode: false } : config, - { resumeSessionId }, + { + resumeSessionId, + skipGitRepoCheck: executionTargetIsSandbox, + }, ); const args = execArgs.args; const commandNotesWithFastMode = @@ -660,7 +707,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise { + const restoreWorkspace = vi.fn(async () => {}); + return { + ensureAdapterExecutionTargetDirectory: vi.fn(async () => {}), + ensureAdapterExecutionTargetCommandResolvable: vi.fn(async () => {}), + maybeRunSandboxInstallCommand: vi.fn(async () => null), + runAdapterExecutionTargetProcess: vi.fn(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: [ + "{\"type\":\"thread.started\",\"thread_id\":\"thread-1\"}", + "{\"type\":\"item.completed\",\"item\":{\"type\":\"agent_message\",\"text\":\"hello\"}}", + "{\"type\":\"turn.completed\",\"usage\":{\"input_tokens\":1,\"cached_input_tokens\":0,\"output_tokens\":1}}", + ].join("\n"), + stderr: "", + pid: 123, + startedAt: new Date().toISOString(), + })), + describeAdapterExecutionTarget: vi.fn(() => "QA SSH"), + resolveAdapterExecutionTargetCwd: vi.fn((target, configuredCwd, fallbackCwd) => { + if (typeof configuredCwd === "string" && configuredCwd.trim().length > 0) return configuredCwd; + if (target && typeof target === "object" && "remoteCwd" in target && typeof target.remoteCwd === "string") { + return target.remoteCwd; + } + return fallbackCwd; + }), + prepareAdapterExecutionTargetRuntime: vi.fn(async () => ({ + target: null, + workspaceRemoteDir: "/remote/workspace/.paperclip-runtime/runs/test/workspace", + runtimeRootDir: "/remote/workspace/.paperclip-runtime/runs/test/workspace/.paperclip-runtime/codex", + assetDirs: { + home: "/remote/workspace/.paperclip-runtime/runs/test/workspace/.paperclip-runtime/codex/home", + }, + restoreWorkspace, + })), + prepareManagedCodexHome: vi.fn(async () => "/tmp/paperclip-managed-codex-home"), + restoreWorkspace, + }; +}); + +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + ensureAdapterExecutionTargetDirectory, + ensureAdapterExecutionTargetCommandResolvable, + maybeRunSandboxInstallCommand, + runAdapterExecutionTargetProcess, + describeAdapterExecutionTarget, + resolveAdapterExecutionTargetCwd, + prepareAdapterExecutionTargetRuntime, + }; +}); + +vi.mock("./codex-home.js", async () => { + const actual = await vi.importActual("./codex-home.js"); + return { + ...actual, + prepareManagedCodexHome, + }; +}); + +import { testEnvironment } from "./test.js"; + +describe("codex remote environment diagnostics", () => { + afterEach(() => { + vi.clearAllMocks(); + delete process.env.OPENAI_API_KEY; + }); + + it("stages managed CODEX_HOME in an isolated runtime dir and keeps the probe cwd on the original remote workspace", async () => { + const remoteTarget: AdapterExecutionTarget = { + kind: "remote", + transport: "ssh", + remoteCwd: "/remote/workspace", + spec: { + host: "127.0.0.1", + port: 22, + username: "agent", + privateKey: "PRIVATE KEY", + knownHosts: "KNOWN HOSTS", + remoteCwd: "/remote/workspace", + remoteWorkspacePath: "/remote/workspace", + strictHostKeyChecking: false, + }, + }; + + const result = await testEnvironment({ + companyId: "company-1", + adapterType: "codex_local", + config: { + command: "codex", + }, + executionTarget: remoteTarget, + environmentName: "QA SSH", + }); + + expect(result.status).toBe("pass"); + expect(result.checks.some((check) => check.code === "codex_hello_probe_passed")).toBe(true); + expect(prepareManagedCodexHome).toHaveBeenCalledTimes(1); + expect(prepareAdapterExecutionTargetRuntime).toHaveBeenCalledTimes(1); + const runtimeCalls = prepareAdapterExecutionTargetRuntime.mock.calls as unknown as Array<[ + { + workspaceLocalDir: string; + target?: { remoteCwd?: string }; + workspaceRemoteDir?: string; + }, + ]>; + const runtimeInput = runtimeCalls[0]?.[0]; + expect(runtimeInput?.workspaceLocalDir).toContain(`${os.tmpdir()}/paperclip-codex-envtest-`); + expect(runtimeInput?.workspaceLocalDir).not.toBe("/remote/workspace"); + expect(await fs.stat(runtimeInput!.workspaceLocalDir).catch(() => null)).toBeNull(); + expect(runtimeInput?.target?.remoteCwd).toBe("/remote/workspace"); + // `workspaceRemoteDir` is the base path passed to the runtime; the + // helper's per-run subdirectory is appended internally inside + // `prepareRemoteManagedRuntime`. Pre-building a per-run prefix here + // would double-nest the run id in the final path. + expect(runtimeInput?.workspaceRemoteDir).toBe("/remote/workspace"); + expect(runAdapterExecutionTargetProcess).toHaveBeenCalledTimes(1); + const probeCall = runAdapterExecutionTargetProcess.mock.calls[0] as unknown as + | [string, { kind: string; remoteCwd: string }, string, string[], { cwd: string; env: Record }] + | undefined; + expect(probeCall?.[1]).toMatchObject({ + kind: "remote", + remoteCwd: "/remote/workspace", + }); + expect(probeCall?.[4]).toMatchObject({ + cwd: "/remote/workspace", + env: expect.objectContaining({ + CODEX_HOME: "/remote/workspace/.paperclip-runtime/runs/test/workspace/.paperclip-runtime/codex/home", + }), + }); + expect(restoreWorkspace).toHaveBeenCalledTimes(1); + }); + + it("avoids /tmp CODEX_HOME for remote API-key hello probes", async () => { + const remoteTarget: AdapterExecutionTarget = { + kind: "remote", + transport: "sandbox", + providerKey: "cloudflare", + remoteCwd: "/remote/workspace", + runner: { + execute: async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }), + }, + }; + + const result = await testEnvironment({ + companyId: "company-1", + adapterType: "codex_local", + config: { + command: "codex", + env: { + OPENAI_API_KEY: "sk-test", + }, + }, + executionTarget: remoteTarget, + environmentName: "QA Cloudflare", + }); + + expect(result.status).toBe("pass"); + const probeCall = runAdapterExecutionTargetProcess.mock.calls[0] as unknown as + | [string, AdapterExecutionTarget, string, string[], { cwd: string; env: Record }] + | undefined; + expect(probeCall?.[4].env.CODEX_HOME).toContain("/remote/workspace/.paperclip-runtime/codex/probe-home-codex-envtest-"); + expect(probeCall?.[4].env.CODEX_HOME?.startsWith("/tmp/")).toBe(false); + expect(probeCall?.[3]).toContain("--skip-git-repo-check"); + }); +}); diff --git a/packages/adapters/codex-local/src/server/test.ts b/packages/adapters/codex-local/src/server/test.ts index 50ff56d5..5c7e77db 100644 --- a/packages/adapters/codex-local/src/server/test.ts +++ b/packages/adapters/codex-local/src/server/test.ts @@ -11,14 +11,20 @@ import { import { ensureAdapterExecutionTargetCommandResolvable, ensureAdapterExecutionTargetDirectory, + maybeRunSandboxInstallCommand, runAdapterExecutionTargetProcess, describeAdapterExecutionTarget, resolveAdapterExecutionTargetCwd, + prepareAdapterExecutionTargetRuntime, } from "@paperclipai/adapter-utils/execution-target"; +import fs from "node:fs/promises"; import path from "node:path"; +import os from "node:os"; import { parseCodexJsonl } from "./parse.js"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; import { codexHomeDir, readCodexAuthInfo } from "./quota.js"; import { buildCodexExecArgs } from "./codex-args.js"; +import { prepareManagedCodexHome } from "./codex-home.js"; function summarizeStatus(checks: AdapterEnvironmentCheck[]): AdapterEnvironmentTestResult["status"] { if (checks.some((check) => check.level === "error")) return "fail"; @@ -55,6 +61,99 @@ function summarizeProbeDetail(stdout: string, stderr: string, parsedError: strin const CODEX_AUTH_REQUIRED_RE = /(?:not\s+logged\s+in|login\s+required|authentication\s+required|unauthorized|invalid(?:\s+or\s+missing)?\s+api(?:[_\s-]?key)?|openai[_\s-]?api[_\s-]?key|api[_\s-]?key.*required|please\s+run\s+`?codex\s+login`?)/i; +async function prepareCodexHelloProbe(input: { + runId: string; + companyId: string; + target: AdapterEnvironmentTestContext["executionTarget"] | null; + targetIsRemote: boolean; + cwd: string; + command: string; + args: string[]; + env: Record; + probeApiKey: string | null; +}): Promise<{ + command: string; + args: string[]; + env: Record; + cleanup: () => Promise; +}> { + let preparedRuntime: Awaited> | null = null; + let preparedRuntimeWorkspaceLocalDir: string | null = null; + + const cleanup = async () => { + await preparedRuntime?.restoreWorkspace().catch(() => {}); + if (preparedRuntimeWorkspaceLocalDir) { + await fs.rm(preparedRuntimeWorkspaceLocalDir, { recursive: true, force: true }).catch(() => {}); + } + }; + + if (input.targetIsRemote && !input.probeApiKey) { + const managedHome = await prepareManagedCodexHome(process.env, async () => {}, input.companyId, { + apiKey: null, + }); + preparedRuntimeWorkspaceLocalDir = await fs.mkdtemp( + path.join(os.tmpdir(), `paperclip-codex-envtest-${input.runId}-`), + ); + preparedRuntime = await prepareAdapterExecutionTargetRuntime({ + runId: input.runId, + target: input.target, + adapterKey: "codex", + workspaceLocalDir: preparedRuntimeWorkspaceLocalDir, + // Pass `input.cwd` as the base (not a pre-built per-run subdir). + // `prepareRemoteManagedRuntime` itself appends + // `.paperclip-runtime/runs//workspace` to whatever it gets, so + // pre-building a per-run path here would double-nest the run ID. + workspaceRemoteDir: input.cwd, + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: input.command, + assets: [ + { + key: "home", + localDir: managedHome, + followSymlinks: true, + }, + ], + }); + + return { + command: input.command, + args: input.args, + env: preparedRuntime.assetDirs.home + ? { ...input.env, CODEX_HOME: preparedRuntime.assetDirs.home } + : { ...input.env }, + cleanup, + }; + } + + if (input.probeApiKey) { + const probeHome = input.targetIsRemote + ? path.posix.join(input.cwd, ".paperclip-runtime", "codex", `probe-home-${input.runId}`) + : path.join(os.tmpdir(), `paperclip-codex-probe-${input.runId}`); + return { + command: "sh", + args: [ + "-c", + 'set -e; mkdir -p "$CODEX_HOME"; umask 077; printf "%s" "$_PAPERCLIP_CODEX_AUTH_JSON" > "$CODEX_HOME/auth.json"; unset _PAPERCLIP_CODEX_AUTH_JSON; trap \'rm -rf "$CODEX_HOME"\' EXIT INT TERM; "$0" "$@"', + input.command, + ...input.args, + ], + env: { + ...input.env, + CODEX_HOME: probeHome, + _PAPERCLIP_CODEX_AUTH_JSON: JSON.stringify({ OPENAI_API_KEY: input.probeApiKey }), + }, + cleanup, + }; + } + + return { + command: input.command, + args: input.args, + env: { ...input.env }, + cleanup, + }; +} + export async function testEnvironment( ctx: AdapterEnvironmentTestContext, ): Promise { @@ -63,6 +162,7 @@ export async function testEnvironment( const command = asString(config.command, "codex"); const target = ctx.executionTarget ?? null; const targetIsRemote = target?.kind === "remote"; + const targetIsSandbox = target?.kind === "remote" && target.transport === "sandbox"; const cwd = resolveAdapterExecutionTargetCwd(target, asString(config.cwd, ""), process.cwd()); const targetLabel = targetIsRemote ? ctx.environmentName ?? describeAdapterExecutionTarget(target) @@ -103,6 +203,15 @@ export async function testEnvironment( if (typeof value === "string") env[key] = value; } const runtimeEnv = ensurePathInEnv({ ...process.env, ...env }); + const installCheck = await maybeRunSandboxInstallCommand({ + runId, + target, + adapterKey: "codex", + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, + env, + }); + if (installCheck) checks.push(installCheck); try { await ensureAdapterExecutionTargetCommandResolvable(command, target, cwd, runtimeEnv); checks.push({ @@ -163,7 +272,10 @@ export async function testEnvironment( hint: "Use the `codex` CLI command to run the automatic login and installation probe.", }); } else { - const execArgs = buildCodexExecArgs({ ...config, fastMode: false }); + const execArgs = buildCodexExecArgs( + { ...config, fastMode: false }, + { skipGitRepoCheck: targetIsSandbox }, + ); const args = execArgs.args; if (execArgs.fastModeIgnoredReason) { checks.push({ @@ -173,64 +285,99 @@ export async function testEnvironment( hint: "Switch the agent model to GPT-5.4 or enter a manual model ID to enable Codex Fast mode.", }); } + if (targetIsSandbox) { + checks.push({ + code: "codex_git_repo_check_skipped", + level: "info", + message: "Added --skip-git-repo-check for sandbox hello probes.", + hint: "Codex requires an explicit trust bypass in headless remote sandbox workspaces.", + }); + } - const probe = await runAdapterExecutionTargetProcess( + // Codex CLI (>= 0.122) ignores the OPENAI_API_KEY env var and only reads + // credentials from $CODEX_HOME/auth.json. When we have a key available, + // wrap the probe with a shell that materializes a per-run auth.json so + // the CLI can authenticate. The key content is passed via env (not on + // the command line) to avoid leaking it into process listings. + const probeApiKey = isNonEmpty(configOpenAiKey) + ? configOpenAiKey + : isNonEmpty(hostOpenAiKey) + ? hostOpenAiKey + : null; + const preparedProbe = await prepareCodexHelloProbe({ runId, + companyId: ctx.companyId, target, + targetIsRemote, + cwd, command, args, - { - cwd, - env, - timeoutSec: 45, - graceSec: 5, - stdin: "Respond with hello.", - onLog: async () => {}, - }, - ); - const parsed = parseCodexJsonl(probe.stdout); - const detail = summarizeProbeDetail(probe.stdout, probe.stderr, parsed.errorMessage); - const authEvidence = `${parsed.errorMessage ?? ""}\n${probe.stdout}\n${probe.stderr}`.trim(); + env, + probeApiKey, + }); + try { + const probe = await runAdapterExecutionTargetProcess( + runId, + target, + preparedProbe.command, + preparedProbe.args, + { + cwd, + env: preparedProbe.env, + timeoutSec: 45, + graceSec: 5, + stdin: "Respond with hello.", + onLog: async () => {}, + }, + ); + const parsed = parseCodexJsonl(probe.stdout); + const detail = summarizeProbeDetail(probe.stdout, probe.stderr, parsed.errorMessage); + const authEvidence = `${parsed.errorMessage ?? ""}\n${probe.stdout}\n${probe.stderr}`.trim(); - if (probe.timedOut) { - checks.push({ - code: "codex_hello_probe_timed_out", - level: "warn", - message: "Codex hello probe timed out.", - hint: "Retry the probe. If this persists, verify Codex can run `Respond with hello` from this directory manually.", - }); - } else if ((probe.exitCode ?? 1) === 0) { - const summary = parsed.summary.trim(); - const hasHello = /\bhello\b/i.test(summary); - checks.push({ - code: hasHello ? "codex_hello_probe_passed" : "codex_hello_probe_unexpected_output", - level: hasHello ? "info" : "warn", - message: hasHello - ? "Codex hello probe succeeded." - : "Codex probe ran but did not return `hello` as expected.", - ...(summary ? { detail: summary.replace(/\s+/g, " ").trim().slice(0, 240) } : {}), - ...(hasHello - ? {} - : { - hint: "Try the probe manually (`codex exec --json -` then prompt: Respond with hello) to inspect full output.", - }), - }); - } else if (CODEX_AUTH_REQUIRED_RE.test(authEvidence)) { - checks.push({ - code: "codex_hello_probe_auth_required", - level: "warn", - message: "Codex CLI is installed, but authentication is not ready.", - ...(detail ? { detail } : {}), - hint: "Configure OPENAI_API_KEY in adapter env/shell or run `codex login`, then retry the probe.", - }); - } else { - checks.push({ - code: "codex_hello_probe_failed", - level: "error", - message: "Codex hello probe failed.", - ...(detail ? { detail } : {}), - hint: "Run `codex exec --json -` manually in this working directory and prompt `Respond with hello` to debug.", - }); + if (probe.timedOut) { + checks.push({ + code: "codex_hello_probe_timed_out", + level: "warn", + message: "Codex hello probe timed out.", + hint: "Retry the probe. If this persists, verify Codex can run `Respond with hello` from this directory manually.", + }); + } else if ((probe.exitCode ?? 1) === 0) { + const summary = parsed.summary.trim(); + const hasHello = /\bhello\b/i.test(summary); + checks.push({ + code: hasHello ? "codex_hello_probe_passed" : "codex_hello_probe_unexpected_output", + level: hasHello ? "info" : "warn", + message: hasHello + ? "Codex hello probe succeeded." + : "Codex probe ran but did not return `hello` as expected.", + ...(summary ? { detail: summary.replace(/\s+/g, " ").trim().slice(0, 240) } : {}), + ...(hasHello + ? {} + : { + hint: "Try the probe manually (`codex exec --json -` then prompt: Respond with hello) to inspect full output.", + }), + }); + } else if (CODEX_AUTH_REQUIRED_RE.test(authEvidence)) { + checks.push({ + code: "codex_hello_probe_auth_required", + level: "warn", + message: "Codex CLI is installed, but authentication is not ready.", + ...(detail ? { detail } : {}), + hint: probeApiKey + ? "OPENAI_API_KEY was provided but Codex still rejected the request. Verify the key is valid for the OpenAI Responses API (e.g. `curl -H \"Authorization: Bearer $OPENAI_API_KEY\" https://api.openai.com/v1/models`), or run `codex login` and seed `~/.codex/auth.json`." + : "Codex CLI does not read OPENAI_API_KEY from the environment; set OPENAI_API_KEY in this adapter's config (so Paperclip writes it to `$CODEX_HOME/auth.json`) or run `codex login` on the host first.", + }); + } else { + checks.push({ + code: "codex_hello_probe_failed", + level: "error", + message: "Codex hello probe failed.", + ...(detail ? { detail } : {}), + hint: "Run `codex exec --json -` manually in this working directory and prompt `Respond with hello` to debug.", + }); + } + } finally { + await preparedProbe.cleanup(); } } } diff --git a/packages/adapters/cursor-cloud/package.json b/packages/adapters/cursor-cloud/package.json new file mode 100644 index 00000000..567de3d0 --- /dev/null +++ b/packages/adapters/cursor-cloud/package.json @@ -0,0 +1,61 @@ +{ + "name": "@paperclipai/adapter-cursor-cloud", + "version": "0.3.1", + "license": "MIT", + "homepage": "https://github.com/paperclipai/paperclip", + "bugs": { + "url": "https://github.com/paperclipai/paperclip/issues" + }, + "repository": { + "type": "git", + "url": "https://github.com/paperclipai/paperclip", + "directory": "packages/adapters/cursor-cloud" + }, + "type": "module", + "exports": { + ".": "./src/index.ts", + "./server": "./src/server/index.ts", + "./ui": "./src/ui/index.ts", + "./cli": "./src/cli/index.ts" + }, + "publishConfig": { + "access": "public", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js" + }, + "./server": { + "types": "./dist/server/index.d.ts", + "import": "./dist/server/index.js" + }, + "./ui": { + "types": "./dist/ui/index.d.ts", + "import": "./dist/ui/index.js" + }, + "./cli": { + "types": "./dist/cli/index.d.ts", + "import": "./dist/cli/index.js" + } + }, + "main": "./dist/index.js", + "types": "./dist/index.d.ts" + }, + "files": [ + "dist" + ], + "scripts": { + "build": "tsc", + "clean": "rm -rf dist", + "typecheck": "tsc --noEmit" + }, + "dependencies": { + "@cursor/sdk": "^1.0.12", + "@paperclipai/adapter-utils": "workspace:*", + "picocolors": "^1.1.1" + }, + "devDependencies": { + "@types/node": "^24.6.0", + "typescript": "^5.7.3" + } +} diff --git a/packages/adapters/cursor-cloud/src/cli/format-event.ts b/packages/adapters/cursor-cloud/src/cli/format-event.ts new file mode 100644 index 00000000..a27b9a69 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/cli/format-event.ts @@ -0,0 +1,42 @@ +import pc from "picocolors"; +import { parseCursorCloudStdoutLine } from "../ui/parse-stdout.js"; + +export function printCursorCloudEvent(raw: string, _debug: boolean): void { + const entries = parseCursorCloudStdoutLine(raw, new Date().toISOString()); + for (const entry of entries) { + switch (entry.kind) { + case "assistant": + console.log(pc.green(`assistant: ${entry.text}`)); + break; + case "thinking": + console.log(pc.gray(`thinking: ${entry.text}`)); + break; + case "user": + console.log(pc.gray(`user: ${entry.text}`)); + break; + case "tool_call": + console.log(pc.yellow(`tool_call: ${entry.name}`)); + break; + case "tool_result": + console.log((entry.isError ? pc.red : pc.cyan)(entry.content || "tool result")); + break; + case "result": + console.log((entry.isError ? pc.red : pc.blue)(`result: ${entry.subtype}${entry.text ? ` - ${entry.text}` : ""}`)); + break; + case "stderr": + console.error(pc.red(entry.text)); + break; + case "system": + console.log(pc.blue(entry.text)); + break; + case "init": + console.log(pc.blue(`Cursor Cloud init (${entry.sessionId})`)); + break; + case "stdout": + console.log(entry.text); + break; + default: + console.log("text" in entry ? entry.text : JSON.stringify(entry)); + } + } +} diff --git a/packages/adapters/cursor-cloud/src/cli/index.ts b/packages/adapters/cursor-cloud/src/cli/index.ts new file mode 100644 index 00000000..4d3fe194 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/cli/index.ts @@ -0,0 +1 @@ +export { printCursorCloudEvent } from "./format-event.js"; diff --git a/packages/adapters/cursor-cloud/src/index.ts b/packages/adapters/cursor-cloud/src/index.ts new file mode 100644 index 00000000..6c8623de --- /dev/null +++ b/packages/adapters/cursor-cloud/src/index.ts @@ -0,0 +1,34 @@ +export const type = "cursor_cloud"; +export const label = "Cursor Cloud"; + +export const agentConfigurationDoc = `# cursor_cloud agent configuration + +Adapter: cursor_cloud + +Use when: +- You want Paperclip to run Cursor Cloud Agents through the official Cursor SDK +- You want durable remote Cursor agent sessions across Paperclip heartbeats +- You want Paperclip to keep task state while Cursor handles remote code execution + +Core fields: +- repoUrl (string, required): Git repository URL Cursor should open +- repoStartingRef (string, optional): starting ref for the repo +- repoPullRequestUrl (string, optional): PR URL to attach the agent to +- runtimeEnvType (string, optional): cloud | pool | machine +- runtimeEnvName (string, optional): named cloud/pool/machine target +- workOnCurrentBranch (boolean, optional): continue work on current branch +- autoCreatePR (boolean, optional): let Cursor auto-create a PR +- skipReviewerRequest (boolean, optional): suppress reviewer request on auto-created PRs +- instructionsFilePath (string, optional): agent instructions file prepended to the prompt +- promptTemplate (string, optional): heartbeat prompt template +- bootstrapPromptTemplate (string, optional): first-run-only bootstrap prompt template +- model (string, optional): Cursor model id; omit to use the account default +- env.CURSOR_API_KEY (string, required): Cursor API key +- env.* (optional): additional env vars injected into the cloud agent shell + +Notes: +- Paperclip reuses the durable Cursor agent across heartbeats when the repo/runtime identity still matches. +- Each Paperclip heartbeat maps to a Cursor run on that durable agent. +- Paperclip injects PAPERCLIP_* runtime env vars into the cloud agent shell through Cursor SDK cloud envVars. +- Paperclip remains the source of truth for issue/task state; Cursor provides the remote execution surface. +`; diff --git a/packages/adapters/cursor-cloud/src/server/execute.test.ts b/packages/adapters/cursor-cloud/src/server/execute.test.ts new file mode 100644 index 00000000..145c4eec --- /dev/null +++ b/packages/adapters/cursor-cloud/src/server/execute.test.ts @@ -0,0 +1,348 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import type { AdapterExecutionContext } from "@paperclipai/adapter-utils"; +import { execute } from "./execute.js"; + +type MockRunOptions = { + id?: string; + agentId?: string; + status?: string; + waitResult?: Record; + streamMessages?: unknown[]; + streamError?: Error | null; +}; + +type MockAgentOptions = { + agentId?: string; + sendRun?: ReturnType; +}; + +const { createMock, resumeMock, getRunMock } = vi.hoisted(() => ({ + createMock: vi.fn(), + resumeMock: vi.fn(), + getRunMock: vi.fn(), +})); + +vi.mock("@cursor/sdk", () => ({ + Agent: { + create: createMock, + resume: resumeMock, + getRun: getRunMock, + }, +})); + +function createMockRun(options: MockRunOptions = {}) { + const runId = options.id ?? "run-123"; + const agentId = options.agentId ?? "agent-123"; + const status = options.status ?? "finished"; + const waitResult = options.waitResult ?? { + id: runId, + status, + result: "Done\nWith detail", + model: { id: "gpt-5.4" }, + durationMs: 1234, + }; + const streamMessages = options.streamMessages ?? []; + const streamError = options.streamError ?? null; + + return { + id: runId, + agentId, + status, + result: typeof waitResult.result === "string" ? waitResult.result : null, + model: waitResult.model ?? null, + durationMs: waitResult.durationMs ?? null, + git: waitResult.git ?? null, + supports(capability: string) { + return capability === "stream" || capability === "wait"; + }, + async *stream() { + for (const message of streamMessages) yield message; + if (streamError) throw streamError; + }, + async wait() { + return waitResult; + }, + }; +} + +function createMockSdkAgent(options: MockAgentOptions = {}) { + const sendRun = options.sendRun ?? createMockRun(); + return { + agentId: options.agentId ?? sendRun.agentId, + send: vi.fn(async () => sendRun), + [Symbol.asyncDispose]: vi.fn(async () => {}), + }; +} + +function createContext( + overrides: Partial = {}, +): AdapterExecutionContext & { + logs: Array<{ stream: "stdout" | "stderr"; chunk: string }>; + meta: Record[]; +} { + const logs: Array<{ stream: "stdout" | "stderr"; chunk: string }> = []; + const meta: Record[] = []; + const agent = overrides.agent ?? { + id: "agent-1", + companyId: "company-1", + name: "Cursor Cloud Agent", + adapterType: "cursor_cloud", + adapterConfig: {}, + }; + const runtime = overrides.runtime ?? { + sessionId: null, + sessionParams: null, + sessionDisplayId: null, + taskKey: null, + }; + const config = overrides.config ?? { + env: { + CURSOR_API_KEY: "cursor-secret", + EXTRA_FLAG: "1", + }, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoStartingRef: "main", + runtimeEnvType: "cloud", + promptTemplate: "Do the work for {{agent.name}}", + model: "gpt-5.4", + }; + const context = overrides.context ?? { + taskId: "issue-1", + issueId: "issue-1", + wakeReason: "issue_commented", + }; + + const base: AdapterExecutionContext = { + runId: "run-heartbeat-1", + agent, + runtime, + config, + context, + authToken: "paperclip-run-jwt", + onLog: async (stream, chunk) => { + logs.push({ stream, chunk }); + }, + onMeta: async (entry) => { + meta.push(entry as unknown as Record); + }, + }; + + return { + ...base, + ...overrides, + logs, + meta, + }; +} + +describe("cursor_cloud execute", () => { + beforeEach(() => { + createMock.mockReset(); + resumeMock.mockReset(); + getRunMock.mockReset(); + }); + + it("creates a fresh Cursor agent and injects Paperclip env without CURSOR_API_KEY", async () => { + const run = createMockRun({ + agentId: "agent-fresh", + streamMessages: [ + { + type: "assistant", + message: { + content: [{ type: "text", text: "Working" }], + }, + }, + ], + }); + const sdkAgent = createMockSdkAgent({ agentId: "agent-fresh", sendRun: run }); + createMock.mockResolvedValue(sdkAgent); + const ctx = createContext(); + + const result = await execute(ctx); + + expect(createMock).toHaveBeenCalledTimes(1); + expect(resumeMock).not.toHaveBeenCalled(); + expect(getRunMock).not.toHaveBeenCalled(); + expect(createMock.mock.calls[0]?.[0]).toMatchObject({ + apiKey: "cursor-secret", + name: "Paperclip Cursor Cloud Agent", + model: { id: "gpt-5.4" }, + cloud: { + env: { type: "cloud" }, + repos: [{ url: "https://github.com/paperclipai/paperclip.git", startingRef: "main" }], + }, + }); + expect(createMock.mock.calls[0]?.[0]?.cloud?.envVars).toMatchObject({ + EXTRA_FLAG: "1", + PAPERCLIP_RUN_ID: "run-heartbeat-1", + PAPERCLIP_TASK_ID: "issue-1", + PAPERCLIP_WAKE_REASON: "issue_commented", + PAPERCLIP_API_KEY: "paperclip-run-jwt", + }); + expect(createMock.mock.calls[0]?.[0]?.cloud?.envVars).not.toHaveProperty("CURSOR_API_KEY"); + + expect(result).toMatchObject({ + exitCode: 0, + errorMessage: null, + sessionId: "agent-fresh", + model: "gpt-5.4", + summary: "Done", + sessionParams: { + cursorAgentId: "agent-fresh", + latestRunId: "run-123", + runtime: "cloud", + envType: "cloud", + repos: [{ url: "https://github.com/paperclipai/paperclip.git", startingRef: "main" }], + }, + }); + expect(ctx.logs.map((entry) => entry.chunk)).toEqual( + expect.arrayContaining([ + expect.stringContaining('"type":"cursor_cloud.init"'), + expect.stringContaining('"type":"cursor_cloud.message"'), + expect.stringContaining('"type":"cursor_cloud.result"'), + ]), + ); + }); + + it("resumes a matching saved session when no active run can be reattached", async () => { + getRunMock.mockResolvedValue(createMockRun({ status: "finished" })); + const resumedRun = createMockRun({ id: "run-resumed", agentId: "agent-resumed" }); + const sdkAgent = createMockSdkAgent({ agentId: "agent-resumed", sendRun: resumedRun }); + resumeMock.mockResolvedValue(sdkAgent); + const ctx = createContext({ + runtime: { + sessionId: null, + sessionDisplayId: "agent-previous", + taskKey: null, + sessionParams: { + cursorAgentId: "agent-previous", + latestRunId: "run-previous", + runtime: "cloud", + envType: "cloud", + repos: [{ url: "https://github.com/paperclipai/paperclip.git", startingRef: "main" }], + }, + }, + }); + + const result = await execute(ctx); + + expect(getRunMock).toHaveBeenCalledWith("run-previous", { + runtime: "cloud", + agentId: "agent-previous", + apiKey: "cursor-secret", + }); + expect(resumeMock).toHaveBeenCalledTimes(1); + expect(createMock).not.toHaveBeenCalled(); + expect(sdkAgent.send).toHaveBeenCalledTimes(1); + expect(result.sessionId).toBe("agent-resumed"); + }); + + it("reattaches to an active run, drains it, then sends the heartbeat as a follow-up", async () => { + const attachedRun = createMockRun({ + id: "run-attached", + agentId: "agent-attached", + status: "running", + waitResult: { + id: "run-attached", + status: "finished", + result: "Prior result", + model: { id: "gpt-5.4" }, + }, + streamMessages: [ + { + type: "status", + status: "running", + message: "Still working", + }, + ], + }); + getRunMock.mockResolvedValue(attachedRun); + const followUpRun = createMockRun({ + id: "run-followup", + agentId: "agent-attached", + waitResult: { + id: "run-followup", + status: "finished", + result: "Follow-up result", + model: { id: "gpt-5.4" }, + }, + }); + const sdkAgent = createMockSdkAgent({ agentId: "agent-attached", sendRun: followUpRun }); + resumeMock.mockResolvedValue(sdkAgent); + const ctx = createContext({ + runtime: { + sessionId: null, + sessionDisplayId: "agent-attached", + taskKey: null, + sessionParams: { + cursorAgentId: "agent-attached", + latestRunId: "run-attached", + runtime: "cloud", + envType: "cloud", + repos: [{ url: "https://github.com/paperclipai/paperclip.git", startingRef: "main" }], + }, + }, + }); + + const result = await execute(ctx); + + expect(getRunMock).toHaveBeenCalledTimes(1); + expect(createMock).not.toHaveBeenCalled(); + expect(resumeMock).toHaveBeenCalledTimes(1); + expect(sdkAgent.send).toHaveBeenCalledTimes(1); + expect(result).toMatchObject({ + exitCode: 0, + sessionId: "agent-attached", + summary: "Follow-up result", + resultJson: { + cursorRunId: "run-followup", + }, + }); + const logChunks = ctx.logs.map((entry) => entry.chunk); + expect(logChunks).toEqual( + expect.arrayContaining([ + expect.stringContaining("Reattached to existing Cursor run run-attached."), + expect.stringContaining("Prior Cursor run run-attached finished"), + expect.stringContaining("Started Cursor run run-followup."), + expect.stringContaining('"runId":"run-attached"'), + expect.stringContaining('"runId":"run-followup"'), + ]), + ); + expect(ctx.meta[0]?.context).toMatchObject({ + cursorCloud: { + canReuseSession: true, + repoUrl: "https://github.com/paperclipai/paperclip.git", + }, + }); + }); + + it("maps non-finished Cursor results to failing Paperclip runs", async () => { + const cancelledRun = createMockRun({ + id: "run-cancelled", + agentId: "agent-cancelled", + status: "cancelled", + waitResult: { + id: "run-cancelled", + status: "cancelled", + result: "", + model: { id: "gpt-5.4" }, + }, + }); + const sdkAgent = createMockSdkAgent({ agentId: "agent-cancelled", sendRun: cancelledRun }); + createMock.mockResolvedValue(sdkAgent); + const ctx = createContext(); + + const result = await execute(ctx); + + expect(result).toMatchObject({ + exitCode: 1, + errorMessage: "Cursor run cancelled", + sessionId: "agent-cancelled", + resultJson: { + status: "cancelled", + cursorAgentId: "agent-cancelled", + cursorRunId: "run-cancelled", + }, + }); + }); +}); diff --git a/packages/adapters/cursor-cloud/src/server/execute.ts b/packages/adapters/cursor-cloud/src/server/execute.ts new file mode 100644 index 00000000..d2695a93 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/server/execute.ts @@ -0,0 +1,607 @@ +import fs from "node:fs/promises"; +import path from "node:path"; +import { + Agent, + type AgentOptions, + type ModelSelection, + type Run, + type RunResult, + type SDKAgent, + type SDKMessage, +} from "@cursor/sdk"; +import type { AdapterExecutionContext, AdapterExecutionResult, AdapterInvocationMeta } from "@paperclipai/adapter-utils"; +import { + DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE, + asBoolean, + asString, + buildPaperclipEnv, + joinPromptSections, + parseObject, + readPaperclipIssueWorkModeFromContext, + renderPaperclipWakePrompt, + renderTemplate, + stringifyPaperclipWakePayload, +} from "@paperclipai/adapter-utils/server-utils"; + +type CursorCloudSession = { + cursorAgentId: string; + latestRunId?: string; + runtime: "cloud"; + envType?: "cloud" | "pool" | "machine"; + envName?: string; + repos: Array<{ url: string; startingRef?: string; prUrl?: string }>; +}; + +type CursorCloudEvent = + | { type: "cursor_cloud.init"; sessionId: string; agentId: string; runId?: string; model?: string } + | { type: "cursor_cloud.status"; status: string; message?: string } + | { type: "cursor_cloud.message"; message: SDKMessage } + | { + type: "cursor_cloud.result"; + status: string; + result?: string; + model?: string; + durationMs?: number; + git?: unknown; + error?: string; + }; + +function asRecord(value: unknown): Record | null { + if (typeof value !== "object" || value === null || Array.isArray(value)) return null; + return value as Record; +} + +function asStringEnvMap(value: unknown): Record { + const parsed = parseObject(value); + const env: Record = {}; + for (const [key, entry] of Object.entries(parsed)) { + if (typeof entry === "string") { + env[key] = entry; + } else if (typeof entry === "object" && entry !== null && !Array.isArray(entry)) { + const rec = entry as Record; + if (rec.type === "plain" && typeof rec.value === "string") env[key] = rec.value; + } + } + return env; +} + +function normalizeEnvType(raw: string): "cloud" | "pool" | "machine" { + const value = raw.trim().toLowerCase(); + if (value === "pool" || value === "machine") return value; + return "cloud"; +} + +function trimNullable(value: unknown): string | null { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function firstNonEmptyLine(text: string): string { + return ( + text + .split(/\r?\n/) + .map((line) => line.trim()) + .find(Boolean) ?? "" + ); +} + +function toModelSelection(rawModel: string): ModelSelection | undefined { + const model = rawModel.trim(); + return model ? { id: model } : undefined; +} + +function toSummary(result: RunResult): string | null { + const direct = trimNullable(result.result); + if (direct) return firstNonEmptyLine(direct); + return null; +} + +function formatRunError(err: unknown): string { + if (err instanceof Error && err.message.trim().length > 0) return err.message.trim(); + return String(err); +} + +function buildWakeEnv(ctx: AdapterExecutionContext, configEnv: Record): Record { + const { runId, agent, context, authToken } = ctx; + const env: Record = { + ...configEnv, + ...buildPaperclipEnv(agent), + PAPERCLIP_RUN_ID: runId, + }; + + const wakeTaskId = trimNullable(context.taskId) ?? trimNullable(context.issueId); + const wakeReason = trimNullable(context.wakeReason); + const wakeCommentId = trimNullable(context.wakeCommentId) ?? trimNullable(context.commentId); + const approvalId = trimNullable(context.approvalId); + const approvalStatus = trimNullable(context.approvalStatus); + const linkedIssueIds = Array.isArray(context.issueIds) + ? context.issueIds.filter((value): value is string => typeof value === "string" && value.trim().length > 0) + : []; + const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); + + if (wakeTaskId) env.PAPERCLIP_TASK_ID = wakeTaskId; + if (wakeReason) env.PAPERCLIP_WAKE_REASON = wakeReason; + if (wakeCommentId) env.PAPERCLIP_WAKE_COMMENT_ID = wakeCommentId; + if (approvalId) env.PAPERCLIP_APPROVAL_ID = approvalId; + if (approvalStatus) env.PAPERCLIP_APPROVAL_STATUS = approvalStatus; + if (linkedIssueIds.length > 0) env.PAPERCLIP_LINKED_ISSUE_IDS = linkedIssueIds.join(","); + if (wakePayloadJson) env.PAPERCLIP_WAKE_PAYLOAD_JSON = wakePayloadJson; + if (issueWorkMode) env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; + if (!trimNullable(env.PAPERCLIP_API_KEY) && authToken) { + env.PAPERCLIP_API_KEY = authToken; + } + + const workspace = parseObject(context.paperclipWorkspace); + const workspaceMappings: Array<[string, unknown]> = [ + ["PAPERCLIP_WORKSPACE_CWD", workspace.cwd], + ["PAPERCLIP_WORKSPACE_SOURCE", workspace.source], + ["PAPERCLIP_WORKSPACE_ID", workspace.workspaceId], + ["PAPERCLIP_WORKSPACE_REPO_URL", workspace.repoUrl], + ["PAPERCLIP_WORKSPACE_REPO_REF", workspace.repoRef], + ["PAPERCLIP_WORKSPACE_BRANCH", workspace.branch], + ["PAPERCLIP_WORKSPACE_WORKTREE_PATH", workspace.worktreePath], + ["AGENT_HOME", workspace.agentHome], + ]; + for (const [key, value] of workspaceMappings) { + const normalized = trimNullable(value); + if (normalized) env[key] = normalized; + } + + delete env.CURSOR_API_KEY; + return env; +} + +async function buildInstructionsPrefix( + config: Record, + onLog: AdapterExecutionContext["onLog"], +): Promise<{ prefix: string; notes: string[]; chars: number }> { + const instructionsFilePath = asString(config.instructionsFilePath, "").trim(); + if (!instructionsFilePath) { + return { prefix: "", notes: [], chars: 0 }; + } + + try { + const contents = await fs.readFile(instructionsFilePath, "utf8"); + const instructionsDir = `${path.dirname(instructionsFilePath)}/`; + const prefix = `${contents.trim()}\n\nThe above agent instructions were loaded from ${instructionsFilePath}. Resolve any relative file references from ${instructionsDir}.\n`; + return { + prefix, + chars: prefix.length, + notes: [ + `Loaded agent instructions from ${instructionsFilePath}`, + `Prepended instructions + path directive to prompt (relative references from ${instructionsDir}).`, + ], + }; + } catch (err) { + const reason = err instanceof Error ? err.message : String(err); + await onLog( + "stderr", + `[paperclip] Warning: could not read agent instructions file "${instructionsFilePath}": ${reason}\n`, + ); + return { + prefix: "", + chars: 0, + notes: [ + `Configured instructionsFilePath ${instructionsFilePath}, but file could not be read; continuing without injected instructions.`, + ], + }; + } +} + +function renderPaperclipEnvNote(env: Record): string { + const keys = Object.keys(env) + .filter((key) => key.startsWith("PAPERCLIP_")) + .sort(); + if (keys.length === 0) return ""; + return [ + "Paperclip runtime note:", + `The following PAPERCLIP_* environment variables are available in the cloud agent shell: ${keys.join(", ")}`, + "Use them directly instead of assuming they are absent.", + ].join("\n"); +} + +function readSession(params: Record | null): CursorCloudSession | null { + if (!params) return null; + const record = asRecord(params); + if (!record) return null; + const cursorAgentId = + trimNullable(record.cursorAgentId) ?? + trimNullable(record.agentId) ?? + trimNullable(record.sessionId); + if (!cursorAgentId) return null; + const latestRunId = trimNullable(record.latestRunId) ?? trimNullable(record.runId) ?? undefined; + const envType = trimNullable(record.envType); + const envName = trimNullable(record.envName); + const reposValue = Array.isArray(record.repos) ? record.repos : []; + const repos = reposValue + .map((entry) => asRecord(entry)) + .filter((entry): entry is Record => Boolean(entry)) + .map((entry) => ({ + url: asString(entry.url, "").trim(), + startingRef: trimNullable(entry.startingRef) ?? undefined, + prUrl: trimNullable(entry.prUrl) ?? undefined, + })) + .filter((entry) => entry.url.length > 0); + return { + cursorAgentId, + ...(latestRunId ? { latestRunId } : {}), + runtime: "cloud", + ...(envType ? { envType: normalizeEnvType(envType) } : {}), + ...(envName ? { envName } : {}), + repos, + }; +} + +function sessionMatches( + session: CursorCloudSession | null, + envType: "cloud" | "pool" | "machine", + envName: string | null, + repos: Array<{ url: string; startingRef?: string; prUrl?: string }>, +): boolean { + if (!session) return false; + if ((session.envType ?? "cloud") !== envType) return false; + if ((session.envName ?? null) !== envName) return false; + if (session.repos.length !== repos.length) return false; + return session.repos.every((repo, index) => { + const next = repos[index]; + return repo.url === next.url + && (repo.startingRef ?? null) === (next.startingRef ?? null) + && (repo.prUrl ?? null) === (next.prUrl ?? null); + }); +} + +function buildAgentOptions(input: { + apiKey: string; + name: string; + model?: ModelSelection; + envType: "cloud" | "pool" | "machine"; + envName: string | null; + repos: Array<{ url: string; startingRef?: string; prUrl?: string }>; + workOnCurrentBranch: boolean; + autoCreatePR: boolean; + skipReviewerRequest: boolean; + envVars: Record; +}): AgentOptions { + return { + apiKey: input.apiKey, + name: input.name, + ...(input.model ? { model: input.model } : {}), + cloud: { + env: { + type: input.envType, + ...(input.envName ? { name: input.envName } : {}), + }, + repos: input.repos, + workOnCurrentBranch: input.workOnCurrentBranch, + autoCreatePR: input.autoCreatePR, + skipReviewerRequest: input.skipReviewerRequest, + envVars: input.envVars, + }, + }; +} + +function eventLine(event: CursorCloudEvent): string { + return `${JSON.stringify(event)}\n`; +} + +async function emitMessage(onLog: AdapterExecutionContext["onLog"], message: SDKMessage) { + await onLog("stdout", eventLine({ type: "cursor_cloud.message", message })); +} + +async function emitStatus(onLog: AdapterExecutionContext["onLog"], status: string, message?: string) { + await onLog("stdout", eventLine({ type: "cursor_cloud.status", status, ...(message ? { message } : {}) })); +} + +async function streamRun(run: Run, onLog: AdapterExecutionContext["onLog"]) { + if (!run.supports("stream")) return; + for await (const message of run.stream()) { + await emitMessage(onLog, message); + } +} + +async function getAttachedRun(input: { + apiKey: string; + session: CursorCloudSession | null; +}): Promise { + const latestRunId = input.session?.latestRunId; + const cursorAgentId = input.session?.cursorAgentId; + if (!latestRunId || !cursorAgentId) return null; + try { + const run = await Agent.getRun(latestRunId, { + runtime: "cloud", + agentId: cursorAgentId, + apiKey: input.apiKey, + }); + return run.status === "running" ? run : null; + } catch { + return null; + } +} + +export async function execute(ctx: AdapterExecutionContext): Promise { + const { runId, agent, runtime, config, context, onLog, onMeta } = ctx; + const envConfig = asStringEnvMap(config.env); + const apiKey = asString(envConfig.CURSOR_API_KEY, "").trim(); + if (!apiKey) { + return { + exitCode: 1, + signal: null, + timedOut: false, + errorMessage: "CURSOR_API_KEY is required for cursor_cloud.", + provider: "cursor", + biller: "cursor", + billingType: "api", + clearSession: false, + }; + } + + const workspace = parseObject(context.paperclipWorkspace); + const repoUrl = + asString(config.repoUrl, "").trim() || + asString(workspace.repoUrl, "").trim(); + if (!repoUrl) { + return { + exitCode: 1, + signal: null, + timedOut: false, + errorMessage: "cursor_cloud requires repoUrl in adapterConfig or workspace context.", + provider: "cursor", + biller: "cursor", + billingType: "api", + clearSession: false, + }; + } + + const repoStartingRef = + trimNullable(config.repoStartingRef) ?? + trimNullable(workspace.repoRef) ?? + undefined; + const repoPullRequestUrl = trimNullable(config.repoPullRequestUrl) ?? undefined; + const envType = normalizeEnvType(asString(config.runtimeEnvType, "cloud")); + const envName = trimNullable(config.runtimeEnvName); + const workOnCurrentBranch = asBoolean(config.workOnCurrentBranch, false); + const autoCreatePR = asBoolean(config.autoCreatePR, false); + const skipReviewerRequest = asBoolean(config.skipReviewerRequest, false); + const model = toModelSelection(asString(config.model, "")); + const repos = [{ + url: repoUrl, + ...(repoStartingRef ? { startingRef: repoStartingRef } : {}), + ...(repoPullRequestUrl ? { prUrl: repoPullRequestUrl } : {}), + }]; + const remoteEnv = buildWakeEnv(ctx, envConfig); + const session = readSession(runtime.sessionParams) ?? (runtime.sessionId + ? { + cursorAgentId: runtime.sessionId, + runtime: "cloud" as const, + repos, + } + : null); + const canReuseSession = sessionMatches(session, envType, envName, repos); + const promptTemplate = asString(config.promptTemplate, DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE); + const bootstrapPromptTemplate = asString(config.bootstrapPromptTemplate, ""); + const templateData = { + agentId: agent.id, + companyId: agent.companyId, + runId, + company: { id: agent.companyId }, + agent, + run: { id: runId, source: "on_demand" }, + context, + }; + const instructions = await buildInstructionsPrefix(config, onLog); + const wakePrompt = renderPaperclipWakePrompt(context.paperclipWake, { resumedSession: canReuseSession }); + const renderedBootstrapPrompt = + !canReuseSession && bootstrapPromptTemplate.trim().length > 0 + ? renderTemplate(bootstrapPromptTemplate, templateData).trim() + : ""; + const renderedPrompt = + canReuseSession && wakePrompt.length > 0 + ? "" + : renderTemplate(promptTemplate, templateData).trim(); + const paperclipEnvNote = renderPaperclipEnvNote(remoteEnv); + const prompt = joinPromptSections([ + instructions.prefix, + renderedBootstrapPrompt, + wakePrompt, + paperclipEnvNote, + renderedPrompt, + ]); + const sessionHandoffNote = asString(context.paperclipSessionHandoffMarkdown, "").trim(); + const finalPrompt = joinPromptSections([prompt, sessionHandoffNote]); + + const agentOptions = buildAgentOptions({ + apiKey, + name: `Paperclip ${agent.name}`, + model, + envType, + envName, + repos, + workOnCurrentBranch, + autoCreatePR, + skipReviewerRequest, + envVars: remoteEnv, + }); + + const commandNotes = [ + ...instructions.notes, + canReuseSession + ? `Reusing Cursor cloud agent session ${session?.cursorAgentId ?? "unknown"}` + : "Creating a new Cursor cloud agent session", + `Repository: ${repoUrl}${repoStartingRef ? ` @ ${repoStartingRef}` : ""}`, + `Runtime target: ${envType}${envName ? ` (${envName})` : ""}`, + ]; + + if (onMeta) { + const meta: AdapterInvocationMeta = { + adapterType: "cursor_cloud", + command: "@cursor/sdk", + commandNotes, + prompt: finalPrompt, + promptMetrics: { + promptChars: finalPrompt.length, + instructionsChars: instructions.chars, + bootstrapPromptChars: renderedBootstrapPrompt.length, + wakePromptChars: wakePrompt.length, + heartbeatPromptChars: renderedPrompt.length, + }, + context: { + cursorCloud: { + envType, + envName, + repoUrl, + repoStartingRef, + repoPullRequestUrl, + canReuseSession, + }, + }, + }; + await onMeta(meta); + } + + let sdkAgent: SDKAgent | null = null; + let run: Run | null = null; + let streamError: string | null = null; + try { + const attachedRun = canReuseSession + ? await getAttachedRun({ apiKey, session }) + : null; + + if (attachedRun) { + await emitStatus(onLog, "running", `Reattached to existing Cursor run ${attachedRun.id}.`); + await onLog("stdout", eventLine({ + type: "cursor_cloud.init", + sessionId: attachedRun.agentId, + agentId: attachedRun.agentId, + runId: attachedRun.id, + ...(model?.id ? { model: model.id } : {}), + })); + const priorStreamPromise = streamRun(attachedRun, onLog).catch((err) => { + streamError = formatRunError(err); + }); + if (attachedRun.supports("wait")) await attachedRun.wait(); + await priorStreamPromise; + streamError = null; + await emitStatus( + onLog, + "running", + `Prior Cursor run ${attachedRun.id} finished; sending heartbeat follow-up so this wake's context is not dropped.`, + ); + } + + sdkAgent = canReuseSession && session + ? await Agent.resume(session.cursorAgentId, agentOptions) + : await Agent.create(agentOptions); + run = await sdkAgent.send(finalPrompt, { + ...(model ? { model } : {}), + }); + await onLog("stdout", eventLine({ + type: "cursor_cloud.init", + sessionId: sdkAgent.agentId, + agentId: sdkAgent.agentId, + runId: run.id, + ...(model?.id ? { model: model.id } : {}), + })); + await emitStatus(onLog, "running", `Started Cursor run ${run.id}.`); + + const streamPromise = streamRun(run, onLog).catch((err) => { + streamError = formatRunError(err); + }); + const result = run.supports("wait") + ? await run.wait() + : { + id: run.id, + status: run.status === "running" ? "error" : run.status, + result: run.result, + model: run.model, + durationMs: run.durationMs, + git: run.git, + }; + await streamPromise; + + const modelId = result.model?.id ?? model?.id ?? null; + await onLog("stdout", eventLine({ + type: "cursor_cloud.result", + status: result.status, + ...(result.result ? { result: result.result } : {}), + ...(modelId ? { model: modelId } : {}), + ...(typeof result.durationMs === "number" ? { durationMs: result.durationMs } : {}), + ...(result.git ? { git: result.git } : {}), + ...(streamError ? { error: streamError } : {}), + })); + + const nextSession: CursorCloudSession = { + cursorAgentId: run.agentId, + latestRunId: result.id, + runtime: "cloud", + envType, + ...(envName ? { envName } : {}), + repos, + }; + const isError = result.status !== "finished"; + return { + exitCode: isError ? 1 : 0, + signal: null, + timedOut: false, + errorMessage: isError ? (trimNullable(result.result) ?? streamError ?? `Cursor run ${result.status}`) : null, + sessionId: run.agentId, + sessionDisplayId: run.agentId, + sessionParams: nextSession, + provider: "cursor", + biller: "cursor", + billingType: "api", + model: modelId, + costUsd: null, + summary: toSummary(result), + resultJson: { + status: result.status, + cursorAgentId: run.agentId, + cursorRunId: result.id, + envType, + envName, + repos, + ...(result.result ? { result: result.result } : {}), + ...(result.git ? { git: result.git } : {}), + ...(typeof result.durationMs === "number" ? { durationMs: result.durationMs } : {}), + ...(streamError ? { streamError } : {}), + }, + clearSession: false, + }; + } catch (err) { + const reason = formatRunError(err); + if (run) { + await onLog("stdout", eventLine({ + type: "cursor_cloud.result", + status: "error", + error: reason, + })); + } + return { + exitCode: 1, + signal: null, + timedOut: false, + errorMessage: reason, + sessionId: session?.cursorAgentId ?? null, + sessionDisplayId: session?.cursorAgentId ?? null, + sessionParams: session, + provider: "cursor", + biller: "cursor", + billingType: "api", + costUsd: null, + clearSession: false, + resultJson: { + status: "error", + ...(run ? { cursorRunId: run.id } : {}), + ...(session?.cursorAgentId ? { cursorAgentId: session.cursorAgentId } : {}), + error: reason, + }, + }; + } finally { + if (sdkAgent) { + try { + await sdkAgent[Symbol.asyncDispose](); + } catch { + // Best effort only. + } + } + } +} diff --git a/packages/adapters/cursor-cloud/src/server/index.ts b/packages/adapters/cursor-cloud/src/server/index.ts new file mode 100644 index 00000000..7fea7f7b --- /dev/null +++ b/packages/adapters/cursor-cloud/src/server/index.ts @@ -0,0 +1,70 @@ +export { execute } from "./execute.js"; +export { testEnvironment } from "./test.js"; +export { sessionCodec } from "./session.js"; + +import type { AdapterConfigSchema } from "@paperclipai/adapter-utils"; + +export function getConfigSchema(): AdapterConfigSchema { + return { + fields: [ + { + key: "repoUrl", + label: "Repository URL", + type: "text", + required: true, + hint: "Git repository URL Cursor should open for this agent.", + }, + { + key: "repoStartingRef", + label: "Starting ref", + type: "text", + hint: "Optional branch, tag, or SHA Cursor should start from.", + }, + { + key: "repoPullRequestUrl", + label: "Pull request URL", + type: "text", + hint: "Optional PR URL when attaching the agent to an existing review branch.", + }, + { + key: "runtimeEnvType", + label: "Cursor runtime", + type: "select", + default: "cloud", + options: [ + { value: "cloud", label: "Cursor hosted" }, + { value: "pool", label: "Self-hosted pool" }, + { value: "machine", label: "Named machine" }, + ], + hint: "Choose where Cursor should execute the remote agent.", + }, + { + key: "runtimeEnvName", + label: "Runtime name", + type: "text", + hint: "Optional pool or machine name when targeting a non-default runtime.", + }, + { + key: "workOnCurrentBranch", + label: "Work on current branch", + type: "toggle", + default: false, + hint: "Tell Cursor to continue on the current branch instead of making a new one.", + }, + { + key: "autoCreatePR", + label: "Auto-create PR", + type: "toggle", + default: false, + hint: "Allow Cursor to automatically create a pull request for the work.", + }, + { + key: "skipReviewerRequest", + label: "Skip reviewer request", + type: "toggle", + default: false, + hint: "Suppress reviewer requests on auto-created pull requests.", + }, + ], + }; +} diff --git a/packages/adapters/cursor-cloud/src/server/session.test.ts b/packages/adapters/cursor-cloud/src/server/session.test.ts new file mode 100644 index 00000000..eedff71e --- /dev/null +++ b/packages/adapters/cursor-cloud/src/server/session.test.ts @@ -0,0 +1,31 @@ +import { describe, expect, it } from "vitest"; +import { sessionCodec } from "./session.js"; + +describe("cursorCloud sessionCodec", () => { + it("normalizes legacy and current session identifiers", () => { + expect( + sessionCodec.deserialize({ + agentId: "agent-123", + runId: "run-456", + envType: "pool", + envName: "trusted", + repos: [{ url: "https://github.com/paperclipai/paperclip.git", startingRef: "main" }], + }), + ).toEqual({ + cursorAgentId: "agent-123", + latestRunId: "run-456", + runtime: "cloud", + envType: "pool", + envName: "trusted", + repos: [{ url: "https://github.com/paperclipai/paperclip.git", startingRef: "main" }], + }); + }); + + it("drops invalid session payloads and exposes the display id", () => { + expect(sessionCodec.deserialize({ latestRunId: "run-1" })).toBeNull(); + expect(sessionCodec.getDisplayId?.({ + cursorAgentId: "agent-789", + latestRunId: "run-101", + })).toBe("agent-789"); + }); +}); diff --git a/packages/adapters/cursor-cloud/src/server/session.ts b/packages/adapters/cursor-cloud/src/server/session.ts new file mode 100644 index 00000000..0d3b57c0 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/server/session.ts @@ -0,0 +1,61 @@ +import type { AdapterSessionCodec } from "@paperclipai/adapter-utils"; + +function asRecord(value: unknown): Record | null { + if (typeof value !== "object" || value === null || Array.isArray(value)) return null; + return value as Record; +} + +function readString(value: unknown): string | null { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function readRepos(value: unknown): Array<{ url: string; startingRef?: string; prUrl?: string }> { + if (!Array.isArray(value)) return []; + const repos: Array<{ url: string; startingRef?: string; prUrl?: string }> = []; + for (const entry of value) { + const repo = asRecord(entry); + if (!repo) continue; + const url = readString(repo.url); + if (!url) continue; + const startingRef = readString(repo.startingRef); + const prUrl = readString(repo.prUrl); + repos.push({ + url, + ...(startingRef ? { startingRef } : {}), + ...(prUrl ? { prUrl } : {}), + }); + } + return repos; +} + +function normalize(raw: unknown): Record | null { + const record = asRecord(raw); + if (!record) return null; + const cursorAgentId = + readString(record.cursorAgentId) ?? + readString(record.agentId) ?? + readString(record.sessionId); + if (!cursorAgentId) return null; + const latestRunId = readString(record.latestRunId) ?? readString(record.runId); + const runtime = readString(record.runtime) ?? "cloud"; + const envType = readString(record.envType); + const envName = readString(record.envName); + const repos = readRepos(record.repos); + return { + cursorAgentId, + ...(latestRunId ? { latestRunId } : {}), + runtime, + ...(envType ? { envType } : {}), + ...(envName ? { envName } : {}), + ...(repos.length > 0 ? { repos } : {}), + }; +} + +export const sessionCodec: AdapterSessionCodec = { + deserialize: normalize, + serialize: normalize, + getDisplayId(params) { + const normalized = normalize(params); + return normalized ? String(normalized.cursorAgentId) : null; + }, +}; diff --git a/packages/adapters/cursor-cloud/src/server/test.ts b/packages/adapters/cursor-cloud/src/server/test.ts new file mode 100644 index 00000000..03091ad1 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/server/test.ts @@ -0,0 +1,118 @@ +import { Cursor } from "@cursor/sdk"; +import type { + AdapterEnvironmentCheck, + AdapterEnvironmentTestContext, + AdapterEnvironmentTestResult, +} from "@paperclipai/adapter-utils"; +import { asString, parseObject } from "@paperclipai/adapter-utils/server-utils"; + +function summarizeStatus(checks: AdapterEnvironmentCheck[]): AdapterEnvironmentTestResult["status"] { + if (checks.some((check) => check.level === "error")) return "fail"; + if (checks.some((check) => check.level === "warn")) return "warn"; + return "pass"; +} + +function asStringEnvMap(value: unknown): Record { + const parsed = parseObject(value); + const env: Record = {}; + for (const [key, entry] of Object.entries(parsed)) { + if (typeof entry === "string") { + env[key] = entry; + } else if (typeof entry === "object" && entry !== null && !Array.isArray(entry)) { + const rec = entry as Record; + if (rec.type === "plain" && typeof rec.value === "string") env[key] = rec.value; + } + } + return env; +} + +function looksLikeRepoUrl(value: string): boolean { + return /^(https?:\/\/|git@)/i.test(value.trim()); +} + +export async function testEnvironment( + ctx: AdapterEnvironmentTestContext, +): Promise { + const checks: AdapterEnvironmentCheck[] = []; + const config = parseObject(ctx.config); + const env = asStringEnvMap(config.env); + const apiKey = asString(env.CURSOR_API_KEY, "").trim(); + const repoUrl = asString(config.repoUrl, "").trim(); + const model = asString(config.model, "").trim(); + + if (!apiKey) { + checks.push({ + code: "cursor_cloud_api_key_missing", + level: "error", + message: "CURSOR_API_KEY is required.", + hint: "Add CURSOR_API_KEY under environment variables for this adapter.", + }); + } + + if (!repoUrl) { + checks.push({ + code: "cursor_cloud_repo_missing", + level: "error", + message: "repoUrl is required.", + hint: "Set the repository URL Cursor should open for this agent.", + }); + } else if (!looksLikeRepoUrl(repoUrl)) { + checks.push({ + code: "cursor_cloud_repo_invalid", + level: "error", + message: "repoUrl must be an http(s) or git SSH repository URL.", + detail: repoUrl, + }); + } else { + checks.push({ + code: "cursor_cloud_repo_present", + level: "info", + message: `Repository configured: ${repoUrl}`, + }); + } + + if (apiKey) { + try { + const me = await Cursor.me({ apiKey }); + checks.push({ + code: "cursor_cloud_auth_ok", + level: "info", + message: "Cursor API key is valid.", + detail: me.userEmail ? `Authenticated as ${me.userEmail}.` : `API key: ${me.apiKeyName}`, + }); + } catch (err) { + checks.push({ + code: "cursor_cloud_auth_failed", + level: "error", + message: err instanceof Error ? err.message : "Failed to validate Cursor API key.", + }); + } + } + + if (apiKey && model) { + try { + const models = await Cursor.models.list({ apiKey }); + const match = models.find((entry) => entry.id === model); + checks.push({ + code: match ? "cursor_cloud_model_ok" : "cursor_cloud_model_unknown", + level: match ? "info" : "warn", + message: match + ? `Model "${model}" is available to the authenticated Cursor account.` + : `Model "${model}" was not found in the authenticated Cursor model list.`, + }); + } catch (err) { + checks.push({ + code: "cursor_cloud_model_probe_failed", + level: "warn", + message: err instanceof Error ? err.message : "Failed to validate model availability.", + }); + } + } + + return { + adapterType: ctx.adapterType, + status: summarizeStatus(checks), + checks, + testedAt: new Date().toISOString(), + }; +} diff --git a/packages/adapters/cursor-cloud/src/ui/build-config.test.ts b/packages/adapters/cursor-cloud/src/ui/build-config.test.ts new file mode 100644 index 00000000..d3257212 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/ui/build-config.test.ts @@ -0,0 +1,85 @@ +import { describe, expect, it } from "vitest"; +import type { CreateConfigValues } from "@paperclipai/adapter-utils"; +import { buildCursorCloudConfig } from "./build-config.js"; + +function makeValues(overrides: Partial = {}): CreateConfigValues { + return { + adapterType: "cursor_cloud", + cwd: "", + instructionsFilePath: "", + promptTemplate: "", + model: "", + thinkingEffort: "", + chrome: false, + dangerouslySkipPermissions: false, + search: false, + fastMode: false, + dangerouslyBypassSandbox: false, + command: "", + args: "", + extraArgs: "", + envVars: "", + envBindings: {}, + url: "", + bootstrapPrompt: "", + payloadTemplateJson: "", + workspaceStrategyType: "project_primary", + workspaceBaseRef: "", + workspaceBranchTemplate: "", + worktreeParentDir: "", + runtimeServicesJson: "", + maxTurnsPerRun: 1000, + heartbeatEnabled: false, + intervalSec: 300, + adapterSchemaValues: {}, + ...overrides, + }; +} + +describe("buildCursorCloudConfig", () => { + it("persists schema values and top-level prompt fields", () => { + const config = buildCursorCloudConfig( + makeValues({ + instructionsFilePath: ".cursor/AGENTS.md", + promptTemplate: "hello {{agent.name}}", + bootstrapPrompt: "bootstrap", + model: "gpt-5.4", + adapterSchemaValues: { + repoUrl: "https://github.com/paperclipai/paperclip.git", + runtimeEnvType: "pool", + runtimeEnvName: "trusted-workers", + autoCreatePR: true, + }, + }), + ); + + expect(config).toMatchObject({ + instructionsFilePath: ".cursor/AGENTS.md", + promptTemplate: "hello {{agent.name}}", + bootstrapPromptTemplate: "bootstrap", + model: "gpt-5.4", + repoUrl: "https://github.com/paperclipai/paperclip.git", + runtimeEnvType: "pool", + runtimeEnvName: "trusted-workers", + autoCreatePR: true, + }); + }); + + it("merges structured env bindings over legacy envVars text", () => { + const config = buildCursorCloudConfig( + makeValues({ + envVars: ["CURSOR_API_KEY=legacy-key", "PLAIN=value", "INVALID KEY=nope"].join("\n"), + envBindings: { + CURSOR_API_KEY: { type: "secret_ref", secretId: "secret-1", version: "latest" }, + STRUCTURED_ONLY: "from-binding", + }, + }), + ); + + expect(config.env).toEqual({ + CURSOR_API_KEY: { type: "secret_ref", secretId: "secret-1", version: "latest" }, + PLAIN: { type: "plain", value: "value" }, + STRUCTURED_ONLY: { type: "plain", value: "from-binding" }, + }); + }); +}); diff --git a/packages/adapters/cursor-cloud/src/ui/build-config.ts b/packages/adapters/cursor-cloud/src/ui/build-config.ts new file mode 100644 index 00000000..3e378040 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/ui/build-config.ts @@ -0,0 +1,67 @@ +import type { CreateConfigValues } from "@paperclipai/adapter-utils"; + +function parseEnvVars(text: string): Record { + const env: Record = {}; + for (const line of text.split(/\r?\n/)) { + const trimmed = line.trim(); + if (!trimmed || trimmed.startsWith("#")) continue; + const eq = trimmed.indexOf("="); + if (eq <= 0) continue; + const key = trimmed.slice(0, eq).trim(); + const value = trimmed.slice(eq + 1); + if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) continue; + env[key] = value; + } + return env; +} + +function parseEnvBindings(bindings: unknown): Record { + if (typeof bindings !== "object" || bindings === null || Array.isArray(bindings)) return {}; + const env: Record = {}; + for (const [key, raw] of Object.entries(bindings)) { + if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) continue; + if (typeof raw === "string") { + env[key] = { type: "plain", value: raw }; + continue; + } + if (typeof raw !== "object" || raw === null || Array.isArray(raw)) continue; + const rec = raw as Record; + if (rec.type === "plain" && typeof rec.value === "string") { + env[key] = { type: "plain", value: rec.value }; + continue; + } + if (rec.type === "secret_ref" && typeof rec.secretId === "string") { + env[key] = { + type: "secret_ref", + secretId: rec.secretId, + ...(typeof rec.version === "number" || rec.version === "latest" + ? { version: rec.version } + : {}), + }; + } + } + return env; +} + +export function buildCursorCloudConfig(values: CreateConfigValues): Record { + const config: Record = { + ...(values.adapterSchemaValues ?? {}), + }; + if (values.instructionsFilePath) config.instructionsFilePath = values.instructionsFilePath; + if (values.promptTemplate) config.promptTemplate = values.promptTemplate; + if (values.bootstrapPrompt) config.bootstrapPromptTemplate = values.bootstrapPrompt; + if (values.model?.trim()) config.model = values.model.trim(); + + const env = parseEnvBindings(values.envBindings); + const legacy = parseEnvVars(values.envVars); + for (const [key, value] of Object.entries(legacy)) { + if (!Object.prototype.hasOwnProperty.call(env, key)) { + env[key] = { type: "plain", value }; + } + } + if (Object.keys(env).length > 0) { + config.env = env; + } + + return config; +} diff --git a/packages/adapters/cursor-cloud/src/ui/index.ts b/packages/adapters/cursor-cloud/src/ui/index.ts new file mode 100644 index 00000000..130ece14 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/ui/index.ts @@ -0,0 +1,2 @@ +export { buildCursorCloudConfig } from "./build-config.js"; +export { parseCursorCloudStdoutLine } from "./parse-stdout.js"; diff --git a/packages/adapters/cursor-cloud/src/ui/parse-stdout.test.ts b/packages/adapters/cursor-cloud/src/ui/parse-stdout.test.ts new file mode 100644 index 00000000..812cf817 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/ui/parse-stdout.test.ts @@ -0,0 +1,143 @@ +import { describe, expect, it } from "vitest"; +import { parseCursorCloudStdoutLine } from "./parse-stdout.js"; + +const ts = "2026-05-10T05:10:00.000Z"; + +describe("parseCursorCloudStdoutLine", () => { + it("parses init and status events", () => { + expect( + parseCursorCloudStdoutLine( + JSON.stringify({ type: "cursor_cloud.init", sessionId: "agent-123", model: "gpt-5.4" }), + ts, + ), + ).toEqual([{ kind: "init", ts, sessionId: "agent-123", model: "gpt-5.4" }]); + + expect( + parseCursorCloudStdoutLine( + JSON.stringify({ type: "cursor_cloud.status", status: "running", message: "Reattached" }), + ts, + ), + ).toEqual([{ kind: "system", ts, text: "running: Reattached" }]); + }); + + it("parses assistant text and tool lifecycle SDK messages", () => { + const assistantLine = JSON.stringify({ + type: "cursor_cloud.message", + message: { + type: "assistant", + message: { + content: [ + { type: "text", text: "Working on it." }, + { type: "tool_use", id: "tool-1", name: "read_file", input: { path: "README.md" } }, + ], + }, + }, + }); + expect(parseCursorCloudStdoutLine(assistantLine, ts)).toEqual([ + { kind: "assistant", ts, text: "Working on it." }, + { kind: "tool_call", ts, name: "read_file", toolUseId: "tool-1", input: { path: "README.md" } }, + ]); + + const toolStartLine = JSON.stringify({ + type: "cursor_cloud.message", + message: { + type: "tool_call", + id: "call-1", + name: "bash", + status: "running", + args: { command: "pwd" }, + }, + }); + expect(parseCursorCloudStdoutLine(toolStartLine, ts)).toEqual([ + { kind: "tool_call", ts, name: "bash", toolUseId: "call-1", input: { command: "pwd" } }, + ]); + + const toolEndLine = JSON.stringify({ + type: "cursor_cloud.message", + message: { + type: "tool_call", + id: "call-1", + name: "bash", + status: "completed", + result: { stdout: "/repo" }, + }, + }); + expect(parseCursorCloudStdoutLine(toolEndLine, ts)).toEqual([ + { + kind: "tool_result", + ts, + toolUseId: "call-1", + toolName: "bash", + content: JSON.stringify({ stdout: "/repo" }, null, 2), + isError: false, + }, + ]); + }); + + it("parses standalone tool_result SDK messages", () => { + const line = JSON.stringify({ + type: "cursor_cloud.message", + message: { + type: "tool_result", + call_id: "call-9", + name: "read_file", + result: { contents: "file body" }, + }, + }); + expect(parseCursorCloudStdoutLine(line, ts)).toEqual([ + { + kind: "tool_result", + ts, + toolUseId: "call-9", + toolName: "read_file", + content: JSON.stringify({ contents: "file body" }, null, 2), + isError: false, + }, + ]); + + const errorLine = JSON.stringify({ + type: "cursor_cloud.message", + message: { + type: "tool_result", + call_id: "call-10", + name: "bash", + is_error: true, + content: "exit 1", + }, + }); + expect(parseCursorCloudStdoutLine(errorLine, ts)).toEqual([ + { + kind: "tool_result", + ts, + toolUseId: "call-10", + toolName: "bash", + content: "exit 1", + isError: true, + }, + ]); + }); + + it("parses result events and preserves unknown lines as stdout", () => { + expect( + parseCursorCloudStdoutLine( + JSON.stringify({ type: "cursor_cloud.result", status: "finished", result: "Done", model: "gpt-5.4" }), + ts, + ), + ).toEqual([ + { + kind: "result", + ts, + text: "Done", + inputTokens: 0, + outputTokens: 0, + cachedTokens: 0, + costUsd: 0, + subtype: "finished", + isError: false, + errors: [], + }, + ]); + + expect(parseCursorCloudStdoutLine("plain text", ts)).toEqual([{ kind: "stdout", ts, text: "plain text" }]); + }); +}); diff --git a/packages/adapters/cursor-cloud/src/ui/parse-stdout.ts b/packages/adapters/cursor-cloud/src/ui/parse-stdout.ts new file mode 100644 index 00000000..f3a73c05 --- /dev/null +++ b/packages/adapters/cursor-cloud/src/ui/parse-stdout.ts @@ -0,0 +1,186 @@ +import type { TranscriptEntry } from "@paperclipai/adapter-utils"; + +function safeJsonParse(text: string): unknown { + try { + return JSON.parse(text); + } catch { + return null; + } +} + +function asRecord(value: unknown): Record | null { + if (typeof value !== "object" || value === null || Array.isArray(value)) return null; + return value as Record; +} + +function asString(value: unknown, fallback = ""): string { + return typeof value === "string" ? value : fallback; +} + +function stringifyUnknown(value: unknown): string { + if (typeof value === "string") return value; + if (value === null || value === undefined) return ""; + try { + return JSON.stringify(value, null, 2); + } catch { + return String(value); + } +} + +function parseAssistantMessage(message: Record, ts: string): TranscriptEntry[] { + const content = Array.isArray(message.content) ? message.content : []; + const entries: TranscriptEntry[] = []; + for (const partRaw of content) { + const part = asRecord(partRaw); + if (!part) continue; + const type = asString(part.type).trim(); + if (type === "text") { + const text = asString(part.text).trim(); + if (text) entries.push({ kind: "assistant", ts, text }); + continue; + } + if (type === "tool_use") { + entries.push({ + kind: "tool_call", + ts, + name: asString(part.name, "tool"), + toolUseId: asString(part.id) || undefined, + input: part.input ?? {}, + }); + } + } + return entries; +} + +function parseSdkMessage(messageRaw: unknown, ts: string): TranscriptEntry[] { + const message = asRecord(messageRaw); + if (!message) return []; + const type = asString(message.type); + + if (type === "assistant") { + const body = asRecord(message.message); + return body ? parseAssistantMessage(body, ts) : []; + } + + if (type === "user") { + const body = asRecord(message.message); + const content = Array.isArray(body?.content) ? body.content : []; + const text = content + .map((entry) => asRecord(entry)) + .filter((entry): entry is Record => Boolean(entry)) + .map((entry) => asString(entry.text).trim()) + .filter(Boolean) + .join("\n"); + return text ? [{ kind: "user", ts, text }] : []; + } + + if (type === "thinking") { + const text = asString(message.text).trim(); + return text ? [{ kind: "thinking", ts, text }] : []; + } + + if (type === "tool_call") { + const toolUseId = asString(message.call_id, asString(message.id, "tool_call")); + const status = asString(message.status).toLowerCase(); + if (status === "running") { + return [{ + kind: "tool_call", + ts, + name: asString(message.name, "tool"), + toolUseId, + input: message.args ?? {}, + }]; + } + if (status === "completed" || status === "error") { + return [{ + kind: "tool_result", + ts, + toolUseId, + toolName: asString(message.name, "tool"), + content: stringifyUnknown(message.result ?? message.args ?? {}), + isError: status === "error", + }]; + } + return []; + } + + if (type === "tool_result") { + const toolUseId = asString(message.call_id, asString(message.id, "tool_result")); + const isError = + message.is_error === true || + asString(message.status).toLowerCase() === "error"; + return [{ + kind: "tool_result", + ts, + toolUseId, + toolName: asString(message.name, "tool"), + content: stringifyUnknown(message.result ?? message.content ?? message.output ?? {}), + isError, + }]; + } + + if (type === "status") { + const status = asString(message.status); + const statusMessage = asString(message.message); + return [{ + kind: "system", + ts, + text: `status: ${status}${statusMessage ? ` - ${statusMessage}` : ""}`, + }]; + } + + if (type === "task") { + const text = asString(message.text).trim(); + return text ? [{ kind: "system", ts, text }] : []; + } + + return []; +} + +export function parseCursorCloudStdoutLine(line: string, ts: string): TranscriptEntry[] { + const parsed = asRecord(safeJsonParse(line)); + if (!parsed) { + return [{ kind: "stdout", ts, text: line }]; + } + + const type = asString(parsed.type); + if (type === "cursor_cloud.init") { + const sessionId = asString(parsed.sessionId, asString(parsed.agentId)); + return [{ + kind: "init", + ts, + model: asString(parsed.model, "cursor_cloud"), + sessionId, + }]; + } + + if (type === "cursor_cloud.status") { + return [{ + kind: "system", + ts, + text: `${asString(parsed.status, "status")}${parsed.message ? `: ${asString(parsed.message)}` : ""}`, + }]; + } + + if (type === "cursor_cloud.message") { + return parseSdkMessage(parsed.message, ts); + } + + if (type === "cursor_cloud.result") { + const status = asString(parsed.status, "error"); + return [{ + kind: "result", + ts, + text: asString(parsed.result), + inputTokens: 0, + outputTokens: 0, + cachedTokens: 0, + costUsd: 0, + subtype: status, + isError: status !== "finished", + errors: parsed.error ? [asString(parsed.error)] : [], + }]; + } + + return [{ kind: "stdout", ts, text: line }]; +} diff --git a/packages/adapters/cursor-cloud/tsconfig.json b/packages/adapters/cursor-cloud/tsconfig.json new file mode 100644 index 00000000..8fea361a --- /dev/null +++ b/packages/adapters/cursor-cloud/tsconfig.json @@ -0,0 +1,9 @@ +{ + "extends": "../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "dist", + "rootDir": "src", + "types": ["node"] + }, + "include": ["src"] +} diff --git a/packages/adapters/cursor-local/src/index.ts b/packages/adapters/cursor-local/src/index.ts index 16fbda54..f93928d8 100644 --- a/packages/adapters/cursor-local/src/index.ts +++ b/packages/adapters/cursor-local/src/index.ts @@ -3,6 +3,15 @@ import type { AdapterModelProfileDefinition } from "@paperclipai/adapter-utils"; export const type = "cursor"; export const label = "Cursor CLI (local)"; +// Cursor CLI is not distributed as an npm package — the official install +// path is the upstream installer script at cursor.com/install. Other adapters +// in this repo prefer `npm install -g ` which is content-addressed by the +// registry; cursor must use `curl | bash` until upstream publishes a registry +// artifact. Pinning a commit/version here would require shipping our own +// mirror of the installer; revisit if Cursor adds an npm/release-asset +// equivalent. +export const SANDBOX_INSTALL_COMMAND = "curl https://cursor.com/install -fsS | bash"; + export const DEFAULT_CURSOR_LOCAL_MODEL = "auto"; const CURSOR_FALLBACK_MODEL_IDS = [ @@ -95,5 +104,5 @@ Notes: - Sessions are resumed with --resume when stored session cwd matches current cwd. - Paperclip auto-injects local skills into "~/.cursor/skills" when missing, so Cursor can discover "$paperclip" and related skills on local runs. - Paperclip auto-adds --yolo unless one of --trust/--yolo/-f is already present in extraArgs. -- Remote sandbox runs prepend "~/.local/bin" to PATH and prefer "~/.local/bin/cursor-agent" when the default Cursor entrypoint is requested, so standard E2B-style installs do not need hardcoded absolute command paths. +- Remote sandbox runs prepend "~/.cursor/bin" and "~/.local/bin" to PATH and prefer the installed absolute entrypoint from one of those directories when the default Cursor command is requested, so installer-managed sandbox leases do not need hardcoded command paths. `; diff --git a/packages/adapters/cursor-local/src/server/execute.remote.test.ts b/packages/adapters/cursor-local/src/server/execute.remote.test.ts index e0e6d09f..0617aae3 100644 --- a/packages/adapters/cursor-local/src/server/execute.remote.test.ts +++ b/packages/adapters/cursor-local/src/server/execute.remote.test.ts @@ -11,6 +11,7 @@ const { restoreWorkspaceFromSshExecution, runSshCommand, syncDirectoryToSsh, + startAdapterExecutionTargetPaperclipBridge, } = vi.hoisted(() => ({ runChildProcess: vi.fn(async () => ({ exitCode: 0, @@ -27,7 +28,7 @@ const { })), ensureCommandResolvable: vi.fn(async () => undefined), resolveCommandForLogs: vi.fn(async () => "ssh://fixture@127.0.0.1:2222/remote/workspace :: agent"), - prepareWorkspaceForSshExecution: vi.fn(async () => undefined), + prepareWorkspaceForSshExecution: vi.fn(async () => ({ gitBacked: false })), restoreWorkspaceFromSshExecution: vi.fn(async () => undefined), runSshCommand: vi.fn(async () => ({ stdout: "/home/agent", @@ -35,6 +36,14 @@ const { exitCode: 0, })), syncDirectoryToSsh: vi.fn(async () => undefined), + startAdapterExecutionTargetPaperclipBridge: vi.fn(async () => ({ + env: { + PAPERCLIP_API_URL: "http://127.0.0.1:4310", + PAPERCLIP_API_KEY: "bridge-token", + PAPERCLIP_API_BRIDGE_MODE: "queue_v1", + }, + stop: async () => {}, + })), })); vi.mock("@paperclipai/adapter-utils/server-utils", async () => { @@ -62,6 +71,16 @@ vi.mock("@paperclipai/adapter-utils/ssh", async () => { }; }); +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + startAdapterExecutionTargetPaperclipBridge, + }; +}); + import { execute } from "./execute.js"; describe("cursor remote execution", () => { @@ -80,8 +99,11 @@ describe("cursor remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-cursor-remote-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const alternateWorkspaceDir = path.join(rootDir, "workspace-other"); await mkdir(workspaceDir, { recursive: true }); + await mkdir(alternateWorkspaceDir, { recursive: true }); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-1/workspace"; const result = await execute({ runId: "run-1", agent: { @@ -105,6 +127,20 @@ describe("cursor remote execution", () => { cwd: workspaceDir, source: "project_primary", }, + paperclipWorkspaces: [ + { + workspaceId: "workspace-1", + cwd: workspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + cwd: alternateWorkspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ], }, executionTransport: { remoteExecution: { @@ -116,7 +152,6 @@ describe("cursor remote execution", () => { privateKey: "PRIVATE KEY", knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", strictHostKeyChecking: true, - paperclipApiUrl: "http://198.51.100.10:3102", }, }, onLog: async () => {}, @@ -124,20 +159,19 @@ describe("cursor remote execution", () => { expect(result.sessionParams).toMatchObject({ sessionId: "cursor-session-1", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", - paperclipApiUrl: "http://198.51.100.10:3102", + remoteCwd: managedRemoteWorkspace, }, }); expect(prepareWorkspaceForSshExecution).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledWith(expect.objectContaining({ - remoteDir: "/remote/workspace/.paperclip-runtime/cursor/skills", + remoteDir: `${managedRemoteWorkspace}/.paperclip-runtime/cursor/skills`, followSymlinks: true, })); expect(runSshCommand).toHaveBeenCalledWith( @@ -149,9 +183,25 @@ describe("cursor remote execution", () => { | [string, string, string[], { env: Record; remoteExecution?: { remoteCwd: string } | null }] | undefined; expect(call?.[2]).toContain("--workspace"); - expect(call?.[2]).toContain("/remote/workspace"); - expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://198.51.100.10:3102"); - expect(call?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + expect(call?.[2]).toContain(managedRemoteWorkspace); + expect(call?.[3].env.PAPERCLIP_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(JSON.parse(call?.[3].env.PAPERCLIP_WORKSPACES_JSON ?? "[]")).toEqual([ + { + workspaceId: "workspace-1", + cwd: managedRemoteWorkspace, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ]); + expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://127.0.0.1:4310"); + expect(call?.[3].env.PAPERCLIP_API_BRIDGE_MODE).toBe("queue_v1"); + expect(call?.[3].remoteExecution?.remoteCwd).toBe(managedRemoteWorkspace); + expect(startAdapterExecutionTargetPaperclipBridge).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledTimes(1); }); @@ -161,6 +211,7 @@ describe("cursor remote execution", () => { const workspaceDir = path.join(rootDir, "workspace"); await mkdir(workspaceDir, { recursive: true }); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-ssh-resume/workspace"; await execute({ runId: "run-ssh-resume", agent: { @@ -174,13 +225,13 @@ describe("cursor remote execution", () => { sessionId: "session-123", sessionParams: { sessionId: "session-123", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", + remoteCwd: managedRemoteWorkspace, }, }, sessionDisplayId: "session-123", diff --git a/packages/adapters/cursor-local/src/server/execute.test.ts b/packages/adapters/cursor-local/src/server/execute.test.ts new file mode 100644 index 00000000..d0d8ce4b --- /dev/null +++ b/packages/adapters/cursor-local/src/server/execute.test.ts @@ -0,0 +1,352 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { describe, expect, it, vi } from "vitest"; +import type { AdapterExecutionTarget } from "@paperclipai/adapter-utils/execution-target"; +import { runChildProcess } from "@paperclipai/adapter-utils/server-utils"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; +import { execute } from "./execute.js"; + +type PrepareCursorSandboxCommandInput = { + runId: string; + target: AdapterExecutionTarget | null | undefined; + command: string; + cwd: string; + env: Record; + remoteSystemHomeDirHint?: string | null; + timeoutSec: number; + graceSec: number; +}; + +type PrepareCursorSandboxCommandResult = { + command: string; + env: Record; + remoteSystemHomeDir: string | null; + addedPathEntry: string | null; + preferredCommandPath: string | null; +}; + +const { + setPrepareCursorSandboxCommand, +} = vi.hoisted(() => { + const setPrepareCursorSandboxCommand = vi.fn< + (input: PrepareCursorSandboxCommandInput) => Promise + >(); + return { setPrepareCursorSandboxCommand }; +}); + +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + startAdapterExecutionTargetPaperclipBridge: async () => null, + }; +}); + +vi.mock("./remote-command.js", async () => { + const actual = await vi.importActual("./remote-command.js"); + return { + ...actual, + prepareCursorSandboxCommand: async (input: Parameters[0]) => { + return setPrepareCursorSandboxCommand(input); + }, + }; +}); + +function buildFakeAgentScript(captureDir: string): string { + return `#!/bin/sh +cat > ${JSON.stringify(path.join(captureDir, "prompt.txt"))} +printf '%s' "$0" > ${JSON.stringify(path.join(captureDir, "command.txt"))} +printf '%s' "$PATH" > ${JSON.stringify(path.join(captureDir, "path.txt"))} +printf '%s\\n' '{"type":"system","subtype":"init","session_id":"cursor-session-fresh-1","model":"auto"}' +printf '%s\\n' '{"type":"assistant","message":{"content":[{"type":"output_text","text":"hello"}]}}' +printf '%s\\n' '{"type":"result","subtype":"success","session_id":"cursor-session-fresh-1","result":"ok"}' +`; +} + +function buildInstallSimulationCommand(commandPath: string, captureDir: string): string { + return [ + `mkdir -p ${JSON.stringify(path.dirname(commandPath))}`, + `mkdir -p ${JSON.stringify(captureDir)}`, + `cat > ${JSON.stringify(commandPath)} <<'EOF'`, + buildFakeAgentScript(captureDir), + "EOF", + `chmod +x ${JSON.stringify(commandPath)}`, + ].join("\n"); +} + +function createFreshLeaseSandboxRunner(options: { + homeDir: string; + installCommandPath: string; + captureDir: string; +}) { + let counter = 0; + const installCommands: string[] = []; + const systemPath = [ + "/usr/local/bin", + "/opt/homebrew/bin", + "/usr/local/sbin", + "/usr/bin", + "/bin", + "/usr/sbin", + "/sbin", + ].join(path.delimiter); + + return { + installCommands, + execute: async (input: { + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string; + timeoutMs?: number; + onLog?: (stream: "stdout" | "stderr", chunk: string) => Promise; + onSpawn?: (meta: { pid: number; startedAt: string }) => Promise; + }) => { + counter += 1; + const args = [...(input.args ?? [])]; + if (args[1] === SANDBOX_INSTALL_COMMAND) { + installCommands.push(args[1]); + args[1] = buildInstallSimulationCommand(options.installCommandPath, options.captureDir); + } + + const inheritedPath = input.env?.PATH ?? systemPath; + const pathWithLocalBin = `${path.join(options.homeDir, ".local", "bin")}${path.delimiter}${inheritedPath}`; + const env = { + ...(input.env ?? {}), + HOME: input.env?.HOME ?? options.homeDir, + PATH: pathWithLocalBin, + }; + + return await runChildProcess(`cursor-fresh-lease-${counter}`, input.command, args, { + cwd: input.cwd ?? process.cwd(), + env, + stdin: input.stdin, + timeoutSec: Math.max(1, Math.ceil((input.timeoutMs ?? 30_000) / 1000)), + graceSec: 5, + onLog: input.onLog ?? (async () => {}), + onSpawn: input.onSpawn + ? async (meta) => input.onSpawn?.({ pid: meta.pid, startedAt: meta.startedAt }) + : undefined, + }); + }, + }; +} + +describe("cursor execute", () => { + it("installs the default agent command on a fresh sandbox lease before execution", async () => { + setPrepareCursorSandboxCommand.mockReset(); + setPrepareCursorSandboxCommand.mockImplementation(async (input) => { + const actual = await vi.importActual("./remote-command.js"); + return actual.prepareCursorSandboxCommand(input); + }); + + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-cursor-fresh-lease-")); + const homeDir = path.join(root, "home"); + const workspace = path.join(root, "workspace"); + const remoteWorkspace = path.join(root, "remote-workspace"); + const captureDir = path.join(root, "capture"); + const agentPath = path.join(homeDir, ".local", "bin", "agent"); + await fs.mkdir(workspace, { recursive: true }); + await fs.mkdir(remoteWorkspace, { recursive: true }); + + const runner = createFreshLeaseSandboxRunner({ + homeDir, + installCommandPath: agentPath, + captureDir, + }); + + const previousHome = process.env.HOME; + process.env.HOME = homeDir; + + try { + const result = await execute({ + runId: "run-fresh-lease-1", + agent: { + id: "agent-1", + companyId: "company-1", + name: "Cursor Coder", + adapterType: "cursor", + adapterConfig: {}, + }, + runtime: { + sessionId: null, + sessionParams: null, + sessionDisplayId: null, + taskKey: null, + }, + executionTarget: { + kind: "remote", + transport: "sandbox", + remoteCwd: remoteWorkspace, + runner, + timeoutMs: 30_000, + }, + config: { + command: "agent", + cwd: workspace, + promptTemplate: "Follow the paperclip heartbeat.", + }, + context: {}, + authToken: "run-jwt-token", + onLog: async () => {}, + }); + + expect(result.exitCode).toBe(0); + expect(result.errorMessage).toBeNull(); + expect(runner.installCommands).toEqual([SANDBOX_INSTALL_COMMAND]); + + const command = await fs.readFile(path.join(captureDir, "command.txt"), "utf8"); + const runtimePath = await fs.readFile(path.join(captureDir, "path.txt"), "utf8"); + const prompt = await fs.readFile(path.join(captureDir, "prompt.txt"), "utf8"); + expect(command).toBe(agentPath); + expect(runtimePath.split(path.delimiter)).toContain(path.join(homeDir, ".local", "bin")); + expect(prompt).toContain("Follow the paperclip heartbeat."); + } finally { + if (previousHome === undefined) delete process.env.HOME; + else process.env.HOME = previousHome; + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("reruns sandbox command resolution after managed runtime setup and keeps the original sandbox home", async () => { + setPrepareCursorSandboxCommand.mockReset(); + const prepareInputs: PrepareCursorSandboxCommandInput[] = []; + let finalPreparedCommand: string | null = null; + + const rootDir = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-cursor-fresh-lease-managed-")); + const workspaceDir = path.join(rootDir, "workspace"); + const remoteWorkspace = path.join(rootDir, "remote-workspace"); + const systemHomeDir = path.join(rootDir, "system-home"); + const managedCaptureDir = path.join(rootDir, "managed-capture"); + await fs.mkdir(managedCaptureDir, { recursive: true }); + await fs.mkdir(workspaceDir, { recursive: true }); + await fs.mkdir(remoteWorkspace, { recursive: true }); + const preferredAgentScript = `#!/bin/sh +printf '%s\\n' '{"type":"system","subtype":"init","session_id":"cursor-session-fresh-1","model":"auto"}' +printf '%s\\n' '{"type":"assistant","message":{"content":[{"type":"output_text","text":"hello"}]}}' +printf '%s\\n' '{"type":"result","subtype":"success","session_id":"cursor-session-fresh-1","result":"ok"}' +`; + + setPrepareCursorSandboxCommand.mockImplementation(async (input) => { + const call = prepareInputs.length; + prepareInputs.push(input); + if (call === 0) { + return { + command: input.command, + env: input.env, + remoteSystemHomeDir: systemHomeDir, + addedPathEntry: null, + preferredCommandPath: null, + }; + } + + expect(input.remoteSystemHomeDirHint).toBe(systemHomeDir); + const preferredCommandPath = path.join(systemHomeDir, ".local", "bin", input.command); + finalPreparedCommand = preferredCommandPath; + const runtimeEnv = { + ...input.env, + PATH: `${path.join(systemHomeDir, ".local", "bin")}${path.delimiter}${input.env.PATH}`, + }; + await fs.mkdir(path.dirname(preferredCommandPath), { recursive: true }); + await fs.writeFile(preferredCommandPath, preferredAgentScript); + await fs.chmod(preferredCommandPath, 0o755); + await fs.writeFile(path.join(managedCaptureDir, "agent-output.log"), preferredCommandPath); + + return { + command: preferredCommandPath, + env: runtimeEnv, + remoteSystemHomeDir: systemHomeDir, + addedPathEntry: path.join(systemHomeDir, ".local", "bin"), + preferredCommandPath, + }; + }); + + const runnerState = { + commands: [] as string[], + }; + const runner = { + execute: async (input: { command: string; args?: string[]; env?: Record }) => { + runnerState.commands.push(input.command); + if (input.command === "sh") { + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: 555, + startedAt: new Date().toISOString(), + }; + } + + return runChildProcess(`cursor-fresh-lease-${runnerState.commands.length}`, input.command, input.args ?? [], { + cwd: remoteWorkspace, + env: input.env ?? {}, + timeoutSec: 30, + graceSec: 5, + onLog: async () => {}, + onSpawn: async () => {}, + }); + }, + }; + + const runMeta: Array<{ command?: string; [key: string]: unknown }> = []; + const previousHome = process.env.HOME; + process.env.HOME = systemHomeDir; + + try { + const command = "agent"; + const result = await execute({ + runId: "run-fresh-lease-managed", + agent: { + id: "agent-1", + companyId: "company-1", + name: "Cursor Coder", + adapterType: "cursor", + adapterConfig: {}, + }, + runtime: { + sessionId: null, + sessionParams: null, + sessionDisplayId: null, + taskKey: null, + }, + executionTarget: { + kind: "remote", + transport: "sandbox", + remoteCwd: remoteWorkspace, + providerKey: "fixture", + runner: runner, + timeoutMs: 30_000, + }, + config: { + command, + cwd: workspaceDir, + promptTemplate: "Run against runtime-managed command.", + }, + context: {}, + authToken: "run-jwt-token", + onLog: async () => {}, + onMeta: async (meta) => { + runMeta.push(meta as unknown as { command?: string; [key: string]: unknown }); + }, + }); + + expect(result.exitCode).toBe(0); + expect(prepareInputs).toHaveLength(2); + expect(finalPreparedCommand).not.toBeNull(); + expect(finalPreparedCommand).toMatch(/\.local\/(bin|sbin)\/agent$/); + const resolvedCommand = runMeta.find(Boolean)?.command as string | undefined; + expect(resolvedCommand).toMatch(/\.local\/bin\/agent$/); + expect(resolvedCommand).toContain(path.join(systemHomeDir, ".local", "bin", command)); + } finally { + if (previousHome === undefined) delete process.env.HOME; + else process.env.HOME = previousHome; + await fs.rm(rootDir, { recursive: true, force: true }); + } + }); +}); diff --git a/packages/adapters/cursor-local/src/server/execute.ts b/packages/adapters/cursor-local/src/server/execute.ts index 43de3644..800a499f 100644 --- a/packages/adapters/cursor-local/src/server/execute.ts +++ b/packages/adapters/cursor-local/src/server/execute.ts @@ -5,17 +5,19 @@ import { fileURLToPath } from "node:url"; import { inferOpenAiCompatibleBiller, type AdapterExecutionContext, type AdapterExecutionResult } from "@paperclipai/adapter-utils"; import { adapterExecutionTargetIsRemote, - adapterExecutionTargetPaperclipApiUrl, adapterExecutionTargetRemoteCwd, + overrideAdapterExecutionTargetRemoteCwd, adapterExecutionTargetSessionIdentity, adapterExecutionTargetSessionMatches, adapterExecutionTargetUsesManagedHome, adapterExecutionTargetUsesPaperclipBridge, describeAdapterExecutionTarget, ensureAdapterExecutionTargetCommandResolvable, + ensureAdapterExecutionTargetRuntimeCommandInstalled, prepareAdapterExecutionTargetRuntime, readAdapterExecutionTarget, readAdapterExecutionTargetHomeDir, + resolveAdapterExecutionTargetTimeoutSec, resolveAdapterExecutionTargetCommandForLogs, runAdapterExecutionTargetProcess, runAdapterExecutionTargetShellCommand, @@ -26,13 +28,14 @@ import { asNumber, asStringArray, parseObject, - applyPaperclipWorkspaceEnv, buildPaperclipEnv, buildInvocationEnvForLogs, ensureAbsoluteDirectory, ensurePaperclipSkillSymlink, ensurePathInEnv, + refreshPaperclipWorkspaceEnvForExecution, readPaperclipRuntimeSkillEntries, + readPaperclipIssueWorkModeFromContext, resolvePaperclipDesiredSkillNames, removeMaintainerOnlySkillSymlinks, renderTemplate, @@ -41,7 +44,7 @@ import { DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE, joinPromptSections, } from "@paperclipai/adapter-utils/server-utils"; -import { DEFAULT_CURSOR_LOCAL_MODEL } from "../index.js"; +import { DEFAULT_CURSOR_LOCAL_MODEL, SANDBOX_INSTALL_COMMAND } from "../index.js"; import { parseCursorJsonl, isCursorUnknownSessionError } from "./parse.js"; import { prepareCursorSandboxCommand } from "./remote-command.js"; import { normalizeCursorStreamLine } from "../shared/stream.js"; @@ -222,6 +225,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0; const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd; const cwd = effectiveWorkspaceCwd || configuredCwd || process.cwd(); + let effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); await ensureAbsoluteDirectory(cwd, { createIfMissing: true }); const cursorSkillEntries = await readPaperclipRuntimeSkillEntries(config, __moduleDir); const desiredCursorSkillNames = resolvePaperclipDesiredSkillNames(config, cursorSkillEntries); @@ -260,9 +264,13 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof value === "string" && value.trim().length > 0) : []; const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); if (wakeTaskId) { env.PAPERCLIP_TASK_ID = wakeTaskId; } + if (issueWorkMode) { + env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; + } if (wakeReason) { env.PAPERCLIP_WAKE_REASON = wakeReason; } @@ -281,33 +289,43 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0) { - env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(workspaceHints); - } - const targetPaperclipApiUrl = adapterExecutionTargetPaperclipApiUrl(executionTarget); - if (targetPaperclipApiUrl) { - env.PAPERCLIP_API_URL = targetPaperclipApiUrl; - } - for (const [k, v] of Object.entries(envConfig)) { - if (typeof v === "string") env[k] = v; - } if (!hasExplicitApiKey && authToken) { env.PAPERCLIP_API_KEY = authToken; } - const timeoutSec = asNumber(config.timeoutSec, 0); + const timeoutSec = resolveAdapterExecutionTargetTimeoutSec( + executionTarget, + asNumber(config.timeoutSec, 0), + ); const graceSec = asNumber(config.graceSec, 20); - // Probe the sandbox before the managed-home override so we discover - // cursor-agent from the real system HOME (e.g. ~/.local/bin/cursor-agent). - // The managed HOME set later is for runtime isolation, not for finding the CLI. - const sandboxCommand = await prepareCursorSandboxCommand({ + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId, + target: executionTarget, + installCommand: ctx.runtimeCommandSpec?.installCommand, + detectCommand: ctx.runtimeCommandSpec?.detectCommand, + cwd, + env, + timeoutSec, + graceSec, + onLog, + }); + // Probe the sandbox before the managed-home override so we discover the + // installer-managed agent symlinks from the real system HOME (for example + // ~/.local/bin/agent). The managed HOME set later is for runtime isolation, + // not for finding the CLI. + const initialSandboxCommand = await prepareCursorSandboxCommand({ runId, target: executionTarget, command, @@ -316,22 +334,9 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof entry[1] === "string", - ), - ); - const billingType = resolveCursorBillingType(effectiveEnv); - const runtimeEnv = ensurePathInEnv(effectiveEnv); - await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv); - const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs(command, executionTarget, cwd, runtimeEnv); - let loggedEnv = buildInvocationEnvForLogs(env, { - runtimeEnv, - includeRuntimeKeys: ["HOME"], - resolvedCommand, - }); + const sandboxSystemHomeDir = initialSandboxCommand.remoteSystemHomeDir; + command = initialSandboxCommand.command; + env = initialSandboxCommand.env; const extraArgs = (() => { const fromExtraArgs = asStringArray(config.extraArgs); @@ -339,7 +344,6 @@ export async function execute(ctx: AdapterExecutionContext): Promise Promise) | null = null; let localSkillsDir: string | null = null; let remoteRuntimeRootDir: string | null = null; @@ -353,9 +357,13 @@ export async function execute(ctx: AdapterExecutionContext): Promise preparedExecutionTargetRuntime.restoreWorkspace(); + effectiveExecutionCwd = preparedExecutionTargetRuntime.workspaceRemoteDir ?? effectiveExecutionCwd; + refreshPaperclipWorkspaceEnvForExecution({ + env, + envConfig, + workspaceCwd: effectiveWorkspaceCwd, + workspaceSource, + workspaceId, + workspaceRepoUrl, + workspaceRepoRef, + workspaceHints, + agentHome, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, + }); remoteRuntimeRootDir = preparedExecutionTargetRuntime.runtimeRootDir; const managedHome = adapterExecutionTargetUsesManagedHome(executionTarget); if (managedHome && preparedExecutionTargetRuntime.runtimeRootDir) { @@ -394,12 +416,47 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof entry[1] === "string", + ), + ); + const billingType = resolveCursorBillingType(effectiveEnv); + const runtimeEnv = ensurePathInEnv(effectiveEnv); + await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv, { + installCommand: SANDBOX_INSTALL_COMMAND, + timeoutSec, + }); + const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs(command, executionTarget, cwd, runtimeEnv); + let loggedEnv = buildInvocationEnvForLogs(env, { + runtimeEnv, + includeRuntimeKeys: ["HOME"], + resolvedCommand, + }); + if (executionTargetIsRemote && adapterExecutionTargetUsesPaperclipBridge(runtimeExecutionTarget)) { + paperclipBridge = await startAdapterExecutionTargetPaperclipBridge({ + runId, + target: runtimeExecutionTarget, runtimeRootDir: remoteRuntimeRootDir, adapterKey: "cursor", + timeoutSec, hostApiToken: env.PAPERCLIP_API_KEY, onLog, }); @@ -420,7 +477,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0 && (runtimeSessionCwd.length === 0 || path.resolve(runtimeSessionCwd) === path.resolve(effectiveExecutionCwd)) && - adapterExecutionTargetSessionMatches(runtimeRemoteExecution, executionTarget); + adapterExecutionTargetSessionMatches(runtimeRemoteExecution, runtimeExecutionTarget); const sessionId = canResumeSession ? runtimeSessionId : null; if (executionTargetIsRemote && runtimeSessionId && !canResumeSession) { await onLog( @@ -460,11 +517,14 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0) { @@ -567,7 +627,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise) diff --git a/packages/adapters/cursor-local/src/server/remote-command.test.ts b/packages/adapters/cursor-local/src/server/remote-command.test.ts new file mode 100644 index 00000000..f3885fac --- /dev/null +++ b/packages/adapters/cursor-local/src/server/remote-command.test.ts @@ -0,0 +1,137 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { describe, expect, it } from "vitest"; +import { runChildProcess } from "@paperclipai/adapter-utils/server-utils"; +import { prepareCursorSandboxCommand } from "./remote-command.js"; + +function createLocalSandboxRunner() { + let counter = 0; + return { + execute: async (input: { + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string; + timeoutMs?: number; + onLog?: (stream: "stdout" | "stderr", chunk: string) => Promise; + onSpawn?: (meta: { pid: number; startedAt: string }) => Promise; + }) => { + counter += 1; + return await runChildProcess(`cursor-remote-command-${counter}`, input.command, input.args ?? [], { + cwd: input.cwd ?? process.cwd(), + env: input.env ?? {}, + stdin: input.stdin, + timeoutSec: Math.max(1, Math.ceil((input.timeoutMs ?? 30_000) / 1000)), + graceSec: 5, + onLog: input.onLog ?? (async () => {}), + onSpawn: input.onSpawn + ? async (meta) => input.onSpawn?.({ pid: meta.pid, startedAt: meta.startedAt }) + : undefined, + }); + }, + }; +} + +async function writeFakeAgent(commandPath: string): Promise { + const script = `#!/bin/sh +printf '%s\\n' ok +`; + await fs.mkdir(path.dirname(commandPath), { recursive: true }); + await fs.writeFile(commandPath, script, "utf8"); + await fs.chmod(commandPath, 0o755); +} + +describe("prepareCursorSandboxCommand", () => { + it("prefers the Cursor installer bin directory when the default agent entrypoint is installed there", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-cursor-remote-command-cursor-bin-")); + const systemHomeDir = path.join(root, "system-home"); + const managedHomeDir = path.join(root, "managed-home"); + const remoteWorkspace = path.join(root, "workspace"); + const cursorAgentPath = path.join(systemHomeDir, ".cursor", "bin", "agent"); + await fs.mkdir(remoteWorkspace, { recursive: true }); + await writeFakeAgent(cursorAgentPath); + + try { + const result = await prepareCursorSandboxCommand({ + runId: "run-remote-command-cursor-bin", + target: { + kind: "remote", + transport: "sandbox", + shellCommand: "bash", + remoteCwd: remoteWorkspace, + runner: createLocalSandboxRunner(), + timeoutMs: 30_000, + }, + command: "agent", + cwd: remoteWorkspace, + env: { + HOME: managedHomeDir, + PATH: "/usr/bin:/bin", + }, + remoteSystemHomeDirHint: systemHomeDir, + timeoutSec: 30, + graceSec: 5, + }); + + expect(result.command).toBe(cursorAgentPath); + expect(result.preferredCommandPath).toBe(cursorAgentPath); + expect(result.remoteSystemHomeDir).toBe(systemHomeDir); + expect(result.addedPathEntry).toBe(path.join(systemHomeDir, ".local", "bin")); + expect(result.env.PATH?.split(":").slice(0, 2)).toEqual([ + path.join(systemHomeDir, ".local", "bin"), + path.join(systemHomeDir, ".cursor", "bin"), + ]); + expect(result.env.PATH).not.toContain(path.join(managedHomeDir, ".cursor", "bin")); + expect(result.env.PATH).not.toContain(path.join(managedHomeDir, ".local", "bin")); + } finally { + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("keeps probing the original sandbox home after managed HOME overrides", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-cursor-remote-command-")); + const systemHomeDir = path.join(root, "system-home"); + const managedHomeDir = path.join(root, "managed-home"); + const remoteWorkspace = path.join(root, "workspace"); + const systemAgentPath = path.join(systemHomeDir, ".local", "bin", "agent"); + await fs.mkdir(remoteWorkspace, { recursive: true }); + await writeFakeAgent(systemAgentPath); + + try { + const result = await prepareCursorSandboxCommand({ + runId: "run-remote-command-1", + target: { + kind: "remote", + transport: "sandbox", + shellCommand: "bash", + remoteCwd: remoteWorkspace, + runner: createLocalSandboxRunner(), + timeoutMs: 30_000, + }, + command: "agent", + cwd: remoteWorkspace, + env: { + HOME: managedHomeDir, + PATH: "/usr/bin:/bin", + }, + remoteSystemHomeDirHint: systemHomeDir, + timeoutSec: 30, + graceSec: 5, + }); + + expect(result.command).toBe(systemAgentPath); + expect(result.preferredCommandPath).toBe(systemAgentPath); + expect(result.remoteSystemHomeDir).toBe(systemHomeDir); + expect(result.addedPathEntry).toBe(path.join(systemHomeDir, ".local", "bin")); + expect(result.env.PATH?.split(":").slice(0, 2)).toEqual([ + path.join(systemHomeDir, ".local", "bin"), + path.join(systemHomeDir, ".cursor", "bin"), + ]); + expect(result.env.PATH).not.toContain(path.join(managedHomeDir, ".local", "bin")); + } finally { + await fs.rm(root, { recursive: true, force: true }); + } + }); +}); diff --git a/packages/adapters/cursor-local/src/server/remote-command.ts b/packages/adapters/cursor-local/src/server/remote-command.ts index 1edd6df0..95a958bc 100644 --- a/packages/adapters/cursor-local/src/server/remote-command.ts +++ b/packages/adapters/cursor-local/src/server/remote-command.ts @@ -6,6 +6,14 @@ import { import { ensurePathInEnv } from "@paperclipai/adapter-utils/server-utils"; const DEFAULT_CURSOR_COMMAND_BASENAMES = new Set(["agent", "cursor-agent"]); +// `.local/bin` first because the official Cursor Agent installer drops the +// binary there; `.cursor/bin` is a secondary location used by some older +// installs. The order also defines the prepended `PATH` order surfaced to the +// adapter. +const CURSOR_SANDBOX_BIN_DIRS = [ + path.posix.join(".local", "bin"), + path.posix.join(".cursor", "bin"), +]; function commandBasename(command: string): string { return command.trim().split(/[\\/]/).pop()?.toLowerCase() ?? ""; @@ -22,6 +30,32 @@ function prependPosixPathEntry(pathValue: string, entry: string): string { return cleaned.length > 0 ? `${entry}:${cleaned}` : entry; } +function prependPosixPathEntries(pathValue: string, entries: string[]): string { + return entries.reduceRight((value, entry) => prependPosixPathEntry(value, entry), pathValue); +} + +function preferredSandboxCommandBasenames(command: string): string[] { + const basename = commandBasename(command); + if (!DEFAULT_CURSOR_COMMAND_BASENAMES.has(basename)) return []; + return basename === "cursor-agent" + ? ["cursor-agent", "agent"] + : ["agent", "cursor-agent"]; +} + +function candidateSandboxCommandPaths(homeDir: string, basenames: string[]): string[] { + // Iterate dirs first, then basenames within each dir, so directory + // preference (CURSOR_SANDBOX_BIN_DIRS order) wins over basename + // preference. Both basenames inside `.local/bin` are checked before + // falling through to `.cursor/bin`. + return CURSOR_SANDBOX_BIN_DIRS.flatMap((relativeDir) => + basenames.map((basename) => path.posix.join(homeDir, relativeDir, basename)) + ); +} + +function candidateSandboxPathEntries(homeDir: string): string[] { + return CURSOR_SANDBOX_BIN_DIRS.map((relativeDir) => path.posix.join(homeDir, relativeDir)); +} + type SandboxCursorRuntimeInfo = { remoteSystemHomeDir: string | null; preferredCommandPath: string | null; @@ -40,20 +74,60 @@ async function readSandboxCursorRuntimeInfo(input: { command: string; cwd: string; env: Record; + remoteSystemHomeDirHint?: string | null; timeoutSec: number; graceSec: number; }): Promise { - const shouldCheckPreferredCommand = isDefaultCursorCommand(input.command) && !hasPathSeparator(input.command); + const preferredBasenames = + !hasPathSeparator(input.command) + ? preferredSandboxCommandBasenames(input.command) + : []; + const hintedRemoteSystemHomeDir = input.remoteSystemHomeDirHint?.trim() || null; const homeMarker = "__PAPERCLIP_CURSOR_HOME__:"; const preferredMarker = "__PAPERCLIP_CURSOR_AGENT__:"; try { + // When the caller has already resolved the remote `$HOME`, probe absolute + // paths so the shell doesn't depend on its own environment to interpret + // `$HOME`. Without a hint we still probe `$HOME/...` literally — this is + // how the sandbox finds a user-prefixed install before falling back to a + // PATH lookup. Skipping the `$HOME` probes here was the regression behind + // server tests `cursor-local-adapter-environment.test.ts` and + // `cursor-local-execute.test.ts` failing on a host whose own `agent` + // command resolves via PATH. + const fixedCandidatePaths = + preferredBasenames.length > 0 + ? hintedRemoteSystemHomeDir + ? candidateSandboxCommandPaths(hintedRemoteSystemHomeDir, preferredBasenames) + : preferredBasenames.flatMap((basename) => + CURSOR_SANDBOX_BIN_DIRS.map((relativeDir) => + `$HOME/${relativeDir}/${basename}`, + ), + ) + : []; + const preferredProbeBranches = [ + ...fixedCandidatePaths.map( + (fixedPath) => + `[ -x ${JSON.stringify(fixedPath)} ] && printf ${JSON.stringify(`${preferredMarker}%s\\n`)} ${JSON.stringify(fixedPath)}`, + ), + ...preferredBasenames.map( + (basename) => + `resolved="$(command -v ${JSON.stringify(basename)} 2>/dev/null)" && [ -n "$resolved" ] && printf ${JSON.stringify(`${preferredMarker}%s\\n`)} "$resolved"`, + ), + ]; const result = await runAdapterExecutionTargetShellCommand( input.runId, input.target, [ - `printf ${JSON.stringify(`${homeMarker}%s\\n`)} "$HOME"`, - shouldCheckPreferredCommand - ? `if [ -x "$HOME/.local/bin/cursor-agent" ]; then printf ${JSON.stringify(`${preferredMarker}%s\\n`)} "$HOME/.local/bin/cursor-agent"; fi` + hintedRemoteSystemHomeDir + ? `printf ${JSON.stringify(`${homeMarker}%s\\n`)} ${JSON.stringify(hintedRemoteSystemHomeDir)}` + : `printf ${JSON.stringify(`${homeMarker}%s\\n`)} "$HOME"`, + preferredProbeBranches.length > 0 + ? preferredProbeBranches + .map((probeBranch, index) => { + const branchKeyword = index === 0 ? "if" : "elif"; + return `${branchKeyword} ${probeBranch}; then :`; + }) + .join("; ") + "; fi; :" : "", ].filter(Boolean).join("; "), { @@ -100,6 +174,7 @@ export async function prepareCursorSandboxCommand(input: { command: string; cwd: string; env: Record; + remoteSystemHomeDirHint?: string | null; timeoutSec: number; graceSec: number; }): Promise { @@ -119,10 +194,12 @@ export async function prepareCursorSandboxCommand(input: { command: input.command, cwd: input.cwd, env: input.env, + remoteSystemHomeDirHint: input.remoteSystemHomeDirHint, timeoutSec: input.timeoutSec, graceSec: input.graceSec, }); - const remoteSystemHomeDir = runtimeInfo.remoteSystemHomeDir; + const remoteSystemHomeDir = + runtimeInfo.remoteSystemHomeDir ?? input.remoteSystemHomeDirHint?.trim() ?? null; if (!remoteSystemHomeDir) { return { @@ -134,18 +211,19 @@ export async function prepareCursorSandboxCommand(input: { }; } - const remoteLocalBinDir = path.posix.join(remoteSystemHomeDir, ".local", "bin"); + const sandboxPathEntries = candidateSandboxPathEntries(remoteSystemHomeDir); const runtimeEnv = ensurePathInEnv(input.env); const currentPath = runtimeEnv.PATH ?? runtimeEnv.Path ?? ""; - const nextPath = prependPosixPathEntry(currentPath, remoteLocalBinDir); + const nextPath = prependPosixPathEntries(currentPath, sandboxPathEntries); const env = nextPath === currentPath ? input.env : { ...input.env, PATH: nextPath }; + const addedPathEntry = nextPath === currentPath ? null : sandboxPathEntries[0]; if (!runtimeInfo.preferredCommandPath) { return { command: input.command, env, remoteSystemHomeDir, - addedPathEntry: nextPath === currentPath ? null : remoteLocalBinDir, + addedPathEntry, preferredCommandPath: null, }; } @@ -154,7 +232,7 @@ export async function prepareCursorSandboxCommand(input: { command: runtimeInfo.preferredCommandPath, env, remoteSystemHomeDir, - addedPathEntry: nextPath === currentPath ? null : remoteLocalBinDir, + addedPathEntry, preferredCommandPath: runtimeInfo.preferredCommandPath, }; } diff --git a/packages/adapters/cursor-local/src/server/test.test.ts b/packages/adapters/cursor-local/src/server/test.test.ts new file mode 100644 index 00000000..72b3f9ed --- /dev/null +++ b/packages/adapters/cursor-local/src/server/test.test.ts @@ -0,0 +1,132 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import { describe, expect, it } from "vitest"; +import { runChildProcess } from "@paperclipai/adapter-utils/server-utils"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; +import { testEnvironment } from "./test.js"; + +function buildFakeAgentScript(): string { + return `#!/bin/sh +if [ "$1" = "--version" ]; then + printf '%s\\n' 'Cursor Agent 1.2.3' + exit 0 +fi +printf '%s\\n' '{"type":"system","subtype":"init","session_id":"cursor-session-envtest-1","model":"auto"}' +printf '%s\\n' '{"type":"assistant","message":{"content":[{"type":"output_text","text":"hello"}]}}' +printf '%s\\n' '{"type":"result","subtype":"success","session_id":"cursor-session-envtest-1","result":"ok"}' +`; +} + +function buildInstallSimulationCommand(commandPath: string): string { + return [ + `mkdir -p ${JSON.stringify(path.dirname(commandPath))}`, + `cat > ${JSON.stringify(commandPath)} <<'EOF'`, + buildFakeAgentScript(), + "EOF", + `chmod +x ${JSON.stringify(commandPath)}`, + ].join("\n"); +} + +function createSandboxRunner(options: { homeDir: string; installCommandPath: string }) { + let counter = 0; + const installCommands: string[] = []; + const systemPath = "/usr/bin:/bin"; + return { + installCommands, + execute: async (input: { + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string; + timeoutMs?: number; + onLog?: (stream: "stdout" | "stderr", chunk: string) => Promise; + onSpawn?: (meta: { pid: number; startedAt: string }) => Promise; + }) => { + counter += 1; + const args = [...(input.args ?? [])]; + if (args[1] === SANDBOX_INSTALL_COMMAND) { + installCommands.push(args[1]); + args[1] = buildInstallSimulationCommand(options.installCommandPath); + } + return await runChildProcess(`cursor-envtest-runner-${counter}`, input.command, args, { + cwd: input.cwd ?? process.cwd(), + env: { + ...(input.env ?? {}), + HOME: input.env?.HOME ?? options.homeDir, + PATH: input.env?.PATH ?? systemPath, + }, + stdin: input.stdin, + timeoutSec: Math.max(1, Math.ceil((input.timeoutMs ?? 30_000) / 1000)), + graceSec: 5, + onLog: input.onLog ?? (async () => {}), + onSpawn: input.onSpawn + ? async (meta) => input.onSpawn?.({ pid: meta.pid, startedAt: meta.startedAt }) + : undefined, + }); + }, + }; +} + +describe("cursor testEnvironment", () => { + it("re-resolves the installed agent under ~/.cursor/bin and verifies --version before the hello probe", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-cursor-envtest-")); + const homeDir = path.join(root, "home"); + const workspace = path.join(root, "workspace"); + const remoteWorkspace = path.join(root, "remote-workspace"); + const agentPath = path.join(homeDir, ".cursor", "bin", "agent"); + await fs.mkdir(workspace, { recursive: true }); + await fs.mkdir(remoteWorkspace, { recursive: true }); + + const runner = createSandboxRunner({ + homeDir, + installCommandPath: agentPath, + }); + + try { + const result = await testEnvironment({ + companyId: "company-1", + adapterType: "cursor", + config: { + command: "agent", + cwd: workspace, + env: { + PATH: "/usr/bin:/bin", + }, + }, + executionTarget: { + kind: "remote", + transport: "sandbox", + shellCommand: "bash", + remoteCwd: remoteWorkspace, + runner, + timeoutMs: 30_000, + }, + }); + + expect(result.status).toBe("pass"); + expect(runner.installCommands).toEqual([SANDBOX_INSTALL_COMMAND]); + expect(result.checks).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + code: "cursor_command_resolvable", + level: "info", + message: `Command is executable: ${agentPath}`, + }), + expect.objectContaining({ + code: "cursor_version_probe_passed", + level: "info", + detail: "Cursor Agent 1.2.3", + }), + expect.objectContaining({ + code: "cursor_hello_probe_passed", + level: "info", + }), + ]), + ); + } finally { + await fs.rm(root, { recursive: true, force: true }); + } + }); +}); diff --git a/packages/adapters/cursor-local/src/server/test.ts b/packages/adapters/cursor-local/src/server/test.ts index 0ba5ee67..cc2c2916 100644 --- a/packages/adapters/cursor-local/src/server/test.ts +++ b/packages/adapters/cursor-local/src/server/test.ts @@ -12,6 +12,7 @@ import { import { ensureAdapterExecutionTargetCommandResolvable, ensureAdapterExecutionTargetDirectory, + maybeRunSandboxInstallCommand, runAdapterExecutionTargetProcess, describeAdapterExecutionTarget, resolveAdapterExecutionTargetCwd, @@ -19,7 +20,7 @@ import { import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; -import { DEFAULT_CURSOR_LOCAL_MODEL } from "../index.js"; +import { DEFAULT_CURSOR_LOCAL_MODEL, SANDBOX_INSTALL_COMMAND } from "../index.js"; import { parseCursorJsonl } from "./parse.js"; import { isDefaultCursorCommand, prepareCursorSandboxCommand } from "./remote-command.js"; import { hasCursorTrustBypassArg } from "../shared/trust.js"; @@ -147,6 +148,27 @@ export async function testEnvironment( }); command = sandboxCommand.command; env = sandboxCommand.env; + const installCheck = await maybeRunSandboxInstallCommand({ + runId, + target, + adapterKey: "cursor", + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, + env, + }); + if (installCheck) checks.push(installCheck); + const finalSandboxCommand = await prepareCursorSandboxCommand({ + runId, + target, + command, + cwd, + env, + remoteSystemHomeDirHint: sandboxCommand.remoteSystemHomeDir, + timeoutSec: 45, + graceSec: 5, + }); + command = finalSandboxCommand.command; + env = finalSandboxCommand.env; const runtimeEnv = ensurePathInEnv({ ...process.env, ...env }); try { await ensureAdapterExecutionTargetCommandResolvable(command, target, cwd, runtimeEnv); @@ -208,6 +230,58 @@ export async function testEnvironment( hint: "Use `agent` or `cursor-agent` to run the automatic installation and auth probe.", }); } else { + const versionProbe = await runAdapterExecutionTargetProcess( + runId, + target, + command, + ["--version"], + { + cwd, + env, + timeoutSec: 45, + graceSec: 5, + onLog: async () => {}, + }, + ); + const versionDetail = summarizeProbeDetail(versionProbe.stdout, versionProbe.stderr, null); + if (versionProbe.timedOut) { + checks.push({ + code: "cursor_version_probe_timed_out", + level: "error", + message: "Cursor version probe timed out.", + hint: "Run `agent --version` manually in this working directory to confirm the installed CLI is reachable non-interactively.", + }); + } else if ((versionProbe.exitCode ?? 1) === 0) { + checks.push({ + code: "cursor_version_probe_passed", + level: "info", + message: "Cursor version probe succeeded.", + ...(versionDetail ? { detail: versionDetail } : {}), + }); + } else { + checks.push({ + code: "cursor_version_probe_failed", + level: "error", + message: "Cursor version probe failed.", + ...(versionDetail ? { detail: versionDetail } : {}), + hint: "Run `agent --version` manually in this working directory to confirm the installed CLI is reachable non-interactively.", + }); + } + + const canRunHelloProbe = checks.every( + (check) => + check.code !== "cursor_version_probe_failed" && + check.code !== "cursor_version_probe_timed_out", + ); + if (!canRunHelloProbe) { + return { + adapterType: ctx.adapterType, + status: summarizeStatus(checks), + checks, + testedAt: new Date().toISOString(), + }; + } + const model = asString(config.model, DEFAULT_CURSOR_LOCAL_MODEL).trim(); const extraArgs = (() => { const fromExtraArgs = asStringArray(config.extraArgs); diff --git a/packages/adapters/gemini-local/src/cli/format-event.ts b/packages/adapters/gemini-local/src/cli/format-event.ts index 48611f02..ce0b66c8 100644 --- a/packages/adapters/gemini-local/src/cli/format-event.ts +++ b/packages/adapters/gemini-local/src/cli/format-event.ts @@ -93,14 +93,14 @@ function printTextMessage(prefix: string, colorize: (text: string) => string, me } function printUsage(parsed: Record) { - const usage = asRecord(parsed.usage) ?? asRecord(parsed.usageMetadata); + const usage = asRecord(parsed.usage) ?? asRecord(parsed.usageMetadata) ?? asRecord(parsed.stats); const usageMetadata = asRecord(usage?.usageMetadata); const source = usageMetadata ?? usage ?? {}; const input = asNumber(source.input_tokens, asNumber(source.inputTokens, asNumber(source.promptTokenCount))); const output = asNumber(source.output_tokens, asNumber(source.outputTokens, asNumber(source.candidatesTokenCount))); const cached = asNumber( source.cached_input_tokens, - asNumber(source.cachedInputTokens, asNumber(source.cachedContentTokenCount)), + asNumber(source.cachedInputTokens, asNumber(source.cachedContentTokenCount, asNumber(source.cached))), ); const cost = asNumber(parsed.total_cost_usd, asNumber(parsed.cost_usd, asNumber(parsed.cost))); console.log(pc.blue(`tokens: in=${input} out=${output} cached=${cached} cost=$${cost.toFixed(6)}`)); @@ -154,6 +154,21 @@ export function printGeminiStreamEvent(raw: string, _debug: boolean): void { return; } + // Gemini CLI v0.38+ stream-json schema: + // {"type":"message","role":"assistant"|"user","content":"...","delta":?true} + if (type === "message") { + const role = asString(parsed.role).trim().toLowerCase(); + if (role === "assistant") { + printTextMessage("assistant", pc.green, parsed.content); + return; + } + if (role === "user") { + printTextMessage("user", pc.gray, parsed.content); + return; + } + return; + } + if (type === "thinking") { const text = asString(parsed.text).trim() || asString(asRecord(parsed.delta)?.text).trim(); if (text) console.log(pc.gray(`thinking: ${text}`)); @@ -190,11 +205,17 @@ export function printGeminiStreamEvent(raw: string, _debug: boolean): void { if (type === "result") { printUsage(parsed); - const subtype = asString(parsed.subtype, "result"); - const isError = parsed.is_error === true; + const status = asString(parsed.status).toLowerCase(); + const isError = + parsed.is_error === true || status === "error" || status === "failed"; + const subtype = asString(parsed.subtype, status || "result"); if (subtype || isError) { console.log((isError ? pc.red : pc.blue)(`result: subtype=${subtype} is_error=${isError ? "true" : "false"}`)); } + if (isError) { + const text = errorText(parsed.error ?? parsed.message ?? parsed.result); + if (text) console.log(pc.red(`error: ${text}`)); + } return; } diff --git a/packages/adapters/gemini-local/src/index.ts b/packages/adapters/gemini-local/src/index.ts index 0e7dcbf4..68ca627d 100644 --- a/packages/adapters/gemini-local/src/index.ts +++ b/packages/adapters/gemini-local/src/index.ts @@ -3,6 +3,8 @@ import type { AdapterModelProfileDefinition } from "@paperclipai/adapter-utils"; export const type = "gemini_local"; export const label = "Gemini CLI (local)"; +export const SANDBOX_INSTALL_COMMAND = "npm install -g @google/gemini-cli"; + export const DEFAULT_GEMINI_LOCAL_MODEL = "auto"; export const models = [ diff --git a/packages/adapters/gemini-local/src/server/execute.remote.test.ts b/packages/adapters/gemini-local/src/server/execute.remote.test.ts index 4c97e915..2e266603 100644 --- a/packages/adapters/gemini-local/src/server/execute.remote.test.ts +++ b/packages/adapters/gemini-local/src/server/execute.remote.test.ts @@ -11,6 +11,7 @@ const { restoreWorkspaceFromSshExecution, runSshCommand, syncDirectoryToSsh, + startAdapterExecutionTargetPaperclipBridge, } = vi.hoisted(() => ({ runChildProcess: vi.fn(async () => ({ exitCode: 0, @@ -18,13 +19,12 @@ const { timedOut: false, stdout: [ JSON.stringify({ type: "system", subtype: "init", session_id: "gemini-session-1", model: "gemini-2.5-pro" }), - JSON.stringify({ type: "assistant", message: { content: [{ type: "output_text", text: "hello" }] } }), + JSON.stringify({ type: "message", role: "assistant", content: "hello" }), JSON.stringify({ type: "result", - subtype: "success", + status: "success", session_id: "gemini-session-1", - usage: { promptTokenCount: 1, cachedContentTokenCount: 0, candidatesTokenCount: 1 }, - result: "hello", + stats: { input_tokens: 1, cached_input_tokens: 0, output_tokens: 1 }, }), ].join("\n"), stderr: "", @@ -33,7 +33,7 @@ const { })), ensureCommandResolvable: vi.fn(async () => undefined), resolveCommandForLogs: vi.fn(async () => "ssh://fixture@127.0.0.1:2222/remote/workspace :: gemini"), - prepareWorkspaceForSshExecution: vi.fn(async () => undefined), + prepareWorkspaceForSshExecution: vi.fn(async () => ({ gitBacked: false })), restoreWorkspaceFromSshExecution: vi.fn(async () => undefined), runSshCommand: vi.fn(async () => ({ stdout: "/home/agent", @@ -41,6 +41,14 @@ const { exitCode: 0, })), syncDirectoryToSsh: vi.fn(async () => undefined), + startAdapterExecutionTargetPaperclipBridge: vi.fn(async () => ({ + env: { + PAPERCLIP_API_URL: "http://127.0.0.1:4310", + PAPERCLIP_API_KEY: "bridge-token", + PAPERCLIP_API_BRIDGE_MODE: "queue_v1", + }, + stop: async () => {}, + })), })); vi.mock("@paperclipai/adapter-utils/server-utils", async () => { @@ -68,6 +76,16 @@ vi.mock("@paperclipai/adapter-utils/ssh", async () => { }; }); +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + startAdapterExecutionTargetPaperclipBridge, + }; +}); + import { execute } from "./execute.js"; describe("gemini remote execution", () => { @@ -86,7 +104,10 @@ describe("gemini remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-gemini-remote-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const alternateWorkspaceDir = path.join(rootDir, "workspace-other"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-1/workspace"; await mkdir(workspaceDir, { recursive: true }); + await mkdir(alternateWorkspaceDir, { recursive: true }); const result = await execute({ runId: "run-1", @@ -111,6 +132,20 @@ describe("gemini remote execution", () => { cwd: workspaceDir, source: "project_primary", }, + paperclipWorkspaces: [ + { + workspaceId: "workspace-1", + cwd: workspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + cwd: alternateWorkspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ], }, executionTransport: { remoteExecution: { @@ -122,7 +157,6 @@ describe("gemini remote execution", () => { privateKey: "PRIVATE KEY", knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", strictHostKeyChecking: true, - paperclipApiUrl: "http://198.51.100.10:3102", }, }, onLog: async () => {}, @@ -130,20 +164,19 @@ describe("gemini remote execution", () => { expect(result.sessionParams).toMatchObject({ sessionId: "gemini-session-1", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", - paperclipApiUrl: "http://198.51.100.10:3102", + remoteCwd: managedRemoteWorkspace, }, }); expect(prepareWorkspaceForSshExecution).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledWith(expect.objectContaining({ - remoteDir: "/remote/workspace/.paperclip-runtime/gemini/skills", + remoteDir: `${managedRemoteWorkspace}/.paperclip-runtime/gemini/skills`, followSymlinks: true, })); expect(runSshCommand).toHaveBeenCalledWith( @@ -154,8 +187,25 @@ describe("gemini remote execution", () => { const call = runChildProcess.mock.calls[0] as unknown as | [string, string, string[], { env: Record; remoteExecution?: { remoteCwd: string } | null }] | undefined; - expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://198.51.100.10:3102"); - expect(call?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + expect(call?.[3].env.PAPERCLIP_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(JSON.parse(call?.[3].env.PAPERCLIP_WORKSPACES_JSON ?? "[]")).toEqual([ + { + workspaceId: "workspace-1", + cwd: managedRemoteWorkspace, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ]); + expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://127.0.0.1:4310"); + expect(call?.[3].env.PAPERCLIP_API_BRIDGE_MODE).toBe("queue_v1"); + expect(call?.[3].env.GEMINI_CLI_TRUST_WORKSPACE).toBe("true"); + expect(call?.[3].remoteExecution?.remoteCwd).toBe(managedRemoteWorkspace); + expect(startAdapterExecutionTargetPaperclipBridge).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledTimes(1); }); @@ -163,6 +213,7 @@ describe("gemini remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-gemini-remote-resume-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-ssh-resume/workspace"; await mkdir(workspaceDir, { recursive: true }); await execute({ @@ -178,13 +229,13 @@ describe("gemini remote execution", () => { sessionId: "session-123", sessionParams: { sessionId: "session-123", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", + remoteCwd: managedRemoteWorkspace, }, }, sessionDisplayId: "session-123", diff --git a/packages/adapters/gemini-local/src/server/execute.ts b/packages/adapters/gemini-local/src/server/execute.ts index 026da5fa..df20937e 100644 --- a/packages/adapters/gemini-local/src/server/execute.ts +++ b/packages/adapters/gemini-local/src/server/execute.ts @@ -6,17 +6,19 @@ import { fileURLToPath } from "node:url"; import type { AdapterExecutionContext, AdapterExecutionResult } from "@paperclipai/adapter-utils"; import { adapterExecutionTargetIsRemote, - adapterExecutionTargetPaperclipApiUrl, adapterExecutionTargetRemoteCwd, + overrideAdapterExecutionTargetRemoteCwd, adapterExecutionTargetSessionIdentity, adapterExecutionTargetSessionMatches, adapterExecutionTargetUsesManagedHome, adapterExecutionTargetUsesPaperclipBridge, describeAdapterExecutionTarget, ensureAdapterExecutionTargetCommandResolvable, + ensureAdapterExecutionTargetRuntimeCommandInstalled, prepareAdapterExecutionTargetRuntime, readAdapterExecutionTarget, readAdapterExecutionTargetHomeDir, + resolveAdapterExecutionTargetTimeoutSec, resolveAdapterExecutionTargetCommandForLogs, runAdapterExecutionTargetProcess, runAdapterExecutionTargetShellCommand, @@ -27,14 +29,15 @@ import { asNumber, asString, asStringArray, - applyPaperclipWorkspaceEnv, buildPaperclipEnv, buildInvocationEnvForLogs, ensureAbsoluteDirectory, ensurePaperclipSkillSymlink, joinPromptSections, ensurePathInEnv, + refreshPaperclipWorkspaceEnvForExecution, readPaperclipRuntimeSkillEntries, + readPaperclipIssueWorkModeFromContext, resolvePaperclipDesiredSkillNames, removeMaintainerOnlySkillSymlinks, parseObject, @@ -44,7 +47,7 @@ import { DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE, runChildProcess, } from "@paperclipai/adapter-utils/server-utils"; -import { DEFAULT_GEMINI_LOCAL_MODEL } from "../index.js"; +import { DEFAULT_GEMINI_LOCAL_MODEL, SANDBOX_INSTALL_COMMAND } from "../index.js"; import { describeGeminiFailure, detectGeminiAuthRequired, @@ -200,6 +203,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0; const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd; const cwd = effectiveWorkspaceCwd || configuredCwd || process.cwd(); + let effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); await ensureAbsoluteDirectory(cwd, { createIfMissing: true }); const geminiSkillEntries = await readPaperclipRuntimeSkillEntries(config, __moduleDir); const desiredGeminiSkillNames = resolvePaperclipDesiredSkillNames(config, geminiSkillEntries); @@ -236,27 +240,30 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof value === "string" && value.trim().length > 0) : []; const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); if (wakeTaskId) env.PAPERCLIP_TASK_ID = wakeTaskId; + if (issueWorkMode) env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; if (wakeReason) env.PAPERCLIP_WAKE_REASON = wakeReason; if (wakeCommentId) env.PAPERCLIP_WAKE_COMMENT_ID = wakeCommentId; if (approvalId) env.PAPERCLIP_APPROVAL_ID = approvalId; if (approvalStatus) env.PAPERCLIP_APPROVAL_STATUS = approvalStatus; if (linkedIssueIds.length > 0) env.PAPERCLIP_LINKED_ISSUE_IDS = linkedIssueIds.join(","); if (wakePayloadJson) env.PAPERCLIP_WAKE_PAYLOAD_JSON = wakePayloadJson; - applyPaperclipWorkspaceEnv(env, { + refreshPaperclipWorkspaceEnvForExecution({ + env, + envConfig, workspaceCwd: effectiveWorkspaceCwd, workspaceSource, workspaceId, workspaceRepoUrl, workspaceRepoRef, + workspaceHints, agentHome, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, }); - if (workspaceHints.length > 0) env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(workspaceHints); - const targetPaperclipApiUrl = adapterExecutionTargetPaperclipApiUrl(executionTarget); - if (targetPaperclipApiUrl) env.PAPERCLIP_API_URL = targetPaperclipApiUrl; - - for (const [key, value] of Object.entries(envConfig)) { - if (typeof value === "string") env[key] = value; + if (executionTargetIsRemote && typeof env.GEMINI_CLI_TRUST_WORKSPACE !== "string") { + env.GEMINI_CLI_TRUST_WORKSPACE = "true"; } if (!hasExplicitApiKey && authToken) { env.PAPERCLIP_API_KEY = authToken; @@ -267,8 +274,31 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof entry[1] === "string", + ), + ); + const timeoutSec = resolveAdapterExecutionTargetTimeoutSec( + executionTarget, + asNumber(config.timeoutSec, 0), + ); + const graceSec = asNumber(config.graceSec, 20); + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId, + target: executionTarget, + installCommand: ctx.runtimeCommandSpec?.installCommand, + detectCommand: ctx.runtimeCommandSpec?.detectCommand, + cwd, + env: runtimeEnv, + timeoutSec, + graceSec, + onLog, + }); + await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv, { + installCommand: SANDBOX_INSTALL_COMMAND, + timeoutSec, + }); const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs(command, executionTarget, cwd, runtimeEnv); let loggedEnv = buildInvocationEnvForLogs(env, { runtimeEnv, @@ -276,14 +306,11 @@ export async function execute(ctx: AdapterExecutionContext): Promise { const fromExtraArgs = asStringArray(config.extraArgs); if (fromExtraArgs.length > 0) return fromExtraArgs; return asStringArray(config.args); })(); - const effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); let restoreRemoteWorkspace: (() => Promise) | null = null; let remoteSkillsDir: string | null = null; let localSkillsDir: string | null = null; @@ -298,9 +325,13 @@ export async function execute(ctx: AdapterExecutionContext): Promise preparedExecutionTargetRuntime.restoreWorkspace(); + effectiveExecutionCwd = preparedExecutionTargetRuntime.workspaceRemoteDir ?? effectiveExecutionCwd; + refreshPaperclipWorkspaceEnvForExecution({ + env, + envConfig, + workspaceCwd: effectiveWorkspaceCwd, + workspaceSource, + workspaceId, + workspaceRepoUrl, + workspaceRepoRef, + workspaceHints, + agentHome, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, + }); remoteRuntimeRootDir = preparedExecutionTargetRuntime.runtimeRootDir; const managedHome = adapterExecutionTargetUsesManagedHome(executionTarget); if (managedHome && preparedExecutionTargetRuntime.runtimeRootDir) { @@ -339,12 +384,14 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0 && (runtimeSessionCwd.length === 0 || path.resolve(runtimeSessionCwd) === path.resolve(effectiveExecutionCwd)) && - adapterExecutionTargetSessionMatches(runtimeRemoteExecution, executionTarget); + adapterExecutionTargetSessionMatches(runtimeRemoteExecution, runtimeExecutionTarget); const sessionId = canResumeSession ? runtimeSessionId : null; if (executionTargetIsRemote && runtimeSessionId && !canResumeSession) { await onLog( @@ -400,6 +447,9 @@ export async function execute(ctx: AdapterExecutionContext): Promise { const notes: string[] = ["Prompt is passed to Gemini via --prompt for non-interactive execution."]; notes.push("Added --approval-mode yolo for unattended execution."); + if (executionTargetIsRemote) { + notes.push("Set GEMINI_CLI_TRUST_WORKSPACE=true for remote headless execution."); + } if (!instructionsFilePath) return notes; if (instructionsPrefix.length > 0) { notes.push( @@ -486,7 +536,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise) : null; - const parsedError = typeof attempt.parsed.errorMessage === "string" ? attempt.parsed.errorMessage.trim() : ""; - const stderrLine = firstNonEmptyLine(attempt.proc.stderr); - const structuredFailure = attempt.parsed.resultEvent - ? describeGeminiFailure(attempt.parsed.resultEvent) - : null; - const fallbackErrorMessage = - parsedError || - structuredFailure || - stderrLine || - `Gemini exited with code ${attempt.proc.exitCode ?? -1}`; + const resultJson: Record = { + ...(attempt.parsed.resultEvent ?? { + stdout: attempt.proc.stdout, + stderr: attempt.proc.stderr, + }), + ...(failed && clearSessionForTurnLimit ? { stopReason: "max_turns_exhausted" } : {}), + }; return { exitCode: attempt.proc.exitCode, signal: attempt.proc.signal, timedOut: false, - errorMessage: (attempt.proc.exitCode ?? 0) === 0 ? null : fallbackErrorMessage, - errorCode: (attempt.proc.exitCode ?? 0) !== 0 && authMeta.requiresAuth ? "gemini_auth_required" : null, + errorMessage: failed ? fallbackErrorMessage : null, + errorCode: failed && authMeta.requiresAuth + ? "gemini_auth_required" + : failed && clearSessionForTurnLimit + ? "max_turns_exhausted" + : null, usage: attempt.parsed.usage, sessionId: resolvedSessionId, sessionParams: resolvedSessionParams, @@ -577,10 +642,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise { + it("collects assistant text from message events with string content", () => { + const stdout = [ + '{"type":"init","session_id":"session-1"}', + '{"type":"message","role":"user","content":"Respond with hello."}', + '{"type":"message","role":"assistant","content":"hello","delta":true}', + '{"type":"result","status":"success"}', + ].join("\n"); + + const parsed = parseGeminiJsonl(stdout); + + expect(parsed.sessionId).toBe("session-1"); + expect(parsed.summary).toBe("hello"); + expect(parsed.errorMessage).toBeNull(); + }); + + it("collects assistant text from message events with structured object content", () => { + const stdout = [ + '{"type":"init","session_id":"session-2"}', + '{"type":"message","role":"assistant","content":{"content":[{"type":"text","text":"first part"},{"type":"text","text":"second part"}]}}', + '{"type":"result","status":"success"}', + ].join("\n"); + + const parsed = parseGeminiJsonl(stdout); + + expect(parsed.sessionId).toBe("session-2"); + expect(parsed.summary).toBe("first part\n\nsecond part"); + expect(parsed.errorMessage).toBeNull(); + }); + + it("ignores non-assistant message events", () => { + const stdout = [ + '{"type":"message","role":"user","content":"hidden user input"}', + '{"type":"message","role":"system","content":"hidden system note"}', + '{"type":"message","role":"assistant","content":"visible response"}', + '{"type":"result","status":"success"}', + ].join("\n"); + + const parsed = parseGeminiJsonl(stdout); + + expect(parsed.summary).toBe("visible response"); + }); + + it("captures assistant text from gemini CLI v0.38 stream-json schema", () => { + const stdout = [ + JSON.stringify({ + type: "init", + timestamp: "2026-05-04T05:43:41.203Z", + session_id: "session-abc", + model: "auto-gemini-3", + }), + JSON.stringify({ + type: "message", + timestamp: "2026-05-04T05:43:41.205Z", + role: "user", + content: "Respond with hello.", + }), + JSON.stringify({ + type: "message", + timestamp: "2026-05-04T05:43:45.198Z", + role: "assistant", + content: "hello.", + delta: true, + }), + JSON.stringify({ + type: "result", + timestamp: "2026-05-04T05:43:45.819Z", + status: "success", + stats: { + total_tokens: 9468, + input_tokens: 9095, + output_tokens: 29, + cached: 8132, + duration_ms: 4616, + }, + }), + ].join("\n"); + + const result = parseGeminiJsonl(stdout); + expect(result.summary).toBe("hello."); + expect(result.sessionId).toBe("session-abc"); + expect(result.errorMessage).toBeNull(); + expect(result.usage.inputTokens).toBe(9095); + expect(result.usage.outputTokens).toBe(29); + expect(result.usage.cachedInputTokens).toBe(8132); + }); + + it("ignores user messages and only collects assistant content", () => { + const stdout = [ + JSON.stringify({ type: "message", role: "user", content: "ignore me" }), + JSON.stringify({ type: "message", role: "assistant", content: "first" }), + JSON.stringify({ type: "message", role: "assistant", content: "second" }), + ].join("\n"); + + const result = parseGeminiJsonl(stdout); + expect(result.summary).toBe("first\n\nsecond"); + }); + + it("preserves the legacy claude-style `assistant` event handler", () => { + const stdout = [ + JSON.stringify({ + type: "system", + subtype: "init", + session_id: "legacy-session", + }), + JSON.stringify({ + type: "assistant", + message: { content: [{ type: "output_text", text: "legacy hello" }] }, + }), + JSON.stringify({ type: "result", subtype: "success", result: "legacy hello" }), + ].join("\n"); + + const result = parseGeminiJsonl(stdout); + expect(result.summary).toBe("legacy hello"); + expect(result.sessionId).toBe("legacy-session"); + }); + + it("flags result events with status=error", () => { + const stdout = [ + JSON.stringify({ + type: "result", + status: "error", + error: "boom", + }), + ].join("\n"); + + const result = parseGeminiJsonl(stdout); + expect(result.errorMessage).toBe("boom"); + }); +}); diff --git a/packages/adapters/gemini-local/src/server/parse.ts b/packages/adapters/gemini-local/src/server/parse.ts index 10bc169e..d309c8c4 100644 --- a/packages/adapters/gemini-local/src/server/parse.ts +++ b/packages/adapters/gemini-local/src/server/parse.ts @@ -64,7 +64,10 @@ function accumulateUsage( ); target.cachedInputTokens += asNumber( source.cached_input_tokens, - asNumber(source.cachedInputTokens, asNumber(source.cachedContentTokenCount, 0)), + asNumber( + source.cachedInputTokens, + asNumber(source.cachedContentTokenCount, asNumber(source.cached, 0)), + ), ); target.outputTokens += asNumber( source.output_tokens, @@ -121,16 +124,34 @@ export function parseGeminiJsonl(stdout: string) { continue; } + // Gemini CLI v0.38+ stream-json schema emits assistant turns as: + // {"type":"message","role":"assistant","content":"...","delta":true} + // These are discrete final messages (one per assistant turn), not + // cumulative streaming tokens, so collecting all of them produces the + // expected concatenated turn-by-turn summary rather than duplicated text. + if (type === "message") { + const role = asString(event.role, "").trim().toLowerCase(); + if (role === "assistant") { + messages.push(...collectMessageText(event.content)); + } + continue; + } + if (type === "result") { resultEvent = event; - accumulateUsage(usage, event.usage ?? event.usageMetadata); + accumulateUsage(usage, event.usage ?? event.usageMetadata ?? event.stats); const resultText = asString(event.result, "").trim() || asString(event.text, "").trim() || asString(event.response, "").trim(); if (resultText && messages.length === 0) messages.push(resultText); costUsd = asNumber(event.total_cost_usd, asNumber(event.cost_usd, asNumber(event.cost, costUsd ?? 0))) || costUsd; - const isError = event.is_error === true || asString(event.subtype, "").toLowerCase() === "error"; + const status = asString(event.status, "").toLowerCase(); + const isError = + event.is_error === true || + asString(event.subtype, "").toLowerCase() === "error" || + status === "error" || + status === "failed"; if (isError) { const text = asErrorText(event.error ?? event.message ?? event.result).trim(); if (text) errorMessage = text; @@ -273,9 +294,18 @@ export function isGeminiTurnLimitResult( if (exitCode === 53) return true; if (!parsed) return false; - const status = asString(parsed.status, "").trim().toLowerCase(); - if (status === "turn_limit" || status === "max_turns") return true; + const structuredStopReasons = [ + parsed.status, + parsed.stopReason, + parsed.stop_reason, + parsed.errorCode, + parsed.error_code, + ].map((value) => asString(value, "").trim().toLowerCase()); - const error = asString(parsed.error, "").trim(); - return /turn\s*limit|max(?:imum)?\s+turns?/i.test(error); + return structuredStopReasons.some((reason) => + reason === "turn_limit" || + reason === "max_turns" || + reason === "max_turns_exhausted" || + reason === "turn_limit_exhausted", + ); } diff --git a/packages/adapters/gemini-local/src/server/test.ts b/packages/adapters/gemini-local/src/server/test.ts index ec9ef49a..555355f6 100644 --- a/packages/adapters/gemini-local/src/server/test.ts +++ b/packages/adapters/gemini-local/src/server/test.ts @@ -14,12 +14,13 @@ import { } from "@paperclipai/adapter-utils/server-utils"; import { ensureAdapterExecutionTargetCommandResolvable, + maybeRunSandboxInstallCommand, ensureAdapterExecutionTargetDirectory, runAdapterExecutionTargetProcess, describeAdapterExecutionTarget, resolveAdapterExecutionTargetCwd, } from "@paperclipai/adapter-utils/execution-target"; -import { DEFAULT_GEMINI_LOCAL_MODEL } from "../index.js"; +import { DEFAULT_GEMINI_LOCAL_MODEL, SANDBOX_INSTALL_COMMAND } from "../index.js"; import { detectGeminiAuthRequired, detectGeminiQuotaExhausted, parseGeminiJsonl } from "./parse.js"; import { firstNonEmptyLine } from "./utils.js"; @@ -93,7 +94,19 @@ export async function testEnvironment( for (const [key, value] of Object.entries(envConfig)) { if (typeof value === "string") env[key] = value; } + if (targetIsRemote && typeof env.GEMINI_CLI_TRUST_WORKSPACE !== "string") { + env.GEMINI_CLI_TRUST_WORKSPACE = "true"; + } const runtimeEnv = ensurePathInEnv({ ...process.env, ...env }); + const installCheck = await maybeRunSandboxInstallCommand({ + runId, + target, + adapterKey: "gemini", + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, + env, + }); + if (installCheck) checks.push(installCheck); try { await ensureAdapterExecutionTargetCommandResolvable(command, target, cwd, runtimeEnv); checks.push({ @@ -157,7 +170,7 @@ export async function testEnvironment( const model = asString(config.model, DEFAULT_GEMINI_LOCAL_MODEL).trim(); const approvalMode = asString(config.approvalMode, asBoolean(config.yolo, false) ? "yolo" : "default"); const sandbox = asBoolean(config.sandbox, false); - const helloProbeTimeoutSec = Math.max(1, asNumber(config.helloProbeTimeoutSec, 10)); + const helloProbeTimeoutSec = Math.max(1, asNumber(config.helloProbeTimeoutSec, 60)); const extraArgs = (() => { const fromExtraArgs = asStringArray(config.extraArgs); if (fromExtraArgs.length > 0) return fromExtraArgs; diff --git a/packages/adapters/gemini-local/src/ui/parse-stdout.test.ts b/packages/adapters/gemini-local/src/ui/parse-stdout.test.ts new file mode 100644 index 00000000..45245db1 --- /dev/null +++ b/packages/adapters/gemini-local/src/ui/parse-stdout.test.ts @@ -0,0 +1,73 @@ +import { describe, expect, it } from "vitest"; +import { parseGeminiStdoutLine } from "./parse-stdout.js"; + +const ts = "2026-05-04T05:43:45.198Z"; + +describe("parseGeminiStdoutLine", () => { + it("renders v0.38 message+role:assistant as an assistant transcript entry", () => { + const line = JSON.stringify({ + type: "message", + role: "assistant", + content: "hello.", + delta: true, + }); + const entries = parseGeminiStdoutLine(line, ts); + expect(entries).toEqual([{ kind: "assistant", ts, text: "hello." }]); + }); + + it("renders v0.38 message+role:user as a user transcript entry", () => { + const line = JSON.stringify({ + type: "message", + role: "user", + content: "Respond with hello.", + }); + const entries = parseGeminiStdoutLine(line, ts); + expect(entries).toEqual([{ kind: "user", ts, text: "Respond with hello." }]); + }); + + it("preserves the legacy claude-style assistant event handler", () => { + const line = JSON.stringify({ + type: "assistant", + message: { content: [{ type: "output_text", text: "legacy hello" }] }, + }); + const entries = parseGeminiStdoutLine(line, ts); + expect(entries).toEqual([{ kind: "assistant", ts, text: "legacy hello" }]); + }); + + it("reads token usage from v0.38 result.stats", () => { + const line = JSON.stringify({ + type: "result", + status: "success", + stats: { + total_tokens: 9468, + input_tokens: 9095, + output_tokens: 29, + cached: 8132, + }, + }); + const [entry] = parseGeminiStdoutLine(line, ts); + expect(entry).toMatchObject({ + kind: "result", + inputTokens: 9095, + outputTokens: 29, + cachedTokens: 8132, + isError: false, + subtype: "success", + }); + }); + + it("flags v0.38 result.status=error as an error", () => { + const line = JSON.stringify({ + type: "result", + status: "error", + error: "boom", + }); + const [entry] = parseGeminiStdoutLine(line, ts); + expect(entry).toMatchObject({ kind: "result", isError: true, errors: ["boom"] }); + }); + + it("ignores message events without an actionable role", () => { + const line = JSON.stringify({ type: "message", role: "system", content: "ignored" }); + expect(parseGeminiStdoutLine(line, ts)).toEqual([]); + }); +}); diff --git a/packages/adapters/gemini-local/src/ui/parse-stdout.ts b/packages/adapters/gemini-local/src/ui/parse-stdout.ts index 47426fa3..b09b16e1 100644 --- a/packages/adapters/gemini-local/src/ui/parse-stdout.ts +++ b/packages/adapters/gemini-local/src/ui/parse-stdout.ts @@ -195,7 +195,7 @@ function readSessionId(parsed: Record): string { } function readUsage(parsed: Record) { - const usage = asRecord(parsed.usage) ?? asRecord(parsed.usageMetadata); + const usage = asRecord(parsed.usage) ?? asRecord(parsed.usageMetadata) ?? asRecord(parsed.stats); const usageMetadata = asRecord(usage?.usageMetadata); const source = usageMetadata ?? usage ?? {}; return { @@ -203,7 +203,7 @@ function readUsage(parsed: Record) { outputTokens: asNumber(source.output_tokens, asNumber(source.outputTokens, asNumber(source.candidatesTokenCount))), cachedTokens: asNumber( source.cached_input_tokens, - asNumber(source.cachedInputTokens, asNumber(source.cachedContentTokenCount)), + asNumber(source.cachedInputTokens, asNumber(source.cachedContentTokenCount, asNumber(source.cached))), ), }; } @@ -237,6 +237,19 @@ export function parseGeminiStdoutLine(line: string, ts: string): TranscriptEntry return collectTextEntries(parsed.message, ts, "user"); } + // Gemini CLI v0.38+ stream-json schema: + // {"type":"message","role":"assistant"|"user","content":"...","delta":?true} + if (type === "message") { + const role = asString(parsed.role).trim().toLowerCase(); + if (role === "assistant") { + return parseAssistantMessage(parsed.content, ts); + } + if (role === "user") { + return collectTextEntries(parsed.content, ts, "user"); + } + return []; + } + if (type === "thinking") { const text = asString(parsed.text).trim() || asString(asRecord(parsed.delta)?.text).trim(); return text ? [{ kind: "thinking", ts, text }] : []; @@ -248,7 +261,10 @@ export function parseGeminiStdoutLine(line: string, ts: string): TranscriptEntry if (type === "result") { const usage = readUsage(parsed); - const errors = parsed.is_error === true + const status = asString(parsed.status).toLowerCase(); + const isError = + parsed.is_error === true || status === "error" || status === "failed"; + const errors = isError ? [errorText(parsed.error ?? parsed.message ?? parsed.result)].filter(Boolean) : []; return [{ @@ -259,8 +275,8 @@ export function parseGeminiStdoutLine(line: string, ts: string): TranscriptEntry outputTokens: usage.outputTokens, cachedTokens: usage.cachedTokens, costUsd: asNumber(parsed.total_cost_usd, asNumber(parsed.cost_usd, asNumber(parsed.cost))), - subtype: asString(parsed.subtype, "result"), - isError: parsed.is_error === true, + subtype: asString(parsed.subtype, status || "result"), + isError, errors, }]; } diff --git a/packages/adapters/openclaw-gateway/src/server/execute.ts b/packages/adapters/openclaw-gateway/src/server/execute.ts index 23ceaeb2..f019bfa8 100644 --- a/packages/adapters/openclaw-gateway/src/server/execute.ts +++ b/packages/adapters/openclaw-gateway/src/server/execute.ts @@ -8,6 +8,7 @@ import { asString, buildPaperclipEnv, parseObject, + readPaperclipIssueWorkModeFromContext, renderPaperclipWakePrompt, stringifyPaperclipWakePayload, } from "@paperclipai/adapter-utils/server-utils"; @@ -347,6 +348,8 @@ function buildPaperclipEnvForWake(ctx: AdapterExecutionContext, wakePayload: Wak paperclipEnv.PAPERCLIP_API_URL = paperclipApiUrlOverride; } if (wakePayload.taskId) paperclipEnv.PAPERCLIP_TASK_ID = wakePayload.taskId; + const issueWorkMode = readPaperclipIssueWorkModeFromContext(ctx.context); + if (issueWorkMode) paperclipEnv.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; if (wakePayload.wakeReason) paperclipEnv.PAPERCLIP_WAKE_REASON = wakePayload.wakeReason; if (wakePayload.wakeCommentId) paperclipEnv.PAPERCLIP_WAKE_COMMENT_ID = wakePayload.wakeCommentId; if (wakePayload.approvalId) paperclipEnv.PAPERCLIP_APPROVAL_ID = wakePayload.approvalId; diff --git a/packages/adapters/opencode-local/src/index.ts b/packages/adapters/opencode-local/src/index.ts index ff326f99..3bd30518 100644 --- a/packages/adapters/opencode-local/src/index.ts +++ b/packages/adapters/opencode-local/src/index.ts @@ -3,8 +3,39 @@ import type { AdapterModelProfileDefinition } from "@paperclipai/adapter-utils"; export const type = "opencode_local"; export const label = "OpenCode (local)"; +// Use OpenCode's official installer instead of `npm install -g opencode-ai`. +// The npm package reifies four large Linux x64 prebuilt-binary subpackages +// (linux-x64, linux-x64-musl, linux-x64-baseline, linux-x64-baseline-musl) in +// parallel even though only one matches the sandbox; on bandwidth-constrained +// sandboxes (e.g. Cloudflare) that exceeded the 240s install budget. The +// official installer fetches a single arch-specific binary and adds +// `$HOME/.opencode/bin` to PATH via `~/.bashrc`, which sandbox `sh -lc` +// invocations source. +// +// Security tradeoff: this is `curl | bash` without a SHA-256 verification of +// the install script. We accept this because: +// 1. The install runs inside an isolated, ephemeral sandbox — blast radius +// is bounded to that sandbox's secrets and disk. +// 2. The prior `npm install -g opencode-ai` is also unverified code +// execution from a third-party registry; this is not strictly worse. +// 3. OpenCode does not publish per-release SHA-256 checksums in a stable +// location, and pinning a version + hash here would require manual +// version bumps on every OpenCode release. +// The `set -e` (implied by Bash's default with `-fsSL` upstream of a piped +// shell) and `curl -fsSL` give us fail-fast behavior on HTTP errors. If +// OpenCode starts publishing a stable checksum/signature, switch to fetching +// a versioned tarball + verifying the digest before exec. +export const SANDBOX_INSTALL_COMMAND = "curl -fsSL https://opencode.ai/install | bash"; + export const DEFAULT_OPENCODE_LOCAL_MODEL = "openai/gpt-5.2-codex"; +export function isValidOpenCodeModelId(value: unknown): value is string { + if (typeof value !== "string") return false; + const trimmed = value.trim(); + const slashIndex = trimmed.indexOf("/"); + return Boolean(trimmed) && slashIndex > 0 && slashIndex !== trimmed.length - 1; +} + export const models: Array<{ id: string; label: string }> = [ { id: DEFAULT_OPENCODE_LOCAL_MODEL, label: DEFAULT_OPENCODE_LOCAL_MODEL }, { id: "openai/gpt-5.4", label: "openai/gpt-5.4" }, diff --git a/packages/adapters/opencode-local/src/server/execute.remote.test.ts b/packages/adapters/opencode-local/src/server/execute.remote.test.ts index bdf55991..f13fa4d5 100644 --- a/packages/adapters/opencode-local/src/server/execute.remote.test.ts +++ b/packages/adapters/opencode-local/src/server/execute.remote.test.ts @@ -11,27 +11,41 @@ const { restoreWorkspaceFromSshExecution, runSshCommand, syncDirectoryToSsh, + startAdapterExecutionTargetPaperclipBridge, } = vi.hoisted(() => ({ - runChildProcess: vi.fn(async () => ({ - exitCode: 0, - signal: null, - timedOut: false, - stdout: [ - JSON.stringify({ type: "step_start", sessionID: "session_123" }), - JSON.stringify({ type: "text", sessionID: "session_123", part: { text: "hello" } }), - JSON.stringify({ - type: "step_finish", - sessionID: "session_123", - part: { cost: 0.001, tokens: { input: 1, output: 1, reasoning: 0, cache: { read: 0, write: 0 } } }, - }), - ].join("\n"), - stderr: "", - pid: 123, - startedAt: new Date().toISOString(), - })), + runChildProcess: vi.fn(async (_runId: string, _command: string, args: string[]) => { + if (args.includes("models")) { + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: "opencode/gpt-5-nano\nopenai/gpt-4.1\n", + stderr: "", + pid: 122, + startedAt: new Date().toISOString(), + }; + } + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: [ + JSON.stringify({ type: "step_start", sessionID: "session_123" }), + JSON.stringify({ type: "text", sessionID: "session_123", part: { text: "hello" } }), + JSON.stringify({ + type: "step_finish", + sessionID: "session_123", + part: { cost: 0.001, tokens: { input: 1, output: 1, reasoning: 0, cache: { read: 0, write: 0 } } }, + }), + ].join("\n"), + stderr: "", + pid: 123, + startedAt: new Date().toISOString(), + }; + }), ensureCommandResolvable: vi.fn(async () => undefined), resolveCommandForLogs: vi.fn(async () => "ssh://fixture@127.0.0.1:2222/remote/workspace :: opencode"), - prepareWorkspaceForSshExecution: vi.fn(async () => undefined), + prepareWorkspaceForSshExecution: vi.fn(async () => ({ gitBacked: false })), restoreWorkspaceFromSshExecution: vi.fn(async () => undefined), runSshCommand: vi.fn(async () => ({ stdout: "/home/agent", @@ -39,6 +53,14 @@ const { exitCode: 0, })), syncDirectoryToSsh: vi.fn(async () => undefined), + startAdapterExecutionTargetPaperclipBridge: vi.fn(async () => ({ + env: { + PAPERCLIP_API_URL: "http://127.0.0.1:4310", + PAPERCLIP_API_KEY: "bridge-token", + PAPERCLIP_API_BRIDGE_MODE: "queue_v1", + }, + stop: async () => {}, + })), })); vi.mock("@paperclipai/adapter-utils/server-utils", async () => { @@ -66,6 +88,16 @@ vi.mock("@paperclipai/adapter-utils/ssh", async () => { }; }); +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + startAdapterExecutionTargetPaperclipBridge, + }; +}); + import { execute } from "./execute.js"; describe("opencode remote execution", () => { @@ -84,7 +116,10 @@ describe("opencode remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-opencode-remote-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const alternateWorkspaceDir = path.join(rootDir, "workspace-other"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-1/workspace"; await mkdir(workspaceDir, { recursive: true }); + await mkdir(alternateWorkspaceDir, { recursive: true }); const result = await execute({ runId: "run-1", @@ -110,6 +145,20 @@ describe("opencode remote execution", () => { cwd: workspaceDir, source: "project_primary", }, + paperclipWorkspaces: [ + { + workspaceId: "workspace-1", + cwd: workspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + cwd: alternateWorkspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ], }, executionTransport: { remoteExecution: { @@ -121,7 +170,6 @@ describe("opencode remote execution", () => { privateKey: "PRIVATE KEY", knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", strictHostKeyChecking: true, - paperclipApiUrl: "http://198.51.100.10:3102", }, }, onLog: async () => {}, @@ -129,23 +177,22 @@ describe("opencode remote execution", () => { expect(result.sessionParams).toMatchObject({ sessionId: "session_123", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", - paperclipApiUrl: "http://198.51.100.10:3102", + remoteCwd: managedRemoteWorkspace, }, }); expect(prepareWorkspaceForSshExecution).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledTimes(2); expect(syncDirectoryToSsh).toHaveBeenCalledWith(expect.objectContaining({ - remoteDir: "/remote/workspace/.paperclip-runtime/opencode/xdgConfig", + remoteDir: `${managedRemoteWorkspace}/.paperclip-runtime/opencode/xdgConfig`, })); expect(syncDirectoryToSsh).toHaveBeenCalledWith(expect.objectContaining({ - remoteDir: "/remote/workspace/.paperclip-runtime/opencode/skills", + remoteDir: `${managedRemoteWorkspace}/.paperclip-runtime/opencode/skills`, followSymlinks: true, })); expect(runSshCommand).toHaveBeenCalledWith( @@ -153,19 +200,114 @@ describe("opencode remote execution", () => { expect.stringContaining(".claude/skills"), expect.anything(), ); - const call = runChildProcess.mock.calls[0] as unknown as + const runCall = runChildProcess.mock.calls.find((entry) => Array.isArray(entry[2]) && entry[2].includes("run")) as | [string, string, string[], { env: Record; remoteExecution?: { remoteCwd: string } | null }] | undefined; - expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://198.51.100.10:3102"); - expect(call?.[3].env.XDG_CONFIG_HOME).toBe("/remote/workspace/.paperclip-runtime/opencode/xdgConfig"); - expect(call?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + const modelProbeCall = runChildProcess.mock.calls.find((entry) => Array.isArray(entry[2]) && entry[2].includes("models")) as + | [string, string, string[], { env: Record; remoteExecution?: { remoteCwd: string } | null }] + | undefined; + expect(modelProbeCall?.[2]).toEqual(["models"]); + // The model probe runs after the runtime workspace is prepared (so XDG + // points at the managed subdirectory) but the SSH session targets the + // original target remoteCwd — the per-run subdirectory is layered + // underneath via XDG/runtime config rather than by switching the cwd. + expect(modelProbeCall?.[3].env.XDG_CONFIG_HOME).toBe( + `${managedRemoteWorkspace}/.paperclip-runtime/opencode/xdgConfig`, + ); + expect(modelProbeCall?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + const call = runCall as + | [string, string, string[], { env: Record; remoteExecution?: { remoteCwd: string } | null }] + | undefined; + expect(call?.[3].env.PAPERCLIP_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(JSON.parse(call?.[3].env.PAPERCLIP_WORKSPACES_JSON ?? "[]")).toEqual([ + { + workspaceId: "workspace-1", + cwd: managedRemoteWorkspace, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ]); + expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://127.0.0.1:4310"); + expect(call?.[3].env.PAPERCLIP_API_BRIDGE_MODE).toBe("queue_v1"); + expect(call?.[3].env.XDG_CONFIG_HOME).toBe(`${managedRemoteWorkspace}/.paperclip-runtime/opencode/xdgConfig`); + expect(call?.[3].remoteExecution?.remoteCwd).toBe(managedRemoteWorkspace); + expect(startAdapterExecutionTargetPaperclipBridge).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledTimes(1); }); + it("fails before the remote run when the configured model is unavailable on the SSH target", async () => { + runChildProcess.mockImplementationOnce(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "openai/gpt-4.1\n", + stderr: "", + pid: 456, + startedAt: new Date().toISOString(), + })); + + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-opencode-remote-model-")); + cleanupDirs.push(rootDir); + const workspaceDir = path.join(rootDir, "workspace"); + await mkdir(workspaceDir, { recursive: true }); + + await expect(() => + execute({ + runId: "run-ssh-model-missing", + agent: { + id: "agent-1", + companyId: "company-1", + name: "OpenCode Builder", + adapterType: "opencode_local", + adapterConfig: {}, + }, + runtime: { + sessionId: null, + sessionParams: null, + sessionDisplayId: null, + taskKey: null, + }, + config: { + command: "opencode", + model: "opencode/gpt-5-nano", + }, + context: { + paperclipWorkspace: { + cwd: workspaceDir, + source: "project_primary", + }, + }, + executionTransport: { + remoteExecution: { + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteWorkspacePath: "/remote/workspace", + remoteCwd: "/remote/workspace", + privateKey: "PRIVATE KEY", + knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", + strictHostKeyChecking: true, + }, + }, + onLog: async () => {}, + }), + ).rejects.toThrow("Configured OpenCode model is unavailable on the remote execution target"); + + expect(runChildProcess).toHaveBeenCalledTimes(1); + expect((runChildProcess.mock.calls[0]?.[2] as string[] | undefined) ?? []).toEqual(["models"]); + expect(startAdapterExecutionTargetPaperclipBridge).not.toHaveBeenCalled(); + }); + it("resumes saved OpenCode sessions for remote SSH execution only when the identity matches", async () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-opencode-remote-resume-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-ssh-resume/workspace"; await mkdir(workspaceDir, { recursive: true }); await execute({ @@ -181,13 +323,13 @@ describe("opencode remote execution", () => { sessionId: "session-123", sessionParams: { sessionId: "session-123", - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", + remoteCwd: managedRemoteWorkspace, }, }, sessionDisplayId: "session-123", @@ -218,7 +360,9 @@ describe("opencode remote execution", () => { onLog: async () => {}, }); - const call = runChildProcess.mock.calls[0] as unknown as [string, string, string[]] | undefined; + const call = runChildProcess.mock.calls.find((entry) => Array.isArray(entry[2]) && entry[2].includes("run")) as + | [string, string, string[]] + | undefined; expect(call?.[2]).toContain("--session"); expect(call?.[2]).toContain("session-123"); }); diff --git a/packages/adapters/opencode-local/src/server/execute.ts b/packages/adapters/opencode-local/src/server/execute.ts index 82f62f1d..72702dbd 100644 --- a/packages/adapters/opencode-local/src/server/execute.ts +++ b/packages/adapters/opencode-local/src/server/execute.ts @@ -5,17 +5,19 @@ import { fileURLToPath } from "node:url"; import { inferOpenAiCompatibleBiller, type AdapterExecutionContext, type AdapterExecutionResult } from "@paperclipai/adapter-utils"; import { adapterExecutionTargetIsRemote, - adapterExecutionTargetPaperclipApiUrl, adapterExecutionTargetRemoteCwd, + overrideAdapterExecutionTargetRemoteCwd, adapterExecutionTargetSessionIdentity, adapterExecutionTargetSessionMatches, adapterExecutionTargetUsesManagedHome, adapterExecutionTargetUsesPaperclipBridge, describeAdapterExecutionTarget, ensureAdapterExecutionTargetCommandResolvable, + ensureAdapterExecutionTargetRuntimeCommandInstalled, prepareAdapterExecutionTargetRuntime, readAdapterExecutionTarget, readAdapterExecutionTargetHomeDir, + resolveAdapterExecutionTargetTimeoutSec, resolveAdapterExecutionTargetCommandForLogs, runAdapterExecutionTargetProcess, runAdapterExecutionTargetShellCommand, @@ -26,25 +28,31 @@ import { asNumber, asStringArray, parseObject, - applyPaperclipWorkspaceEnv, buildPaperclipEnv, joinPromptSections, buildInvocationEnvForLogs, ensureAbsoluteDirectory, ensurePaperclipSkillSymlink, ensurePathInEnv, + refreshPaperclipWorkspaceEnvForExecution, renderTemplate, renderPaperclipWakePrompt, stringifyPaperclipWakePayload, DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE, runChildProcess, readPaperclipRuntimeSkillEntries, + readPaperclipIssueWorkModeFromContext, resolvePaperclipDesiredSkillNames, } from "@paperclipai/adapter-utils/server-utils"; import { isOpenCodeUnknownSessionError, parseOpenCodeJsonl } from "./parse.js"; -import { ensureOpenCodeModelConfiguredAndAvailable } from "./models.js"; +import { + ensureOpenCodeModelConfiguredAndAvailable, + parseOpenCodeModelsOutput, + requireOpenCodeModelId, +} from "./models.js"; import { removeMaintainerOnlySkillSymlinks } from "@paperclipai/adapter-utils/server-utils"; import { prepareOpenCodeRuntimeConfig } from "./runtime-config.js"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; const __moduleDir = path.dirname(fileURLToPath(import.meta.url)); @@ -68,6 +76,69 @@ function resolveOpenCodeBiller(env: Record, provider: string | n return inferOpenAiCompatibleBiller(env, null) ?? provider ?? "unknown"; } +const REMOTE_OPENCODE_MODELS_PROBE_DEFAULT_TIMEOUT_SEC = 20; +const REMOTE_OPENCODE_MODELS_PROBE_SANDBOX_TIMEOUT_SEC = 120; + +async function ensureRemoteOpenCodeModelConfiguredAndAvailable(input: { + runId: string; + executionTarget: NonNullable; + command: string; + model: string; + cwd: string; + env: Record; + timeoutSec: number; + graceSec: number; +}) { + const model = requireOpenCodeModelId(input.model); + const defaultProbeTimeoutSec = + input.executionTarget.kind === "remote" && input.executionTarget.transport === "sandbox" + ? REMOTE_OPENCODE_MODELS_PROBE_SANDBOX_TIMEOUT_SEC + : REMOTE_OPENCODE_MODELS_PROBE_DEFAULT_TIMEOUT_SEC; + const probeTimeoutSec = input.timeoutSec > 0 + ? Math.min(input.timeoutSec, defaultProbeTimeoutSec) + : defaultProbeTimeoutSec; + const probe = await runAdapterExecutionTargetProcess( + input.runId, + input.executionTarget, + input.command, + ["models"], + { + cwd: input.cwd, + env: input.env, + timeoutSec: probeTimeoutSec, + graceSec: input.graceSec, + onLog: async () => {}, + }, + ); + + if (probe.timedOut) { + throw new Error(`\`opencode models\` timed out on the remote execution target after ${probeTimeoutSec}s.`); + } + + if ((probe.exitCode ?? 1) !== 0) { + const detail = firstNonEmptyLine(probe.stderr) || firstNonEmptyLine(probe.stdout); + throw new Error( + detail + ? `\`opencode models\` failed on the remote execution target: ${detail}` + : "`opencode models` failed on the remote execution target.", + ); + } + + const models = parseOpenCodeModelsOutput(probe.stdout); + if (models.length === 0) { + throw new Error( + "OpenCode returned no models on the remote execution target. Run `opencode models` there and verify provider auth.", + ); + } + + if (!models.some((entry) => entry.id === model)) { + const sample = models.slice(0, 12).map((entry) => entry.id).join(", "); + throw new Error( + `Configured OpenCode model is unavailable on the remote execution target: ${model}. Available models: ${sample}${models.length > 12 ? ", ..." : ""}`, + ); + } +} + function claudeSkillsHome(): string { return path.join(os.homedir(), ".claude", "skills"); } @@ -155,6 +226,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0; const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd; const cwd = effectiveWorkspaceCwd || configuredCwd || process.cwd(); + let effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); await ensureAbsoluteDirectory(cwd, { createIfMissing: true }); const openCodeSkillEntries = await readPaperclipRuntimeSkillEntries(config, __moduleDir); const desiredOpenCodeSkillNames = resolvePaperclipDesiredSkillNames(config, openCodeSkillEntries); @@ -195,28 +267,28 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof value === "string" && value.trim().length > 0) : []; const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); if (wakeTaskId) env.PAPERCLIP_TASK_ID = wakeTaskId; + if (issueWorkMode) env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; if (wakeReason) env.PAPERCLIP_WAKE_REASON = wakeReason; if (wakeCommentId) env.PAPERCLIP_WAKE_COMMENT_ID = wakeCommentId; if (approvalId) env.PAPERCLIP_APPROVAL_ID = approvalId; if (approvalStatus) env.PAPERCLIP_APPROVAL_STATUS = approvalStatus; if (linkedIssueIds.length > 0) env.PAPERCLIP_LINKED_ISSUE_IDS = linkedIssueIds.join(","); if (wakePayloadJson) env.PAPERCLIP_WAKE_PAYLOAD_JSON = wakePayloadJson; - applyPaperclipWorkspaceEnv(env, { + refreshPaperclipWorkspaceEnvForExecution({ + env, + envConfig, workspaceCwd: effectiveWorkspaceCwd, workspaceSource, workspaceId, workspaceRepoUrl, workspaceRepoRef, + workspaceHints, agentHome, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, }); - if (workspaceHints.length > 0) env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(workspaceHints); - const targetPaperclipApiUrl = adapterExecutionTargetPaperclipApiUrl(executionTarget); - if (targetPaperclipApiUrl) env.PAPERCLIP_API_URL = targetPaperclipApiUrl; - - for (const [key, value] of Object.entries(envConfig)) { - if (typeof value === "string") env[key] = value; - } // Prevent OpenCode from writing an opencode.json config file into the // project working directory (which would pollute the git repo). Model // selection is already handled via the --model CLI flag. Set after the @@ -234,14 +306,32 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof entry[1] === "string", ), ); - await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv); + const timeoutSec = resolveAdapterExecutionTargetTimeoutSec( + executionTarget, + asNumber(config.timeoutSec, 0), + ); + const graceSec = asNumber(config.graceSec, 20); + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId, + target: executionTarget, + installCommand: ctx.runtimeCommandSpec?.installCommand, + detectCommand: ctx.runtimeCommandSpec?.detectCommand, + cwd, + env: runtimeEnv, + timeoutSec, + graceSec, + onLog, + }); + await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv, { + installCommand: SANDBOX_INSTALL_COMMAND, + timeoutSec, + }); const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs(command, executionTarget, cwd, runtimeEnv); let loggedEnv = buildInvocationEnvForLogs(preparedRuntimeConfig.env, { runtimeEnv, includeRuntimeKeys: ["HOME"], resolvedCommand, }); - if (!executionTargetIsRemote) { await ensureOpenCodeModelConfiguredAndAvailable({ model, @@ -251,29 +341,30 @@ export async function execute(ctx: AdapterExecutionContext): Promise { const fromExtraArgs = asStringArray(config.extraArgs); if (fromExtraArgs.length > 0) return fromExtraArgs; return asStringArray(config.args); })(); - const effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); let restoreRemoteWorkspace: (() => Promise) | null = null; let localSkillsDir: string | null = null; let remoteRuntimeRootDir: string | null = null; let paperclipBridge: Awaited> = null; - if (executionTargetIsRemote) { + if (executionTarget?.kind === "remote") { localSkillsDir = await buildOpenCodeSkillsDir(config); await onLog( "stdout", `[paperclip] Syncing workspace and OpenCode runtime assets to ${describeAdapterExecutionTarget(executionTarget)}.\n`, ); const preparedExecutionTargetRuntime = await prepareAdapterExecutionTargetRuntime({ + runId, target: executionTarget, adapterKey: "opencode", + timeoutSec, workspaceLocalDir: cwd, + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, assets: [ { key: "skills", @@ -289,6 +380,20 @@ export async function execute(ctx: AdapterExecutionContext): Promise preparedExecutionTargetRuntime.restoreWorkspace(); + effectiveExecutionCwd = preparedExecutionTargetRuntime.workspaceRemoteDir ?? effectiveExecutionCwd; + refreshPaperclipWorkspaceEnvForExecution({ + env: preparedRuntimeConfig.env, + envConfig, + workspaceCwd: effectiveWorkspaceCwd, + workspaceSource, + workspaceId, + workspaceRepoUrl, + workspaceRepoRef, + workspaceHints, + agentHome, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, + }); remoteRuntimeRootDir = preparedExecutionTargetRuntime.runtimeRootDir; const managedHome = adapterExecutionTargetUsesManagedHome(executionTarget); if (managedHome && preparedExecutionTargetRuntime.runtimeRootDir) { @@ -315,13 +420,25 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0 && (runtimeSessionCwd.length === 0 || path.resolve(runtimeSessionCwd) === path.resolve(effectiveExecutionCwd)) && - adapterExecutionTargetSessionMatches(runtimeRemoteExecution, executionTarget); + adapterExecutionTargetSessionMatches(runtimeRemoteExecution, runtimeExecutionTarget); const sessionId = canResumeSession ? runtimeSessionId : null; if (executionTargetIsRemote && runtimeSessionId && !canResumeSession) { await onLog( @@ -456,7 +573,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise) diff --git a/packages/adapters/opencode-local/src/server/index.ts b/packages/adapters/opencode-local/src/server/index.ts index 3c92f753..a57970d0 100644 --- a/packages/adapters/opencode-local/src/server/index.ts +++ b/packages/adapters/opencode-local/src/server/index.ts @@ -67,6 +67,7 @@ export { listOpenCodeModels, discoverOpenCodeModels, ensureOpenCodeModelConfiguredAndAvailable, + requireOpenCodeModelId, resetOpenCodeModelsCacheForTests, } from "./models.js"; export { parseOpenCodeJsonl, isOpenCodeUnknownSessionError } from "./parse.js"; diff --git a/packages/adapters/opencode-local/src/server/models.test.ts b/packages/adapters/opencode-local/src/server/models.test.ts index cd49e4a2..0f0bea0c 100644 --- a/packages/adapters/opencode-local/src/server/models.test.ts +++ b/packages/adapters/opencode-local/src/server/models.test.ts @@ -2,6 +2,7 @@ import { afterEach, describe, expect, it } from "vitest"; import { ensureOpenCodeModelConfiguredAndAvailable, listOpenCodeModels, + requireOpenCodeModelId, resetOpenCodeModelsCacheForTests, } from "./models.js"; @@ -22,6 +23,19 @@ describe("openCode models", () => { ).rejects.toThrow("OpenCode requires `adapterConfig.model`"); }); + it("accepts a provider/model id without running discovery", () => { + expect(requireOpenCodeModelId("openai/gpt-5.2-codex")).toBe("openai/gpt-5.2-codex"); + }); + + it("rejects malformed provider/model ids before discovery", () => { + expect(() => requireOpenCodeModelId("gpt-5.2-codex")).toThrow( + "OpenCode requires `adapterConfig.model`", + ); + expect(() => requireOpenCodeModelId("openai/")).toThrow( + "OpenCode requires `adapterConfig.model`", + ); + }); + it("rejects when discovery cannot run for configured model", async () => { process.env.PAPERCLIP_OPENCODE_COMMAND = "__paperclip_missing_opencode_command__"; await expect( diff --git a/packages/adapters/opencode-local/src/server/models.ts b/packages/adapters/opencode-local/src/server/models.ts index 95cb1fc9..38d64b20 100644 --- a/packages/adapters/opencode-local/src/server/models.ts +++ b/packages/adapters/opencode-local/src/server/models.ts @@ -6,6 +6,7 @@ import { ensurePathInEnv, runChildProcess, } from "@paperclipai/adapter-utils/server-utils"; +import { isValidOpenCodeModelId } from "../index.js"; const MODELS_CACHE_TTL_MS = 60_000; const MODELS_DISCOVERY_TIMEOUT_MS = 20_000; @@ -23,6 +24,14 @@ const discoveryCache = new Map(); const deduped: AdapterModel[] = []; @@ -50,7 +59,7 @@ function firstNonEmptyLine(text: string): string { ); } -function parseModelsOutput(stdout: string): AdapterModel[] { +export function parseOpenCodeModelsOutput(stdout: string): AdapterModel[] { const parsed: AdapterModel[] = []; for (const raw of stdout.split(/\r?\n/)) { const line = raw.trim(); @@ -144,7 +153,7 @@ export async function discoverOpenCodeModels(input: { throw new Error(detail ? `\`opencode models\` failed: ${detail}` : "`opencode models` failed."); } - return sortModels(parseModelsOutput(result.stdout)); + return sortModels(parseOpenCodeModelsOutput(result.stdout)); } export async function discoverOpenCodeModelsCached(input: { @@ -172,10 +181,7 @@ export async function ensureOpenCodeModelConfiguredAndAvailable(input: { cwd?: unknown; env?: unknown; }): Promise { - const model = asString(input.model, "").trim(); - if (!model) { - throw new Error("OpenCode requires `adapterConfig.model` in provider/model format."); - } + const model = requireOpenCodeModelId(input.model); const models = await discoverOpenCodeModelsCached({ command: input.command, diff --git a/packages/adapters/opencode-local/src/server/runtime-config.ts b/packages/adapters/opencode-local/src/server/runtime-config.ts index bc903e83..6f9a338b 100644 --- a/packages/adapters/opencode-local/src/server/runtime-config.ts +++ b/packages/adapters/opencode-local/src/server/runtime-config.ts @@ -34,6 +34,7 @@ async function readJsonObject(filepath: string): Promise export async function prepareOpenCodeRuntimeConfig(input: { env: Record; config: Record; + targetIsRemote?: boolean; }): Promise { const skipPermissions = asBoolean(input.config.dangerouslySkipPermissions, true); if (!skipPermissions) { @@ -44,6 +45,19 @@ export async function prepareOpenCodeRuntimeConfig(input: { }; } + // For remote execution targets the host XDG_CONFIG_HOME path is meaningless + // (and actively harmful — it leaks a macOS-only path into the remote Linux + // env). Callers that need to ship a runtime opencode config to the remote + // box do that via prepareAdapterExecutionTargetRuntime in execute.ts; this + // host-fs helper is local-only. + if (input.targetIsRemote) { + return { + env: input.env, + notes: [], + cleanup: async () => {}, + }; + } + const sourceConfigDir = path.join(resolveXdgConfigHome(input.env), "opencode"); const runtimeConfigHome = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-opencode-config-")); const runtimeConfigDir = path.join(runtimeConfigHome, "opencode"); diff --git a/packages/adapters/opencode-local/src/server/test.remote.test.ts b/packages/adapters/opencode-local/src/server/test.remote.test.ts new file mode 100644 index 00000000..f089ceb0 --- /dev/null +++ b/packages/adapters/opencode-local/src/server/test.remote.test.ts @@ -0,0 +1,129 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import type { AdapterExecutionTarget } from "@paperclipai/adapter-utils/execution-target"; + +const { + ensureAdapterExecutionTargetDirectory, + ensureAdapterExecutionTargetCommandResolvable, + maybeRunSandboxInstallCommand, + runAdapterExecutionTargetProcess, + describeAdapterExecutionTarget, + resolveAdapterExecutionTargetCwd, + prepareAdapterExecutionTargetRuntime, +} = vi.hoisted(() => { + const restoreWorkspace = vi.fn(async () => {}); + return { + ensureAdapterExecutionTargetDirectory: vi.fn(async () => {}), + ensureAdapterExecutionTargetCommandResolvable: vi.fn(async () => {}), + maybeRunSandboxInstallCommand: vi.fn(async () => null), + runAdapterExecutionTargetProcess: vi.fn(async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: [ + JSON.stringify({ type: "step_start", sessionID: "session-1" }), + JSON.stringify({ type: "text", sessionID: "session-1", part: { text: "hello" } }), + JSON.stringify({ + type: "step_finish", + sessionID: "session-1", + part: { cost: 0.001, tokens: { input: 1, output: 1, reasoning: 0, cache: { read: 0, write: 0 } } }, + }), + ].join("\n"), + stderr: "", + pid: 123, + startedAt: new Date().toISOString(), + })), + describeAdapterExecutionTarget: vi.fn(() => "QA Cloudflare"), + resolveAdapterExecutionTargetCwd: vi.fn((target, configuredCwd, fallbackCwd) => { + if (typeof configuredCwd === "string" && configuredCwd.trim().length > 0) return configuredCwd; + if (target && typeof target === "object" && "remoteCwd" in target && typeof target.remoteCwd === "string") { + return target.remoteCwd; + } + return fallbackCwd; + }), + prepareAdapterExecutionTargetRuntime: vi.fn(async () => ({ + target: null, + workspaceRemoteDir: "/remote/workspace/.paperclip-runtime/runs/test/workspace", + runtimeRootDir: "/remote/workspace/.paperclip-runtime/runs/test/workspace/.paperclip-runtime/opencode", + assetDirs: { + xdgConfig: "/remote/workspace/.paperclip-runtime/runs/test/workspace/.paperclip-runtime/opencode/xdgConfig", + }, + restoreWorkspace, + })), + }; +}); + +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + ensureAdapterExecutionTargetDirectory, + ensureAdapterExecutionTargetCommandResolvable, + maybeRunSandboxInstallCommand, + runAdapterExecutionTargetProcess, + describeAdapterExecutionTarget, + resolveAdapterExecutionTargetCwd, + prepareAdapterExecutionTargetRuntime, + }; +}); + +import { testEnvironment } from "./test.js"; + +describe("opencode remote environment diagnostics", () => { + afterEach(() => { + vi.clearAllMocks(); + }); + + it("stages remote runtime config assets for sandbox hello probes", async () => { + const remoteTarget: AdapterExecutionTarget = { + kind: "remote", + transport: "sandbox", + providerKey: "cloudflare", + remoteCwd: "/remote/workspace", + runner: { + execute: async () => ({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }), + }, + }; + + const result = await testEnvironment({ + companyId: "company-1", + adapterType: "opencode_local", + config: { + command: "opencode", + model: "anthropic/claude-sonnet-4-5", + }, + executionTarget: remoteTarget, + environmentName: "QA Cloudflare", + }); + + expect(result.status).toBe("pass"); + expect(prepareAdapterExecutionTargetRuntime).toHaveBeenCalledTimes(1); + const runtimeCalls = prepareAdapterExecutionTargetRuntime.mock.calls as unknown as Array< + [{ adapterKey: string; assets?: Array<{ key: string; localDir: string }> }] + >; + const runtimeInput = runtimeCalls[0]?.[0]; + expect(runtimeInput?.adapterKey).toBe("opencode"); + expect(runtimeInput?.assets).toEqual([ + expect.objectContaining({ + key: "xdgConfig", + }), + ]); + + const probeCall = runAdapterExecutionTargetProcess.mock.calls[0] as unknown as + | [string, AdapterExecutionTarget, string, string[], { cwd: string; env: Record }] + | undefined; + expect(probeCall?.[4].cwd).toBe("/remote/workspace/.paperclip-runtime/runs/test/workspace"); + expect(probeCall?.[4].env.XDG_CONFIG_HOME).toBe( + "/remote/workspace/.paperclip-runtime/runs/test/workspace/.paperclip-runtime/opencode/xdgConfig", + ); + }); +}); diff --git a/packages/adapters/opencode-local/src/server/test.ts b/packages/adapters/opencode-local/src/server/test.ts index f72054dd..7335fda1 100644 --- a/packages/adapters/opencode-local/src/server/test.ts +++ b/packages/adapters/opencode-local/src/server/test.ts @@ -1,8 +1,12 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; import type { AdapterEnvironmentCheck, AdapterEnvironmentTestContext, AdapterEnvironmentTestResult, } from "@paperclipai/adapter-utils"; +import type { AdapterExecutionTarget } from "@paperclipai/adapter-utils/execution-target"; import { asBoolean, asString, @@ -12,13 +16,17 @@ import { } from "@paperclipai/adapter-utils/server-utils"; import { ensureAdapterExecutionTargetCommandResolvable, + maybeRunSandboxInstallCommand, ensureAdapterExecutionTargetDirectory, runAdapterExecutionTargetProcess, describeAdapterExecutionTarget, resolveAdapterExecutionTargetCwd, + prepareAdapterExecutionTargetRuntime, + overrideAdapterExecutionTargetRemoteCwd, } from "@paperclipai/adapter-utils/execution-target"; import { discoverOpenCodeModels, ensureOpenCodeModelConfiguredAndAvailable } from "./models.js"; import { parseOpenCodeJsonl } from "./parse.js"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; import { prepareOpenCodeRuntimeConfig } from "./runtime-config.js"; function summarizeStatus(checks: AdapterEnvironmentCheck[]): AdapterEnvironmentTestResult["status"] { @@ -117,6 +125,8 @@ export async function testEnvironment( // Prevent OpenCode from writing an opencode.json into the working directory. env.OPENCODE_DISABLE_PROJECT_CONFIG = "true"; const preparedRuntimeConfig = await prepareOpenCodeRuntimeConfig({ env, config }); + const localRuntimeConfigHome = + preparedRuntimeConfig.notes.length > 0 ? preparedRuntimeConfig.env.XDG_CONFIG_HOME : ""; if (asBoolean(config.dangerouslySkipPermissions, true)) { checks.push({ code: "opencode_headless_permissions_enabled", @@ -124,7 +134,43 @@ export async function testEnvironment( message: "Headless OpenCode external-directory permissions are auto-approved for unattended runs.", }); } + let restoreWorkspace: (() => Promise) | null = null; + // Declared outside `try` so a failure inside `prepareAdapterExecutionTargetRuntime` + // still has the path available for cleanup in `finally` — otherwise the + // `fs.mkdtemp` directory leaks on the early-throw path. + let preparedRuntimeWorkspaceLocalDir: string | null = null; try { + let runtimeTarget: AdapterExecutionTarget | null = target ?? null; + let runtimeCwd = cwd; + if (targetIsRemote) { + preparedRuntimeWorkspaceLocalDir = await fs.mkdtemp(path.join(os.tmpdir(), `paperclip-opencode-envtest-${runId}-`)); + const preparedExecutionTargetRuntime = await prepareAdapterExecutionTargetRuntime({ + runId, + target, + adapterKey: "opencode", + workspaceLocalDir: preparedRuntimeWorkspaceLocalDir, + workspaceRemoteDir: cwd, + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, + assets: localRuntimeConfigHome + ? [{ + key: "xdgConfig", + localDir: localRuntimeConfigHome, + }] + : [], + }); + restoreWorkspace = async () => { + await preparedExecutionTargetRuntime.restoreWorkspace().catch(() => {}); + if (preparedRuntimeWorkspaceLocalDir) { + await fs.rm(preparedRuntimeWorkspaceLocalDir, { recursive: true, force: true }).catch(() => {}); + } + }; + runtimeCwd = preparedExecutionTargetRuntime.workspaceRemoteDir ?? runtimeCwd; + runtimeTarget = overrideAdapterExecutionTargetRemoteCwd(target ?? null, runtimeCwd) ?? null; + if (localRuntimeConfigHome && preparedExecutionTargetRuntime.assetDirs.xdgConfig) { + preparedRuntimeConfig.env.XDG_CONFIG_HOME = preparedExecutionTargetRuntime.assetDirs.xdgConfig; + } + } const runtimeEnv = normalizeEnv(ensurePathInEnv({ ...process.env, ...preparedRuntimeConfig.env })); const cwdInvalid = checks.some((check) => check.code === "opencode_cwd_invalid"); @@ -136,8 +182,17 @@ export async function testEnvironment( detail: command, }); } else { + const installCheck = await maybeRunSandboxInstallCommand({ + runId, + target, + adapterKey: "opencode", + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, + env, + }); + if (installCheck) checks.push(installCheck); try { - await ensureAdapterExecutionTargetCommandResolvable(command, target, cwd, runtimeEnv); + await ensureAdapterExecutionTargetCommandResolvable(command, runtimeTarget, runtimeCwd, runtimeEnv); checks.push({ code: "opencode_command_resolvable", level: "info", @@ -282,11 +337,11 @@ export async function testEnvironment( try { const probe = await runAdapterExecutionTargetProcess( runId, - target, + runtimeTarget, command, args, { - cwd, + cwd: runtimeCwd, env: runtimeEnv, timeoutSec: 60, graceSec: 5, @@ -358,6 +413,12 @@ export async function testEnvironment( } } } finally { + await restoreWorkspace?.(); + if (!restoreWorkspace && preparedRuntimeWorkspaceLocalDir) { + // Reached when `prepareAdapterExecutionTargetRuntime` threw before + // assigning `restoreWorkspace`: clean up the temp dir directly. + await fs.rm(preparedRuntimeWorkspaceLocalDir, { recursive: true, force: true }).catch(() => {}); + } await preparedRuntimeConfig.cleanup(); } diff --git a/packages/adapters/pi-local/src/index.ts b/packages/adapters/pi-local/src/index.ts index 6daaa59b..4d13eb76 100644 --- a/packages/adapters/pi-local/src/index.ts +++ b/packages/adapters/pi-local/src/index.ts @@ -3,6 +3,8 @@ import type { AdapterModelProfileDefinition } from "@paperclipai/adapter-utils"; export const type = "pi_local"; export const label = "Pi (local)"; +export const SANDBOX_INSTALL_COMMAND = "npm install -g @mariozechner/pi-coding-agent"; + export const models: Array<{ id: string; label: string }> = []; export const modelProfiles: AdapterModelProfileDefinition[] = []; diff --git a/packages/adapters/pi-local/src/server/execute.remote.test.ts b/packages/adapters/pi-local/src/server/execute.remote.test.ts index 302f4441..6b9b64b9 100644 --- a/packages/adapters/pi-local/src/server/execute.remote.test.ts +++ b/packages/adapters/pi-local/src/server/execute.remote.test.ts @@ -11,6 +11,7 @@ const { restoreWorkspaceFromSshExecution, runSshCommand, syncDirectoryToSsh, + startAdapterExecutionTargetPaperclipBridge, } = vi.hoisted(() => ({ runChildProcess: vi.fn(async () => ({ exitCode: 0, @@ -36,7 +37,7 @@ const { })), ensureCommandResolvable: vi.fn(async () => undefined), resolveCommandForLogs: vi.fn(async () => "ssh://fixture@127.0.0.1:2222/remote/workspace :: pi"), - prepareWorkspaceForSshExecution: vi.fn(async () => undefined), + prepareWorkspaceForSshExecution: vi.fn(async () => ({ gitBacked: false })), restoreWorkspaceFromSshExecution: vi.fn(async () => undefined), runSshCommand: vi.fn(async () => ({ stdout: "", @@ -44,6 +45,14 @@ const { exitCode: 0, })), syncDirectoryToSsh: vi.fn(async () => undefined), + startAdapterExecutionTargetPaperclipBridge: vi.fn(async () => ({ + env: { + PAPERCLIP_API_URL: "http://127.0.0.1:4310", + PAPERCLIP_API_KEY: "bridge-token", + PAPERCLIP_API_BRIDGE_MODE: "queue_v1", + }, + stop: async () => {}, + })), })); vi.mock("@paperclipai/adapter-utils/server-utils", async () => { @@ -71,6 +80,16 @@ vi.mock("@paperclipai/adapter-utils/ssh", async () => { }; }); +vi.mock("@paperclipai/adapter-utils/execution-target", async () => { + const actual = await vi.importActual( + "@paperclipai/adapter-utils/execution-target", + ); + return { + ...actual, + startAdapterExecutionTargetPaperclipBridge, + }; +}); + import { execute } from "./execute.js"; describe("pi remote execution", () => { @@ -89,7 +108,10 @@ describe("pi remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-pi-remote-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const alternateWorkspaceDir = path.join(rootDir, "workspace-other"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-1/workspace"; await mkdir(workspaceDir, { recursive: true }); + await mkdir(alternateWorkspaceDir, { recursive: true }); const result = await execute({ runId: "run-1", @@ -115,6 +137,20 @@ describe("pi remote execution", () => { cwd: workspaceDir, source: "project_primary", }, + paperclipWorkspaces: [ + { + workspaceId: "workspace-1", + cwd: workspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + cwd: alternateWorkspaceDir, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ], }, executionTransport: { remoteExecution: { @@ -126,28 +162,26 @@ describe("pi remote execution", () => { privateKey: "PRIVATE KEY", knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", strictHostKeyChecking: true, - paperclipApiUrl: "http://198.51.100.10:3102", }, }, onLog: async () => {}, }); expect(result.sessionParams).toMatchObject({ - cwd: "/remote/workspace", + cwd: managedRemoteWorkspace, remoteExecution: { transport: "ssh", host: "127.0.0.1", port: 2222, username: "fixture", - remoteCwd: "/remote/workspace", - paperclipApiUrl: "http://198.51.100.10:3102", + remoteCwd: managedRemoteWorkspace, }, }); - expect(String(result.sessionId)).toContain("/remote/workspace/.paperclip-runtime/pi/sessions/"); + expect(String(result.sessionId)).toContain(`${managedRemoteWorkspace}/.paperclip-runtime/pi/sessions/`); expect(prepareWorkspaceForSshExecution).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledTimes(1); expect(syncDirectoryToSsh).toHaveBeenCalledWith(expect.objectContaining({ - remoteDir: "/remote/workspace/.paperclip-runtime/pi/skills", + remoteDir: `${managedRemoteWorkspace}/.paperclip-runtime/pi/skills`, followSymlinks: true, })); expect(runSshCommand).toHaveBeenCalledWith( @@ -160,9 +194,25 @@ describe("pi remote execution", () => { | undefined; expect(call?.[2]).toContain("--session"); expect(call?.[2]).toContain("--skill"); - expect(call?.[2]).toContain("/remote/workspace/.paperclip-runtime/pi/skills"); - expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://198.51.100.10:3102"); - expect(call?.[3].remoteExecution?.remoteCwd).toBe("/remote/workspace"); + expect(call?.[2]).toContain(`${managedRemoteWorkspace}/.paperclip-runtime/pi/skills`); + expect(call?.[3].env.PAPERCLIP_WORKSPACE_CWD).toBe(managedRemoteWorkspace); + expect(JSON.parse(call?.[3].env.PAPERCLIP_WORKSPACES_JSON ?? "[]")).toEqual([ + { + workspaceId: "workspace-1", + cwd: managedRemoteWorkspace, + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "main", + }, + { + workspaceId: "workspace-2", + repoUrl: "https://github.com/paperclipai/paperclip.git", + repoRef: "feature/other", + }, + ]); + expect(call?.[3].env.PAPERCLIP_API_URL).toBe("http://127.0.0.1:4310"); + expect(call?.[3].env.PAPERCLIP_API_BRIDGE_MODE).toBe("queue_v1"); + expect(call?.[3].remoteExecution?.remoteCwd).toBe(managedRemoteWorkspace); + expect(startAdapterExecutionTargetPaperclipBridge).toHaveBeenCalledTimes(1); expect(restoreWorkspaceFromSshExecution).toHaveBeenCalledTimes(1); }); @@ -170,8 +220,25 @@ describe("pi remote execution", () => { const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-pi-remote-resume-")); cleanupDirs.push(rootDir); const workspaceDir = path.join(rootDir, "workspace"); + const managedRemoteWorkspace = "/remote/workspace/.paperclip-runtime/runs/run-ssh-resume/workspace"; await mkdir(workspaceDir, { recursive: true }); + runSshCommand.mockImplementation(async (...args: unknown[]) => { + const command = String(args[1] ?? ""); + if (command.includes("head -n 1") && command.includes("session-123.jsonl")) { + return { + stdout: `${JSON.stringify({ type: "session", cwd: managedRemoteWorkspace })}\n`, + stderr: "", + exitCode: 0, + }; + } + return { + stdout: "", + stderr: "", + exitCode: 0, + }; + }); + await execute({ runId: "run-ssh-resume", agent: { @@ -181,6 +248,83 @@ describe("pi remote execution", () => { adapterType: "pi_local", adapterConfig: {}, }, + runtime: { + sessionId: `${managedRemoteWorkspace}/.paperclip-runtime/pi/sessions/session-123.jsonl`, + sessionParams: { + sessionId: `${managedRemoteWorkspace}/.paperclip-runtime/pi/sessions/session-123.jsonl`, + cwd: managedRemoteWorkspace, + remoteExecution: { + transport: "ssh", + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteCwd: managedRemoteWorkspace, + }, + }, + sessionDisplayId: "session-123", + taskKey: null, + }, + config: { + command: "pi", + model: "openai/gpt-5.4-mini", + }, + context: { + paperclipWorkspace: { + cwd: workspaceDir, + source: "project_primary", + }, + }, + executionTransport: { + remoteExecution: { + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteWorkspacePath: "/remote/workspace", + remoteCwd: "/remote/workspace", + privateKey: "PRIVATE KEY", + knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", + strictHostKeyChecking: true, + }, + }, + onLog: async () => {}, + }); + + const call = runChildProcess.mock.calls[0] as unknown as [string, string, string[]] | undefined; + expect(call?.[2]).toContain("--session"); + expect(call?.[2]).toContain(`${managedRemoteWorkspace}/.paperclip-runtime/pi/sessions/session-123.jsonl`); + }); + + it("starts a fresh remote Pi session when the saved session header cwd points at a different workspace", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-pi-remote-stale-session-")); + cleanupDirs.push(rootDir); + const workspaceDir = path.join(rootDir, "workspace"); + await mkdir(workspaceDir, { recursive: true }); + + runSshCommand.mockImplementation(async (...args: unknown[]) => { + const command = String(args[1] ?? ""); + if (command.includes("head -n 1") && command.includes("session-123.jsonl")) { + return { + stdout: `${JSON.stringify({ type: "session", cwd: "/remote/old-workspace" })}\n`, + stderr: "", + exitCode: 0, + }; + } + return { + stdout: "", + stderr: "", + exitCode: 0, + }; + }); + + await execute({ + runId: "run-ssh-stale-session", + agent: { + id: "agent-1", + companyId: "company-1", + name: "Pi Builder", + adapterType: "pi_local", + adapterConfig: {}, + }, runtime: { sessionId: "/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl", sessionParams: { @@ -222,8 +366,146 @@ describe("pi remote execution", () => { onLog: async () => {}, }); + const managedRemoteWorkspaceFresh = "/remote/workspace/.paperclip-runtime/runs/run-ssh-stale-session/workspace"; const call = runChildProcess.mock.calls[0] as unknown as [string, string, string[]] | undefined; - expect(call?.[2]).toContain("--session"); - expect(call?.[2]).toContain("/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl"); + const sessionIndex = call?.[2].indexOf("--session") ?? -1; + expect(sessionIndex).toBeGreaterThanOrEqual(0); + const usedSession = sessionIndex >= 0 ? call?.[2][sessionIndex + 1] : null; + expect(usedSession).toContain(`${managedRemoteWorkspaceFresh}/.paperclip-runtime/pi/sessions/`); + expect(usedSession).not.toBe("/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl"); + }); + + it("starts a fresh remote Pi session when the saved session header is empty or unreadable", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-pi-remote-empty-header-")); + cleanupDirs.push(rootDir); + const workspaceDir = path.join(rootDir, "workspace"); + await mkdir(workspaceDir, { recursive: true }); + + runSshCommand.mockImplementation(async (...args: unknown[]) => { + const command = String(args[1] ?? ""); + if (command.includes("head -n 1") && command.includes("session-123.jsonl")) { + return { stdout: "", stderr: "", exitCode: 0 }; + } + return { stdout: "", stderr: "", exitCode: 0 }; + }); + + await execute({ + runId: "run-ssh-empty-header", + agent: { + id: "agent-1", + companyId: "company-1", + name: "Pi Builder", + adapterType: "pi_local", + adapterConfig: {}, + }, + runtime: { + sessionId: "/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl", + sessionParams: { + sessionId: "/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl", + cwd: "/remote/workspace", + remoteExecution: { + transport: "ssh", + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteCwd: "/remote/workspace", + }, + }, + sessionDisplayId: "session-123", + taskKey: null, + }, + config: { command: "pi", model: "openai/gpt-5.4-mini" }, + context: { + paperclipWorkspace: { cwd: workspaceDir, source: "project_primary" }, + }, + executionTransport: { + remoteExecution: { + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteWorkspacePath: "/remote/workspace", + remoteCwd: "/remote/workspace", + privateKey: "PRIVATE KEY", + knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", + strictHostKeyChecking: true, + }, + }, + onLog: async () => {}, + }); + + const call = runChildProcess.mock.calls[0] as unknown as [string, string, string[]] | undefined; + const sessionIndex = call?.[2].indexOf("--session") ?? -1; + expect(sessionIndex).toBeGreaterThanOrEqual(0); + const usedSession = sessionIndex >= 0 ? call?.[2][sessionIndex + 1] : null; + expect(usedSession).not.toBe("/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl"); + }); + + it("starts a fresh remote Pi session when the remote head command fails", async () => { + const rootDir = await mkdtemp(path.join(os.tmpdir(), "paperclip-pi-remote-head-failure-")); + cleanupDirs.push(rootDir); + const workspaceDir = path.join(rootDir, "workspace"); + await mkdir(workspaceDir, { recursive: true }); + + runSshCommand.mockImplementation(async (...args: unknown[]) => { + const command = String(args[1] ?? ""); + if (command.includes("head -n 1") && command.includes("session-123.jsonl")) { + throw Object.assign(new Error("ssh: connect failed"), { + stdout: "", + stderr: "ssh: connect failed", + code: "ENOENT", + }); + } + return { stdout: "", stderr: "", exitCode: 0 }; + }); + + await execute({ + runId: "run-ssh-head-failure", + agent: { + id: "agent-1", + companyId: "company-1", + name: "Pi Builder", + adapterType: "pi_local", + adapterConfig: {}, + }, + runtime: { + sessionId: "/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl", + sessionParams: { + sessionId: "/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl", + cwd: "/remote/workspace", + remoteExecution: { + transport: "ssh", + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteCwd: "/remote/workspace", + }, + }, + sessionDisplayId: "session-123", + taskKey: null, + }, + config: { command: "pi", model: "openai/gpt-5.4-mini" }, + context: { + paperclipWorkspace: { cwd: workspaceDir, source: "project_primary" }, + }, + executionTransport: { + remoteExecution: { + host: "127.0.0.1", + port: 2222, + username: "fixture", + remoteWorkspacePath: "/remote/workspace", + remoteCwd: "/remote/workspace", + privateKey: "PRIVATE KEY", + knownHosts: "[127.0.0.1]:2222 ssh-ed25519 AAAA", + strictHostKeyChecking: true, + }, + }, + onLog: async () => {}, + }); + + const call = runChildProcess.mock.calls[0] as unknown as [string, string, string[]] | undefined; + const sessionIndex = call?.[2].indexOf("--session") ?? -1; + expect(sessionIndex).toBeGreaterThanOrEqual(0); + const usedSession = sessionIndex >= 0 ? call?.[2][sessionIndex + 1] : null; + expect(usedSession).not.toBe("/remote/workspace/.paperclip-runtime/pi/sessions/session-123.jsonl"); }); }); diff --git a/packages/adapters/pi-local/src/server/execute.ts b/packages/adapters/pi-local/src/server/execute.ts index ef7f654b..6bcb22ae 100644 --- a/packages/adapters/pi-local/src/server/execute.ts +++ b/packages/adapters/pi-local/src/server/execute.ts @@ -5,8 +5,8 @@ import { fileURLToPath } from "node:url"; import { inferOpenAiCompatibleBiller, type AdapterExecutionContext, type AdapterExecutionResult } from "@paperclipai/adapter-utils"; import { adapterExecutionTargetIsRemote, - adapterExecutionTargetPaperclipApiUrl, adapterExecutionTargetRemoteCwd, + overrideAdapterExecutionTargetRemoteCwd, adapterExecutionTargetSessionIdentity, adapterExecutionTargetSessionMatches, adapterExecutionTargetUsesManagedHome, @@ -14,10 +14,13 @@ import { describeAdapterExecutionTarget, ensureAdapterExecutionTargetCommandResolvable, ensureAdapterExecutionTargetFile, + ensureAdapterExecutionTargetRuntimeCommandInstalled, prepareAdapterExecutionTargetRuntime, readAdapterExecutionTarget, + resolveAdapterExecutionTargetTimeoutSec, resolveAdapterExecutionTargetCommandForLogs, runAdapterExecutionTargetProcess, + runAdapterExecutionTargetShellCommand, startAdapterExecutionTargetPaperclipBridge, } from "@paperclipai/adapter-utils/execution-target"; import { @@ -25,14 +28,15 @@ import { asNumber, asStringArray, parseObject, - applyPaperclipWorkspaceEnv, buildPaperclipEnv, joinPromptSections, buildInvocationEnvForLogs, ensureAbsoluteDirectory, ensurePaperclipSkillSymlink, ensurePathInEnv, + refreshPaperclipWorkspaceEnvForExecution, readPaperclipRuntimeSkillEntries, + readPaperclipIssueWorkModeFromContext, resolvePaperclipDesiredSkillNames, removeMaintainerOnlySkillSymlinks, renderTemplate, @@ -41,8 +45,10 @@ import { DEFAULT_PAPERCLIP_AGENT_PROMPT_TEMPLATE, runChildProcess, } from "@paperclipai/adapter-utils/server-utils"; +import { shellQuote } from "@paperclipai/adapter-utils/ssh"; import { isPiUnknownSessionError, parsePiJsonl } from "./parse.js"; import { ensurePiModelConfiguredAndAvailable } from "./models.js"; +import { SANDBOX_INSTALL_COMMAND } from "../index.js"; const __moduleDir = path.dirname(fileURLToPath(import.meta.url)); @@ -143,6 +149,68 @@ function buildRemoteSessionPath(runtimeRootDir: string, agentId: string, timesta return path.posix.join(runtimeRootDir, "sessions", `${safeTimestamp}-${agentId}.jsonl`); } +function normalizeExecutionCwd(candidate: string, remote: boolean): string { + return remote ? path.posix.normalize(candidate) : path.resolve(candidate); +} + +function executionCwdsMatch(saved: string, current: string, remote: boolean): boolean { + return normalizeExecutionCwd(saved, remote) === normalizeExecutionCwd(current, remote); +} + +function readSessionHeaderCwd(raw: string): string | null { + const headerLine = raw + .split(/\r?\n/) + .map((line) => line.trim()) + .find(Boolean); + if (!headerLine) return null; + try { + const parsed = JSON.parse(headerLine) as Record; + if (parsed.type !== "session") return null; + const cwd = typeof parsed.cwd === "string" ? parsed.cwd.trim() : ""; + return cwd.length > 0 ? cwd : null; + } catch { + return null; + } +} + +async function readSavedSessionCwd(input: { + runId: string; + sessionPath: string; + executionTarget: ReturnType; + cwd: string; + env: Record; + timeoutSec: number; + graceSec: number; +}): Promise { + if (!input.sessionPath.trim()) return null; + + if (!adapterExecutionTargetIsRemote(input.executionTarget)) { + try { + return readSessionHeaderCwd(await fs.readFile(input.sessionPath, "utf8")); + } catch { + return null; + } + } + + try { + const sessionHeader = await runAdapterExecutionTargetShellCommand( + input.runId, + input.executionTarget, + `if [ -f ${shellQuote(input.sessionPath)} ]; then head -n 1 ${shellQuote(input.sessionPath)}; fi`, + { + cwd: input.cwd, + env: input.env, + timeoutSec: input.timeoutSec > 0 ? Math.min(input.timeoutSec, 15) : 15, + graceSec: input.graceSec, + }, + ); + if (sessionHeader.timedOut || (sessionHeader.exitCode ?? 0) !== 0) return null; + return readSessionHeaderCwd(sessionHeader.stdout); + } catch { + return null; + } +} + export async function execute(ctx: AdapterExecutionContext): Promise { const { runId, agent, runtime, config, context, onLog, onMeta, onSpawn, authToken } = ctx; const executionTarget = readAdapterExecutionTarget({ @@ -179,7 +247,7 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0; const effectiveWorkspaceCwd = useConfiguredInsteadOfAgentHome ? "" : workspaceCwd; const cwd = effectiveWorkspaceCwd || configuredCwd || process.cwd(); - const effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); + let effectiveExecutionCwd = adapterExecutionTargetRemoteCwd(executionTarget, cwd); await ensureAbsoluteDirectory(cwd, { createIfMissing: true }); if (!executionTargetIsRemote) { @@ -223,29 +291,29 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof value === "string" && value.trim().length > 0) : []; const wakePayloadJson = stringifyPaperclipWakePayload(context.paperclipWake); + const issueWorkMode = readPaperclipIssueWorkModeFromContext(context); if (wakeTaskId) env.PAPERCLIP_TASK_ID = wakeTaskId; + if (issueWorkMode) env.PAPERCLIP_ISSUE_WORK_MODE = issueWorkMode; if (wakeReason) env.PAPERCLIP_WAKE_REASON = wakeReason; if (wakeCommentId) env.PAPERCLIP_WAKE_COMMENT_ID = wakeCommentId; if (approvalId) env.PAPERCLIP_APPROVAL_ID = approvalId; if (approvalStatus) env.PAPERCLIP_APPROVAL_STATUS = approvalStatus; if (linkedIssueIds.length > 0) env.PAPERCLIP_LINKED_ISSUE_IDS = linkedIssueIds.join(","); if (wakePayloadJson) env.PAPERCLIP_WAKE_PAYLOAD_JSON = wakePayloadJson; - applyPaperclipWorkspaceEnv(env, { - workspaceCwd, + refreshPaperclipWorkspaceEnvForExecution({ + env, + envConfig, + workspaceCwd: effectiveWorkspaceCwd, workspaceSource, workspaceId, workspaceRepoUrl, workspaceRepoRef, + workspaceHints, agentHome, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, }); - if (workspaceHints.length > 0) env.PAPERCLIP_WORKSPACES_JSON = JSON.stringify(workspaceHints); - const targetPaperclipApiUrl = adapterExecutionTargetPaperclipApiUrl(executionTarget); - if (targetPaperclipApiUrl) env.PAPERCLIP_API_URL = targetPaperclipApiUrl; - - for (const [key, value] of Object.entries(envConfig)) { - if (typeof value === "string") env[key] = value; - } if (!hasExplicitApiKey && authToken) { env.PAPERCLIP_API_KEY = authToken; } @@ -278,7 +346,26 @@ export async function execute(ctx: AdapterExecutionContext): Promise typeof entry[1] === "string", ), ); - await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv); + const timeoutSec = resolveAdapterExecutionTargetTimeoutSec( + executionTarget, + asNumber(config.timeoutSec, 0), + ); + const graceSec = asNumber(config.graceSec, 20); + await ensureAdapterExecutionTargetRuntimeCommandInstalled({ + runId, + target: executionTarget, + installCommand: ctx.runtimeCommandSpec?.installCommand, + detectCommand: ctx.runtimeCommandSpec?.detectCommand, + cwd, + env: runtimeEnv, + timeoutSec, + graceSec, + onLog, + }); + await ensureAdapterExecutionTargetCommandResolvable(command, executionTarget, cwd, runtimeEnv, { + installCommand: SANDBOX_INSTALL_COMMAND, + timeoutSec, + }); const resolvedCommand = await resolveAdapterExecutionTargetCommandForLogs(command, executionTarget, cwd, runtimeEnv); let loggedEnv = buildInvocationEnvForLogs(env, { runtimeEnv, @@ -295,8 +382,6 @@ export async function execute(ctx: AdapterExecutionContext): Promise { const fromExtraArgs = asStringArray(config.extraArgs); if (fromExtraArgs.length > 0) return fromExtraArgs; @@ -316,9 +401,13 @@ export async function execute(ctx: AdapterExecutionContext): Promise preparedRemoteRuntime.restoreWorkspace(); + effectiveExecutionCwd = preparedRemoteRuntime.workspaceRemoteDir ?? effectiveExecutionCwd; + refreshPaperclipWorkspaceEnvForExecution({ + env, + envConfig, + workspaceCwd: effectiveWorkspaceCwd, + workspaceSource, + workspaceId, + workspaceRepoUrl, + workspaceRepoRef, + workspaceHints, + agentHome, + executionTargetIsRemote, + executionCwd: effectiveExecutionCwd, + }); if (adapterExecutionTargetUsesManagedHome(executionTarget) && preparedRemoteRuntime.runtimeRootDir) { env.HOME = preparedRemoteRuntime.runtimeRootDir; } @@ -341,12 +444,14 @@ export async function execute(ctx: AdapterExecutionContext): Promise 0 + ? await readSavedSessionCwd({ + runId, + sessionPath: runtimeSessionId, + executionTarget: runtimeExecutionTarget ?? null, + cwd, + env, + timeoutSec, + graceSec, + }) + : null; + const sessionHeaderCwdMatches = + runtimeSessionId.length === 0 || + (savedSessionCwd !== null && + executionCwdsMatch(savedSessionCwd, effectiveExecutionCwd, executionTargetIsRemote)); const canResumeSession = runtimeSessionId.length > 0 && - (runtimeSessionCwd.length === 0 || path.resolve(runtimeSessionCwd) === path.resolve(effectiveExecutionCwd)) && - adapterExecutionTargetSessionMatches(runtimeRemoteExecution, executionTarget); + sessionTargetMatches && + sessionParamsCwdMatches && + sessionHeaderCwdMatches; const sessionPath = canResumeSession ? runtimeSessionId : executionTargetIsRemote && remoteRuntimeRootDir @@ -379,17 +505,21 @@ export async function execute(ctx: AdapterExecutionContext): Promise check.level === "error")) return "fail"; @@ -134,6 +136,15 @@ export async function testEnvironment( detail: command, }); } else { + const installCheck = await maybeRunSandboxInstallCommand({ + runId, + target, + adapterKey: "pi", + installCommand: SANDBOX_INSTALL_COMMAND, + detectCommand: command, + env, + }); + if (installCheck) checks.push(installCheck); try { await ensureAdapterExecutionTargetCommandResolvable(command, target, cwd, runtimeEnv); checks.push({ diff --git a/packages/db/package.json b/packages/db/package.json index 5a5b0d51..0deaa215 100644 --- a/packages/db/package.json +++ b/packages/db/package.json @@ -45,7 +45,7 @@ }, "dependencies": { "@paperclipai/shared": "workspace:*", - "drizzle-orm": "^0.38.4", + "drizzle-orm": "^0.45.2", "embedded-postgres": "^18.1.0-beta.16", "postgres": "^3.4.5" }, diff --git a/packages/db/src/backup.ts b/packages/db/src/backup.ts index c11822c9..13633a70 100644 --- a/packages/db/src/backup.ts +++ b/packages/db/src/backup.ts @@ -1,7 +1,11 @@ import { existsSync, readFileSync } from "node:fs"; -import os from "node:os"; import path from "node:path"; import { formatDatabaseBackupResult, runDatabaseBackup } from "./backup-lib.js"; +import { + expandHomePrefix, + resolveDefaultBackupDir, + resolvePaperclipConfigPathForInstance, +} from "@paperclipai/shared/home-paths"; type PartialConfig = { database?: { @@ -15,30 +19,6 @@ type PartialConfig = { }; }; -function expandHomePrefix(value: string): string { - if (value === "~") return os.homedir(); - if (value.startsWith("~/")) return path.resolve(os.homedir(), value.slice(2)); - return value; -} - -function resolvePaperclipHomeDir(): string { - const envHome = process.env.PAPERCLIP_HOME?.trim(); - if (envHome) return path.resolve(expandHomePrefix(envHome)); - return path.resolve(os.homedir(), ".paperclip"); -} - -function resolvePaperclipInstanceId(): string { - const raw = process.env.PAPERCLIP_INSTANCE_ID?.trim() || "default"; - if (!/^[a-zA-Z0-9_-]+$/.test(raw)) { - throw new Error(`Invalid PAPERCLIP_INSTANCE_ID '${raw}'.`); - } - return raw; -} - -function resolveDefaultConfigPath(): string { - return path.resolve(resolvePaperclipHomeDir(), "instances", resolvePaperclipInstanceId(), "config.json"); -} - function readConfig(configPath: string): PartialConfig | null { if (!existsSync(configPath)) return null; try { @@ -72,10 +52,6 @@ function resolveConnectionString(config: PartialConfig | null): string { return `postgres://paperclip:paperclip@127.0.0.1:${port}/paperclip`; } -function resolveDefaultBackupDir(): string { - return path.resolve(resolvePaperclipHomeDir(), "instances", resolvePaperclipInstanceId(), "data", "backups"); -} - function resolveBackupDir(config: PartialConfig | null): string { const raw = config?.database?.backup?.dir; if (typeof raw === "string" && raw.trim().length > 0) { @@ -89,7 +65,7 @@ function resolveRetentionDays(config: PartialConfig | null): number { } async function main() { - const configPath = resolveDefaultConfigPath(); + const configPath = resolvePaperclipConfigPathForInstance(); const config = readConfig(configPath); const connectionString = resolveConnectionString(config); const backupDir = resolveBackupDir(config); diff --git a/packages/db/src/migrations/0075_cultured_sebastian_shaw.sql b/packages/db/src/migrations/0075_cultured_sebastian_shaw.sql new file mode 100644 index 00000000..4633db39 --- /dev/null +++ b/packages/db/src/migrations/0075_cultured_sebastian_shaw.sql @@ -0,0 +1,7 @@ +ALTER TABLE "issues" ADD COLUMN IF NOT EXISTS "monitor_next_check_at" timestamp with time zone;--> statement-breakpoint +ALTER TABLE "issues" ADD COLUMN IF NOT EXISTS "monitor_wake_requested_at" timestamp with time zone;--> statement-breakpoint +ALTER TABLE "issues" ADD COLUMN IF NOT EXISTS "monitor_last_triggered_at" timestamp with time zone;--> statement-breakpoint +ALTER TABLE "issues" ADD COLUMN IF NOT EXISTS "monitor_attempt_count" integer DEFAULT 0 NOT NULL;--> statement-breakpoint +ALTER TABLE "issues" ADD COLUMN IF NOT EXISTS "monitor_notes" text;--> statement-breakpoint +ALTER TABLE "issues" ADD COLUMN IF NOT EXISTS "monitor_scheduled_by" text;--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "issues_company_monitor_due_idx" ON "issues" USING btree ("company_id","monitor_next_check_at"); diff --git a/packages/db/src/migrations/0076_useful_elektra.sql b/packages/db/src/migrations/0076_useful_elektra.sql new file mode 100644 index 00000000..3620f169 --- /dev/null +++ b/packages/db/src/migrations/0076_useful_elektra.sql @@ -0,0 +1,29 @@ +CREATE TABLE IF NOT EXISTS "plugin_managed_resources" ( + "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL, + "company_id" uuid NOT NULL, + "plugin_id" uuid NOT NULL, + "plugin_key" text NOT NULL, + "resource_kind" text NOT NULL, + "resource_key" text NOT NULL, + "resource_id" uuid NOT NULL, + "defaults_json" jsonb DEFAULT '{}'::jsonb NOT NULL, + "created_at" timestamp with time zone DEFAULT now() NOT NULL, + "updated_at" timestamp with time zone DEFAULT now() NOT NULL +); +--> statement-breakpoint +DO $$ BEGIN + ALTER TABLE "plugin_managed_resources" ADD CONSTRAINT "plugin_managed_resources_company_id_companies_id_fk" FOREIGN KEY ("company_id") REFERENCES "public"."companies"("id") ON DELETE cascade ON UPDATE no action; +EXCEPTION + WHEN duplicate_object THEN NULL; +END $$; +--> statement-breakpoint +DO $$ BEGIN + ALTER TABLE "plugin_managed_resources" ADD CONSTRAINT "plugin_managed_resources_plugin_id_plugins_id_fk" FOREIGN KEY ("plugin_id") REFERENCES "public"."plugins"("id") ON DELETE cascade ON UPDATE no action; +EXCEPTION + WHEN duplicate_object THEN NULL; +END $$; +--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "plugin_managed_resources_company_idx" ON "plugin_managed_resources" USING btree ("company_id");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "plugin_managed_resources_plugin_idx" ON "plugin_managed_resources" USING btree ("plugin_id");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "plugin_managed_resources_resource_idx" ON "plugin_managed_resources" USING btree ("resource_kind","resource_id");--> statement-breakpoint +CREATE UNIQUE INDEX IF NOT EXISTS "plugin_managed_resources_company_plugin_resource_uq" ON "plugin_managed_resources" USING btree ("company_id","plugin_id","resource_kind","resource_key"); diff --git a/packages/db/src/migrations/0077_unusual_karnak.sql b/packages/db/src/migrations/0077_unusual_karnak.sql new file mode 100644 index 00000000..05fb414a --- /dev/null +++ b/packages/db/src/migrations/0077_unusual_karnak.sql @@ -0,0 +1,140 @@ +CREATE TABLE IF NOT EXISTS "routine_revisions" ( + "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL, + "company_id" uuid NOT NULL, + "routine_id" uuid NOT NULL, + "revision_number" integer NOT NULL, + "title" text NOT NULL, + "description" text, + "snapshot" jsonb NOT NULL, + "change_summary" text, + "restored_from_revision_id" uuid, + "created_by_agent_id" uuid, + "created_by_user_id" text, + "created_by_run_id" uuid, + "created_at" timestamp with time zone DEFAULT now() NOT NULL +); +--> statement-breakpoint +ALTER TABLE "routines" ADD COLUMN IF NOT EXISTS "latest_revision_id" uuid;--> statement-breakpoint +ALTER TABLE "routines" ADD COLUMN IF NOT EXISTS "latest_revision_number" integer DEFAULT 1 NOT NULL;--> statement-breakpoint +DO $$ BEGIN + ALTER TABLE "routine_revisions" ADD CONSTRAINT "routine_revisions_company_id_companies_id_fk" FOREIGN KEY ("company_id") REFERENCES "public"."companies"("id") ON DELETE cascade ON UPDATE no action; +EXCEPTION + WHEN duplicate_object THEN NULL; +END $$; +--> statement-breakpoint +DO $$ BEGIN + ALTER TABLE "routine_revisions" ADD CONSTRAINT "routine_revisions_routine_id_routines_id_fk" FOREIGN KEY ("routine_id") REFERENCES "public"."routines"("id") ON DELETE cascade ON UPDATE no action; +EXCEPTION + WHEN duplicate_object THEN NULL; +END $$; +--> statement-breakpoint +DO $$ BEGIN + ALTER TABLE "routine_revisions" ADD CONSTRAINT "routine_revisions_restored_from_revision_id_routine_revisions_id_fk" FOREIGN KEY ("restored_from_revision_id") REFERENCES "public"."routine_revisions"("id") ON DELETE set null ON UPDATE no action; +EXCEPTION + WHEN duplicate_object THEN NULL; +END $$; +--> statement-breakpoint +DO $$ BEGIN + ALTER TABLE "routine_revisions" ADD CONSTRAINT "routine_revisions_created_by_agent_id_agents_id_fk" FOREIGN KEY ("created_by_agent_id") REFERENCES "public"."agents"("id") ON DELETE set null ON UPDATE no action; +EXCEPTION + WHEN duplicate_object THEN NULL; +END $$; +--> statement-breakpoint +DO $$ BEGIN + ALTER TABLE "routine_revisions" ADD CONSTRAINT "routine_revisions_created_by_run_id_heartbeat_runs_id_fk" FOREIGN KEY ("created_by_run_id") REFERENCES "public"."heartbeat_runs"("id") ON DELETE set null ON UPDATE no action; +EXCEPTION + WHEN duplicate_object THEN NULL; +END $$; +--> statement-breakpoint +CREATE UNIQUE INDEX IF NOT EXISTS "routine_revisions_routine_revision_uq" ON "routine_revisions" USING btree ("routine_id","revision_number");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "routine_revisions_company_routine_created_idx" ON "routine_revisions" USING btree ("company_id","routine_id","created_at"); +--> statement-breakpoint +WITH inserted_revisions AS ( + INSERT INTO "routine_revisions" ( + "id", + "company_id", + "routine_id", + "revision_number", + "title", + "description", + "snapshot", + "change_summary", + "created_by_agent_id", + "created_by_user_id", + "created_at" + ) + SELECT + gen_random_uuid(), + r."company_id", + r."id", + 1, + r."title", + r."description", + jsonb_build_object( + 'version', 1, + 'routine', jsonb_build_object( + 'id', r."id", + 'companyId', r."company_id", + 'projectId', r."project_id", + 'goalId', r."goal_id", + 'parentIssueId', r."parent_issue_id", + 'title', r."title", + 'description', r."description", + 'assigneeAgentId', r."assignee_agent_id", + 'priority', r."priority", + 'status', r."status", + 'concurrencyPolicy', r."concurrency_policy", + 'catchUpPolicy', r."catch_up_policy", + 'variables', coalesce(r."variables", '[]'::jsonb) + ), + 'triggers', coalesce( + ( + SELECT jsonb_agg( + jsonb_build_object( + 'id', rt."id", + 'kind', rt."kind", + 'label', rt."label", + 'enabled', rt."enabled", + 'cronExpression', rt."cron_expression", + 'timezone', rt."timezone", + 'publicId', rt."public_id", + 'signingMode', rt."signing_mode", + 'replayWindowSec', rt."replay_window_sec" + ) + ORDER BY rt."created_at", rt."id" + ) + FROM "routine_triggers" rt + WHERE rt."routine_id" = r."id" + AND rt."company_id" = r."company_id" + ), + '[]'::jsonb + ) + ), + 'Initial routine revision backfill', + r."created_by_agent_id", + r."created_by_user_id", + r."created_at" + FROM "routines" r + WHERE NOT EXISTS ( + SELECT 1 + FROM "routine_revisions" rr + WHERE rr."routine_id" = r."id" + AND rr."revision_number" = 1 + ) + RETURNING "id", "routine_id" +) +UPDATE "routines" r +SET + "latest_revision_id" = inserted_revisions."id", + "latest_revision_number" = 1 +FROM inserted_revisions +WHERE r."id" = inserted_revisions."routine_id"; +--> statement-breakpoint +UPDATE "routines" r +SET + "latest_revision_id" = rr."id", + "latest_revision_number" = rr."revision_number" +FROM "routine_revisions" rr +WHERE rr."routine_id" = r."id" + AND rr."revision_number" = 1 + AND r."latest_revision_id" IS NULL; diff --git a/packages/db/src/migrations/0078_white_darwin.sql b/packages/db/src/migrations/0078_white_darwin.sql new file mode 100644 index 00000000..ddf86bd4 --- /dev/null +++ b/packages/db/src/migrations/0078_white_darwin.sql @@ -0,0 +1,3 @@ +ALTER TABLE "issue_comments" ADD COLUMN IF NOT EXISTS "author_type" text;--> statement-breakpoint +ALTER TABLE "issue_comments" ADD COLUMN IF NOT EXISTS "presentation" jsonb;--> statement-breakpoint +ALTER TABLE "issue_comments" ADD COLUMN IF NOT EXISTS "metadata" jsonb; diff --git a/packages/db/src/migrations/0079_company_search_document_indexes.sql b/packages/db/src/migrations/0079_company_search_document_indexes.sql new file mode 100644 index 00000000..5f31d42c --- /dev/null +++ b/packages/db/src/migrations/0079_company_search_document_indexes.sql @@ -0,0 +1,2 @@ +CREATE INDEX IF NOT EXISTS "documents_title_search_idx" ON "documents" USING gin ("title" gin_trgm_ops);--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "documents_latest_body_search_idx" ON "documents" USING gin ("latest_body" gin_trgm_ops); diff --git a/packages/db/src/migrations/0080_company_search_fuzzystrmatch.sql b/packages/db/src/migrations/0080_company_search_fuzzystrmatch.sql new file mode 100644 index 00000000..1805a989 --- /dev/null +++ b/packages/db/src/migrations/0080_company_search_fuzzystrmatch.sql @@ -0,0 +1 @@ +CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; diff --git a/packages/db/src/migrations/0081_optimal_dormammu.sql b/packages/db/src/migrations/0081_optimal_dormammu.sql new file mode 100644 index 00000000..7becbcb9 --- /dev/null +++ b/packages/db/src/migrations/0081_optimal_dormammu.sql @@ -0,0 +1 @@ +ALTER TABLE "issues" ADD COLUMN IF NOT EXISTS "work_mode" text DEFAULT 'standard' NOT NULL; \ No newline at end of file diff --git a/packages/db/src/migrations/0082_dry_vision.sql b/packages/db/src/migrations/0082_dry_vision.sql new file mode 100644 index 00000000..e10e470e --- /dev/null +++ b/packages/db/src/migrations/0082_dry_vision.sql @@ -0,0 +1,124 @@ +CREATE TABLE IF NOT EXISTS "company_secret_bindings" ( + "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL, + "company_id" uuid NOT NULL, + "secret_id" uuid NOT NULL, + "target_type" text NOT NULL, + "target_id" text NOT NULL, + "config_path" text NOT NULL, + "version_selector" text DEFAULT 'latest' NOT NULL, + "required" boolean DEFAULT true NOT NULL, + "label" text, + "created_at" timestamp with time zone DEFAULT now() NOT NULL, + "updated_at" timestamp with time zone DEFAULT now() NOT NULL +); +--> statement-breakpoint +CREATE TABLE IF NOT EXISTS "secret_access_events" ( + "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL, + "company_id" uuid NOT NULL, + "secret_id" uuid NOT NULL, + "version" integer, + "provider" text NOT NULL, + "actor_type" text NOT NULL, + "actor_id" text, + "consumer_type" text NOT NULL, + "consumer_id" text NOT NULL, + "config_path" text, + "issue_id" uuid, + "heartbeat_run_id" uuid, + "plugin_id" uuid, + "outcome" text NOT NULL, + "error_code" text, + "created_at" timestamp with time zone DEFAULT now() NOT NULL +); +--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "key" text;--> statement-breakpoint +UPDATE "company_secrets" +SET "key" = left( + regexp_replace( + regexp_replace(lower(trim(coalesce("name", "id"::text))), '[^a-z0-9_.-]+', '-', 'g'), + '^-+|-+$', + '', + 'g' + ), + 120 +) +WHERE "key" IS NULL;--> statement-breakpoint +UPDATE "company_secrets" +SET "key" = "id"::text +WHERE "key" IS NULL OR "key" = '';--> statement-breakpoint +ALTER TABLE "company_secrets" ALTER COLUMN "key" SET NOT NULL;--> statement-breakpoint +WITH ranked AS ( + SELECT + "id", + "key", + row_number() OVER (PARTITION BY "company_id", "key" ORDER BY "created_at", "id") AS rn + FROM "company_secrets" +) +UPDATE "company_secrets" +SET "key" = left(ranked."key", 100) || '-' || ranked.rn::text +FROM ranked +WHERE "company_secrets"."id" = ranked."id" + AND ranked.rn > 1;--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "status" text DEFAULT 'active' NOT NULL;--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "managed_mode" text DEFAULT 'paperclip_managed' NOT NULL;--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "provider_config_id" text;--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "provider_metadata" jsonb;--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "last_resolved_at" timestamp with time zone;--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "last_rotated_at" timestamp with time zone;--> statement-breakpoint +UPDATE "company_secrets" +SET "last_rotated_at" = "updated_at" +WHERE "last_rotated_at" IS NULL;--> statement-breakpoint +ALTER TABLE "company_secrets" ADD COLUMN IF NOT EXISTS "deleted_at" timestamp with time zone;--> statement-breakpoint +ALTER TABLE "company_secret_versions" ADD COLUMN IF NOT EXISTS "provider_version_ref" text;--> statement-breakpoint +ALTER TABLE "company_secret_versions" ADD COLUMN IF NOT EXISTS "status" text DEFAULT 'current' NOT NULL;--> statement-breakpoint +ALTER TABLE "company_secret_versions" ADD COLUMN IF NOT EXISTS "fingerprint_sha256" text;--> statement-breakpoint +UPDATE "company_secret_versions" +SET "fingerprint_sha256" = "value_sha256" +WHERE "fingerprint_sha256" IS NULL;--> statement-breakpoint +ALTER TABLE "company_secret_versions" ALTER COLUMN "fingerprint_sha256" SET NOT NULL;--> statement-breakpoint +ALTER TABLE "company_secret_versions" ADD COLUMN IF NOT EXISTS "rotation_job_id" text;--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'company_secret_bindings_company_id_companies_id_fk') THEN + ALTER TABLE "company_secret_bindings" ADD CONSTRAINT "company_secret_bindings_company_id_companies_id_fk" FOREIGN KEY ("company_id") REFERENCES "public"."companies"("id") ON DELETE no action ON UPDATE no action; + END IF; +END $$;--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'company_secret_bindings_secret_id_company_secrets_id_fk') THEN + ALTER TABLE "company_secret_bindings" ADD CONSTRAINT "company_secret_bindings_secret_id_company_secrets_id_fk" FOREIGN KEY ("secret_id") REFERENCES "public"."company_secrets"("id") ON DELETE cascade ON UPDATE no action; + END IF; +END $$;--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'secret_access_events_company_id_companies_id_fk') THEN + ALTER TABLE "secret_access_events" ADD CONSTRAINT "secret_access_events_company_id_companies_id_fk" FOREIGN KEY ("company_id") REFERENCES "public"."companies"("id") ON DELETE no action ON UPDATE no action; + END IF; +END $$;--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'secret_access_events_secret_id_company_secrets_id_fk') THEN + ALTER TABLE "secret_access_events" ADD CONSTRAINT "secret_access_events_secret_id_company_secrets_id_fk" FOREIGN KEY ("secret_id") REFERENCES "public"."company_secrets"("id") ON DELETE cascade ON UPDATE no action; + END IF; +END $$;--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'secret_access_events_issue_id_issues_id_fk') THEN + ALTER TABLE "secret_access_events" ADD CONSTRAINT "secret_access_events_issue_id_issues_id_fk" FOREIGN KEY ("issue_id") REFERENCES "public"."issues"("id") ON DELETE set null ON UPDATE no action; + END IF; +END $$;--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'secret_access_events_heartbeat_run_id_heartbeat_runs_id_fk') THEN + ALTER TABLE "secret_access_events" ADD CONSTRAINT "secret_access_events_heartbeat_run_id_heartbeat_runs_id_fk" FOREIGN KEY ("heartbeat_run_id") REFERENCES "public"."heartbeat_runs"("id") ON DELETE set null ON UPDATE no action; + END IF; +END $$;--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'secret_access_events_plugin_id_plugins_id_fk') THEN + ALTER TABLE "secret_access_events" ADD CONSTRAINT "secret_access_events_plugin_id_plugins_id_fk" FOREIGN KEY ("plugin_id") REFERENCES "public"."plugins"("id") ON DELETE set null ON UPDATE no action; + END IF; +END $$;--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "company_secret_bindings_company_idx" ON "company_secret_bindings" USING btree ("company_id");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "company_secret_bindings_secret_idx" ON "company_secret_bindings" USING btree ("secret_id");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "company_secret_bindings_target_idx" ON "company_secret_bindings" USING btree ("company_id","target_type","target_id");--> statement-breakpoint +CREATE UNIQUE INDEX IF NOT EXISTS "company_secret_bindings_target_path_uq" ON "company_secret_bindings" USING btree ("company_id","target_type","target_id","config_path");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "secret_access_events_company_created_idx" ON "secret_access_events" USING btree ("company_id","created_at");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "secret_access_events_secret_created_idx" ON "secret_access_events" USING btree ("secret_id","created_at");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "secret_access_events_consumer_idx" ON "secret_access_events" USING btree ("company_id","consumer_type","consumer_id");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "secret_access_events_run_idx" ON "secret_access_events" USING btree ("heartbeat_run_id");--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "company_secret_versions_fingerprint_idx" ON "company_secret_versions" USING btree ("fingerprint_sha256");--> statement-breakpoint +CREATE UNIQUE INDEX IF NOT EXISTS "company_secrets_company_key_uq" ON "company_secrets" USING btree ("company_id","key"); diff --git a/packages/db/src/migrations/0083_company_secret_provider_configs.sql b/packages/db/src/migrations/0083_company_secret_provider_configs.sql new file mode 100644 index 00000000..b3426f52 --- /dev/null +++ b/packages/db/src/migrations/0083_company_secret_provider_configs.sql @@ -0,0 +1,51 @@ +CREATE TABLE IF NOT EXISTS "company_secret_provider_configs" ( + "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL, + "company_id" uuid NOT NULL, + "provider" text NOT NULL, + "display_name" text NOT NULL, + "status" text DEFAULT 'ready' NOT NULL, + "is_default" boolean DEFAULT false NOT NULL, + "config" jsonb DEFAULT '{}'::jsonb NOT NULL, + "health_status" text, + "health_checked_at" timestamp with time zone, + "health_message" text, + "health_details" jsonb, + "disabled_at" timestamp with time zone, + "created_by_agent_id" uuid, + "created_by_user_id" text, + "created_at" timestamp with time zone DEFAULT now() NOT NULL, + "updated_at" timestamp with time zone DEFAULT now() NOT NULL +); +--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'company_secret_provider_configs_company_id_companies_id_fk') THEN + ALTER TABLE "company_secret_provider_configs" ADD CONSTRAINT "company_secret_provider_configs_company_id_companies_id_fk" FOREIGN KEY ("company_id") REFERENCES "public"."companies"("id") ON DELETE cascade ON UPDATE no action; + END IF; +END $$; +--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'company_secret_provider_configs_created_by_agent_id_agents_id_fk') THEN + ALTER TABLE "company_secret_provider_configs" ADD CONSTRAINT "company_secret_provider_configs_created_by_agent_id_agents_id_fk" FOREIGN KEY ("created_by_agent_id") REFERENCES "public"."agents"("id") ON DELETE set null ON UPDATE no action; + END IF; +END $$; +--> statement-breakpoint +UPDATE "company_secrets" +SET "provider_config_id" = NULL +WHERE "provider_config_id" IS NOT NULL + AND "provider_config_id" !~* '^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$'; +--> statement-breakpoint +ALTER TABLE "company_secrets" ALTER COLUMN "provider_config_id" TYPE uuid USING "provider_config_id"::uuid; +--> statement-breakpoint +DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'company_secrets_provider_config_id_company_secret_provider_configs_id_fk') THEN + ALTER TABLE "company_secrets" ADD CONSTRAINT "company_secrets_provider_config_id_company_secret_provider_configs_id_fk" FOREIGN KEY ("provider_config_id") REFERENCES "public"."company_secret_provider_configs"("id") ON DELETE set null ON UPDATE no action; + END IF; +END $$; +--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "company_secret_provider_configs_company_idx" ON "company_secret_provider_configs" USING btree ("company_id"); +--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "company_secret_provider_configs_company_provider_idx" ON "company_secret_provider_configs" USING btree ("company_id","provider"); +--> statement-breakpoint +CREATE UNIQUE INDEX IF NOT EXISTS "company_secret_provider_configs_default_uq" ON "company_secret_provider_configs" USING btree ("company_id","provider") WHERE "is_default" = true; +--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "company_secrets_provider_config_idx" ON "company_secrets" USING btree ("provider_config_id"); diff --git a/packages/db/src/migrations/meta/0075_snapshot.json b/packages/db/src/migrations/meta/0075_snapshot.json new file mode 100644 index 00000000..e1938e2b --- /dev/null +++ b/packages/db/src/migrations/meta/0075_snapshot.json @@ -0,0 +1,15945 @@ +{ + "id": "fdc9cd8b-5423-4d64-b255-9bc1497fdd6a", + "prevId": "12b3d91e-98ee-4a48-aecb-891f5bde6eda", + "version": "7", + "dialect": "postgresql", + "tables": { + "public.activity_log": { + "name": "activity_log", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "actor_type": { + "name": "actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "actor_id": { + "name": "actor_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "action": { + "name": "action", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_id": { + "name": "entity_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "details": { + "name": "details", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "activity_log_company_created_idx": { + "name": "activity_log_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_run_id_idx": { + "name": "activity_log_run_id_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_entity_type_id_idx": { + "name": "activity_log_entity_type_id_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "activity_log_company_id_companies_id_fk": { + "name": "activity_log_company_id_companies_id_fk", + "tableFrom": "activity_log", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_agent_id_agents_id_fk": { + "name": "activity_log_agent_id_agents_id_fk", + "tableFrom": "activity_log", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_run_id_heartbeat_runs_id_fk": { + "name": "activity_log_run_id_heartbeat_runs_id_fk", + "tableFrom": "activity_log", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_api_keys": { + "name": "agent_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_api_keys_key_hash_idx": { + "name": "agent_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_api_keys_company_agent_idx": { + "name": "agent_api_keys_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_api_keys_agent_id_agents_id_fk": { + "name": "agent_api_keys_agent_id_agents_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_api_keys_company_id_companies_id_fk": { + "name": "agent_api_keys_company_id_companies_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_config_revisions": { + "name": "agent_config_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'patch'" + }, + "rolled_back_from_revision_id": { + "name": "rolled_back_from_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "changed_keys": { + "name": "changed_keys", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "before_config": { + "name": "before_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "after_config": { + "name": "after_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_config_revisions_company_agent_created_idx": { + "name": "agent_config_revisions_company_agent_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_config_revisions_agent_created_idx": { + "name": "agent_config_revisions_agent_created_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_config_revisions_company_id_companies_id_fk": { + "name": "agent_config_revisions_company_id_companies_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_config_revisions_agent_id_agents_id_fk": { + "name": "agent_config_revisions_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "agent_config_revisions_created_by_agent_id_agents_id_fk": { + "name": "agent_config_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_runtime_state": { + "name": "agent_runtime_state", + "schema": "", + "columns": { + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "state_json": { + "name": "state_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_run_status": { + "name": "last_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "total_input_tokens": { + "name": "total_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_output_tokens": { + "name": "total_output_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cached_input_tokens": { + "name": "total_cached_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cost_cents": { + "name": "total_cost_cents", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_runtime_state_company_agent_idx": { + "name": "agent_runtime_state_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_runtime_state_company_updated_idx": { + "name": "agent_runtime_state_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_runtime_state_agent_id_agents_id_fk": { + "name": "agent_runtime_state_agent_id_agents_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_runtime_state_company_id_companies_id_fk": { + "name": "agent_runtime_state_company_id_companies_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_task_sessions": { + "name": "agent_task_sessions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "task_key": { + "name": "task_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_params_json": { + "name": "session_params_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_display_id": { + "name": "session_display_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_task_sessions_company_agent_adapter_task_uniq": { + "name": "agent_task_sessions_company_agent_adapter_task_uniq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "adapter_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_agent_updated_idx": { + "name": "agent_task_sessions_company_agent_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_task_updated_idx": { + "name": "agent_task_sessions_company_task_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_task_sessions_company_id_companies_id_fk": { + "name": "agent_task_sessions_company_id_companies_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_agent_id_agents_id_fk": { + "name": "agent_task_sessions_agent_id_agents_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_last_run_id_heartbeat_runs_id_fk": { + "name": "agent_task_sessions_last_run_id_heartbeat_runs_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "last_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_wakeup_requests": { + "name": "agent_wakeup_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "coalesced_count": { + "name": "coalesced_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "requested_by_actor_type": { + "name": "requested_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_by_actor_id": { + "name": "requested_by_actor_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_at": { + "name": "requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "claimed_at": { + "name": "claimed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_wakeup_requests_company_agent_status_idx": { + "name": "agent_wakeup_requests_company_agent_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_company_requested_idx": { + "name": "agent_wakeup_requests_company_requested_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_agent_requested_idx": { + "name": "agent_wakeup_requests_agent_requested_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_wakeup_requests_company_id_companies_id_fk": { + "name": "agent_wakeup_requests_company_id_companies_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_wakeup_requests_agent_id_agents_id_fk": { + "name": "agent_wakeup_requests_agent_id_agents_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agents": { + "name": "agents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'general'" + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "icon": { + "name": "icon", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'idle'" + }, + "reports_to": { + "name": "reports_to", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'process'" + }, + "adapter_config": { + "name": "adapter_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "runtime_config": { + "name": "runtime_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "default_environment_id": { + "name": "default_environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "permissions": { + "name": "permissions", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_heartbeat_at": { + "name": "last_heartbeat_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agents_company_status_idx": { + "name": "agents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_reports_to_idx": { + "name": "agents_company_reports_to_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "reports_to", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_default_environment_idx": { + "name": "agents_company_default_environment_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "default_environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agents_company_id_companies_id_fk": { + "name": "agents_company_id_companies_id_fk", + "tableFrom": "agents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_reports_to_agents_id_fk": { + "name": "agents_reports_to_agents_id_fk", + "tableFrom": "agents", + "tableTo": "agents", + "columnsFrom": [ + "reports_to" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_default_environment_id_environments_id_fk": { + "name": "agents_default_environment_id_environments_id_fk", + "tableFrom": "agents", + "tableTo": "environments", + "columnsFrom": [ + "default_environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approval_comments": { + "name": "approval_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approval_comments_company_idx": { + "name": "approval_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_idx": { + "name": "approval_comments_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_created_idx": { + "name": "approval_comments_approval_created_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approval_comments_company_id_companies_id_fk": { + "name": "approval_comments_company_id_companies_id_fk", + "tableFrom": "approval_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_approval_id_approvals_id_fk": { + "name": "approval_comments_approval_id_approvals_id_fk", + "tableFrom": "approval_comments", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_author_agent_id_agents_id_fk": { + "name": "approval_comments_author_agent_id_agents_id_fk", + "tableFrom": "approval_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approvals": { + "name": "approvals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requested_by_agent_id": { + "name": "requested_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_by_user_id": { + "name": "requested_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "decision_note": { + "name": "decision_note", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_by_user_id": { + "name": "decided_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_at": { + "name": "decided_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approvals_company_status_type_idx": { + "name": "approvals_company_status_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approvals_company_id_companies_id_fk": { + "name": "approvals_company_id_companies_id_fk", + "tableFrom": "approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approvals_requested_by_agent_id_agents_id_fk": { + "name": "approvals_requested_by_agent_id_agents_id_fk", + "tableFrom": "approvals", + "tableTo": "agents", + "columnsFrom": [ + "requested_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.assets": { + "name": "assets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "object_key": { + "name": "object_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "content_type": { + "name": "content_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "byte_size": { + "name": "byte_size", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "sha256": { + "name": "sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "original_filename": { + "name": "original_filename", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "assets_company_created_idx": { + "name": "assets_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_provider_idx": { + "name": "assets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_object_key_uq": { + "name": "assets_company_object_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "object_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "assets_company_id_companies_id_fk": { + "name": "assets_company_id_companies_id_fk", + "tableFrom": "assets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "assets_created_by_agent_id_agents_id_fk": { + "name": "assets_created_by_agent_id_agents_id_fk", + "tableFrom": "assets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.account": { + "name": "account", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_id": { + "name": "provider_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "access_token": { + "name": "access_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "refresh_token": { + "name": "refresh_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "id_token": { + "name": "id_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "access_token_expires_at": { + "name": "access_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "refresh_token_expires_at": { + "name": "refresh_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scope": { + "name": "scope", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "password": { + "name": "password", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "account_user_id_user_id_fk": { + "name": "account_user_id_user_id_fk", + "tableFrom": "account", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.session": { + "name": "session", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "token": { + "name": "token", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "ip_address": { + "name": "ip_address", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_agent": { + "name": "user_agent", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "session_user_id_user_id_fk": { + "name": "session_user_id_user_id_fk", + "tableFrom": "session", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user": { + "name": "user", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email": { + "name": "email", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email_verified": { + "name": "email_verified", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "image": { + "name": "image", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.verification": { + "name": "verification", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value": { + "name": "value", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.board_api_keys": { + "name": "board_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "board_api_keys_key_hash_idx": { + "name": "board_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "board_api_keys_user_idx": { + "name": "board_api_keys_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "board_api_keys_user_id_user_id_fk": { + "name": "board_api_keys_user_id_user_id_fk", + "tableFrom": "board_api_keys", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_incidents": { + "name": "budget_incidents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "policy_id": { + "name": "policy_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_start": { + "name": "window_start", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "window_end": { + "name": "window_end", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "threshold_type": { + "name": "threshold_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount_limit": { + "name": "amount_limit", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "amount_observed": { + "name": "amount_observed", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'open'" + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_incidents_company_status_idx": { + "name": "budget_incidents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_company_scope_idx": { + "name": "budget_incidents_company_scope_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_policy_window_threshold_idx": { + "name": "budget_incidents_policy_window_threshold_idx", + "columns": [ + { + "expression": "policy_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_start", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "threshold_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"budget_incidents\".\"status\" <> 'dismissed'", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_incidents_company_id_companies_id_fk": { + "name": "budget_incidents_company_id_companies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_policy_id_budget_policies_id_fk": { + "name": "budget_incidents_policy_id_budget_policies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "budget_policies", + "columnsFrom": [ + "policy_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_approval_id_approvals_id_fk": { + "name": "budget_incidents_approval_id_approvals_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_policies": { + "name": "budget_policies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'billed_cents'" + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount": { + "name": "amount", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "warn_percent": { + "name": "warn_percent", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 80 + }, + "hard_stop_enabled": { + "name": "hard_stop_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "notify_enabled": { + "name": "notify_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "is_active": { + "name": "is_active", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_policies_company_scope_active_idx": { + "name": "budget_policies_company_scope_active_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_active", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_window_idx": { + "name": "budget_policies_company_window_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_scope_metric_unique_idx": { + "name": "budget_policies_company_scope_metric_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_policies_company_id_companies_id_fk": { + "name": "budget_policies_company_id_companies_id_fk", + "tableFrom": "budget_policies", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cli_auth_challenges": { + "name": "cli_auth_challenges", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_hash": { + "name": "secret_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "client_name": { + "name": "client_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_access": { + "name": "requested_access", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'board'" + }, + "requested_company_id": { + "name": "requested_company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "pending_key_hash": { + "name": "pending_key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "pending_key_name": { + "name": "pending_key_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "board_api_key_id": { + "name": "board_api_key_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cli_auth_challenges_secret_hash_idx": { + "name": "cli_auth_challenges_secret_hash_idx", + "columns": [ + { + "expression": "secret_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_approved_by_idx": { + "name": "cli_auth_challenges_approved_by_idx", + "columns": [ + { + "expression": "approved_by_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_requested_company_idx": { + "name": "cli_auth_challenges_requested_company_idx", + "columns": [ + { + "expression": "requested_company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cli_auth_challenges_requested_company_id_companies_id_fk": { + "name": "cli_auth_challenges_requested_company_id_companies_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "companies", + "columnsFrom": [ + "requested_company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_approved_by_user_id_user_id_fk": { + "name": "cli_auth_challenges_approved_by_user_id_user_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "user", + "columnsFrom": [ + "approved_by_user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk": { + "name": "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "board_api_keys", + "columnsFrom": [ + "board_api_key_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.companies": { + "name": "companies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "issue_prefix": { + "name": "issue_prefix", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'PAP'" + }, + "issue_counter": { + "name": "issue_counter", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "attachment_max_bytes": { + "name": "attachment_max_bytes", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 10485760 + }, + "require_board_approval_for_new_agents": { + "name": "require_board_approval_for_new_agents", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_enabled": { + "name": "feedback_data_sharing_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_consent_at": { + "name": "feedback_data_sharing_consent_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_consent_by_user_id": { + "name": "feedback_data_sharing_consent_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_terms_version": { + "name": "feedback_data_sharing_terms_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "brand_color": { + "name": "brand_color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "companies_issue_prefix_idx": { + "name": "companies_issue_prefix_idx", + "columns": [ + { + "expression": "issue_prefix", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_logos": { + "name": "company_logos", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_logos_company_uq": { + "name": "company_logos_company_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_logos_asset_uq": { + "name": "company_logos_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_logos_company_id_companies_id_fk": { + "name": "company_logos_company_id_companies_id_fk", + "tableFrom": "company_logos", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_logos_asset_id_assets_id_fk": { + "name": "company_logos_asset_id_assets_id_fk", + "tableFrom": "company_logos", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_memberships": { + "name": "company_memberships", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "membership_role": { + "name": "membership_role", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_memberships_company_principal_unique_idx": { + "name": "company_memberships_company_principal_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_principal_status_idx": { + "name": "company_memberships_principal_status_idx", + "columns": [ + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_company_status_idx": { + "name": "company_memberships_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_memberships_company_id_companies_id_fk": { + "name": "company_memberships_company_id_companies_id_fk", + "tableFrom": "company_memberships", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secret_versions": { + "name": "company_secret_versions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "material": { + "name": "material", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "value_sha256": { + "name": "value_sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "company_secret_versions_secret_idx": { + "name": "company_secret_versions_secret_idx", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_value_sha256_idx": { + "name": "company_secret_versions_value_sha256_idx", + "columns": [ + { + "expression": "value_sha256", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_secret_version_uq": { + "name": "company_secret_versions_secret_version_uq", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "version", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secret_versions_secret_id_company_secrets_id_fk": { + "name": "company_secret_versions_secret_id_company_secrets_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_secret_versions_created_by_agent_id_agents_id_fk": { + "name": "company_secret_versions_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secrets": { + "name": "company_secrets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_encrypted'" + }, + "external_ref": { + "name": "external_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "latest_version": { + "name": "latest_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_secrets_company_idx": { + "name": "company_secrets_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_provider_idx": { + "name": "company_secrets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_name_uq": { + "name": "company_secrets_company_name_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secrets_company_id_companies_id_fk": { + "name": "company_secrets_company_id_companies_id_fk", + "tableFrom": "company_secrets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "company_secrets_created_by_agent_id_agents_id_fk": { + "name": "company_secrets_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secrets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_skills": { + "name": "company_skills", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "slug": { + "name": "slug", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "markdown": { + "name": "markdown", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "source_locator": { + "name": "source_locator", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_ref": { + "name": "source_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trust_level": { + "name": "trust_level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown_only'" + }, + "compatibility": { + "name": "compatibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'compatible'" + }, + "file_inventory": { + "name": "file_inventory", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_skills_company_key_idx": { + "name": "company_skills_company_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_skills_company_name_idx": { + "name": "company_skills_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_skills_company_id_companies_id_fk": { + "name": "company_skills_company_id_companies_id_fk", + "tableFrom": "company_skills", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_user_sidebar_preferences": { + "name": "company_user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "project_order": { + "name": "project_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_user_sidebar_preferences_company_idx": { + "name": "company_user_sidebar_preferences_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_user_idx": { + "name": "company_user_sidebar_preferences_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_company_user_uq": { + "name": "company_user_sidebar_preferences_company_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_user_sidebar_preferences_company_id_companies_id_fk": { + "name": "company_user_sidebar_preferences_company_id_companies_id_fk", + "tableFrom": "company_user_sidebar_preferences", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cost_events": { + "name": "cost_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "billing_type": { + "name": "billing_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "input_tokens": { + "name": "input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cached_input_tokens": { + "name": "cached_input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "output_tokens": { + "name": "output_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cost_cents": { + "name": "cost_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cost_events_company_occurred_idx": { + "name": "cost_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_agent_occurred_idx": { + "name": "cost_events_company_agent_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_provider_occurred_idx": { + "name": "cost_events_company_provider_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_biller_occurred_idx": { + "name": "cost_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_heartbeat_run_idx": { + "name": "cost_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cost_events_company_id_companies_id_fk": { + "name": "cost_events_company_id_companies_id_fk", + "tableFrom": "cost_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_agent_id_agents_id_fk": { + "name": "cost_events_agent_id_agents_id_fk", + "tableFrom": "cost_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_issue_id_issues_id_fk": { + "name": "cost_events_issue_id_issues_id_fk", + "tableFrom": "cost_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_project_id_projects_id_fk": { + "name": "cost_events_project_id_projects_id_fk", + "tableFrom": "cost_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_goal_id_goals_id_fk": { + "name": "cost_events_goal_id_goals_id_fk", + "tableFrom": "cost_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "cost_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "cost_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.document_revisions": { + "name": "document_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "revision_number": { + "name": "revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "change_summary": { + "name": "change_summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "document_revisions_document_revision_uq": { + "name": "document_revisions_document_revision_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revision_number", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "document_revisions_company_document_created_idx": { + "name": "document_revisions_company_document_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "document_revisions_company_id_companies_id_fk": { + "name": "document_revisions_company_id_companies_id_fk", + "tableFrom": "document_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "document_revisions_document_id_documents_id_fk": { + "name": "document_revisions_document_id_documents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "document_revisions_created_by_agent_id_agents_id_fk": { + "name": "document_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "document_revisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "document_revisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "document_revisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.documents": { + "name": "documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "latest_body": { + "name": "latest_body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "latest_revision_id": { + "name": "latest_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "latest_revision_number": { + "name": "latest_revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "documents_company_updated_idx": { + "name": "documents_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "documents_company_created_idx": { + "name": "documents_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "documents_company_id_companies_id_fk": { + "name": "documents_company_id_companies_id_fk", + "tableFrom": "documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "documents_created_by_agent_id_agents_id_fk": { + "name": "documents_created_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "documents_updated_by_agent_id_agents_id_fk": { + "name": "documents_updated_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environment_leases": { + "name": "environment_leases", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "environment_id": { + "name": "environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "lease_policy": { + "name": "lease_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'ephemeral'" + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_lease_id": { + "name": "provider_lease_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "acquired_at": { + "name": "acquired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_status": { + "name": "cleanup_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environment_leases_company_environment_status_idx": { + "name": "environment_leases_company_environment_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_execution_workspace_idx": { + "name": "environment_leases_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_issue_idx": { + "name": "environment_leases_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_heartbeat_run_idx": { + "name": "environment_leases_heartbeat_run_idx", + "columns": [ + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_last_used_idx": { + "name": "environment_leases_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_provider_lease_idx": { + "name": "environment_leases_provider_lease_idx", + "columns": [ + { + "expression": "provider_lease_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environment_leases_company_id_companies_id_fk": { + "name": "environment_leases_company_id_companies_id_fk", + "tableFrom": "environment_leases", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_environment_id_environments_id_fk": { + "name": "environment_leases_environment_id_environments_id_fk", + "tableFrom": "environment_leases", + "tableTo": "environments", + "columnsFrom": [ + "environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_execution_workspace_id_execution_workspaces_id_fk": { + "name": "environment_leases_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "environment_leases", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_issue_id_issues_id_fk": { + "name": "environment_leases_issue_id_issues_id_fk", + "tableFrom": "environment_leases", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "environment_leases", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environments": { + "name": "environments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "driver": { + "name": "driver", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "config": { + "name": "config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environments_company_status_idx": { + "name": "environments_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_driver_idx": { + "name": "environments_company_driver_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "driver", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"environments\".\"driver\" = 'local'", + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_name_idx": { + "name": "environments_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environments_company_id_companies_id_fk": { + "name": "environments_company_id_companies_id_fk", + "tableFrom": "environments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.execution_workspaces": { + "name": "execution_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "strategy_type": { + "name": "strategy_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "base_ref": { + "name": "base_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "branch_name": { + "name": "branch_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_type": { + "name": "provider_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_fs'" + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "derived_from_execution_workspace_id": { + "name": "derived_from_execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "opened_at": { + "name": "opened_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "closed_at": { + "name": "closed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_eligible_at": { + "name": "cleanup_eligible_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_reason": { + "name": "cleanup_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "execution_workspaces_company_project_status_idx": { + "name": "execution_workspaces_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_project_workspace_status_idx": { + "name": "execution_workspaces_company_project_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_source_issue_idx": { + "name": "execution_workspaces_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_last_used_idx": { + "name": "execution_workspaces_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_branch_idx": { + "name": "execution_workspaces_company_branch_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "branch_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "execution_workspaces_company_id_companies_id_fk": { + "name": "execution_workspaces_company_id_companies_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "execution_workspaces_project_id_projects_id_fk": { + "name": "execution_workspaces_project_id_projects_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "execution_workspaces_project_workspace_id_project_workspaces_id_fk": { + "name": "execution_workspaces_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_source_issue_id_issues_id_fk": { + "name": "execution_workspaces_source_issue_id_issues_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk": { + "name": "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "derived_from_execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_exports": { + "name": "feedback_exports", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "feedback_vote_id": { + "name": "feedback_vote_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_only'" + }, + "destination": { + "name": "destination", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "export_id": { + "name": "export_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "schema_version": { + "name": "schema_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-envelope-v2'" + }, + "bundle_version": { + "name": "bundle_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-bundle-v2'" + }, + "payload_version": { + "name": "payload_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-v1'" + }, + "payload_digest": { + "name": "payload_digest", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload_snapshot": { + "name": "payload_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "target_summary": { + "name": "target_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "attempt_count": { + "name": "attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_attempted_at": { + "name": "last_attempted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "exported_at": { + "name": "exported_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_exports_feedback_vote_idx": { + "name": "feedback_exports_feedback_vote_idx", + "columns": [ + { + "expression": "feedback_vote_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_created_idx": { + "name": "feedback_exports_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_status_idx": { + "name": "feedback_exports_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_issue_idx": { + "name": "feedback_exports_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_project_idx": { + "name": "feedback_exports_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_author_idx": { + "name": "feedback_exports_company_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_exports_company_id_companies_id_fk": { + "name": "feedback_exports_company_id_companies_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_exports_feedback_vote_id_feedback_votes_id_fk": { + "name": "feedback_exports_feedback_vote_id_feedback_votes_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "feedback_votes", + "columnsFrom": [ + "feedback_vote_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_issue_id_issues_id_fk": { + "name": "feedback_exports_issue_id_issues_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_project_id_projects_id_fk": { + "name": "feedback_exports_project_id_projects_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_votes": { + "name": "feedback_votes", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_with_labs": { + "name": "shared_with_labs", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "shared_at": { + "name": "shared_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_votes_company_issue_idx": { + "name": "feedback_votes_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_issue_target_idx": { + "name": "feedback_votes_issue_target_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_author_idx": { + "name": "feedback_votes_author_idx", + "columns": [ + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_company_target_author_idx": { + "name": "feedback_votes_company_target_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_votes_company_id_companies_id_fk": { + "name": "feedback_votes_company_id_companies_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_votes_issue_id_issues_id_fk": { + "name": "feedback_votes_issue_id_issues_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.finance_events": { + "name": "finance_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "cost_event_id": { + "name": "cost_event_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "event_kind": { + "name": "event_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "direction": { + "name": "direction", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'debit'" + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_adapter_type": { + "name": "execution_adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "pricing_tier": { + "name": "pricing_tier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "region": { + "name": "region", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "quantity": { + "name": "quantity", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "unit": { + "name": "unit", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "amount_cents": { + "name": "amount_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "currency": { + "name": "currency", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'USD'" + }, + "estimated": { + "name": "estimated", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "external_invoice_id": { + "name": "external_invoice_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata_json": { + "name": "metadata_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "finance_events_company_occurred_idx": { + "name": "finance_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_biller_occurred_idx": { + "name": "finance_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_kind_occurred_idx": { + "name": "finance_events_company_kind_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "event_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_direction_occurred_idx": { + "name": "finance_events_company_direction_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "direction", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_heartbeat_run_idx": { + "name": "finance_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_cost_event_idx": { + "name": "finance_events_company_cost_event_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "cost_event_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "finance_events_company_id_companies_id_fk": { + "name": "finance_events_company_id_companies_id_fk", + "tableFrom": "finance_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_agent_id_agents_id_fk": { + "name": "finance_events_agent_id_agents_id_fk", + "tableFrom": "finance_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_issue_id_issues_id_fk": { + "name": "finance_events_issue_id_issues_id_fk", + "tableFrom": "finance_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_project_id_projects_id_fk": { + "name": "finance_events_project_id_projects_id_fk", + "tableFrom": "finance_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_goal_id_goals_id_fk": { + "name": "finance_events_goal_id_goals_id_fk", + "tableFrom": "finance_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "finance_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "finance_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_cost_event_id_cost_events_id_fk": { + "name": "finance_events_cost_event_id_cost_events_id_fk", + "tableFrom": "finance_events", + "tableTo": "cost_events", + "columnsFrom": [ + "cost_event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.goals": { + "name": "goals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'task'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'planned'" + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "goals_company_idx": { + "name": "goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "goals_company_id_companies_id_fk": { + "name": "goals_company_id_companies_id_fk", + "tableFrom": "goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_parent_id_goals_id_fk": { + "name": "goals_parent_id_goals_id_fk", + "tableFrom": "goals", + "tableTo": "goals", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_owner_agent_id_agents_id_fk": { + "name": "goals_owner_agent_id_agents_id_fk", + "tableFrom": "goals", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_events": { + "name": "heartbeat_run_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "bigserial", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "seq": { + "name": "seq", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "event_type": { + "name": "event_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "stream": { + "name": "stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_events_run_seq_idx": { + "name": "heartbeat_run_events_run_seq_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "seq", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_run_idx": { + "name": "heartbeat_run_events_company_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_created_idx": { + "name": "heartbeat_run_events_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_events_company_id_companies_id_fk": { + "name": "heartbeat_run_events_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_events_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_agent_id_agents_id_fk": { + "name": "heartbeat_run_events_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_watchdog_decisions": { + "name": "heartbeat_run_watchdog_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "evaluation_issue_id": { + "name": "evaluation_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "decision": { + "name": "decision", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "snoozed_until": { + "name": "snoozed_until", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_watchdog_decisions_company_run_created_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_watchdog_decisions_company_run_snooze_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_snooze_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "snoozed_until", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_watchdog_decisions_company_id_companies_id_fk": { + "name": "heartbeat_run_watchdog_decisions_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk": { + "name": "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "issues", + "columnsFrom": [ + "evaluation_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_runs": { + "name": "heartbeat_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "invocation_source": { + "name": "invocation_source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'on_demand'" + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "wakeup_request_id": { + "name": "wakeup_request_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "signal": { + "name": "signal", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "usage_json": { + "name": "usage_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "result_json": { + "name": "result_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_id_before": { + "name": "session_id_before", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "session_id_after": { + "name": "session_id_after", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "error_code": { + "name": "error_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_run_id": { + "name": "external_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "process_pid": { + "name": "process_pid", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_group_id": { + "name": "process_group_id", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_started_at": { + "name": "process_started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_at": { + "name": "last_output_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_seq": { + "name": "last_output_seq", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_output_stream": { + "name": "last_output_stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_output_bytes": { + "name": "last_output_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "retry_of_run_id": { + "name": "retry_of_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "process_loss_retry_count": { + "name": "process_loss_retry_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_at": { + "name": "scheduled_retry_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scheduled_retry_attempt": { + "name": "scheduled_retry_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_reason": { + "name": "scheduled_retry_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_comment_status": { + "name": "issue_comment_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'not_applicable'" + }, + "issue_comment_satisfied_by_comment_id": { + "name": "issue_comment_satisfied_by_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_comment_retry_queued_at": { + "name": "issue_comment_retry_queued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "liveness_state": { + "name": "liveness_state", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "liveness_reason": { + "name": "liveness_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "continuation_attempt": { + "name": "continuation_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_useful_action_at": { + "name": "last_useful_action_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_action": { + "name": "next_action", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "context_snapshot": { + "name": "context_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_runs_company_agent_started_idx": { + "name": "heartbeat_runs_company_agent_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_liveness_idx": { + "name": "heartbeat_runs_company_liveness_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "liveness_state", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_last_output_idx": { + "name": "heartbeat_runs_company_status_last_output_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_output_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_process_started_idx": { + "name": "heartbeat_runs_company_status_process_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "process_started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_runs_company_id_companies_id_fk": { + "name": "heartbeat_runs_company_id_companies_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_agent_id_agents_id_fk": { + "name": "heartbeat_runs_agent_id_agents_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk": { + "name": "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agent_wakeup_requests", + "columnsFrom": [ + "wakeup_request_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "retry_of_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.inbox_dismissals": { + "name": "inbox_dismissals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "item_key": { + "name": "item_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "dismissed_at": { + "name": "dismissed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "inbox_dismissals_company_user_idx": { + "name": "inbox_dismissals_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_item_idx": { + "name": "inbox_dismissals_company_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_user_item_idx": { + "name": "inbox_dismissals_company_user_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "inbox_dismissals_company_id_companies_id_fk": { + "name": "inbox_dismissals_company_id_companies_id_fk", + "tableFrom": "inbox_dismissals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_settings": { + "name": "instance_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "singleton_key": { + "name": "singleton_key", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "general": { + "name": "general", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "experimental": { + "name": "experimental", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_settings_singleton_key_idx": { + "name": "instance_settings_singleton_key_idx", + "columns": [ + { + "expression": "singleton_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_user_roles": { + "name": "instance_user_roles", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'instance_admin'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_user_roles_user_role_unique_idx": { + "name": "instance_user_roles_user_role_unique_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "instance_user_roles_role_idx": { + "name": "instance_user_roles_role_idx", + "columns": [ + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.invites": { + "name": "invites", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "invite_type": { + "name": "invite_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'company_join'" + }, + "token_hash": { + "name": "token_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "allowed_join_types": { + "name": "allowed_join_types", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'both'" + }, + "defaults_payload": { + "name": "defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "invited_by_user_id": { + "name": "invited_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "accepted_at": { + "name": "accepted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "invites_token_hash_unique_idx": { + "name": "invites_token_hash_unique_idx", + "columns": [ + { + "expression": "token_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "invites_company_invite_state_idx": { + "name": "invites_company_invite_state_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "invite_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revoked_at", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "expires_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "invites_company_id_companies_id_fk": { + "name": "invites_company_id_companies_id_fk", + "tableFrom": "invites", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_approvals": { + "name": "issue_approvals", + "schema": "", + "columns": { + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "linked_by_agent_id": { + "name": "linked_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "linked_by_user_id": { + "name": "linked_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_approvals_issue_idx": { + "name": "issue_approvals_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_approval_idx": { + "name": "issue_approvals_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_company_idx": { + "name": "issue_approvals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_approvals_company_id_companies_id_fk": { + "name": "issue_approvals_company_id_companies_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_approvals_issue_id_issues_id_fk": { + "name": "issue_approvals_issue_id_issues_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_approval_id_approvals_id_fk": { + "name": "issue_approvals_approval_id_approvals_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_linked_by_agent_id_agents_id_fk": { + "name": "issue_approvals_linked_by_agent_id_agents_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "agents", + "columnsFrom": [ + "linked_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_approvals_pk": { + "name": "issue_approvals_pk", + "columns": [ + "issue_id", + "approval_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_attachments": { + "name": "issue_attachments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_comment_id": { + "name": "issue_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_attachments_company_issue_idx": { + "name": "issue_attachments_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_issue_comment_idx": { + "name": "issue_attachments_issue_comment_idx", + "columns": [ + { + "expression": "issue_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_asset_uq": { + "name": "issue_attachments_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_attachments_company_id_companies_id_fk": { + "name": "issue_attachments_company_id_companies_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_attachments_issue_id_issues_id_fk": { + "name": "issue_attachments_issue_id_issues_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_asset_id_assets_id_fk": { + "name": "issue_attachments_asset_id_assets_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_issue_comment_id_issue_comments_id_fk": { + "name": "issue_attachments_issue_comment_id_issue_comments_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issue_comments", + "columnsFrom": [ + "issue_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_comments": { + "name": "issue_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_comments_issue_idx": { + "name": "issue_comments_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_idx": { + "name": "issue_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_issue_created_at_idx": { + "name": "issue_comments_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_author_issue_created_at_idx": { + "name": "issue_comments_company_author_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_body_search_idx": { + "name": "issue_comments_body_search_idx", + "columns": [ + { + "expression": "body", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + } + }, + "foreignKeys": { + "issue_comments_company_id_companies_id_fk": { + "name": "issue_comments_company_id_companies_id_fk", + "tableFrom": "issue_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_issue_id_issues_id_fk": { + "name": "issue_comments_issue_id_issues_id_fk", + "tableFrom": "issue_comments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_author_agent_id_agents_id_fk": { + "name": "issue_comments_author_agent_id_agents_id_fk", + "tableFrom": "issue_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_comments_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_comments", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_documents": { + "name": "issue_documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_documents_company_issue_key_uq": { + "name": "issue_documents_company_issue_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_document_uq": { + "name": "issue_documents_document_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_company_issue_updated_idx": { + "name": "issue_documents_company_issue_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_documents_company_id_companies_id_fk": { + "name": "issue_documents_company_id_companies_id_fk", + "tableFrom": "issue_documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_documents_issue_id_issues_id_fk": { + "name": "issue_documents_issue_id_issues_id_fk", + "tableFrom": "issue_documents", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_documents_document_id_documents_id_fk": { + "name": "issue_documents_document_id_documents_id_fk", + "tableFrom": "issue_documents", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_execution_decisions": { + "name": "issue_execution_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_id": { + "name": "stage_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_type": { + "name": "stage_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "actor_agent_id": { + "name": "actor_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "actor_user_id": { + "name": "actor_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "outcome": { + "name": "outcome", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_execution_decisions_company_issue_idx": { + "name": "issue_execution_decisions_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_execution_decisions_stage_idx": { + "name": "issue_execution_decisions_stage_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "stage_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_execution_decisions_company_id_companies_id_fk": { + "name": "issue_execution_decisions_company_id_companies_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_issue_id_issues_id_fk": { + "name": "issue_execution_decisions_issue_id_issues_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_execution_decisions_actor_agent_id_agents_id_fk": { + "name": "issue_execution_decisions_actor_agent_id_agents_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "agents", + "columnsFrom": [ + "actor_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_inbox_archives": { + "name": "issue_inbox_archives", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_inbox_archives_company_issue_idx": { + "name": "issue_inbox_archives_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_user_idx": { + "name": "issue_inbox_archives_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_issue_user_idx": { + "name": "issue_inbox_archives_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_inbox_archives_company_id_companies_id_fk": { + "name": "issue_inbox_archives_company_id_companies_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_inbox_archives_issue_id_issues_id_fk": { + "name": "issue_inbox_archives_issue_id_issues_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_labels": { + "name": "issue_labels", + "schema": "", + "columns": { + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "label_id": { + "name": "label_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_labels_issue_idx": { + "name": "issue_labels_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_label_idx": { + "name": "issue_labels_label_idx", + "columns": [ + { + "expression": "label_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_company_idx": { + "name": "issue_labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_labels_issue_id_issues_id_fk": { + "name": "issue_labels_issue_id_issues_id_fk", + "tableFrom": "issue_labels", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_label_id_labels_id_fk": { + "name": "issue_labels_label_id_labels_id_fk", + "tableFrom": "issue_labels", + "tableTo": "labels", + "columnsFrom": [ + "label_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_company_id_companies_id_fk": { + "name": "issue_labels_company_id_companies_id_fk", + "tableFrom": "issue_labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_labels_pk": { + "name": "issue_labels_pk", + "columns": [ + "issue_id", + "label_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_read_states": { + "name": "issue_read_states", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_read_at": { + "name": "last_read_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_read_states_company_issue_idx": { + "name": "issue_read_states_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_user_idx": { + "name": "issue_read_states_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_issue_user_idx": { + "name": "issue_read_states_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_read_states_company_id_companies_id_fk": { + "name": "issue_read_states_company_id_companies_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_read_states_issue_id_issues_id_fk": { + "name": "issue_read_states_issue_id_issues_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_reference_mentions": { + "name": "issue_reference_mentions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_issue_id": { + "name": "target_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_kind": { + "name": "source_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_record_id": { + "name": "source_record_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "document_key": { + "name": "document_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "matched_text": { + "name": "matched_text", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_reference_mentions_company_source_issue_idx": { + "name": "issue_reference_mentions_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_target_issue_idx": { + "name": "issue_reference_mentions_company_target_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_issue_pair_idx": { + "name": "issue_reference_mentions_company_issue_pair_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_record_uq": { + "name": "issue_reference_mentions_company_source_mention_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_record_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is not null", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_null_record_uq": { + "name": "issue_reference_mentions_company_source_mention_null_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is null", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_reference_mentions_company_id_companies_id_fk": { + "name": "issue_reference_mentions_company_id_companies_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_reference_mentions_source_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_source_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_reference_mentions_target_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_target_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "target_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_relations": { + "name": "issue_relations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "related_issue_id": { + "name": "related_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_relations_company_issue_idx": { + "name": "issue_relations_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_related_issue_idx": { + "name": "issue_relations_company_related_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_type_idx": { + "name": "issue_relations_company_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_edge_uq": { + "name": "issue_relations_company_edge_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_relations_company_id_companies_id_fk": { + "name": "issue_relations_company_id_companies_id_fk", + "tableFrom": "issue_relations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_relations_issue_id_issues_id_fk": { + "name": "issue_relations_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_related_issue_id_issues_id_fk": { + "name": "issue_relations_related_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "related_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_created_by_agent_id_agents_id_fk": { + "name": "issue_relations_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_relations", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_thread_interactions": { + "name": "issue_thread_interactions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "continuation_policy": { + "name": "continuation_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'wake_assignee'" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_comment_id": { + "name": "source_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_run_id": { + "name": "source_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "resolved_by_agent_id": { + "name": "resolved_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_by_user_id": { + "name": "resolved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "result": { + "name": "result", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_thread_interactions_issue_idx": { + "name": "issue_thread_interactions_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_created_at_idx": { + "name": "issue_thread_interactions_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_status_idx": { + "name": "issue_thread_interactions_company_issue_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_idempotency_uq": { + "name": "issue_thread_interactions_company_issue_idempotency_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_thread_interactions\".\"idempotency_key\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_source_comment_idx": { + "name": "issue_thread_interactions_source_comment_idx", + "columns": [ + { + "expression": "source_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_thread_interactions_company_id_companies_id_fk": { + "name": "issue_thread_interactions_company_id_companies_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_issue_id_issues_id_fk": { + "name": "issue_thread_interactions_issue_id_issues_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_comment_id_issue_comments_id_fk": { + "name": "issue_thread_interactions_source_comment_id_issue_comments_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issue_comments", + "columnsFrom": [ + "source_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk": { + "name": "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "source_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_created_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_resolved_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_resolved_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "resolved_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_hold_members": { + "name": "issue_tree_hold_members", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "hold_id": { + "name": "hold_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "depth": { + "name": "depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "issue_identifier": { + "name": "issue_identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_title": { + "name": "issue_title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "issue_status": { + "name": "issue_status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "active_run_id": { + "name": "active_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "active_run_status": { + "name": "active_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "skipped": { + "name": "skipped", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "skip_reason": { + "name": "skip_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_hold_members_hold_issue_uq": { + "name": "issue_tree_hold_members_hold_issue_uq", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_company_issue_idx": { + "name": "issue_tree_hold_members_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_hold_depth_idx": { + "name": "issue_tree_hold_members_hold_depth_idx", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "depth", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_hold_members_company_id_companies_id_fk": { + "name": "issue_tree_hold_members_company_id_companies_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk": { + "name": "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issue_tree_holds", + "columnsFrom": [ + "hold_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_parent_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_parent_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_assignee_agent_id_agents_id_fk": { + "name": "issue_tree_hold_members_assignee_agent_id_agents_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "active_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_holds": { + "name": "issue_tree_holds", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "root_issue_id": { + "name": "root_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_policy": { + "name": "release_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_actor_type": { + "name": "created_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_by_actor_type": { + "name": "released_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_agent_id": { + "name": "released_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_by_user_id": { + "name": "released_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_run_id": { + "name": "released_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "release_reason": { + "name": "release_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_metadata": { + "name": "release_metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_holds_company_root_status_idx": { + "name": "issue_tree_holds_company_root_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "root_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_holds_company_status_mode_idx": { + "name": "issue_tree_holds_company_status_mode_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "mode", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_holds_company_id_companies_id_fk": { + "name": "issue_tree_holds_company_id_companies_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_holds_root_issue_id_issues_id_fk": { + "name": "issue_tree_holds_root_issue_id_issues_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "issues", + "columnsFrom": [ + "root_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_released_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "released_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "released_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_work_products": { + "name": "issue_work_products", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "runtime_service_id": { + "name": "runtime_service_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "review_state": { + "name": "review_state", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'none'" + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_work_products_company_issue_type_idx": { + "name": "issue_work_products_company_issue_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_execution_workspace_type_idx": { + "name": "issue_work_products_company_execution_workspace_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_provider_external_id_idx": { + "name": "issue_work_products_company_provider_external_id_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_updated_idx": { + "name": "issue_work_products_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_work_products_company_id_companies_id_fk": { + "name": "issue_work_products_company_id_companies_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_work_products_project_id_projects_id_fk": { + "name": "issue_work_products_project_id_projects_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_issue_id_issues_id_fk": { + "name": "issue_work_products_issue_id_issues_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_work_products_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issue_work_products_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk": { + "name": "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "workspace_runtime_services", + "columnsFrom": [ + "runtime_service_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_work_products_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issues": { + "name": "issues", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "checkout_run_id": { + "name": "checkout_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_run_id": { + "name": "execution_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_agent_name_key": { + "name": "execution_agent_name_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_locked_at": { + "name": "execution_locked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_number": { + "name": "issue_number", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_kind": { + "name": "origin_kind", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'manual'" + }, + "origin_id": { + "name": "origin_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_run_id": { + "name": "origin_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_fingerprint": { + "name": "origin_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "request_depth": { + "name": "request_depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_adapter_overrides": { + "name": "assignee_adapter_overrides", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_policy": { + "name": "execution_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_state": { + "name": "execution_state", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "monitor_next_check_at": { + "name": "monitor_next_check_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_wake_requested_at": { + "name": "monitor_wake_requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_last_triggered_at": { + "name": "monitor_last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_attempt_count": { + "name": "monitor_attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "monitor_notes": { + "name": "monitor_notes", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "monitor_scheduled_by": { + "name": "monitor_scheduled_by", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_preference": { + "name": "execution_workspace_preference", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_settings": { + "name": "execution_workspace_settings", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "hidden_at": { + "name": "hidden_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issues_company_status_idx": { + "name": "issues_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_status_idx": { + "name": "issues_company_assignee_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_user_status_idx": { + "name": "issues_company_assignee_user_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_parent_idx": { + "name": "issues_company_parent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "parent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_idx": { + "name": "issues_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_origin_idx": { + "name": "issues_company_origin_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_workspace_idx": { + "name": "issues_company_project_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_execution_workspace_idx": { + "name": "issues_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_monitor_due_idx": { + "name": "issues_company_monitor_due_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "monitor_next_check_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_identifier_idx": { + "name": "issues_identifier_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_title_search_idx": { + "name": "issues_title_search_idx", + "columns": [ + { + "expression": "title", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_identifier_search_idx": { + "name": "issues_identifier_search_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_description_search_idx": { + "name": "issues_description_search_idx", + "columns": [ + { + "expression": "description", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_open_routine_execution_uq": { + "name": "issues_open_routine_execution_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'routine_execution'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"execution_run_id\" is not null\n and \"issues\".\"status\" in ('backlog', 'todo', 'in_progress', 'in_review', 'blocked')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_incident_uq": { + "name": "issues_active_liveness_recovery_incident_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_leaf_uq": { + "name": "issues_active_liveness_recovery_leaf_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_fingerprint\" <> 'default'\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stale_run_evaluation_uq": { + "name": "issues_active_stale_run_evaluation_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stale_active_run_evaluation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_productivity_review_uq": { + "name": "issues_active_productivity_review_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'issue_productivity_review'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stranded_issue_recovery_uq": { + "name": "issues_active_stranded_issue_recovery_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stranded_issue_recovery'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issues_company_id_companies_id_fk": { + "name": "issues_company_id_companies_id_fk", + "tableFrom": "issues", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_id_projects_id_fk": { + "name": "issues_project_id_projects_id_fk", + "tableFrom": "issues", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_workspace_id_project_workspaces_id_fk": { + "name": "issues_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_goal_id_goals_id_fk": { + "name": "issues_goal_id_goals_id_fk", + "tableFrom": "issues", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_parent_id_issues_id_fk": { + "name": "issues_parent_id_issues_id_fk", + "tableFrom": "issues", + "tableTo": "issues", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_assignee_agent_id_agents_id_fk": { + "name": "issues_assignee_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_checkout_run_id_heartbeat_runs_id_fk": { + "name": "issues_checkout_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "checkout_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_execution_run_id_heartbeat_runs_id_fk": { + "name": "issues_execution_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "execution_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_created_by_agent_id_agents_id_fk": { + "name": "issues_created_by_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issues_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.join_requests": { + "name": "join_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "invite_id": { + "name": "invite_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "request_type": { + "name": "request_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending_approval'" + }, + "request_ip": { + "name": "request_ip", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requesting_user_id": { + "name": "requesting_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "request_email_snapshot": { + "name": "request_email_snapshot", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_name": { + "name": "agent_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_defaults_payload": { + "name": "agent_defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "claim_secret_hash": { + "name": "claim_secret_hash", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "claim_secret_expires_at": { + "name": "claim_secret_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "claim_secret_consumed_at": { + "name": "claim_secret_consumed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_agent_id": { + "name": "created_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "rejected_by_user_id": { + "name": "rejected_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "rejected_at": { + "name": "rejected_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "join_requests_invite_unique_idx": { + "name": "join_requests_invite_unique_idx", + "columns": [ + { + "expression": "invite_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_company_status_type_created_idx": { + "name": "join_requests_company_status_type_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "request_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_user_uq": { + "name": "join_requests_pending_human_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requesting_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"requesting_user_id\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_email_uq": { + "name": "join_requests_pending_human_email_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "lower(\"request_email_snapshot\")", + "asc": true, + "isExpression": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"request_email_snapshot\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "join_requests_invite_id_invites_id_fk": { + "name": "join_requests_invite_id_invites_id_fk", + "tableFrom": "join_requests", + "tableTo": "invites", + "columnsFrom": [ + "invite_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_company_id_companies_id_fk": { + "name": "join_requests_company_id_companies_id_fk", + "tableFrom": "join_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_created_agent_id_agents_id_fk": { + "name": "join_requests_created_agent_id_agents_id_fk", + "tableFrom": "join_requests", + "tableTo": "agents", + "columnsFrom": [ + "created_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.labels": { + "name": "labels", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "labels_company_idx": { + "name": "labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "labels_company_name_idx": { + "name": "labels_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "labels_company_id_companies_id_fk": { + "name": "labels_company_id_companies_id_fk", + "tableFrom": "labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_company_settings": { + "name": "plugin_company_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "settings_json": { + "name": "settings_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_company_settings_company_idx": { + "name": "plugin_company_settings_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_plugin_idx": { + "name": "plugin_company_settings_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_company_plugin_uq": { + "name": "plugin_company_settings_company_plugin_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_company_settings_company_id_companies_id_fk": { + "name": "plugin_company_settings_company_id_companies_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_company_settings_plugin_id_plugins_id_fk": { + "name": "plugin_company_settings_plugin_id_plugins_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_config": { + "name": "plugin_config", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "config_json": { + "name": "config_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_config_plugin_id_idx": { + "name": "plugin_config_plugin_id_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_config_plugin_id_plugins_id_fk": { + "name": "plugin_config_plugin_id_plugins_id_fk", + "tableFrom": "plugin_config", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_database_namespaces": { + "name": "plugin_database_namespaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_mode": { + "name": "namespace_mode", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'schema'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_database_namespaces_plugin_idx": { + "name": "plugin_database_namespaces_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_namespace_idx": { + "name": "plugin_database_namespaces_namespace_idx", + "columns": [ + { + "expression": "namespace_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_status_idx": { + "name": "plugin_database_namespaces_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_database_namespaces_plugin_id_plugins_id_fk": { + "name": "plugin_database_namespaces_plugin_id_plugins_id_fk", + "tableFrom": "plugin_database_namespaces", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_entities": { + "name": "plugin_entities", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "data": { + "name": "data", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_entities_plugin_idx": { + "name": "plugin_entities_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_type_idx": { + "name": "plugin_entities_type_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_scope_idx": { + "name": "plugin_entities_scope_idx", + "columns": [ + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_external_idx": { + "name": "plugin_entities_external_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_entities_plugin_id_plugins_id_fk": { + "name": "plugin_entities_plugin_id_plugins_id_fk", + "tableFrom": "plugin_entities", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_job_runs": { + "name": "plugin_job_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "job_id": { + "name": "job_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger": { + "name": "trigger", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "logs": { + "name": "logs", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_job_runs_job_idx": { + "name": "plugin_job_runs_job_idx", + "columns": [ + { + "expression": "job_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_plugin_idx": { + "name": "plugin_job_runs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_status_idx": { + "name": "plugin_job_runs_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_job_runs_job_id_plugin_jobs_id_fk": { + "name": "plugin_job_runs_job_id_plugin_jobs_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugin_jobs", + "columnsFrom": [ + "job_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_job_runs_plugin_id_plugins_id_fk": { + "name": "plugin_job_runs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_jobs": { + "name": "plugin_jobs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "job_key": { + "name": "job_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "schedule": { + "name": "schedule", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "last_run_at": { + "name": "last_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_jobs_plugin_idx": { + "name": "plugin_jobs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_next_run_idx": { + "name": "plugin_jobs_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_unique_idx": { + "name": "plugin_jobs_unique_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "job_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_jobs_plugin_id_plugins_id_fk": { + "name": "plugin_jobs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_jobs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_logs": { + "name": "plugin_logs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'info'" + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "meta": { + "name": "meta", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_logs_plugin_time_idx": { + "name": "plugin_logs_plugin_time_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_logs_level_idx": { + "name": "plugin_logs_level_idx", + "columns": [ + { + "expression": "level", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_logs_plugin_id_plugins_id_fk": { + "name": "plugin_logs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_logs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_migrations": { + "name": "plugin_migrations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "migration_key": { + "name": "migration_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "checksum": { + "name": "checksum", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "plugin_version": { + "name": "plugin_version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "applied_at": { + "name": "applied_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error_message": { + "name": "error_message", + "type": "text", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "plugin_migrations_plugin_key_idx": { + "name": "plugin_migrations_plugin_key_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "migration_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_plugin_idx": { + "name": "plugin_migrations_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_status_idx": { + "name": "plugin_migrations_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_migrations_plugin_id_plugins_id_fk": { + "name": "plugin_migrations_plugin_id_plugins_id_fk", + "tableFrom": "plugin_migrations", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_state": { + "name": "plugin_state", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "namespace": { + "name": "namespace", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "state_key": { + "name": "state_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value_json": { + "name": "value_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_state_plugin_scope_idx": { + "name": "plugin_state_plugin_scope_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_state_plugin_id_plugins_id_fk": { + "name": "plugin_state_plugin_id_plugins_id_fk", + "tableFrom": "plugin_state", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "plugin_state_unique_entry_idx": { + "name": "plugin_state_unique_entry_idx", + "nullsNotDistinct": true, + "columns": [ + "plugin_id", + "scope_kind", + "scope_id", + "namespace", + "state_key" + ] + } + }, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_webhook_deliveries": { + "name": "plugin_webhook_deliveries", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "webhook_key": { + "name": "webhook_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "headers": { + "name": "headers", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_webhook_deliveries_plugin_idx": { + "name": "plugin_webhook_deliveries_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_status_idx": { + "name": "plugin_webhook_deliveries_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_key_idx": { + "name": "plugin_webhook_deliveries_key_idx", + "columns": [ + { + "expression": "webhook_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_webhook_deliveries_plugin_id_plugins_id_fk": { + "name": "plugin_webhook_deliveries_plugin_id_plugins_id_fk", + "tableFrom": "plugin_webhook_deliveries", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugins": { + "name": "plugins", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "package_name": { + "name": "package_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "api_version": { + "name": "api_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "categories": { + "name": "categories", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "manifest_json": { + "name": "manifest_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'installed'" + }, + "install_order": { + "name": "install_order", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "package_path": { + "name": "package_path", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "installed_at": { + "name": "installed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugins_plugin_key_idx": { + "name": "plugins_plugin_key_idx", + "columns": [ + { + "expression": "plugin_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugins_status_idx": { + "name": "plugins_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.principal_permission_grants": { + "name": "principal_permission_grants", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "permission_key": { + "name": "permission_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope": { + "name": "scope", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "granted_by_user_id": { + "name": "granted_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "principal_permission_grants_unique_idx": { + "name": "principal_permission_grants_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "principal_permission_grants_company_permission_idx": { + "name": "principal_permission_grants_company_permission_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "principal_permission_grants_company_id_companies_id_fk": { + "name": "principal_permission_grants_company_id_companies_id_fk", + "tableFrom": "principal_permission_grants", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_goals": { + "name": "project_goals", + "schema": "", + "columns": { + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_goals_project_idx": { + "name": "project_goals_project_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_goal_idx": { + "name": "project_goals_goal_idx", + "columns": [ + { + "expression": "goal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_company_idx": { + "name": "project_goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_goals_project_id_projects_id_fk": { + "name": "project_goals_project_id_projects_id_fk", + "tableFrom": "project_goals", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_goal_id_goals_id_fk": { + "name": "project_goals_goal_id_goals_id_fk", + "tableFrom": "project_goals", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_company_id_companies_id_fk": { + "name": "project_goals_company_id_companies_id_fk", + "tableFrom": "project_goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "project_goals_project_id_goal_id_pk": { + "name": "project_goals_project_id_goal_id_pk", + "columns": [ + "project_id", + "goal_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_workspaces": { + "name": "project_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_ref": { + "name": "repo_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "default_ref": { + "name": "default_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "visibility": { + "name": "visibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "setup_command": { + "name": "setup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_command": { + "name": "cleanup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_provider": { + "name": "remote_provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_workspace_ref": { + "name": "remote_workspace_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_workspace_key": { + "name": "shared_workspace_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_workspaces_company_project_idx": { + "name": "project_workspaces_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_primary_idx": { + "name": "project_workspaces_project_primary_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_primary", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_source_type_idx": { + "name": "project_workspaces_project_source_type_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_company_shared_key_idx": { + "name": "project_workspaces_company_shared_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "shared_workspace_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_remote_ref_idx": { + "name": "project_workspaces_project_remote_ref_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_workspace_ref", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_workspaces_company_id_companies_id_fk": { + "name": "project_workspaces_company_id_companies_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "project_workspaces_project_id_projects_id_fk": { + "name": "project_workspaces_project_id_projects_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.projects": { + "name": "projects", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "lead_agent_id": { + "name": "lead_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "target_date": { + "name": "target_date", + "type": "date", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "env": { + "name": "env", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_policy": { + "name": "execution_workspace_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "projects_company_idx": { + "name": "projects_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "projects_company_id_companies_id_fk": { + "name": "projects_company_id_companies_id_fk", + "tableFrom": "projects", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_goal_id_goals_id_fk": { + "name": "projects_goal_id_goals_id_fk", + "tableFrom": "projects", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_lead_agent_id_agents_id_fk": { + "name": "projects_lead_agent_id_agents_id_fk", + "tableFrom": "projects", + "tableTo": "agents", + "columnsFrom": [ + "lead_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_runs": { + "name": "routine_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger_id": { + "name": "trigger_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'received'" + }, + "triggered_at": { + "name": "triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trigger_payload": { + "name": "trigger_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "dispatch_fingerprint": { + "name": "dispatch_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "linked_issue_id": { + "name": "linked_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "coalesced_into_run_id": { + "name": "coalesced_into_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_runs_company_routine_idx": { + "name": "routine_runs_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idx": { + "name": "routine_runs_trigger_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_dispatch_fingerprint_idx": { + "name": "routine_runs_dispatch_fingerprint_idx", + "columns": [ + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "dispatch_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_linked_issue_idx": { + "name": "routine_runs_linked_issue_idx", + "columns": [ + { + "expression": "linked_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idempotency_idx": { + "name": "routine_runs_trigger_idempotency_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_runs_company_id_companies_id_fk": { + "name": "routine_runs_company_id_companies_id_fk", + "tableFrom": "routine_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_routine_id_routines_id_fk": { + "name": "routine_runs_routine_id_routines_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_trigger_id_routine_triggers_id_fk": { + "name": "routine_runs_trigger_id_routine_triggers_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routine_triggers", + "columnsFrom": [ + "trigger_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_runs_linked_issue_id_issues_id_fk": { + "name": "routine_runs_linked_issue_id_issues_id_fk", + "tableFrom": "routine_runs", + "tableTo": "issues", + "columnsFrom": [ + "linked_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_triggers": { + "name": "routine_triggers", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "cron_expression": { + "name": "cron_expression", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "timezone": { + "name": "timezone", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_fired_at": { + "name": "last_fired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "public_id": { + "name": "public_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "signing_mode": { + "name": "signing_mode", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "replay_window_sec": { + "name": "replay_window_sec", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "last_rotated_at": { + "name": "last_rotated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_result": { + "name": "last_result", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_triggers_company_routine_idx": { + "name": "routine_triggers_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_company_kind_idx": { + "name": "routine_triggers_company_kind_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_next_run_idx": { + "name": "routine_triggers_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_idx": { + "name": "routine_triggers_public_id_idx", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_uq": { + "name": "routine_triggers_public_id_uq", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_triggers_company_id_companies_id_fk": { + "name": "routine_triggers_company_id_companies_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_routine_id_routines_id_fk": { + "name": "routine_triggers_routine_id_routines_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_secret_id_company_secrets_id_fk": { + "name": "routine_triggers_secret_id_company_secrets_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_created_by_agent_id_agents_id_fk": { + "name": "routine_triggers_created_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_updated_by_agent_id_agents_id_fk": { + "name": "routine_triggers_updated_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routines": { + "name": "routines", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "concurrency_policy": { + "name": "concurrency_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'coalesce_if_active'" + }, + "catch_up_policy": { + "name": "catch_up_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'skip_missed'" + }, + "variables": { + "name": "variables", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_triggered_at": { + "name": "last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_enqueued_at": { + "name": "last_enqueued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routines_company_status_idx": { + "name": "routines_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_assignee_idx": { + "name": "routines_company_assignee_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_project_idx": { + "name": "routines_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routines_company_id_companies_id_fk": { + "name": "routines_company_id_companies_id_fk", + "tableFrom": "routines", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_project_id_projects_id_fk": { + "name": "routines_project_id_projects_id_fk", + "tableFrom": "routines", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_goal_id_goals_id_fk": { + "name": "routines_goal_id_goals_id_fk", + "tableFrom": "routines", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_parent_issue_id_issues_id_fk": { + "name": "routines_parent_issue_id_issues_id_fk", + "tableFrom": "routines", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_assignee_agent_id_agents_id_fk": { + "name": "routines_assignee_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "routines_created_by_agent_id_agents_id_fk": { + "name": "routines_created_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_updated_by_agent_id_agents_id_fk": { + "name": "routines_updated_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user_sidebar_preferences": { + "name": "user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "company_order": { + "name": "company_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "user_sidebar_preferences_user_uq": { + "name": "user_sidebar_preferences_user_uq", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_operations": { + "name": "workspace_operations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "phase": { + "name": "phase", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'running'" + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_operations_company_run_started_idx": { + "name": "workspace_operations_company_run_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_operations_company_workspace_started_idx": { + "name": "workspace_operations_company_workspace_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_operations_company_id_companies_id_fk": { + "name": "workspace_operations_company_id_companies_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_operations_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_operations_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_runtime_services": { + "name": "workspace_runtime_services", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "service_name": { + "name": "service_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "lifecycle": { + "name": "lifecycle", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reuse_key": { + "name": "reuse_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "port": { + "name": "port", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "started_by_run_id": { + "name": "started_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "stopped_at": { + "name": "stopped_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "stop_policy": { + "name": "stop_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_runtime_services_company_workspace_status_idx": { + "name": "workspace_runtime_services_company_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_execution_workspace_status_idx": { + "name": "workspace_runtime_services_company_execution_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_project_status_idx": { + "name": "workspace_runtime_services_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_run_idx": { + "name": "workspace_runtime_services_run_idx", + "columns": [ + { + "expression": "started_by_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_updated_idx": { + "name": "workspace_runtime_services_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_runtime_services_company_id_companies_id_fk": { + "name": "workspace_runtime_services_company_id_companies_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_id_projects_id_fk": { + "name": "workspace_runtime_services_project_id_projects_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk": { + "name": "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_issue_id_issues_id_fk": { + "name": "workspace_runtime_services_issue_id_issues_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_owner_agent_id_agents_id_fk": { + "name": "workspace_runtime_services_owner_agent_id_agents_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk": { + "name": "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "started_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + } + }, + "enums": {}, + "schemas": {}, + "sequences": {}, + "roles": {}, + "policies": {}, + "views": {}, + "_meta": { + "columns": {}, + "schemas": {}, + "tables": {} + } +} \ No newline at end of file diff --git a/packages/db/src/migrations/meta/0077_snapshot.json b/packages/db/src/migrations/meta/0077_snapshot.json new file mode 100644 index 00000000..06704c78 --- /dev/null +++ b/packages/db/src/migrations/meta/0077_snapshot.json @@ -0,0 +1,16355 @@ +{ + "id": "c0bac1d6-c931-4bef-b3d6-f7746ab492ac", + "prevId": "063c8887-ed46-4125-a08f-51c16b636245", + "version": "7", + "dialect": "postgresql", + "tables": { + "public.activity_log": { + "name": "activity_log", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "actor_type": { + "name": "actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "actor_id": { + "name": "actor_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "action": { + "name": "action", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_id": { + "name": "entity_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "details": { + "name": "details", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "activity_log_company_created_idx": { + "name": "activity_log_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_run_id_idx": { + "name": "activity_log_run_id_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_entity_type_id_idx": { + "name": "activity_log_entity_type_id_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "activity_log_company_id_companies_id_fk": { + "name": "activity_log_company_id_companies_id_fk", + "tableFrom": "activity_log", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_agent_id_agents_id_fk": { + "name": "activity_log_agent_id_agents_id_fk", + "tableFrom": "activity_log", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_run_id_heartbeat_runs_id_fk": { + "name": "activity_log_run_id_heartbeat_runs_id_fk", + "tableFrom": "activity_log", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_api_keys": { + "name": "agent_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_api_keys_key_hash_idx": { + "name": "agent_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_api_keys_company_agent_idx": { + "name": "agent_api_keys_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_api_keys_agent_id_agents_id_fk": { + "name": "agent_api_keys_agent_id_agents_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_api_keys_company_id_companies_id_fk": { + "name": "agent_api_keys_company_id_companies_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_config_revisions": { + "name": "agent_config_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'patch'" + }, + "rolled_back_from_revision_id": { + "name": "rolled_back_from_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "changed_keys": { + "name": "changed_keys", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "before_config": { + "name": "before_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "after_config": { + "name": "after_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_config_revisions_company_agent_created_idx": { + "name": "agent_config_revisions_company_agent_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_config_revisions_agent_created_idx": { + "name": "agent_config_revisions_agent_created_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_config_revisions_company_id_companies_id_fk": { + "name": "agent_config_revisions_company_id_companies_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_config_revisions_agent_id_agents_id_fk": { + "name": "agent_config_revisions_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "agent_config_revisions_created_by_agent_id_agents_id_fk": { + "name": "agent_config_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_runtime_state": { + "name": "agent_runtime_state", + "schema": "", + "columns": { + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "state_json": { + "name": "state_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_run_status": { + "name": "last_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "total_input_tokens": { + "name": "total_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_output_tokens": { + "name": "total_output_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cached_input_tokens": { + "name": "total_cached_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cost_cents": { + "name": "total_cost_cents", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_runtime_state_company_agent_idx": { + "name": "agent_runtime_state_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_runtime_state_company_updated_idx": { + "name": "agent_runtime_state_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_runtime_state_agent_id_agents_id_fk": { + "name": "agent_runtime_state_agent_id_agents_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_runtime_state_company_id_companies_id_fk": { + "name": "agent_runtime_state_company_id_companies_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_task_sessions": { + "name": "agent_task_sessions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "task_key": { + "name": "task_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_params_json": { + "name": "session_params_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_display_id": { + "name": "session_display_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_task_sessions_company_agent_adapter_task_uniq": { + "name": "agent_task_sessions_company_agent_adapter_task_uniq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "adapter_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_agent_updated_idx": { + "name": "agent_task_sessions_company_agent_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_task_updated_idx": { + "name": "agent_task_sessions_company_task_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_task_sessions_company_id_companies_id_fk": { + "name": "agent_task_sessions_company_id_companies_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_agent_id_agents_id_fk": { + "name": "agent_task_sessions_agent_id_agents_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_last_run_id_heartbeat_runs_id_fk": { + "name": "agent_task_sessions_last_run_id_heartbeat_runs_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "last_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_wakeup_requests": { + "name": "agent_wakeup_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "coalesced_count": { + "name": "coalesced_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "requested_by_actor_type": { + "name": "requested_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_by_actor_id": { + "name": "requested_by_actor_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_at": { + "name": "requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "claimed_at": { + "name": "claimed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_wakeup_requests_company_agent_status_idx": { + "name": "agent_wakeup_requests_company_agent_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_company_requested_idx": { + "name": "agent_wakeup_requests_company_requested_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_agent_requested_idx": { + "name": "agent_wakeup_requests_agent_requested_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_wakeup_requests_company_id_companies_id_fk": { + "name": "agent_wakeup_requests_company_id_companies_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_wakeup_requests_agent_id_agents_id_fk": { + "name": "agent_wakeup_requests_agent_id_agents_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agents": { + "name": "agents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'general'" + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "icon": { + "name": "icon", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'idle'" + }, + "reports_to": { + "name": "reports_to", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'process'" + }, + "adapter_config": { + "name": "adapter_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "runtime_config": { + "name": "runtime_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "default_environment_id": { + "name": "default_environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "permissions": { + "name": "permissions", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_heartbeat_at": { + "name": "last_heartbeat_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agents_company_status_idx": { + "name": "agents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_reports_to_idx": { + "name": "agents_company_reports_to_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "reports_to", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_default_environment_idx": { + "name": "agents_company_default_environment_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "default_environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agents_company_id_companies_id_fk": { + "name": "agents_company_id_companies_id_fk", + "tableFrom": "agents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_reports_to_agents_id_fk": { + "name": "agents_reports_to_agents_id_fk", + "tableFrom": "agents", + "tableTo": "agents", + "columnsFrom": [ + "reports_to" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_default_environment_id_environments_id_fk": { + "name": "agents_default_environment_id_environments_id_fk", + "tableFrom": "agents", + "tableTo": "environments", + "columnsFrom": [ + "default_environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approval_comments": { + "name": "approval_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approval_comments_company_idx": { + "name": "approval_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_idx": { + "name": "approval_comments_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_created_idx": { + "name": "approval_comments_approval_created_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approval_comments_company_id_companies_id_fk": { + "name": "approval_comments_company_id_companies_id_fk", + "tableFrom": "approval_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_approval_id_approvals_id_fk": { + "name": "approval_comments_approval_id_approvals_id_fk", + "tableFrom": "approval_comments", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_author_agent_id_agents_id_fk": { + "name": "approval_comments_author_agent_id_agents_id_fk", + "tableFrom": "approval_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approvals": { + "name": "approvals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requested_by_agent_id": { + "name": "requested_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_by_user_id": { + "name": "requested_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "decision_note": { + "name": "decision_note", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_by_user_id": { + "name": "decided_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_at": { + "name": "decided_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approvals_company_status_type_idx": { + "name": "approvals_company_status_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approvals_company_id_companies_id_fk": { + "name": "approvals_company_id_companies_id_fk", + "tableFrom": "approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approvals_requested_by_agent_id_agents_id_fk": { + "name": "approvals_requested_by_agent_id_agents_id_fk", + "tableFrom": "approvals", + "tableTo": "agents", + "columnsFrom": [ + "requested_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.assets": { + "name": "assets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "object_key": { + "name": "object_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "content_type": { + "name": "content_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "byte_size": { + "name": "byte_size", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "sha256": { + "name": "sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "original_filename": { + "name": "original_filename", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "assets_company_created_idx": { + "name": "assets_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_provider_idx": { + "name": "assets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_object_key_uq": { + "name": "assets_company_object_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "object_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "assets_company_id_companies_id_fk": { + "name": "assets_company_id_companies_id_fk", + "tableFrom": "assets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "assets_created_by_agent_id_agents_id_fk": { + "name": "assets_created_by_agent_id_agents_id_fk", + "tableFrom": "assets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.account": { + "name": "account", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_id": { + "name": "provider_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "access_token": { + "name": "access_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "refresh_token": { + "name": "refresh_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "id_token": { + "name": "id_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "access_token_expires_at": { + "name": "access_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "refresh_token_expires_at": { + "name": "refresh_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scope": { + "name": "scope", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "password": { + "name": "password", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "account_user_id_user_id_fk": { + "name": "account_user_id_user_id_fk", + "tableFrom": "account", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.session": { + "name": "session", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "token": { + "name": "token", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "ip_address": { + "name": "ip_address", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_agent": { + "name": "user_agent", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "session_user_id_user_id_fk": { + "name": "session_user_id_user_id_fk", + "tableFrom": "session", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user": { + "name": "user", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email": { + "name": "email", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email_verified": { + "name": "email_verified", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "image": { + "name": "image", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.verification": { + "name": "verification", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value": { + "name": "value", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.board_api_keys": { + "name": "board_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "board_api_keys_key_hash_idx": { + "name": "board_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "board_api_keys_user_idx": { + "name": "board_api_keys_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "board_api_keys_user_id_user_id_fk": { + "name": "board_api_keys_user_id_user_id_fk", + "tableFrom": "board_api_keys", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_incidents": { + "name": "budget_incidents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "policy_id": { + "name": "policy_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_start": { + "name": "window_start", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "window_end": { + "name": "window_end", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "threshold_type": { + "name": "threshold_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount_limit": { + "name": "amount_limit", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "amount_observed": { + "name": "amount_observed", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'open'" + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_incidents_company_status_idx": { + "name": "budget_incidents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_company_scope_idx": { + "name": "budget_incidents_company_scope_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_policy_window_threshold_idx": { + "name": "budget_incidents_policy_window_threshold_idx", + "columns": [ + { + "expression": "policy_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_start", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "threshold_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"budget_incidents\".\"status\" <> 'dismissed'", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_incidents_company_id_companies_id_fk": { + "name": "budget_incidents_company_id_companies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_policy_id_budget_policies_id_fk": { + "name": "budget_incidents_policy_id_budget_policies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "budget_policies", + "columnsFrom": [ + "policy_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_approval_id_approvals_id_fk": { + "name": "budget_incidents_approval_id_approvals_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_policies": { + "name": "budget_policies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'billed_cents'" + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount": { + "name": "amount", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "warn_percent": { + "name": "warn_percent", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 80 + }, + "hard_stop_enabled": { + "name": "hard_stop_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "notify_enabled": { + "name": "notify_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "is_active": { + "name": "is_active", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_policies_company_scope_active_idx": { + "name": "budget_policies_company_scope_active_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_active", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_window_idx": { + "name": "budget_policies_company_window_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_scope_metric_unique_idx": { + "name": "budget_policies_company_scope_metric_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_policies_company_id_companies_id_fk": { + "name": "budget_policies_company_id_companies_id_fk", + "tableFrom": "budget_policies", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cli_auth_challenges": { + "name": "cli_auth_challenges", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_hash": { + "name": "secret_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "client_name": { + "name": "client_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_access": { + "name": "requested_access", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'board'" + }, + "requested_company_id": { + "name": "requested_company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "pending_key_hash": { + "name": "pending_key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "pending_key_name": { + "name": "pending_key_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "board_api_key_id": { + "name": "board_api_key_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cli_auth_challenges_secret_hash_idx": { + "name": "cli_auth_challenges_secret_hash_idx", + "columns": [ + { + "expression": "secret_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_approved_by_idx": { + "name": "cli_auth_challenges_approved_by_idx", + "columns": [ + { + "expression": "approved_by_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_requested_company_idx": { + "name": "cli_auth_challenges_requested_company_idx", + "columns": [ + { + "expression": "requested_company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cli_auth_challenges_requested_company_id_companies_id_fk": { + "name": "cli_auth_challenges_requested_company_id_companies_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "companies", + "columnsFrom": [ + "requested_company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_approved_by_user_id_user_id_fk": { + "name": "cli_auth_challenges_approved_by_user_id_user_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "user", + "columnsFrom": [ + "approved_by_user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk": { + "name": "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "board_api_keys", + "columnsFrom": [ + "board_api_key_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.companies": { + "name": "companies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "issue_prefix": { + "name": "issue_prefix", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'PAP'" + }, + "issue_counter": { + "name": "issue_counter", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "attachment_max_bytes": { + "name": "attachment_max_bytes", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 10485760 + }, + "require_board_approval_for_new_agents": { + "name": "require_board_approval_for_new_agents", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_enabled": { + "name": "feedback_data_sharing_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_consent_at": { + "name": "feedback_data_sharing_consent_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_consent_by_user_id": { + "name": "feedback_data_sharing_consent_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_terms_version": { + "name": "feedback_data_sharing_terms_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "brand_color": { + "name": "brand_color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "companies_issue_prefix_idx": { + "name": "companies_issue_prefix_idx", + "columns": [ + { + "expression": "issue_prefix", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_logos": { + "name": "company_logos", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_logos_company_uq": { + "name": "company_logos_company_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_logos_asset_uq": { + "name": "company_logos_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_logos_company_id_companies_id_fk": { + "name": "company_logos_company_id_companies_id_fk", + "tableFrom": "company_logos", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_logos_asset_id_assets_id_fk": { + "name": "company_logos_asset_id_assets_id_fk", + "tableFrom": "company_logos", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_memberships": { + "name": "company_memberships", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "membership_role": { + "name": "membership_role", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_memberships_company_principal_unique_idx": { + "name": "company_memberships_company_principal_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_principal_status_idx": { + "name": "company_memberships_principal_status_idx", + "columns": [ + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_company_status_idx": { + "name": "company_memberships_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_memberships_company_id_companies_id_fk": { + "name": "company_memberships_company_id_companies_id_fk", + "tableFrom": "company_memberships", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secret_versions": { + "name": "company_secret_versions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "material": { + "name": "material", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "value_sha256": { + "name": "value_sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "company_secret_versions_secret_idx": { + "name": "company_secret_versions_secret_idx", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_value_sha256_idx": { + "name": "company_secret_versions_value_sha256_idx", + "columns": [ + { + "expression": "value_sha256", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_secret_version_uq": { + "name": "company_secret_versions_secret_version_uq", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "version", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secret_versions_secret_id_company_secrets_id_fk": { + "name": "company_secret_versions_secret_id_company_secrets_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_secret_versions_created_by_agent_id_agents_id_fk": { + "name": "company_secret_versions_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secrets": { + "name": "company_secrets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_encrypted'" + }, + "external_ref": { + "name": "external_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "latest_version": { + "name": "latest_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_secrets_company_idx": { + "name": "company_secrets_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_provider_idx": { + "name": "company_secrets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_name_uq": { + "name": "company_secrets_company_name_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secrets_company_id_companies_id_fk": { + "name": "company_secrets_company_id_companies_id_fk", + "tableFrom": "company_secrets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "company_secrets_created_by_agent_id_agents_id_fk": { + "name": "company_secrets_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secrets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_skills": { + "name": "company_skills", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "slug": { + "name": "slug", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "markdown": { + "name": "markdown", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "source_locator": { + "name": "source_locator", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_ref": { + "name": "source_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trust_level": { + "name": "trust_level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown_only'" + }, + "compatibility": { + "name": "compatibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'compatible'" + }, + "file_inventory": { + "name": "file_inventory", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_skills_company_key_idx": { + "name": "company_skills_company_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_skills_company_name_idx": { + "name": "company_skills_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_skills_company_id_companies_id_fk": { + "name": "company_skills_company_id_companies_id_fk", + "tableFrom": "company_skills", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_user_sidebar_preferences": { + "name": "company_user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "project_order": { + "name": "project_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_user_sidebar_preferences_company_idx": { + "name": "company_user_sidebar_preferences_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_user_idx": { + "name": "company_user_sidebar_preferences_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_company_user_uq": { + "name": "company_user_sidebar_preferences_company_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_user_sidebar_preferences_company_id_companies_id_fk": { + "name": "company_user_sidebar_preferences_company_id_companies_id_fk", + "tableFrom": "company_user_sidebar_preferences", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cost_events": { + "name": "cost_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "billing_type": { + "name": "billing_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "input_tokens": { + "name": "input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cached_input_tokens": { + "name": "cached_input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "output_tokens": { + "name": "output_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cost_cents": { + "name": "cost_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cost_events_company_occurred_idx": { + "name": "cost_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_agent_occurred_idx": { + "name": "cost_events_company_agent_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_provider_occurred_idx": { + "name": "cost_events_company_provider_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_biller_occurred_idx": { + "name": "cost_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_heartbeat_run_idx": { + "name": "cost_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cost_events_company_id_companies_id_fk": { + "name": "cost_events_company_id_companies_id_fk", + "tableFrom": "cost_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_agent_id_agents_id_fk": { + "name": "cost_events_agent_id_agents_id_fk", + "tableFrom": "cost_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_issue_id_issues_id_fk": { + "name": "cost_events_issue_id_issues_id_fk", + "tableFrom": "cost_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_project_id_projects_id_fk": { + "name": "cost_events_project_id_projects_id_fk", + "tableFrom": "cost_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_goal_id_goals_id_fk": { + "name": "cost_events_goal_id_goals_id_fk", + "tableFrom": "cost_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "cost_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "cost_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.document_revisions": { + "name": "document_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "revision_number": { + "name": "revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "change_summary": { + "name": "change_summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "document_revisions_document_revision_uq": { + "name": "document_revisions_document_revision_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revision_number", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "document_revisions_company_document_created_idx": { + "name": "document_revisions_company_document_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "document_revisions_company_id_companies_id_fk": { + "name": "document_revisions_company_id_companies_id_fk", + "tableFrom": "document_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "document_revisions_document_id_documents_id_fk": { + "name": "document_revisions_document_id_documents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "document_revisions_created_by_agent_id_agents_id_fk": { + "name": "document_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "document_revisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "document_revisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "document_revisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.documents": { + "name": "documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "latest_body": { + "name": "latest_body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "latest_revision_id": { + "name": "latest_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "latest_revision_number": { + "name": "latest_revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "documents_company_updated_idx": { + "name": "documents_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "documents_company_created_idx": { + "name": "documents_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "documents_company_id_companies_id_fk": { + "name": "documents_company_id_companies_id_fk", + "tableFrom": "documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "documents_created_by_agent_id_agents_id_fk": { + "name": "documents_created_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "documents_updated_by_agent_id_agents_id_fk": { + "name": "documents_updated_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environment_leases": { + "name": "environment_leases", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "environment_id": { + "name": "environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "lease_policy": { + "name": "lease_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'ephemeral'" + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_lease_id": { + "name": "provider_lease_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "acquired_at": { + "name": "acquired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_status": { + "name": "cleanup_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environment_leases_company_environment_status_idx": { + "name": "environment_leases_company_environment_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_execution_workspace_idx": { + "name": "environment_leases_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_issue_idx": { + "name": "environment_leases_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_heartbeat_run_idx": { + "name": "environment_leases_heartbeat_run_idx", + "columns": [ + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_last_used_idx": { + "name": "environment_leases_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_provider_lease_idx": { + "name": "environment_leases_provider_lease_idx", + "columns": [ + { + "expression": "provider_lease_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environment_leases_company_id_companies_id_fk": { + "name": "environment_leases_company_id_companies_id_fk", + "tableFrom": "environment_leases", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_environment_id_environments_id_fk": { + "name": "environment_leases_environment_id_environments_id_fk", + "tableFrom": "environment_leases", + "tableTo": "environments", + "columnsFrom": [ + "environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_execution_workspace_id_execution_workspaces_id_fk": { + "name": "environment_leases_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "environment_leases", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_issue_id_issues_id_fk": { + "name": "environment_leases_issue_id_issues_id_fk", + "tableFrom": "environment_leases", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "environment_leases", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environments": { + "name": "environments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "driver": { + "name": "driver", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "config": { + "name": "config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environments_company_status_idx": { + "name": "environments_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_driver_idx": { + "name": "environments_company_driver_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "driver", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"environments\".\"driver\" = 'local'", + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_name_idx": { + "name": "environments_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environments_company_id_companies_id_fk": { + "name": "environments_company_id_companies_id_fk", + "tableFrom": "environments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.execution_workspaces": { + "name": "execution_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "strategy_type": { + "name": "strategy_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "base_ref": { + "name": "base_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "branch_name": { + "name": "branch_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_type": { + "name": "provider_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_fs'" + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "derived_from_execution_workspace_id": { + "name": "derived_from_execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "opened_at": { + "name": "opened_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "closed_at": { + "name": "closed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_eligible_at": { + "name": "cleanup_eligible_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_reason": { + "name": "cleanup_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "execution_workspaces_company_project_status_idx": { + "name": "execution_workspaces_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_project_workspace_status_idx": { + "name": "execution_workspaces_company_project_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_source_issue_idx": { + "name": "execution_workspaces_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_last_used_idx": { + "name": "execution_workspaces_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_branch_idx": { + "name": "execution_workspaces_company_branch_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "branch_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "execution_workspaces_company_id_companies_id_fk": { + "name": "execution_workspaces_company_id_companies_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "execution_workspaces_project_id_projects_id_fk": { + "name": "execution_workspaces_project_id_projects_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "execution_workspaces_project_workspace_id_project_workspaces_id_fk": { + "name": "execution_workspaces_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_source_issue_id_issues_id_fk": { + "name": "execution_workspaces_source_issue_id_issues_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk": { + "name": "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "derived_from_execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_exports": { + "name": "feedback_exports", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "feedback_vote_id": { + "name": "feedback_vote_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_only'" + }, + "destination": { + "name": "destination", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "export_id": { + "name": "export_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "schema_version": { + "name": "schema_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-envelope-v2'" + }, + "bundle_version": { + "name": "bundle_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-bundle-v2'" + }, + "payload_version": { + "name": "payload_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-v1'" + }, + "payload_digest": { + "name": "payload_digest", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload_snapshot": { + "name": "payload_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "target_summary": { + "name": "target_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "attempt_count": { + "name": "attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_attempted_at": { + "name": "last_attempted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "exported_at": { + "name": "exported_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_exports_feedback_vote_idx": { + "name": "feedback_exports_feedback_vote_idx", + "columns": [ + { + "expression": "feedback_vote_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_created_idx": { + "name": "feedback_exports_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_status_idx": { + "name": "feedback_exports_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_issue_idx": { + "name": "feedback_exports_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_project_idx": { + "name": "feedback_exports_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_author_idx": { + "name": "feedback_exports_company_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_exports_company_id_companies_id_fk": { + "name": "feedback_exports_company_id_companies_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_exports_feedback_vote_id_feedback_votes_id_fk": { + "name": "feedback_exports_feedback_vote_id_feedback_votes_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "feedback_votes", + "columnsFrom": [ + "feedback_vote_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_issue_id_issues_id_fk": { + "name": "feedback_exports_issue_id_issues_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_project_id_projects_id_fk": { + "name": "feedback_exports_project_id_projects_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_votes": { + "name": "feedback_votes", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_with_labs": { + "name": "shared_with_labs", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "shared_at": { + "name": "shared_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_votes_company_issue_idx": { + "name": "feedback_votes_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_issue_target_idx": { + "name": "feedback_votes_issue_target_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_author_idx": { + "name": "feedback_votes_author_idx", + "columns": [ + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_company_target_author_idx": { + "name": "feedback_votes_company_target_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_votes_company_id_companies_id_fk": { + "name": "feedback_votes_company_id_companies_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_votes_issue_id_issues_id_fk": { + "name": "feedback_votes_issue_id_issues_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.finance_events": { + "name": "finance_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "cost_event_id": { + "name": "cost_event_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "event_kind": { + "name": "event_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "direction": { + "name": "direction", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'debit'" + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_adapter_type": { + "name": "execution_adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "pricing_tier": { + "name": "pricing_tier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "region": { + "name": "region", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "quantity": { + "name": "quantity", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "unit": { + "name": "unit", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "amount_cents": { + "name": "amount_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "currency": { + "name": "currency", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'USD'" + }, + "estimated": { + "name": "estimated", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "external_invoice_id": { + "name": "external_invoice_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata_json": { + "name": "metadata_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "finance_events_company_occurred_idx": { + "name": "finance_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_biller_occurred_idx": { + "name": "finance_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_kind_occurred_idx": { + "name": "finance_events_company_kind_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "event_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_direction_occurred_idx": { + "name": "finance_events_company_direction_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "direction", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_heartbeat_run_idx": { + "name": "finance_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_cost_event_idx": { + "name": "finance_events_company_cost_event_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "cost_event_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "finance_events_company_id_companies_id_fk": { + "name": "finance_events_company_id_companies_id_fk", + "tableFrom": "finance_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_agent_id_agents_id_fk": { + "name": "finance_events_agent_id_agents_id_fk", + "tableFrom": "finance_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_issue_id_issues_id_fk": { + "name": "finance_events_issue_id_issues_id_fk", + "tableFrom": "finance_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_project_id_projects_id_fk": { + "name": "finance_events_project_id_projects_id_fk", + "tableFrom": "finance_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_goal_id_goals_id_fk": { + "name": "finance_events_goal_id_goals_id_fk", + "tableFrom": "finance_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "finance_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "finance_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_cost_event_id_cost_events_id_fk": { + "name": "finance_events_cost_event_id_cost_events_id_fk", + "tableFrom": "finance_events", + "tableTo": "cost_events", + "columnsFrom": [ + "cost_event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.goals": { + "name": "goals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'task'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'planned'" + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "goals_company_idx": { + "name": "goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "goals_company_id_companies_id_fk": { + "name": "goals_company_id_companies_id_fk", + "tableFrom": "goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_parent_id_goals_id_fk": { + "name": "goals_parent_id_goals_id_fk", + "tableFrom": "goals", + "tableTo": "goals", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_owner_agent_id_agents_id_fk": { + "name": "goals_owner_agent_id_agents_id_fk", + "tableFrom": "goals", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_events": { + "name": "heartbeat_run_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "bigserial", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "seq": { + "name": "seq", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "event_type": { + "name": "event_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "stream": { + "name": "stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_events_run_seq_idx": { + "name": "heartbeat_run_events_run_seq_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "seq", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_run_idx": { + "name": "heartbeat_run_events_company_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_created_idx": { + "name": "heartbeat_run_events_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_events_company_id_companies_id_fk": { + "name": "heartbeat_run_events_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_events_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_agent_id_agents_id_fk": { + "name": "heartbeat_run_events_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_watchdog_decisions": { + "name": "heartbeat_run_watchdog_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "evaluation_issue_id": { + "name": "evaluation_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "decision": { + "name": "decision", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "snoozed_until": { + "name": "snoozed_until", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_watchdog_decisions_company_run_created_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_watchdog_decisions_company_run_snooze_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_snooze_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "snoozed_until", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_watchdog_decisions_company_id_companies_id_fk": { + "name": "heartbeat_run_watchdog_decisions_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk": { + "name": "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "issues", + "columnsFrom": [ + "evaluation_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_runs": { + "name": "heartbeat_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "invocation_source": { + "name": "invocation_source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'on_demand'" + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "wakeup_request_id": { + "name": "wakeup_request_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "signal": { + "name": "signal", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "usage_json": { + "name": "usage_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "result_json": { + "name": "result_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_id_before": { + "name": "session_id_before", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "session_id_after": { + "name": "session_id_after", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "error_code": { + "name": "error_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_run_id": { + "name": "external_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "process_pid": { + "name": "process_pid", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_group_id": { + "name": "process_group_id", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_started_at": { + "name": "process_started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_at": { + "name": "last_output_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_seq": { + "name": "last_output_seq", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_output_stream": { + "name": "last_output_stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_output_bytes": { + "name": "last_output_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "retry_of_run_id": { + "name": "retry_of_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "process_loss_retry_count": { + "name": "process_loss_retry_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_at": { + "name": "scheduled_retry_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scheduled_retry_attempt": { + "name": "scheduled_retry_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_reason": { + "name": "scheduled_retry_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_comment_status": { + "name": "issue_comment_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'not_applicable'" + }, + "issue_comment_satisfied_by_comment_id": { + "name": "issue_comment_satisfied_by_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_comment_retry_queued_at": { + "name": "issue_comment_retry_queued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "liveness_state": { + "name": "liveness_state", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "liveness_reason": { + "name": "liveness_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "continuation_attempt": { + "name": "continuation_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_useful_action_at": { + "name": "last_useful_action_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_action": { + "name": "next_action", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "context_snapshot": { + "name": "context_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_runs_company_agent_started_idx": { + "name": "heartbeat_runs_company_agent_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_liveness_idx": { + "name": "heartbeat_runs_company_liveness_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "liveness_state", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_last_output_idx": { + "name": "heartbeat_runs_company_status_last_output_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_output_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_process_started_idx": { + "name": "heartbeat_runs_company_status_process_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "process_started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_runs_company_id_companies_id_fk": { + "name": "heartbeat_runs_company_id_companies_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_agent_id_agents_id_fk": { + "name": "heartbeat_runs_agent_id_agents_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk": { + "name": "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agent_wakeup_requests", + "columnsFrom": [ + "wakeup_request_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "retry_of_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.inbox_dismissals": { + "name": "inbox_dismissals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "item_key": { + "name": "item_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "dismissed_at": { + "name": "dismissed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "inbox_dismissals_company_user_idx": { + "name": "inbox_dismissals_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_item_idx": { + "name": "inbox_dismissals_company_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_user_item_idx": { + "name": "inbox_dismissals_company_user_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "inbox_dismissals_company_id_companies_id_fk": { + "name": "inbox_dismissals_company_id_companies_id_fk", + "tableFrom": "inbox_dismissals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_settings": { + "name": "instance_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "singleton_key": { + "name": "singleton_key", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "general": { + "name": "general", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "experimental": { + "name": "experimental", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_settings_singleton_key_idx": { + "name": "instance_settings_singleton_key_idx", + "columns": [ + { + "expression": "singleton_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_user_roles": { + "name": "instance_user_roles", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'instance_admin'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_user_roles_user_role_unique_idx": { + "name": "instance_user_roles_user_role_unique_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "instance_user_roles_role_idx": { + "name": "instance_user_roles_role_idx", + "columns": [ + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.invites": { + "name": "invites", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "invite_type": { + "name": "invite_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'company_join'" + }, + "token_hash": { + "name": "token_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "allowed_join_types": { + "name": "allowed_join_types", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'both'" + }, + "defaults_payload": { + "name": "defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "invited_by_user_id": { + "name": "invited_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "accepted_at": { + "name": "accepted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "invites_token_hash_unique_idx": { + "name": "invites_token_hash_unique_idx", + "columns": [ + { + "expression": "token_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "invites_company_invite_state_idx": { + "name": "invites_company_invite_state_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "invite_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revoked_at", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "expires_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "invites_company_id_companies_id_fk": { + "name": "invites_company_id_companies_id_fk", + "tableFrom": "invites", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_approvals": { + "name": "issue_approvals", + "schema": "", + "columns": { + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "linked_by_agent_id": { + "name": "linked_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "linked_by_user_id": { + "name": "linked_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_approvals_issue_idx": { + "name": "issue_approvals_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_approval_idx": { + "name": "issue_approvals_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_company_idx": { + "name": "issue_approvals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_approvals_company_id_companies_id_fk": { + "name": "issue_approvals_company_id_companies_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_approvals_issue_id_issues_id_fk": { + "name": "issue_approvals_issue_id_issues_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_approval_id_approvals_id_fk": { + "name": "issue_approvals_approval_id_approvals_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_linked_by_agent_id_agents_id_fk": { + "name": "issue_approvals_linked_by_agent_id_agents_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "agents", + "columnsFrom": [ + "linked_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_approvals_pk": { + "name": "issue_approvals_pk", + "columns": [ + "issue_id", + "approval_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_attachments": { + "name": "issue_attachments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_comment_id": { + "name": "issue_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_attachments_company_issue_idx": { + "name": "issue_attachments_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_issue_comment_idx": { + "name": "issue_attachments_issue_comment_idx", + "columns": [ + { + "expression": "issue_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_asset_uq": { + "name": "issue_attachments_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_attachments_company_id_companies_id_fk": { + "name": "issue_attachments_company_id_companies_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_attachments_issue_id_issues_id_fk": { + "name": "issue_attachments_issue_id_issues_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_asset_id_assets_id_fk": { + "name": "issue_attachments_asset_id_assets_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_issue_comment_id_issue_comments_id_fk": { + "name": "issue_attachments_issue_comment_id_issue_comments_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issue_comments", + "columnsFrom": [ + "issue_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_comments": { + "name": "issue_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_comments_issue_idx": { + "name": "issue_comments_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_idx": { + "name": "issue_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_issue_created_at_idx": { + "name": "issue_comments_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_author_issue_created_at_idx": { + "name": "issue_comments_company_author_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_body_search_idx": { + "name": "issue_comments_body_search_idx", + "columns": [ + { + "expression": "body", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + } + }, + "foreignKeys": { + "issue_comments_company_id_companies_id_fk": { + "name": "issue_comments_company_id_companies_id_fk", + "tableFrom": "issue_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_issue_id_issues_id_fk": { + "name": "issue_comments_issue_id_issues_id_fk", + "tableFrom": "issue_comments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_author_agent_id_agents_id_fk": { + "name": "issue_comments_author_agent_id_agents_id_fk", + "tableFrom": "issue_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_comments_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_comments", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_documents": { + "name": "issue_documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_documents_company_issue_key_uq": { + "name": "issue_documents_company_issue_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_document_uq": { + "name": "issue_documents_document_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_company_issue_updated_idx": { + "name": "issue_documents_company_issue_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_documents_company_id_companies_id_fk": { + "name": "issue_documents_company_id_companies_id_fk", + "tableFrom": "issue_documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_documents_issue_id_issues_id_fk": { + "name": "issue_documents_issue_id_issues_id_fk", + "tableFrom": "issue_documents", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_documents_document_id_documents_id_fk": { + "name": "issue_documents_document_id_documents_id_fk", + "tableFrom": "issue_documents", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_execution_decisions": { + "name": "issue_execution_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_id": { + "name": "stage_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_type": { + "name": "stage_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "actor_agent_id": { + "name": "actor_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "actor_user_id": { + "name": "actor_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "outcome": { + "name": "outcome", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_execution_decisions_company_issue_idx": { + "name": "issue_execution_decisions_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_execution_decisions_stage_idx": { + "name": "issue_execution_decisions_stage_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "stage_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_execution_decisions_company_id_companies_id_fk": { + "name": "issue_execution_decisions_company_id_companies_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_issue_id_issues_id_fk": { + "name": "issue_execution_decisions_issue_id_issues_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_execution_decisions_actor_agent_id_agents_id_fk": { + "name": "issue_execution_decisions_actor_agent_id_agents_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "agents", + "columnsFrom": [ + "actor_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_inbox_archives": { + "name": "issue_inbox_archives", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_inbox_archives_company_issue_idx": { + "name": "issue_inbox_archives_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_user_idx": { + "name": "issue_inbox_archives_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_issue_user_idx": { + "name": "issue_inbox_archives_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_inbox_archives_company_id_companies_id_fk": { + "name": "issue_inbox_archives_company_id_companies_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_inbox_archives_issue_id_issues_id_fk": { + "name": "issue_inbox_archives_issue_id_issues_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_labels": { + "name": "issue_labels", + "schema": "", + "columns": { + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "label_id": { + "name": "label_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_labels_issue_idx": { + "name": "issue_labels_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_label_idx": { + "name": "issue_labels_label_idx", + "columns": [ + { + "expression": "label_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_company_idx": { + "name": "issue_labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_labels_issue_id_issues_id_fk": { + "name": "issue_labels_issue_id_issues_id_fk", + "tableFrom": "issue_labels", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_label_id_labels_id_fk": { + "name": "issue_labels_label_id_labels_id_fk", + "tableFrom": "issue_labels", + "tableTo": "labels", + "columnsFrom": [ + "label_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_company_id_companies_id_fk": { + "name": "issue_labels_company_id_companies_id_fk", + "tableFrom": "issue_labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_labels_pk": { + "name": "issue_labels_pk", + "columns": [ + "issue_id", + "label_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_read_states": { + "name": "issue_read_states", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_read_at": { + "name": "last_read_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_read_states_company_issue_idx": { + "name": "issue_read_states_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_user_idx": { + "name": "issue_read_states_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_issue_user_idx": { + "name": "issue_read_states_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_read_states_company_id_companies_id_fk": { + "name": "issue_read_states_company_id_companies_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_read_states_issue_id_issues_id_fk": { + "name": "issue_read_states_issue_id_issues_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_reference_mentions": { + "name": "issue_reference_mentions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_issue_id": { + "name": "target_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_kind": { + "name": "source_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_record_id": { + "name": "source_record_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "document_key": { + "name": "document_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "matched_text": { + "name": "matched_text", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_reference_mentions_company_source_issue_idx": { + "name": "issue_reference_mentions_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_target_issue_idx": { + "name": "issue_reference_mentions_company_target_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_issue_pair_idx": { + "name": "issue_reference_mentions_company_issue_pair_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_record_uq": { + "name": "issue_reference_mentions_company_source_mention_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_record_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is not null", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_null_record_uq": { + "name": "issue_reference_mentions_company_source_mention_null_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is null", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_reference_mentions_company_id_companies_id_fk": { + "name": "issue_reference_mentions_company_id_companies_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_reference_mentions_source_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_source_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_reference_mentions_target_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_target_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "target_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_relations": { + "name": "issue_relations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "related_issue_id": { + "name": "related_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_relations_company_issue_idx": { + "name": "issue_relations_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_related_issue_idx": { + "name": "issue_relations_company_related_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_type_idx": { + "name": "issue_relations_company_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_edge_uq": { + "name": "issue_relations_company_edge_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_relations_company_id_companies_id_fk": { + "name": "issue_relations_company_id_companies_id_fk", + "tableFrom": "issue_relations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_relations_issue_id_issues_id_fk": { + "name": "issue_relations_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_related_issue_id_issues_id_fk": { + "name": "issue_relations_related_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "related_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_created_by_agent_id_agents_id_fk": { + "name": "issue_relations_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_relations", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_thread_interactions": { + "name": "issue_thread_interactions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "continuation_policy": { + "name": "continuation_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'wake_assignee'" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_comment_id": { + "name": "source_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_run_id": { + "name": "source_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "resolved_by_agent_id": { + "name": "resolved_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_by_user_id": { + "name": "resolved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "result": { + "name": "result", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_thread_interactions_issue_idx": { + "name": "issue_thread_interactions_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_created_at_idx": { + "name": "issue_thread_interactions_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_status_idx": { + "name": "issue_thread_interactions_company_issue_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_idempotency_uq": { + "name": "issue_thread_interactions_company_issue_idempotency_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_thread_interactions\".\"idempotency_key\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_source_comment_idx": { + "name": "issue_thread_interactions_source_comment_idx", + "columns": [ + { + "expression": "source_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_thread_interactions_company_id_companies_id_fk": { + "name": "issue_thread_interactions_company_id_companies_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_issue_id_issues_id_fk": { + "name": "issue_thread_interactions_issue_id_issues_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_comment_id_issue_comments_id_fk": { + "name": "issue_thread_interactions_source_comment_id_issue_comments_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issue_comments", + "columnsFrom": [ + "source_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk": { + "name": "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "source_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_created_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_resolved_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_resolved_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "resolved_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_hold_members": { + "name": "issue_tree_hold_members", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "hold_id": { + "name": "hold_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "depth": { + "name": "depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "issue_identifier": { + "name": "issue_identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_title": { + "name": "issue_title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "issue_status": { + "name": "issue_status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "active_run_id": { + "name": "active_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "active_run_status": { + "name": "active_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "skipped": { + "name": "skipped", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "skip_reason": { + "name": "skip_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_hold_members_hold_issue_uq": { + "name": "issue_tree_hold_members_hold_issue_uq", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_company_issue_idx": { + "name": "issue_tree_hold_members_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_hold_depth_idx": { + "name": "issue_tree_hold_members_hold_depth_idx", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "depth", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_hold_members_company_id_companies_id_fk": { + "name": "issue_tree_hold_members_company_id_companies_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk": { + "name": "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issue_tree_holds", + "columnsFrom": [ + "hold_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_parent_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_parent_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_assignee_agent_id_agents_id_fk": { + "name": "issue_tree_hold_members_assignee_agent_id_agents_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "active_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_holds": { + "name": "issue_tree_holds", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "root_issue_id": { + "name": "root_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_policy": { + "name": "release_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_actor_type": { + "name": "created_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_by_actor_type": { + "name": "released_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_agent_id": { + "name": "released_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_by_user_id": { + "name": "released_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_run_id": { + "name": "released_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "release_reason": { + "name": "release_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_metadata": { + "name": "release_metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_holds_company_root_status_idx": { + "name": "issue_tree_holds_company_root_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "root_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_holds_company_status_mode_idx": { + "name": "issue_tree_holds_company_status_mode_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "mode", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_holds_company_id_companies_id_fk": { + "name": "issue_tree_holds_company_id_companies_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_holds_root_issue_id_issues_id_fk": { + "name": "issue_tree_holds_root_issue_id_issues_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "issues", + "columnsFrom": [ + "root_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_released_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "released_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "released_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_work_products": { + "name": "issue_work_products", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "runtime_service_id": { + "name": "runtime_service_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "review_state": { + "name": "review_state", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'none'" + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_work_products_company_issue_type_idx": { + "name": "issue_work_products_company_issue_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_execution_workspace_type_idx": { + "name": "issue_work_products_company_execution_workspace_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_provider_external_id_idx": { + "name": "issue_work_products_company_provider_external_id_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_updated_idx": { + "name": "issue_work_products_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_work_products_company_id_companies_id_fk": { + "name": "issue_work_products_company_id_companies_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_work_products_project_id_projects_id_fk": { + "name": "issue_work_products_project_id_projects_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_issue_id_issues_id_fk": { + "name": "issue_work_products_issue_id_issues_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_work_products_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issue_work_products_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk": { + "name": "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "workspace_runtime_services", + "columnsFrom": [ + "runtime_service_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_work_products_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issues": { + "name": "issues", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "checkout_run_id": { + "name": "checkout_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_run_id": { + "name": "execution_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_agent_name_key": { + "name": "execution_agent_name_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_locked_at": { + "name": "execution_locked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_number": { + "name": "issue_number", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_kind": { + "name": "origin_kind", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'manual'" + }, + "origin_id": { + "name": "origin_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_run_id": { + "name": "origin_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_fingerprint": { + "name": "origin_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "request_depth": { + "name": "request_depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_adapter_overrides": { + "name": "assignee_adapter_overrides", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_policy": { + "name": "execution_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_state": { + "name": "execution_state", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "monitor_next_check_at": { + "name": "monitor_next_check_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_wake_requested_at": { + "name": "monitor_wake_requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_last_triggered_at": { + "name": "monitor_last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_attempt_count": { + "name": "monitor_attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "monitor_notes": { + "name": "monitor_notes", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "monitor_scheduled_by": { + "name": "monitor_scheduled_by", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_preference": { + "name": "execution_workspace_preference", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_settings": { + "name": "execution_workspace_settings", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "hidden_at": { + "name": "hidden_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issues_company_status_idx": { + "name": "issues_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_status_idx": { + "name": "issues_company_assignee_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_user_status_idx": { + "name": "issues_company_assignee_user_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_parent_idx": { + "name": "issues_company_parent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "parent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_idx": { + "name": "issues_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_origin_idx": { + "name": "issues_company_origin_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_workspace_idx": { + "name": "issues_company_project_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_execution_workspace_idx": { + "name": "issues_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_monitor_due_idx": { + "name": "issues_company_monitor_due_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "monitor_next_check_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_identifier_idx": { + "name": "issues_identifier_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_title_search_idx": { + "name": "issues_title_search_idx", + "columns": [ + { + "expression": "title", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_identifier_search_idx": { + "name": "issues_identifier_search_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_description_search_idx": { + "name": "issues_description_search_idx", + "columns": [ + { + "expression": "description", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_open_routine_execution_uq": { + "name": "issues_open_routine_execution_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'routine_execution'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"execution_run_id\" is not null\n and \"issues\".\"status\" in ('backlog', 'todo', 'in_progress', 'in_review', 'blocked')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_incident_uq": { + "name": "issues_active_liveness_recovery_incident_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_leaf_uq": { + "name": "issues_active_liveness_recovery_leaf_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_fingerprint\" <> 'default'\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stale_run_evaluation_uq": { + "name": "issues_active_stale_run_evaluation_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stale_active_run_evaluation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_productivity_review_uq": { + "name": "issues_active_productivity_review_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'issue_productivity_review'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stranded_issue_recovery_uq": { + "name": "issues_active_stranded_issue_recovery_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stranded_issue_recovery'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issues_company_id_companies_id_fk": { + "name": "issues_company_id_companies_id_fk", + "tableFrom": "issues", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_id_projects_id_fk": { + "name": "issues_project_id_projects_id_fk", + "tableFrom": "issues", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_workspace_id_project_workspaces_id_fk": { + "name": "issues_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_goal_id_goals_id_fk": { + "name": "issues_goal_id_goals_id_fk", + "tableFrom": "issues", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_parent_id_issues_id_fk": { + "name": "issues_parent_id_issues_id_fk", + "tableFrom": "issues", + "tableTo": "issues", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_assignee_agent_id_agents_id_fk": { + "name": "issues_assignee_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_checkout_run_id_heartbeat_runs_id_fk": { + "name": "issues_checkout_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "checkout_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_execution_run_id_heartbeat_runs_id_fk": { + "name": "issues_execution_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "execution_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_created_by_agent_id_agents_id_fk": { + "name": "issues_created_by_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issues_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.join_requests": { + "name": "join_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "invite_id": { + "name": "invite_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "request_type": { + "name": "request_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending_approval'" + }, + "request_ip": { + "name": "request_ip", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requesting_user_id": { + "name": "requesting_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "request_email_snapshot": { + "name": "request_email_snapshot", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_name": { + "name": "agent_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_defaults_payload": { + "name": "agent_defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "claim_secret_hash": { + "name": "claim_secret_hash", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "claim_secret_expires_at": { + "name": "claim_secret_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "claim_secret_consumed_at": { + "name": "claim_secret_consumed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_agent_id": { + "name": "created_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "rejected_by_user_id": { + "name": "rejected_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "rejected_at": { + "name": "rejected_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "join_requests_invite_unique_idx": { + "name": "join_requests_invite_unique_idx", + "columns": [ + { + "expression": "invite_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_company_status_type_created_idx": { + "name": "join_requests_company_status_type_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "request_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_user_uq": { + "name": "join_requests_pending_human_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requesting_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"requesting_user_id\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_email_uq": { + "name": "join_requests_pending_human_email_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "lower(\"request_email_snapshot\")", + "asc": true, + "isExpression": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"request_email_snapshot\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "join_requests_invite_id_invites_id_fk": { + "name": "join_requests_invite_id_invites_id_fk", + "tableFrom": "join_requests", + "tableTo": "invites", + "columnsFrom": [ + "invite_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_company_id_companies_id_fk": { + "name": "join_requests_company_id_companies_id_fk", + "tableFrom": "join_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_created_agent_id_agents_id_fk": { + "name": "join_requests_created_agent_id_agents_id_fk", + "tableFrom": "join_requests", + "tableTo": "agents", + "columnsFrom": [ + "created_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.labels": { + "name": "labels", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "labels_company_idx": { + "name": "labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "labels_company_name_idx": { + "name": "labels_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "labels_company_id_companies_id_fk": { + "name": "labels_company_id_companies_id_fk", + "tableFrom": "labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_company_settings": { + "name": "plugin_company_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "settings_json": { + "name": "settings_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_company_settings_company_idx": { + "name": "plugin_company_settings_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_plugin_idx": { + "name": "plugin_company_settings_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_company_plugin_uq": { + "name": "plugin_company_settings_company_plugin_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_company_settings_company_id_companies_id_fk": { + "name": "plugin_company_settings_company_id_companies_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_company_settings_plugin_id_plugins_id_fk": { + "name": "plugin_company_settings_plugin_id_plugins_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_config": { + "name": "plugin_config", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "config_json": { + "name": "config_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_config_plugin_id_idx": { + "name": "plugin_config_plugin_id_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_config_plugin_id_plugins_id_fk": { + "name": "plugin_config_plugin_id_plugins_id_fk", + "tableFrom": "plugin_config", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_database_namespaces": { + "name": "plugin_database_namespaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_mode": { + "name": "namespace_mode", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'schema'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_database_namespaces_plugin_idx": { + "name": "plugin_database_namespaces_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_namespace_idx": { + "name": "plugin_database_namespaces_namespace_idx", + "columns": [ + { + "expression": "namespace_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_status_idx": { + "name": "plugin_database_namespaces_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_database_namespaces_plugin_id_plugins_id_fk": { + "name": "plugin_database_namespaces_plugin_id_plugins_id_fk", + "tableFrom": "plugin_database_namespaces", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_entities": { + "name": "plugin_entities", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "data": { + "name": "data", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_entities_plugin_idx": { + "name": "plugin_entities_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_type_idx": { + "name": "plugin_entities_type_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_scope_idx": { + "name": "plugin_entities_scope_idx", + "columns": [ + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_external_idx": { + "name": "plugin_entities_external_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_entities_plugin_id_plugins_id_fk": { + "name": "plugin_entities_plugin_id_plugins_id_fk", + "tableFrom": "plugin_entities", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_job_runs": { + "name": "plugin_job_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "job_id": { + "name": "job_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger": { + "name": "trigger", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "logs": { + "name": "logs", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_job_runs_job_idx": { + "name": "plugin_job_runs_job_idx", + "columns": [ + { + "expression": "job_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_plugin_idx": { + "name": "plugin_job_runs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_status_idx": { + "name": "plugin_job_runs_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_job_runs_job_id_plugin_jobs_id_fk": { + "name": "plugin_job_runs_job_id_plugin_jobs_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugin_jobs", + "columnsFrom": [ + "job_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_job_runs_plugin_id_plugins_id_fk": { + "name": "plugin_job_runs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_jobs": { + "name": "plugin_jobs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "job_key": { + "name": "job_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "schedule": { + "name": "schedule", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "last_run_at": { + "name": "last_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_jobs_plugin_idx": { + "name": "plugin_jobs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_next_run_idx": { + "name": "plugin_jobs_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_unique_idx": { + "name": "plugin_jobs_unique_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "job_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_jobs_plugin_id_plugins_id_fk": { + "name": "plugin_jobs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_jobs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_logs": { + "name": "plugin_logs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'info'" + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "meta": { + "name": "meta", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_logs_plugin_time_idx": { + "name": "plugin_logs_plugin_time_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_logs_level_idx": { + "name": "plugin_logs_level_idx", + "columns": [ + { + "expression": "level", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_logs_plugin_id_plugins_id_fk": { + "name": "plugin_logs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_logs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_migrations": { + "name": "plugin_migrations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "migration_key": { + "name": "migration_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "checksum": { + "name": "checksum", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "plugin_version": { + "name": "plugin_version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "applied_at": { + "name": "applied_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error_message": { + "name": "error_message", + "type": "text", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "plugin_migrations_plugin_key_idx": { + "name": "plugin_migrations_plugin_key_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "migration_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_plugin_idx": { + "name": "plugin_migrations_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_status_idx": { + "name": "plugin_migrations_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_migrations_plugin_id_plugins_id_fk": { + "name": "plugin_migrations_plugin_id_plugins_id_fk", + "tableFrom": "plugin_migrations", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_state": { + "name": "plugin_state", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "namespace": { + "name": "namespace", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "state_key": { + "name": "state_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value_json": { + "name": "value_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_state_plugin_scope_idx": { + "name": "plugin_state_plugin_scope_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_state_plugin_id_plugins_id_fk": { + "name": "plugin_state_plugin_id_plugins_id_fk", + "tableFrom": "plugin_state", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "plugin_state_unique_entry_idx": { + "name": "plugin_state_unique_entry_idx", + "nullsNotDistinct": true, + "columns": [ + "plugin_id", + "scope_kind", + "scope_id", + "namespace", + "state_key" + ] + } + }, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_webhook_deliveries": { + "name": "plugin_webhook_deliveries", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "webhook_key": { + "name": "webhook_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "headers": { + "name": "headers", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_webhook_deliveries_plugin_idx": { + "name": "plugin_webhook_deliveries_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_status_idx": { + "name": "plugin_webhook_deliveries_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_key_idx": { + "name": "plugin_webhook_deliveries_key_idx", + "columns": [ + { + "expression": "webhook_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_webhook_deliveries_plugin_id_plugins_id_fk": { + "name": "plugin_webhook_deliveries_plugin_id_plugins_id_fk", + "tableFrom": "plugin_webhook_deliveries", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugins": { + "name": "plugins", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "package_name": { + "name": "package_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "api_version": { + "name": "api_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "categories": { + "name": "categories", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "manifest_json": { + "name": "manifest_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'installed'" + }, + "install_order": { + "name": "install_order", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "package_path": { + "name": "package_path", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "installed_at": { + "name": "installed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugins_plugin_key_idx": { + "name": "plugins_plugin_key_idx", + "columns": [ + { + "expression": "plugin_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugins_status_idx": { + "name": "plugins_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.principal_permission_grants": { + "name": "principal_permission_grants", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "permission_key": { + "name": "permission_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope": { + "name": "scope", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "granted_by_user_id": { + "name": "granted_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "principal_permission_grants_unique_idx": { + "name": "principal_permission_grants_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "principal_permission_grants_company_permission_idx": { + "name": "principal_permission_grants_company_permission_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "principal_permission_grants_company_id_companies_id_fk": { + "name": "principal_permission_grants_company_id_companies_id_fk", + "tableFrom": "principal_permission_grants", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_goals": { + "name": "project_goals", + "schema": "", + "columns": { + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_goals_project_idx": { + "name": "project_goals_project_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_goal_idx": { + "name": "project_goals_goal_idx", + "columns": [ + { + "expression": "goal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_company_idx": { + "name": "project_goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_goals_project_id_projects_id_fk": { + "name": "project_goals_project_id_projects_id_fk", + "tableFrom": "project_goals", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_goal_id_goals_id_fk": { + "name": "project_goals_goal_id_goals_id_fk", + "tableFrom": "project_goals", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_company_id_companies_id_fk": { + "name": "project_goals_company_id_companies_id_fk", + "tableFrom": "project_goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "project_goals_project_id_goal_id_pk": { + "name": "project_goals_project_id_goal_id_pk", + "columns": [ + "project_id", + "goal_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_workspaces": { + "name": "project_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_ref": { + "name": "repo_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "default_ref": { + "name": "default_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "visibility": { + "name": "visibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "setup_command": { + "name": "setup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_command": { + "name": "cleanup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_provider": { + "name": "remote_provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_workspace_ref": { + "name": "remote_workspace_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_workspace_key": { + "name": "shared_workspace_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_workspaces_company_project_idx": { + "name": "project_workspaces_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_primary_idx": { + "name": "project_workspaces_project_primary_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_primary", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_source_type_idx": { + "name": "project_workspaces_project_source_type_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_company_shared_key_idx": { + "name": "project_workspaces_company_shared_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "shared_workspace_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_remote_ref_idx": { + "name": "project_workspaces_project_remote_ref_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_workspace_ref", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_workspaces_company_id_companies_id_fk": { + "name": "project_workspaces_company_id_companies_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "project_workspaces_project_id_projects_id_fk": { + "name": "project_workspaces_project_id_projects_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.projects": { + "name": "projects", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "lead_agent_id": { + "name": "lead_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "target_date": { + "name": "target_date", + "type": "date", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "env": { + "name": "env", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_policy": { + "name": "execution_workspace_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "projects_company_idx": { + "name": "projects_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "projects_company_id_companies_id_fk": { + "name": "projects_company_id_companies_id_fk", + "tableFrom": "projects", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_goal_id_goals_id_fk": { + "name": "projects_goal_id_goals_id_fk", + "tableFrom": "projects", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_lead_agent_id_agents_id_fk": { + "name": "projects_lead_agent_id_agents_id_fk", + "tableFrom": "projects", + "tableTo": "agents", + "columnsFrom": [ + "lead_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_revisions": { + "name": "routine_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "revision_number": { + "name": "revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "snapshot": { + "name": "snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "change_summary": { + "name": "change_summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "restored_from_revision_id": { + "name": "restored_from_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_revisions_routine_revision_uq": { + "name": "routine_revisions_routine_revision_uq", + "columns": [ + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revision_number", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_revisions_company_routine_created_idx": { + "name": "routine_revisions_company_routine_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_revisions_company_id_companies_id_fk": { + "name": "routine_revisions_company_id_companies_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_revisions_routine_id_routines_id_fk": { + "name": "routine_revisions_routine_id_routines_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_revisions_restored_from_revision_id_routine_revisions_id_fk": { + "name": "routine_revisions_restored_from_revision_id_routine_revisions_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "routine_revisions", + "columnsFrom": [ + "restored_from_revision_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_revisions_created_by_agent_id_agents_id_fk": { + "name": "routine_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_revisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "routine_revisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_runs": { + "name": "routine_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger_id": { + "name": "trigger_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'received'" + }, + "triggered_at": { + "name": "triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trigger_payload": { + "name": "trigger_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "dispatch_fingerprint": { + "name": "dispatch_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "linked_issue_id": { + "name": "linked_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "coalesced_into_run_id": { + "name": "coalesced_into_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_runs_company_routine_idx": { + "name": "routine_runs_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idx": { + "name": "routine_runs_trigger_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_dispatch_fingerprint_idx": { + "name": "routine_runs_dispatch_fingerprint_idx", + "columns": [ + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "dispatch_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_linked_issue_idx": { + "name": "routine_runs_linked_issue_idx", + "columns": [ + { + "expression": "linked_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idempotency_idx": { + "name": "routine_runs_trigger_idempotency_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_runs_company_id_companies_id_fk": { + "name": "routine_runs_company_id_companies_id_fk", + "tableFrom": "routine_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_routine_id_routines_id_fk": { + "name": "routine_runs_routine_id_routines_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_trigger_id_routine_triggers_id_fk": { + "name": "routine_runs_trigger_id_routine_triggers_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routine_triggers", + "columnsFrom": [ + "trigger_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_runs_linked_issue_id_issues_id_fk": { + "name": "routine_runs_linked_issue_id_issues_id_fk", + "tableFrom": "routine_runs", + "tableTo": "issues", + "columnsFrom": [ + "linked_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_triggers": { + "name": "routine_triggers", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "cron_expression": { + "name": "cron_expression", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "timezone": { + "name": "timezone", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_fired_at": { + "name": "last_fired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "public_id": { + "name": "public_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "signing_mode": { + "name": "signing_mode", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "replay_window_sec": { + "name": "replay_window_sec", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "last_rotated_at": { + "name": "last_rotated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_result": { + "name": "last_result", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_triggers_company_routine_idx": { + "name": "routine_triggers_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_company_kind_idx": { + "name": "routine_triggers_company_kind_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_next_run_idx": { + "name": "routine_triggers_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_idx": { + "name": "routine_triggers_public_id_idx", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_uq": { + "name": "routine_triggers_public_id_uq", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_triggers_company_id_companies_id_fk": { + "name": "routine_triggers_company_id_companies_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_routine_id_routines_id_fk": { + "name": "routine_triggers_routine_id_routines_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_secret_id_company_secrets_id_fk": { + "name": "routine_triggers_secret_id_company_secrets_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_created_by_agent_id_agents_id_fk": { + "name": "routine_triggers_created_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_updated_by_agent_id_agents_id_fk": { + "name": "routine_triggers_updated_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routines": { + "name": "routines", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "concurrency_policy": { + "name": "concurrency_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'coalesce_if_active'" + }, + "catch_up_policy": { + "name": "catch_up_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'skip_missed'" + }, + "variables": { + "name": "variables", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "latest_revision_id": { + "name": "latest_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "latest_revision_number": { + "name": "latest_revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_triggered_at": { + "name": "last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_enqueued_at": { + "name": "last_enqueued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routines_company_status_idx": { + "name": "routines_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_assignee_idx": { + "name": "routines_company_assignee_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_project_idx": { + "name": "routines_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routines_company_id_companies_id_fk": { + "name": "routines_company_id_companies_id_fk", + "tableFrom": "routines", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_project_id_projects_id_fk": { + "name": "routines_project_id_projects_id_fk", + "tableFrom": "routines", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_goal_id_goals_id_fk": { + "name": "routines_goal_id_goals_id_fk", + "tableFrom": "routines", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_parent_issue_id_issues_id_fk": { + "name": "routines_parent_issue_id_issues_id_fk", + "tableFrom": "routines", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_assignee_agent_id_agents_id_fk": { + "name": "routines_assignee_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "routines_created_by_agent_id_agents_id_fk": { + "name": "routines_created_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_updated_by_agent_id_agents_id_fk": { + "name": "routines_updated_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user_sidebar_preferences": { + "name": "user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "company_order": { + "name": "company_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "user_sidebar_preferences_user_uq": { + "name": "user_sidebar_preferences_user_uq", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_operations": { + "name": "workspace_operations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "phase": { + "name": "phase", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'running'" + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_operations_company_run_started_idx": { + "name": "workspace_operations_company_run_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_operations_company_workspace_started_idx": { + "name": "workspace_operations_company_workspace_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_operations_company_id_companies_id_fk": { + "name": "workspace_operations_company_id_companies_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_operations_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_operations_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_runtime_services": { + "name": "workspace_runtime_services", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "service_name": { + "name": "service_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "lifecycle": { + "name": "lifecycle", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reuse_key": { + "name": "reuse_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "port": { + "name": "port", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "started_by_run_id": { + "name": "started_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "stopped_at": { + "name": "stopped_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "stop_policy": { + "name": "stop_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_runtime_services_company_workspace_status_idx": { + "name": "workspace_runtime_services_company_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_execution_workspace_status_idx": { + "name": "workspace_runtime_services_company_execution_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_project_status_idx": { + "name": "workspace_runtime_services_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_run_idx": { + "name": "workspace_runtime_services_run_idx", + "columns": [ + { + "expression": "started_by_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_updated_idx": { + "name": "workspace_runtime_services_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_runtime_services_company_id_companies_id_fk": { + "name": "workspace_runtime_services_company_id_companies_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_id_projects_id_fk": { + "name": "workspace_runtime_services_project_id_projects_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk": { + "name": "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_issue_id_issues_id_fk": { + "name": "workspace_runtime_services_issue_id_issues_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_owner_agent_id_agents_id_fk": { + "name": "workspace_runtime_services_owner_agent_id_agents_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk": { + "name": "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "started_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_managed_resources": { + "name": "plugin_managed_resources", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_kind": { + "name": "resource_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_key": { + "name": "resource_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_id": { + "name": "resource_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "defaults_json": { + "name": "defaults_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_managed_resources_company_idx": { + "name": "plugin_managed_resources_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_plugin_idx": { + "name": "plugin_managed_resources_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_resource_idx": { + "name": "plugin_managed_resources_resource_idx", + "columns": [ + { + "expression": "resource_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_company_plugin_resource_uq": { + "name": "plugin_managed_resources_company_plugin_resource_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_managed_resources_company_id_companies_id_fk": { + "name": "plugin_managed_resources_company_id_companies_id_fk", + "tableFrom": "plugin_managed_resources", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_managed_resources_plugin_id_plugins_id_fk": { + "name": "plugin_managed_resources_plugin_id_plugins_id_fk", + "tableFrom": "plugin_managed_resources", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + } + }, + "enums": {}, + "schemas": {}, + "sequences": {}, + "roles": {}, + "policies": {}, + "views": {}, + "_meta": { + "columns": {}, + "schemas": {}, + "tables": {} + } +} diff --git a/packages/db/src/migrations/meta/0078_snapshot.json b/packages/db/src/migrations/meta/0078_snapshot.json new file mode 100644 index 00000000..2298a0a3 --- /dev/null +++ b/packages/db/src/migrations/meta/0078_snapshot.json @@ -0,0 +1,16373 @@ +{ + "id": "50cf2dfe-df7b-4f02-a169-edbae599cf39", + "prevId": "c0bac1d6-c931-4bef-b3d6-f7746ab492ac", + "version": "7", + "dialect": "postgresql", + "tables": { + "public.activity_log": { + "name": "activity_log", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "actor_type": { + "name": "actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "actor_id": { + "name": "actor_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "action": { + "name": "action", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_id": { + "name": "entity_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "details": { + "name": "details", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "activity_log_company_created_idx": { + "name": "activity_log_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_run_id_idx": { + "name": "activity_log_run_id_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_entity_type_id_idx": { + "name": "activity_log_entity_type_id_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "activity_log_company_id_companies_id_fk": { + "name": "activity_log_company_id_companies_id_fk", + "tableFrom": "activity_log", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_agent_id_agents_id_fk": { + "name": "activity_log_agent_id_agents_id_fk", + "tableFrom": "activity_log", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_run_id_heartbeat_runs_id_fk": { + "name": "activity_log_run_id_heartbeat_runs_id_fk", + "tableFrom": "activity_log", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_api_keys": { + "name": "agent_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_api_keys_key_hash_idx": { + "name": "agent_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_api_keys_company_agent_idx": { + "name": "agent_api_keys_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_api_keys_agent_id_agents_id_fk": { + "name": "agent_api_keys_agent_id_agents_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_api_keys_company_id_companies_id_fk": { + "name": "agent_api_keys_company_id_companies_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_config_revisions": { + "name": "agent_config_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'patch'" + }, + "rolled_back_from_revision_id": { + "name": "rolled_back_from_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "changed_keys": { + "name": "changed_keys", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "before_config": { + "name": "before_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "after_config": { + "name": "after_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_config_revisions_company_agent_created_idx": { + "name": "agent_config_revisions_company_agent_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_config_revisions_agent_created_idx": { + "name": "agent_config_revisions_agent_created_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_config_revisions_company_id_companies_id_fk": { + "name": "agent_config_revisions_company_id_companies_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_config_revisions_agent_id_agents_id_fk": { + "name": "agent_config_revisions_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "agent_config_revisions_created_by_agent_id_agents_id_fk": { + "name": "agent_config_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_runtime_state": { + "name": "agent_runtime_state", + "schema": "", + "columns": { + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "state_json": { + "name": "state_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_run_status": { + "name": "last_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "total_input_tokens": { + "name": "total_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_output_tokens": { + "name": "total_output_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cached_input_tokens": { + "name": "total_cached_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cost_cents": { + "name": "total_cost_cents", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_runtime_state_company_agent_idx": { + "name": "agent_runtime_state_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_runtime_state_company_updated_idx": { + "name": "agent_runtime_state_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_runtime_state_agent_id_agents_id_fk": { + "name": "agent_runtime_state_agent_id_agents_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_runtime_state_company_id_companies_id_fk": { + "name": "agent_runtime_state_company_id_companies_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_task_sessions": { + "name": "agent_task_sessions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "task_key": { + "name": "task_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_params_json": { + "name": "session_params_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_display_id": { + "name": "session_display_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_task_sessions_company_agent_adapter_task_uniq": { + "name": "agent_task_sessions_company_agent_adapter_task_uniq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "adapter_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_agent_updated_idx": { + "name": "agent_task_sessions_company_agent_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_task_updated_idx": { + "name": "agent_task_sessions_company_task_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_task_sessions_company_id_companies_id_fk": { + "name": "agent_task_sessions_company_id_companies_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_agent_id_agents_id_fk": { + "name": "agent_task_sessions_agent_id_agents_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_last_run_id_heartbeat_runs_id_fk": { + "name": "agent_task_sessions_last_run_id_heartbeat_runs_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "last_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_wakeup_requests": { + "name": "agent_wakeup_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "coalesced_count": { + "name": "coalesced_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "requested_by_actor_type": { + "name": "requested_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_by_actor_id": { + "name": "requested_by_actor_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_at": { + "name": "requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "claimed_at": { + "name": "claimed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_wakeup_requests_company_agent_status_idx": { + "name": "agent_wakeup_requests_company_agent_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_company_requested_idx": { + "name": "agent_wakeup_requests_company_requested_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_agent_requested_idx": { + "name": "agent_wakeup_requests_agent_requested_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_wakeup_requests_company_id_companies_id_fk": { + "name": "agent_wakeup_requests_company_id_companies_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_wakeup_requests_agent_id_agents_id_fk": { + "name": "agent_wakeup_requests_agent_id_agents_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agents": { + "name": "agents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'general'" + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "icon": { + "name": "icon", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'idle'" + }, + "reports_to": { + "name": "reports_to", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'process'" + }, + "adapter_config": { + "name": "adapter_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "runtime_config": { + "name": "runtime_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "default_environment_id": { + "name": "default_environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "permissions": { + "name": "permissions", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_heartbeat_at": { + "name": "last_heartbeat_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agents_company_status_idx": { + "name": "agents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_reports_to_idx": { + "name": "agents_company_reports_to_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "reports_to", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_default_environment_idx": { + "name": "agents_company_default_environment_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "default_environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agents_company_id_companies_id_fk": { + "name": "agents_company_id_companies_id_fk", + "tableFrom": "agents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_reports_to_agents_id_fk": { + "name": "agents_reports_to_agents_id_fk", + "tableFrom": "agents", + "tableTo": "agents", + "columnsFrom": [ + "reports_to" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_default_environment_id_environments_id_fk": { + "name": "agents_default_environment_id_environments_id_fk", + "tableFrom": "agents", + "tableTo": "environments", + "columnsFrom": [ + "default_environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approval_comments": { + "name": "approval_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approval_comments_company_idx": { + "name": "approval_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_idx": { + "name": "approval_comments_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_created_idx": { + "name": "approval_comments_approval_created_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approval_comments_company_id_companies_id_fk": { + "name": "approval_comments_company_id_companies_id_fk", + "tableFrom": "approval_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_approval_id_approvals_id_fk": { + "name": "approval_comments_approval_id_approvals_id_fk", + "tableFrom": "approval_comments", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_author_agent_id_agents_id_fk": { + "name": "approval_comments_author_agent_id_agents_id_fk", + "tableFrom": "approval_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approvals": { + "name": "approvals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requested_by_agent_id": { + "name": "requested_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_by_user_id": { + "name": "requested_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "decision_note": { + "name": "decision_note", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_by_user_id": { + "name": "decided_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_at": { + "name": "decided_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approvals_company_status_type_idx": { + "name": "approvals_company_status_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approvals_company_id_companies_id_fk": { + "name": "approvals_company_id_companies_id_fk", + "tableFrom": "approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approvals_requested_by_agent_id_agents_id_fk": { + "name": "approvals_requested_by_agent_id_agents_id_fk", + "tableFrom": "approvals", + "tableTo": "agents", + "columnsFrom": [ + "requested_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.assets": { + "name": "assets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "object_key": { + "name": "object_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "content_type": { + "name": "content_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "byte_size": { + "name": "byte_size", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "sha256": { + "name": "sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "original_filename": { + "name": "original_filename", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "assets_company_created_idx": { + "name": "assets_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_provider_idx": { + "name": "assets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_object_key_uq": { + "name": "assets_company_object_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "object_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "assets_company_id_companies_id_fk": { + "name": "assets_company_id_companies_id_fk", + "tableFrom": "assets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "assets_created_by_agent_id_agents_id_fk": { + "name": "assets_created_by_agent_id_agents_id_fk", + "tableFrom": "assets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.account": { + "name": "account", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_id": { + "name": "provider_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "access_token": { + "name": "access_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "refresh_token": { + "name": "refresh_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "id_token": { + "name": "id_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "access_token_expires_at": { + "name": "access_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "refresh_token_expires_at": { + "name": "refresh_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scope": { + "name": "scope", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "password": { + "name": "password", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "account_user_id_user_id_fk": { + "name": "account_user_id_user_id_fk", + "tableFrom": "account", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.session": { + "name": "session", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "token": { + "name": "token", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "ip_address": { + "name": "ip_address", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_agent": { + "name": "user_agent", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "session_user_id_user_id_fk": { + "name": "session_user_id_user_id_fk", + "tableFrom": "session", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user": { + "name": "user", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email": { + "name": "email", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email_verified": { + "name": "email_verified", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "image": { + "name": "image", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.verification": { + "name": "verification", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value": { + "name": "value", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.board_api_keys": { + "name": "board_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "board_api_keys_key_hash_idx": { + "name": "board_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "board_api_keys_user_idx": { + "name": "board_api_keys_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "board_api_keys_user_id_user_id_fk": { + "name": "board_api_keys_user_id_user_id_fk", + "tableFrom": "board_api_keys", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_incidents": { + "name": "budget_incidents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "policy_id": { + "name": "policy_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_start": { + "name": "window_start", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "window_end": { + "name": "window_end", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "threshold_type": { + "name": "threshold_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount_limit": { + "name": "amount_limit", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "amount_observed": { + "name": "amount_observed", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'open'" + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_incidents_company_status_idx": { + "name": "budget_incidents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_company_scope_idx": { + "name": "budget_incidents_company_scope_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_policy_window_threshold_idx": { + "name": "budget_incidents_policy_window_threshold_idx", + "columns": [ + { + "expression": "policy_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_start", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "threshold_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"budget_incidents\".\"status\" <> 'dismissed'", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_incidents_company_id_companies_id_fk": { + "name": "budget_incidents_company_id_companies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_policy_id_budget_policies_id_fk": { + "name": "budget_incidents_policy_id_budget_policies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "budget_policies", + "columnsFrom": [ + "policy_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_approval_id_approvals_id_fk": { + "name": "budget_incidents_approval_id_approvals_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_policies": { + "name": "budget_policies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'billed_cents'" + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount": { + "name": "amount", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "warn_percent": { + "name": "warn_percent", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 80 + }, + "hard_stop_enabled": { + "name": "hard_stop_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "notify_enabled": { + "name": "notify_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "is_active": { + "name": "is_active", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_policies_company_scope_active_idx": { + "name": "budget_policies_company_scope_active_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_active", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_window_idx": { + "name": "budget_policies_company_window_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_scope_metric_unique_idx": { + "name": "budget_policies_company_scope_metric_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_policies_company_id_companies_id_fk": { + "name": "budget_policies_company_id_companies_id_fk", + "tableFrom": "budget_policies", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cli_auth_challenges": { + "name": "cli_auth_challenges", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_hash": { + "name": "secret_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "client_name": { + "name": "client_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_access": { + "name": "requested_access", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'board'" + }, + "requested_company_id": { + "name": "requested_company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "pending_key_hash": { + "name": "pending_key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "pending_key_name": { + "name": "pending_key_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "board_api_key_id": { + "name": "board_api_key_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cli_auth_challenges_secret_hash_idx": { + "name": "cli_auth_challenges_secret_hash_idx", + "columns": [ + { + "expression": "secret_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_approved_by_idx": { + "name": "cli_auth_challenges_approved_by_idx", + "columns": [ + { + "expression": "approved_by_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_requested_company_idx": { + "name": "cli_auth_challenges_requested_company_idx", + "columns": [ + { + "expression": "requested_company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cli_auth_challenges_requested_company_id_companies_id_fk": { + "name": "cli_auth_challenges_requested_company_id_companies_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "companies", + "columnsFrom": [ + "requested_company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_approved_by_user_id_user_id_fk": { + "name": "cli_auth_challenges_approved_by_user_id_user_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "user", + "columnsFrom": [ + "approved_by_user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk": { + "name": "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "board_api_keys", + "columnsFrom": [ + "board_api_key_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.companies": { + "name": "companies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "issue_prefix": { + "name": "issue_prefix", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'PAP'" + }, + "issue_counter": { + "name": "issue_counter", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "attachment_max_bytes": { + "name": "attachment_max_bytes", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 10485760 + }, + "require_board_approval_for_new_agents": { + "name": "require_board_approval_for_new_agents", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_enabled": { + "name": "feedback_data_sharing_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_consent_at": { + "name": "feedback_data_sharing_consent_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_consent_by_user_id": { + "name": "feedback_data_sharing_consent_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_terms_version": { + "name": "feedback_data_sharing_terms_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "brand_color": { + "name": "brand_color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "companies_issue_prefix_idx": { + "name": "companies_issue_prefix_idx", + "columns": [ + { + "expression": "issue_prefix", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_logos": { + "name": "company_logos", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_logos_company_uq": { + "name": "company_logos_company_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_logos_asset_uq": { + "name": "company_logos_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_logos_company_id_companies_id_fk": { + "name": "company_logos_company_id_companies_id_fk", + "tableFrom": "company_logos", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_logos_asset_id_assets_id_fk": { + "name": "company_logos_asset_id_assets_id_fk", + "tableFrom": "company_logos", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_memberships": { + "name": "company_memberships", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "membership_role": { + "name": "membership_role", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_memberships_company_principal_unique_idx": { + "name": "company_memberships_company_principal_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_principal_status_idx": { + "name": "company_memberships_principal_status_idx", + "columns": [ + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_company_status_idx": { + "name": "company_memberships_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_memberships_company_id_companies_id_fk": { + "name": "company_memberships_company_id_companies_id_fk", + "tableFrom": "company_memberships", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secret_versions": { + "name": "company_secret_versions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "material": { + "name": "material", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "value_sha256": { + "name": "value_sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "company_secret_versions_secret_idx": { + "name": "company_secret_versions_secret_idx", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_value_sha256_idx": { + "name": "company_secret_versions_value_sha256_idx", + "columns": [ + { + "expression": "value_sha256", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_secret_version_uq": { + "name": "company_secret_versions_secret_version_uq", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "version", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secret_versions_secret_id_company_secrets_id_fk": { + "name": "company_secret_versions_secret_id_company_secrets_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_secret_versions_created_by_agent_id_agents_id_fk": { + "name": "company_secret_versions_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secrets": { + "name": "company_secrets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_encrypted'" + }, + "external_ref": { + "name": "external_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "latest_version": { + "name": "latest_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_secrets_company_idx": { + "name": "company_secrets_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_provider_idx": { + "name": "company_secrets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_name_uq": { + "name": "company_secrets_company_name_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secrets_company_id_companies_id_fk": { + "name": "company_secrets_company_id_companies_id_fk", + "tableFrom": "company_secrets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "company_secrets_created_by_agent_id_agents_id_fk": { + "name": "company_secrets_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secrets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_skills": { + "name": "company_skills", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "slug": { + "name": "slug", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "markdown": { + "name": "markdown", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "source_locator": { + "name": "source_locator", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_ref": { + "name": "source_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trust_level": { + "name": "trust_level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown_only'" + }, + "compatibility": { + "name": "compatibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'compatible'" + }, + "file_inventory": { + "name": "file_inventory", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_skills_company_key_idx": { + "name": "company_skills_company_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_skills_company_name_idx": { + "name": "company_skills_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_skills_company_id_companies_id_fk": { + "name": "company_skills_company_id_companies_id_fk", + "tableFrom": "company_skills", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_user_sidebar_preferences": { + "name": "company_user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "project_order": { + "name": "project_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_user_sidebar_preferences_company_idx": { + "name": "company_user_sidebar_preferences_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_user_idx": { + "name": "company_user_sidebar_preferences_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_company_user_uq": { + "name": "company_user_sidebar_preferences_company_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_user_sidebar_preferences_company_id_companies_id_fk": { + "name": "company_user_sidebar_preferences_company_id_companies_id_fk", + "tableFrom": "company_user_sidebar_preferences", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cost_events": { + "name": "cost_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "billing_type": { + "name": "billing_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "input_tokens": { + "name": "input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cached_input_tokens": { + "name": "cached_input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "output_tokens": { + "name": "output_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cost_cents": { + "name": "cost_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cost_events_company_occurred_idx": { + "name": "cost_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_agent_occurred_idx": { + "name": "cost_events_company_agent_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_provider_occurred_idx": { + "name": "cost_events_company_provider_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_biller_occurred_idx": { + "name": "cost_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_heartbeat_run_idx": { + "name": "cost_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cost_events_company_id_companies_id_fk": { + "name": "cost_events_company_id_companies_id_fk", + "tableFrom": "cost_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_agent_id_agents_id_fk": { + "name": "cost_events_agent_id_agents_id_fk", + "tableFrom": "cost_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_issue_id_issues_id_fk": { + "name": "cost_events_issue_id_issues_id_fk", + "tableFrom": "cost_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_project_id_projects_id_fk": { + "name": "cost_events_project_id_projects_id_fk", + "tableFrom": "cost_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_goal_id_goals_id_fk": { + "name": "cost_events_goal_id_goals_id_fk", + "tableFrom": "cost_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "cost_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "cost_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.document_revisions": { + "name": "document_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "revision_number": { + "name": "revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "change_summary": { + "name": "change_summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "document_revisions_document_revision_uq": { + "name": "document_revisions_document_revision_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revision_number", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "document_revisions_company_document_created_idx": { + "name": "document_revisions_company_document_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "document_revisions_company_id_companies_id_fk": { + "name": "document_revisions_company_id_companies_id_fk", + "tableFrom": "document_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "document_revisions_document_id_documents_id_fk": { + "name": "document_revisions_document_id_documents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "document_revisions_created_by_agent_id_agents_id_fk": { + "name": "document_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "document_revisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "document_revisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "document_revisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.documents": { + "name": "documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "latest_body": { + "name": "latest_body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "latest_revision_id": { + "name": "latest_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "latest_revision_number": { + "name": "latest_revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "documents_company_updated_idx": { + "name": "documents_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "documents_company_created_idx": { + "name": "documents_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "documents_company_id_companies_id_fk": { + "name": "documents_company_id_companies_id_fk", + "tableFrom": "documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "documents_created_by_agent_id_agents_id_fk": { + "name": "documents_created_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "documents_updated_by_agent_id_agents_id_fk": { + "name": "documents_updated_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environment_leases": { + "name": "environment_leases", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "environment_id": { + "name": "environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "lease_policy": { + "name": "lease_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'ephemeral'" + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_lease_id": { + "name": "provider_lease_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "acquired_at": { + "name": "acquired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_status": { + "name": "cleanup_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environment_leases_company_environment_status_idx": { + "name": "environment_leases_company_environment_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_execution_workspace_idx": { + "name": "environment_leases_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_issue_idx": { + "name": "environment_leases_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_heartbeat_run_idx": { + "name": "environment_leases_heartbeat_run_idx", + "columns": [ + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_last_used_idx": { + "name": "environment_leases_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_provider_lease_idx": { + "name": "environment_leases_provider_lease_idx", + "columns": [ + { + "expression": "provider_lease_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environment_leases_company_id_companies_id_fk": { + "name": "environment_leases_company_id_companies_id_fk", + "tableFrom": "environment_leases", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_environment_id_environments_id_fk": { + "name": "environment_leases_environment_id_environments_id_fk", + "tableFrom": "environment_leases", + "tableTo": "environments", + "columnsFrom": [ + "environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_execution_workspace_id_execution_workspaces_id_fk": { + "name": "environment_leases_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "environment_leases", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_issue_id_issues_id_fk": { + "name": "environment_leases_issue_id_issues_id_fk", + "tableFrom": "environment_leases", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "environment_leases", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environments": { + "name": "environments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "driver": { + "name": "driver", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "config": { + "name": "config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environments_company_status_idx": { + "name": "environments_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_driver_idx": { + "name": "environments_company_driver_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "driver", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"environments\".\"driver\" = 'local'", + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_name_idx": { + "name": "environments_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environments_company_id_companies_id_fk": { + "name": "environments_company_id_companies_id_fk", + "tableFrom": "environments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.execution_workspaces": { + "name": "execution_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "strategy_type": { + "name": "strategy_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "base_ref": { + "name": "base_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "branch_name": { + "name": "branch_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_type": { + "name": "provider_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_fs'" + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "derived_from_execution_workspace_id": { + "name": "derived_from_execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "opened_at": { + "name": "opened_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "closed_at": { + "name": "closed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_eligible_at": { + "name": "cleanup_eligible_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_reason": { + "name": "cleanup_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "execution_workspaces_company_project_status_idx": { + "name": "execution_workspaces_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_project_workspace_status_idx": { + "name": "execution_workspaces_company_project_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_source_issue_idx": { + "name": "execution_workspaces_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_last_used_idx": { + "name": "execution_workspaces_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_branch_idx": { + "name": "execution_workspaces_company_branch_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "branch_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "execution_workspaces_company_id_companies_id_fk": { + "name": "execution_workspaces_company_id_companies_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "execution_workspaces_project_id_projects_id_fk": { + "name": "execution_workspaces_project_id_projects_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "execution_workspaces_project_workspace_id_project_workspaces_id_fk": { + "name": "execution_workspaces_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_source_issue_id_issues_id_fk": { + "name": "execution_workspaces_source_issue_id_issues_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk": { + "name": "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "derived_from_execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_exports": { + "name": "feedback_exports", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "feedback_vote_id": { + "name": "feedback_vote_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_only'" + }, + "destination": { + "name": "destination", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "export_id": { + "name": "export_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "schema_version": { + "name": "schema_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-envelope-v2'" + }, + "bundle_version": { + "name": "bundle_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-bundle-v2'" + }, + "payload_version": { + "name": "payload_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-v1'" + }, + "payload_digest": { + "name": "payload_digest", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload_snapshot": { + "name": "payload_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "target_summary": { + "name": "target_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "attempt_count": { + "name": "attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_attempted_at": { + "name": "last_attempted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "exported_at": { + "name": "exported_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_exports_feedback_vote_idx": { + "name": "feedback_exports_feedback_vote_idx", + "columns": [ + { + "expression": "feedback_vote_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_created_idx": { + "name": "feedback_exports_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_status_idx": { + "name": "feedback_exports_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_issue_idx": { + "name": "feedback_exports_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_project_idx": { + "name": "feedback_exports_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_author_idx": { + "name": "feedback_exports_company_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_exports_company_id_companies_id_fk": { + "name": "feedback_exports_company_id_companies_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_exports_feedback_vote_id_feedback_votes_id_fk": { + "name": "feedback_exports_feedback_vote_id_feedback_votes_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "feedback_votes", + "columnsFrom": [ + "feedback_vote_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_issue_id_issues_id_fk": { + "name": "feedback_exports_issue_id_issues_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_project_id_projects_id_fk": { + "name": "feedback_exports_project_id_projects_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_votes": { + "name": "feedback_votes", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_with_labs": { + "name": "shared_with_labs", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "shared_at": { + "name": "shared_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_votes_company_issue_idx": { + "name": "feedback_votes_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_issue_target_idx": { + "name": "feedback_votes_issue_target_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_author_idx": { + "name": "feedback_votes_author_idx", + "columns": [ + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_company_target_author_idx": { + "name": "feedback_votes_company_target_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_votes_company_id_companies_id_fk": { + "name": "feedback_votes_company_id_companies_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_votes_issue_id_issues_id_fk": { + "name": "feedback_votes_issue_id_issues_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.finance_events": { + "name": "finance_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "cost_event_id": { + "name": "cost_event_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "event_kind": { + "name": "event_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "direction": { + "name": "direction", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'debit'" + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_adapter_type": { + "name": "execution_adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "pricing_tier": { + "name": "pricing_tier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "region": { + "name": "region", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "quantity": { + "name": "quantity", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "unit": { + "name": "unit", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "amount_cents": { + "name": "amount_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "currency": { + "name": "currency", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'USD'" + }, + "estimated": { + "name": "estimated", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "external_invoice_id": { + "name": "external_invoice_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata_json": { + "name": "metadata_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "finance_events_company_occurred_idx": { + "name": "finance_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_biller_occurred_idx": { + "name": "finance_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_kind_occurred_idx": { + "name": "finance_events_company_kind_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "event_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_direction_occurred_idx": { + "name": "finance_events_company_direction_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "direction", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_heartbeat_run_idx": { + "name": "finance_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_cost_event_idx": { + "name": "finance_events_company_cost_event_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "cost_event_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "finance_events_company_id_companies_id_fk": { + "name": "finance_events_company_id_companies_id_fk", + "tableFrom": "finance_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_agent_id_agents_id_fk": { + "name": "finance_events_agent_id_agents_id_fk", + "tableFrom": "finance_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_issue_id_issues_id_fk": { + "name": "finance_events_issue_id_issues_id_fk", + "tableFrom": "finance_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_project_id_projects_id_fk": { + "name": "finance_events_project_id_projects_id_fk", + "tableFrom": "finance_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_goal_id_goals_id_fk": { + "name": "finance_events_goal_id_goals_id_fk", + "tableFrom": "finance_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "finance_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "finance_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_cost_event_id_cost_events_id_fk": { + "name": "finance_events_cost_event_id_cost_events_id_fk", + "tableFrom": "finance_events", + "tableTo": "cost_events", + "columnsFrom": [ + "cost_event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.goals": { + "name": "goals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'task'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'planned'" + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "goals_company_idx": { + "name": "goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "goals_company_id_companies_id_fk": { + "name": "goals_company_id_companies_id_fk", + "tableFrom": "goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_parent_id_goals_id_fk": { + "name": "goals_parent_id_goals_id_fk", + "tableFrom": "goals", + "tableTo": "goals", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_owner_agent_id_agents_id_fk": { + "name": "goals_owner_agent_id_agents_id_fk", + "tableFrom": "goals", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_events": { + "name": "heartbeat_run_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "bigserial", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "seq": { + "name": "seq", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "event_type": { + "name": "event_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "stream": { + "name": "stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_events_run_seq_idx": { + "name": "heartbeat_run_events_run_seq_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "seq", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_run_idx": { + "name": "heartbeat_run_events_company_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_created_idx": { + "name": "heartbeat_run_events_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_events_company_id_companies_id_fk": { + "name": "heartbeat_run_events_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_events_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_agent_id_agents_id_fk": { + "name": "heartbeat_run_events_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_watchdog_decisions": { + "name": "heartbeat_run_watchdog_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "evaluation_issue_id": { + "name": "evaluation_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "decision": { + "name": "decision", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "snoozed_until": { + "name": "snoozed_until", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_watchdog_decisions_company_run_created_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_watchdog_decisions_company_run_snooze_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_snooze_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "snoozed_until", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_watchdog_decisions_company_id_companies_id_fk": { + "name": "heartbeat_run_watchdog_decisions_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk": { + "name": "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "issues", + "columnsFrom": [ + "evaluation_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_runs": { + "name": "heartbeat_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "invocation_source": { + "name": "invocation_source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'on_demand'" + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "wakeup_request_id": { + "name": "wakeup_request_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "signal": { + "name": "signal", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "usage_json": { + "name": "usage_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "result_json": { + "name": "result_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_id_before": { + "name": "session_id_before", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "session_id_after": { + "name": "session_id_after", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "error_code": { + "name": "error_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_run_id": { + "name": "external_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "process_pid": { + "name": "process_pid", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_group_id": { + "name": "process_group_id", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_started_at": { + "name": "process_started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_at": { + "name": "last_output_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_seq": { + "name": "last_output_seq", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_output_stream": { + "name": "last_output_stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_output_bytes": { + "name": "last_output_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "retry_of_run_id": { + "name": "retry_of_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "process_loss_retry_count": { + "name": "process_loss_retry_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_at": { + "name": "scheduled_retry_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scheduled_retry_attempt": { + "name": "scheduled_retry_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_reason": { + "name": "scheduled_retry_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_comment_status": { + "name": "issue_comment_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'not_applicable'" + }, + "issue_comment_satisfied_by_comment_id": { + "name": "issue_comment_satisfied_by_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_comment_retry_queued_at": { + "name": "issue_comment_retry_queued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "liveness_state": { + "name": "liveness_state", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "liveness_reason": { + "name": "liveness_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "continuation_attempt": { + "name": "continuation_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_useful_action_at": { + "name": "last_useful_action_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_action": { + "name": "next_action", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "context_snapshot": { + "name": "context_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_runs_company_agent_started_idx": { + "name": "heartbeat_runs_company_agent_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_liveness_idx": { + "name": "heartbeat_runs_company_liveness_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "liveness_state", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_last_output_idx": { + "name": "heartbeat_runs_company_status_last_output_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_output_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_process_started_idx": { + "name": "heartbeat_runs_company_status_process_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "process_started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_runs_company_id_companies_id_fk": { + "name": "heartbeat_runs_company_id_companies_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_agent_id_agents_id_fk": { + "name": "heartbeat_runs_agent_id_agents_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk": { + "name": "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agent_wakeup_requests", + "columnsFrom": [ + "wakeup_request_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "retry_of_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.inbox_dismissals": { + "name": "inbox_dismissals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "item_key": { + "name": "item_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "dismissed_at": { + "name": "dismissed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "inbox_dismissals_company_user_idx": { + "name": "inbox_dismissals_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_item_idx": { + "name": "inbox_dismissals_company_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_user_item_idx": { + "name": "inbox_dismissals_company_user_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "inbox_dismissals_company_id_companies_id_fk": { + "name": "inbox_dismissals_company_id_companies_id_fk", + "tableFrom": "inbox_dismissals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_settings": { + "name": "instance_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "singleton_key": { + "name": "singleton_key", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "general": { + "name": "general", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "experimental": { + "name": "experimental", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_settings_singleton_key_idx": { + "name": "instance_settings_singleton_key_idx", + "columns": [ + { + "expression": "singleton_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_user_roles": { + "name": "instance_user_roles", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'instance_admin'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_user_roles_user_role_unique_idx": { + "name": "instance_user_roles_user_role_unique_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "instance_user_roles_role_idx": { + "name": "instance_user_roles_role_idx", + "columns": [ + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.invites": { + "name": "invites", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "invite_type": { + "name": "invite_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'company_join'" + }, + "token_hash": { + "name": "token_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "allowed_join_types": { + "name": "allowed_join_types", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'both'" + }, + "defaults_payload": { + "name": "defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "invited_by_user_id": { + "name": "invited_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "accepted_at": { + "name": "accepted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "invites_token_hash_unique_idx": { + "name": "invites_token_hash_unique_idx", + "columns": [ + { + "expression": "token_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "invites_company_invite_state_idx": { + "name": "invites_company_invite_state_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "invite_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revoked_at", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "expires_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "invites_company_id_companies_id_fk": { + "name": "invites_company_id_companies_id_fk", + "tableFrom": "invites", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_approvals": { + "name": "issue_approvals", + "schema": "", + "columns": { + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "linked_by_agent_id": { + "name": "linked_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "linked_by_user_id": { + "name": "linked_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_approvals_issue_idx": { + "name": "issue_approvals_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_approval_idx": { + "name": "issue_approvals_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_company_idx": { + "name": "issue_approvals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_approvals_company_id_companies_id_fk": { + "name": "issue_approvals_company_id_companies_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_approvals_issue_id_issues_id_fk": { + "name": "issue_approvals_issue_id_issues_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_approval_id_approvals_id_fk": { + "name": "issue_approvals_approval_id_approvals_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_linked_by_agent_id_agents_id_fk": { + "name": "issue_approvals_linked_by_agent_id_agents_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "agents", + "columnsFrom": [ + "linked_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_approvals_pk": { + "name": "issue_approvals_pk", + "columns": [ + "issue_id", + "approval_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_attachments": { + "name": "issue_attachments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_comment_id": { + "name": "issue_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_attachments_company_issue_idx": { + "name": "issue_attachments_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_issue_comment_idx": { + "name": "issue_attachments_issue_comment_idx", + "columns": [ + { + "expression": "issue_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_asset_uq": { + "name": "issue_attachments_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_attachments_company_id_companies_id_fk": { + "name": "issue_attachments_company_id_companies_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_attachments_issue_id_issues_id_fk": { + "name": "issue_attachments_issue_id_issues_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_asset_id_assets_id_fk": { + "name": "issue_attachments_asset_id_assets_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_issue_comment_id_issue_comments_id_fk": { + "name": "issue_attachments_issue_comment_id_issue_comments_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issue_comments", + "columnsFrom": [ + "issue_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_comments": { + "name": "issue_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "author_type": { + "name": "author_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "presentation": { + "name": "presentation", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_comments_issue_idx": { + "name": "issue_comments_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_idx": { + "name": "issue_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_issue_created_at_idx": { + "name": "issue_comments_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_author_issue_created_at_idx": { + "name": "issue_comments_company_author_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_body_search_idx": { + "name": "issue_comments_body_search_idx", + "columns": [ + { + "expression": "body", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + } + }, + "foreignKeys": { + "issue_comments_company_id_companies_id_fk": { + "name": "issue_comments_company_id_companies_id_fk", + "tableFrom": "issue_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_issue_id_issues_id_fk": { + "name": "issue_comments_issue_id_issues_id_fk", + "tableFrom": "issue_comments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_author_agent_id_agents_id_fk": { + "name": "issue_comments_author_agent_id_agents_id_fk", + "tableFrom": "issue_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_comments_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_comments", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_documents": { + "name": "issue_documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_documents_company_issue_key_uq": { + "name": "issue_documents_company_issue_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_document_uq": { + "name": "issue_documents_document_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_company_issue_updated_idx": { + "name": "issue_documents_company_issue_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_documents_company_id_companies_id_fk": { + "name": "issue_documents_company_id_companies_id_fk", + "tableFrom": "issue_documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_documents_issue_id_issues_id_fk": { + "name": "issue_documents_issue_id_issues_id_fk", + "tableFrom": "issue_documents", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_documents_document_id_documents_id_fk": { + "name": "issue_documents_document_id_documents_id_fk", + "tableFrom": "issue_documents", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_execution_decisions": { + "name": "issue_execution_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_id": { + "name": "stage_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_type": { + "name": "stage_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "actor_agent_id": { + "name": "actor_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "actor_user_id": { + "name": "actor_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "outcome": { + "name": "outcome", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_execution_decisions_company_issue_idx": { + "name": "issue_execution_decisions_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_execution_decisions_stage_idx": { + "name": "issue_execution_decisions_stage_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "stage_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_execution_decisions_company_id_companies_id_fk": { + "name": "issue_execution_decisions_company_id_companies_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_issue_id_issues_id_fk": { + "name": "issue_execution_decisions_issue_id_issues_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_execution_decisions_actor_agent_id_agents_id_fk": { + "name": "issue_execution_decisions_actor_agent_id_agents_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "agents", + "columnsFrom": [ + "actor_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_inbox_archives": { + "name": "issue_inbox_archives", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_inbox_archives_company_issue_idx": { + "name": "issue_inbox_archives_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_user_idx": { + "name": "issue_inbox_archives_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_issue_user_idx": { + "name": "issue_inbox_archives_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_inbox_archives_company_id_companies_id_fk": { + "name": "issue_inbox_archives_company_id_companies_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_inbox_archives_issue_id_issues_id_fk": { + "name": "issue_inbox_archives_issue_id_issues_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_labels": { + "name": "issue_labels", + "schema": "", + "columns": { + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "label_id": { + "name": "label_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_labels_issue_idx": { + "name": "issue_labels_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_label_idx": { + "name": "issue_labels_label_idx", + "columns": [ + { + "expression": "label_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_company_idx": { + "name": "issue_labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_labels_issue_id_issues_id_fk": { + "name": "issue_labels_issue_id_issues_id_fk", + "tableFrom": "issue_labels", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_label_id_labels_id_fk": { + "name": "issue_labels_label_id_labels_id_fk", + "tableFrom": "issue_labels", + "tableTo": "labels", + "columnsFrom": [ + "label_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_company_id_companies_id_fk": { + "name": "issue_labels_company_id_companies_id_fk", + "tableFrom": "issue_labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_labels_pk": { + "name": "issue_labels_pk", + "columns": [ + "issue_id", + "label_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_read_states": { + "name": "issue_read_states", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_read_at": { + "name": "last_read_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_read_states_company_issue_idx": { + "name": "issue_read_states_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_user_idx": { + "name": "issue_read_states_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_issue_user_idx": { + "name": "issue_read_states_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_read_states_company_id_companies_id_fk": { + "name": "issue_read_states_company_id_companies_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_read_states_issue_id_issues_id_fk": { + "name": "issue_read_states_issue_id_issues_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_reference_mentions": { + "name": "issue_reference_mentions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_issue_id": { + "name": "target_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_kind": { + "name": "source_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_record_id": { + "name": "source_record_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "document_key": { + "name": "document_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "matched_text": { + "name": "matched_text", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_reference_mentions_company_source_issue_idx": { + "name": "issue_reference_mentions_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_target_issue_idx": { + "name": "issue_reference_mentions_company_target_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_issue_pair_idx": { + "name": "issue_reference_mentions_company_issue_pair_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_record_uq": { + "name": "issue_reference_mentions_company_source_mention_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_record_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is not null", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_null_record_uq": { + "name": "issue_reference_mentions_company_source_mention_null_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is null", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_reference_mentions_company_id_companies_id_fk": { + "name": "issue_reference_mentions_company_id_companies_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_reference_mentions_source_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_source_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_reference_mentions_target_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_target_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "target_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_relations": { + "name": "issue_relations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "related_issue_id": { + "name": "related_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_relations_company_issue_idx": { + "name": "issue_relations_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_related_issue_idx": { + "name": "issue_relations_company_related_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_type_idx": { + "name": "issue_relations_company_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_edge_uq": { + "name": "issue_relations_company_edge_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_relations_company_id_companies_id_fk": { + "name": "issue_relations_company_id_companies_id_fk", + "tableFrom": "issue_relations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_relations_issue_id_issues_id_fk": { + "name": "issue_relations_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_related_issue_id_issues_id_fk": { + "name": "issue_relations_related_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "related_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_created_by_agent_id_agents_id_fk": { + "name": "issue_relations_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_relations", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_thread_interactions": { + "name": "issue_thread_interactions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "continuation_policy": { + "name": "continuation_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'wake_assignee'" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_comment_id": { + "name": "source_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_run_id": { + "name": "source_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "resolved_by_agent_id": { + "name": "resolved_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_by_user_id": { + "name": "resolved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "result": { + "name": "result", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_thread_interactions_issue_idx": { + "name": "issue_thread_interactions_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_created_at_idx": { + "name": "issue_thread_interactions_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_status_idx": { + "name": "issue_thread_interactions_company_issue_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_idempotency_uq": { + "name": "issue_thread_interactions_company_issue_idempotency_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_thread_interactions\".\"idempotency_key\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_source_comment_idx": { + "name": "issue_thread_interactions_source_comment_idx", + "columns": [ + { + "expression": "source_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_thread_interactions_company_id_companies_id_fk": { + "name": "issue_thread_interactions_company_id_companies_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_issue_id_issues_id_fk": { + "name": "issue_thread_interactions_issue_id_issues_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_comment_id_issue_comments_id_fk": { + "name": "issue_thread_interactions_source_comment_id_issue_comments_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issue_comments", + "columnsFrom": [ + "source_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk": { + "name": "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "source_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_created_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_resolved_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_resolved_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "resolved_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_hold_members": { + "name": "issue_tree_hold_members", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "hold_id": { + "name": "hold_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "depth": { + "name": "depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "issue_identifier": { + "name": "issue_identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_title": { + "name": "issue_title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "issue_status": { + "name": "issue_status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "active_run_id": { + "name": "active_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "active_run_status": { + "name": "active_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "skipped": { + "name": "skipped", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "skip_reason": { + "name": "skip_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_hold_members_hold_issue_uq": { + "name": "issue_tree_hold_members_hold_issue_uq", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_company_issue_idx": { + "name": "issue_tree_hold_members_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_hold_depth_idx": { + "name": "issue_tree_hold_members_hold_depth_idx", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "depth", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_hold_members_company_id_companies_id_fk": { + "name": "issue_tree_hold_members_company_id_companies_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk": { + "name": "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issue_tree_holds", + "columnsFrom": [ + "hold_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_parent_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_parent_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_assignee_agent_id_agents_id_fk": { + "name": "issue_tree_hold_members_assignee_agent_id_agents_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "active_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_holds": { + "name": "issue_tree_holds", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "root_issue_id": { + "name": "root_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_policy": { + "name": "release_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_actor_type": { + "name": "created_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_by_actor_type": { + "name": "released_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_agent_id": { + "name": "released_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_by_user_id": { + "name": "released_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_run_id": { + "name": "released_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "release_reason": { + "name": "release_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_metadata": { + "name": "release_metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_holds_company_root_status_idx": { + "name": "issue_tree_holds_company_root_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "root_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_holds_company_status_mode_idx": { + "name": "issue_tree_holds_company_status_mode_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "mode", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_holds_company_id_companies_id_fk": { + "name": "issue_tree_holds_company_id_companies_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_holds_root_issue_id_issues_id_fk": { + "name": "issue_tree_holds_root_issue_id_issues_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "issues", + "columnsFrom": [ + "root_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_released_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "released_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "released_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_work_products": { + "name": "issue_work_products", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "runtime_service_id": { + "name": "runtime_service_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "review_state": { + "name": "review_state", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'none'" + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_work_products_company_issue_type_idx": { + "name": "issue_work_products_company_issue_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_execution_workspace_type_idx": { + "name": "issue_work_products_company_execution_workspace_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_provider_external_id_idx": { + "name": "issue_work_products_company_provider_external_id_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_updated_idx": { + "name": "issue_work_products_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_work_products_company_id_companies_id_fk": { + "name": "issue_work_products_company_id_companies_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_work_products_project_id_projects_id_fk": { + "name": "issue_work_products_project_id_projects_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_issue_id_issues_id_fk": { + "name": "issue_work_products_issue_id_issues_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_work_products_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issue_work_products_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk": { + "name": "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "workspace_runtime_services", + "columnsFrom": [ + "runtime_service_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_work_products_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issues": { + "name": "issues", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "checkout_run_id": { + "name": "checkout_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_run_id": { + "name": "execution_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_agent_name_key": { + "name": "execution_agent_name_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_locked_at": { + "name": "execution_locked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_number": { + "name": "issue_number", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_kind": { + "name": "origin_kind", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'manual'" + }, + "origin_id": { + "name": "origin_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_run_id": { + "name": "origin_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_fingerprint": { + "name": "origin_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "request_depth": { + "name": "request_depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_adapter_overrides": { + "name": "assignee_adapter_overrides", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_policy": { + "name": "execution_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_state": { + "name": "execution_state", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "monitor_next_check_at": { + "name": "monitor_next_check_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_wake_requested_at": { + "name": "monitor_wake_requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_last_triggered_at": { + "name": "monitor_last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_attempt_count": { + "name": "monitor_attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "monitor_notes": { + "name": "monitor_notes", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "monitor_scheduled_by": { + "name": "monitor_scheduled_by", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_preference": { + "name": "execution_workspace_preference", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_settings": { + "name": "execution_workspace_settings", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "hidden_at": { + "name": "hidden_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issues_company_status_idx": { + "name": "issues_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_status_idx": { + "name": "issues_company_assignee_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_user_status_idx": { + "name": "issues_company_assignee_user_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_parent_idx": { + "name": "issues_company_parent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "parent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_idx": { + "name": "issues_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_origin_idx": { + "name": "issues_company_origin_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_workspace_idx": { + "name": "issues_company_project_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_execution_workspace_idx": { + "name": "issues_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_monitor_due_idx": { + "name": "issues_company_monitor_due_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "monitor_next_check_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_identifier_idx": { + "name": "issues_identifier_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_title_search_idx": { + "name": "issues_title_search_idx", + "columns": [ + { + "expression": "title", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_identifier_search_idx": { + "name": "issues_identifier_search_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_description_search_idx": { + "name": "issues_description_search_idx", + "columns": [ + { + "expression": "description", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_open_routine_execution_uq": { + "name": "issues_open_routine_execution_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'routine_execution'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"execution_run_id\" is not null\n and \"issues\".\"status\" in ('backlog', 'todo', 'in_progress', 'in_review', 'blocked')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_incident_uq": { + "name": "issues_active_liveness_recovery_incident_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_leaf_uq": { + "name": "issues_active_liveness_recovery_leaf_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_fingerprint\" <> 'default'\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stale_run_evaluation_uq": { + "name": "issues_active_stale_run_evaluation_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stale_active_run_evaluation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_productivity_review_uq": { + "name": "issues_active_productivity_review_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'issue_productivity_review'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stranded_issue_recovery_uq": { + "name": "issues_active_stranded_issue_recovery_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stranded_issue_recovery'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issues_company_id_companies_id_fk": { + "name": "issues_company_id_companies_id_fk", + "tableFrom": "issues", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_id_projects_id_fk": { + "name": "issues_project_id_projects_id_fk", + "tableFrom": "issues", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_workspace_id_project_workspaces_id_fk": { + "name": "issues_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_goal_id_goals_id_fk": { + "name": "issues_goal_id_goals_id_fk", + "tableFrom": "issues", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_parent_id_issues_id_fk": { + "name": "issues_parent_id_issues_id_fk", + "tableFrom": "issues", + "tableTo": "issues", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_assignee_agent_id_agents_id_fk": { + "name": "issues_assignee_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_checkout_run_id_heartbeat_runs_id_fk": { + "name": "issues_checkout_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "checkout_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_execution_run_id_heartbeat_runs_id_fk": { + "name": "issues_execution_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "execution_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_created_by_agent_id_agents_id_fk": { + "name": "issues_created_by_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issues_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.join_requests": { + "name": "join_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "invite_id": { + "name": "invite_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "request_type": { + "name": "request_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending_approval'" + }, + "request_ip": { + "name": "request_ip", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requesting_user_id": { + "name": "requesting_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "request_email_snapshot": { + "name": "request_email_snapshot", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_name": { + "name": "agent_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_defaults_payload": { + "name": "agent_defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "claim_secret_hash": { + "name": "claim_secret_hash", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "claim_secret_expires_at": { + "name": "claim_secret_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "claim_secret_consumed_at": { + "name": "claim_secret_consumed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_agent_id": { + "name": "created_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "rejected_by_user_id": { + "name": "rejected_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "rejected_at": { + "name": "rejected_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "join_requests_invite_unique_idx": { + "name": "join_requests_invite_unique_idx", + "columns": [ + { + "expression": "invite_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_company_status_type_created_idx": { + "name": "join_requests_company_status_type_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "request_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_user_uq": { + "name": "join_requests_pending_human_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requesting_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"requesting_user_id\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_email_uq": { + "name": "join_requests_pending_human_email_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "lower(\"request_email_snapshot\")", + "asc": true, + "isExpression": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"request_email_snapshot\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "join_requests_invite_id_invites_id_fk": { + "name": "join_requests_invite_id_invites_id_fk", + "tableFrom": "join_requests", + "tableTo": "invites", + "columnsFrom": [ + "invite_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_company_id_companies_id_fk": { + "name": "join_requests_company_id_companies_id_fk", + "tableFrom": "join_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_created_agent_id_agents_id_fk": { + "name": "join_requests_created_agent_id_agents_id_fk", + "tableFrom": "join_requests", + "tableTo": "agents", + "columnsFrom": [ + "created_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.labels": { + "name": "labels", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "labels_company_idx": { + "name": "labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "labels_company_name_idx": { + "name": "labels_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "labels_company_id_companies_id_fk": { + "name": "labels_company_id_companies_id_fk", + "tableFrom": "labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_company_settings": { + "name": "plugin_company_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "settings_json": { + "name": "settings_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_company_settings_company_idx": { + "name": "plugin_company_settings_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_plugin_idx": { + "name": "plugin_company_settings_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_company_plugin_uq": { + "name": "plugin_company_settings_company_plugin_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_company_settings_company_id_companies_id_fk": { + "name": "plugin_company_settings_company_id_companies_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_company_settings_plugin_id_plugins_id_fk": { + "name": "plugin_company_settings_plugin_id_plugins_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_config": { + "name": "plugin_config", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "config_json": { + "name": "config_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_config_plugin_id_idx": { + "name": "plugin_config_plugin_id_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_config_plugin_id_plugins_id_fk": { + "name": "plugin_config_plugin_id_plugins_id_fk", + "tableFrom": "plugin_config", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_database_namespaces": { + "name": "plugin_database_namespaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_mode": { + "name": "namespace_mode", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'schema'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_database_namespaces_plugin_idx": { + "name": "plugin_database_namespaces_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_namespace_idx": { + "name": "plugin_database_namespaces_namespace_idx", + "columns": [ + { + "expression": "namespace_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_status_idx": { + "name": "plugin_database_namespaces_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_database_namespaces_plugin_id_plugins_id_fk": { + "name": "plugin_database_namespaces_plugin_id_plugins_id_fk", + "tableFrom": "plugin_database_namespaces", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_entities": { + "name": "plugin_entities", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "data": { + "name": "data", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_entities_plugin_idx": { + "name": "plugin_entities_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_type_idx": { + "name": "plugin_entities_type_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_scope_idx": { + "name": "plugin_entities_scope_idx", + "columns": [ + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_external_idx": { + "name": "plugin_entities_external_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_entities_plugin_id_plugins_id_fk": { + "name": "plugin_entities_plugin_id_plugins_id_fk", + "tableFrom": "plugin_entities", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_job_runs": { + "name": "plugin_job_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "job_id": { + "name": "job_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger": { + "name": "trigger", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "logs": { + "name": "logs", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_job_runs_job_idx": { + "name": "plugin_job_runs_job_idx", + "columns": [ + { + "expression": "job_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_plugin_idx": { + "name": "plugin_job_runs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_status_idx": { + "name": "plugin_job_runs_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_job_runs_job_id_plugin_jobs_id_fk": { + "name": "plugin_job_runs_job_id_plugin_jobs_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugin_jobs", + "columnsFrom": [ + "job_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_job_runs_plugin_id_plugins_id_fk": { + "name": "plugin_job_runs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_jobs": { + "name": "plugin_jobs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "job_key": { + "name": "job_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "schedule": { + "name": "schedule", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "last_run_at": { + "name": "last_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_jobs_plugin_idx": { + "name": "plugin_jobs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_next_run_idx": { + "name": "plugin_jobs_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_unique_idx": { + "name": "plugin_jobs_unique_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "job_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_jobs_plugin_id_plugins_id_fk": { + "name": "plugin_jobs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_jobs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_logs": { + "name": "plugin_logs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'info'" + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "meta": { + "name": "meta", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_logs_plugin_time_idx": { + "name": "plugin_logs_plugin_time_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_logs_level_idx": { + "name": "plugin_logs_level_idx", + "columns": [ + { + "expression": "level", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_logs_plugin_id_plugins_id_fk": { + "name": "plugin_logs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_logs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_managed_resources": { + "name": "plugin_managed_resources", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_kind": { + "name": "resource_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_key": { + "name": "resource_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_id": { + "name": "resource_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "defaults_json": { + "name": "defaults_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_managed_resources_company_idx": { + "name": "plugin_managed_resources_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_plugin_idx": { + "name": "plugin_managed_resources_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_resource_idx": { + "name": "plugin_managed_resources_resource_idx", + "columns": [ + { + "expression": "resource_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_company_plugin_resource_uq": { + "name": "plugin_managed_resources_company_plugin_resource_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_managed_resources_company_id_companies_id_fk": { + "name": "plugin_managed_resources_company_id_companies_id_fk", + "tableFrom": "plugin_managed_resources", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_managed_resources_plugin_id_plugins_id_fk": { + "name": "plugin_managed_resources_plugin_id_plugins_id_fk", + "tableFrom": "plugin_managed_resources", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_migrations": { + "name": "plugin_migrations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "migration_key": { + "name": "migration_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "checksum": { + "name": "checksum", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "plugin_version": { + "name": "plugin_version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "applied_at": { + "name": "applied_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error_message": { + "name": "error_message", + "type": "text", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "plugin_migrations_plugin_key_idx": { + "name": "plugin_migrations_plugin_key_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "migration_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_plugin_idx": { + "name": "plugin_migrations_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_status_idx": { + "name": "plugin_migrations_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_migrations_plugin_id_plugins_id_fk": { + "name": "plugin_migrations_plugin_id_plugins_id_fk", + "tableFrom": "plugin_migrations", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_state": { + "name": "plugin_state", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "namespace": { + "name": "namespace", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "state_key": { + "name": "state_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value_json": { + "name": "value_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_state_plugin_scope_idx": { + "name": "plugin_state_plugin_scope_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_state_plugin_id_plugins_id_fk": { + "name": "plugin_state_plugin_id_plugins_id_fk", + "tableFrom": "plugin_state", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "plugin_state_unique_entry_idx": { + "name": "plugin_state_unique_entry_idx", + "nullsNotDistinct": true, + "columns": [ + "plugin_id", + "scope_kind", + "scope_id", + "namespace", + "state_key" + ] + } + }, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_webhook_deliveries": { + "name": "plugin_webhook_deliveries", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "webhook_key": { + "name": "webhook_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "headers": { + "name": "headers", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_webhook_deliveries_plugin_idx": { + "name": "plugin_webhook_deliveries_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_status_idx": { + "name": "plugin_webhook_deliveries_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_key_idx": { + "name": "plugin_webhook_deliveries_key_idx", + "columns": [ + { + "expression": "webhook_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_webhook_deliveries_plugin_id_plugins_id_fk": { + "name": "plugin_webhook_deliveries_plugin_id_plugins_id_fk", + "tableFrom": "plugin_webhook_deliveries", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugins": { + "name": "plugins", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "package_name": { + "name": "package_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "api_version": { + "name": "api_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "categories": { + "name": "categories", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "manifest_json": { + "name": "manifest_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'installed'" + }, + "install_order": { + "name": "install_order", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "package_path": { + "name": "package_path", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "installed_at": { + "name": "installed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugins_plugin_key_idx": { + "name": "plugins_plugin_key_idx", + "columns": [ + { + "expression": "plugin_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugins_status_idx": { + "name": "plugins_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.principal_permission_grants": { + "name": "principal_permission_grants", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "permission_key": { + "name": "permission_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope": { + "name": "scope", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "granted_by_user_id": { + "name": "granted_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "principal_permission_grants_unique_idx": { + "name": "principal_permission_grants_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "principal_permission_grants_company_permission_idx": { + "name": "principal_permission_grants_company_permission_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "principal_permission_grants_company_id_companies_id_fk": { + "name": "principal_permission_grants_company_id_companies_id_fk", + "tableFrom": "principal_permission_grants", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_goals": { + "name": "project_goals", + "schema": "", + "columns": { + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_goals_project_idx": { + "name": "project_goals_project_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_goal_idx": { + "name": "project_goals_goal_idx", + "columns": [ + { + "expression": "goal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_company_idx": { + "name": "project_goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_goals_project_id_projects_id_fk": { + "name": "project_goals_project_id_projects_id_fk", + "tableFrom": "project_goals", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_goal_id_goals_id_fk": { + "name": "project_goals_goal_id_goals_id_fk", + "tableFrom": "project_goals", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_company_id_companies_id_fk": { + "name": "project_goals_company_id_companies_id_fk", + "tableFrom": "project_goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "project_goals_project_id_goal_id_pk": { + "name": "project_goals_project_id_goal_id_pk", + "columns": [ + "project_id", + "goal_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_workspaces": { + "name": "project_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_ref": { + "name": "repo_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "default_ref": { + "name": "default_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "visibility": { + "name": "visibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "setup_command": { + "name": "setup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_command": { + "name": "cleanup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_provider": { + "name": "remote_provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_workspace_ref": { + "name": "remote_workspace_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_workspace_key": { + "name": "shared_workspace_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_workspaces_company_project_idx": { + "name": "project_workspaces_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_primary_idx": { + "name": "project_workspaces_project_primary_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_primary", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_source_type_idx": { + "name": "project_workspaces_project_source_type_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_company_shared_key_idx": { + "name": "project_workspaces_company_shared_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "shared_workspace_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_remote_ref_idx": { + "name": "project_workspaces_project_remote_ref_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_workspace_ref", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_workspaces_company_id_companies_id_fk": { + "name": "project_workspaces_company_id_companies_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "project_workspaces_project_id_projects_id_fk": { + "name": "project_workspaces_project_id_projects_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.projects": { + "name": "projects", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "lead_agent_id": { + "name": "lead_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "target_date": { + "name": "target_date", + "type": "date", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "env": { + "name": "env", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_policy": { + "name": "execution_workspace_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "projects_company_idx": { + "name": "projects_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "projects_company_id_companies_id_fk": { + "name": "projects_company_id_companies_id_fk", + "tableFrom": "projects", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_goal_id_goals_id_fk": { + "name": "projects_goal_id_goals_id_fk", + "tableFrom": "projects", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_lead_agent_id_agents_id_fk": { + "name": "projects_lead_agent_id_agents_id_fk", + "tableFrom": "projects", + "tableTo": "agents", + "columnsFrom": [ + "lead_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_revisions": { + "name": "routine_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "revision_number": { + "name": "revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "snapshot": { + "name": "snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "change_summary": { + "name": "change_summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "restored_from_revision_id": { + "name": "restored_from_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_revisions_routine_revision_uq": { + "name": "routine_revisions_routine_revision_uq", + "columns": [ + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revision_number", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_revisions_company_routine_created_idx": { + "name": "routine_revisions_company_routine_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_revisions_company_id_companies_id_fk": { + "name": "routine_revisions_company_id_companies_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_revisions_routine_id_routines_id_fk": { + "name": "routine_revisions_routine_id_routines_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_revisions_restored_from_revision_id_routine_revisions_id_fk": { + "name": "routine_revisions_restored_from_revision_id_routine_revisions_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "routine_revisions", + "columnsFrom": [ + "restored_from_revision_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_revisions_created_by_agent_id_agents_id_fk": { + "name": "routine_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_revisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "routine_revisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_runs": { + "name": "routine_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger_id": { + "name": "trigger_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'received'" + }, + "triggered_at": { + "name": "triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trigger_payload": { + "name": "trigger_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "dispatch_fingerprint": { + "name": "dispatch_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "linked_issue_id": { + "name": "linked_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "coalesced_into_run_id": { + "name": "coalesced_into_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_runs_company_routine_idx": { + "name": "routine_runs_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idx": { + "name": "routine_runs_trigger_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_dispatch_fingerprint_idx": { + "name": "routine_runs_dispatch_fingerprint_idx", + "columns": [ + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "dispatch_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_linked_issue_idx": { + "name": "routine_runs_linked_issue_idx", + "columns": [ + { + "expression": "linked_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idempotency_idx": { + "name": "routine_runs_trigger_idempotency_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_runs_company_id_companies_id_fk": { + "name": "routine_runs_company_id_companies_id_fk", + "tableFrom": "routine_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_routine_id_routines_id_fk": { + "name": "routine_runs_routine_id_routines_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_trigger_id_routine_triggers_id_fk": { + "name": "routine_runs_trigger_id_routine_triggers_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routine_triggers", + "columnsFrom": [ + "trigger_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_runs_linked_issue_id_issues_id_fk": { + "name": "routine_runs_linked_issue_id_issues_id_fk", + "tableFrom": "routine_runs", + "tableTo": "issues", + "columnsFrom": [ + "linked_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_triggers": { + "name": "routine_triggers", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "cron_expression": { + "name": "cron_expression", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "timezone": { + "name": "timezone", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_fired_at": { + "name": "last_fired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "public_id": { + "name": "public_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "signing_mode": { + "name": "signing_mode", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "replay_window_sec": { + "name": "replay_window_sec", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "last_rotated_at": { + "name": "last_rotated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_result": { + "name": "last_result", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_triggers_company_routine_idx": { + "name": "routine_triggers_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_company_kind_idx": { + "name": "routine_triggers_company_kind_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_next_run_idx": { + "name": "routine_triggers_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_idx": { + "name": "routine_triggers_public_id_idx", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_uq": { + "name": "routine_triggers_public_id_uq", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_triggers_company_id_companies_id_fk": { + "name": "routine_triggers_company_id_companies_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_routine_id_routines_id_fk": { + "name": "routine_triggers_routine_id_routines_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_secret_id_company_secrets_id_fk": { + "name": "routine_triggers_secret_id_company_secrets_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_created_by_agent_id_agents_id_fk": { + "name": "routine_triggers_created_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_updated_by_agent_id_agents_id_fk": { + "name": "routine_triggers_updated_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routines": { + "name": "routines", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "concurrency_policy": { + "name": "concurrency_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'coalesce_if_active'" + }, + "catch_up_policy": { + "name": "catch_up_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'skip_missed'" + }, + "variables": { + "name": "variables", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "latest_revision_id": { + "name": "latest_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "latest_revision_number": { + "name": "latest_revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_triggered_at": { + "name": "last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_enqueued_at": { + "name": "last_enqueued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routines_company_status_idx": { + "name": "routines_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_assignee_idx": { + "name": "routines_company_assignee_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_project_idx": { + "name": "routines_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routines_company_id_companies_id_fk": { + "name": "routines_company_id_companies_id_fk", + "tableFrom": "routines", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_project_id_projects_id_fk": { + "name": "routines_project_id_projects_id_fk", + "tableFrom": "routines", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_goal_id_goals_id_fk": { + "name": "routines_goal_id_goals_id_fk", + "tableFrom": "routines", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_parent_issue_id_issues_id_fk": { + "name": "routines_parent_issue_id_issues_id_fk", + "tableFrom": "routines", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_assignee_agent_id_agents_id_fk": { + "name": "routines_assignee_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "routines_created_by_agent_id_agents_id_fk": { + "name": "routines_created_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_updated_by_agent_id_agents_id_fk": { + "name": "routines_updated_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user_sidebar_preferences": { + "name": "user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "company_order": { + "name": "company_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "user_sidebar_preferences_user_uq": { + "name": "user_sidebar_preferences_user_uq", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_operations": { + "name": "workspace_operations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "phase": { + "name": "phase", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'running'" + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_operations_company_run_started_idx": { + "name": "workspace_operations_company_run_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_operations_company_workspace_started_idx": { + "name": "workspace_operations_company_workspace_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_operations_company_id_companies_id_fk": { + "name": "workspace_operations_company_id_companies_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_operations_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_operations_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_runtime_services": { + "name": "workspace_runtime_services", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "service_name": { + "name": "service_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "lifecycle": { + "name": "lifecycle", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reuse_key": { + "name": "reuse_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "port": { + "name": "port", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "started_by_run_id": { + "name": "started_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "stopped_at": { + "name": "stopped_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "stop_policy": { + "name": "stop_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_runtime_services_company_workspace_status_idx": { + "name": "workspace_runtime_services_company_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_execution_workspace_status_idx": { + "name": "workspace_runtime_services_company_execution_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_project_status_idx": { + "name": "workspace_runtime_services_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_run_idx": { + "name": "workspace_runtime_services_run_idx", + "columns": [ + { + "expression": "started_by_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_updated_idx": { + "name": "workspace_runtime_services_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_runtime_services_company_id_companies_id_fk": { + "name": "workspace_runtime_services_company_id_companies_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_id_projects_id_fk": { + "name": "workspace_runtime_services_project_id_projects_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk": { + "name": "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_issue_id_issues_id_fk": { + "name": "workspace_runtime_services_issue_id_issues_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_owner_agent_id_agents_id_fk": { + "name": "workspace_runtime_services_owner_agent_id_agents_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk": { + "name": "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "started_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + } + }, + "enums": {}, + "schemas": {}, + "sequences": {}, + "roles": {}, + "policies": {}, + "views": {}, + "_meta": { + "columns": {}, + "schemas": {}, + "tables": {} + } +} \ No newline at end of file diff --git a/packages/db/src/migrations/meta/0081_snapshot.json b/packages/db/src/migrations/meta/0081_snapshot.json new file mode 100644 index 00000000..3342eaaf --- /dev/null +++ b/packages/db/src/migrations/meta/0081_snapshot.json @@ -0,0 +1,16380 @@ +{ + "id": "a7ba5d6c-9f74-487d-a9c1-56a4d5455b92", + "prevId": "50cf2dfe-df7b-4f02-a169-edbae599cf39", + "version": "7", + "dialect": "postgresql", + "tables": { + "public.activity_log": { + "name": "activity_log", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "actor_type": { + "name": "actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "actor_id": { + "name": "actor_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "action": { + "name": "action", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "entity_id": { + "name": "entity_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "details": { + "name": "details", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "activity_log_company_created_idx": { + "name": "activity_log_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_run_id_idx": { + "name": "activity_log_run_id_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "activity_log_entity_type_id_idx": { + "name": "activity_log_entity_type_id_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "activity_log_company_id_companies_id_fk": { + "name": "activity_log_company_id_companies_id_fk", + "tableFrom": "activity_log", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_agent_id_agents_id_fk": { + "name": "activity_log_agent_id_agents_id_fk", + "tableFrom": "activity_log", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "activity_log_run_id_heartbeat_runs_id_fk": { + "name": "activity_log_run_id_heartbeat_runs_id_fk", + "tableFrom": "activity_log", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_api_keys": { + "name": "agent_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_api_keys_key_hash_idx": { + "name": "agent_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_api_keys_company_agent_idx": { + "name": "agent_api_keys_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_api_keys_agent_id_agents_id_fk": { + "name": "agent_api_keys_agent_id_agents_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_api_keys_company_id_companies_id_fk": { + "name": "agent_api_keys_company_id_companies_id_fk", + "tableFrom": "agent_api_keys", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_config_revisions": { + "name": "agent_config_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'patch'" + }, + "rolled_back_from_revision_id": { + "name": "rolled_back_from_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "changed_keys": { + "name": "changed_keys", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "before_config": { + "name": "before_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "after_config": { + "name": "after_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_config_revisions_company_agent_created_idx": { + "name": "agent_config_revisions_company_agent_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_config_revisions_agent_created_idx": { + "name": "agent_config_revisions_agent_created_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_config_revisions_company_id_companies_id_fk": { + "name": "agent_config_revisions_company_id_companies_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_config_revisions_agent_id_agents_id_fk": { + "name": "agent_config_revisions_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "agent_config_revisions_created_by_agent_id_agents_id_fk": { + "name": "agent_config_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "agent_config_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_runtime_state": { + "name": "agent_runtime_state", + "schema": "", + "columns": { + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "state_json": { + "name": "state_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_run_status": { + "name": "last_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "total_input_tokens": { + "name": "total_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_output_tokens": { + "name": "total_output_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cached_input_tokens": { + "name": "total_cached_input_tokens", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "total_cost_cents": { + "name": "total_cost_cents", + "type": "bigint", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_runtime_state_company_agent_idx": { + "name": "agent_runtime_state_company_agent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_runtime_state_company_updated_idx": { + "name": "agent_runtime_state_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_runtime_state_agent_id_agents_id_fk": { + "name": "agent_runtime_state_agent_id_agents_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_runtime_state_company_id_companies_id_fk": { + "name": "agent_runtime_state_company_id_companies_id_fk", + "tableFrom": "agent_runtime_state", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_task_sessions": { + "name": "agent_task_sessions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "task_key": { + "name": "task_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "session_params_json": { + "name": "session_params_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_display_id": { + "name": "session_display_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_run_id": { + "name": "last_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_task_sessions_company_agent_adapter_task_uniq": { + "name": "agent_task_sessions_company_agent_adapter_task_uniq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "adapter_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_agent_updated_idx": { + "name": "agent_task_sessions_company_agent_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_task_sessions_company_task_updated_idx": { + "name": "agent_task_sessions_company_task_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "task_key", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_task_sessions_company_id_companies_id_fk": { + "name": "agent_task_sessions_company_id_companies_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_agent_id_agents_id_fk": { + "name": "agent_task_sessions_agent_id_agents_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_task_sessions_last_run_id_heartbeat_runs_id_fk": { + "name": "agent_task_sessions_last_run_id_heartbeat_runs_id_fk", + "tableFrom": "agent_task_sessions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "last_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agent_wakeup_requests": { + "name": "agent_wakeup_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "coalesced_count": { + "name": "coalesced_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "requested_by_actor_type": { + "name": "requested_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_by_actor_id": { + "name": "requested_by_actor_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_at": { + "name": "requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "claimed_at": { + "name": "claimed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agent_wakeup_requests_company_agent_status_idx": { + "name": "agent_wakeup_requests_company_agent_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_company_requested_idx": { + "name": "agent_wakeup_requests_company_requested_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agent_wakeup_requests_agent_requested_idx": { + "name": "agent_wakeup_requests_agent_requested_idx", + "columns": [ + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requested_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agent_wakeup_requests_company_id_companies_id_fk": { + "name": "agent_wakeup_requests_company_id_companies_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agent_wakeup_requests_agent_id_agents_id_fk": { + "name": "agent_wakeup_requests_agent_id_agents_id_fk", + "tableFrom": "agent_wakeup_requests", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.agents": { + "name": "agents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'general'" + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "icon": { + "name": "icon", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'idle'" + }, + "reports_to": { + "name": "reports_to", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'process'" + }, + "adapter_config": { + "name": "adapter_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "runtime_config": { + "name": "runtime_config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "default_environment_id": { + "name": "default_environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "permissions": { + "name": "permissions", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_heartbeat_at": { + "name": "last_heartbeat_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "agents_company_status_idx": { + "name": "agents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_reports_to_idx": { + "name": "agents_company_reports_to_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "reports_to", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "agents_company_default_environment_idx": { + "name": "agents_company_default_environment_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "default_environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "agents_company_id_companies_id_fk": { + "name": "agents_company_id_companies_id_fk", + "tableFrom": "agents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_reports_to_agents_id_fk": { + "name": "agents_reports_to_agents_id_fk", + "tableFrom": "agents", + "tableTo": "agents", + "columnsFrom": [ + "reports_to" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "agents_default_environment_id_environments_id_fk": { + "name": "agents_default_environment_id_environments_id_fk", + "tableFrom": "agents", + "tableTo": "environments", + "columnsFrom": [ + "default_environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approval_comments": { + "name": "approval_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approval_comments_company_idx": { + "name": "approval_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_idx": { + "name": "approval_comments_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "approval_comments_approval_created_idx": { + "name": "approval_comments_approval_created_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approval_comments_company_id_companies_id_fk": { + "name": "approval_comments_company_id_companies_id_fk", + "tableFrom": "approval_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_approval_id_approvals_id_fk": { + "name": "approval_comments_approval_id_approvals_id_fk", + "tableFrom": "approval_comments", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approval_comments_author_agent_id_agents_id_fk": { + "name": "approval_comments_author_agent_id_agents_id_fk", + "tableFrom": "approval_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.approvals": { + "name": "approvals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requested_by_agent_id": { + "name": "requested_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "requested_by_user_id": { + "name": "requested_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "decision_note": { + "name": "decision_note", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_by_user_id": { + "name": "decided_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "decided_at": { + "name": "decided_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "approvals_company_status_type_idx": { + "name": "approvals_company_status_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "approvals_company_id_companies_id_fk": { + "name": "approvals_company_id_companies_id_fk", + "tableFrom": "approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "approvals_requested_by_agent_id_agents_id_fk": { + "name": "approvals_requested_by_agent_id_agents_id_fk", + "tableFrom": "approvals", + "tableTo": "agents", + "columnsFrom": [ + "requested_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.assets": { + "name": "assets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "object_key": { + "name": "object_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "content_type": { + "name": "content_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "byte_size": { + "name": "byte_size", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "sha256": { + "name": "sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "original_filename": { + "name": "original_filename", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "assets_company_created_idx": { + "name": "assets_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_provider_idx": { + "name": "assets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "assets_company_object_key_uq": { + "name": "assets_company_object_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "object_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "assets_company_id_companies_id_fk": { + "name": "assets_company_id_companies_id_fk", + "tableFrom": "assets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "assets_created_by_agent_id_agents_id_fk": { + "name": "assets_created_by_agent_id_agents_id_fk", + "tableFrom": "assets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.account": { + "name": "account", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_id": { + "name": "provider_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "access_token": { + "name": "access_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "refresh_token": { + "name": "refresh_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "id_token": { + "name": "id_token", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "access_token_expires_at": { + "name": "access_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "refresh_token_expires_at": { + "name": "refresh_token_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scope": { + "name": "scope", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "password": { + "name": "password", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "account_user_id_user_id_fk": { + "name": "account_user_id_user_id_fk", + "tableFrom": "account", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.session": { + "name": "session", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "token": { + "name": "token", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "ip_address": { + "name": "ip_address", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_agent": { + "name": "user_agent", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": { + "session_user_id_user_id_fk": { + "name": "session_user_id_user_id_fk", + "tableFrom": "session", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user": { + "name": "user", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email": { + "name": "email", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "email_verified": { + "name": "email_verified", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "image": { + "name": "image", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.verification": { + "name": "verification", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value": { + "name": "value", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.board_api_keys": { + "name": "board_api_keys", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "board_api_keys_key_hash_idx": { + "name": "board_api_keys_key_hash_idx", + "columns": [ + { + "expression": "key_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "board_api_keys_user_idx": { + "name": "board_api_keys_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "board_api_keys_user_id_user_id_fk": { + "name": "board_api_keys_user_id_user_id_fk", + "tableFrom": "board_api_keys", + "tableTo": "user", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_incidents": { + "name": "budget_incidents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "policy_id": { + "name": "policy_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "window_start": { + "name": "window_start", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "window_end": { + "name": "window_end", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "threshold_type": { + "name": "threshold_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount_limit": { + "name": "amount_limit", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "amount_observed": { + "name": "amount_observed", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'open'" + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_incidents_company_status_idx": { + "name": "budget_incidents_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_company_scope_idx": { + "name": "budget_incidents_company_scope_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_incidents_policy_window_threshold_idx": { + "name": "budget_incidents_policy_window_threshold_idx", + "columns": [ + { + "expression": "policy_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_start", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "threshold_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"budget_incidents\".\"status\" <> 'dismissed'", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_incidents_company_id_companies_id_fk": { + "name": "budget_incidents_company_id_companies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_policy_id_budget_policies_id_fk": { + "name": "budget_incidents_policy_id_budget_policies_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "budget_policies", + "columnsFrom": [ + "policy_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "budget_incidents_approval_id_approvals_id_fk": { + "name": "budget_incidents_approval_id_approvals_id_fk", + "tableFrom": "budget_incidents", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.budget_policies": { + "name": "budget_policies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "metric": { + "name": "metric", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'billed_cents'" + }, + "window_kind": { + "name": "window_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "amount": { + "name": "amount", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "warn_percent": { + "name": "warn_percent", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 80 + }, + "hard_stop_enabled": { + "name": "hard_stop_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "notify_enabled": { + "name": "notify_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "is_active": { + "name": "is_active", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "budget_policies_company_scope_active_idx": { + "name": "budget_policies_company_scope_active_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_active", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_window_idx": { + "name": "budget_policies_company_window_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "budget_policies_company_scope_metric_unique_idx": { + "name": "budget_policies_company_scope_metric_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "metric", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "window_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "budget_policies_company_id_companies_id_fk": { + "name": "budget_policies_company_id_companies_id_fk", + "tableFrom": "budget_policies", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cli_auth_challenges": { + "name": "cli_auth_challenges", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_hash": { + "name": "secret_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "client_name": { + "name": "client_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "requested_access": { + "name": "requested_access", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'board'" + }, + "requested_company_id": { + "name": "requested_company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "pending_key_hash": { + "name": "pending_key_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "pending_key_name": { + "name": "pending_key_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "board_api_key_id": { + "name": "board_api_key_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cli_auth_challenges_secret_hash_idx": { + "name": "cli_auth_challenges_secret_hash_idx", + "columns": [ + { + "expression": "secret_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_approved_by_idx": { + "name": "cli_auth_challenges_approved_by_idx", + "columns": [ + { + "expression": "approved_by_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cli_auth_challenges_requested_company_idx": { + "name": "cli_auth_challenges_requested_company_idx", + "columns": [ + { + "expression": "requested_company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cli_auth_challenges_requested_company_id_companies_id_fk": { + "name": "cli_auth_challenges_requested_company_id_companies_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "companies", + "columnsFrom": [ + "requested_company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_approved_by_user_id_user_id_fk": { + "name": "cli_auth_challenges_approved_by_user_id_user_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "user", + "columnsFrom": [ + "approved_by_user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk": { + "name": "cli_auth_challenges_board_api_key_id_board_api_keys_id_fk", + "tableFrom": "cli_auth_challenges", + "tableTo": "board_api_keys", + "columnsFrom": [ + "board_api_key_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.companies": { + "name": "companies", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "issue_prefix": { + "name": "issue_prefix", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'PAP'" + }, + "issue_counter": { + "name": "issue_counter", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "budget_monthly_cents": { + "name": "budget_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "spent_monthly_cents": { + "name": "spent_monthly_cents", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "attachment_max_bytes": { + "name": "attachment_max_bytes", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 10485760 + }, + "require_board_approval_for_new_agents": { + "name": "require_board_approval_for_new_agents", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_enabled": { + "name": "feedback_data_sharing_enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "feedback_data_sharing_consent_at": { + "name": "feedback_data_sharing_consent_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_consent_by_user_id": { + "name": "feedback_data_sharing_consent_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "feedback_data_sharing_terms_version": { + "name": "feedback_data_sharing_terms_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "brand_color": { + "name": "brand_color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "companies_issue_prefix_idx": { + "name": "companies_issue_prefix_idx", + "columns": [ + { + "expression": "issue_prefix", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_logos": { + "name": "company_logos", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_logos_company_uq": { + "name": "company_logos_company_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_logos_asset_uq": { + "name": "company_logos_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_logos_company_id_companies_id_fk": { + "name": "company_logos_company_id_companies_id_fk", + "tableFrom": "company_logos", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_logos_asset_id_assets_id_fk": { + "name": "company_logos_asset_id_assets_id_fk", + "tableFrom": "company_logos", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_memberships": { + "name": "company_memberships", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "membership_role": { + "name": "membership_role", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_memberships_company_principal_unique_idx": { + "name": "company_memberships_company_principal_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_principal_status_idx": { + "name": "company_memberships_principal_status_idx", + "columns": [ + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_memberships_company_status_idx": { + "name": "company_memberships_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_memberships_company_id_companies_id_fk": { + "name": "company_memberships_company_id_companies_id_fk", + "tableFrom": "company_memberships", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secret_versions": { + "name": "company_secret_versions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "material": { + "name": "material", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "value_sha256": { + "name": "value_sha256", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "company_secret_versions_secret_idx": { + "name": "company_secret_versions_secret_idx", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_value_sha256_idx": { + "name": "company_secret_versions_value_sha256_idx", + "columns": [ + { + "expression": "value_sha256", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secret_versions_secret_version_uq": { + "name": "company_secret_versions_secret_version_uq", + "columns": [ + { + "expression": "secret_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "version", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secret_versions_secret_id_company_secrets_id_fk": { + "name": "company_secret_versions_secret_id_company_secrets_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "company_secret_versions_created_by_agent_id_agents_id_fk": { + "name": "company_secret_versions_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secret_versions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_secrets": { + "name": "company_secrets", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_encrypted'" + }, + "external_ref": { + "name": "external_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "latest_version": { + "name": "latest_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_secrets_company_idx": { + "name": "company_secrets_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_provider_idx": { + "name": "company_secrets_company_provider_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_secrets_company_name_uq": { + "name": "company_secrets_company_name_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_secrets_company_id_companies_id_fk": { + "name": "company_secrets_company_id_companies_id_fk", + "tableFrom": "company_secrets", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "company_secrets_created_by_agent_id_agents_id_fk": { + "name": "company_secrets_created_by_agent_id_agents_id_fk", + "tableFrom": "company_secrets", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_skills": { + "name": "company_skills", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "slug": { + "name": "slug", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "markdown": { + "name": "markdown", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "source_locator": { + "name": "source_locator", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_ref": { + "name": "source_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trust_level": { + "name": "trust_level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown_only'" + }, + "compatibility": { + "name": "compatibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'compatible'" + }, + "file_inventory": { + "name": "file_inventory", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_skills_company_key_idx": { + "name": "company_skills_company_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_skills_company_name_idx": { + "name": "company_skills_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_skills_company_id_companies_id_fk": { + "name": "company_skills_company_id_companies_id_fk", + "tableFrom": "company_skills", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.company_user_sidebar_preferences": { + "name": "company_user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "project_order": { + "name": "project_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "company_user_sidebar_preferences_company_idx": { + "name": "company_user_sidebar_preferences_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_user_idx": { + "name": "company_user_sidebar_preferences_user_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "company_user_sidebar_preferences_company_user_uq": { + "name": "company_user_sidebar_preferences_company_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "company_user_sidebar_preferences_company_id_companies_id_fk": { + "name": "company_user_sidebar_preferences_company_id_companies_id_fk", + "tableFrom": "company_user_sidebar_preferences", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.cost_events": { + "name": "cost_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "billing_type": { + "name": "billing_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "input_tokens": { + "name": "input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cached_input_tokens": { + "name": "cached_input_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "output_tokens": { + "name": "output_tokens", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "cost_cents": { + "name": "cost_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "cost_events_company_occurred_idx": { + "name": "cost_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_agent_occurred_idx": { + "name": "cost_events_company_agent_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_provider_occurred_idx": { + "name": "cost_events_company_provider_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_biller_occurred_idx": { + "name": "cost_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "cost_events_company_heartbeat_run_idx": { + "name": "cost_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "cost_events_company_id_companies_id_fk": { + "name": "cost_events_company_id_companies_id_fk", + "tableFrom": "cost_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_agent_id_agents_id_fk": { + "name": "cost_events_agent_id_agents_id_fk", + "tableFrom": "cost_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_issue_id_issues_id_fk": { + "name": "cost_events_issue_id_issues_id_fk", + "tableFrom": "cost_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_project_id_projects_id_fk": { + "name": "cost_events_project_id_projects_id_fk", + "tableFrom": "cost_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_goal_id_goals_id_fk": { + "name": "cost_events_goal_id_goals_id_fk", + "tableFrom": "cost_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "cost_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "cost_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "cost_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.document_revisions": { + "name": "document_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "revision_number": { + "name": "revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "change_summary": { + "name": "change_summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "document_revisions_document_revision_uq": { + "name": "document_revisions_document_revision_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revision_number", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "document_revisions_company_document_created_idx": { + "name": "document_revisions_company_document_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "document_revisions_company_id_companies_id_fk": { + "name": "document_revisions_company_id_companies_id_fk", + "tableFrom": "document_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "document_revisions_document_id_documents_id_fk": { + "name": "document_revisions_document_id_documents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "document_revisions_created_by_agent_id_agents_id_fk": { + "name": "document_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "document_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "document_revisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "document_revisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "document_revisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.documents": { + "name": "documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "format": { + "name": "format", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'markdown'" + }, + "latest_body": { + "name": "latest_body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "latest_revision_id": { + "name": "latest_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "latest_revision_number": { + "name": "latest_revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "documents_company_updated_idx": { + "name": "documents_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "documents_company_created_idx": { + "name": "documents_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "documents_company_id_companies_id_fk": { + "name": "documents_company_id_companies_id_fk", + "tableFrom": "documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "documents_created_by_agent_id_agents_id_fk": { + "name": "documents_created_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "documents_updated_by_agent_id_agents_id_fk": { + "name": "documents_updated_by_agent_id_agents_id_fk", + "tableFrom": "documents", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environment_leases": { + "name": "environment_leases", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "environment_id": { + "name": "environment_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "lease_policy": { + "name": "lease_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'ephemeral'" + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_lease_id": { + "name": "provider_lease_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "acquired_at": { + "name": "acquired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_status": { + "name": "cleanup_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environment_leases_company_environment_status_idx": { + "name": "environment_leases_company_environment_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "environment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_execution_workspace_idx": { + "name": "environment_leases_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_issue_idx": { + "name": "environment_leases_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_heartbeat_run_idx": { + "name": "environment_leases_heartbeat_run_idx", + "columns": [ + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_company_last_used_idx": { + "name": "environment_leases_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environment_leases_provider_lease_idx": { + "name": "environment_leases_provider_lease_idx", + "columns": [ + { + "expression": "provider_lease_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environment_leases_company_id_companies_id_fk": { + "name": "environment_leases_company_id_companies_id_fk", + "tableFrom": "environment_leases", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_environment_id_environments_id_fk": { + "name": "environment_leases_environment_id_environments_id_fk", + "tableFrom": "environment_leases", + "tableTo": "environments", + "columnsFrom": [ + "environment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "environment_leases_execution_workspace_id_execution_workspaces_id_fk": { + "name": "environment_leases_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "environment_leases", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_issue_id_issues_id_fk": { + "name": "environment_leases_issue_id_issues_id_fk", + "tableFrom": "environment_leases", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "environment_leases_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "environment_leases", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.environments": { + "name": "environments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "driver": { + "name": "driver", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "config": { + "name": "config", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "environments_company_status_idx": { + "name": "environments_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_driver_idx": { + "name": "environments_company_driver_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "driver", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"environments\".\"driver\" = 'local'", + "concurrently": false, + "method": "btree", + "with": {} + }, + "environments_company_name_idx": { + "name": "environments_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "environments_company_id_companies_id_fk": { + "name": "environments_company_id_companies_id_fk", + "tableFrom": "environments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.execution_workspaces": { + "name": "execution_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "strategy_type": { + "name": "strategy_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "base_ref": { + "name": "base_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "branch_name": { + "name": "branch_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider_type": { + "name": "provider_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_fs'" + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "derived_from_execution_workspace_id": { + "name": "derived_from_execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "opened_at": { + "name": "opened_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "closed_at": { + "name": "closed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_eligible_at": { + "name": "cleanup_eligible_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cleanup_reason": { + "name": "cleanup_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "execution_workspaces_company_project_status_idx": { + "name": "execution_workspaces_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_project_workspace_status_idx": { + "name": "execution_workspaces_company_project_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_source_issue_idx": { + "name": "execution_workspaces_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_last_used_idx": { + "name": "execution_workspaces_company_last_used_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_used_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "execution_workspaces_company_branch_idx": { + "name": "execution_workspaces_company_branch_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "branch_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "execution_workspaces_company_id_companies_id_fk": { + "name": "execution_workspaces_company_id_companies_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "execution_workspaces_project_id_projects_id_fk": { + "name": "execution_workspaces_project_id_projects_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "execution_workspaces_project_workspace_id_project_workspaces_id_fk": { + "name": "execution_workspaces_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_source_issue_id_issues_id_fk": { + "name": "execution_workspaces_source_issue_id_issues_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk": { + "name": "execution_workspaces_derived_from_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "execution_workspaces", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "derived_from_execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_exports": { + "name": "feedback_exports", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "feedback_vote_id": { + "name": "feedback_vote_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_only'" + }, + "destination": { + "name": "destination", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "export_id": { + "name": "export_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "schema_version": { + "name": "schema_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-envelope-v2'" + }, + "bundle_version": { + "name": "bundle_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-bundle-v2'" + }, + "payload_version": { + "name": "payload_version", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'paperclip-feedback-v1'" + }, + "payload_digest": { + "name": "payload_digest", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload_snapshot": { + "name": "payload_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "target_summary": { + "name": "target_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "attempt_count": { + "name": "attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_attempted_at": { + "name": "last_attempted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "exported_at": { + "name": "exported_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_exports_feedback_vote_idx": { + "name": "feedback_exports_feedback_vote_idx", + "columns": [ + { + "expression": "feedback_vote_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_created_idx": { + "name": "feedback_exports_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_status_idx": { + "name": "feedback_exports_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_issue_idx": { + "name": "feedback_exports_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_project_idx": { + "name": "feedback_exports_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_exports_company_author_idx": { + "name": "feedback_exports_company_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_exports_company_id_companies_id_fk": { + "name": "feedback_exports_company_id_companies_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_exports_feedback_vote_id_feedback_votes_id_fk": { + "name": "feedback_exports_feedback_vote_id_feedback_votes_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "feedback_votes", + "columnsFrom": [ + "feedback_vote_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_issue_id_issues_id_fk": { + "name": "feedback_exports_issue_id_issues_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "feedback_exports_project_id_projects_id_fk": { + "name": "feedback_exports_project_id_projects_id_fk", + "tableFrom": "feedback_exports", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.feedback_votes": { + "name": "feedback_votes", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_type": { + "name": "target_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "target_id": { + "name": "target_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "vote": { + "name": "vote", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_with_labs": { + "name": "shared_with_labs", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "shared_at": { + "name": "shared_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "consent_version": { + "name": "consent_version", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "redaction_summary": { + "name": "redaction_summary", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "feedback_votes_company_issue_idx": { + "name": "feedback_votes_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_issue_target_idx": { + "name": "feedback_votes_issue_target_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_author_idx": { + "name": "feedback_votes_author_idx", + "columns": [ + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "feedback_votes_company_target_author_idx": { + "name": "feedback_votes_company_target_author_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "feedback_votes_company_id_companies_id_fk": { + "name": "feedback_votes_company_id_companies_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "feedback_votes_issue_id_issues_id_fk": { + "name": "feedback_votes_issue_id_issues_id_fk", + "tableFrom": "feedback_votes", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.finance_events": { + "name": "finance_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "cost_event_id": { + "name": "cost_event_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "event_kind": { + "name": "event_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "direction": { + "name": "direction", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'debit'" + }, + "biller": { + "name": "biller", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_adapter_type": { + "name": "execution_adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "pricing_tier": { + "name": "pricing_tier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "region": { + "name": "region", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "model": { + "name": "model", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "quantity": { + "name": "quantity", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "unit": { + "name": "unit", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "amount_cents": { + "name": "amount_cents", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "currency": { + "name": "currency", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'USD'" + }, + "estimated": { + "name": "estimated", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "external_invoice_id": { + "name": "external_invoice_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata_json": { + "name": "metadata_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "occurred_at": { + "name": "occurred_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "finance_events_company_occurred_idx": { + "name": "finance_events_company_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_biller_occurred_idx": { + "name": "finance_events_company_biller_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "biller", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_kind_occurred_idx": { + "name": "finance_events_company_kind_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "event_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_direction_occurred_idx": { + "name": "finance_events_company_direction_occurred_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "direction", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "occurred_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_heartbeat_run_idx": { + "name": "finance_events_company_heartbeat_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "finance_events_company_cost_event_idx": { + "name": "finance_events_company_cost_event_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "cost_event_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "finance_events_company_id_companies_id_fk": { + "name": "finance_events_company_id_companies_id_fk", + "tableFrom": "finance_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_agent_id_agents_id_fk": { + "name": "finance_events_agent_id_agents_id_fk", + "tableFrom": "finance_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_issue_id_issues_id_fk": { + "name": "finance_events_issue_id_issues_id_fk", + "tableFrom": "finance_events", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_project_id_projects_id_fk": { + "name": "finance_events_project_id_projects_id_fk", + "tableFrom": "finance_events", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_goal_id_goals_id_fk": { + "name": "finance_events_goal_id_goals_id_fk", + "tableFrom": "finance_events", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "finance_events_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "finance_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "finance_events_cost_event_id_cost_events_id_fk": { + "name": "finance_events_cost_event_id_cost_events_id_fk", + "tableFrom": "finance_events", + "tableTo": "cost_events", + "columnsFrom": [ + "cost_event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.goals": { + "name": "goals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'task'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'planned'" + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "goals_company_idx": { + "name": "goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "goals_company_id_companies_id_fk": { + "name": "goals_company_id_companies_id_fk", + "tableFrom": "goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_parent_id_goals_id_fk": { + "name": "goals_parent_id_goals_id_fk", + "tableFrom": "goals", + "tableTo": "goals", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "goals_owner_agent_id_agents_id_fk": { + "name": "goals_owner_agent_id_agents_id_fk", + "tableFrom": "goals", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_events": { + "name": "heartbeat_run_events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "bigserial", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "seq": { + "name": "seq", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "event_type": { + "name": "event_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "stream": { + "name": "stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_events_run_seq_idx": { + "name": "heartbeat_run_events_run_seq_idx", + "columns": [ + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "seq", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_run_idx": { + "name": "heartbeat_run_events_company_run_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_events_company_created_idx": { + "name": "heartbeat_run_events_company_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_events_company_id_companies_id_fk": { + "name": "heartbeat_run_events_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_events_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_events_agent_id_agents_id_fk": { + "name": "heartbeat_run_events_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_events", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_run_watchdog_decisions": { + "name": "heartbeat_run_watchdog_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "run_id": { + "name": "run_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "evaluation_issue_id": { + "name": "evaluation_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "decision": { + "name": "decision", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "snoozed_until": { + "name": "snoozed_until", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_run_watchdog_decisions_company_run_created_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_run_watchdog_decisions_company_run_snooze_idx": { + "name": "heartbeat_run_watchdog_decisions_company_run_snooze_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "snoozed_until", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_run_watchdog_decisions_company_id_companies_id_fk": { + "name": "heartbeat_run_watchdog_decisions_company_id_companies_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk": { + "name": "heartbeat_run_watchdog_decisions_evaluation_issue_id_issues_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "issues", + "columnsFrom": [ + "evaluation_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_agent_id_agents_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_run_watchdog_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_run_watchdog_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.heartbeat_runs": { + "name": "heartbeat_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "agent_id": { + "name": "agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "invocation_source": { + "name": "invocation_source", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'on_demand'" + }, + "trigger_detail": { + "name": "trigger_detail", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'queued'" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "wakeup_request_id": { + "name": "wakeup_request_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "signal": { + "name": "signal", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "usage_json": { + "name": "usage_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "result_json": { + "name": "result_json", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "session_id_before": { + "name": "session_id_before", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "session_id_after": { + "name": "session_id_after", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "error_code": { + "name": "error_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_run_id": { + "name": "external_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "process_pid": { + "name": "process_pid", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_group_id": { + "name": "process_group_id", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "process_started_at": { + "name": "process_started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_at": { + "name": "last_output_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_output_seq": { + "name": "last_output_seq", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_output_stream": { + "name": "last_output_stream", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_output_bytes": { + "name": "last_output_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "retry_of_run_id": { + "name": "retry_of_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "process_loss_retry_count": { + "name": "process_loss_retry_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_at": { + "name": "scheduled_retry_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "scheduled_retry_attempt": { + "name": "scheduled_retry_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "scheduled_retry_reason": { + "name": "scheduled_retry_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_comment_status": { + "name": "issue_comment_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'not_applicable'" + }, + "issue_comment_satisfied_by_comment_id": { + "name": "issue_comment_satisfied_by_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_comment_retry_queued_at": { + "name": "issue_comment_retry_queued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "liveness_state": { + "name": "liveness_state", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "liveness_reason": { + "name": "liveness_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "continuation_attempt": { + "name": "continuation_attempt", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "last_useful_action_at": { + "name": "last_useful_action_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_action": { + "name": "next_action", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "context_snapshot": { + "name": "context_snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "heartbeat_runs_company_agent_started_idx": { + "name": "heartbeat_runs_company_agent_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_liveness_idx": { + "name": "heartbeat_runs_company_liveness_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "liveness_state", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_last_output_idx": { + "name": "heartbeat_runs_company_status_last_output_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "last_output_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "heartbeat_runs_company_status_process_started_idx": { + "name": "heartbeat_runs_company_status_process_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "process_started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "heartbeat_runs_company_id_companies_id_fk": { + "name": "heartbeat_runs_company_id_companies_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_agent_id_agents_id_fk": { + "name": "heartbeat_runs_agent_id_agents_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agents", + "columnsFrom": [ + "agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk": { + "name": "heartbeat_runs_wakeup_request_id_agent_wakeup_requests_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "agent_wakeup_requests", + "columnsFrom": [ + "wakeup_request_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk": { + "name": "heartbeat_runs_retry_of_run_id_heartbeat_runs_id_fk", + "tableFrom": "heartbeat_runs", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "retry_of_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.inbox_dismissals": { + "name": "inbox_dismissals", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "item_key": { + "name": "item_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "dismissed_at": { + "name": "dismissed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "inbox_dismissals_company_user_idx": { + "name": "inbox_dismissals_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_item_idx": { + "name": "inbox_dismissals_company_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "inbox_dismissals_company_user_item_idx": { + "name": "inbox_dismissals_company_user_item_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "item_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "inbox_dismissals_company_id_companies_id_fk": { + "name": "inbox_dismissals_company_id_companies_id_fk", + "tableFrom": "inbox_dismissals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_settings": { + "name": "instance_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "singleton_key": { + "name": "singleton_key", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "general": { + "name": "general", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "experimental": { + "name": "experimental", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_settings_singleton_key_idx": { + "name": "instance_settings_singleton_key_idx", + "columns": [ + { + "expression": "singleton_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.instance_user_roles": { + "name": "instance_user_roles", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "role": { + "name": "role", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'instance_admin'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "instance_user_roles_user_role_unique_idx": { + "name": "instance_user_roles_user_role_unique_idx", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "instance_user_roles_role_idx": { + "name": "instance_user_roles_role_idx", + "columns": [ + { + "expression": "role", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.invites": { + "name": "invites", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "invite_type": { + "name": "invite_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'company_join'" + }, + "token_hash": { + "name": "token_hash", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "allowed_join_types": { + "name": "allowed_join_types", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'both'" + }, + "defaults_payload": { + "name": "defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "expires_at": { + "name": "expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true + }, + "invited_by_user_id": { + "name": "invited_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "revoked_at": { + "name": "revoked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "accepted_at": { + "name": "accepted_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "invites_token_hash_unique_idx": { + "name": "invites_token_hash_unique_idx", + "columns": [ + { + "expression": "token_hash", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "invites_company_invite_state_idx": { + "name": "invites_company_invite_state_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "invite_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revoked_at", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "expires_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "invites_company_id_companies_id_fk": { + "name": "invites_company_id_companies_id_fk", + "tableFrom": "invites", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_approvals": { + "name": "issue_approvals", + "schema": "", + "columns": { + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "approval_id": { + "name": "approval_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "linked_by_agent_id": { + "name": "linked_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "linked_by_user_id": { + "name": "linked_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_approvals_issue_idx": { + "name": "issue_approvals_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_approval_idx": { + "name": "issue_approvals_approval_idx", + "columns": [ + { + "expression": "approval_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_approvals_company_idx": { + "name": "issue_approvals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_approvals_company_id_companies_id_fk": { + "name": "issue_approvals_company_id_companies_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_approvals_issue_id_issues_id_fk": { + "name": "issue_approvals_issue_id_issues_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_approval_id_approvals_id_fk": { + "name": "issue_approvals_approval_id_approvals_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "approvals", + "columnsFrom": [ + "approval_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_approvals_linked_by_agent_id_agents_id_fk": { + "name": "issue_approvals_linked_by_agent_id_agents_id_fk", + "tableFrom": "issue_approvals", + "tableTo": "agents", + "columnsFrom": [ + "linked_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_approvals_pk": { + "name": "issue_approvals_pk", + "columns": [ + "issue_id", + "approval_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_attachments": { + "name": "issue_attachments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "asset_id": { + "name": "asset_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_comment_id": { + "name": "issue_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_attachments_company_issue_idx": { + "name": "issue_attachments_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_issue_comment_idx": { + "name": "issue_attachments_issue_comment_idx", + "columns": [ + { + "expression": "issue_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_attachments_asset_uq": { + "name": "issue_attachments_asset_uq", + "columns": [ + { + "expression": "asset_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_attachments_company_id_companies_id_fk": { + "name": "issue_attachments_company_id_companies_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_attachments_issue_id_issues_id_fk": { + "name": "issue_attachments_issue_id_issues_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_asset_id_assets_id_fk": { + "name": "issue_attachments_asset_id_assets_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "assets", + "columnsFrom": [ + "asset_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_attachments_issue_comment_id_issue_comments_id_fk": { + "name": "issue_attachments_issue_comment_id_issue_comments_id_fk", + "tableFrom": "issue_attachments", + "tableTo": "issue_comments", + "columnsFrom": [ + "issue_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_comments": { + "name": "issue_comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "author_agent_id": { + "name": "author_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "author_user_id": { + "name": "author_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "author_type": { + "name": "author_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "presentation": { + "name": "presentation", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_comments_issue_idx": { + "name": "issue_comments_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_idx": { + "name": "issue_comments_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_issue_created_at_idx": { + "name": "issue_comments_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_company_author_issue_created_at_idx": { + "name": "issue_comments_company_author_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "author_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_comments_body_search_idx": { + "name": "issue_comments_body_search_idx", + "columns": [ + { + "expression": "body", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + } + }, + "foreignKeys": { + "issue_comments_company_id_companies_id_fk": { + "name": "issue_comments_company_id_companies_id_fk", + "tableFrom": "issue_comments", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_issue_id_issues_id_fk": { + "name": "issue_comments_issue_id_issues_id_fk", + "tableFrom": "issue_comments", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_author_agent_id_agents_id_fk": { + "name": "issue_comments_author_agent_id_agents_id_fk", + "tableFrom": "issue_comments", + "tableTo": "agents", + "columnsFrom": [ + "author_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_comments_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_comments_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_comments", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_documents": { + "name": "issue_documents", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "document_id": { + "name": "document_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "key": { + "name": "key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_documents_company_issue_key_uq": { + "name": "issue_documents_company_issue_key_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_document_uq": { + "name": "issue_documents_document_uq", + "columns": [ + { + "expression": "document_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_documents_company_issue_updated_idx": { + "name": "issue_documents_company_issue_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_documents_company_id_companies_id_fk": { + "name": "issue_documents_company_id_companies_id_fk", + "tableFrom": "issue_documents", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_documents_issue_id_issues_id_fk": { + "name": "issue_documents_issue_id_issues_id_fk", + "tableFrom": "issue_documents", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_documents_document_id_documents_id_fk": { + "name": "issue_documents_document_id_documents_id_fk", + "tableFrom": "issue_documents", + "tableTo": "documents", + "columnsFrom": [ + "document_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_execution_decisions": { + "name": "issue_execution_decisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_id": { + "name": "stage_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "stage_type": { + "name": "stage_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "actor_agent_id": { + "name": "actor_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "actor_user_id": { + "name": "actor_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "outcome": { + "name": "outcome", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "body": { + "name": "body", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_execution_decisions_company_issue_idx": { + "name": "issue_execution_decisions_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_execution_decisions_stage_idx": { + "name": "issue_execution_decisions_stage_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "stage_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_execution_decisions_company_id_companies_id_fk": { + "name": "issue_execution_decisions_company_id_companies_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_issue_id_issues_id_fk": { + "name": "issue_execution_decisions_issue_id_issues_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_execution_decisions_actor_agent_id_agents_id_fk": { + "name": "issue_execution_decisions_actor_agent_id_agents_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "agents", + "columnsFrom": [ + "actor_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_execution_decisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_execution_decisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_inbox_archives": { + "name": "issue_inbox_archives", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_inbox_archives_company_issue_idx": { + "name": "issue_inbox_archives_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_user_idx": { + "name": "issue_inbox_archives_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_inbox_archives_company_issue_user_idx": { + "name": "issue_inbox_archives_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_inbox_archives_company_id_companies_id_fk": { + "name": "issue_inbox_archives_company_id_companies_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_inbox_archives_issue_id_issues_id_fk": { + "name": "issue_inbox_archives_issue_id_issues_id_fk", + "tableFrom": "issue_inbox_archives", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_labels": { + "name": "issue_labels", + "schema": "", + "columns": { + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "label_id": { + "name": "label_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_labels_issue_idx": { + "name": "issue_labels_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_label_idx": { + "name": "issue_labels_label_idx", + "columns": [ + { + "expression": "label_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_labels_company_idx": { + "name": "issue_labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_labels_issue_id_issues_id_fk": { + "name": "issue_labels_issue_id_issues_id_fk", + "tableFrom": "issue_labels", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_label_id_labels_id_fk": { + "name": "issue_labels_label_id_labels_id_fk", + "tableFrom": "issue_labels", + "tableTo": "labels", + "columnsFrom": [ + "label_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_labels_company_id_companies_id_fk": { + "name": "issue_labels_company_id_companies_id_fk", + "tableFrom": "issue_labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "issue_labels_pk": { + "name": "issue_labels_pk", + "columns": [ + "issue_id", + "label_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_read_states": { + "name": "issue_read_states", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "last_read_at": { + "name": "last_read_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_read_states_company_issue_idx": { + "name": "issue_read_states_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_user_idx": { + "name": "issue_read_states_company_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_read_states_company_issue_user_idx": { + "name": "issue_read_states_company_issue_user_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_read_states_company_id_companies_id_fk": { + "name": "issue_read_states_company_id_companies_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_read_states_issue_id_issues_id_fk": { + "name": "issue_read_states_issue_id_issues_id_fk", + "tableFrom": "issue_read_states", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_reference_mentions": { + "name": "issue_reference_mentions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_issue_id": { + "name": "source_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "target_issue_id": { + "name": "target_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "source_kind": { + "name": "source_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_record_id": { + "name": "source_record_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "document_key": { + "name": "document_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "matched_text": { + "name": "matched_text", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_reference_mentions_company_source_issue_idx": { + "name": "issue_reference_mentions_company_source_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_target_issue_idx": { + "name": "issue_reference_mentions_company_target_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_issue_pair_idx": { + "name": "issue_reference_mentions_company_issue_pair_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_record_uq": { + "name": "issue_reference_mentions_company_source_mention_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_record_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is not null", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_reference_mentions_company_source_mention_null_record_uq": { + "name": "issue_reference_mentions_company_source_mention_null_record_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "target_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_reference_mentions\".\"source_record_id\" is null", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_reference_mentions_company_id_companies_id_fk": { + "name": "issue_reference_mentions_company_id_companies_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_reference_mentions_source_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_source_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "source_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_reference_mentions_target_issue_id_issues_id_fk": { + "name": "issue_reference_mentions_target_issue_id_issues_id_fk", + "tableFrom": "issue_reference_mentions", + "tableTo": "issues", + "columnsFrom": [ + "target_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_relations": { + "name": "issue_relations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "related_issue_id": { + "name": "related_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_relations_company_issue_idx": { + "name": "issue_relations_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_related_issue_idx": { + "name": "issue_relations_company_related_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_type_idx": { + "name": "issue_relations_company_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_relations_company_edge_uq": { + "name": "issue_relations_company_edge_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "related_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_relations_company_id_companies_id_fk": { + "name": "issue_relations_company_id_companies_id_fk", + "tableFrom": "issue_relations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_relations_issue_id_issues_id_fk": { + "name": "issue_relations_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_related_issue_id_issues_id_fk": { + "name": "issue_relations_related_issue_id_issues_id_fk", + "tableFrom": "issue_relations", + "tableTo": "issues", + "columnsFrom": [ + "related_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_relations_created_by_agent_id_agents_id_fk": { + "name": "issue_relations_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_relations", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_thread_interactions": { + "name": "issue_thread_interactions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "continuation_policy": { + "name": "continuation_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'wake_assignee'" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "source_comment_id": { + "name": "source_comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source_run_id": { + "name": "source_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "resolved_by_agent_id": { + "name": "resolved_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "resolved_by_user_id": { + "name": "resolved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "result": { + "name": "result", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_thread_interactions_issue_idx": { + "name": "issue_thread_interactions_issue_idx", + "columns": [ + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_created_at_idx": { + "name": "issue_thread_interactions_company_issue_created_at_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_status_idx": { + "name": "issue_thread_interactions_company_issue_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_company_issue_idempotency_uq": { + "name": "issue_thread_interactions_company_issue_idempotency_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issue_thread_interactions\".\"idempotency_key\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_thread_interactions_source_comment_idx": { + "name": "issue_thread_interactions_source_comment_idx", + "columns": [ + { + "expression": "source_comment_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_thread_interactions_company_id_companies_id_fk": { + "name": "issue_thread_interactions_company_id_companies_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_issue_id_issues_id_fk": { + "name": "issue_thread_interactions_issue_id_issues_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_comment_id_issue_comments_id_fk": { + "name": "issue_thread_interactions_source_comment_id_issue_comments_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "issue_comments", + "columnsFrom": [ + "source_comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk": { + "name": "issue_thread_interactions_source_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "source_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_thread_interactions_created_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_thread_interactions_resolved_by_agent_id_agents_id_fk": { + "name": "issue_thread_interactions_resolved_by_agent_id_agents_id_fk", + "tableFrom": "issue_thread_interactions", + "tableTo": "agents", + "columnsFrom": [ + "resolved_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_hold_members": { + "name": "issue_tree_hold_members", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "hold_id": { + "name": "hold_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "depth": { + "name": "depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "issue_identifier": { + "name": "issue_identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_title": { + "name": "issue_title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "issue_status": { + "name": "issue_status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "active_run_id": { + "name": "active_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "active_run_status": { + "name": "active_run_status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "skipped": { + "name": "skipped", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "skip_reason": { + "name": "skip_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_hold_members_hold_issue_uq": { + "name": "issue_tree_hold_members_hold_issue_uq", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_company_issue_idx": { + "name": "issue_tree_hold_members_company_issue_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_hold_members_hold_depth_idx": { + "name": "issue_tree_hold_members_hold_depth_idx", + "columns": [ + { + "expression": "hold_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "depth", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_hold_members_company_id_companies_id_fk": { + "name": "issue_tree_hold_members_company_id_companies_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk": { + "name": "issue_tree_hold_members_hold_id_issue_tree_holds_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issue_tree_holds", + "columnsFrom": [ + "hold_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_hold_members_parent_issue_id_issues_id_fk": { + "name": "issue_tree_hold_members_parent_issue_id_issues_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_assignee_agent_id_agents_id_fk": { + "name": "issue_tree_hold_members_assignee_agent_id_agents_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_hold_members_active_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_hold_members", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "active_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_tree_holds": { + "name": "issue_tree_holds", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "root_issue_id": { + "name": "root_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "mode": { + "name": "mode", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "reason": { + "name": "reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_policy": { + "name": "release_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_actor_type": { + "name": "created_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'system'" + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_at": { + "name": "released_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "released_by_actor_type": { + "name": "released_by_actor_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_agent_id": { + "name": "released_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "released_by_user_id": { + "name": "released_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "released_by_run_id": { + "name": "released_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "release_reason": { + "name": "release_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "release_metadata": { + "name": "release_metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_tree_holds_company_root_status_idx": { + "name": "issue_tree_holds_company_root_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "root_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_tree_holds_company_status_mode_idx": { + "name": "issue_tree_holds_company_status_mode_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "mode", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_tree_holds_company_id_companies_id_fk": { + "name": "issue_tree_holds_company_id_companies_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_tree_holds_root_issue_id_issues_id_fk": { + "name": "issue_tree_holds_root_issue_id_issues_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "issues", + "columnsFrom": [ + "root_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_created_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_agent_id_agents_id_fk": { + "name": "issue_tree_holds_released_by_agent_id_agents_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "agents", + "columnsFrom": [ + "released_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_tree_holds_released_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_tree_holds", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "released_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issue_work_products": { + "name": "issue_work_products", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "runtime_service_id": { + "name": "runtime_service_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "review_state": { + "name": "review_state", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'none'" + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "summary": { + "name": "summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issue_work_products_company_issue_type_idx": { + "name": "issue_work_products_company_issue_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_execution_workspace_type_idx": { + "name": "issue_work_products_company_execution_workspace_type_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_provider_external_id_idx": { + "name": "issue_work_products_company_provider_external_id_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issue_work_products_company_updated_idx": { + "name": "issue_work_products_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issue_work_products_company_id_companies_id_fk": { + "name": "issue_work_products_company_id_companies_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issue_work_products_project_id_projects_id_fk": { + "name": "issue_work_products_project_id_projects_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_issue_id_issues_id_fk": { + "name": "issue_work_products_issue_id_issues_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "issue_work_products_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issue_work_products_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk": { + "name": "issue_work_products_runtime_service_id_workspace_runtime_services_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "workspace_runtime_services", + "columnsFrom": [ + "runtime_service_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issue_work_products_created_by_run_id_heartbeat_runs_id_fk": { + "name": "issue_work_products_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "issue_work_products", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.issues": { + "name": "issues", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_id": { + "name": "parent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "work_mode": { + "name": "work_mode", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'standard'" + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "assignee_user_id": { + "name": "assignee_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "checkout_run_id": { + "name": "checkout_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_run_id": { + "name": "execution_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_agent_name_key": { + "name": "execution_agent_name_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_locked_at": { + "name": "execution_locked_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "issue_number": { + "name": "issue_number", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "identifier": { + "name": "identifier", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_kind": { + "name": "origin_kind", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'manual'" + }, + "origin_id": { + "name": "origin_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_run_id": { + "name": "origin_run_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "origin_fingerprint": { + "name": "origin_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "request_depth": { + "name": "request_depth", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "billing_code": { + "name": "billing_code", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_adapter_overrides": { + "name": "assignee_adapter_overrides", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_policy": { + "name": "execution_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "execution_state": { + "name": "execution_state", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "monitor_next_check_at": { + "name": "monitor_next_check_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_wake_requested_at": { + "name": "monitor_wake_requested_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_last_triggered_at": { + "name": "monitor_last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "monitor_attempt_count": { + "name": "monitor_attempt_count", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 0 + }, + "monitor_notes": { + "name": "monitor_notes", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "monitor_scheduled_by": { + "name": "monitor_scheduled_by", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_preference": { + "name": "execution_workspace_preference", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_settings": { + "name": "execution_workspace_settings", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "cancelled_at": { + "name": "cancelled_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "hidden_at": { + "name": "hidden_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "issues_company_status_idx": { + "name": "issues_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_status_idx": { + "name": "issues_company_assignee_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_assignee_user_status_idx": { + "name": "issues_company_assignee_user_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_parent_idx": { + "name": "issues_company_parent_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "parent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_idx": { + "name": "issues_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_origin_idx": { + "name": "issues_company_origin_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_project_workspace_idx": { + "name": "issues_company_project_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_execution_workspace_idx": { + "name": "issues_company_execution_workspace_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_company_monitor_due_idx": { + "name": "issues_company_monitor_due_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "monitor_next_check_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_identifier_idx": { + "name": "issues_identifier_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_title_search_idx": { + "name": "issues_title_search_idx", + "columns": [ + { + "expression": "title", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_identifier_search_idx": { + "name": "issues_identifier_search_idx", + "columns": [ + { + "expression": "identifier", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_description_search_idx": { + "name": "issues_description_search_idx", + "columns": [ + { + "expression": "description", + "isExpression": false, + "asc": true, + "nulls": "last", + "opclass": "gin_trgm_ops" + } + ], + "isUnique": false, + "concurrently": false, + "method": "gin", + "with": {} + }, + "issues_open_routine_execution_uq": { + "name": "issues_open_routine_execution_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'routine_execution'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"execution_run_id\" is not null\n and \"issues\".\"status\" in ('backlog', 'todo', 'in_progress', 'in_review', 'blocked')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_incident_uq": { + "name": "issues_active_liveness_recovery_incident_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_liveness_recovery_leaf_uq": { + "name": "issues_active_liveness_recovery_leaf_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'harness_liveness_escalation'\n and \"issues\".\"origin_fingerprint\" <> 'default'\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stale_run_evaluation_uq": { + "name": "issues_active_stale_run_evaluation_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stale_active_run_evaluation'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_productivity_review_uq": { + "name": "issues_active_productivity_review_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'issue_productivity_review'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + }, + "issues_active_stranded_issue_recovery_uq": { + "name": "issues_active_stranded_issue_recovery_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "origin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"issues\".\"origin_kind\" = 'stranded_issue_recovery'\n and \"issues\".\"origin_id\" is not null\n and \"issues\".\"hidden_at\" is null\n and \"issues\".\"status\" not in ('done', 'cancelled')", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "issues_company_id_companies_id_fk": { + "name": "issues_company_id_companies_id_fk", + "tableFrom": "issues", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_id_projects_id_fk": { + "name": "issues_project_id_projects_id_fk", + "tableFrom": "issues", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_project_workspace_id_project_workspaces_id_fk": { + "name": "issues_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_goal_id_goals_id_fk": { + "name": "issues_goal_id_goals_id_fk", + "tableFrom": "issues", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_parent_id_issues_id_fk": { + "name": "issues_parent_id_issues_id_fk", + "tableFrom": "issues", + "tableTo": "issues", + "columnsFrom": [ + "parent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_assignee_agent_id_agents_id_fk": { + "name": "issues_assignee_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_checkout_run_id_heartbeat_runs_id_fk": { + "name": "issues_checkout_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "checkout_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_execution_run_id_heartbeat_runs_id_fk": { + "name": "issues_execution_run_id_heartbeat_runs_id_fk", + "tableFrom": "issues", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "execution_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "issues_created_by_agent_id_agents_id_fk": { + "name": "issues_created_by_agent_id_agents_id_fk", + "tableFrom": "issues", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "issues_execution_workspace_id_execution_workspaces_id_fk": { + "name": "issues_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "issues", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.join_requests": { + "name": "join_requests", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "invite_id": { + "name": "invite_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "request_type": { + "name": "request_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending_approval'" + }, + "request_ip": { + "name": "request_ip", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "requesting_user_id": { + "name": "requesting_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "request_email_snapshot": { + "name": "request_email_snapshot", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_name": { + "name": "agent_name", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "adapter_type": { + "name": "adapter_type", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "capabilities": { + "name": "capabilities", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "agent_defaults_payload": { + "name": "agent_defaults_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "claim_secret_hash": { + "name": "claim_secret_hash", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "claim_secret_expires_at": { + "name": "claim_secret_expires_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "claim_secret_consumed_at": { + "name": "claim_secret_consumed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_agent_id": { + "name": "created_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "approved_by_user_id": { + "name": "approved_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "approved_at": { + "name": "approved_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "rejected_by_user_id": { + "name": "rejected_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "rejected_at": { + "name": "rejected_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "join_requests_invite_unique_idx": { + "name": "join_requests_invite_unique_idx", + "columns": [ + { + "expression": "invite_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_company_status_type_created_idx": { + "name": "join_requests_company_status_type_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "request_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_user_uq": { + "name": "join_requests_pending_human_user_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "requesting_user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"requesting_user_id\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + }, + "join_requests_pending_human_email_uq": { + "name": "join_requests_pending_human_email_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "lower(\"request_email_snapshot\")", + "asc": true, + "isExpression": true, + "nulls": "last" + } + ], + "isUnique": true, + "where": "\"join_requests\".\"request_type\" = 'human' AND \"join_requests\".\"status\" = 'pending_approval' AND \"join_requests\".\"request_email_snapshot\" IS NOT NULL", + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "join_requests_invite_id_invites_id_fk": { + "name": "join_requests_invite_id_invites_id_fk", + "tableFrom": "join_requests", + "tableTo": "invites", + "columnsFrom": [ + "invite_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_company_id_companies_id_fk": { + "name": "join_requests_company_id_companies_id_fk", + "tableFrom": "join_requests", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "join_requests_created_agent_id_agents_id_fk": { + "name": "join_requests_created_agent_id_agents_id_fk", + "tableFrom": "join_requests", + "tableTo": "agents", + "columnsFrom": [ + "created_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.labels": { + "name": "labels", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "labels_company_idx": { + "name": "labels_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "labels_company_name_idx": { + "name": "labels_company_name_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "labels_company_id_companies_id_fk": { + "name": "labels_company_id_companies_id_fk", + "tableFrom": "labels", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_company_settings": { + "name": "plugin_company_settings", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "settings_json": { + "name": "settings_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_company_settings_company_idx": { + "name": "plugin_company_settings_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_plugin_idx": { + "name": "plugin_company_settings_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_company_settings_company_plugin_uq": { + "name": "plugin_company_settings_company_plugin_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_company_settings_company_id_companies_id_fk": { + "name": "plugin_company_settings_company_id_companies_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_company_settings_plugin_id_plugins_id_fk": { + "name": "plugin_company_settings_plugin_id_plugins_id_fk", + "tableFrom": "plugin_company_settings", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_config": { + "name": "plugin_config", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "config_json": { + "name": "config_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_config_plugin_id_idx": { + "name": "plugin_config_plugin_id_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_config_plugin_id_plugins_id_fk": { + "name": "plugin_config_plugin_id_plugins_id_fk", + "tableFrom": "plugin_config", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_database_namespaces": { + "name": "plugin_database_namespaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_mode": { + "name": "namespace_mode", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'schema'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_database_namespaces_plugin_idx": { + "name": "plugin_database_namespaces_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_namespace_idx": { + "name": "plugin_database_namespaces_namespace_idx", + "columns": [ + { + "expression": "namespace_name", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_database_namespaces_status_idx": { + "name": "plugin_database_namespaces_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_database_namespaces_plugin_id_plugins_id_fk": { + "name": "plugin_database_namespaces_plugin_id_plugins_id_fk", + "tableFrom": "plugin_database_namespaces", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_entities": { + "name": "plugin_entities", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "entity_type": { + "name": "entity_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "data": { + "name": "data", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_entities_plugin_idx": { + "name": "plugin_entities_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_type_idx": { + "name": "plugin_entities_type_idx", + "columns": [ + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_scope_idx": { + "name": "plugin_entities_scope_idx", + "columns": [ + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_entities_external_idx": { + "name": "plugin_entities_external_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "entity_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "external_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_entities_plugin_id_plugins_id_fk": { + "name": "plugin_entities_plugin_id_plugins_id_fk", + "tableFrom": "plugin_entities", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_job_runs": { + "name": "plugin_job_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "job_id": { + "name": "job_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger": { + "name": "trigger", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "logs": { + "name": "logs", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_job_runs_job_idx": { + "name": "plugin_job_runs_job_idx", + "columns": [ + { + "expression": "job_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_plugin_idx": { + "name": "plugin_job_runs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_job_runs_status_idx": { + "name": "plugin_job_runs_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_job_runs_job_id_plugin_jobs_id_fk": { + "name": "plugin_job_runs_job_id_plugin_jobs_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugin_jobs", + "columnsFrom": [ + "job_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_job_runs_plugin_id_plugins_id_fk": { + "name": "plugin_job_runs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_job_runs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_jobs": { + "name": "plugin_jobs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "job_key": { + "name": "job_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "schedule": { + "name": "schedule", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "last_run_at": { + "name": "last_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_jobs_plugin_idx": { + "name": "plugin_jobs_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_next_run_idx": { + "name": "plugin_jobs_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_jobs_unique_idx": { + "name": "plugin_jobs_unique_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "job_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_jobs_plugin_id_plugins_id_fk": { + "name": "plugin_jobs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_jobs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_logs": { + "name": "plugin_logs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "level": { + "name": "level", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'info'" + }, + "message": { + "name": "message", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "meta": { + "name": "meta", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_logs_plugin_time_idx": { + "name": "plugin_logs_plugin_time_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_logs_level_idx": { + "name": "plugin_logs_level_idx", + "columns": [ + { + "expression": "level", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_logs_plugin_id_plugins_id_fk": { + "name": "plugin_logs_plugin_id_plugins_id_fk", + "tableFrom": "plugin_logs", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_managed_resources": { + "name": "plugin_managed_resources", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_kind": { + "name": "resource_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_key": { + "name": "resource_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "resource_id": { + "name": "resource_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "defaults_json": { + "name": "defaults_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_managed_resources_company_idx": { + "name": "plugin_managed_resources_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_plugin_idx": { + "name": "plugin_managed_resources_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_resource_idx": { + "name": "plugin_managed_resources_resource_idx", + "columns": [ + { + "expression": "resource_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_managed_resources_company_plugin_resource_uq": { + "name": "plugin_managed_resources_company_plugin_resource_uq", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "resource_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_managed_resources_company_id_companies_id_fk": { + "name": "plugin_managed_resources_company_id_companies_id_fk", + "tableFrom": "plugin_managed_resources", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "plugin_managed_resources_plugin_id_plugins_id_fk": { + "name": "plugin_managed_resources_plugin_id_plugins_id_fk", + "tableFrom": "plugin_managed_resources", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_migrations": { + "name": "plugin_migrations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "namespace_name": { + "name": "namespace_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "migration_key": { + "name": "migration_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "checksum": { + "name": "checksum", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "plugin_version": { + "name": "plugin_version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "applied_at": { + "name": "applied_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "error_message": { + "name": "error_message", + "type": "text", + "primaryKey": false, + "notNull": false + } + }, + "indexes": { + "plugin_migrations_plugin_key_idx": { + "name": "plugin_migrations_plugin_key_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "migration_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_plugin_idx": { + "name": "plugin_migrations_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_migrations_status_idx": { + "name": "plugin_migrations_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_migrations_plugin_id_plugins_id_fk": { + "name": "plugin_migrations_plugin_id_plugins_id_fk", + "tableFrom": "plugin_migrations", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_state": { + "name": "plugin_state", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "scope_kind": { + "name": "scope_kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "namespace": { + "name": "namespace", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "state_key": { + "name": "state_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "value_json": { + "name": "value_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_state_plugin_scope_idx": { + "name": "plugin_state_plugin_scope_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "scope_kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_state_plugin_id_plugins_id_fk": { + "name": "plugin_state_plugin_id_plugins_id_fk", + "tableFrom": "plugin_state", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "plugin_state_unique_entry_idx": { + "name": "plugin_state_unique_entry_idx", + "nullsNotDistinct": true, + "columns": [ + "plugin_id", + "scope_kind", + "scope_id", + "namespace", + "state_key" + ] + } + }, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugin_webhook_deliveries": { + "name": "plugin_webhook_deliveries", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_id": { + "name": "plugin_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "webhook_key": { + "name": "webhook_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "external_id": { + "name": "external_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'pending'" + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "error": { + "name": "error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "payload": { + "name": "payload", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "headers": { + "name": "headers", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugin_webhook_deliveries_plugin_idx": { + "name": "plugin_webhook_deliveries_plugin_idx", + "columns": [ + { + "expression": "plugin_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_status_idx": { + "name": "plugin_webhook_deliveries_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugin_webhook_deliveries_key_idx": { + "name": "plugin_webhook_deliveries_key_idx", + "columns": [ + { + "expression": "webhook_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "plugin_webhook_deliveries_plugin_id_plugins_id_fk": { + "name": "plugin_webhook_deliveries_plugin_id_plugins_id_fk", + "tableFrom": "plugin_webhook_deliveries", + "tableTo": "plugins", + "columnsFrom": [ + "plugin_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.plugins": { + "name": "plugins", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "plugin_key": { + "name": "plugin_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "package_name": { + "name": "package_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "version": { + "name": "version", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "api_version": { + "name": "api_version", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "categories": { + "name": "categories", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "manifest_json": { + "name": "manifest_json", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'installed'" + }, + "install_order": { + "name": "install_order", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "package_path": { + "name": "package_path", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "installed_at": { + "name": "installed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "plugins_plugin_key_idx": { + "name": "plugins_plugin_key_idx", + "columns": [ + { + "expression": "plugin_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "plugins_status_idx": { + "name": "plugins_status_idx", + "columns": [ + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.principal_permission_grants": { + "name": "principal_permission_grants", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "principal_type": { + "name": "principal_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "principal_id": { + "name": "principal_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "permission_key": { + "name": "permission_key", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope": { + "name": "scope", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "granted_by_user_id": { + "name": "granted_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "principal_permission_grants_unique_idx": { + "name": "principal_permission_grants_unique_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_type", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "principal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "principal_permission_grants_company_permission_idx": { + "name": "principal_permission_grants_company_permission_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "permission_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "principal_permission_grants_company_id_companies_id_fk": { + "name": "principal_permission_grants_company_id_companies_id_fk", + "tableFrom": "principal_permission_grants", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_goals": { + "name": "project_goals", + "schema": "", + "columns": { + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_goals_project_idx": { + "name": "project_goals_project_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_goal_idx": { + "name": "project_goals_goal_idx", + "columns": [ + { + "expression": "goal_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_goals_company_idx": { + "name": "project_goals_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_goals_project_id_projects_id_fk": { + "name": "project_goals_project_id_projects_id_fk", + "tableFrom": "project_goals", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_goal_id_goals_id_fk": { + "name": "project_goals_goal_id_goals_id_fk", + "tableFrom": "project_goals", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "project_goals_company_id_companies_id_fk": { + "name": "project_goals_company_id_companies_id_fk", + "tableFrom": "project_goals", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "project_goals_project_id_goal_id_pk": { + "name": "project_goals_project_id_goal_id_pk", + "columns": [ + "project_id", + "goal_id" + ] + } + }, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.project_workspaces": { + "name": "project_workspaces", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "source_type": { + "name": "source_type", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'local_path'" + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_url": { + "name": "repo_url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "repo_ref": { + "name": "repo_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "default_ref": { + "name": "default_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "visibility": { + "name": "visibility", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'default'" + }, + "setup_command": { + "name": "setup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cleanup_command": { + "name": "cleanup_command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_provider": { + "name": "remote_provider", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "remote_workspace_ref": { + "name": "remote_workspace_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "shared_workspace_key": { + "name": "shared_workspace_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "is_primary": { + "name": "is_primary", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "project_workspaces_company_project_idx": { + "name": "project_workspaces_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_primary_idx": { + "name": "project_workspaces_project_primary_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "is_primary", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_source_type_idx": { + "name": "project_workspaces_project_source_type_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "source_type", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_company_shared_key_idx": { + "name": "project_workspaces_company_shared_key_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "shared_workspace_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "project_workspaces_project_remote_ref_idx": { + "name": "project_workspaces_project_remote_ref_idx", + "columns": [ + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_provider", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "remote_workspace_ref", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "project_workspaces_company_id_companies_id_fk": { + "name": "project_workspaces_company_id_companies_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "project_workspaces_project_id_projects_id_fk": { + "name": "project_workspaces_project_id_projects_id_fk", + "tableFrom": "project_workspaces", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.projects": { + "name": "projects", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'backlog'" + }, + "lead_agent_id": { + "name": "lead_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "target_date": { + "name": "target_date", + "type": "date", + "primaryKey": false, + "notNull": false + }, + "color": { + "name": "color", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "env": { + "name": "env", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "pause_reason": { + "name": "pause_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "paused_at": { + "name": "paused_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_policy": { + "name": "execution_workspace_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "archived_at": { + "name": "archived_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "projects_company_idx": { + "name": "projects_company_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "projects_company_id_companies_id_fk": { + "name": "projects_company_id_companies_id_fk", + "tableFrom": "projects", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_goal_id_goals_id_fk": { + "name": "projects_goal_id_goals_id_fk", + "tableFrom": "projects", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "projects_lead_agent_id_agents_id_fk": { + "name": "projects_lead_agent_id_agents_id_fk", + "tableFrom": "projects", + "tableTo": "agents", + "columnsFrom": [ + "lead_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_revisions": { + "name": "routine_revisions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "revision_number": { + "name": "revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "snapshot": { + "name": "snapshot", + "type": "jsonb", + "primaryKey": false, + "notNull": true + }, + "change_summary": { + "name": "change_summary", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "restored_from_revision_id": { + "name": "restored_from_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_run_id": { + "name": "created_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_revisions_routine_revision_uq": { + "name": "routine_revisions_routine_revision_uq", + "columns": [ + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "revision_number", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_revisions_company_routine_created_idx": { + "name": "routine_revisions_company_routine_created_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_revisions_company_id_companies_id_fk": { + "name": "routine_revisions_company_id_companies_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_revisions_routine_id_routines_id_fk": { + "name": "routine_revisions_routine_id_routines_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_revisions_restored_from_revision_id_routine_revisions_id_fk": { + "name": "routine_revisions_restored_from_revision_id_routine_revisions_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "routine_revisions", + "columnsFrom": [ + "restored_from_revision_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_revisions_created_by_agent_id_agents_id_fk": { + "name": "routine_revisions_created_by_agent_id_agents_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_revisions_created_by_run_id_heartbeat_runs_id_fk": { + "name": "routine_revisions_created_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "routine_revisions", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "created_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_runs": { + "name": "routine_runs", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "trigger_id": { + "name": "trigger_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'received'" + }, + "triggered_at": { + "name": "triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "idempotency_key": { + "name": "idempotency_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "trigger_payload": { + "name": "trigger_payload", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "dispatch_fingerprint": { + "name": "dispatch_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "linked_issue_id": { + "name": "linked_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "coalesced_into_run_id": { + "name": "coalesced_into_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "failure_reason": { + "name": "failure_reason", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "completed_at": { + "name": "completed_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_runs_company_routine_idx": { + "name": "routine_runs_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idx": { + "name": "routine_runs_trigger_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "created_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_dispatch_fingerprint_idx": { + "name": "routine_runs_dispatch_fingerprint_idx", + "columns": [ + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "dispatch_fingerprint", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_linked_issue_idx": { + "name": "routine_runs_linked_issue_idx", + "columns": [ + { + "expression": "linked_issue_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_runs_trigger_idempotency_idx": { + "name": "routine_runs_trigger_idempotency_idx", + "columns": [ + { + "expression": "trigger_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "idempotency_key", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_runs_company_id_companies_id_fk": { + "name": "routine_runs_company_id_companies_id_fk", + "tableFrom": "routine_runs", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_routine_id_routines_id_fk": { + "name": "routine_runs_routine_id_routines_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_runs_trigger_id_routine_triggers_id_fk": { + "name": "routine_runs_trigger_id_routine_triggers_id_fk", + "tableFrom": "routine_runs", + "tableTo": "routine_triggers", + "columnsFrom": [ + "trigger_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_runs_linked_issue_id_issues_id_fk": { + "name": "routine_runs_linked_issue_id_issues_id_fk", + "tableFrom": "routine_runs", + "tableTo": "issues", + "columnsFrom": [ + "linked_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routine_triggers": { + "name": "routine_triggers", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "routine_id": { + "name": "routine_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "kind": { + "name": "kind", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "enabled": { + "name": "enabled", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "cron_expression": { + "name": "cron_expression", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "timezone": { + "name": "timezone", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "next_run_at": { + "name": "next_run_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_fired_at": { + "name": "last_fired_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "public_id": { + "name": "public_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "secret_id": { + "name": "secret_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "signing_mode": { + "name": "signing_mode", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "replay_window_sec": { + "name": "replay_window_sec", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "last_rotated_at": { + "name": "last_rotated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_result": { + "name": "last_result", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routine_triggers_company_routine_idx": { + "name": "routine_triggers_company_routine_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "routine_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_company_kind_idx": { + "name": "routine_triggers_company_kind_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "kind", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_next_run_idx": { + "name": "routine_triggers_next_run_idx", + "columns": [ + { + "expression": "next_run_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_idx": { + "name": "routine_triggers_public_id_idx", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routine_triggers_public_id_uq": { + "name": "routine_triggers_public_id_uq", + "columns": [ + { + "expression": "public_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routine_triggers_company_id_companies_id_fk": { + "name": "routine_triggers_company_id_companies_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_routine_id_routines_id_fk": { + "name": "routine_triggers_routine_id_routines_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "routines", + "columnsFrom": [ + "routine_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routine_triggers_secret_id_company_secrets_id_fk": { + "name": "routine_triggers_secret_id_company_secrets_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "company_secrets", + "columnsFrom": [ + "secret_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_created_by_agent_id_agents_id_fk": { + "name": "routine_triggers_created_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routine_triggers_updated_by_agent_id_agents_id_fk": { + "name": "routine_triggers_updated_by_agent_id_agents_id_fk", + "tableFrom": "routine_triggers", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.routines": { + "name": "routines", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "goal_id": { + "name": "goal_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "parent_issue_id": { + "name": "parent_issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "title": { + "name": "title", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "assignee_agent_id": { + "name": "assignee_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "priority": { + "name": "priority", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'medium'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'active'" + }, + "concurrency_policy": { + "name": "concurrency_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'coalesce_if_active'" + }, + "catch_up_policy": { + "name": "catch_up_policy", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'skip_missed'" + }, + "variables": { + "name": "variables", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "latest_revision_id": { + "name": "latest_revision_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "latest_revision_number": { + "name": "latest_revision_number", + "type": "integer", + "primaryKey": false, + "notNull": true, + "default": 1 + }, + "created_by_agent_id": { + "name": "created_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_by_user_id": { + "name": "created_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "updated_by_agent_id": { + "name": "updated_by_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "updated_by_user_id": { + "name": "updated_by_user_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "last_triggered_at": { + "name": "last_triggered_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "last_enqueued_at": { + "name": "last_enqueued_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "routines_company_status_idx": { + "name": "routines_company_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_assignee_idx": { + "name": "routines_company_assignee_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "assignee_agent_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "routines_company_project_idx": { + "name": "routines_company_project_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "routines_company_id_companies_id_fk": { + "name": "routines_company_id_companies_id_fk", + "tableFrom": "routines", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_project_id_projects_id_fk": { + "name": "routines_project_id_projects_id_fk", + "tableFrom": "routines", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "routines_goal_id_goals_id_fk": { + "name": "routines_goal_id_goals_id_fk", + "tableFrom": "routines", + "tableTo": "goals", + "columnsFrom": [ + "goal_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_parent_issue_id_issues_id_fk": { + "name": "routines_parent_issue_id_issues_id_fk", + "tableFrom": "routines", + "tableTo": "issues", + "columnsFrom": [ + "parent_issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_assignee_agent_id_agents_id_fk": { + "name": "routines_assignee_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "assignee_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "routines_created_by_agent_id_agents_id_fk": { + "name": "routines_created_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "created_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "routines_updated_by_agent_id_agents_id_fk": { + "name": "routines_updated_by_agent_id_agents_id_fk", + "tableFrom": "routines", + "tableTo": "agents", + "columnsFrom": [ + "updated_by_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.user_sidebar_preferences": { + "name": "user_sidebar_preferences", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "company_order": { + "name": "company_order", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'[]'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "user_sidebar_preferences_user_uq": { + "name": "user_sidebar_preferences_user_uq", + "columns": [ + { + "expression": "user_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": true, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_operations": { + "name": "workspace_operations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "heartbeat_run_id": { + "name": "heartbeat_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "phase": { + "name": "phase", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'running'" + }, + "exit_code": { + "name": "exit_code", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "log_store": { + "name": "log_store", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_ref": { + "name": "log_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_bytes": { + "name": "log_bytes", + "type": "bigint", + "primaryKey": false, + "notNull": false + }, + "log_sha256": { + "name": "log_sha256", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "log_compressed": { + "name": "log_compressed", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "stdout_excerpt": { + "name": "stdout_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "stderr_excerpt": { + "name": "stderr_excerpt", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "metadata": { + "name": "metadata", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "finished_at": { + "name": "finished_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_operations_company_run_started_idx": { + "name": "workspace_operations_company_run_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "heartbeat_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_operations_company_workspace_started_idx": { + "name": "workspace_operations_company_workspace_started_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "started_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_operations_company_id_companies_id_fk": { + "name": "workspace_operations_company_id_companies_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_operations_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_operations_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk": { + "name": "workspace_operations_heartbeat_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_operations", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "heartbeat_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + }, + "public.workspace_runtime_services": { + "name": "workspace_runtime_services", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true + }, + "company_id": { + "name": "company_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "project_id": { + "name": "project_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "project_workspace_id": { + "name": "project_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "execution_workspace_id": { + "name": "execution_workspace_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "issue_id": { + "name": "issue_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "scope_type": { + "name": "scope_type", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "scope_id": { + "name": "scope_id", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "service_name": { + "name": "service_name", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "lifecycle": { + "name": "lifecycle", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "reuse_key": { + "name": "reuse_key", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "command": { + "name": "command", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "cwd": { + "name": "cwd", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "port": { + "name": "port", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "url": { + "name": "url", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "provider": { + "name": "provider", + "type": "text", + "primaryKey": false, + "notNull": true + }, + "provider_ref": { + "name": "provider_ref", + "type": "text", + "primaryKey": false, + "notNull": false + }, + "owner_agent_id": { + "name": "owner_agent_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "started_by_run_id": { + "name": "started_by_run_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "started_at": { + "name": "started_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "stopped_at": { + "name": "stopped_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": false + }, + "stop_policy": { + "name": "stop_policy", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "health_status": { + "name": "health_status", + "type": "text", + "primaryKey": false, + "notNull": true, + "default": "'unknown'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp with time zone", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "workspace_runtime_services_company_workspace_status_idx": { + "name": "workspace_runtime_services_company_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_execution_workspace_status_idx": { + "name": "workspace_runtime_services_company_execution_workspace_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "execution_workspace_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_project_status_idx": { + "name": "workspace_runtime_services_company_project_status_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "project_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "status", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_run_idx": { + "name": "workspace_runtime_services_run_idx", + "columns": [ + { + "expression": "started_by_run_id", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + }, + "workspace_runtime_services_company_updated_idx": { + "name": "workspace_runtime_services_company_updated_idx", + "columns": [ + { + "expression": "company_id", + "isExpression": false, + "asc": true, + "nulls": "last" + }, + { + "expression": "updated_at", + "isExpression": false, + "asc": true, + "nulls": "last" + } + ], + "isUnique": false, + "concurrently": false, + "method": "btree", + "with": {} + } + }, + "foreignKeys": { + "workspace_runtime_services_company_id_companies_id_fk": { + "name": "workspace_runtime_services_company_id_companies_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "companies", + "columnsFrom": [ + "company_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_id_projects_id_fk": { + "name": "workspace_runtime_services_project_id_projects_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "projects", + "columnsFrom": [ + "project_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk": { + "name": "workspace_runtime_services_project_workspace_id_project_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "project_workspaces", + "columnsFrom": [ + "project_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk": { + "name": "workspace_runtime_services_execution_workspace_id_execution_workspaces_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "execution_workspaces", + "columnsFrom": [ + "execution_workspace_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_issue_id_issues_id_fk": { + "name": "workspace_runtime_services_issue_id_issues_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "issues", + "columnsFrom": [ + "issue_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_owner_agent_id_agents_id_fk": { + "name": "workspace_runtime_services_owner_agent_id_agents_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "agents", + "columnsFrom": [ + "owner_agent_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + }, + "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk": { + "name": "workspace_runtime_services_started_by_run_id_heartbeat_runs_id_fk", + "tableFrom": "workspace_runtime_services", + "tableTo": "heartbeat_runs", + "columnsFrom": [ + "started_by_run_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "set null", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "policies": {}, + "checkConstraints": {}, + "isRLSEnabled": false + } + }, + "enums": {}, + "schemas": {}, + "sequences": {}, + "roles": {}, + "policies": {}, + "views": {}, + "_meta": { + "columns": {}, + "schemas": {}, + "tables": {} + } +} diff --git a/packages/db/src/migrations/meta/_journal.json b/packages/db/src/migrations/meta/_journal.json index c19e2fec..74214acd 100644 --- a/packages/db/src/migrations/meta/_journal.json +++ b/packages/db/src/migrations/meta/_journal.json @@ -526,6 +526,69 @@ "when": 1777384535070, "tag": "0074_striped_genesis", "breakpoints": true + }, + { + "idx": 75, + "version": "7", + "when": 1777572332006, + "tag": "0075_cultured_sebastian_shaw", + "breakpoints": true + }, + { + "idx": 76, + "version": "7", + "when": 1777675301279, + "tag": "0076_useful_elektra", + "breakpoints": true + }, + { + "idx": 77, + "version": "7", + "when": 1777933347806, + "tag": "0077_unusual_karnak", + "breakpoints": true + }, + { + "idx": 78, + "version": "7", + "when": 1778004024976, + "tag": "0078_white_darwin", + "breakpoints": true + }, + { + "idx": 79, + "version": "7", + "when": 1777821410992, + "tag": "0079_company_search_document_indexes", + "breakpoints": true + }, + { + "idx": 80, + "version": "7", + "when": 1777849000000, + "tag": "0080_company_search_fuzzystrmatch", + "breakpoints": true + }, + { + "idx": 81, + "version": "7", + "when": 1778067785040, + "tag": "0081_optimal_dormammu", + "breakpoints": true + }, + { + "idx": 82, + "version": "7", + "when": 1778067785041, + "tag": "0082_dry_vision", + "breakpoints": true + }, + { + "idx": 83, + "version": "7", + "when": 1778074536410, + "tag": "0083_company_secret_provider_configs", + "breakpoints": true } ] -} \ No newline at end of file +} diff --git a/packages/db/src/runtime-config.test.ts b/packages/db/src/runtime-config.test.ts index 4627e691..a958b89c 100644 --- a/packages/db/src/runtime-config.test.ts +++ b/packages/db/src/runtime-config.test.ts @@ -105,4 +105,25 @@ describe("resolveDatabaseTarget", () => { source: "embedded-postgres@55444", }); }); + + it("uses the instance root for a fresh default embedded postgres target", () => { + const home = fs.mkdtempSync(path.join(os.tmpdir(), "paperclip-db-home-")); + const cwd = fs.mkdtempSync(path.join(os.tmpdir(), "paperclip-db-cwd-")); + process.chdir(cwd); + process.env.PAPERCLIP_HOME = home; + delete process.env.PAPERCLIP_CONFIG; + delete process.env.PAPERCLIP_INSTANCE_ID; + delete process.env.DATABASE_URL; + + const target = resolveDatabaseTarget(); + + expect(target).toMatchObject({ + mode: "embedded-postgres", + dataDir: path.join(home, "instances", "default", "db"), + port: 54329, + source: "embedded-postgres@54329", + configPath: path.join(home, "instances", "default", "config.json"), + envPath: path.join(home, "instances", "default", ".env"), + }); + }); }); diff --git a/packages/db/src/runtime-config.ts b/packages/db/src/runtime-config.ts index c6c64a38..3ad275c0 100644 --- a/packages/db/src/runtime-config.ts +++ b/packages/db/src/runtime-config.ts @@ -1,11 +1,13 @@ import { existsSync, readFileSync } from "node:fs"; -import os from "node:os"; import path from "node:path"; +import { + expandHomePrefix, + resolveDefaultEmbeddedPostgresDir, + resolvePaperclipConfigPathForInstance, + resolvePaperclipEnvPathForConfig, +} from "@paperclipai/shared/home-paths"; -const DEFAULT_INSTANCE_ID = "default"; const CONFIG_BASENAME = "config.json"; -const ENV_BASENAME = ".env"; -const INSTANCE_ID_RE = /^[a-zA-Z0-9_-]+$/; type PartialConfig = { database?: { @@ -35,39 +37,6 @@ export type ResolvedDatabaseTarget = envPath: string; }; -function expandHomePrefix(value: string): string { - if (value === "~") return os.homedir(); - if (value.startsWith("~/")) return path.resolve(os.homedir(), value.slice(2)); - return value; -} - -function resolvePaperclipHomeDir(): string { - const envHome = process.env.PAPERCLIP_HOME?.trim(); - if (envHome) return path.resolve(expandHomePrefix(envHome)); - return path.resolve(os.homedir(), ".paperclip"); -} - -function resolvePaperclipInstanceId(): string { - const raw = process.env.PAPERCLIP_INSTANCE_ID?.trim() || DEFAULT_INSTANCE_ID; - if (!INSTANCE_ID_RE.test(raw)) { - throw new Error(`Invalid PAPERCLIP_INSTANCE_ID '${raw}'.`); - } - return raw; -} - -function resolveDefaultConfigPath(): string { - return path.resolve( - resolvePaperclipHomeDir(), - "instances", - resolvePaperclipInstanceId(), - CONFIG_BASENAME, - ); -} - -function resolveDefaultEmbeddedPostgresDir(): string { - return path.resolve(resolvePaperclipHomeDir(), "instances", resolvePaperclipInstanceId(), "db"); -} - function resolveHomeAwarePath(value: string): string { return path.resolve(expandHomePrefix(value)); } @@ -89,11 +58,11 @@ function resolvePaperclipConfigPath(): string { if (process.env.PAPERCLIP_CONFIG?.trim()) { return path.resolve(process.env.PAPERCLIP_CONFIG.trim()); } - return findConfigFileFromAncestors(process.cwd()) ?? resolveDefaultConfigPath(); + return findConfigFileFromAncestors(process.cwd()) ?? resolvePaperclipConfigPathForInstance(); } function resolvePaperclipEnvPath(configPath: string): string { - return path.resolve(path.dirname(configPath), ENV_BASENAME); + return resolvePaperclipEnvPathForConfig(configPath); } function parseEnvFile(contents: string): Record { diff --git a/packages/db/src/schema/company_secret_bindings.ts b/packages/db/src/schema/company_secret_bindings.ts new file mode 100644 index 00000000..06f92691 --- /dev/null +++ b/packages/db/src/schema/company_secret_bindings.ts @@ -0,0 +1,31 @@ +import { boolean, index, pgTable, text, timestamp, uniqueIndex, uuid } from "drizzle-orm/pg-core"; +import { companies } from "./companies.js"; +import { companySecrets } from "./company_secrets.js"; + +export const companySecretBindings = pgTable( + "company_secret_bindings", + { + id: uuid("id").primaryKey().defaultRandom(), + companyId: uuid("company_id").notNull().references(() => companies.id), + secretId: uuid("secret_id").notNull().references(() => companySecrets.id, { onDelete: "cascade" }), + targetType: text("target_type").notNull(), + targetId: text("target_id").notNull(), + configPath: text("config_path").notNull(), + versionSelector: text("version_selector").notNull().default("latest"), + required: boolean("required").notNull().default(true), + label: text("label"), + createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), + updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(), + }, + (table) => ({ + companyIdx: index("company_secret_bindings_company_idx").on(table.companyId), + secretIdx: index("company_secret_bindings_secret_idx").on(table.secretId), + targetIdx: index("company_secret_bindings_target_idx").on(table.companyId, table.targetType, table.targetId), + targetPathUq: uniqueIndex("company_secret_bindings_target_path_uq").on( + table.companyId, + table.targetType, + table.targetId, + table.configPath, + ), + }), +); diff --git a/packages/db/src/schema/company_secret_provider_configs.ts b/packages/db/src/schema/company_secret_provider_configs.ts new file mode 100644 index 00000000..4f877b62 --- /dev/null +++ b/packages/db/src/schema/company_secret_provider_configs.ts @@ -0,0 +1,33 @@ +import { sql } from "drizzle-orm"; +import { pgTable, uuid, text, timestamp, jsonb, index, uniqueIndex, boolean } from "drizzle-orm/pg-core"; +import { companies } from "./companies.js"; +import { agents } from "./agents.js"; + +export const companySecretProviderConfigs = pgTable( + "company_secret_provider_configs", + { + id: uuid("id").primaryKey().defaultRandom(), + companyId: uuid("company_id").notNull().references(() => companies.id, { onDelete: "cascade" }), + provider: text("provider").notNull(), + displayName: text("display_name").notNull(), + status: text("status").notNull().default("ready"), + isDefault: boolean("is_default").notNull().default(false), + config: jsonb("config").$type>().notNull().default({}), + healthStatus: text("health_status"), + healthCheckedAt: timestamp("health_checked_at", { withTimezone: true }), + healthMessage: text("health_message"), + healthDetails: jsonb("health_details").$type>(), + disabledAt: timestamp("disabled_at", { withTimezone: true }), + createdByAgentId: uuid("created_by_agent_id").references(() => agents.id, { onDelete: "set null" }), + createdByUserId: text("created_by_user_id"), + createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), + updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(), + }, + (table) => ({ + companyIdx: index("company_secret_provider_configs_company_idx").on(table.companyId), + companyProviderIdx: index("company_secret_provider_configs_company_provider_idx").on(table.companyId, table.provider), + companyDefaultProviderUq: uniqueIndex("company_secret_provider_configs_default_uq") + .on(table.companyId, table.provider) + .where(sql`${table.isDefault} = true`), + }), +); diff --git a/packages/db/src/schema/company_secret_versions.ts b/packages/db/src/schema/company_secret_versions.ts index c17426e6..899e8fdf 100644 --- a/packages/db/src/schema/company_secret_versions.ts +++ b/packages/db/src/schema/company_secret_versions.ts @@ -10,6 +10,10 @@ export const companySecretVersions = pgTable( version: integer("version").notNull(), material: jsonb("material").$type>().notNull(), valueSha256: text("value_sha256").notNull(), + providerVersionRef: text("provider_version_ref"), + status: text("status").notNull().default("current"), + fingerprintSha256: text("fingerprint_sha256").notNull(), + rotationJobId: text("rotation_job_id"), createdByAgentId: uuid("created_by_agent_id").references(() => agents.id, { onDelete: "set null" }), createdByUserId: text("created_by_user_id"), createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), @@ -18,6 +22,7 @@ export const companySecretVersions = pgTable( (table) => ({ secretIdx: index("company_secret_versions_secret_idx").on(table.secretId, table.createdAt), valueHashIdx: index("company_secret_versions_value_sha256_idx").on(table.valueSha256), + fingerprintIdx: index("company_secret_versions_fingerprint_idx").on(table.fingerprintSha256), secretVersionUq: uniqueIndex("company_secret_versions_secret_version_uq").on(table.secretId, table.version), }), ); diff --git a/packages/db/src/schema/company_secrets.ts b/packages/db/src/schema/company_secrets.ts index ec8c595d..9499d20c 100644 --- a/packages/db/src/schema/company_secrets.ts +++ b/packages/db/src/schema/company_secrets.ts @@ -1,17 +1,26 @@ -import { pgTable, uuid, text, timestamp, integer, index, uniqueIndex } from "drizzle-orm/pg-core"; +import { pgTable, uuid, text, timestamp, integer, jsonb, index, uniqueIndex } from "drizzle-orm/pg-core"; import { companies } from "./companies.js"; import { agents } from "./agents.js"; +import { companySecretProviderConfigs } from "./company_secret_provider_configs.js"; export const companySecrets = pgTable( "company_secrets", { id: uuid("id").primaryKey().defaultRandom(), companyId: uuid("company_id").notNull().references(() => companies.id), + key: text("key").notNull(), name: text("name").notNull(), provider: text("provider").notNull().default("local_encrypted"), + status: text("status").notNull().default("active"), + managedMode: text("managed_mode").notNull().default("paperclip_managed"), externalRef: text("external_ref"), + providerConfigId: uuid("provider_config_id").references(() => companySecretProviderConfigs.id, { onDelete: "set null" }), + providerMetadata: jsonb("provider_metadata").$type>(), latestVersion: integer("latest_version").notNull().default(1), description: text("description"), + lastResolvedAt: timestamp("last_resolved_at", { withTimezone: true }), + lastRotatedAt: timestamp("last_rotated_at", { withTimezone: true }), + deletedAt: timestamp("deleted_at", { withTimezone: true }), createdByAgentId: uuid("created_by_agent_id").references(() => agents.id, { onDelete: "set null" }), createdByUserId: text("created_by_user_id"), createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), @@ -20,6 +29,8 @@ export const companySecrets = pgTable( (table) => ({ companyIdx: index("company_secrets_company_idx").on(table.companyId), companyProviderIdx: index("company_secrets_company_provider_idx").on(table.companyId, table.provider), + providerConfigIdx: index("company_secrets_provider_config_idx").on(table.providerConfigId), companyNameUq: uniqueIndex("company_secrets_company_name_uq").on(table.companyId, table.name), + companyKeyUq: uniqueIndex("company_secrets_company_key_uq").on(table.companyId, table.key), }), ); diff --git a/packages/db/src/schema/documents.ts b/packages/db/src/schema/documents.ts index 53d5f358..1dae7e1d 100644 --- a/packages/db/src/schema/documents.ts +++ b/packages/db/src/schema/documents.ts @@ -22,5 +22,7 @@ export const documents = pgTable( (table) => ({ companyUpdatedIdx: index("documents_company_updated_idx").on(table.companyId, table.updatedAt), companyCreatedIdx: index("documents_company_created_idx").on(table.companyId, table.createdAt), + titleSearchIdx: index("documents_title_search_idx").using("gin", table.title.op("gin_trgm_ops")), + bodySearchIdx: index("documents_latest_body_search_idx").using("gin", table.latestBody.op("gin_trgm_ops")), }), ); diff --git a/packages/db/src/schema/index.ts b/packages/db/src/schema/index.ts index 322a326d..9099f904 100644 --- a/packages/db/src/schema/index.ts +++ b/packages/db/src/schema/index.ts @@ -31,7 +31,7 @@ export { goals } from "./goals.js"; export { issues } from "./issues.js"; export { issueReferenceMentions } from "./issue_reference_mentions.js"; export { issueRelations } from "./issue_relations.js"; -export { routines, routineTriggers, routineRuns } from "./routines.js"; +export { routines, routineRevisions, routineTriggers, routineRuns } from "./routines.js"; export { issueWorkProducts } from "./issue_work_products.js"; export { labels } from "./labels.js"; export { issueLabels } from "./issue_labels.js"; @@ -59,12 +59,16 @@ export { financeEvents } from "./finance_events.js"; export { approvals } from "./approvals.js"; export { approvalComments } from "./approval_comments.js"; export { activityLog } from "./activity_log.js"; +export { companySecretProviderConfigs } from "./company_secret_provider_configs.js"; export { companySecrets } from "./company_secrets.js"; export { companySecretVersions } from "./company_secret_versions.js"; +export { companySecretBindings } from "./company_secret_bindings.js"; +export { secretAccessEvents } from "./secret_access_events.js"; export { companySkills } from "./company_skills.js"; export { plugins } from "./plugins.js"; export { pluginConfig } from "./plugin_config.js"; export { pluginCompanySettings } from "./plugin_company_settings.js"; +export { pluginManagedResources } from "./plugin_managed_resources.js"; export { pluginState } from "./plugin_state.js"; export { pluginEntities } from "./plugin_entities.js"; export { pluginDatabaseNamespaces, pluginMigrations } from "./plugin_database.js"; diff --git a/packages/db/src/schema/issue_comments.ts b/packages/db/src/schema/issue_comments.ts index a431589a..f1029890 100644 --- a/packages/db/src/schema/issue_comments.ts +++ b/packages/db/src/schema/issue_comments.ts @@ -1,4 +1,5 @@ -import { pgTable, uuid, text, timestamp, index } from "drizzle-orm/pg-core"; +import type { IssueCommentAuthorType, IssueCommentMetadata, IssueCommentPresentation } from "@paperclipai/shared"; +import { pgTable, uuid, text, timestamp, index, jsonb } from "drizzle-orm/pg-core"; import { companies } from "./companies.js"; import { issues } from "./issues.js"; import { agents } from "./agents.js"; @@ -12,8 +13,11 @@ export const issueComments = pgTable( issueId: uuid("issue_id").notNull().references(() => issues.id), authorAgentId: uuid("author_agent_id").references(() => agents.id), authorUserId: text("author_user_id"), + authorType: text("author_type").$type(), createdByRunId: uuid("created_by_run_id").references(() => heartbeatRuns.id, { onDelete: "set null" }), body: text("body").notNull(), + presentation: jsonb("presentation").$type(), + metadata: jsonb("metadata").$type(), createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(), }, diff --git a/packages/db/src/schema/issues.ts b/packages/db/src/schema/issues.ts index 1b757d6a..9f899f25 100644 --- a/packages/db/src/schema/issues.ts +++ b/packages/db/src/schema/issues.ts @@ -30,6 +30,7 @@ export const issues = pgTable( title: text("title").notNull(), description: text("description"), status: text("status").notNull().default("backlog"), + workMode: text("work_mode").notNull().default("standard"), priority: text("priority").notNull().default("medium"), assigneeAgentId: uuid("assignee_agent_id").references(() => agents.id), assigneeUserId: text("assignee_user_id"), @@ -50,6 +51,12 @@ export const issues = pgTable( assigneeAdapterOverrides: jsonb("assignee_adapter_overrides").$type>(), executionPolicy: jsonb("execution_policy").$type>(), executionState: jsonb("execution_state").$type>(), + monitorNextCheckAt: timestamp("monitor_next_check_at", { withTimezone: true }), + monitorWakeRequestedAt: timestamp("monitor_wake_requested_at", { withTimezone: true }), + monitorLastTriggeredAt: timestamp("monitor_last_triggered_at", { withTimezone: true }), + monitorAttemptCount: integer("monitor_attempt_count").notNull().default(0), + monitorNotes: text("monitor_notes"), + monitorScheduledBy: text("monitor_scheduled_by"), executionWorkspaceId: uuid("execution_workspace_id") .references((): AnyPgColumn => executionWorkspaces.id, { onDelete: "set null" }), executionWorkspacePreference: text("execution_workspace_preference"), @@ -78,6 +85,7 @@ export const issues = pgTable( originIdx: index("issues_company_origin_idx").on(table.companyId, table.originKind, table.originId), projectWorkspaceIdx: index("issues_company_project_workspace_idx").on(table.companyId, table.projectWorkspaceId), executionWorkspaceIdx: index("issues_company_execution_workspace_idx").on(table.companyId, table.executionWorkspaceId), + dueMonitorIdx: index("issues_company_monitor_due_idx").on(table.companyId, table.monitorNextCheckAt), identifierIdx: uniqueIndex("issues_identifier_idx").on(table.identifier), titleSearchIdx: index("issues_title_search_idx").using("gin", table.title.op("gin_trgm_ops")), identifierSearchIdx: index("issues_identifier_search_idx").using("gin", table.identifier.op("gin_trgm_ops")), diff --git a/packages/db/src/schema/plugin_managed_resources.ts b/packages/db/src/schema/plugin_managed_resources.ts new file mode 100644 index 00000000..ec254d14 --- /dev/null +++ b/packages/db/src/schema/plugin_managed_resources.ts @@ -0,0 +1,34 @@ +import { pgTable, uuid, text, timestamp, jsonb, index, uniqueIndex } from "drizzle-orm/pg-core"; +import { companies } from "./companies.js"; +import { plugins } from "./plugins.js"; + +export const pluginManagedResources = pgTable( + "plugin_managed_resources", + { + id: uuid("id").primaryKey().defaultRandom(), + companyId: uuid("company_id") + .notNull() + .references(() => companies.id, { onDelete: "cascade" }), + pluginId: uuid("plugin_id") + .notNull() + .references(() => plugins.id, { onDelete: "cascade" }), + pluginKey: text("plugin_key").notNull(), + resourceKind: text("resource_kind").notNull(), + resourceKey: text("resource_key").notNull(), + resourceId: uuid("resource_id").notNull(), + defaultsJson: jsonb("defaults_json").$type>().notNull().default({}), + createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), + updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(), + }, + (table) => ({ + companyIdx: index("plugin_managed_resources_company_idx").on(table.companyId), + pluginIdx: index("plugin_managed_resources_plugin_idx").on(table.pluginId), + resourceIdx: index("plugin_managed_resources_resource_idx").on(table.resourceKind, table.resourceId), + companyPluginResourceUq: uniqueIndex("plugin_managed_resources_company_plugin_resource_uq").on( + table.companyId, + table.pluginId, + table.resourceKind, + table.resourceKey, + ), + }), +); diff --git a/packages/db/src/schema/routines.ts b/packages/db/src/schema/routines.ts index 94d2a28a..dfc48143 100644 --- a/packages/db/src/schema/routines.ts +++ b/packages/db/src/schema/routines.ts @@ -1,4 +1,5 @@ import { + type AnyPgColumn, boolean, index, integer, @@ -15,7 +16,8 @@ import { companySecrets } from "./company_secrets.js"; import { issues } from "./issues.js"; import { projects } from "./projects.js"; import { goals } from "./goals.js"; -import type { RoutineVariable } from "@paperclipai/shared"; +import { heartbeatRuns } from "./heartbeat_runs.js"; +import type { RoutineRevisionSnapshotV1, RoutineVariable } from "@paperclipai/shared"; export const routines = pgTable( "routines", @@ -33,6 +35,8 @@ export const routines = pgTable( concurrencyPolicy: text("concurrency_policy").notNull().default("coalesce_if_active"), catchUpPolicy: text("catch_up_policy").notNull().default("skip_missed"), variables: jsonb("variables").$type().notNull().default([]), + latestRevisionId: uuid("latest_revision_id"), + latestRevisionNumber: integer("latest_revision_number").notNull().default(1), createdByAgentId: uuid("created_by_agent_id").references(() => agents.id, { onDelete: "set null" }), createdByUserId: text("created_by_user_id"), updatedByAgentId: uuid("updated_by_agent_id").references(() => agents.id, { onDelete: "set null" }), @@ -49,6 +53,39 @@ export const routines = pgTable( }), ); +export const routineRevisions = pgTable( + "routine_revisions", + { + id: uuid("id").primaryKey().defaultRandom(), + companyId: uuid("company_id").notNull().references(() => companies.id, { onDelete: "cascade" }), + routineId: uuid("routine_id").notNull().references(() => routines.id, { onDelete: "cascade" }), + revisionNumber: integer("revision_number").notNull(), + title: text("title").notNull(), + description: text("description"), + snapshot: jsonb("snapshot").$type().notNull(), + changeSummary: text("change_summary"), + restoredFromRevisionId: uuid("restored_from_revision_id").references( + (): AnyPgColumn => routineRevisions.id, + { onDelete: "set null" }, + ), + createdByAgentId: uuid("created_by_agent_id").references(() => agents.id, { onDelete: "set null" }), + createdByUserId: text("created_by_user_id"), + createdByRunId: uuid("created_by_run_id").references(() => heartbeatRuns.id, { onDelete: "set null" }), + createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), + }, + (table) => ({ + routineRevisionUq: uniqueIndex("routine_revisions_routine_revision_uq").on( + table.routineId, + table.revisionNumber, + ), + companyRoutineCreatedIdx: index("routine_revisions_company_routine_created_idx").on( + table.companyId, + table.routineId, + table.createdAt, + ), + }), +); + export const routineTriggers = pgTable( "routine_triggers", { diff --git a/packages/db/src/schema/secret_access_events.ts b/packages/db/src/schema/secret_access_events.ts new file mode 100644 index 00000000..b4967f13 --- /dev/null +++ b/packages/db/src/schema/secret_access_events.ts @@ -0,0 +1,34 @@ +import { index, integer, pgTable, text, timestamp, uuid } from "drizzle-orm/pg-core"; +import { companies } from "./companies.js"; +import { companySecrets } from "./company_secrets.js"; +import { heartbeatRuns } from "./heartbeat_runs.js"; +import { issues } from "./issues.js"; +import { plugins } from "./plugins.js"; + +export const secretAccessEvents = pgTable( + "secret_access_events", + { + id: uuid("id").primaryKey().defaultRandom(), + companyId: uuid("company_id").notNull().references(() => companies.id), + secretId: uuid("secret_id").notNull().references(() => companySecrets.id, { onDelete: "cascade" }), + version: integer("version"), + provider: text("provider").notNull(), + actorType: text("actor_type").notNull(), + actorId: text("actor_id"), + consumerType: text("consumer_type").notNull(), + consumerId: text("consumer_id").notNull(), + configPath: text("config_path"), + issueId: uuid("issue_id").references(() => issues.id, { onDelete: "set null" }), + heartbeatRunId: uuid("heartbeat_run_id").references(() => heartbeatRuns.id, { onDelete: "set null" }), + pluginId: uuid("plugin_id").references(() => plugins.id, { onDelete: "set null" }), + outcome: text("outcome").notNull(), + errorCode: text("error_code"), + createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(), + }, + (table) => ({ + companyCreatedIdx: index("secret_access_events_company_created_idx").on(table.companyId, table.createdAt), + secretCreatedIdx: index("secret_access_events_secret_created_idx").on(table.secretId, table.createdAt), + consumerIdx: index("secret_access_events_consumer_idx").on(table.companyId, table.consumerType, table.consumerId), + runIdx: index("secret_access_events_run_idx").on(table.heartbeatRunId), + }), +); diff --git a/packages/mcp-server/src/tools.test.ts b/packages/mcp-server/src/tools.test.ts index 4452a153..c833a412 100644 --- a/packages/mcp-server/src/tools.test.ts +++ b/packages/mcp-server/src/tools.test.ts @@ -87,6 +87,32 @@ describe("paperclip MCP tools", () => { }); }); + it("allows create issue requests to omit status so the API applies assignee defaults", async () => { + const fetchMock = vi.fn().mockResolvedValue( + mockJsonResponse({ id: "issue-1", status: "todo" }), + ); + vi.stubGlobal("fetch", fetchMock); + + const tool = getTool("paperclipCreateIssue"); + await tool.execute({ + title: "Assigned follow-up", + assigneeAgentId: "22222222-2222-2222-2222-222222222222", + }); + + const [url, init] = fetchMock.mock.calls[0] as [string, RequestInit]; + expect(String(url)).toBe( + "http://localhost:3100/api/companies/11111111-1111-1111-1111-111111111111/issues", + ); + expect(init.method).toBe("POST"); + expect(JSON.parse(String(init.body))).toEqual({ + title: "Assigned follow-up", + workMode: "standard", + priority: "medium", + assigneeAgentId: "22222222-2222-2222-2222-222222222222", + requestDepth: 0, + }); + }); + it("defaults issue document format to markdown", async () => { const fetchMock = vi.fn().mockResolvedValue( mockJsonResponse({ key: "plan", latestRevisionNumber: 2 }), diff --git a/packages/mcp-server/src/tools.ts b/packages/mcp-server/src/tools.ts index 54ca904f..17f8749b 100644 --- a/packages/mcp-server/src/tools.ts +++ b/packages/mcp-server/src/tools.ts @@ -4,7 +4,7 @@ import { askUserQuestionsPayloadSchema, checkoutIssueSchema, createApprovalSchema, - createIssueSchema, + createIssueInputSchema, issueThreadInteractionContinuationPolicySchema, requestConfirmationPayloadSchema, suggestTasksPayloadSchema, @@ -95,7 +95,7 @@ const upsertDocumentToolSchema = z.object({ const createIssueToolSchema = z.object({ companyId: companyIdOptional, -}).merge(createIssueSchema); +}).merge(createIssueInputSchema); const updateIssueToolSchema = z.object({ issueId: issueIdSchema, diff --git a/packages/plugins/create-paperclip-plugin/README.md b/packages/plugins/create-paperclip-plugin/README.md index 24294122..967fe56a 100644 --- a/packages/plugins/create-paperclip-plugin/README.md +++ b/packages/plugins/create-paperclip-plugin/README.md @@ -27,7 +27,7 @@ Generates: - `esbuild` and `rollup` config files using SDK bundler presets - dev server script for hot-reload (`paperclip-plugin-dev-server`) -The scaffold intentionally uses plain React elements rather than host-provided UI kit components, because the current plugin runtime does not ship a stable shared component library yet. +The scaffold starts with plain React elements so the generated plugin stays minimal. For Paperclip-native controls, import shared host components such as `MarkdownEditor`, `FileTree`, `AssigneePicker`, and `ProjectPicker` from `@paperclipai/plugin-sdk/ui`. Inside this repo, the generated package uses `@paperclipai/plugin-sdk` via `workspace:*`. diff --git a/packages/plugins/examples/plugin-file-browser-example/src/ui/index.tsx b/packages/plugins/examples/plugin-file-browser-example/src/ui/index.tsx index 0e12d903..e7088fbc 100644 --- a/packages/plugins/examples/plugin-file-browser-example/src/ui/index.tsx +++ b/packages/plugins/examples/plugin-file-browser-example/src/ui/index.tsx @@ -1,11 +1,12 @@ import type { + FileTreeNode, PluginProjectSidebarItemProps, PluginDetailTabProps, PluginCommentAnnotationProps, PluginCommentContextMenuItemProps, } from "@paperclipai/plugin-sdk/ui"; -import { usePluginAction, usePluginData } from "@paperclipai/plugin-sdk/ui"; -import { useMemo, useState, useEffect, useRef, type MouseEvent, type RefObject } from "react"; +import { FileTree, usePluginAction, usePluginData } from "@paperclipai/plugin-sdk/ui"; +import { useCallback, useMemo, useState, useEffect, useRef, type MouseEvent, type RefObject } from "react"; import { EditorView } from "@codemirror/view"; import { basicSetup } from "codemirror"; import { javascript } from "@codemirror/lang-javascript"; @@ -129,15 +130,31 @@ const editorLightHighlightStyle = HighlightStyle.define([ type Workspace = { id: string; projectId: string; name: string; path: string; isPrimary: boolean }; type FileEntry = { name: string; path: string; isDirectory: boolean }; -type FileTreeNodeProps = { - entry: FileEntry; - companyId: string | null; - projectId: string; - workspaceId: string; - selectedPath: string | null; - onSelect: (path: string) => void; - depth?: number; -}; + +function entryToFileTreeNode(entry: FileEntry): FileTreeNode { + return { + name: entry.name, + path: entry.path, + kind: entry.isDirectory ? "dir" : "file", + children: [], + }; +} + +function entriesToFileTreeNodes(entries: FileEntry[]): FileTreeNode[] { + return entries.map(entryToFileTreeNode); +} + +function setChildrenAtPath(nodes: FileTreeNode[], path: string, children: FileTreeNode[]): FileTreeNode[] { + return nodes.map((node) => { + if (node.path === path) { + return { ...node, children }; + } + if (node.kind === "dir" && node.children.length > 0 && (path === node.path || path.startsWith(`${node.path}/`))) { + return { ...node, children: setChildrenAtPath(node.children, path, children) }; + } + return node; + }); +} const PathLikePattern = /[\\/]/; const WindowsDrivePathPattern = /^[A-Za-z]:[\\/]/; @@ -235,109 +252,6 @@ function useAvailableHeight( return height; } -function FileTreeNode({ - entry, - companyId, - projectId, - workspaceId, - selectedPath, - onSelect, - depth = 0, -}: FileTreeNodeProps) { - const [isExpanded, setIsExpanded] = useState(false); - const isSelected = selectedPath === entry.path; - - if (entry.isDirectory) { - return ( -
  • - - {isExpanded ? ( - - ) : null} -
    • - ); - } - - return ( -
  • - -
    • - ); -} - -function ExpandedDirectoryChildren({ - directoryPath, - companyId, - projectId, - workspaceId, - selectedPath, - onSelect, - depth, -}: { - directoryPath: string; - companyId: string | null; - projectId: string; - workspaceId: string; - selectedPath: string | null; - onSelect: (path: string) => void; - depth: number; -}) { - const { data: childData } = usePluginData<{ entries: FileEntry[] }>("fileList", { - companyId, - projectId, - workspaceId, - directoryPath, - }); - const children = childData?.entries ?? []; - - if (children.length === 0) { - return null; - } - - return ( -
      - {children.map((child) => ( - - ))} -
    - ); -} - /** * Project sidebar item: link "Files" that opens the project detail with the Files plugin tab. */ @@ -430,11 +344,60 @@ export function FilesTab({ context }: PluginDetailTabProps) { () => (selectedWorkspace ? { projectId, companyId, workspaceId: selectedWorkspace.id } : {}), [companyId, projectId, selectedWorkspace], ); - const { data: fileListData, loading: fileListLoading } = usePluginData<{ entries: FileEntry[] }>( + const { data: fileListData, loading: fileListLoading, error: fileListError } = usePluginData<{ entries: FileEntry[] }>( "fileList", fileListParams, ); - const entries = fileListData?.entries ?? []; + + // Lazy-load directory children through an imperative action so the shared + // FileTree can reuse `expandedPaths` for state without spawning a hook per + // expanded directory. + const loadFileList = usePluginAction("loadFileList"); + const [nodes, setNodes] = useState([]); + const [expandedPaths, setExpandedPaths] = useState>(() => new Set()); + const [loadedDirs, setLoadedDirs] = useState>(() => new Set()); + const [loadingDirs, setLoadingDirs] = useState>(() => new Set()); + + useEffect(() => { + setNodes(fileListData?.entries ? entriesToFileTreeNodes(fileListData.entries) : []); + setExpandedPaths(new Set()); + setLoadedDirs(new Set()); + setLoadingDirs(new Set()); + }, [fileListData, selectedWorkspace?.id]); + + const handleToggleDir = useCallback( + (dirPath: string) => { + setExpandedPaths((current) => { + const next = new Set(current); + if (next.has(dirPath)) next.delete(dirPath); + else next.add(dirPath); + return next; + }); + if (!selectedWorkspace) return; + if (loadedDirs.has(dirPath) || loadingDirs.has(dirPath)) return; + setLoadingDirs((current) => new Set(current).add(dirPath)); + void loadFileList({ + projectId, + companyId, + workspaceId: selectedWorkspace.id, + directoryPath: dirPath, + }) + .then((response) => { + const entries = (response as { entries?: FileEntry[] })?.entries ?? []; + const children = entriesToFileTreeNodes(entries); + setNodes((current) => setChildrenAtPath(current, dirPath, children)); + setLoadedDirs((current) => new Set(current).add(dirPath)); + }) + .finally(() => { + setLoadingDirs((current) => { + const next = new Set(current); + next.delete(dirPath); + return next; + }); + }); + }, + [companyId, loadFileList, loadedDirs, loadingDirs, projectId, selectedWorkspace], + ); // Track the `?file=` query parameter across navigations (popstate). const [urlFilePath, setUrlFilePath] = useState(() => { @@ -610,28 +573,23 @@ export function FilesTab({ context }: PluginDetailTabProps) {
    {selectedWorkspace ? ( - fileListLoading ? ( -

    Loading files...

    - ) : entries.length > 0 ? ( -
      - {entries.map((entry) => ( - { - setSelectedPath(path); - setMobileView("editor"); - }} - /> - ))} -
    - ) : ( -

    No files found in this workspace.

    - ) + { + setSelectedPath(path); + setMobileView("editor"); + }} + loading={fileListLoading} + error={fileListError ? { message: fileListError.message } : null} + empty={{ + title: "No files", + description: "No files found in this workspace.", + }} + ariaLabel="Workspace files" + /> ) : (

    Select a workspace to browse files.

    )} diff --git a/packages/plugins/examples/plugin-file-browser-example/src/worker.ts b/packages/plugins/examples/plugin-file-browser-example/src/worker.ts index a1689834..cf038cf0 100644 --- a/packages/plugins/examples/plugin-file-browser-example/src/worker.ts +++ b/packages/plugins/examples/plugin-file-browser-example/src/worker.ts @@ -106,43 +106,46 @@ const plugin = definePlugin({ })); }); - ctx.data.register( - "fileList", - async (params: Record) => { - const projectId = params.projectId as string; - const companyId = typeof params.companyId === "string" ? params.companyId : ""; - const workspaceId = params.workspaceId as string; - const directoryPath = typeof params.directoryPath === "string" ? params.directoryPath : ""; - if (!projectId || !companyId || !workspaceId) return { entries: [] }; - const workspaces = await ctx.projects.listWorkspaces(projectId, companyId); - const workspace = workspaces.find((w) => w.id === workspaceId); - if (!workspace) return { entries: [] }; - const workspacePath = sanitizeWorkspacePath(workspace.path); - if (!workspacePath) return { entries: [] }; - const dirPath = resolveWorkspace(workspacePath, directoryPath); - if (!dirPath) { - return { entries: [] }; - } - if (!fs.existsSync(dirPath) || !fs.statSync(dirPath).isDirectory()) { - return { entries: [] }; - } - const names = fs.readdirSync(dirPath).sort((a, b) => a.localeCompare(b)); - const entries = names.map((name) => { - const full = path.join(dirPath, name); - const stat = fs.lstatSync(full); - const relativePath = path.relative(workspacePath, full); - return { - name, - path: relativePath, - isDirectory: stat.isDirectory(), - }; - }).sort((a, b) => { - if (a.isDirectory !== b.isDirectory) return a.isDirectory ? -1 : 1; - return a.name.localeCompare(b.name); - }); - return { entries }; - }, - ); + async function readFileList(params: Record) { + const projectId = params.projectId as string; + const companyId = typeof params.companyId === "string" ? params.companyId : ""; + const workspaceId = params.workspaceId as string; + const directoryPath = typeof params.directoryPath === "string" ? params.directoryPath : ""; + if (!projectId || !companyId || !workspaceId) return { entries: [] }; + const workspaces = await ctx.projects.listWorkspaces(projectId, companyId); + const workspace = workspaces.find((w) => w.id === workspaceId); + if (!workspace) return { entries: [] }; + const workspacePath = sanitizeWorkspacePath(workspace.path); + if (!workspacePath) return { entries: [] }; + const dirPath = resolveWorkspace(workspacePath, directoryPath); + if (!dirPath) { + return { entries: [] }; + } + if (!fs.existsSync(dirPath) || !fs.statSync(dirPath).isDirectory()) { + return { entries: [] }; + } + const names = fs.readdirSync(dirPath).sort((a, b) => a.localeCompare(b)); + const entries = names.map((name) => { + const full = path.join(dirPath, name); + const stat = fs.lstatSync(full); + const relativePath = path.relative(workspacePath, full); + return { + name, + path: relativePath, + isDirectory: stat.isDirectory(), + }; + }).sort((a, b) => { + if (a.isDirectory !== b.isDirectory) return a.isDirectory ? -1 : 1; + return a.name.localeCompare(b.name); + }); + return { entries }; + } + + ctx.data.register("fileList", readFileList); + + // Mirror `fileList` as an action so the UI can lazily fetch directory + // children on tree expand without spawning a usePluginData hook per dir. + ctx.actions.register("loadFileList", readFileList); ctx.data.register( "fileContent", diff --git a/packages/plugins/examples/plugin-kitchen-sink-example/src/ui/index.tsx b/packages/plugins/examples/plugin-kitchen-sink-example/src/ui/index.tsx index 826dd832..ea3cb491 100644 --- a/packages/plugins/examples/plugin-kitchen-sink-example/src/ui/index.tsx +++ b/packages/plugins/examples/plugin-kitchen-sink-example/src/ui/index.tsx @@ -1,6 +1,9 @@ import { useEffect, useMemo, useState, type CSSProperties, type FormEvent, type ReactNode } from "react"; import { + AssigneePicker, + ProjectPicker, useHostContext, + useHostNavigation, usePluginAction, usePluginData, usePluginStream, @@ -248,14 +251,6 @@ const mutedTextStyle: CSSProperties = { lineHeight: 1.45, }; -function hostPath(companyPrefix: string | null | undefined, suffix: string): string { - return companyPrefix ? `/${companyPrefix}${suffix}` : suffix; -} - -function pluginPagePath(companyPrefix: string | null | undefined): string { - return hostPath(companyPrefix, `/${PAGE_ROUTE}`); -} - function getErrorMessage(error: unknown): string { return error instanceof Error ? error.message : String(error); } @@ -521,6 +516,7 @@ function CompactSurfaceSummary({ label, entityType }: { label: string; entityTyp function KitchenSinkPageWidgets({ context }: { context: PluginPageProps["context"] }) { const overview = usePluginOverview(context.companyId); const toast = usePluginToast(); + const hostNavigation = useHostNavigation(); const emitDemoEvent = usePluginAction("emit-demo-event"); const startProgressStream = usePluginAction("start-progress-stream"); const writeMetric = usePluginAction("write-metric"); @@ -591,7 +587,7 @@ function KitchenSinkPageWidgets({ context }: { context: PluginPageProps["context tone: "info", action: { label: "Go", - href: hostPath(context.companyPrefix, "/dashboard"), + href: hostNavigation.resolveHref("/dashboard"), }, })} > @@ -1079,6 +1075,7 @@ function KitchenSinkCompanyCrudDemo({ context }: { context: PluginPageProps["con } function KitchenSinkTopRow({ context }: { context: PluginPageProps["context"] }) { + const hostNavigation = useHostNavigation(); return (
    The company sidebar entry opens this route directly, so the plugin feels like a first-class company page instead of a settings subpage.
    - - {pluginPagePath(context.companyPrefix)} + + {hostNavigation.resolveHref(`/${PAGE_ROUTE}`)}
    @@ -1193,6 +1190,7 @@ function KitchenSinkStorageDemo({ context }: { context: PluginPageProps["context } function KitchenSinkHostIntegrationDemo({ context }: { context: PluginPageProps["context"] }) { + const hostNavigation = useHostNavigation(); const [liveRuns, setLiveRuns] = useState([]); const [recentRuns, setRecentRuns] = useState([]); const [loading, setLoading] = useState(false); @@ -1228,7 +1226,7 @@ function KitchenSinkHostIntegrationDemo({ context }: { context: PluginPageProps[
    Company Route - +
    This page is mounted as a real company route instead of living only under `/plugins/:pluginId`. @@ -1260,7 +1258,7 @@ function KitchenSinkHostIntegrationDemo({ context }: { context: PluginPageProps[
    {run.id}
    {run.agentId ? ( - + Open run ) : null} @@ -1294,6 +1292,44 @@ function KitchenSinkHostIntegrationDemo({ context }: { context: PluginPageProps[ ); } +function KitchenSinkSharedPickerDemo({ context }: { context: PluginPageProps["context"] }) { + const [assigneeValue, setAssigneeValue] = useState(""); + const [projectId, setProjectId] = useState(context.projectId ?? ""); + + useEffect(() => { + setProjectId(context.projectId ?? ""); + }, [context.projectId]); + + return ( +
    +
    + These controls are imported from `@paperclipai/plugin-sdk/ui` and reuse the host's assignee and project pickers from the new issue pane. +
    + {!context.companyId ? ( +
    Select a company to load picker options.
    + ) : ( +
    +
    + setAssigneeValue(value)} + /> + +
    +
    + Selected assignee: {assigneeValue || "none"}, selected project: {projectId || "none"} +
    +
    + )} +
    + ); +} + function KitchenSinkEmbeddedApp({ context }: { context: PluginPageProps["context"] }) { return (
    @@ -1301,12 +1337,14 @@ function KitchenSinkEmbeddedApp({ context }: { context: PluginPageProps["context +
    ); } function KitchenSinkConsole({ context }: { context: { companyId: string | null; companyPrefix?: string | null; projectId?: string | null; entityId?: string | null; entityType?: string | null } }) { + const hostNavigation = useHostNavigation(); const companyId = context.companyId; const overview = usePluginOverview(companyId); const [companiesLimit, setCompaniesLimit] = useState(20); @@ -1531,10 +1569,10 @@ function KitchenSinkConsole({ context }: { context: { companyId: string | null;
    - Open page + Open page
    ); } export function KitchenSinkProjectSidebarItem({ context }: PluginProjectSidebarItemProps) { + const hostNavigation = useHostNavigation(); const config = usePluginConfigData(); if (config.data && config.data.showProjectSidebarItem === false) return null; return ( Kitchen Sink diff --git a/packages/plugins/sandbox-providers/cloudflare/README.md b/packages/plugins/sandbox-providers/cloudflare/README.md new file mode 100644 index 00000000..d7e01d1b --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/README.md @@ -0,0 +1,48 @@ +# `@paperclipai/plugin-cloudflare-sandbox` + +Published Cloudflare sandbox provider plugin for Paperclip. + +This package lives in the Paperclip monorepo, but it is intentionally excluded from the root `pnpm` workspace and shaped to publish and install like a standalone npm package. Operators can install it from the Plugins page by package name, and the host will fetch its dependencies at install time without adding lockfile churn to the Paperclip repo. + +## Install + +From a Paperclip instance, install: + +```text +@paperclipai/plugin-cloudflare-sandbox +``` + +Configure Cloudflare from `Company Settings -> Environments`, not from the plugin's instance settings page. + +## Configuration + +The environment uses core `driver: "sandbox"` with `provider: "cloudflare"`. + +Required fields: + +- `bridgeBaseUrl` +- `bridgeAuthToken` + +Important validation rules: + +- `reuseLease: true` requires `keepAlive: true` +- non-local `bridgeBaseUrl` values must be `https://` +- `sessionId` is required when `sessionStrategy` is `named` + +Pasted auth tokens are stored by Paperclip as company secrets because the manifest marks `bridgeAuthToken` as a `secret-ref` field. + +## Bridge template + +The package includes an operator-facing Cloudflare Worker scaffold under [bridge-template](./bridge-template). That template uses `@cloudflare/sandbox`, a `Sandbox` Durable Object binding, and a small JSON HTTP surface under `/api/paperclip-sandbox/v1`. + +## Local development + +```bash +cd packages/plugins/sandbox-providers/cloudflare +pnpm install --ignore-workspace --no-lockfile +pnpm build +pnpm test +pnpm typecheck +``` + +These commands assume the repo root has already been installed once so the local `@paperclipai/plugin-sdk` workspace package is available to the compiler during development. diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/Dockerfile b/packages/plugins/sandbox-providers/cloudflare/bridge-template/Dockerfile new file mode 100644 index 00000000..9c790366 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/Dockerfile @@ -0,0 +1,14 @@ +FROM docker.io/cloudflare/sandbox:0.7.0 + +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + bash \ + ca-certificates \ + coreutils \ + curl \ + findutils \ + git \ + tar \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /workspace diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/README.md b/packages/plugins/sandbox-providers/cloudflare/bridge-template/README.md new file mode 100644 index 00000000..20805254 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/README.md @@ -0,0 +1,50 @@ +# Cloudflare Sandbox Bridge Template + +This Worker is the operator-facing bridge used by `@paperclipai/plugin-cloudflare-sandbox`. + +It exposes a small authenticated JSON API under `/api/paperclip-sandbox/v1` and translates Paperclip lease and command requests into Cloudflare Sandbox SDK calls. + +## What it does + +- health and probe +- acquire, resume, release, and destroy leases +- execute commands in a sandbox session +- clean up timed-out sessions so Paperclip does not inherit wedged background processes + +## Prerequisites + +1. Cloudflare account with Sandbox / Containers access +2. `wrangler` configured for that account +3. Docker running locally for `wrangler deploy` +4. A bridge auth token set as a Worker secret: + +```bash +npx wrangler secret put BRIDGE_AUTH_TOKEN +``` + +## Local development + +```bash +cd bridge-template +pnpm install --ignore-workspace --no-lockfile +pnpm test +pnpm typecheck +pnpm dev +``` + +## Deploy + +```bash +pnpm deploy +``` + +After deploy, configure Paperclip with: + +- `bridgeBaseUrl`: your Worker URL +- `bridgeAuthToken`: the same bearer token value stored in `BRIDGE_AUTH_TOKEN` + +## Notes + +- `reuseLease: true` should only be used together with `keepAlive: true` +- `.workers.dev` is fine for bridge HTTP traffic, but preview/wildcard host flows are intentionally out of scope here +- keep the Docker image aligned with the installed `@cloudflare/sandbox` version diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/package.json b/packages/plugins/sandbox-providers/cloudflare/bridge-template/package.json new file mode 100644 index 00000000..7817cb71 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/package.json @@ -0,0 +1,21 @@ +{ + "name": "paperclip-cloudflare-sandbox-bridge-template", + "private": true, + "type": "module", + "scripts": { + "dev": "wrangler dev", + "deploy": "wrangler deploy", + "build": "tsc --noEmit", + "typecheck": "tsc --noEmit", + "test": "vitest run --config vitest.config.ts" + }, + "dependencies": { + "@cloudflare/sandbox": "^0.7.0" + }, + "devDependencies": { + "@cloudflare/workers-types": "^4.20260501.0", + "typescript": "^5.7.3", + "vitest": "^3.2.4", + "wrangler": "^4.15.0" + } +} diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/auth.test.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/auth.test.ts new file mode 100644 index 00000000..9da07b0e --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/auth.test.ts @@ -0,0 +1,30 @@ +import { describe, expect, it } from "vitest"; +import { isAuthorizedRequest, readBearerToken } from "./auth.js"; + +describe("bridge auth", () => { + it("extracts bearer tokens from Authorization headers", () => { + const request = new Request("https://bridge.example.test", { + headers: { Authorization: "Bearer secret-token" }, + }); + expect(readBearerToken(request)).toBe("secret-token"); + }); + + it("rejects mismatched tokens", async () => { + const request = new Request("https://bridge.example.test", { + headers: { Authorization: "Bearer wrong-token" }, + }); + await expect(isAuthorizedRequest(request, "expected-token")).resolves.toBe(false); + }); + + it("accepts matching tokens", async () => { + const request = new Request("https://bridge.example.test", { + headers: { Authorization: "Bearer expected-token" }, + }); + await expect(isAuthorizedRequest(request, "expected-token")).resolves.toBe(true); + }); + + it("rejects requests without an Authorization header", async () => { + const request = new Request("https://bridge.example.test"); + await expect(isAuthorizedRequest(request, "expected-token")).resolves.toBe(false); + }); +}); diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/auth.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/auth.ts new file mode 100644 index 00000000..b02df9eb --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/auth.ts @@ -0,0 +1,40 @@ +export function readBearerToken(request: Request): string | null { + const header = request.headers.get("Authorization"); + if (!header) return null; + const match = /^Bearer\s+(.+)$/i.exec(header); + return match?.[1]?.trim() || null; +} + +// Compare two strings in constant time so an attacker can't infer the expected +// token character-by-character via response-latency timing. We hash both sides +// to SHA-256 first so the byte-by-byte comparison length is fixed (and doesn't +// leak the token's length), then walk the buffers with a constant-time XOR +// reduction. This avoids `crypto.subtle.timingSafeEqual` because that helper +// is not portable: it exists on Cloudflare Workers but is missing from Node's +// `crypto.subtle` (which would break unit tests). The manual XOR reduction on +// a fixed-length hash output is the same algorithm the helper uses internally. +async function timingSafeStringEqual(a: string, b: string): Promise { + const encoder = new TextEncoder(); + const [aHashBuf, bHashBuf] = await Promise.all([ + crypto.subtle.digest("SHA-256", encoder.encode(a)), + crypto.subtle.digest("SHA-256", encoder.encode(b)), + ]); + const aBytes = new Uint8Array(aHashBuf); + const bBytes = new Uint8Array(bHashBuf); + if (aBytes.length !== bBytes.length) return false; + let diff = 0; + for (let i = 0; i < aBytes.length; i++) { + diff |= aBytes[i] ^ bBytes[i]; + } + return diff === 0; +} + +export async function isAuthorizedRequest( + request: Request, + expectedToken: string | undefined, +): Promise { + if (!expectedToken || expectedToken.trim().length === 0) return false; + const presented = readBearerToken(request); + if (!presented) return false; + return timingSafeStringEqual(presented, expectedToken); +} diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/exec.test.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/exec.test.ts new file mode 100644 index 00000000..48605648 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/exec.test.ts @@ -0,0 +1,151 @@ +import { describe, expect, it, vi } from "vitest"; + +vi.mock("@cloudflare/sandbox", () => ({ + getSandbox: vi.fn(), +})); + +import { buildLoginShellScript, executeInSandbox } from "./exec.js"; + +describe("bridge exec", () => { + it("invokes target.exec with a single shell command string and no args option", async () => { + const exec = vi.fn().mockResolvedValue({ + exitCode: 0, + stdout: "claude 1.0.0\n", + stderr: "", + }); + const sandbox = { + getSession: vi.fn().mockResolvedValue({ exec }), + writeFile: vi.fn(), + deleteFile: vi.fn(), + } as const; + + await executeInSandbox({ + sandbox: sandbox as never, + command: "claude", + args: ["--version"], + cwd: "/workspace/paperclip", + env: { PAPERCLIP_TEST_FLAG: "1" }, + sessionStrategy: "named", + sessionId: "paperclip", + timeoutMs: 12_345, + }); + + expect(exec).toHaveBeenCalledTimes(1); + const [commandArg, optionsArg] = exec.mock.calls[0] ?? []; + expect(typeof commandArg).toBe("string"); + expect(commandArg).toMatch(/^sh -lc /); + expect(optionsArg).toEqual({ cwd: "/", timeout: 12_345 }); + expect(optionsArg).not.toHaveProperty("args"); + expect(optionsArg).not.toHaveProperty("stdin"); + expect(commandArg).toContain('. /etc/profile'); + expect(commandArg).toContain("cd "); + expect(commandArg).toContain("/workspace/paperclip"); + expect(commandArg).toContain("PAPERCLIP_TEST_FLAG"); + expect(commandArg).toContain("claude"); + expect(commandArg).toContain("--version"); + }); + + it("requests streaming callbacks when bridge output forwarding is enabled", async () => { + const exec = vi.fn().mockImplementation(async (_command, options) => { + await options?.onOutput?.("stdout", "hello\n"); + return { + exitCode: 0, + stdout: "hello\n", + stderr: "", + }; + }); + const sandbox = { + getSession: vi.fn().mockResolvedValue({ exec }), + writeFile: vi.fn(), + deleteFile: vi.fn(), + } as const; + const onOutput = vi.fn(); + + await executeInSandbox({ + sandbox: sandbox as never, + command: "echo", + args: ["hello"], + sessionStrategy: "named", + sessionId: "paperclip", + timeoutMs: 5_000, + onOutput, + }); + + expect(exec).toHaveBeenCalledTimes(1); + expect(exec.mock.calls[0]?.[1]).toMatchObject({ + cwd: "/", + timeout: 5_000, + stream: true, + onOutput: expect.any(Function), + }); + expect(onOutput).toHaveBeenCalledWith("stdout", "hello\n"); + }); + + it("stages stdin through a sandbox temp file and redirects from it", async () => { + const exec = vi.fn().mockResolvedValue({ exitCode: 0, stdout: "", stderr: "" }); + const writeFile = vi.fn().mockResolvedValue(undefined); + const deleteFile = vi.fn().mockResolvedValue(undefined); + // sessionStrategy: "default" routes through the sandbox itself (no + // getSession wrapper), so exec must live directly on the sandbox. + const sandbox = { + exec, + getSession: vi.fn(), + writeFile, + deleteFile, + } as const; + + await executeInSandbox({ + sandbox: sandbox as never, + command: "cat", + args: [], + sessionStrategy: "default", + timeoutMs: 5_000, + stdin: "payload-bytes", + }); + + expect(writeFile).toHaveBeenCalledTimes(1); + const [stdinPath, stdinPayload] = writeFile.mock.calls[0] ?? []; + expect(typeof stdinPath).toBe("string"); + expect(stdinPath).toMatch(/^\/tmp\/\.paperclip-bridge-stdin-/); + expect(stdinPayload).toBe("payload-bytes"); + + const commandArg = exec.mock.calls[0]?.[0]; + expect(commandArg).toContain(stdinPath); + expect(commandArg).toMatch(/<\s*['"]/); + + expect(deleteFile).toHaveBeenCalledWith(stdinPath); + }); + + it("does not write a stdin file or redirect when stdin is empty", async () => { + const exec = vi.fn().mockResolvedValue({ exitCode: 0, stdout: "", stderr: "" }); + const writeFile = vi.fn(); + const deleteFile = vi.fn(); + const sandbox = { + getSession: vi.fn().mockResolvedValue({ exec }), + writeFile, + deleteFile, + } as const; + + await executeInSandbox({ + sandbox: sandbox as never, + command: "pwd", + sessionStrategy: "named", + sessionId: "paperclip", + timeoutMs: 5_000, + stdin: null, + }); + + expect(writeFile).not.toHaveBeenCalled(); + expect(deleteFile).not.toHaveBeenCalled(); + const commandArg = exec.mock.calls[0]?.[0]; + expect(commandArg).not.toContain("<"); + }); + + it("rejects invalid environment variable keys in the login-shell wrapper", () => { + expect(() => buildLoginShellScript({ + command: "pwd", + args: [], + env: { "bad-key": "1" }, + })).toThrow("Invalid sandbox environment variable key: bad-key"); + }); +}); diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/exec.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/exec.ts new file mode 100644 index 00000000..b67193c6 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/exec.ts @@ -0,0 +1,147 @@ +import type { Sandbox as CloudflareSandbox } from "@cloudflare/sandbox"; +import { shellQuote } from "./helpers.js"; +import { isTimeoutError } from "./sandboxes.js"; +import { cleanupTimedOutExecution, resolveExecutionTarget, type SessionStrategy } from "./sessions.js"; + +export interface BridgeExecuteParams { + sandbox: CloudflareSandbox; + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string | null; + timeoutMs?: number; + sessionStrategy: SessionStrategy; + sessionId?: string; + onOutput?: (stream: "stdout" | "stderr", data: string) => void | Promise; +} + +function isValidShellEnvKey(value: string): boolean { + return /^[A-Za-z_][A-Za-z0-9_]*$/.test(value); +} + +function randomToken(): string { + const uuid = globalThis.crypto?.randomUUID?.(); + if (typeof uuid === "string" && uuid.length > 0) return uuid.replace(/[^a-zA-Z0-9-]/g, ""); + return `${Date.now()}-${Math.random().toString(36).slice(2)}`; +} + +export function buildLoginShellScript(input: { + command: string; + args: string[]; + cwd?: string; + env?: Record; + stdinFile?: string | null; +}): string { + const env = input.env ?? {}; + for (const key of Object.keys(env)) { + if (!isValidShellEnvKey(key)) { + throw new Error(`Invalid sandbox environment variable key: ${key}`); + } + } + + const envArgs = Object.entries(env) + .filter((entry): entry is [string, string] => typeof entry[1] === "string") + .map(([key, value]) => `${key}=${shellQuote(value)}`); + const commandParts = [shellQuote(input.command), ...input.args.map(shellQuote)].join(" "); + const stdinRedirect = input.stdinFile ? ` < ${shellQuote(input.stdinFile)}` : ""; + const lines = [ + 'if [ -f /etc/profile ]; then . /etc/profile >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.profile" ]; then . "$HOME/.profile" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.bash_profile" ]; then . "$HOME/.bash_profile" >/dev/null 2>&1 || true; elif [ -f "$HOME/.bashrc" ]; then . "$HOME/.bashrc" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.zprofile" ]; then . "$HOME/.zprofile" >/dev/null 2>&1 || true; fi', + 'export NVM_DIR="${NVM_DIR:-$HOME/.nvm}"', + '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" >/dev/null 2>&1 || true', + ]; + if (input.cwd) { + lines.push(`cd ${shellQuote(input.cwd)}`); + } + const execLine = envArgs.length > 0 + ? `exec env ${envArgs.join(" ")} ${commandParts}${stdinRedirect}` + : `exec ${commandParts}${stdinRedirect}`; + lines.push(execLine); + return lines.join(" && "); +} + +function coerceExecuteResult(result: { + success?: boolean; + stdout?: string; + stderr?: string; + exitCode?: number | null; +}) { + return { + exitCode: + typeof result.exitCode === "number" || result.exitCode === null + ? result.exitCode + : result.success === false + ? 1 + : 0, + signal: null, + timedOut: false, + stdout: result.stdout ?? "", + stderr: result.stderr ?? "", + }; +} + +export async function executeInSandbox(params: BridgeExecuteParams) { + // The @cloudflare/sandbox SDK's exec() takes a single command string and a + // narrow option set ({ cwd, env, timeout, ... }) — it does not accept `args` + // or `stdin`. We compose the full shell command ourselves and stage stdin + // through a temp file in the sandbox when the caller provides one. + const stdinPayload = typeof params.stdin === "string" && params.stdin.length > 0 + ? params.stdin + : null; + const stdinFile = stdinPayload ? `/tmp/.paperclip-bridge-stdin-${randomToken()}` : null; + + if (stdinFile && stdinPayload) { + await params.sandbox.writeFile(stdinFile, stdinPayload, { encoding: "utf8" }); + } + + try { + const target = await resolveExecutionTarget(params.sandbox, { + sessionStrategy: params.sessionStrategy, + sessionId: params.sessionId, + cwd: params.cwd, + env: params.env, + timeoutMs: params.timeoutMs, + }); + const script = buildLoginShellScript({ + command: params.command, + args: params.args ?? [], + cwd: params.cwd, + env: params.env, + stdinFile, + }); + const fullCommand = `sh -lc ${shellQuote(script)}`; + const result = await target.exec(fullCommand, { + cwd: "/", + timeout: params.timeoutMs, + ...(typeof params.onOutput === "function" + ? { + stream: true, + onOutput: params.onOutput, + } + : {}), + }); + return coerceExecuteResult(result); + } catch (error) { + if (isTimeoutError(error)) { + await cleanupTimedOutExecution(params.sandbox, { + sessionStrategy: params.sessionStrategy, + sessionId: params.sessionId, + }); + return { + exitCode: null, + signal: null, + timedOut: true, + stdout: typeof (error as { stdout?: unknown }).stdout === "string" ? (error as { stdout: string }).stdout : "", + stderr: `${error instanceof Error ? error.message : String(error)}\n`, + }; + } + throw error; + } finally { + if (stdinFile) { + await params.sandbox.deleteFile?.(stdinFile).catch(() => undefined); + } + } +} diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/helpers.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/helpers.ts new file mode 100644 index 00000000..895addeb --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/helpers.ts @@ -0,0 +1,39 @@ +export function normalizeLeaseIdPart(input: string): string { + return input + .trim() + .toLowerCase() + .replace(/[^a-z0-9-]+/g, "-") + .replace(/^-+|-+$/g, "") + .replace(/-{2,}/g, "-"); +} + +export function buildLeaseSandboxId(input: { + environmentId: string; + runId: string; + reuseLease: boolean; + normalizeId: boolean; + randomId?: string; +}): string { + const base = input.reuseLease + ? `pc-env-${input.environmentId}` + : `pc-${input.runId}-${input.randomId ?? crypto.randomUUID().slice(0, 8)}`; + return input.normalizeId ? normalizeLeaseIdPart(base) : base; +} + +export function buildSentinelPath(remoteCwd: string): string { + return `${remoteCwd.replace(/\/+$/, "")}/.paperclip-lease.json`; +} + +export function isTimeoutError(error: unknown): boolean { + const name = (error as { name?: string } | null)?.name ?? ""; + const message = error instanceof Error ? error.message : String(error); + return /timeout/i.test(name) || /timed out|timeout/i.test(message); +} + +// Single-quote `value` for safe inclusion in a `sh -c` script. Single +// quotes inside the value are escaped via the standard `'"'"'` dance. +// Used by both `routes.ts` and `exec.ts` — keep one copy here so updates +// (e.g. handling additional shell special characters) stay in sync. +export function shellQuote(value: string): string { + return `'${value.replace(/'/g, `'"'"'`)}'`; +} diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/index.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/index.ts new file mode 100644 index 00000000..9f704175 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/index.ts @@ -0,0 +1,25 @@ +import { Sandbox } from "@cloudflare/sandbox"; +import { handleBridgeRequest, } from "./routes.js"; +import type { BridgeEnv } from "./sandboxes.js"; + +export { Sandbox }; + +export default { + async fetch(request: Request, env: BridgeEnv): Promise { + try { + return await handleBridgeRequest(request, env); + } catch (error) { + const message = error instanceof Error ? error.message : String(error); + return new Response( + JSON.stringify({ + error: "internal_error", + message, + }), + { + status: 500, + headers: { "Content-Type": "application/json" }, + }, + ); + } + }, +}; diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/routes.test.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/routes.test.ts new file mode 100644 index 00000000..a5274a4b --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/routes.test.ts @@ -0,0 +1,143 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; + +vi.mock("@cloudflare/sandbox", () => ({ + getSandbox: vi.fn(), +})); + +import { handleBridgeRequest } from "./routes.js"; +import { resolveSandbox } from "./sandboxes.js"; + +vi.mock("./sandboxes.js", async () => { + const actual = await vi.importActual("./sandboxes.js"); + return { + ...actual, + resolveSandbox: vi.fn(), + }; +}); + +function bridgeRequest(pathname: string, body: unknown): Request { + return new Request(`https://bridge.example.test${pathname}`, { + method: "POST", + headers: { + Authorization: "Bearer secret-token", + "Content-Type": "application/json", + }, + body: JSON.stringify(body), + }); +} + +describe("bridge routes", () => { + beforeEach(() => { + vi.mocked(resolveSandbox).mockReset(); + }); + + it("writes lease sentinels through the named-session exec target", async () => { + const sessionExec = vi.fn().mockResolvedValue({ exitCode: 0, stdout: "", stderr: "" }); + const sandbox = { + getSession: vi.fn().mockResolvedValue({ exec: sessionExec }), + createSession: vi.fn(), + writeFile: vi.fn(), + deleteFile: vi.fn(), + setKeepAlive: vi.fn().mockResolvedValue(undefined), + }; + vi.mocked(resolveSandbox).mockResolvedValue(sandbox as never); + + const response = await handleBridgeRequest( + bridgeRequest("/api/paperclip-sandbox/v1/leases/acquire", { + environmentId: "env-1", + runId: "run-1", + requestedCwd: "/workspace/paperclip", + sessionStrategy: "named", + sessionId: "paperclip", + }), + { BRIDGE_AUTH_TOKEN: "secret-token", Sandbox: {} as never }, + ); + + expect(response.status).toBe(200); + // Sentinel write must NOT use sandbox.writeFile (sandbox-level race); + // it goes through the same session as the mkdir. + expect(sandbox.writeFile).not.toHaveBeenCalled(); + + // Both calls use a single command string — the SDK's exec API ignores + // any `args` or `stdin` option, so the bridge folds them into the + // command line itself. + expect(sessionExec).toHaveBeenCalledTimes(2); + for (const call of sessionExec.mock.calls) { + const [commandArg, optionsArg] = call; + expect(typeof commandArg).toBe("string"); + expect(commandArg).toMatch(/^sh -lc /); + expect(optionsArg).toEqual({ cwd: "/", timeout: expect.any(Number) }); + expect(optionsArg).not.toHaveProperty("args"); + expect(optionsArg).not.toHaveProperty("stdin"); + } + expect(sessionExec.mock.calls[0]?.[0]).toContain("mkdir"); + expect(sessionExec.mock.calls[0]?.[0]).toContain("/workspace/paperclip"); + expect(sessionExec.mock.calls[1]?.[0]).toContain("/workspace/paperclip/.paperclip-lease.json"); + }); + + it("checks lease sentinels through the named-session exec target on resume", async () => { + const sessionExec = vi.fn().mockResolvedValue({ exitCode: 0, stdout: "", stderr: "" }); + const sandbox = { + getSession: vi.fn().mockResolvedValue({ exec: sessionExec }), + createSession: vi.fn(), + readFile: vi.fn(), + writeFile: vi.fn(), + deleteFile: vi.fn(), + setKeepAlive: vi.fn().mockResolvedValue(undefined), + }; + vi.mocked(resolveSandbox).mockResolvedValue(sandbox as never); + + const response = await handleBridgeRequest( + bridgeRequest("/api/paperclip-sandbox/v1/leases/resume", { + providerLeaseId: "pc-run-1-abcd1234", + requestedCwd: "/workspace/paperclip", + sessionStrategy: "named", + sessionId: "paperclip", + }), + { BRIDGE_AUTH_TOKEN: "secret-token", Sandbox: {} as never }, + ); + + expect(response.status).toBe(200); + expect(sandbox.readFile).not.toHaveBeenCalled(); + const [commandArg, optionsArg] = sessionExec.mock.calls[0] ?? []; + expect(typeof commandArg).toBe("string"); + expect(commandArg).toMatch(/^sh -lc /); + expect(commandArg).toContain("test -s"); + expect(commandArg).toContain("/workspace/paperclip/.paperclip-lease.json"); + expect(optionsArg).toEqual({ cwd: "/", timeout: expect.any(Number) }); + expect(optionsArg).not.toHaveProperty("args"); + }); + + it("streams exec stdout and completion metadata when requested", async () => { + const sessionExec = vi.fn().mockImplementation(async (_command, options) => { + await options?.onOutput?.("stdout", "hello\n"); + return { exitCode: 0, stdout: "hello\n", stderr: "" }; + }); + const sandbox = { + getSession: vi.fn().mockResolvedValue({ exec: sessionExec }), + createSession: vi.fn(), + writeFile: vi.fn(), + deleteFile: vi.fn(), + setKeepAlive: vi.fn().mockResolvedValue(undefined), + }; + vi.mocked(resolveSandbox).mockResolvedValue(sandbox as never); + + const response = await handleBridgeRequest( + bridgeRequest("/api/paperclip-sandbox/v1/exec", { + providerLeaseId: "pc-run-1-abcd1234", + command: "echo", + args: ["hello"], + sessionStrategy: "named", + sessionId: "paperclip", + streamOutput: true, + }), + { BRIDGE_AUTH_TOKEN: "secret-token", Sandbox: {} as never }, + ); + + expect(response.status).toBe(200); + expect(response.headers.get("Content-Type")).toContain("text/event-stream"); + const body = await response.text(); + expect(body).toContain("event: stdout"); + expect(body).toContain("event: complete"); + }); +}); diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/routes.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/routes.ts new file mode 100644 index 00000000..02369921 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/routes.ts @@ -0,0 +1,468 @@ +import type { Sandbox as CloudflareSandbox } from "@cloudflare/sandbox"; +import { isAuthorizedRequest } from "./auth.js"; +import { executeInSandbox } from "./exec.js"; +import { shellQuote } from "./helpers.js"; +import { + buildLeaseSandboxId, + buildSentinelPath, + DEFAULT_REMOTE_CWD, + DEFAULT_SESSION_ID, + DEFAULT_TIMEOUT_MS, + resolveSandbox, + applySandboxKeepAlive, + toErrorResponse, + toJsonResponse, + type BridgeEnv, +} from "./sandboxes.js"; +import type { SessionStrategy } from "./sessions.js"; + +interface ProbeRequestBody { + requestedCwd?: string; + keepAlive?: boolean; + sleepAfter?: string; + normalizeId?: boolean; + sessionStrategy?: SessionStrategy; + sessionId?: string; + timeoutMs?: number; +} + +interface AcquireLeaseRequestBody extends ProbeRequestBody { + environmentId?: string; + runId?: string; + issueId?: string | null; + reuseLease?: boolean; +} + +interface ResumeLeaseRequestBody extends ProbeRequestBody { + providerLeaseId?: string; +} + +interface ReleaseLeaseRequestBody { + providerLeaseId?: string; + reuseLease?: boolean; + keepAlive?: boolean; +} + +interface ExecuteRequestBody { + providerLeaseId?: string; + command?: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string | null; + timeoutMs?: number; + streamOutput?: boolean; + sessionStrategy?: SessionStrategy; + sessionId?: string; +} + +function readBoolean(value: unknown, fallback: boolean): boolean { + return value === undefined ? fallback : value === true; +} + +function readString(value: unknown, fallback: string): string { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : fallback; +} + +function readInteger(value: unknown, fallback: number): number { + const parsed = Number(value); + return Number.isFinite(parsed) ? Math.trunc(parsed) : fallback; +} + +function readSessionStrategy(value: unknown): SessionStrategy { + return value === "default" ? "default" : "named"; +} + +async function readJson(request: Request): Promise { + return await request.json() as T; +} + +function encodeSseEvent(type: string, payload: unknown): string { + return `event: ${type}\ndata: ${JSON.stringify(payload)}\n\n`; +} + +function toSseResponse(stream: ReadableStream): Response { + return new Response(stream, { + headers: { + "Content-Type": "text/event-stream", + "Cache-Control": "no-cache", + }, + }); +} + +async function execLeaseUtility( + sandbox: CloudflareSandbox, + options: { + remoteCwd: string; + sessionStrategy: SessionStrategy; + sessionId: string; + timeoutMs: number; + }, + command: string, + args: string[], + cwd = "/", +) { + return await executeInSandbox({ + sandbox, + command, + args, + cwd, + timeoutMs: options.timeoutMs, + sessionStrategy: options.sessionStrategy, + sessionId: options.sessionId, + }); +} + +function requireZeroExit(action: string, result: { exitCode: number | null; timedOut: boolean; stderr: string }) { + if (result.timedOut) { + throw new Error(`${action} timed out: ${result.stderr.trim()}`); + } + if (result.exitCode !== 0) { + throw new Error( + `${action} failed with exit code ${result.exitCode ?? "null"}${result.stderr.trim() ? `: ${result.stderr.trim()}` : ""}`, + ); + } +} + +async function ensureWorkspace( + sandbox: CloudflareSandbox, + options: { + remoteCwd: string; + sessionStrategy: SessionStrategy; + sessionId: string; + timeoutMs: number; + }, +) { + const result = await execLeaseUtility(sandbox, options, "mkdir", ["-p", options.remoteCwd], "/"); + requireZeroExit(`ensure workspace ${options.remoteCwd}`, result); +} + +async function writeSentinel( + sandbox: CloudflareSandbox, + input: { + providerLeaseId: string; + remoteCwd: string; + sessionStrategy: SessionStrategy; + sessionId: string; + keepAlive: boolean; + sleepAfter: string; + normalizeId: boolean; + resumedLease: boolean; + timeoutMs: number; + }, +) { + const sentinelPayload = JSON.stringify({ + provider: "cloudflare", + providerLeaseId: input.providerLeaseId, + remoteCwd: input.remoteCwd, + sessionStrategy: input.sessionStrategy, + sessionId: input.sessionId, + keepAlive: input.keepAlive, + sleepAfter: input.sleepAfter, + normalizeId: input.normalizeId, + resumedLease: input.resumedLease, + updatedAt: new Date().toISOString(), + }, null, 2); + const sentinelPath = buildSentinelPath(input.remoteCwd); + const result = await execLeaseUtility( + sandbox, + input, + "sh", + [ + "-c", + `mkdir -p ${shellQuote(input.remoteCwd)} && printf '%s\\n' ${shellQuote(sentinelPayload)} > ${shellQuote(sentinelPath)}`, + ], + "/", + ); + requireZeroExit(`write sentinel ${sentinelPath}`, result); +} + +async function verifySentinel( + sandbox: CloudflareSandbox, + input: { + remoteCwd: string; + sessionStrategy: SessionStrategy; + sessionId: string; + timeoutMs: number; + }, +): Promise { + const result = await execLeaseUtility( + sandbox, + input, + "sh", + ["-c", `test -s ${shellQuote(buildSentinelPath(input.remoteCwd))}`], + "/", + ); + return !result.timedOut && (result.exitCode ?? 0) === 0; +} + +export async function handleBridgeRequest(request: Request, env: BridgeEnv): Promise { + if (!(await isAuthorizedRequest(request, env.BRIDGE_AUTH_TOKEN))) { + return toErrorResponse(401, "unauthorized", "Missing or invalid bridge bearer token."); + } + + const url = new URL(request.url); + const pathname = url.pathname.replace(/\/+$/, ""); + + if (request.method === "GET" && pathname === "/api/paperclip-sandbox/v1/health") { + return toJsonResponse({ + ok: true, + provider: "cloudflare", + bridgeVersion: "0.1.0", + capabilities: { + reuseLease: true, + namedSessions: true, + previewUrls: false, + }, + }); + } + + if (request.method === "POST" && pathname === "/api/paperclip-sandbox/v1/probe") { + const body = await readJson(request); + const remoteCwd = readString(body.requestedCwd, DEFAULT_REMOTE_CWD); + const keepAlive = readBoolean(body.keepAlive, false); + const sleepAfter = readString(body.sleepAfter, "10m"); + const normalizeId = readBoolean(body.normalizeId, true); + const sessionStrategy = readSessionStrategy(body.sessionStrategy); + const sessionId = readString(body.sessionId, DEFAULT_SESSION_ID); + const timeoutMs = readInteger(body.timeoutMs, DEFAULT_TIMEOUT_MS); + const sandboxId = buildLeaseSandboxId({ + environmentId: "probe", + runId: `probe-${Date.now()}`, + reuseLease: false, + normalizeId, + }); + + const sandbox = await resolveSandbox(env, sandboxId, { keepAlive, sleepAfter, normalizeId }); + await applySandboxKeepAlive(sandbox, keepAlive); + try { + await ensureWorkspace(sandbox, { remoteCwd, sessionStrategy, sessionId, timeoutMs }); + const result = await executeInSandbox({ + sandbox, + command: "pwd", + cwd: remoteCwd, + timeoutMs, + sessionStrategy, + sessionId, + }); + return toJsonResponse({ + ok: true, + summary: "Connected to Cloudflare sandbox bridge.", + metadata: { + provider: "cloudflare", + remoteCwd, + namedSessions: sessionStrategy === "named", + stdout: result.stdout, + }, + }); + } finally { + await sandbox.destroy().catch(() => undefined); + } + } + + if (request.method === "POST" && pathname === "/api/paperclip-sandbox/v1/leases/acquire") { + const body = await readJson(request); + if (!body.environmentId || !body.runId) { + return toErrorResponse(400, "invalid_request", "environmentId and runId are required."); + } + + const reuseLease = readBoolean(body.reuseLease, false); + const keepAlive = readBoolean(body.keepAlive, false); + const sleepAfter = readString(body.sleepAfter, "10m"); + const normalizeId = readBoolean(body.normalizeId, true); + const remoteCwd = readString(body.requestedCwd, DEFAULT_REMOTE_CWD); + const sessionStrategy = readSessionStrategy(body.sessionStrategy); + const sessionId = readString(body.sessionId, DEFAULT_SESSION_ID); + const timeoutMs = readInteger(body.timeoutMs, DEFAULT_TIMEOUT_MS); + const providerLeaseId = buildLeaseSandboxId({ + environmentId: body.environmentId, + runId: body.runId, + reuseLease, + normalizeId, + }); + const sandbox = await resolveSandbox(env, providerLeaseId, { keepAlive, sleepAfter, normalizeId }); + // Guard against orphaning a keepAlive sandbox if workspace setup throws + // after creation: Paperclip never sees the lease ID in that case, so it + // can't clean up. Destroy here unless this is a reuseLease handshake + // (where the sandbox may have been created by a prior acquire and we + // shouldn't destroy it on a transient setup failure during reattachment). + try { + await applySandboxKeepAlive(sandbox, keepAlive); + await ensureWorkspace(sandbox, { remoteCwd, sessionStrategy, sessionId, timeoutMs }); + await writeSentinel(sandbox, { + providerLeaseId, + remoteCwd, + sessionStrategy, + sessionId, + keepAlive, + sleepAfter, + normalizeId, + resumedLease: false, + timeoutMs, + }); + } catch (err) { + if (!reuseLease) { + await sandbox.destroy().catch(() => undefined); + } + throw err; + } + + return toJsonResponse({ + providerLeaseId, + metadata: { + provider: "cloudflare", + remoteCwd, + sandboxId: providerLeaseId, + sessionStrategy, + sessionId, + keepAlive, + sleepAfter, + normalizeId, + resumedLease: false, + }, + }); + } + + if (request.method === "POST" && pathname === "/api/paperclip-sandbox/v1/leases/resume") { + const body = await readJson(request); + if (!body.providerLeaseId) { + return toErrorResponse(400, "invalid_request", "providerLeaseId is required."); + } + const keepAlive = readBoolean(body.keepAlive, false); + const sleepAfter = readString(body.sleepAfter, "10m"); + const normalizeId = readBoolean(body.normalizeId, true); + const remoteCwd = readString(body.requestedCwd, DEFAULT_REMOTE_CWD); + const sessionStrategy = readSessionStrategy(body.sessionStrategy); + const sessionId = readString(body.sessionId, DEFAULT_SESSION_ID); + const timeoutMs = readInteger(body.timeoutMs, DEFAULT_TIMEOUT_MS); + const sandbox = await resolveSandbox(env, body.providerLeaseId, { keepAlive, sleepAfter, normalizeId }); + // Resume always reattaches to a providerLeaseId the operator already + // owns, so we deliberately do NOT destroy on failure here — the operator + // has the ID and can issue an explicit release/destroy. Calling + // `getSandbox` is idempotent on the Sandbox SDK side (no new sandbox is + // created), so a failed resume doesn't leak a *new* sandbox. + await applySandboxKeepAlive(sandbox, keepAlive); + + if (!(await verifySentinel(sandbox, { remoteCwd, sessionStrategy, sessionId, timeoutMs }))) { + return toErrorResponse(409, "sandbox_state_lost", "Cloudflare sandbox state is no longer available."); + } + + await ensureWorkspace(sandbox, { remoteCwd, sessionStrategy, sessionId, timeoutMs }); + await writeSentinel(sandbox, { + providerLeaseId: body.providerLeaseId, + remoteCwd, + sessionStrategy, + sessionId, + keepAlive, + sleepAfter, + normalizeId, + resumedLease: true, + timeoutMs, + }); + + return toJsonResponse({ + providerLeaseId: body.providerLeaseId, + metadata: { + provider: "cloudflare", + remoteCwd, + sandboxId: body.providerLeaseId, + sessionStrategy, + sessionId, + keepAlive, + sleepAfter, + normalizeId, + resumedLease: true, + }, + }); + } + + if (request.method === "POST" && pathname === "/api/paperclip-sandbox/v1/leases/release") { + const body = await readJson(request); + if (!body.providerLeaseId) { + return toJsonResponse({ ok: true }); + } + if (readBoolean(body.reuseLease, false)) { + return toJsonResponse({ ok: true }); + } + const sandbox = await resolveSandbox(env, body.providerLeaseId, { + keepAlive: readBoolean(body.keepAlive, false), + sleepAfter: "10m", + normalizeId: true, + }); + await sandbox.destroy().catch(() => undefined); + return toJsonResponse({ ok: true }); + } + + if (request.method === "DELETE" && pathname.startsWith("/api/paperclip-sandbox/v1/leases/")) { + const providerLeaseId = decodeURIComponent(pathname.split("/").pop() ?? ""); + if (providerLeaseId.length === 0) { + return toErrorResponse(400, "invalid_request", "providerLeaseId path parameter is required."); + } + const sandbox = await resolveSandbox(env, providerLeaseId, { + keepAlive: false, + sleepAfter: "10m", + normalizeId: true, + }); + await sandbox.destroy().catch(() => undefined); + return toJsonResponse({ ok: true }); + } + + if (request.method === "POST" && pathname === "/api/paperclip-sandbox/v1/exec") { + const body = await readJson(request); + if (!body.providerLeaseId || !body.command) { + return toErrorResponse(400, "invalid_request", "providerLeaseId and command are required."); + } + const sessionStrategy = readSessionStrategy(body.sessionStrategy); + const sessionId = readString(body.sessionId, DEFAULT_SESSION_ID); + const sandbox = await resolveSandbox(env, body.providerLeaseId, { + keepAlive: false, + sleepAfter: "10m", + normalizeId: true, + }); + if (body.streamOutput === true) { + const encoder = new TextEncoder(); + const stream = new ReadableStream({ + async start(controller) { + try { + const result = await executeInSandbox({ + sandbox, + command: body.command!, + args: Array.isArray(body.args) ? body.args.filter((value): value is string => typeof value === "string") : [], + cwd: typeof body.cwd === "string" ? body.cwd : undefined, + env: body.env, + stdin: body.stdin ?? null, + timeoutMs: readInteger(body.timeoutMs, DEFAULT_TIMEOUT_MS), + sessionStrategy, + sessionId, + onOutput: async (streamName, data) => { + controller.enqueue(encoder.encode(encodeSseEvent(streamName, { data }))); + }, + }); + controller.enqueue(encoder.encode(encodeSseEvent("complete", result))); + } catch (error) { + controller.enqueue(encoder.encode(encodeSseEvent("error", { + error: error instanceof Error ? error.message : String(error), + }))); + } finally { + controller.close(); + } + }, + }); + return toSseResponse(stream); + } + const result = await executeInSandbox({ + sandbox, + command: body.command, + args: Array.isArray(body.args) ? body.args.filter((value): value is string => typeof value === "string") : [], + cwd: typeof body.cwd === "string" ? body.cwd : undefined, + env: body.env, + stdin: body.stdin ?? null, + timeoutMs: readInteger(body.timeoutMs, DEFAULT_TIMEOUT_MS), + sessionStrategy, + sessionId, + }); + return toJsonResponse(result); + } + + return toErrorResponse(404, "not_found", `No bridge route matched ${request.method} ${pathname}.`); +} diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sandboxes.test.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sandboxes.test.ts new file mode 100644 index 00000000..52daf16f --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sandboxes.test.ts @@ -0,0 +1,32 @@ +import { describe, expect, it } from "vitest"; +import { buildLeaseSandboxId, buildSentinelPath, isTimeoutError } from "./helpers.js"; + +describe("bridge sandbox helpers", () => { + it("builds reusable lease IDs from environment IDs", () => { + expect(buildLeaseSandboxId({ + environmentId: "Env_123", + runId: "run-ignored", + reuseLease: true, + normalizeId: true, + })).toBe("pc-env-env-123"); + }); + + it("builds ephemeral lease IDs from run IDs", () => { + expect(buildLeaseSandboxId({ + environmentId: "env-1", + runId: "Run_123", + reuseLease: false, + normalizeId: true, + randomId: "ABCD1234", + })).toBe("pc-run-123-abcd1234"); + }); + + it("builds the workspace sentinel path", () => { + expect(buildSentinelPath("/workspace/paperclip/")).toBe("/workspace/paperclip/.paperclip-lease.json"); + }); + + it("detects timeout-shaped errors", () => { + expect(isTimeoutError(new Error("command timed out after 10s"))).toBe(true); + expect(isTimeoutError(new Error("some other error"))).toBe(false); + }); +}); diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sandboxes.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sandboxes.ts new file mode 100644 index 00000000..34b878c3 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sandboxes.ts @@ -0,0 +1,57 @@ +import type { Sandbox as CloudflareSandbox } from "@cloudflare/sandbox"; +import { getSandbox } from "@cloudflare/sandbox"; +import { buildLeaseSandboxId, buildSentinelPath, isTimeoutError } from "./helpers.js"; + +export interface BridgeEnv { + Sandbox: DurableObjectNamespace; + BRIDGE_AUTH_TOKEN?: string; +} + +export interface BridgeLeaseConfig { + keepAlive: boolean; + sleepAfter: string; + normalizeId: boolean; +} + +export const DEFAULT_REMOTE_CWD = "/workspace/paperclip"; +export const DEFAULT_SESSION_ID = "paperclip"; +export const DEFAULT_TIMEOUT_MS = 300_000; +export const LEASE_SENTINEL_FILE = ".paperclip-lease.json"; + +export function toJsonResponse(body: unknown, status = 200): Response { + return new Response(JSON.stringify(body), { + status, + headers: { + "Content-Type": "application/json", + }, + }); +} + +export function toErrorResponse(status: number, error: string, message: string, details?: unknown): Response { + return toJsonResponse({ error, message, details }, status); +} + +export async function resolveSandbox( + env: BridgeEnv, + sandboxId: string, + config: BridgeLeaseConfig, +): Promise { + // Pure handle resolution: the constructor accepts keepAlive/sleepAfter so the + // sandbox is created with the right defaults on first use, but we no longer + // call `setKeepAlive` here. That side effect now lives in + // `applySandboxKeepAlive` and is invoked only from lease-management routes, + // so exec calls don't accidentally overwrite the lease's keepAlive policy. + return getSandbox(env.Sandbox, sandboxId, { + keepAlive: config.keepAlive, + sleepAfter: config.sleepAfter, + }); +} + +export async function applySandboxKeepAlive( + sandbox: CloudflareSandbox, + keepAlive: boolean, +): Promise { + await sandbox.setKeepAlive(keepAlive); +} + +export { buildLeaseSandboxId, buildSentinelPath, isTimeoutError }; diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sessions.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sessions.ts new file mode 100644 index 00000000..500b7d41 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/src/sessions.ts @@ -0,0 +1,84 @@ +import type { Sandbox as CloudflareSandbox } from "@cloudflare/sandbox"; +import { DEFAULT_SESSION_ID } from "./sandboxes.js"; + +export type SessionStrategy = "named" | "default"; + +export interface ResolvedSession { + exec( + command: string, + options?: { + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string | null; + timeout?: number; + stream?: boolean; + onOutput?: (stream: "stdout" | "stderr", data: string) => void | Promise; + }, + ): Promise<{ success?: boolean; stdout?: string; stderr?: string; exitCode?: number | null }>; +} + +export async function getNamedSession( + sandbox: CloudflareSandbox, + options: { + sessionId?: string; + cwd?: string; + env?: Record; + timeoutMs?: number; + }, +): Promise { + const sessionId = options.sessionId?.trim() || DEFAULT_SESSION_ID; + try { + return await sandbox.getSession(sessionId); + } catch (err) { + // Only fall through to `createSession` for the "session not found" case. + // The Sandbox SDK currently surfaces missing-session as an Error whose + // message contains "not found" / "does not exist"; any other failure + // (quota exceeded, sandbox destroyed mid-request, malformed ID) should + // bubble up so callers see the real cause instead of a confusing + // secondary `createSession` error that hides the root cause. + if (!isSessionNotFoundError(err)) throw err; + // Create the session without pinning it to a workspace path up front. + // Workspace preparation may be the first thing we do with the session. + return await sandbox.createSession({ + id: sessionId, + env: options.env, + commandTimeoutMs: options.timeoutMs, + }); + } +} + +function isSessionNotFoundError(err: unknown): boolean { + if (!err) return false; + const message = + err instanceof Error ? err.message : typeof err === "string" ? err : ""; + return /not\s*found|does\s*not\s*exist|no\s+such\s+session/i.test(message); +} + +export async function resolveExecutionTarget( + sandbox: CloudflareSandbox, + options: { + sessionStrategy: SessionStrategy; + sessionId?: string; + cwd?: string; + env?: Record; + timeoutMs?: number; + }, +): Promise { + if (options.sessionStrategy === "default") return sandbox; + return await getNamedSession(sandbox, options); +} + +export async function cleanupTimedOutExecution( + sandbox: CloudflareSandbox, + options: { + sessionStrategy: SessionStrategy; + sessionId?: string; + }, +): Promise { + if (options.sessionStrategy === "default") { + await sandbox.destroy().catch(() => undefined); + return; + } + await sandbox.deleteSession(options.sessionId?.trim() || DEFAULT_SESSION_ID).catch(() => undefined); +} diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/tsconfig.json b/packages/plugins/sandbox-providers/cloudflare/bridge-template/tsconfig.json new file mode 100644 index 00000000..ad9bf792 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/tsconfig.json @@ -0,0 +1,11 @@ +{ + "extends": "../../../../../tsconfig.json", + "compilerOptions": { + "rootDir": ".", + "lib": ["ES2023", "WebWorker"], + "types": ["@cloudflare/workers-types"], + "noEmit": true + }, + "include": ["src/**/*.ts"], + "exclude": ["src/**/*.test.ts"] +} diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/vitest.config.ts b/packages/plugins/sandbox-providers/cloudflare/bridge-template/vitest.config.ts new file mode 100644 index 00000000..ce36a742 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/vitest.config.ts @@ -0,0 +1,8 @@ +import { defineConfig } from "vitest/config"; + +export default defineConfig({ + test: { + include: ["src/**/*.test.ts"], + environment: "node", + }, +}); diff --git a/packages/plugins/sandbox-providers/cloudflare/bridge-template/wrangler.jsonc b/packages/plugins/sandbox-providers/cloudflare/bridge-template/wrangler.jsonc new file mode 100644 index 00000000..24266c99 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/bridge-template/wrangler.jsonc @@ -0,0 +1,28 @@ +{ + "name": "paperclip-cloudflare-sandbox-bridge", + "main": "src/index.ts", + "compatibility_date": "2026-05-09", + "compatibility_flags": ["nodejs_compat"], + "containers": [ + { + "class_name": "Sandbox", + "image": "./Dockerfile", + "instance_type": "lite", + "max_instances": 10 + } + ], + "durable_objects": { + "bindings": [ + { + "class_name": "Sandbox", + "name": "Sandbox" + } + ] + }, + "migrations": [ + { + "tag": "v1", + "new_sqlite_classes": ["Sandbox"] + } + ] +} diff --git a/packages/plugins/sandbox-providers/cloudflare/package.json b/packages/plugins/sandbox-providers/cloudflare/package.json new file mode 100644 index 00000000..bc56ce22 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/package.json @@ -0,0 +1,59 @@ +{ + "name": "@paperclipai/plugin-cloudflare-sandbox", + "version": "0.1.0", + "description": "Cloudflare sandbox provider plugin for Paperclip environments", + "license": "MIT", + "homepage": "https://github.com/paperclipai/paperclip", + "bugs": { + "url": "https://github.com/paperclipai/paperclip/issues" + }, + "repository": { + "type": "git", + "url": "https://github.com/paperclipai/paperclip", + "directory": "packages/plugins/sandbox-providers/cloudflare" + }, + "type": "module", + "exports": { + ".": "./src/index.ts" + }, + "publishConfig": { + "access": "public", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js" + } + }, + "main": "./dist/index.js", + "types": "./dist/index.d.ts" + }, + "files": [ + "dist", + "bridge-template" + ], + "paperclipPlugin": { + "manifest": "./dist/manifest.js", + "worker": "./dist/worker.js" + }, + "keywords": [ + "paperclip", + "plugin", + "sandbox", + "cloudflare" + ], + "scripts": { + "postinstall": "node ../../../../scripts/link-plugin-dev-sdk.mjs", + "prebuild": "pnpm -C ../../../.. --filter @paperclipai/plugin-sdk ensure-build-deps", + "build": "rm -rf dist && tsc", + "clean": "rm -rf dist", + "typecheck": "pnpm -C ../../../.. --filter @paperclipai/plugin-sdk ensure-build-deps && tsc --noEmit", + "test": "pnpm -C ../../../.. --filter @paperclipai/plugin-sdk ensure-build-deps && vitest run --config vitest.config.ts", + "prepack": "rm -f package.dev.json && cp package.json package.dev.json && node ../../../../scripts/generate-plugin-package-json.mjs", + "postpack": "if [ -f package.dev.json ]; then mv package.dev.json package.json; fi" + }, + "devDependencies": { + "@types/node": "^24.6.0", + "typescript": "^5.7.3", + "vitest": "^3.2.4" + } +} diff --git a/packages/plugins/sandbox-providers/cloudflare/src/bridge-client.test.ts b/packages/plugins/sandbox-providers/cloudflare/src/bridge-client.test.ts new file mode 100644 index 00000000..de525d3e --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/bridge-client.test.ts @@ -0,0 +1,92 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import type { CloudflareDriverConfig } from "./types.js"; +import { createCloudflareBridgeClient, resolveRequestTimeoutMs } from "./bridge-client.js"; + +const baseConfig: CloudflareDriverConfig = { + bridgeBaseUrl: "https://bridge.example.workers.dev", + bridgeAuthToken: "secret-ref://bridge-token", + reuseLease: false, + keepAlive: false, + sleepAfter: "10m", + normalizeId: true, + requestedCwd: "/workspace/paperclip", + sessionStrategy: "named", + sessionId: "paperclip", + timeoutMs: 300_000, + bridgeRequestTimeoutMs: 30_000, + previewHostname: null, +}; + +describe("Cloudflare bridge client timeouts", () => { + beforeEach(() => { + vi.unstubAllGlobals(); + }); + + it("keeps the configured timeout for non-exec requests", () => { + expect(resolveRequestTimeoutMs(baseConfig, "/api/paperclip-sandbox/v1/probe", { + method: "POST", + body: JSON.stringify({ timeoutMs: 270_000 }), + })).toBe(30_000); + }); + + it("extends exec requests to the command timeout when needed", () => { + expect(resolveRequestTimeoutMs(baseConfig, "/api/paperclip-sandbox/v1/exec", { + method: "POST", + body: JSON.stringify({ command: "opencode", timeoutMs: 270_000 }), + })).toBe(270_000); + }); + + it("falls back to the configured timeout when exec timeout is missing or smaller", () => { + expect(resolveRequestTimeoutMs(baseConfig, "/api/paperclip-sandbox/v1/exec", { + method: "POST", + body: JSON.stringify({ command: "pwd" }), + })).toBe(30_000); + expect(resolveRequestTimeoutMs(baseConfig, "/api/paperclip-sandbox/v1/exec", { + method: "POST", + body: JSON.stringify({ command: "pwd", timeoutMs: 5_000 }), + })).toBe(30_000); + }); + + it("consumes streamed exec output and returns the final result", async () => { + const fetchMock = vi.fn().mockResolvedValue(new Response( + [ + 'event: stdout', + 'data: {"data":"hello\\n"}', + "", + 'event: complete', + 'data: {"exitCode":0,"signal":null,"timedOut":false,"stdout":"hello\\n","stderr":""}', + "", + ].join("\n"), + { + status: 200, + headers: { "Content-Type": "text/event-stream" }, + }, + )); + vi.stubGlobal("fetch", fetchMock); + const client = createCloudflareBridgeClient({ config: baseConfig }); + const onOutput = vi.fn(); + + const result = await client.execute( + { + providerLeaseId: "lease-1", + command: "echo", + args: ["hello"], + sessionStrategy: "named", + sessionId: "paperclip", + }, + {}, + { onOutput }, + ); + + expect(result).toEqual({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "hello\n", + stderr: "", + }); + expect(onOutput).toHaveBeenCalledWith("stdout", "hello\n"); + const init = fetchMock.mock.calls[0]?.[1] as RequestInit; + expect(JSON.parse(String(init.body))).toMatchObject({ streamOutput: true }); + }); +}); diff --git a/packages/plugins/sandbox-providers/cloudflare/src/bridge-client.ts b/packages/plugins/sandbox-providers/cloudflare/src/bridge-client.ts new file mode 100644 index 00000000..d5b5c5c9 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/bridge-client.ts @@ -0,0 +1,357 @@ +import type { + CloudflareBridgeAcquireLeaseRequest, + CloudflareBridgeExecuteRequest, + CloudflareBridgeExecuteResponse, + CloudflareBridgeHealthResponse, + CloudflareBridgeLeaseResponse, + CloudflareBridgeProbeRequest, + CloudflareBridgeProbeResponse, + CloudflareBridgeReleaseLeaseRequest, + CloudflareBridgeResumeLeaseRequest, + CloudflareDriverConfig, +} from "./types.js"; + +interface BridgeClientHeaders { + environmentId?: string; + runId?: string; + issueId?: string | null; +} + +interface BridgeClientOptions { + config: CloudflareDriverConfig; +} + +interface BridgeExecuteOptions { + onOutput?: (stream: "stdout" | "stderr", chunk: string) => void | Promise; +} + +interface BridgeErrorBody { + error?: string; + message?: string; + details?: unknown; +} + +function isRecord(value: unknown): value is Record { + return typeof value === "object" && value !== null && !Array.isArray(value); +} + +export class CloudflareBridgeError extends Error { + readonly status: number; + readonly code: string | null; + readonly details: unknown; + + constructor(input: { status: number; code?: string | null; message: string; details?: unknown }) { + super(input.message); + this.name = "CloudflareBridgeError"; + this.status = input.status; + this.code = input.code ?? null; + this.details = input.details; + } +} + +function buildHeaders(config: CloudflareDriverConfig, extra: BridgeClientHeaders = {}): Headers { + const headers = new Headers(); + headers.set("Authorization", `Bearer ${config.bridgeAuthToken}`); + headers.set("Content-Type", "application/json"); + if (extra.environmentId) headers.set("X-Paperclip-Environment-Id", extra.environmentId); + if (extra.runId) headers.set("X-Paperclip-Run-Id", extra.runId); + if (extra.issueId) headers.set("X-Paperclip-Issue-Id", extra.issueId); + return headers; +} + +async function parseJson(response: Response): Promise { + const contentType = response.headers.get("content-type") ?? ""; + if (!contentType.toLowerCase().includes("application/json")) { + return null; + } + return await response.json(); +} + +function encodeExecuteRequestBody(body: CloudflareBridgeExecuteRequest, options?: BridgeExecuteOptions): string { + return JSON.stringify({ + ...body, + streamOutput: typeof options?.onOutput === "function", + }); +} + +function parseExecuteTimeoutMs(body: RequestInit["body"]): number | null { + if (typeof body !== "string") return null; + try { + const parsed = JSON.parse(body) as { timeoutMs?: unknown }; + const timeoutMs = Number(parsed.timeoutMs); + return Number.isFinite(timeoutMs) && timeoutMs > 0 ? Math.trunc(timeoutMs) : null; + } catch { + return null; + } +} + +export function resolveRequestTimeoutMs( + config: CloudflareDriverConfig, + path: string, + init: RequestInit, +): number { + if (!path.endsWith("/exec")) { + return config.bridgeRequestTimeoutMs; + } + const requestedTimeoutMs = parseExecuteTimeoutMs(init.body); + return requestedTimeoutMs === null + ? config.bridgeRequestTimeoutMs + : Math.max(config.bridgeRequestTimeoutMs, requestedTimeoutMs); +} + +async function requestJson( + config: CloudflareDriverConfig, + path: string, + init: RequestInit, + extraHeaders: BridgeClientHeaders = {}, +): Promise { + const controller = new AbortController(); + const requestTimeoutMs = resolveRequestTimeoutMs(config, path, init); + const timeout = setTimeout(() => controller.abort(), requestTimeoutMs); + const baseUrl = config.bridgeBaseUrl.replace(/\/+$/, ""); + + try { + const response = await fetch(`${baseUrl}${path}`, { + ...init, + headers: buildHeaders(config, extraHeaders), + signal: controller.signal, + }); + const body = await parseJson(response); + if (!response.ok) { + const errorBody = isRecord(body) ? body as BridgeErrorBody : {}; + throw new CloudflareBridgeError({ + status: response.status, + code: typeof errorBody.error === "string" ? errorBody.error : null, + message: + typeof errorBody.message === "string" && errorBody.message.trim().length > 0 + ? errorBody.message + : `Cloudflare sandbox bridge request failed with HTTP ${response.status}.`, + details: errorBody.details, + }); + } + return body as T; + } catch (error) { + if (error instanceof CloudflareBridgeError) throw error; + if ((error as { name?: string } | null)?.name === "AbortError") { + throw new Error( + `Cloudflare sandbox bridge request timed out after ${requestTimeoutMs}ms.`, + ); + } + throw error; + } finally { + clearTimeout(timeout); + } +} + +async function requestResponse( + config: CloudflareDriverConfig, + path: string, + init: RequestInit, + extraHeaders: BridgeClientHeaders = {}, +): Promise { + const controller = new AbortController(); + const requestTimeoutMs = resolveRequestTimeoutMs(config, path, init); + const timeout = setTimeout(() => controller.abort(), requestTimeoutMs); + const baseUrl = config.bridgeBaseUrl.replace(/\/+$/, ""); + + try { + const response = await fetch(`${baseUrl}${path}`, { + ...init, + headers: buildHeaders(config, extraHeaders), + signal: controller.signal, + }); + if (!response.ok) { + const body = await parseJson(response); + const errorBody = isRecord(body) ? body as BridgeErrorBody : {}; + throw new CloudflareBridgeError({ + status: response.status, + code: typeof errorBody.error === "string" ? errorBody.error : null, + message: + typeof errorBody.message === "string" && errorBody.message.trim().length > 0 + ? errorBody.message + : `Cloudflare sandbox bridge request failed with HTTP ${response.status}.`, + details: errorBody.details, + }); + } + return response; + } catch (error) { + if (error instanceof CloudflareBridgeError) throw error; + if ((error as { name?: string } | null)?.name === "AbortError") { + throw new Error( + `Cloudflare sandbox bridge request timed out after ${requestTimeoutMs}ms.`, + ); + } + throw error; + } finally { + clearTimeout(timeout); + } +} + +interface ParsedSseEvent { + event: string; + data: string; +} + +function parseSseChunk(buffer: string): { events: ParsedSseEvent[]; rest: string } { + const normalized = buffer.replace(/\r\n/g, "\n"); + const frames = normalized.split("\n\n"); + const rest = frames.pop() ?? ""; + const events: ParsedSseEvent[] = []; + + for (const frame of frames) { + let event = "message"; + const dataLines: string[] = []; + for (const line of frame.split("\n")) { + if (line.startsWith("event:")) { + event = line.slice("event:".length).trim() || "message"; + continue; + } + if (line.startsWith("data:")) { + dataLines.push(line.slice("data:".length).trimStart()); + } + } + events.push({ + event, + data: dataLines.join("\n"), + }); + } + + return { events, rest }; +} + +async function consumeExecuteEventStream( + response: Response, + options: BridgeExecuteOptions, +): Promise { + if (!response.body) { + throw new Error("Cloudflare sandbox bridge streaming response had no body."); + } + + const reader = response.body.getReader(); + const decoder = new TextDecoder(); + let buffer = ""; + let result: CloudflareBridgeExecuteResponse | null = null; + + while (true) { + const { done, value } = await reader.read(); + buffer += decoder.decode(value ?? new Uint8Array(), { stream: !done }); + const parsed = parseSseChunk(done && buffer.length > 0 ? `${buffer}\n\n` : buffer); + buffer = parsed.rest; + + for (const event of parsed.events) { + if (event.event === "stdout" || event.event === "stderr") { + const payload = JSON.parse(event.data) as { data?: unknown }; + const chunk = typeof payload.data === "string" ? payload.data : ""; + if (chunk) { + await options.onOutput?.(event.event, chunk); + } + continue; + } + + if (event.event === "complete") { + result = JSON.parse(event.data) as CloudflareBridgeExecuteResponse; + continue; + } + + if (event.event === "error") { + const payload = JSON.parse(event.data) as { error?: unknown }; + const message = typeof payload.error === "string" && payload.error.trim().length > 0 + ? payload.error + : "Cloudflare sandbox bridge streaming command failed."; + throw new Error(message); + } + } + + if (done) break; + } + + if (result) return result; + throw new Error("Cloudflare sandbox bridge streaming response ended without a completion event."); +} + +export function createCloudflareBridgeClient(options: BridgeClientOptions) { + const { config } = options; + const apiPrefix = "/api/paperclip-sandbox/v1"; + + return { + health(extraHeaders?: BridgeClientHeaders): Promise { + return requestJson(config, `${apiPrefix}/health`, { method: "GET" }, extraHeaders); + }, + + probe(body: CloudflareBridgeProbeRequest, extraHeaders?: BridgeClientHeaders): Promise { + return requestJson( + config, + `${apiPrefix}/probe`, + { method: "POST", body: JSON.stringify(body) }, + extraHeaders, + ); + }, + + acquireLease( + body: CloudflareBridgeAcquireLeaseRequest, + extraHeaders?: BridgeClientHeaders, + ): Promise { + return requestJson( + config, + `${apiPrefix}/leases/acquire`, + { method: "POST", body: JSON.stringify(body) }, + extraHeaders, + ); + }, + + resumeLease( + body: CloudflareBridgeResumeLeaseRequest, + extraHeaders?: BridgeClientHeaders, + ): Promise { + return requestJson( + config, + `${apiPrefix}/leases/resume`, + { method: "POST", body: JSON.stringify(body) }, + extraHeaders, + ); + }, + + releaseLease( + body: CloudflareBridgeReleaseLeaseRequest, + extraHeaders?: BridgeClientHeaders, + ): Promise<{ ok: true }> { + return requestJson<{ ok: true }>( + config, + `${apiPrefix}/leases/release`, + { method: "POST", body: JSON.stringify(body) }, + extraHeaders, + ); + }, + + destroyLease(providerLeaseId: string, extraHeaders?: BridgeClientHeaders): Promise<{ ok: true }> { + return requestJson<{ ok: true }>( + config, + `${apiPrefix}/leases/${encodeURIComponent(providerLeaseId)}`, + { method: "DELETE" }, + extraHeaders, + ); + }, + + execute( + body: CloudflareBridgeExecuteRequest, + extraHeaders?: BridgeClientHeaders, + options?: BridgeExecuteOptions, + ): Promise { + const encodedBody = encodeExecuteRequestBody(body, options); + if (typeof options?.onOutput === "function") { + return requestResponse( + config, + `${apiPrefix}/exec`, + { method: "POST", body: encodedBody }, + extraHeaders, + ).then((response) => consumeExecuteEventStream(response, options)); + } + return requestJson( + config, + `${apiPrefix}/exec`, + { method: "POST", body: encodedBody }, + extraHeaders, + ); + }, + }; +} diff --git a/packages/plugins/sandbox-providers/cloudflare/src/config.ts b/packages/plugins/sandbox-providers/cloudflare/src/config.ts new file mode 100644 index 00000000..9aff3ac3 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/config.ts @@ -0,0 +1,84 @@ +import type { CloudflareDriverConfig } from "./types.js"; + +const DEFAULT_REQUESTED_CWD = "/workspace/paperclip"; +const DEFAULT_SLEEP_AFTER = "10m"; +const DEFAULT_TIMEOUT_MS = 300_000; +const DEFAULT_BRIDGE_REQUEST_TIMEOUT_MS = 30_000; +const LOCALHOST_HOSTNAMES = new Set(["localhost", "127.0.0.1", "::1"]); + +function readTrimmedString(value: unknown): string | null { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function readBoolean(value: unknown, fallback: boolean): boolean { + return value === undefined ? fallback : value === true; +} + +function readInteger(value: unknown, fallback: number): number { + const parsed = Number(value); + return Number.isFinite(parsed) ? Math.trunc(parsed) : fallback; +} + +function isLocalBridgeHost(url: URL): boolean { + return LOCALHOST_HOSTNAMES.has(url.hostname); +} + +export function parseCloudflareDriverConfig(raw: Record): CloudflareDriverConfig { + return { + bridgeBaseUrl: readTrimmedString(raw.bridgeBaseUrl) ?? "", + bridgeAuthToken: readTrimmedString(raw.bridgeAuthToken) ?? "", + reuseLease: readBoolean(raw.reuseLease, false), + keepAlive: readBoolean(raw.keepAlive, false), + sleepAfter: readTrimmedString(raw.sleepAfter) ?? DEFAULT_SLEEP_AFTER, + normalizeId: readBoolean(raw.normalizeId, true), + requestedCwd: readTrimmedString(raw.requestedCwd) ?? DEFAULT_REQUESTED_CWD, + sessionStrategy: raw.sessionStrategy === "default" ? "default" : "named", + sessionId: readTrimmedString(raw.sessionId) ?? "paperclip", + timeoutMs: readInteger(raw.timeoutMs, DEFAULT_TIMEOUT_MS), + bridgeRequestTimeoutMs: readInteger(raw.bridgeRequestTimeoutMs, DEFAULT_BRIDGE_REQUEST_TIMEOUT_MS), + previewHostname: readTrimmedString(raw.previewHostname), + }; +} + +export function validateCloudflareDriverConfig(config: CloudflareDriverConfig): string[] { + const errors: string[] = []; + + if (!config.bridgeBaseUrl) { + errors.push("Cloudflare sandbox environments require bridgeBaseUrl."); + } else { + try { + const url = new URL(config.bridgeBaseUrl); + if (url.protocol !== "https:" && !(url.protocol === "http:" && isLocalBridgeHost(url))) { + errors.push("bridgeBaseUrl must use HTTPS unless it points at localhost."); + } + } catch { + errors.push("bridgeBaseUrl must be a valid URL."); + } + } + + if (!config.bridgeAuthToken) { + errors.push("Cloudflare sandbox environments require bridgeAuthToken."); + } + + if (config.reuseLease && !config.keepAlive) { + errors.push("reuseLease requires keepAlive for Cloudflare sandboxes."); + } + + if (config.timeoutMs < 1 || config.timeoutMs > 86_400_000) { + errors.push("timeoutMs must be between 1 and 86400000."); + } + + if (config.bridgeRequestTimeoutMs < 1 || config.bridgeRequestTimeoutMs > 86_400_000) { + errors.push("bridgeRequestTimeoutMs must be between 1 and 86400000."); + } + + if (!config.requestedCwd.startsWith("/")) { + errors.push("requestedCwd must be an absolute POSIX path."); + } + + if (config.sessionStrategy === "named" && config.sessionId.trim().length === 0) { + errors.push("sessionId is required when sessionStrategy is named."); + } + + return errors; +} diff --git a/packages/plugins/sandbox-providers/cloudflare/src/index.ts b/packages/plugins/sandbox-providers/cloudflare/src/index.ts new file mode 100644 index 00000000..f7ce1cc1 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/index.ts @@ -0,0 +1,2 @@ +export { default as manifest } from "./manifest.js"; +export { default as plugin } from "./plugin.js"; diff --git a/packages/plugins/sandbox-providers/cloudflare/src/manifest.ts b/packages/plugins/sandbox-providers/cloudflare/src/manifest.ts new file mode 100644 index 00000000..21f3ddda --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/manifest.ts @@ -0,0 +1,97 @@ +import type { PaperclipPluginManifestV1 } from "@paperclipai/plugin-sdk"; + +const PLUGIN_ID = "paperclip.cloudflare-sandbox-provider"; +const PLUGIN_VERSION = "0.1.0"; + +const manifest: PaperclipPluginManifestV1 = { + id: PLUGIN_ID, + apiVersion: 1, + version: PLUGIN_VERSION, + displayName: "Cloudflare Sandbox Provider", + description: + "First-party sandbox provider plugin that provisions Cloudflare sandboxes through an operator-deployed Worker bridge.", + author: "Paperclip", + categories: ["automation"], + capabilities: ["environment.drivers.register"], + entrypoints: { + worker: "./dist/worker.js", + }, + environmentDrivers: [ + { + driverKey: "cloudflare", + kind: "sandbox_provider", + displayName: "Cloudflare Sandbox", + description: + "Runs Paperclip sandbox environments through a Cloudflare Worker bridge backed by the Sandbox SDK and Durable Objects.", + configSchema: { + type: "object", + properties: { + bridgeBaseUrl: { + type: "string", + format: "uri", + description: "Base URL of the operator-deployed Cloudflare Worker bridge.", + }, + bridgeAuthToken: { + type: "string", + format: "secret-ref", + description: + "Bearer token used by the provider plugin when calling the Cloudflare bridge. Pasted values are stored as company secrets.", + }, + reuseLease: { + type: "boolean", + default: false, + description: "Reuse a sandbox by environment ID instead of creating one per run.", + }, + keepAlive: { + type: "boolean", + default: false, + description: "Prevent Cloudflare from idling the container between requests.", + }, + sleepAfter: { + type: "string", + default: "10m", + description: "Idle timeout passed to getSandbox(). Ignored when keepAlive is true.", + }, + normalizeId: { + type: "boolean", + default: true, + description: "Lowercase and normalize sandbox IDs for operator-friendly naming.", + }, + requestedCwd: { + type: "string", + default: "/workspace/paperclip", + description: "Workspace directory to create inside the sandbox lease.", + }, + sessionStrategy: { + type: "string", + enum: ["named", "default"], + default: "named", + description: "Whether to run commands in a stable named session or the default session.", + }, + sessionId: { + type: "string", + default: "paperclip", + description: "Named Cloudflare session ID used when sessionStrategy is named.", + }, + timeoutMs: { + type: "number", + default: 300000, + description: "Default per-command timeout passed through to the bridge.", + }, + bridgeRequestTimeoutMs: { + type: "number", + default: 30000, + description: "HTTP timeout for plugin-to-bridge requests.", + }, + previewHostname: { + type: "string", + description: "Optional hostname reserved for future preview URL support.", + }, + }, + required: ["bridgeBaseUrl", "bridgeAuthToken"], + }, + }, + ], +}; + +export default manifest; diff --git a/packages/plugins/sandbox-providers/cloudflare/src/plugin.test.ts b/packages/plugins/sandbox-providers/cloudflare/src/plugin.test.ts new file mode 100644 index 00000000..4452e97b --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/plugin.test.ts @@ -0,0 +1,323 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; +import plugin from "./plugin.js"; + +const fetchMock = vi.fn(); + +function jsonResponse(body: unknown, status = 200): Response { + return new Response(JSON.stringify(body), { + status, + headers: { "Content-Type": "application/json" }, + }); +} + +function requestInitAt(index = 0): RequestInit { + return fetchMock.mock.calls[index]?.[1] as RequestInit; +} + +function requestHeadersAt(index = 0): Headers { + return requestInitAt(index).headers as Headers; +} + +function requestBodyAt(index = 0): Record { + return JSON.parse(String(requestInitAt(index).body ?? "{}")) as Record; +} + +describe("Cloudflare sandbox provider plugin", () => { + beforeEach(() => { + fetchMock.mockReset(); + vi.stubGlobal("fetch", fetchMock); + }); + + it("declares the Cloudflare environment lifecycle handlers", async () => { + expect(await plugin.definition.onHealth?.()).toEqual({ + status: "ok", + message: "Cloudflare sandbox provider plugin healthy", + }); + expect(plugin.definition.onEnvironmentAcquireLease).toBeTypeOf("function"); + expect(plugin.definition.onEnvironmentExecute).toBeTypeOf("function"); + }); + + it("normalizes and validates Cloudflare config", async () => { + const result = await plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "cloudflare", + config: { + bridgeBaseUrl: " https://bridge.example.workers.dev/ ", + bridgeAuthToken: " secret-ref://bridge-token ", + reuseLease: true, + keepAlive: true, + normalizeId: false, + requestedCwd: " /workspace/custom ", + sessionStrategy: "default", + timeoutMs: "450000.9", + bridgeRequestTimeoutMs: "40000.1", + }, + }); + + expect(result).toEqual({ + ok: true, + normalizedConfig: { + bridgeBaseUrl: "https://bridge.example.workers.dev/", + bridgeAuthToken: "secret-ref://bridge-token", + reuseLease: true, + keepAlive: true, + sleepAfter: "10m", + normalizeId: false, + requestedCwd: "/workspace/custom", + sessionStrategy: "default", + sessionId: "paperclip", + timeoutMs: 450000, + bridgeRequestTimeoutMs: 40000, + previewHostname: null, + }, + }); + }); + + it("rejects insecure or contradictory config", async () => { + await expect(plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "cloudflare", + config: { + bridgeBaseUrl: "http://bridge.example.workers.dev", + bridgeAuthToken: "secret-ref://bridge-token", + reuseLease: true, + keepAlive: false, + requestedCwd: "workspace/not-absolute", + }, + })).resolves.toEqual({ + ok: false, + errors: [ + "bridgeBaseUrl must use HTTPS unless it points at localhost.", + "reuseLease requires keepAlive for Cloudflare sandboxes.", + "requestedCwd must be an absolute POSIX path.", + ], + }); + }); + + it("maps acquire lease responses from the bridge", async () => { + fetchMock.mockResolvedValueOnce( + jsonResponse({ + providerLeaseId: "pc-run-1-abcd1234", + metadata: { + provider: "cloudflare", + remoteCwd: "/workspace/paperclip", + resumedLease: false, + }, + }), + ); + + const lease = await plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "cloudflare", + companyId: "company-1", + environmentId: "env-1", + issueId: "issue-1", + runId: "run-1", + requestedCwd: "/workspace/paperclip", + config: { + bridgeBaseUrl: "https://bridge.example.workers.dev", + bridgeAuthToken: "resolved-token", + }, + }); + + expect(lease).toEqual({ + providerLeaseId: "pc-run-1-abcd1234", + metadata: { + provider: "cloudflare", + remoteCwd: "/workspace/paperclip", + resumedLease: false, + }, + }); + expect(fetchMock).toHaveBeenCalledWith( + "https://bridge.example.workers.dev/api/paperclip-sandbox/v1/leases/acquire", + expect.objectContaining({ + method: "POST", + headers: expect.any(Headers), + }), + ); + expect(requestHeadersAt().get("X-Paperclip-Run-Id")).toBe("run-1"); + expect(requestHeadersAt().get("X-Paperclip-Environment-Id")).toBe("env-1"); + expect(requestHeadersAt().get("X-Paperclip-Issue-Id")).toBe("issue-1"); + expect(requestBodyAt()).toMatchObject({ + environmentId: "env-1", + runId: "run-1", + issueId: "issue-1", + requestedCwd: "/workspace/paperclip", + }); + }); + + it("returns expired lease semantics when resume reports lost state", async () => { + fetchMock.mockResolvedValueOnce( + jsonResponse( + { + error: "sandbox_state_lost", + message: "Cloudflare sandbox state is no longer available.", + }, + 409, + ), + ); + + const lease = await plugin.definition.onEnvironmentResumeLease?.({ + driverKey: "cloudflare", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "pc-env-env-1", + leaseMetadata: { remoteCwd: "/workspace/paperclip" }, + config: { + bridgeBaseUrl: "https://bridge.example.workers.dev", + bridgeAuthToken: "resolved-token", + }, + }); + + expect(lease).toEqual({ + providerLeaseId: null, + metadata: { + provider: "cloudflare", + expired: true, + }, + }); + }); + + it("passes bridge execute results through unchanged", async () => { + fetchMock.mockResolvedValueOnce( + jsonResponse({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "/workspace/paperclip\n", + stderr: "", + }), + ); + + const result = await plugin.definition.onEnvironmentExecute?.({ + driverKey: "cloudflare", + companyId: "company-1", + environmentId: "env-1", + lease: { providerLeaseId: "pc-run-1-abcd1234", metadata: {} }, + command: "pwd", + args: [], + cwd: "/workspace/paperclip", + config: { + bridgeBaseUrl: "https://bridge.example.workers.dev", + bridgeAuthToken: "resolved-token", + }, + }); + + expect(result).toEqual({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "/workspace/paperclip\n", + stderr: "", + }); + }); + + it("routes bridge-channel execute calls through a dedicated session", async () => { + fetchMock.mockResolvedValueOnce( + jsonResponse({ + exitCode: 0, + signal: null, + timedOut: false, + stdout: "ok\n", + stderr: "", + }), + ); + + await plugin.definition.onEnvironmentExecute?.({ + driverKey: "cloudflare", + companyId: "company-1", + environmentId: "env-1", + lease: { providerLeaseId: "pc-run-1-abcd1234", metadata: {} }, + command: "sh", + args: ["-lc", "ls"], + cwd: "/workspace/paperclip", + env: { + PAPERCLIP_SANDBOX_EXEC_CHANNEL: "bridge", + KEEP_ME: "visible", + }, + config: { + bridgeBaseUrl: "https://bridge.example.workers.dev", + bridgeAuthToken: "resolved-token", + sessionStrategy: "default", + sessionId: "paperclip", + }, + }); + + expect(requestBodyAt()).toMatchObject({ + sessionStrategy: "named", + sessionId: "paperclip-bridge", + env: { + KEEP_ME: "visible", + }, + }); + expect(requestBodyAt().env).not.toHaveProperty("PAPERCLIP_SANDBOX_EXEC_CHANNEL"); + }); + + it("maps lost-lease execute errors into a deterministic command failure", async () => { + fetchMock.mockResolvedValueOnce( + jsonResponse( + { + error: "sandbox_state_lost", + message: "Cloudflare sandbox state is no longer available.", + }, + 409, + ), + ); + + const result = await plugin.definition.onEnvironmentExecute?.({ + driverKey: "cloudflare", + companyId: "company-1", + environmentId: "env-1", + lease: { providerLeaseId: "pc-run-1-abcd1234", metadata: {} }, + command: "pwd", + args: [], + cwd: "/workspace/paperclip", + config: { + bridgeBaseUrl: "https://bridge.example.workers.dev", + bridgeAuthToken: "resolved-token", + }, + }); + + expect(result).toEqual({ + exitCode: 1, + signal: null, + timedOut: false, + stdout: "", + stderr: "Cloudflare sandbox state is no longer available.\n", + }); + }); + + it("wraps realizeWorkspace bridge failures and forwards the issue header", async () => { + fetchMock.mockResolvedValueOnce( + jsonResponse( + { + error: "command_failed", + message: "mkdir: permission denied", + }, + 500, + ), + ); + + await expect(plugin.definition.onEnvironmentRealizeWorkspace?.({ + driverKey: "cloudflare", + companyId: "company-1", + environmentId: "env-1", + issueId: "issue-1", + lease: { + providerLeaseId: "pc-run-1-abcd1234", + metadata: { remoteCwd: "/workspace/paperclip" }, + }, + workspace: { + localPath: "/tmp/project", + metadata: { + workspaceRealizationRequest: { + issueId: "issue-1", + }, + }, + }, + config: { + bridgeBaseUrl: "https://bridge.example.workers.dev", + bridgeAuthToken: "resolved-token", + }, + })).rejects.toThrow("Failed to prepare Cloudflare sandbox workspace at /workspace/paperclip: mkdir: permission denied"); + + expect(requestHeadersAt().get("X-Paperclip-Issue-Id")).toBe("issue-1"); + }); +}); diff --git a/packages/plugins/sandbox-providers/cloudflare/src/plugin.ts b/packages/plugins/sandbox-providers/cloudflare/src/plugin.ts new file mode 100644 index 00000000..ad579a45 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/plugin.ts @@ -0,0 +1,351 @@ +import { definePlugin } from "@paperclipai/plugin-sdk"; +import type { + PluginLogger, + PluginEnvironmentAcquireLeaseParams, + PluginEnvironmentDestroyLeaseParams, + PluginEnvironmentExecuteParams, + PluginEnvironmentExecuteResult, + PluginEnvironmentLease, + PluginEnvironmentProbeParams, + PluginEnvironmentProbeResult, + PluginEnvironmentRealizeWorkspaceParams, + PluginEnvironmentRealizeWorkspaceResult, + PluginEnvironmentReleaseLeaseParams, + PluginEnvironmentResumeLeaseParams, + PluginEnvironmentValidateConfigParams, + PluginEnvironmentValidationResult, +} from "@paperclipai/plugin-sdk"; +import { CloudflareBridgeError, createCloudflareBridgeClient } from "./bridge-client.js"; +import { + parseCloudflareDriverConfig, + validateCloudflareDriverConfig, +} from "./config.js"; + +const SANDBOX_EXEC_CHANNEL_ENV = "PAPERCLIP_SANDBOX_EXEC_CHANNEL"; +const SANDBOX_EXEC_CHANNEL_BRIDGE = "bridge"; +const CLOUDFLARE_EXEC_STDOUT_PREFIX = "[cloudflare exec stdout]"; +const CLOUDFLARE_EXEC_STDERR_PREFIX = "[cloudflare exec stderr]"; + +function isLostLeaseError(error: unknown): boolean { + return error instanceof CloudflareBridgeError && (error.status === 404 || error.status === 409); +} + +function bridgeClientFor(rawConfig: Record) { + const config = parseCloudflareDriverConfig(rawConfig); + return { + config, + client: createCloudflareBridgeClient({ config }), + }; +} + +function lostLeaseExecuteResult(error: CloudflareBridgeError): PluginEnvironmentExecuteResult { + return { + exitCode: 1, + timedOut: false, + signal: null, + stdout: "", + stderr: + error.message.trim().length > 0 + ? `${error.message}\n` + : "Cloudflare sandbox lease is no longer available.\n", + }; +} + +function readIssueId(value: unknown): string | null { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function resolveWorkspaceIssueId(params: PluginEnvironmentRealizeWorkspaceParams): string | null { + const directIssueId = readIssueId(params.issueId); + if (directIssueId) return directIssueId; + + const request = params.workspace.metadata?.workspaceRealizationRequest; + if (!request || typeof request !== "object" || Array.isArray(request)) return null; + return readIssueId((request as { issueId?: unknown }).issueId); +} + +function wrapWorkspacePreparationError(remoteCwd: string, error: unknown): Error { + const message = error instanceof Error ? error.message : String(error); + return new Error(`Failed to prepare Cloudflare sandbox workspace at ${remoteCwd}: ${message}`); +} + +function resolveRemoteCwd( + config: ReturnType, + params: PluginEnvironmentRealizeWorkspaceParams, +): string { + const leaseRemoteCwd = + typeof params.lease.metadata?.remoteCwd === "string" && params.lease.metadata.remoteCwd.trim().length > 0 + ? params.lease.metadata.remoteCwd.trim() + : null; + return leaseRemoteCwd ?? params.workspace.remotePath ?? params.workspace.localPath ?? config.requestedCwd; +} + +function resolveExecuteSession( + config: ReturnType, + env: Record | undefined, +) { + if (env?.[SANDBOX_EXEC_CHANNEL_ENV] !== SANDBOX_EXEC_CHANNEL_BRIDGE) { + return { + sessionStrategy: config.sessionStrategy, + sessionId: config.sessionId, + } as const; + } + + const baseSessionId = config.sessionId.trim().length > 0 ? config.sessionId : "paperclip"; + return { + sessionStrategy: "named" as const, + sessionId: `${baseSessionId}-bridge`, + }; +} + +function sanitizeExecuteEnv(env: Record | undefined) { + if (!env || !(SANDBOX_EXEC_CHANNEL_ENV in env)) { + return env; + } + const nextEnv = { ...env }; + delete nextEnv[SANDBOX_EXEC_CHANNEL_ENV]; + return nextEnv; +} + +function logCloudflareExecChunk( + logger: PluginLogger | null, + stream: "stdout" | "stderr", + chunk: string, +) { + if (!logger || chunk.length === 0) return; + const lines = chunk + .replace(/\r\n/g, "\n") + .split("\n") + .filter((line) => line.trim().length > 0); + for (const line of lines) { + if (stream === "stderr") { + logger.warn(`${CLOUDFLARE_EXEC_STDERR_PREFIX} ${line}`); + } else { + logger.info(`${CLOUDFLARE_EXEC_STDOUT_PREFIX} ${line}`); + } + } +} + +let pluginLogger: PluginLogger | null = null; + +const plugin = definePlugin({ + async setup(ctx) { + pluginLogger = ctx.logger; + ctx.logger.info("Cloudflare sandbox provider plugin ready"); + }, + + async onHealth() { + return { status: "ok", message: "Cloudflare sandbox provider plugin healthy" }; + }, + + async onEnvironmentValidateConfig( + params: PluginEnvironmentValidateConfigParams, + ): Promise { + const config = parseCloudflareDriverConfig(params.config); + const errors = validateCloudflareDriverConfig(config); + if (errors.length > 0) { + return { ok: false, errors }; + } + return { + ok: true, + normalizedConfig: { ...config }, + }; + }, + + async onEnvironmentProbe( + params: PluginEnvironmentProbeParams, + ): Promise { + const { config, client } = bridgeClientFor(params.config); + try { + const result = await client.probe( + { + requestedCwd: config.requestedCwd, + keepAlive: config.keepAlive, + sleepAfter: config.sleepAfter, + normalizeId: config.normalizeId, + sessionStrategy: config.sessionStrategy, + sessionId: config.sessionId, + timeoutMs: config.timeoutMs, + }, + { environmentId: params.environmentId, issueId: params.issueId }, + ); + return result; + } catch (error) { + const message = error instanceof Error ? error.message : String(error); + return { + ok: false, + summary: "Cloudflare sandbox bridge probe failed.", + metadata: { + provider: "cloudflare", + error: message, + }, + }; + } + }, + + async onEnvironmentAcquireLease( + params: PluginEnvironmentAcquireLeaseParams, + ): Promise { + const { config, client } = bridgeClientFor(params.config); + return await client.acquireLease( + { + environmentId: params.environmentId, + runId: params.runId, + issueId: params.issueId, + reuseLease: config.reuseLease, + keepAlive: config.keepAlive, + sleepAfter: config.sleepAfter, + normalizeId: config.normalizeId, + requestedCwd: params.requestedCwd?.trim() || config.requestedCwd, + sessionStrategy: config.sessionStrategy, + sessionId: config.sessionId, + timeoutMs: config.timeoutMs, + }, + { environmentId: params.environmentId, runId: params.runId, issueId: params.issueId }, + ); + }, + + async onEnvironmentResumeLease( + params: PluginEnvironmentResumeLeaseParams, + ): Promise { + const { config, client } = bridgeClientFor(params.config); + try { + return await client.resumeLease( + { + providerLeaseId: params.providerLeaseId, + requestedCwd: + typeof params.leaseMetadata?.remoteCwd === "string" && params.leaseMetadata.remoteCwd.trim().length > 0 + ? params.leaseMetadata.remoteCwd.trim() + : config.requestedCwd, + sessionStrategy: config.sessionStrategy, + sessionId: config.sessionId, + keepAlive: config.keepAlive, + sleepAfter: config.sleepAfter, + normalizeId: config.normalizeId, + timeoutMs: config.timeoutMs, + }, + { environmentId: params.environmentId, issueId: params.issueId }, + ); + } catch (error) { + if (isLostLeaseError(error)) { + return { + providerLeaseId: null, + metadata: { + provider: "cloudflare", + expired: true, + }, + }; + } + throw error; + } + }, + + async onEnvironmentReleaseLease( + params: PluginEnvironmentReleaseLeaseParams, + ): Promise { + if (!params.providerLeaseId) return; + const { config, client } = bridgeClientFor(params.config); + await client.releaseLease( + { + providerLeaseId: params.providerLeaseId, + reuseLease: config.reuseLease, + keepAlive: config.keepAlive, + }, + { environmentId: params.environmentId, issueId: params.issueId }, + ); + }, + + async onEnvironmentDestroyLease( + params: PluginEnvironmentDestroyLeaseParams, + ): Promise { + if (!params.providerLeaseId) return; + const { client } = bridgeClientFor(params.config); + await client.destroyLease(params.providerLeaseId, { + environmentId: params.environmentId, + issueId: params.issueId, + }); + }, + + async onEnvironmentRealizeWorkspace( + params: PluginEnvironmentRealizeWorkspaceParams, + ): Promise { + const { config, client } = bridgeClientFor(params.config); + const remoteCwd = resolveRemoteCwd(config, params); + const issueId = resolveWorkspaceIssueId(params); + + if (params.lease.providerLeaseId) { + try { + await client.execute( + { + providerLeaseId: params.lease.providerLeaseId, + command: "mkdir", + args: ["-p", remoteCwd], + cwd: "/", + timeoutMs: config.timeoutMs, + sessionStrategy: config.sessionStrategy, + sessionId: config.sessionId, + }, + { environmentId: params.environmentId, issueId }, + ); + } catch (error) { + throw wrapWorkspacePreparationError(remoteCwd, error); + } + } + + return { + cwd: remoteCwd, + metadata: { + provider: "cloudflare", + remoteCwd, + }, + }; + }, + + async onEnvironmentExecute( + params: PluginEnvironmentExecuteParams, + ): Promise { + if (!params.lease.providerLeaseId) { + return { + exitCode: 1, + timedOut: false, + signal: null, + stdout: "", + stderr: "No provider lease ID available for execution.\n", + }; + } + + const { config, client } = bridgeClientFor(params.config); + const session = resolveExecuteSession(config, params.env); + try { + const streamingOptions = pluginLogger + ? { + onOutput: async (stream: "stdout" | "stderr", chunk: string) => { + logCloudflareExecChunk(pluginLogger, stream, chunk); + }, + } + : undefined; + return await client.execute( + { + providerLeaseId: params.lease.providerLeaseId, + command: params.command, + args: params.args, + cwd: params.cwd, + env: sanitizeExecuteEnv(params.env), + stdin: params.stdin ?? null, + timeoutMs: params.timeoutMs ?? config.timeoutMs, + sessionStrategy: session.sessionStrategy, + sessionId: session.sessionId, + }, + { environmentId: params.environmentId, issueId: params.issueId }, + streamingOptions, + ); + } catch (error) { + if (error instanceof CloudflareBridgeError && isLostLeaseError(error)) { + return lostLeaseExecuteResult(error); + } + throw error; + } + }, +}); + +export default plugin; diff --git a/packages/plugins/sandbox-providers/cloudflare/src/types.ts b/packages/plugins/sandbox-providers/cloudflare/src/types.ts new file mode 100644 index 00000000..f1409dc2 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/types.ts @@ -0,0 +1,99 @@ +export interface CloudflareDriverConfig { + bridgeBaseUrl: string; + bridgeAuthToken: string; + reuseLease: boolean; + keepAlive: boolean; + sleepAfter: string; + normalizeId: boolean; + requestedCwd: string; + sessionStrategy: "named" | "default"; + sessionId: string; + timeoutMs: number; + bridgeRequestTimeoutMs: number; + previewHostname: string | null; +} + +export interface CloudflareBridgeHealthResponse { + ok: boolean; + provider: "cloudflare"; + bridgeVersion: string; + capabilities: { + reuseLease: boolean; + namedSessions: boolean; + previewUrls: boolean; + }; +} + +export interface CloudflareBridgeProbeRequest { + requestedCwd: string; + keepAlive: boolean; + sleepAfter: string; + normalizeId: boolean; + sessionStrategy: CloudflareDriverConfig["sessionStrategy"]; + sessionId: string; + timeoutMs: number; +} + +export interface CloudflareBridgeProbeResponse { + ok: boolean; + summary: string; + metadata?: Record; +} + +export interface CloudflareBridgeAcquireLeaseRequest { + environmentId: string; + runId: string; + issueId?: string | null; + reuseLease: boolean; + keepAlive: boolean; + sleepAfter: string; + normalizeId: boolean; + requestedCwd: string; + sessionStrategy: CloudflareDriverConfig["sessionStrategy"]; + sessionId: string; + timeoutMs: number; +} + +export interface CloudflareBridgeResumeLeaseRequest { + providerLeaseId: string; + requestedCwd: string; + sessionStrategy: CloudflareDriverConfig["sessionStrategy"]; + sessionId: string; + keepAlive: boolean; + sleepAfter: string; + normalizeId: boolean; + timeoutMs: number; +} + +export interface CloudflareBridgeReleaseLeaseRequest { + providerLeaseId: string; + reuseLease: boolean; + keepAlive: boolean; +} + +export interface CloudflareBridgeLeaseResponse { + providerLeaseId: string; + metadata?: Record; +} + +export interface CloudflareBridgeExecuteRequest { + providerLeaseId: string; + command: string; + args?: string[]; + cwd?: string; + env?: Record; + stdin?: string | null; + timeoutMs?: number; + streamOutput?: boolean; + sessionStrategy: CloudflareDriverConfig["sessionStrategy"]; + sessionId: string; +} + +export interface CloudflareBridgeExecuteResponse { + exitCode: number | null; + signal?: string | null; + timedOut: boolean; + stdout: string; + stderr: string; + metadata?: Record; +} diff --git a/packages/plugins/sandbox-providers/cloudflare/src/worker.ts b/packages/plugins/sandbox-providers/cloudflare/src/worker.ts new file mode 100644 index 00000000..1e156024 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/src/worker.ts @@ -0,0 +1,5 @@ +import { runWorker } from "@paperclipai/plugin-sdk"; +import plugin from "./plugin.js"; + +export default plugin; +runWorker(plugin, import.meta.url); diff --git a/packages/plugins/sandbox-providers/cloudflare/tsconfig.json b/packages/plugins/sandbox-providers/cloudflare/tsconfig.json new file mode 100644 index 00000000..000e3293 --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/tsconfig.json @@ -0,0 +1,11 @@ +{ + "extends": "../../../../tsconfig.json", + "compilerOptions": { + "outDir": "dist", + "rootDir": "src", + "lib": ["ES2023"], + "types": ["node"] + }, + "include": ["src"], + "exclude": ["src/**/*.test.ts"] +} diff --git a/packages/plugins/sandbox-providers/cloudflare/vitest.config.ts b/packages/plugins/sandbox-providers/cloudflare/vitest.config.ts new file mode 100644 index 00000000..e431d04b --- /dev/null +++ b/packages/plugins/sandbox-providers/cloudflare/vitest.config.ts @@ -0,0 +1,8 @@ +import { defineConfig } from "vitest/config"; + +export default defineConfig({ + test: { + include: ["src/**/*.test.ts", "bridge-template/src/**/*.test.ts"], + environment: "node", + }, +}); diff --git a/packages/plugins/sandbox-providers/daytona/README.md b/packages/plugins/sandbox-providers/daytona/README.md new file mode 100644 index 00000000..4d557ee2 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/README.md @@ -0,0 +1,48 @@ +# `@paperclipai/plugin-daytona` + +Published Daytona sandbox provider plugin for Paperclip. + +This package lives in the Paperclip monorepo, but it is intentionally excluded from the root `pnpm` workspace and shaped to publish and install like a standalone npm package. That lets operators install it from the Plugins page by package name without introducing root lockfile churn for Daytona's SDK dependencies. + +## Install + +From a Paperclip instance, install: + +```text +@paperclipai/plugin-daytona +``` + +The host plugin installer runs `npm install` into the managed plugin directory, so transitive dependencies such as `@daytonaio/sdk` are pulled in during installation. + +## Configuration + +Configure Daytona from `Company Settings -> Environments`, not from the plugin's instance settings page. + +- Put the Daytona API key on the sandbox environment itself. +- When you save an environment, Paperclip stores pasted API keys as company secrets. +- `DAYTONA_API_KEY` remains an optional host-level fallback when an environment omits the key. +- Optional `apiUrl` and `target` settings map directly to the Daytona SDK/client configuration. If `apiUrl` is omitted, the Daytona SDK uses its default endpoint. + +Notes: + +- The current published Daytona SDK package is `@daytonaio/sdk`. +- The driver supports both `snapshot`-based and `image`-based sandbox creation. If both are set, validation rejects the config as ambiguous. +- Reusable leases map to Daytona stop/start semantics. Non-reusable leases are deleted on release. + +## Local development + +```bash +cd packages/plugins/sandbox-providers/daytona +pnpm install --ignore-workspace --no-lockfile +pnpm build +pnpm test +pnpm typecheck +``` + +These commands assume the repo root has already been installed once so the local `@paperclipai/plugin-sdk` workspace package is available to the compiler during development. + +## Package layout + +- `src/manifest.ts` declares the sandbox-provider driver metadata +- `src/plugin.ts` implements the environment lifecycle hooks +- `paperclipPlugin.manifest` and `paperclipPlugin.worker` point the host at the built plugin entrypoints in `dist/` diff --git a/packages/plugins/sandbox-providers/daytona/package.json b/packages/plugins/sandbox-providers/daytona/package.json new file mode 100644 index 00000000..d5039f58 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/package.json @@ -0,0 +1,61 @@ +{ + "name": "@paperclipai/plugin-daytona", + "version": "0.1.0", + "description": "Daytona sandbox provider plugin for Paperclip environments", + "license": "MIT", + "homepage": "https://github.com/paperclipai/paperclip", + "bugs": { + "url": "https://github.com/paperclipai/paperclip/issues" + }, + "repository": { + "type": "git", + "url": "https://github.com/paperclipai/paperclip", + "directory": "packages/plugins/sandbox-providers/daytona" + }, + "type": "module", + "exports": { + ".": "./src/index.ts" + }, + "publishConfig": { + "access": "public", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js" + } + }, + "main": "./dist/index.js", + "types": "./dist/index.d.ts" + }, + "files": [ + "dist" + ], + "paperclipPlugin": { + "manifest": "./dist/manifest.js", + "worker": "./dist/worker.js" + }, + "keywords": [ + "paperclip", + "plugin", + "sandbox", + "daytona" + ], + "scripts": { + "postinstall": "node ../../../../scripts/link-plugin-dev-sdk.mjs", + "prebuild": "pnpm -C ../../../.. --filter @paperclipai/plugin-sdk ensure-build-deps", + "build": "rm -rf dist && tsc", + "clean": "rm -rf dist", + "typecheck": "pnpm -C ../../../.. --filter @paperclipai/plugin-sdk ensure-build-deps && tsc --noEmit", + "test": "vitest run --config vitest.config.ts", + "prepack": "rm -f package.dev.json && cp package.json package.dev.json && node ../../../../scripts/generate-plugin-package-json.mjs", + "postpack": "if [ -f package.dev.json ]; then mv package.dev.json package.json; fi" + }, + "dependencies": { + "@daytonaio/sdk": "^0.171.0" + }, + "devDependencies": { + "@types/node": "^24.6.0", + "typescript": "^5.7.3", + "vitest": "^3.2.4" + } +} diff --git a/packages/plugins/sandbox-providers/daytona/src/index.ts b/packages/plugins/sandbox-providers/daytona/src/index.ts new file mode 100644 index 00000000..f7ce1cc1 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/src/index.ts @@ -0,0 +1,2 @@ +export { default as manifest } from "./manifest.js"; +export { default as plugin } from "./plugin.js"; diff --git a/packages/plugins/sandbox-providers/daytona/src/manifest.ts b/packages/plugins/sandbox-providers/daytona/src/manifest.ts new file mode 100644 index 00000000..ba92c4e5 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/src/manifest.ts @@ -0,0 +1,104 @@ +import type { PaperclipPluginManifestV1 } from "@paperclipai/plugin-sdk"; + +const PLUGIN_ID = "paperclip.daytona-sandbox-provider"; +const PLUGIN_VERSION = "0.1.0"; + +const manifest: PaperclipPluginManifestV1 = { + id: PLUGIN_ID, + apiVersion: 1, + version: PLUGIN_VERSION, + displayName: "Daytona Sandbox Provider", + description: + "First-party sandbox provider plugin that provisions Daytona sandboxes as Paperclip execution environments.", + author: "Paperclip", + categories: ["automation"], + capabilities: ["environment.drivers.register"], + entrypoints: { + worker: "./dist/worker.js", + }, + environmentDrivers: [ + { + driverKey: "daytona", + kind: "sandbox_provider", + displayName: "Daytona Sandbox", + description: + "Provisions Daytona sandboxes with configurable image or snapshot selection, startup timeouts, and lease reuse.", + configSchema: { + type: "object", + properties: { + apiKey: { + type: "string", + format: "secret-ref", + description: + "Environment-specific Daytona API key. Paste a key or an existing Paperclip secret reference; saved environments store pasted values as company secrets. Falls back to DAYTONA_API_KEY if omitted.", + }, + apiUrl: { + type: "string", + description: + "Optional Daytona API base URL. If omitted, the Daytona SDK uses its configured default endpoint.", + }, + target: { + type: "string", + description: "Optional Daytona target/region identifier.", + }, + snapshot: { + type: "string", + description: "Optional Daytona snapshot name to start from.", + }, + image: { + type: "string", + description: + "Optional base image or Daytona Image reference. If set, the sandbox is created from this image instead of a snapshot.", + }, + language: { + type: "string", + description: + "Optional Daytona language hint for direct code execution. If omitted, Daytona uses its default runtime.", + }, + cpu: { + type: "number", + description: "Optional CPU allocation in cores.", + }, + memory: { + type: "number", + description: "Optional memory allocation in GiB.", + }, + disk: { + type: "number", + description: "Optional disk allocation in GiB.", + }, + gpu: { + type: "number", + description: "Optional GPU allocation in units.", + }, + timeoutMs: { + type: "number", + description: "Timeout for Daytona create/start/stop/execute operations in milliseconds.", + default: 300000, + }, + autoStopInterval: { + type: "number", + description: "Optional Daytona auto-stop interval in minutes. `0` disables auto-stop.", + }, + autoArchiveInterval: { + type: "number", + description: "Optional Daytona auto-archive interval in minutes. `0` uses Daytona's max interval.", + }, + autoDeleteInterval: { + type: "number", + description: + "Optional Daytona auto-delete interval in minutes. `-1` disables auto-delete and `0` deletes immediately after stop.", + }, + reuseLease: { + type: "boolean", + description: + "Whether to stop and later resume the sandbox across runs instead of deleting it on release.", + default: false, + }, + }, + }, + }, + ], +}; + +export default manifest; diff --git a/packages/plugins/sandbox-providers/daytona/src/plugin.test.ts b/packages/plugins/sandbox-providers/daytona/src/plugin.test.ts new file mode 100644 index 00000000..389426a4 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/src/plugin.test.ts @@ -0,0 +1,499 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; + +const mockCreate = vi.hoisted(() => vi.fn()); +const mockGet = vi.hoisted(() => vi.fn()); +const { MockDaytonaNotFoundError, MockDaytonaTimeoutError } = vi.hoisted(() => { + class MockDaytonaNotFoundError extends Error {} + class MockDaytonaTimeoutError extends Error {} + return { MockDaytonaNotFoundError, MockDaytonaTimeoutError }; +}); + +vi.mock("@daytonaio/sdk", () => ({ + Daytona: class MockDaytona { + create = mockCreate; + get = mockGet; + constructor(_config?: unknown) {} + }, + DaytonaNotFoundError: MockDaytonaNotFoundError, + DaytonaTimeoutError: MockDaytonaTimeoutError, +})); + +import plugin from "./plugin.js"; + +function createMockSandbox(overrides: { + id?: string; + name?: string; + state?: string; + recoverable?: boolean; + workDir?: string; +} = {}) { + return { + id: overrides.id ?? "sandbox-123", + name: overrides.name ?? "paperclip-sandbox", + state: overrides.state ?? "started", + recoverable: overrides.recoverable ?? false, + target: "us", + errorReason: null, + getWorkDir: vi.fn().mockResolvedValue(overrides.workDir ?? "/home/daytona"), + getUserHomeDir: vi.fn().mockResolvedValue("/home/daytona"), + start: vi.fn().mockResolvedValue(undefined), + stop: vi.fn().mockResolvedValue(undefined), + recover: vi.fn().mockResolvedValue(undefined), + delete: vi.fn().mockResolvedValue(undefined), + fs: { + createFolder: vi.fn().mockResolvedValue(undefined), + uploadFile: vi.fn().mockResolvedValue(undefined), + deleteFile: vi.fn().mockResolvedValue(undefined), + }, + process: { + executeCommand: vi.fn().mockResolvedValue({ + exitCode: 0, + result: "bash", + artifacts: { stdout: "bash" }, + }), + }, + }; +} + +describe("Daytona sandbox provider plugin", () => { + beforeEach(() => { + mockCreate.mockReset(); + mockGet.mockReset(); + vi.restoreAllMocks(); + delete process.env.DAYTONA_API_KEY; + }); + + it("declares environment lifecycle handlers", async () => { + expect(await plugin.definition.onHealth?.()).toEqual({ + status: "ok", + message: "Daytona sandbox provider plugin healthy", + }); + expect(plugin.definition.onEnvironmentAcquireLease).toBeTypeOf("function"); + expect(plugin.definition.onEnvironmentExecute).toBeTypeOf("function"); + }); + + it("normalizes config and validates the API key fallback", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + + const result = await plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "daytona", + config: { + apiKey: " explicit-key ", + apiUrl: " https://app.daytona.io/api ", + target: " us ", + snapshot: " base-snapshot ", + language: " typescript ", + timeoutMs: "450000.9", + autoStopInterval: "15", + autoArchiveInterval: "60", + autoDeleteInterval: "-1", + reuseLease: true, + }, + }); + + expect(result).toEqual({ + ok: true, + normalizedConfig: { + apiKey: "explicit-key", + apiUrl: "https://app.daytona.io/api", + target: "us", + snapshot: "base-snapshot", + image: null, + language: "typescript", + timeoutMs: 450000, + cpu: null, + memory: null, + disk: null, + gpu: null, + autoStopInterval: 15, + autoArchiveInterval: 60, + autoDeleteInterval: -1, + reuseLease: true, + }, + }); + }); + + it("rejects ambiguous or invalid config", async () => { + await expect(plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "daytona", + config: { + apiUrl: "not-a-url", + image: "node:20", + snapshot: "snapshot-a", + timeoutMs: 0, + }, + })).resolves.toEqual({ + ok: false, + errors: [ + "Daytona sandbox environments must set either image or snapshot, not both.", + "apiUrl must be a valid URL.", + "timeoutMs must be between 1 and 86400000.", + "Daytona sandbox environments require an API key in config or DAYTONA_API_KEY.", + ], + }); + }); + + it("probes by creating and then deleting a sandbox", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + mockCreate.mockResolvedValue(sandbox); + + const result = await plugin.definition.onEnvironmentProbe?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + config: { + snapshot: "base-snapshot", + timeoutMs: 300000, + reuseLease: false, + }, + }); + + expect(mockCreate).toHaveBeenCalled(); + expect(sandbox.fs.createFolder).toHaveBeenCalledWith("/home/daytona/paperclip-workspace", "755"); + expect(sandbox.delete).toHaveBeenCalledWith(300); + expect(result).toMatchObject({ + ok: true, + metadata: { + provider: "daytona", + shellCommand: "bash", + sandboxId: "sandbox-123", + remoteCwd: "/home/daytona/paperclip-workspace", + }, + }); + }); + + it("acquires a lease from a created sandbox", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + mockCreate.mockResolvedValue(sandbox); + + const lease = await plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + image: "node:20", + timeoutMs: 300000, + reuseLease: true, + }, + }); + + expect(lease).toMatchObject({ + providerLeaseId: "sandbox-123", + metadata: { + provider: "daytona", + shellCommand: "bash", + sandboxId: "sandbox-123", + remoteCwd: "/home/daytona/paperclip-workspace", + reuseLease: true, + }, + }); + }); + + it("deletes the sandbox if lease setup throws after sandbox creation", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + sandbox.getWorkDir.mockRejectedValue(new Error("workdir lookup failed")); + mockCreate.mockResolvedValue(sandbox); + + await expect( + plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + image: "node:20", + timeoutMs: 300000, + reuseLease: true, + }, + }), + ).rejects.toThrow("workdir lookup failed"); + + expect(sandbox.delete).toHaveBeenCalledTimes(1); + }); + + it("falls back to sh metadata when bash is not present in the sandbox image", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + sandbox.process.executeCommand.mockResolvedValue({ + exitCode: 0, + result: "sh", + artifacts: { stdout: "sh" }, + }); + mockCreate.mockResolvedValue(sandbox); + + const lease = await plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + image: "busybox:latest", + timeoutMs: 300000, + reuseLease: true, + }, + }); + + expect(lease).toMatchObject({ + metadata: { + shellCommand: "sh", + }, + }); + }); + + it("deletes the sandbox if resume setup throws after the sandbox starts", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox({ id: "sandbox-resume", state: "stopped" }); + sandbox.getWorkDir.mockRejectedValue(new Error("workdir lookup failed")); + mockGet.mockResolvedValue(sandbox); + + await expect( + plugin.definition.onEnvironmentResumeLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "sandbox-resume", + config: { + timeoutMs: 300000, + reuseLease: true, + }, + }), + ).rejects.toThrow("workdir lookup failed"); + + expect(sandbox.start).toHaveBeenCalled(); + expect(sandbox.delete).toHaveBeenCalledTimes(1); + }); + + it("marks missing reusable leases as expired on resume", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + mockGet.mockRejectedValue(new MockDaytonaNotFoundError("missing")); + + await expect(plugin.definition.onEnvironmentResumeLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "sandbox-123", + config: { + timeoutMs: 300000, + reuseLease: true, + }, + })).resolves.toEqual({ + providerLeaseId: null, + metadata: { expired: true }, + }); + }); + + it("stops reusable leases and deletes ephemeral leases on release", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const reusable = createMockSandbox({ id: "sandbox-reusable" }); + const ephemeral = createMockSandbox({ id: "sandbox-ephemeral" }); + mockGet.mockResolvedValueOnce(reusable).mockResolvedValueOnce(ephemeral); + + await plugin.definition.onEnvironmentReleaseLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "sandbox-reusable", + config: { + timeoutMs: 300000, + reuseLease: true, + }, + }); + await plugin.definition.onEnvironmentReleaseLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "sandbox-ephemeral", + config: { + timeoutMs: 300000, + reuseLease: false, + }, + }); + + expect(reusable.stop).toHaveBeenCalledWith(300); + expect(reusable.delete).not.toHaveBeenCalled(); + expect(ephemeral.delete).toHaveBeenCalledWith(300); + }); + + it("falls back to delete when stopping a reusable lease from an error state fails", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const errored = createMockSandbox({ id: "sandbox-error", state: "error" }); + errored.stop.mockRejectedValueOnce(new Error("stop failed")); + mockGet.mockResolvedValue(errored); + + await plugin.definition.onEnvironmentReleaseLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "sandbox-error", + config: { + timeoutMs: 300000, + reuseLease: true, + }, + }); + + expect(errored.stop).toHaveBeenCalledWith(300); + expect(errored.delete).toHaveBeenCalledWith(300); + }); + + it("falls back to delete when stopping a healthy reusable lease fails mid-call", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox({ id: "sandbox-running", state: "started" }); + sandbox.stop.mockRejectedValueOnce(new Error("api timeout")); + mockGet.mockResolvedValue(sandbox); + const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => undefined); + + await plugin.definition.onEnvironmentReleaseLease?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "sandbox-running", + config: { + timeoutMs: 300000, + reuseLease: true, + }, + }); + + expect(sandbox.stop).toHaveBeenCalledWith(300); + expect(sandbox.delete).toHaveBeenCalledWith(300); + expect(warnSpy).toHaveBeenCalled(); + }); + + it("executes commands one-shot and returns combined output via stdout", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + sandbox.process.executeCommand.mockResolvedValue({ + exitCode: 7, + result: "stdout\nstderr\n", + artifacts: { stdout: "stdout\nstderr\n" }, + }); + mockGet.mockResolvedValue(sandbox); + + const result = await plugin.definition.onEnvironmentExecute?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + config: { + timeoutMs: 300000, + reuseLease: false, + }, + lease: { providerLeaseId: "sandbox-123", metadata: {} }, + command: "printf", + args: ["hello"], + cwd: "/workspace", + env: { FOO: "bar" }, + timeoutMs: 1000, + }); + + expect(sandbox.process.executeCommand).toHaveBeenCalledTimes(1); + const [command, cwdArg, envArg, timeoutArg] = sandbox.process.executeCommand.mock.calls[0] as [string, unknown, unknown, number]; + expect(command).toMatch(/\/etc\/profile/); + expect(command).toMatch(/"\$HOME\/\.profile"/); + expect(command).toMatch(/cd '\/workspace'/); + expect(command).toMatch(/&& env FOO='bar' 'printf' 'hello'$/); + expect(command).not.toMatch(/(?:^|&& )exec /); + // cwd/env are baked into the login-shell command itself; we pass undefined + // to the SDK so it doesn't run the cd before profile sourcing. + expect(cwdArg).toBeUndefined(); + expect(envArg).toBeUndefined(); + expect(timeoutArg).toBe(1); + expect(result).toEqual({ + exitCode: 7, + timedOut: false, + stdout: "stdout\nstderr\n", + stderr: "", + }); + }); + + it("stages stdin in the sandbox filesystem when execution needs redirected input", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + mockGet.mockResolvedValue(sandbox); + + const result = await plugin.definition.onEnvironmentExecute?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + config: { + timeoutMs: 300000, + reuseLease: false, + }, + lease: { providerLeaseId: "sandbox-123", metadata: {} }, + command: "cat", + args: [], + cwd: "/workspace", + stdin: "input payload", + timeoutMs: 1000, + }); + + expect(sandbox.fs.uploadFile).toHaveBeenCalledWith( + Buffer.from("input payload", "utf8"), + expect.stringMatching(/^\/tmp\/paperclip-stdin-/), + 1, + ); + const [command] = sandbox.process.executeCommand.mock.calls[0] as [string]; + expect(command).toMatch(/\/etc\/profile/); + expect(command).toMatch(/cd '\/workspace'/); + expect(command).toMatch(/&& 'cat' < '\/tmp\/paperclip-stdin-/); + expect(command).not.toMatch(/(?:^|&& )exec /); + expect(sandbox.fs.deleteFile).toHaveBeenCalledWith(expect.stringMatching(/^\/tmp\/paperclip-stdin-/)); + expect(result).toMatchObject({ + exitCode: 0, + timedOut: false, + }); + }); + + it("rejects invalid shell env keys before execution", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + mockGet.mockResolvedValue(sandbox); + + await expect(plugin.definition.onEnvironmentExecute?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + config: { + timeoutMs: 300000, + reuseLease: false, + }, + lease: { providerLeaseId: "sandbox-123", metadata: {} }, + command: "printf", + args: ["hello"], + env: { "BAD-KEY": "bar" }, + })).rejects.toThrow("Invalid sandbox environment variable key: BAD-KEY"); + + expect(sandbox.process.executeCommand).not.toHaveBeenCalled(); + }); + + it("returns a timed out execute result when the Daytona SDK times out", async () => { + process.env.DAYTONA_API_KEY = "host-key"; + const sandbox = createMockSandbox(); + sandbox.process.executeCommand.mockRejectedValue(new MockDaytonaTimeoutError("command timed out")); + mockGet.mockResolvedValue(sandbox); + + const result = await plugin.definition.onEnvironmentExecute?.({ + driverKey: "daytona", + companyId: "company-1", + environmentId: "env-1", + config: { + timeoutMs: 300000, + reuseLease: false, + }, + lease: { providerLeaseId: "sandbox-123", metadata: {} }, + command: "sleep", + args: ["60"], + cwd: "/workspace", + timeoutMs: 1000, + }); + + expect(result).toEqual({ + exitCode: null, + timedOut: true, + stdout: "", + stderr: "command timed out\n", + }); + }); +}); diff --git a/packages/plugins/sandbox-providers/daytona/src/plugin.ts b/packages/plugins/sandbox-providers/daytona/src/plugin.ts new file mode 100644 index 00000000..2ea53ba6 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/src/plugin.ts @@ -0,0 +1,618 @@ +import path from "node:path"; +import { randomUUID } from "node:crypto"; +import { Daytona, DaytonaNotFoundError, DaytonaTimeoutError } from "@daytonaio/sdk"; +import type { + CreateSandboxBaseParams, + CreateSandboxFromImageParams, + CreateSandboxFromSnapshotParams, + DaytonaConfig, + Resources, + Sandbox, +} from "@daytonaio/sdk"; +import { definePlugin } from "@paperclipai/plugin-sdk"; +import type { + PluginEnvironmentAcquireLeaseParams, + PluginEnvironmentDestroyLeaseParams, + PluginEnvironmentExecuteParams, + PluginEnvironmentExecuteResult, + PluginEnvironmentLease, + PluginEnvironmentProbeParams, + PluginEnvironmentProbeResult, + PluginEnvironmentRealizeWorkspaceParams, + PluginEnvironmentRealizeWorkspaceResult, + PluginEnvironmentReleaseLeaseParams, + PluginEnvironmentResumeLeaseParams, + PluginEnvironmentValidateConfigParams, + PluginEnvironmentValidationResult, +} from "@paperclipai/plugin-sdk"; + +interface DaytonaDriverConfig { + apiKey: string | null; + apiUrl: string | null; + target: string | null; + snapshot: string | null; + image: string | null; + language: string | null; + timeoutMs: number; + cpu: number | null; + memory: number | null; + disk: number | null; + gpu: number | null; + autoStopInterval: number | null; + autoArchiveInterval: number | null; + autoDeleteInterval: number | null; + reuseLease: boolean; +} + +function parseOptionalString(value: unknown): string | null { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function parseOptionalInteger(value: unknown): number | null { + if (value == null || value === "") return null; + const parsed = Number(value); + return Number.isFinite(parsed) ? Math.trunc(parsed) : null; +} + +function parseOptionalNumber(value: unknown): number | null { + if (value == null || value === "") return null; + const parsed = Number(value); + return Number.isFinite(parsed) ? parsed : null; +} + +function parseDriverConfig(raw: Record): DaytonaDriverConfig { + const timeoutMs = Number(raw.timeoutMs ?? 300_000); + return { + apiKey: parseOptionalString(raw.apiKey), + apiUrl: parseOptionalString(raw.apiUrl), + target: parseOptionalString(raw.target), + snapshot: parseOptionalString(raw.snapshot), + image: parseOptionalString(raw.image), + language: parseOptionalString(raw.language), + timeoutMs: Number.isFinite(timeoutMs) ? Math.trunc(timeoutMs) : 300_000, + cpu: parseOptionalNumber(raw.cpu), + memory: parseOptionalNumber(raw.memory), + disk: parseOptionalNumber(raw.disk), + gpu: parseOptionalNumber(raw.gpu), + autoStopInterval: parseOptionalInteger(raw.autoStopInterval), + autoArchiveInterval: parseOptionalInteger(raw.autoArchiveInterval), + autoDeleteInterval: parseOptionalInteger(raw.autoDeleteInterval), + reuseLease: raw.reuseLease === true, + }; +} + +function resolveApiKey(config: DaytonaDriverConfig): string { + if (config.apiKey) { + return config.apiKey; + } + const envApiKey = process.env.DAYTONA_API_KEY?.trim() ?? ""; + if (!envApiKey) { + throw new Error("Daytona sandbox environments require an API key in config or DAYTONA_API_KEY."); + } + return envApiKey; +} + +function createDaytonaClient(config: DaytonaDriverConfig): Daytona { + const clientConfig: DaytonaConfig = { + apiKey: resolveApiKey(config), + }; + if (config.apiUrl) clientConfig.apiUrl = config.apiUrl; + if (config.target) clientConfig.target = config.target; + return new Daytona(clientConfig); +} + +function buildResources(config: DaytonaDriverConfig): Resources | undefined { + if (config.cpu == null && config.memory == null && config.disk == null && config.gpu == null) { + return undefined; + } + return { + cpu: config.cpu ?? undefined, + memory: config.memory ?? undefined, + disk: config.disk ?? undefined, + gpu: config.gpu ?? undefined, + }; +} + +function buildCreateParams( + config: DaytonaDriverConfig, + labels: Record, +): CreateSandboxFromImageParams | CreateSandboxFromSnapshotParams { + const base: CreateSandboxBaseParams = { + labels, + language: config.language ?? undefined, + autoStopInterval: config.autoStopInterval ?? undefined, + autoArchiveInterval: config.autoArchiveInterval ?? undefined, + autoDeleteInterval: config.autoDeleteInterval ?? undefined, + }; + if (config.image) { + return { + ...base, + image: config.image, + resources: buildResources(config), + }; + } + return { + ...base, + snapshot: config.snapshot ?? undefined, + }; +} + +function buildSandboxLabels(input: { + companyId: string; + environmentId: string; + runId?: string; + reuseLease: boolean; +}): Record { + return { + "paperclip-provider": "daytona", + "paperclip-company-id": input.companyId, + "paperclip-environment-id": input.environmentId, + "paperclip-reuse-lease": input.reuseLease ? "true" : "false", + ...(input.runId ? { "paperclip-run-id": input.runId } : {}), + }; +} + +function toTimeoutSeconds(timeoutMs: number): number { + return Math.max(1, Math.ceil(timeoutMs / 1000)); +} + +function resolveTimeoutMs(paramsTimeoutMs: number | undefined, config: DaytonaDriverConfig): number { + return paramsTimeoutMs != null && Number.isFinite(paramsTimeoutMs) && paramsTimeoutMs > 0 + ? Math.trunc(paramsTimeoutMs) + : config.timeoutMs; +} + +function formatErrorMessage(error: unknown): string { + return error instanceof Error ? error.message : String(error); +} + +function isValidUrl(value: string): boolean { + try { + new URL(value); + return true; + } catch { + return false; + } +} + +async function ensureSandboxStarted(sandbox: Sandbox, timeoutSeconds: number): Promise { + if (sandbox.state === "started") return; + if (sandbox.state === "error") { + if (sandbox.recoverable) { + await sandbox.recover(timeoutSeconds); + return; + } + throw new Error(`Daytona sandbox ${sandbox.id} is in an unrecoverable error state: ${sandbox.errorReason ?? "unknown error"}`); + } + await sandbox.start(timeoutSeconds); +} + +async function resolveSandboxWorkingDirectory(sandbox: Sandbox): Promise { + const root = (await sandbox.getWorkDir())?.trim() + || (await sandbox.getUserHomeDir())?.trim() + || "/home/daytona"; + const remoteCwd = path.posix.join(root, "paperclip-workspace"); + await sandbox.fs.createFolder(remoteCwd, "755"); + return remoteCwd; +} + +async function detectSandboxShellCommand(sandbox: Sandbox, timeoutSeconds: number): Promise<"bash" | "sh"> { + try { + const result = await sandbox.process.executeCommand( + "if command -v bash >/dev/null 2>&1; then printf bash; else printf sh; fi", + undefined, + undefined, + timeoutSeconds, + ); + return result.result?.trim() === "bash" ? "bash" : "sh"; + } catch { + return "sh"; + } +} + +function leaseMetadata(input: { + config: DaytonaDriverConfig; + sandbox: Sandbox; + shellCommand: "bash" | "sh"; + remoteCwd: string; + resumedLease: boolean; +}) { + return { + provider: "daytona", + shellCommand: input.shellCommand, + sandboxId: input.sandbox.id, + sandboxName: input.sandbox.name, + sandboxState: input.sandbox.state ?? null, + image: input.config.image, + snapshot: input.config.snapshot, + target: input.sandbox.target, + timeoutMs: input.config.timeoutMs, + reuseLease: input.config.reuseLease, + remoteCwd: input.remoteCwd, + resumedLease: input.resumedLease, + }; +} + +function shellQuote(value: string): string { + return `'${value.replace(/'/g, `'"'"'`)}'`; +} + +function isValidShellEnvKey(value: string): boolean { + return /^[A-Za-z_][A-Za-z0-9_]*$/.test(value); +} + +// Mirror the E2B sandbox executor: source common login profiles (and nvm) +// before running the command so Daytona one-shot calls see the same PATH an +// interactive shell would. Without this, adapter probes can fail to resolve +// CLIs that are installed via profile-driven PATH mutations inside the +// sandbox image. +function buildLoginShellScript(input: { + command: string; + args: string[]; + cwd?: string; + env?: Record; + stdinPath?: string; +}): string { + const env = input.env ?? {}; + for (const key of Object.keys(env)) { + if (!isValidShellEnvKey(key)) { + throw new Error(`Invalid sandbox environment variable key: ${key}`); + } + } + const envArgs = Object.entries(env) + .filter((entry): entry is [string, string] => typeof entry[1] === "string") + .map(([key, value]) => `${key}=${shellQuote(value)}`); + const commandParts = [shellQuote(input.command), ...input.args.map(shellQuote)].join(" "); + const redirectedCommand = input.stdinPath + ? `${commandParts} < ${shellQuote(input.stdinPath)}` + : commandParts; + // Each `executeCommand` call runs in its own shell, so we don't `exec`- + // replace it; running the command as the last `&&`-chained line is enough to + // surface the right exit code. Env is interpolated after profile sourcing so + // the caller's env wins over any defaults the profile exports. + const finalLine = envArgs.length > 0 + ? `env ${envArgs.join(" ")} ${redirectedCommand}` + : redirectedCommand; + const lines = [ + 'if [ -f /etc/profile ]; then . /etc/profile >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.profile" ]; then . "$HOME/.profile" >/dev/null 2>&1 || true; fi', + // .bash_profile typically sources .bashrc itself; only source .bashrc + // directly when no .bash_profile exists to avoid double-running setup. + 'if [ -f "$HOME/.bash_profile" ]; then . "$HOME/.bash_profile" >/dev/null 2>&1 || true; elif [ -f "$HOME/.bashrc" ]; then . "$HOME/.bashrc" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.zprofile" ]; then . "$HOME/.zprofile" >/dev/null 2>&1 || true; fi', + 'export NVM_DIR="${NVM_DIR:-$HOME/.nvm}"', + '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" >/dev/null 2>&1 || true', + ]; + if (input.cwd) { + lines.push(`cd ${shellQuote(input.cwd)}`); + } + lines.push(finalLine); + return lines.join(" && "); +} + +async function createSandbox( + params: PluginEnvironmentAcquireLeaseParams | PluginEnvironmentProbeParams, + config: DaytonaDriverConfig, +): Promise { + const client = createDaytonaClient(config); + const createParams = buildCreateParams(config, buildSandboxLabels({ + companyId: params.companyId, + environmentId: params.environmentId, + runId: "runId" in params ? params.runId : undefined, + reuseLease: config.reuseLease, + })); + return await client.create(createParams, { + timeout: toTimeoutSeconds(config.timeoutMs), + }); +} + +async function getSandbox(config: DaytonaDriverConfig, sandboxId: string): Promise { + const client = createDaytonaClient(config); + return await client.get(sandboxId); +} + +async function getSandboxOrNull(config: DaytonaDriverConfig, sandboxId: string): Promise { + try { + return await getSandbox(config, sandboxId); + } catch (error) { + if (error instanceof DaytonaNotFoundError) { + return null; + } + throw error; + } +} + +// One-shot command execution via Daytona's `process.executeCommand`. The +// session-based API (`createSession` + `executeSessionCommand` with +// `runAsync: false`) hangs indefinitely when the supplied command ends with +// `exec `, which `buildLoginShellScript` always produces. Reproduced +// directly against the Daytona SDK: identical login-shell wrapper returns in +// ~600 ms via `executeCommand` but times out via `executeSessionCommand`. So we +// use the one-shot path, mirroring e2b's `sandbox.commands.run` model. +// +// `executeCommand` returns combined stdout+stderr in `result`. We surface that +// as `stdout` and leave `stderr` empty; callers that grep for error messages +// still see them in `stdout`. +async function executeOneShot( + sandbox: Sandbox, + params: PluginEnvironmentExecuteParams, + config: DaytonaDriverConfig, +): Promise { + const timeoutMs = resolveTimeoutMs(params.timeoutMs, config); + const timeoutSeconds = toTimeoutSeconds(timeoutMs); + const stdinPath = params.stdin != null ? `/tmp/paperclip-stdin-${randomUUID()}` : null; + + try { + if (stdinPath) { + await sandbox.fs.uploadFile(Buffer.from(params.stdin ?? "", "utf8"), stdinPath, timeoutSeconds); + } + + const command = buildLoginShellScript({ + command: params.command, + args: params.args ?? [], + cwd: params.cwd, + env: params.env, + stdinPath: stdinPath ?? undefined, + }); + + // Pass cwd undefined: `buildLoginShellScript` already injects `cd` after + // profile sourcing when params.cwd is set, and the Daytona executor's own + // cwd argument runs before our login-shell init, which is the wrong order + // (env from .bashrc would override caller env). + const result = await sandbox.process.executeCommand(command, undefined, undefined, timeoutSeconds); + + return { + exitCode: typeof result.exitCode === "number" ? result.exitCode : 1, + timedOut: false, + stdout: result.result ?? result.artifacts?.stdout ?? "", + stderr: "", + }; + } catch (error) { + if (error instanceof DaytonaTimeoutError) { + return { + exitCode: null, + timedOut: true, + stdout: "", + stderr: `${error.message.trim()}\n`, + }; + } + throw error; + } finally { + if (stdinPath) { + await sandbox.fs.deleteFile(stdinPath).catch(() => undefined); + } + } +} + +const plugin = definePlugin({ + async setup(ctx) { + ctx.logger.info("Daytona sandbox provider plugin ready"); + }, + + async onHealth() { + return { status: "ok", message: "Daytona sandbox provider plugin healthy" }; + }, + + async onEnvironmentValidateConfig( + params: PluginEnvironmentValidateConfigParams, + ): Promise { + const config = parseDriverConfig(params.config); + const errors: string[] = []; + + if (typeof params.config.image === "string" && params.config.image.trim().length === 0) { + errors.push("Daytona image cannot be empty."); + } + if (typeof params.config.snapshot === "string" && params.config.snapshot.trim().length === 0) { + errors.push("Daytona snapshot cannot be empty."); + } + if (config.image && config.snapshot) { + errors.push("Daytona sandbox environments must set either image or snapshot, not both."); + } + if (config.apiUrl && !isValidUrl(config.apiUrl)) { + errors.push("apiUrl must be a valid URL."); + } + if (config.timeoutMs < 1 || config.timeoutMs > 86_400_000) { + errors.push("timeoutMs must be between 1 and 86400000."); + } + if (config.autoStopInterval != null && config.autoStopInterval < 0) { + errors.push("autoStopInterval must be greater than or equal to 0."); + } + if (config.autoArchiveInterval != null && config.autoArchiveInterval < 0) { + errors.push("autoArchiveInterval must be greater than or equal to 0."); + } + if (config.autoDeleteInterval != null && config.autoDeleteInterval < -1) { + errors.push("autoDeleteInterval must be greater than or equal to -1."); + } + if (!config.apiKey && !(process.env.DAYTONA_API_KEY?.trim())) { + errors.push("Daytona sandbox environments require an API key in config or DAYTONA_API_KEY."); + } + for (const [key, value] of Object.entries({ + cpu: config.cpu, + memory: config.memory, + disk: config.disk, + gpu: config.gpu, + })) { + if (value != null && value <= 0) { + errors.push(`${key} must be greater than 0 when provided.`); + } + } + + if (errors.length > 0) { + return { ok: false, errors }; + } + + return { + ok: true, + normalizedConfig: { ...config }, + }; + }, + + async onEnvironmentProbe( + params: PluginEnvironmentProbeParams, + ): Promise { + const config = parseDriverConfig(params.config); + try { + const sandbox = await createSandbox(params, config); + try { + const remoteCwd = await resolveSandboxWorkingDirectory(sandbox); + const shellCommand = await detectSandboxShellCommand(sandbox, toTimeoutSeconds(config.timeoutMs)); + return { + ok: true, + summary: `Connected to Daytona sandbox ${sandbox.name}.`, + metadata: { + provider: "daytona", + shellCommand, + sandboxId: sandbox.id, + sandboxName: sandbox.name, + target: sandbox.target, + image: config.image, + snapshot: config.snapshot, + timeoutMs: config.timeoutMs, + reuseLease: config.reuseLease, + remoteCwd, + }, + }; + } finally { + await sandbox.delete(toTimeoutSeconds(config.timeoutMs)).catch(() => undefined); + } + } catch (error) { + return { + ok: false, + summary: "Daytona sandbox probe failed.", + metadata: { + provider: "daytona", + image: config.image, + snapshot: config.snapshot, + timeoutMs: config.timeoutMs, + reuseLease: config.reuseLease, + error: formatErrorMessage(error), + }, + }; + } + }, + + async onEnvironmentAcquireLease( + params: PluginEnvironmentAcquireLeaseParams, + ): Promise { + const config = parseDriverConfig(params.config); + const sandbox = await createSandbox(params, config); + try { + const remoteCwd = await resolveSandboxWorkingDirectory(sandbox); + const shellCommand = await detectSandboxShellCommand(sandbox, toTimeoutSeconds(config.timeoutMs)); + return { + providerLeaseId: sandbox.id, + metadata: leaseMetadata({ config, sandbox, shellCommand, remoteCwd, resumedLease: false }), + }; + } catch (error) { + await sandbox.delete(toTimeoutSeconds(config.timeoutMs)).catch(() => undefined); + throw error; + } + }, + + async onEnvironmentResumeLease( + params: PluginEnvironmentResumeLeaseParams, + ): Promise { + const config = parseDriverConfig(params.config); + const sandbox = await getSandboxOrNull(config, params.providerLeaseId); + if (!sandbox) { + return { providerLeaseId: null, metadata: { expired: true } }; + } + + await ensureSandboxStarted(sandbox, toTimeoutSeconds(config.timeoutMs)); + try { + const remoteCwd = await resolveSandboxWorkingDirectory(sandbox); + const shellCommand = await detectSandboxShellCommand(sandbox, toTimeoutSeconds(config.timeoutMs)); + return { + providerLeaseId: sandbox.id, + metadata: leaseMetadata({ config, sandbox, shellCommand, remoteCwd, resumedLease: true }), + }; + } catch (error) { + await sandbox.delete(toTimeoutSeconds(config.timeoutMs)).catch(() => undefined); + throw error; + } + }, + + async onEnvironmentReleaseLease( + params: PluginEnvironmentReleaseLeaseParams, + ): Promise { + if (!params.providerLeaseId) return; + const config = parseDriverConfig(params.config); + const sandbox = await getSandboxOrNull(config, params.providerLeaseId); + if (!sandbox) return; + + if (config.reuseLease) { + if (sandbox.state !== "stopped") { + try { + await sandbox.stop(toTimeoutSeconds(config.timeoutMs)); + } catch (error) { + console.warn( + `Failed to stop Daytona sandbox during lease release: ${formatErrorMessage(error)}. Attempting delete instead.`, + ); + await sandbox.delete(toTimeoutSeconds(config.timeoutMs)).catch((deleteError) => { + console.warn( + `Failed to delete Daytona sandbox after stop failure: ${formatErrorMessage(deleteError)}`, + ); + }); + } + } + return; + } + + await sandbox.delete(toTimeoutSeconds(config.timeoutMs)); + }, + + async onEnvironmentDestroyLease( + params: PluginEnvironmentDestroyLeaseParams, + ): Promise { + if (!params.providerLeaseId) return; + const config = parseDriverConfig(params.config); + const sandbox = await getSandboxOrNull(config, params.providerLeaseId); + if (!sandbox) return; + await sandbox.delete(toTimeoutSeconds(config.timeoutMs)); + }, + + async onEnvironmentRealizeWorkspace( + params: PluginEnvironmentRealizeWorkspaceParams, + ): Promise { + const config = parseDriverConfig(params.config); + const remoteCwd = + typeof params.lease.metadata?.remoteCwd === "string" && + params.lease.metadata.remoteCwd.trim().length > 0 + ? params.lease.metadata.remoteCwd.trim() + : params.workspace.remotePath ?? params.workspace.localPath ?? "/paperclip-workspace"; + + if (params.lease.providerLeaseId) { + const sandbox = await getSandbox(config, params.lease.providerLeaseId); + await ensureSandboxStarted(sandbox, toTimeoutSeconds(config.timeoutMs)); + await sandbox.fs.createFolder(remoteCwd, "755"); + } + + return { + cwd: remoteCwd, + metadata: { + provider: "daytona", + remoteCwd, + }, + }; + }, + + async onEnvironmentExecute( + params: PluginEnvironmentExecuteParams, + ): Promise { + if (!params.lease.providerLeaseId) { + return { + exitCode: 1, + timedOut: false, + stdout: "", + stderr: "No provider lease ID available for execution.", + }; + } + + const config = parseDriverConfig(params.config); + const sandbox = await getSandbox(config, params.lease.providerLeaseId); + await ensureSandboxStarted(sandbox, toTimeoutSeconds(resolveTimeoutMs(params.timeoutMs, config))); + return await executeOneShot(sandbox, params, config); + }, +}); + +export default plugin; diff --git a/packages/plugins/sandbox-providers/daytona/src/worker.ts b/packages/plugins/sandbox-providers/daytona/src/worker.ts new file mode 100644 index 00000000..1e156024 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/src/worker.ts @@ -0,0 +1,5 @@ +import { runWorker } from "@paperclipai/plugin-sdk"; +import plugin from "./plugin.js"; + +export default plugin; +runWorker(plugin, import.meta.url); diff --git a/packages/plugins/sandbox-providers/daytona/tsconfig.json b/packages/plugins/sandbox-providers/daytona/tsconfig.json new file mode 100644 index 00000000..000e3293 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/tsconfig.json @@ -0,0 +1,11 @@ +{ + "extends": "../../../../tsconfig.json", + "compilerOptions": { + "outDir": "dist", + "rootDir": "src", + "lib": ["ES2023"], + "types": ["node"] + }, + "include": ["src"], + "exclude": ["src/**/*.test.ts"] +} diff --git a/packages/plugins/sandbox-providers/daytona/vitest.config.ts b/packages/plugins/sandbox-providers/daytona/vitest.config.ts new file mode 100644 index 00000000..ce36a742 --- /dev/null +++ b/packages/plugins/sandbox-providers/daytona/vitest.config.ts @@ -0,0 +1,8 @@ +import { defineConfig } from "vitest/config"; + +export default defineConfig({ + test: { + include: ["src/**/*.test.ts"], + environment: "node", + }, +}); diff --git a/packages/plugins/sandbox-providers/e2b/src/plugin.test.ts b/packages/plugins/sandbox-providers/e2b/src/plugin.test.ts index 71e36b91..99b881c8 100644 --- a/packages/plugins/sandbox-providers/e2b/src/plugin.test.ts +++ b/packages/plugins/sandbox-providers/e2b/src/plugin.test.ts @@ -303,17 +303,14 @@ describe("E2B sandbox provider plugin", () => { expect(mockConnect).toHaveBeenCalledWith("sandbox-123", expect.objectContaining({ apiKey: "resolved-key" })); expect(sandbox.files.write).toHaveBeenCalledWith(expect.stringMatching(/^\/tmp\/paperclip-stdin-/), "input"); - expect(sandbox.commands.run).toHaveBeenCalledWith(expect.stringMatching( - /^exec 'printf' 'hello' < '\/tmp\/paperclip-stdin-/, - ), expect.objectContaining({ - cwd: "/workspace", - envs: { FOO: "bar" }, - timeoutMs: 1000, - })); - expect(sandbox.commands.run).not.toHaveBeenCalledWith( - "exec 'printf' 'hello'", - expect.objectContaining({ background: true }), - ); + const stdinCall = sandbox.commands.run.mock.calls.find(([cmd]: [string]) => cmd.includes("'printf'")); + expect(stdinCall).toBeDefined(); + if (!stdinCall) throw new Error("stdinCall not found"); + expect(stdinCall[0]).toMatch(/\.profile/); + expect(stdinCall[0]).toMatch(/exec env FOO='bar' 'printf' 'hello' < '\/tmp\/paperclip-stdin-/); + expect(stdinCall[1]).toEqual(expect.objectContaining({ cwd: "/workspace", timeoutMs: 1000 })); + expect(stdinCall[1]).not.toHaveProperty("envs"); + expect(stdinCall[1]).not.toHaveProperty("background"); expect(sandbox.commands.sendStdin).not.toHaveBeenCalled(); expect(sandbox.commands.closeStdin).not.toHaveBeenCalled(); expect(sandbox.handle.wait).not.toHaveBeenCalled(); @@ -363,15 +360,14 @@ describe("E2B sandbox provider plugin", () => { timeoutMs: 1000, }); - expect(sandbox.commands.run).toHaveBeenCalledWith("exec 'printf' 'hello'", expect.objectContaining({ - cwd: "/workspace", - envs: { FOO: "bar" }, - timeoutMs: 1000, - })); - expect(sandbox.commands.run).not.toHaveBeenCalledWith( - "exec 'printf' 'hello'", - expect.objectContaining({ background: true }), - ); + const fgCall = sandbox.commands.run.mock.calls.find(([cmd]: [string]) => cmd.includes("'printf'")); + expect(fgCall).toBeDefined(); + if (!fgCall) throw new Error("fgCall not found"); + expect(fgCall[0]).toMatch(/\.profile/); + expect(fgCall[0]).toMatch(/exec env FOO='bar' 'printf' 'hello'$/); + expect(fgCall[1]).toEqual(expect.objectContaining({ cwd: "/workspace", timeoutMs: 1000 })); + expect(fgCall[1]).not.toHaveProperty("envs"); + expect(fgCall[1]).not.toHaveProperty("background"); expect(sandbox.commands.sendStdin).not.toHaveBeenCalled(); expect(sandbox.commands.closeStdin).not.toHaveBeenCalled(); expect(sandbox.handle.wait).not.toHaveBeenCalled(); diff --git a/packages/plugins/sandbox-providers/e2b/src/plugin.ts b/packages/plugins/sandbox-providers/e2b/src/plugin.ts index 3504620f..daf15486 100644 --- a/packages/plugins/sandbox-providers/e2b/src/plugin.ts +++ b/packages/plugins/sandbox-providers/e2b/src/plugin.ts @@ -1,5 +1,11 @@ import path from "node:path"; -import { CommandExitError, Sandbox, SandboxNotFoundError, TimeoutError } from "e2b"; +import { randomUUID } from "node:crypto"; +import { + CommandExitError, + Sandbox, + SandboxNotFoundError, + TimeoutError, +} from "e2b"; import { definePlugin } from "@paperclipai/plugin-sdk"; import type { PluginEnvironmentAcquireLeaseParams, @@ -127,6 +133,7 @@ function leaseMetadata(input: { }) { return { provider: "e2b", + shellCommand: "bash", template: input.config.template, timeoutMs: input.config.timeoutMs, reuseLease: input.config.reuseLease, @@ -141,8 +148,48 @@ function shellQuote(value: string) { return `'${value.replace(/'/g, `'"'"'`)}'`; } -function buildCommandLine(command: string, args: string[] = []) { - return `exec ${[command, ...args].map(shellQuote).join(" ")}`; +function isValidShellEnvKey(value: string) { + return /^[A-Za-z_][A-Za-z0-9_]*$/.test(value); +} + +// Mirror SSH's buildSshSpawnTarget: source the user's login profiles (and nvm) +// before exec so commands run with the same PATH the user sees in an +// interactive shell. e2b's `sandbox.commands.run` otherwise spawns a +// non-login, non-interactive shell whose PATH does not include npm-globals, +// nvm shims, or anything else the template installs via .profile/.bashrc — +// which makes the hello probe fail with `exec: : not found` even when +// the binary is on disk. +function buildLoginShellScript(input: { + command: string; + args: string[]; + env?: Record; +}): string { + const env = input.env ?? {}; + for (const key of Object.keys(env)) { + if (!isValidShellEnvKey(key)) { + throw new Error(`Invalid sandbox environment variable key: ${key}`); + } + } + const envArgs = Object.entries(env) + .filter((entry): entry is [string, string] => typeof entry[1] === "string") + .map(([key, value]) => `${key}=${shellQuote(value)}`); + const commandParts = [shellQuote(input.command), ...input.args.map(shellQuote)].join(" "); + const execLine = envArgs.length > 0 + ? `exec env ${envArgs.join(" ")} ${commandParts}` + : `exec ${commandParts}`; + return [ + 'if [ -f /etc/profile ]; then . /etc/profile >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.profile" ]; then . "$HOME/.profile" >/dev/null 2>&1 || true; fi', + // .bash_profile typically sources .bashrc itself; only source .bashrc + // directly when no .bash_profile exists to avoid re-running idempotency- + // sensitive setup (nvm, PATH prepends) twice on templates that wire + // .bash_profile -> .bashrc. + 'if [ -f "$HOME/.bash_profile" ]; then . "$HOME/.bash_profile" >/dev/null 2>&1 || true; elif [ -f "$HOME/.bashrc" ]; then . "$HOME/.bashrc" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.zprofile" ]; then . "$HOME/.zprofile" >/dev/null 2>&1 || true; fi', + 'export NVM_DIR="${NVM_DIR:-$HOME/.nvm}"', + '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" >/dev/null 2>&1 || true', + execLine, + ].join(" && "); } async function killSandboxBestEffort(sandbox: Sandbox, reason: string): Promise { @@ -344,79 +391,72 @@ const plugin = definePlugin({ const config = parseDriverConfig(params.config); const sandbox = await connectSandbox(config, params.lease.providerLeaseId); - const command = buildCommandLine(params.command, params.args); - if (params.stdin == null) { + const baseCommand = buildLoginShellScript({ + command: params.command, + args: params.args ?? [], + env: params.env, + }); + const timeoutMs = params.timeoutMs ?? config.timeoutMs; + + // For commands with stdin, stage the payload to a temp file inside the + // sandbox and shell-redirect it. Streaming stdin via `sendStdin` raced + // with fast-failing commands (the process exits before the RPC lands), + // and the previous code awaited a foreground `run` before sending stdin + // at all, so the data was never delivered. The staged-file approach + // keeps execution synchronous, avoids the race, and is unaffected by + // whether the command exits in microseconds or minutes. + let stagedStdinPath: string | null = null; + if (params.stdin != null) { + stagedStdinPath = `/tmp/paperclip-stdin-${randomUUID()}`; try { - const result = await sandbox.commands.run(command, { - cwd: params.cwd, - envs: params.env, - timeoutMs: params.timeoutMs ?? config.timeoutMs, - }) as Awaited> & { - exitCode: number; - stdout: string; - stderr: string; - }; - return { - exitCode: result.exitCode, - timedOut: false, - stdout: result.stdout, - stderr: result.stderr, - }; + await sandbox.files.write(stagedStdinPath, params.stdin); } catch (error) { - if (error instanceof CommandExitError) { - const commandError = error as CommandExitError; - return { - exitCode: commandError.exitCode, - timedOut: false, - stdout: commandError.stdout, - stderr: commandError.stderr, - }; - } - if (error instanceof TimeoutError) { - return buildTimeoutExecuteResult(error); - } + // Best-effort cleanup in case the write partially succeeded; ignore + // remove failures so the original error is what propagates. + await sandbox.files.remove(stagedStdinPath).catch(() => undefined); throw error; } } - const started = await sandbox.commands.run(command, { - stdin: true, - cwd: params.cwd, - envs: params.env, - timeoutMs: params.timeoutMs ?? config.timeoutMs, - }) as Awaited> & { - pid: number; - exitCode: number; - stdout: string; - stderr: string; - }; + const command = stagedStdinPath + ? `${baseCommand} < ${shellQuote(stagedStdinPath)}` + : baseCommand; try { - try { - await sandbox.commands.sendStdin(started.pid, params.stdin); - } finally { - await sandbox.commands.closeStdin(started.pid); - } + // Env is interpolated into the script via `exec env KEY=val …` after + // profile sourcing so user-configured env wins over anything profiles + // export. No need to pass `envs:` separately. + const result = await sandbox.commands.run(command, { + cwd: params.cwd, + timeoutMs, + }) as Awaited> & { + exitCode: number; + stdout: string; + stderr: string; + }; return { - exitCode: started.exitCode, + exitCode: result.exitCode, timedOut: false, - stdout: started.stdout, - stderr: started.stderr, + stdout: result.stdout, + stderr: result.stderr, }; } catch (error) { if (error instanceof CommandExitError) { - const commandError = error as CommandExitError; return { - exitCode: commandError.exitCode, + exitCode: error.exitCode, timedOut: false, - stdout: commandError.stdout, - stderr: commandError.stderr, + stdout: error.stdout, + stderr: error.stderr, }; } if (error instanceof TimeoutError) { return buildTimeoutExecuteResult(error); } throw error; + } finally { + if (stagedStdinPath) { + await sandbox.files.remove(stagedStdinPath).catch(() => undefined); + } } }, }); diff --git a/packages/plugins/sandbox-providers/exe-dev/README.md b/packages/plugins/sandbox-providers/exe-dev/README.md new file mode 100644 index 00000000..b90eca69 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/README.md @@ -0,0 +1,58 @@ +# `@paperclipai/plugin-exe-dev` + +Published exe.dev sandbox provider plugin for Paperclip. + +This package lives in the Paperclip monorepo, but it is intentionally excluded from the root `pnpm` workspace and shaped to publish and install like a standalone npm package. That lets operators install it from the Plugins page by package name without introducing root lockfile churn. + +## Install + +From a Paperclip instance, install: + +```text +@paperclipai/plugin-exe-dev +``` + +## Configuration + +Configure exe.dev from `Company Settings -> Environments`, not from the plugin's instance settings page. + +- Put the exe.dev API token on the sandbox environment itself. +- When you save an environment, Paperclip stores pasted API keys and pasted SSH private keys as company secrets. +- `EXE_API_KEY` remains an optional host-level fallback when an environment omits the API token. +- The current implementation provisions VMs through exe.dev's HTTPS API and runs commands through direct SSH to the created VM. + +To use the provider successfully, the environment/host needs all of the following: + +- An exe.dev API token that allows the lifecycle commands the provider uses: `new`, `ls`, and `rm`. `whoami` and `help` are recommended for manual debugging. `restart` is only needed if you extend the provider to restart retained VMs. +- SSH access from the Paperclip host to the resulting `*.exe.xyz` VMs. +- An SSH private key that exe.dev already recognizes. You can either: + - paste the private key into the environment config via `sshPrivateKey` + - point `sshIdentityFile` at an absolute host path + - or leave both blank and rely on the host's default SSH agent/keychain +- The matching public key must already be registered with exe.dev before the provider can execute commands inside the VM. + +Operational notes: + +- If exe.dev replies `Please complete registration by running: ssh exe.dev`, the host key has not finished exe.dev onboarding yet. +- Reusable leases keep the VM alive between runs. exe.dev does not expose a documented "stop and later resume" command in the public CLI docs, so `reuseLease: true` means "retain the VM" rather than "suspend it." +- The provisioning path uses `https://exe.dev/exec`, which exe.dev documents as a command-style HTTPS API with a 30-second request timeout. Typical `new` calls are expected to fit inside that limit; command execution itself does not use `/exec`. +- Probes still create and delete a real exe.dev VM through `/exec`, and so do the `new`/`rm` calls inside the normal acquire/release lifecycle. Treat all of those as real provisioning cost, not just probes. +- exe.dev runs `--setup-script` as the unprivileged `exedev` user, not as root. That user has passwordless `sudo`, so any system-level steps in a custom `setupScript` must invoke `sudo` explicitly (for example `sudo apt-get install -y …`). When you omit `setupScript`, the plugin supplies a default that installs Node 20 via the official nodesource script — Paperclip's sandbox callback bridge is a Node program, so the VM needs `node` on `PATH` before the bridge can launch. + +## Local development + +```bash +cd packages/plugins/sandbox-providers/exe-dev +pnpm install --ignore-workspace --no-lockfile +pnpm build +pnpm test +pnpm typecheck +``` + +These commands assume the repo root has already been installed once so the local `@paperclipai/plugin-sdk` workspace package is available to the compiler during development. + +## Package layout + +- `src/manifest.ts` declares the sandbox-provider driver metadata +- `src/plugin.ts` implements the environment lifecycle hooks +- `paperclipPlugin.manifest` and `paperclipPlugin.worker` point the host at the built plugin entrypoints in `dist/` diff --git a/packages/plugins/sandbox-providers/exe-dev/package.json b/packages/plugins/sandbox-providers/exe-dev/package.json new file mode 100644 index 00000000..82a71590 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/package.json @@ -0,0 +1,58 @@ +{ + "name": "@paperclipai/plugin-exe-dev", + "version": "0.1.0", + "description": "exe.dev sandbox provider plugin for Paperclip environments", + "license": "MIT", + "homepage": "https://github.com/paperclipai/paperclip", + "bugs": { + "url": "https://github.com/paperclipai/paperclip/issues" + }, + "repository": { + "type": "git", + "url": "https://github.com/paperclipai/paperclip", + "directory": "packages/plugins/sandbox-providers/exe-dev" + }, + "type": "module", + "exports": { + ".": "./src/index.ts" + }, + "publishConfig": { + "access": "public", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js" + } + }, + "main": "./dist/index.js", + "types": "./dist/index.d.ts" + }, + "files": [ + "dist" + ], + "paperclipPlugin": { + "manifest": "./dist/manifest.js", + "worker": "./dist/worker.js" + }, + "keywords": [ + "paperclip", + "plugin", + "sandbox", + "exe.dev" + ], + "scripts": { + "postinstall": "node ../../../../scripts/link-plugin-dev-sdk.mjs", + "prebuild": "pnpm -C ../../../.. --filter @paperclipai/plugin-sdk ensure-build-deps", + "build": "rm -rf dist && tsc", + "clean": "rm -rf dist", + "typecheck": "pnpm -C ../../../.. --filter @paperclipai/plugin-sdk ensure-build-deps && tsc --noEmit", + "test": "vitest run --config vitest.config.ts", + "prepack": "rm -f package.dev.json && cp package.json package.dev.json && node ../../../../scripts/generate-plugin-package-json.mjs", + "postpack": "if [ -f package.dev.json ]; then mv package.dev.json package.json; fi" + }, + "devDependencies": { + "@types/node": "^24.6.0", + "typescript": "^5.7.3", + "vitest": "^3.2.4" + } +} diff --git a/packages/plugins/sandbox-providers/exe-dev/src/index.ts b/packages/plugins/sandbox-providers/exe-dev/src/index.ts new file mode 100644 index 00000000..f7ce1cc1 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/src/index.ts @@ -0,0 +1,2 @@ +export { default as manifest } from "./manifest.js"; +export { default as plugin } from "./plugin.js"; diff --git a/packages/plugins/sandbox-providers/exe-dev/src/manifest.ts b/packages/plugins/sandbox-providers/exe-dev/src/manifest.ts new file mode 100644 index 00000000..8e71d6c7 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/src/manifest.ts @@ -0,0 +1,136 @@ +import type { PaperclipPluginManifestV1 } from "@paperclipai/plugin-sdk"; + +const PLUGIN_ID = "paperclip.exe-dev-sandbox-provider"; +const PLUGIN_VERSION = "0.1.0"; + +const manifest: PaperclipPluginManifestV1 = { + id: PLUGIN_ID, + apiVersion: 1, + version: PLUGIN_VERSION, + displayName: "exe.dev Sandbox Provider", + description: + "Sandbox provider plugin that provisions exe.dev VMs as Paperclip execution environments.", + author: "Paperclip", + categories: ["automation"], + capabilities: ["environment.drivers.register"], + entrypoints: { + worker: "./dist/worker.js", + }, + environmentDrivers: [ + { + driverKey: "exe-dev", + kind: "sandbox_provider", + displayName: "exe.dev VM", + description: + "Provisions exe.dev VMs through the HTTPS API, then runs commands over direct SSH for long-lived Paperclip workloads.", + configSchema: { + type: "object", + properties: { + apiKey: { + type: "string", + format: "secret-ref", + description: + "Environment-specific exe.dev API token. Needs `/exec` permission for at least `new`, `ls`, and `rm`. Paste a token or an existing Paperclip secret reference; saved environments store pasted values as company secrets. Falls back to EXE_API_KEY if omitted.", + }, + apiUrl: { + type: "string", + description: + "Optional exe.dev HTTPS API base URL or /exec endpoint. Defaults to https://exe.dev/exec.", + }, + namePrefix: { + type: "string", + description: "Optional prefix used when generating VM names.", + default: "paperclip", + }, + image: { + type: "string", + description: "Optional container image to use when creating the VM.", + }, + command: { + type: "string", + description: "Optional container command passed to `exe.dev new --command`.", + }, + cpu: { + type: "number", + description: "Optional CPU count passed to `exe.dev new --cpu`.", + }, + memory: { + type: "string", + description: "Optional memory size such as `4GB`.", + }, + disk: { + type: "string", + description: "Optional disk size such as `20GB`.", + }, + comment: { + type: "string", + description: "Optional short note attached to created VMs.", + }, + env: { + type: "object", + description: "Optional environment variables applied at VM creation time.", + additionalProperties: { type: "string" }, + }, + integrations: { + type: "array", + description: "Optional exe.dev integrations to attach during VM creation.", + items: { type: "string" }, + }, + tags: { + type: "array", + description: "Optional tags to apply during VM creation.", + items: { type: "string" }, + }, + setupScript: { + type: "string", + description: "Optional first-boot setup script passed to `exe.dev new --setup-script`.", + }, + prompt: { + type: "string", + description: "Optional Shelley prompt passed to `exe.dev new --prompt`.", + }, + timeoutMs: { + type: "number", + description: "Timeout for VM lifecycle and SSH operations in milliseconds.", + default: 300000, + }, + reuseLease: { + type: "boolean", + description: + "Whether to keep the VM alive between runs instead of deleting it on release.", + default: false, + }, + sshUser: { + type: "string", + description: "Optional SSH username for direct VM access.", + }, + sshPrivateKey: { + type: "string", + format: "secret-ref", + maxLength: 4096, + description: + "Optional exe.dev-registered SSH private key. Paste the private key or an existing Paperclip secret reference; saved environments store pasted values as company secrets. If omitted, Paperclip falls back to sshIdentityFile, then the host's default SSH agent/keychain.", + }, + sshIdentityFile: { + type: "string", + description: + "Optional absolute path to the SSH private key the Paperclip host should use for VM access when sshPrivateKey is omitted. Leave both blank to rely on the host's default SSH agent/keychain.", + }, + sshPort: { + type: "number", + description: "SSH port for direct VM access.", + default: 22, + }, + strictHostKeyChecking: { + type: "string", + description: + "Host key policy passed to ssh via StrictHostKeyChecking. Typical values are `accept-new`, `yes`, or `no`.", + default: "accept-new", + }, + }, + }, + }, + ], +}; + +export default manifest; diff --git a/packages/plugins/sandbox-providers/exe-dev/src/plugin.test.ts b/packages/plugins/sandbox-providers/exe-dev/src/plugin.test.ts new file mode 100644 index 00000000..de4ef5c0 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/src/plugin.test.ts @@ -0,0 +1,697 @@ +import { EventEmitter } from "node:events"; +import { beforeEach, describe, expect, it, vi } from "vitest"; + +const fetchMock = vi.fn(); +const spawnMock = vi.hoisted(() => vi.fn()); + +vi.stubGlobal("fetch", fetchMock); + +vi.mock("node:child_process", async () => { + const actual = await vi.importActual("node:child_process"); + return { + ...actual, + spawn: spawnMock, + }; +}); + +import plugin from "./plugin.js"; + +class MockChildProcess extends EventEmitter { + stdout = new EventEmitter(); + stderr = new EventEmitter(); + stdin = { + written: "" as string, + ended: false, + write: (chunk: string) => { + this.stdin.written += chunk; + return true; + }, + end: () => { + this.stdin.ended = true; + }, + }; + kill = vi.fn(); + + constructor(input: { code?: number; signal?: string | null; stdout?: string; stderr?: string }) { + super(); + queueMicrotask(() => { + if (input.stdout) this.stdout.emit("data", input.stdout); + if (input.stderr) this.stderr.emit("data", input.stderr); + this.emit("close", input.code ?? 0, input.signal ?? null); + }); + } +} + +function queueSpawnResult(input: { code?: number; signal?: string | null; stdout?: string; stderr?: string }) { + spawnMock.mockImplementationOnce(() => new MockChildProcess(input)); +} + +describe("exe.dev sandbox provider plugin", () => { + beforeEach(() => { + fetchMock.mockReset(); + spawnMock.mockReset(); + delete process.env.EXE_API_KEY; + }); + + it("declares environment lifecycle handlers", async () => { + expect(await plugin.definition.onHealth?.()).toEqual({ + status: "ok", + message: "exe.dev sandbox provider plugin healthy", + }); + expect(plugin.definition.onEnvironmentAcquireLease).toBeTypeOf("function"); + expect(plugin.definition.onEnvironmentExecute).toBeTypeOf("function"); + }); + + it("normalizes config and emits SSH guidance warnings", async () => { + process.env.EXE_API_KEY = "host-key"; + + const result = await plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "exe-dev", + config: { + apiUrl: "https://exe.dev", + namePrefix: " Paperclip Sandbox ", + image: " ubuntu:22.04 ", + cpu: "4.8", + memory: " 8GB ", + disk: " 50GB ", + env: { + FOO: " bar ", + }, + integrations: [" github "], + tags: "prod, sandbox", + timeoutMs: "450000.9", + reuseLease: true, + sshPort: "2222", + }, + }); + + expect(result).toEqual({ + ok: true, + warnings: [ + "The Paperclip host must have SSH access to the created exe.dev VM, and its SSH key must be registered with exe.dev. The API token only covers provisioning.", + "reuseLease keeps the VM alive between runs; this provider does not suspend retained VMs.", + ], + normalizedConfig: { + apiKey: null, + apiUrl: "https://exe.dev/exec", + namePrefix: "paperclip-sandbox", + image: "ubuntu:22.04", + command: null, + cpu: 4, + memory: "8GB", + disk: "50GB", + comment: null, + env: { FOO: "bar" }, + integrations: ["github"], + tags: ["prod", "sandbox"], + setupScript: null, + prompt: null, + timeoutMs: 450000, + reuseLease: true, + sshUser: null, + sshPrivateKey: null, + sshIdentityFile: null, + sshPort: 2222, + strictHostKeyChecking: "accept-new", + }, + }); + }); + + it("normalizes trailing /exec apiUrl inputs without duplication", async () => { + process.env.EXE_API_KEY = "host-key"; + + const result = await plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "exe-dev", + config: { + apiUrl: "https://exe.dev/exec/", + }, + }); + + expect(result).toMatchObject({ + ok: true, + normalizedConfig: { + apiUrl: "https://exe.dev/exec", + }, + }); + }); + + it("rejects invalid config", async () => { + await expect(plugin.definition.onEnvironmentValidateConfig?.({ + driverKey: "exe-dev", + config: { + apiUrl: "not-a-url", + cpu: 0, + env: { + "BAD-KEY": "value", + }, + sshPort: 70000, + strictHostKeyChecking: "", + timeoutMs: 0, + }, + })).resolves.toEqual({ + ok: false, + warnings: [ + "The Paperclip host must have SSH access to the created exe.dev VM, and its SSH key must be registered with exe.dev. The API token only covers provisioning.", + ], + errors: [ + "apiUrl must be a valid URL.", + "timeoutMs must be between 1 and 86400000.", + "cpu must be greater than 0 when provided.", + "sshPort must be between 1 and 65535.", + "exe.dev environments require an API key in config or EXE_API_KEY.", + "env contains an invalid key: BAD-KEY", + "strictHostKeyChecking cannot be empty.", + ], + }); + }); + + it("acquires a lease by creating a VM and preparing the SSH workspace", async () => { + fetchMock.mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-env-run", + ssh_dest: "paperclip-env-run.exe.xyz", + https_url: "https://paperclip-env-run.exe.xyz", + status: "running", + }), { status: 200 }), + ); + queueSpawnResult({ stdout: "/home/exe\nbash\n" }); + queueSpawnResult({}); + + const lease = await plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + requestedCwd: "/workspace/custom", + config: { + apiKey: "api-key", + namePrefix: "paperclip", + image: "ubuntu:22.04", + timeoutMs: 300000, + }, + }); + + expect(fetchMock).toHaveBeenCalledTimes(1); + expect(String(fetchMock.mock.calls[0]?.[1]?.body ?? "")).toContain("new --json --no-email"); + expect(spawnMock).toHaveBeenCalledTimes(2); + expect(lease).toMatchObject({ + providerLeaseId: "paperclip-env-run", + metadata: { + provider: "exe-dev", + vmName: "paperclip-env-run", + sshDest: "paperclip-env-run.exe.xyz", + remoteCwd: "/workspace/custom", + shellCommand: "bash", + reuseLease: false, + }, + }); + }); + + it("uses a pasted sshPrivateKey when connecting to the VM", async () => { + fetchMock.mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-env-run", + ssh_dest: "paperclip-env-run.exe.xyz", + https_url: "https://paperclip-env-run.exe.xyz", + status: "running", + }), { status: 200 }), + ); + queueSpawnResult({ stdout: "/home/exe\nbash\n" }); + queueSpawnResult({}); + + await plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + apiKey: "api-key", + sshPrivateKey: "-----BEGIN PRIVATE KEY-----\npretend\n-----END PRIVATE KEY-----", + }, + }); + + const firstSpawnArgs = spawnMock.mock.calls[0]?.[1] as string[] | undefined; + expect(firstSpawnArgs).toContain("-i"); + expect(firstSpawnArgs).toContain("-o"); + expect(firstSpawnArgs).toContain("IdentitiesOnly=yes"); + }); + + it("supplies a default Node-install setup script when none is provided", async () => { + fetchMock.mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-env-run", + ssh_dest: "paperclip-env-run.exe.xyz", + https_url: "https://paperclip-env-run.exe.xyz", + status: "running", + }), { status: 200 }), + ); + queueSpawnResult({ stdout: "/home/exedev\nbash\n" }); + queueSpawnResult({}); + + await plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + apiKey: "api-key", + }, + }); + + const body = String(fetchMock.mock.calls[0]?.[1]?.body ?? ""); + expect(body).toContain("--setup-script="); + expect(body).toContain("nodesource.com/setup_20.x"); + expect(body).toContain("sudo apt-get install -y nodejs"); + }); + + it("preserves an operator-supplied setup script and does not append the default", async () => { + fetchMock.mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-env-run", + ssh_dest: "paperclip-env-run.exe.xyz", + https_url: "https://paperclip-env-run.exe.xyz", + status: "running", + }), { status: 200 }), + ); + queueSpawnResult({ stdout: "/home/exedev\nbash\n" }); + queueSpawnResult({}); + + await plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + apiKey: "api-key", + setupScript: "echo custom", + }, + }); + + const body = String(fetchMock.mock.calls[0]?.[1]?.body ?? ""); + expect(body).toContain("--setup-script='echo custom'"); + expect(body).not.toContain("nodesource.com"); + }); + + it("does not redact the built-in default setup script in API errors", async () => { + fetchMock.mockResolvedValueOnce(new Response("upstream boom", { status: 500 })); + + const acquirePromise = plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + apiKey: "api-key", + }, + }); + + await expect(acquirePromise).rejects.toMatchObject({ + name: "ExeDevApiError", + status: 500, + }); + + await acquirePromise?.catch((error: Error) => { + // Operator did not supply a setupScript, so the visible default install + // is not a secret and stays in the error for debuggability. + expect(error.message).toContain("nodesource.com/setup_20.x"); + expect(error.message).not.toContain("[REDACTED]"); + }); + }); + + it("surfaces exe.dev SSH onboarding guidance during lease acquisition", async () => { + fetchMock.mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-env-run", + ssh_dest: "paperclip-env-run.exe.xyz", + https_url: "https://paperclip-env-run.exe.xyz", + status: "running", + }), { status: 200 }), + ); + fetchMock.mockResolvedValueOnce(new Response("{}", { status: 200 })); + queueSpawnResult({ code: 1, stdout: "Please complete registration by running: ssh exe.dev\n" }); + + await expect(plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + apiKey: "api-key", + timeoutMs: 300000, + }, + })).rejects.toThrow( + "the Paperclip host SSH key is not registered with exe.dev", + ); + + expect(String(fetchMock.mock.calls[1]?.[1]?.body ?? "")).toBe("rm --json 'paperclip-env-run'"); + }); + + it("redacts sensitive lifecycle flags in API errors", async () => { + fetchMock.mockResolvedValueOnce(new Response("upstream boom", { status: 500 })); + + const acquirePromise = plugin.definition.onEnvironmentAcquireLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + runId: "run-1", + config: { + apiKey: "api-key", + env: { + SECRET: "super-secret", + }, + prompt: "build me a secret app", + setupScript: "export TOKEN=super-secret", + }, + }); + + await expect(acquirePromise).rejects.toMatchObject({ + name: "ExeDevApiError", + status: 500, + body: "upstream boom", + }); + + await acquirePromise?.catch((error: Error) => { + expect(error.message).toContain("--env='SECRET=[REDACTED]'"); + expect(error.message).toContain("--prompt='[REDACTED]'"); + expect(error.message).toContain("--setup-script='[REDACTED]'"); + expect(error.message).not.toContain("super-secret"); + }); + }); + + it("returns an expired lease when the retained VM no longer exists", async () => { + fetchMock.mockResolvedValueOnce( + new Response(JSON.stringify({ vms: [] }), { status: 200 }), + ); + + const lease = await plugin.definition.onEnvironmentResumeLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "missing-vm", + config: { + apiKey: "api-key", + }, + leaseMetadata: { + sshDest: "missing-vm.exe.xyz", + }, + }); + + expect(lease).toEqual({ + providerLeaseId: null, + metadata: { + expired: true, + }, + }); + }); + + it("executes commands over SSH with cwd, env, and stdin", async () => { + queueSpawnResult({ code: 0, stdout: "hello\n", stderr: "" }); + + const result = await plugin.definition.onEnvironmentExecute?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + timeoutMs: 300000, + }, + lease: { + providerLeaseId: "vm-1", + metadata: { + sshDest: "vm-1.exe.xyz", + }, + }, + command: "node", + args: ["-e", "process.stdout.write('hello\\n')"], + cwd: "/workspace", + env: { + FOO: "bar", + }, + stdin: "input-body", + timeoutMs: 1000, + }); + + expect(spawnMock).toHaveBeenCalledTimes(1); + expect(spawnMock.mock.calls[0]?.[0]).toBe("ssh"); + expect(String(spawnMock.mock.calls[0]?.[1]?.at(-1) ?? "")).toContain("/workspace"); + expect(String(spawnMock.mock.calls[0]?.[1]?.at(-1) ?? "")).toContain("FOO='"); + const child = spawnMock.mock.results[0]?.value as MockChildProcess; + expect(child.stdin.written).toBe("input-body"); + expect(child.stdin.ended).toBe(true); + expect(result).toMatchObject({ + exitCode: 0, + timedOut: false, + stdout: "hello\n", + stderr: "", + metadata: { + provider: "exe-dev", + vmName: "vm-1", + }, + }); + }); + + it("returns exe.dev SSH onboarding guidance for command execution failures", async () => { + queueSpawnResult({ code: 1, stdout: "Please complete registration by running: ssh exe.dev\n" }); + + const result = await plugin.definition.onEnvironmentExecute?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + timeoutMs: 300000, + }, + lease: { + providerLeaseId: "vm-1", + metadata: { + sshDest: "vm-1.exe.xyz", + }, + }, + command: "node", + args: ["-v"], + }); + + expect(result?.exitCode).toBe(1); + expect(String(result?.stderr ?? "")).toContain("the Paperclip host SSH key is not registered with exe.dev"); + expect(String(result?.stderr ?? "")).toContain("ssh exe.dev"); + }); + + it("probes by creating and then deleting a VM after SSH verification", async () => { + fetchMock + .mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-probe", + ssh_dest: "paperclip-probe.exe.xyz", + status: "running", + }), { status: 200 }), + ) + .mockResolvedValueOnce(new Response("{}", { status: 200 })); + queueSpawnResult({ stdout: "/home/exe\nbash\n" }); + queueSpawnResult({}); + + const result = await plugin.definition.onEnvironmentProbe?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + }, + }); + + expect(result).toMatchObject({ + ok: true, + summary: "Connected to exe.dev VM paperclip-probe.", + metadata: { + provider: "exe-dev", + vmName: "paperclip-probe", + sshDest: "paperclip-probe.exe.xyz", + shellCommand: "bash", + }, + }); + expect(String(fetchMock.mock.calls[1]?.[1]?.body ?? "")).toBe("rm --json 'paperclip-probe'"); + }); + + it("cleans up the probe VM when SSH verification fails", async () => { + fetchMock + .mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-probe", + ssh_dest: "paperclip-probe.exe.xyz", + status: "running", + }), { status: 200 }), + ) + .mockResolvedValueOnce(new Response("{}", { status: 200 })); + queueSpawnResult({ code: 1, stderr: "permission denied" }); + + const result = await plugin.definition.onEnvironmentProbe?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + }, + }); + + expect(result).toMatchObject({ + ok: false, + summary: "exe.dev environment probe failed.", + metadata: { + provider: "exe-dev", + }, + }); + expect(String(result?.metadata?.error ?? "")).toContain("permission denied"); + expect(String(fetchMock.mock.calls[1]?.[1]?.body ?? "")).toBe("rm --json 'paperclip-probe'"); + }); + + it("returns onboarding guidance when probe hits exe.dev SSH registration", async () => { + fetchMock + .mockResolvedValueOnce( + new Response(JSON.stringify({ + vm_name: "paperclip-probe", + ssh_dest: "paperclip-probe.exe.xyz", + status: "running", + }), { status: 200 }), + ) + .mockResolvedValueOnce(new Response("{}", { status: 200 })); + queueSpawnResult({ code: 1, stdout: "Please complete registration by running: ssh exe.dev\n" }); + + const result = await plugin.definition.onEnvironmentProbe?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + }, + }); + + expect(result).toMatchObject({ + ok: false, + summary: "exe.dev environment probe failed.", + }); + expect(String(result?.metadata?.error ?? "")).toContain("the Paperclip host SSH key is not registered with exe.dev"); + expect(String(fetchMock.mock.calls[1]?.[1]?.body ?? "")).toBe("rm --json 'paperclip-probe'"); + }); + + it("deletes non-reusable leases on release", async () => { + fetchMock.mockResolvedValueOnce(new Response("{}", { status: 200 })); + + await plugin.definition.onEnvironmentReleaseLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "vm-1", + config: { + apiKey: "api-key", + reuseLease: false, + }, + leaseMetadata: {}, + }); + + expect(String(fetchMock.mock.calls[0]?.[1]?.body ?? "")).toBe("rm --json 'vm-1'"); + }); + + it("destroys leases on demand", async () => { + fetchMock.mockResolvedValueOnce(new Response("{}", { status: 200 })); + + await plugin.definition.onEnvironmentDestroyLease?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + providerLeaseId: "vm-2", + config: { + apiKey: "api-key", + }, + leaseMetadata: {}, + }); + + expect(String(fetchMock.mock.calls[0]?.[1]?.body ?? "")).toBe("rm --json 'vm-2'"); + }); + + it("realizes a workspace by mkdir-ing the remote cwd over SSH when VM metadata is present", async () => { + queueSpawnResult({ code: 0, stdout: "", stderr: "" }); + + const result = await plugin.definition.onEnvironmentRealizeWorkspace?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + timeoutMs: 300000, + }, + lease: { + providerLeaseId: "vm-1", + metadata: { + sshDest: "vm-1.exe.xyz", + remoteCwd: "/srv/paperclip/run-1", + }, + }, + workspace: { + localPath: "/local/paperclip", + remotePath: undefined, + }, + }); + + expect(spawnMock).toHaveBeenCalledTimes(1); + expect(spawnMock.mock.calls[0]?.[0]).toBe("ssh"); + const sshCommand = String(spawnMock.mock.calls[0]?.[1]?.at(-1) ?? ""); + expect(sshCommand).toContain("mkdir -p"); + expect(sshCommand).toContain("/srv/paperclip/run-1"); + expect(result).toMatchObject({ + cwd: "/srv/paperclip/run-1", + metadata: { + provider: "exe-dev", + remoteCwd: "/srv/paperclip/run-1", + }, + }); + }); + + it("falls back through workspace.remotePath then workspace.localPath when lease.metadata.remoteCwd is missing", async () => { + queueSpawnResult({ code: 0, stdout: "", stderr: "" }); + + const result = await plugin.definition.onEnvironmentRealizeWorkspace?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + timeoutMs: 300000, + }, + lease: { + providerLeaseId: "vm-1", + metadata: { + sshDest: "vm-1.exe.xyz", + }, + }, + workspace: { + localPath: "/local/paperclip", + remotePath: "/srv/paperclip/remote-fallback", + }, + }); + + expect(result?.cwd).toBe("/srv/paperclip/remote-fallback"); + }); + + it("skips ensureRemoteWorkspace and returns the resolved cwd when no VM metadata is available", async () => { + const result = await plugin.definition.onEnvironmentRealizeWorkspace?.({ + driverKey: "exe-dev", + companyId: "company-1", + environmentId: "env-1", + config: { + apiKey: "api-key", + timeoutMs: 300000, + }, + lease: { + providerLeaseId: null, + metadata: { + remoteCwd: "/srv/paperclip/no-vm", + }, + }, + workspace: { + localPath: "/local/paperclip", + }, + }); + + expect(spawnMock).not.toHaveBeenCalled(); + expect(result?.cwd).toBe("/srv/paperclip/no-vm"); + }); +}); diff --git a/packages/plugins/sandbox-providers/exe-dev/src/plugin.ts b/packages/plugins/sandbox-providers/exe-dev/src/plugin.ts new file mode 100644 index 00000000..5ec07d27 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/src/plugin.ts @@ -0,0 +1,882 @@ +import path from "node:path"; +import { randomUUID } from "node:crypto"; +import { chmod, mkdtemp, rm, writeFile } from "node:fs/promises"; +import { tmpdir } from "node:os"; +import { spawn } from "node:child_process"; +import { definePlugin } from "@paperclipai/plugin-sdk"; +import type { + PluginEnvironmentAcquireLeaseParams, + PluginEnvironmentDestroyLeaseParams, + PluginEnvironmentExecuteParams, + PluginEnvironmentExecuteResult, + PluginEnvironmentLease, + PluginEnvironmentProbeParams, + PluginEnvironmentProbeResult, + PluginEnvironmentRealizeWorkspaceParams, + PluginEnvironmentRealizeWorkspaceResult, + PluginEnvironmentReleaseLeaseParams, + PluginEnvironmentResumeLeaseParams, + PluginEnvironmentValidateConfigParams, + PluginEnvironmentValidationResult, +} from "@paperclipai/plugin-sdk"; + +interface ExeDevDriverConfig { + apiKey: string | null; + apiUrl: string; + namePrefix: string; + image: string | null; + command: string | null; + cpu: number | null; + memory: string | null; + disk: string | null; + comment: string | null; + env: Record; + integrations: string[]; + tags: string[]; + setupScript: string | null; + prompt: string | null; + timeoutMs: number; + reuseLease: boolean; + sshUser: string | null; + sshPrivateKey: string | null; + sshIdentityFile: string | null; + sshPort: number; + strictHostKeyChecking: string; +} + +interface ExeDevVmRecord { + name: string; + sshDest: string; + httpsUrl: string | null; + status: string | null; + region: string | null; + regionDisplay: string | null; +} + +interface SshExecutionResult { + exitCode: number | null; + signal: string | null; + timedOut: boolean; + stdout: string; + stderr: string; +} + +const DEFAULT_API_URL = "https://exe.dev/exec"; +const DEFAULT_TIMEOUT_MS = 300_000; +const EXE_DEV_API_MAX_TIMEOUT_MS = 29_000; +const SSH_SIGKILL_GRACE_MS = 250; +const MAX_VM_RECORD_DEPTH = 4; +const EXE_DEV_SSH_ONBOARDING_MARKER = "Please complete registration by running: ssh exe.dev"; +const EXE_DEV_SSH_EMAIL_PROMPT = "Please enter your email address:"; + +// exe.dev's `--setup-script` runs at VM init as the unprivileged `exedev` user, which +// has passwordless sudo. The Paperclip sandbox callback bridge is a Node script, so +// every Paperclip workload on this provider needs node on PATH before the bridge can +// start. When the operator hasn't supplied their own setup script, install Node 20 via +// nodesource so the VM comes up ready for Paperclip out of the box. +const DEFAULT_SETUP_SCRIPT = + "command -v node >/dev/null 2>&1 || " + + "(curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && " + + "sudo apt-get install -y nodejs)"; + +class ExeDevApiError extends Error { + readonly status: number; + readonly body: string; + + constructor(message: string, status: number, body: string) { + super(message); + this.name = "ExeDevApiError"; + this.status = status; + this.body = body; + } +} + +function parseOptionalString(value: unknown): string | null { + if (typeof value === "number" && Number.isFinite(value)) return String(value); + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function parseOptionalInteger(value: unknown): number | null { + if (value == null || value === "") return null; + const parsed = Number(value); + return Number.isFinite(parsed) ? Math.trunc(parsed) : null; +} + +function parseStringArray(value: unknown): string[] { + if (Array.isArray(value)) { + return value + .map((entry) => parseOptionalString(entry)) + .filter((entry): entry is string => entry != null); + } + if (typeof value === "string") { + return value + .split(",") + .map((entry) => entry.trim()) + .filter((entry) => entry.length > 0); + } + return []; +} + +function parseEnvMap(value: unknown): Record { + if (!value || typeof value !== "object" || Array.isArray(value)) return {}; + const env: Record = {}; + for (const [key, raw] of Object.entries(value)) { + const normalizedKey = key.trim(); + const normalizedValue = parseOptionalString(raw); + if (normalizedKey.length > 0 && normalizedValue != null) { + env[normalizedKey] = normalizedValue; + } + } + return env; +} + +function isValidUrl(value: string): boolean { + try { + new URL(value); + return true; + } catch { + return false; + } +} + +function normalizeApiUrl(value: string | null): string { + if (!value) return DEFAULT_API_URL; + const trimmed = value.trim(); + if (!trimmed) return DEFAULT_API_URL; + try { + const parsed = new URL(trimmed); + const normalizedPath = parsed.pathname.replace(/\/+$/, "") || "/"; + if (normalizedPath === "/exec") { + parsed.pathname = "/exec"; + return parsed.toString(); + } + parsed.pathname = `${normalizedPath === "/" ? "" : normalizedPath}/exec`.replace(/\/{2,}/g, "/"); + return parsed.toString(); + } catch { + return trimmed; + } +} + +function normalizeNamePrefix(value: string | null): string { + const normalized = (value ?? "paperclip") + .toLowerCase() + .replace(/[^a-z0-9-]+/g, "-") + .replace(/^-+|-+$/g, "") + .replace(/-{2,}/g, "-"); + return normalized.length > 0 ? normalized.slice(0, 24) : "paperclip"; +} + +function parseDriverConfig(raw: Record): ExeDevDriverConfig { + const timeoutMs = Number(raw.timeoutMs ?? DEFAULT_TIMEOUT_MS); + const sshPort = Number(raw.sshPort ?? 22); + + return { + apiKey: parseOptionalString(raw.apiKey), + apiUrl: normalizeApiUrl(parseOptionalString(raw.apiUrl)), + namePrefix: normalizeNamePrefix(parseOptionalString(raw.namePrefix)), + image: parseOptionalString(raw.image), + command: parseOptionalString(raw.command), + cpu: parseOptionalInteger(raw.cpu), + memory: parseOptionalString(raw.memory), + disk: parseOptionalString(raw.disk), + comment: parseOptionalString(raw.comment), + env: parseEnvMap(raw.env), + integrations: parseStringArray(raw.integrations), + tags: parseStringArray(raw.tags), + setupScript: parseOptionalString(raw.setupScript), + prompt: parseOptionalString(raw.prompt), + timeoutMs: Number.isFinite(timeoutMs) ? Math.trunc(timeoutMs) : DEFAULT_TIMEOUT_MS, + reuseLease: raw.reuseLease === true, + sshUser: parseOptionalString(raw.sshUser), + sshPrivateKey: parseOptionalString(raw.sshPrivateKey), + sshIdentityFile: parseOptionalString(raw.sshIdentityFile), + sshPort: Number.isFinite(sshPort) ? Math.trunc(sshPort) : 22, + strictHostKeyChecking: parseOptionalString(raw.strictHostKeyChecking) ?? "accept-new", + }; +} + +function resolveApiKey(config: ExeDevDriverConfig): string { + if (config.apiKey) return config.apiKey; + const envApiKey = process.env.EXE_API_KEY?.trim() ?? ""; + if (!envApiKey) { + throw new Error("exe.dev environments require an API key in config or EXE_API_KEY."); + } + return envApiKey; +} + +function isValidShellEnvKey(value: string): boolean { + return /^[A-Za-z_][A-Za-z0-9_]*$/.test(value); +} + +function shellQuote(value: string): string { + return `'${value.replace(/'/g, `'"'"'`)}'`; +} + +function formatErrorMessage(error: unknown): string { + return error instanceof Error ? error.message : String(error); +} + +function buildVmName(config: ExeDevDriverConfig, params: PluginEnvironmentAcquireLeaseParams): string { + const envPart = params.environmentId.replace(/[^a-z0-9]+/gi, "").slice(0, 8).toLowerCase() || "env"; + const runPart = params.runId.replace(/[^a-z0-9]+/gi, "").slice(0, 8).toLowerCase() || randomUUID().slice(0, 8); + return `${config.namePrefix}-${envPart}-${runPart}`.slice(0, 63); +} + +function buildFlag(name: string, value: string | number | null | undefined): string[] { + if (value == null) return []; + return [`--${name}=${shellQuote(String(value))}`]; +} + +function buildRepeatedFlag(name: string, values: string[]): string[] { + return values.flatMap((value) => buildFlag(name, value)); +} + +function buildEnvFlags(env: Record): string[] { + return Object.entries(env).flatMap(([key, value]) => buildFlag("env", `${key}=${value}`)); +} + +function resolveSetupScript(config: ExeDevDriverConfig): string | null { + if (config.setupScript === null) return DEFAULT_SETUP_SCRIPT; + const trimmed = config.setupScript.trim(); + return trimmed.length > 0 ? config.setupScript : null; +} + +function buildCreateCommand( + config: ExeDevDriverConfig, + vmName: string, +): string { + return [ + "new", + "--json", + "--no-email", + ...buildFlag("name", vmName), + ...buildFlag("image", config.image), + ...buildFlag("command", config.command), + ...buildFlag("cpu", config.cpu), + ...buildFlag("memory", config.memory), + ...buildFlag("disk", config.disk), + ...buildFlag("comment", config.comment), + ...buildEnvFlags(config.env), + ...buildRepeatedFlag("integration", config.integrations), + ...buildRepeatedFlag("tag", config.tags), + ...buildFlag("setup-script", resolveSetupScript(config)), + ...buildFlag("prompt", config.prompt), + ].join(" "); +} + +function replaceLiteralAll(input: string, search: string, replacement: string): string { + return search.length === 0 ? input : input.split(search).join(replacement); +} + +function redactCreateCommand(command: string, config: ExeDevDriverConfig): string { + let redacted = command; + + for (const [key, value] of Object.entries(config.env)) { + redacted = replaceLiteralAll( + redacted, + `--env=${shellQuote(`${key}=${value}`)}`, + `--env=${shellQuote(`${key}=[REDACTED]`)}`, + ); + } + + if (config.prompt) { + redacted = replaceLiteralAll( + redacted, + `--prompt=${shellQuote(config.prompt)}`, + `--prompt=${shellQuote("[REDACTED]")}`, + ); + } + + const resolvedSetupScript = resolveSetupScript(config); + if (resolvedSetupScript && resolvedSetupScript !== DEFAULT_SETUP_SCRIPT) { + redacted = replaceLiteralAll( + redacted, + `--setup-script=${shellQuote(resolvedSetupScript)}`, + `--setup-script=${shellQuote("[REDACTED]")}`, + ); + } + + return redacted; +} + +async function runLifecycleCommand( + config: ExeDevDriverConfig, + command: string, + logCommand = command, +): Promise { + const response = await fetch(config.apiUrl, { + method: "POST", + headers: { + Authorization: `Bearer ${resolveApiKey(config)}`, + "Content-Type": "text/plain; charset=utf-8", + }, + body: command, + signal: AbortSignal.timeout(Math.min(config.timeoutMs, EXE_DEV_API_MAX_TIMEOUT_MS)), + }); + const body = await response.text(); + if (!response.ok) { + throw new ExeDevApiError( + `exe.dev API command failed (${response.status}) for: ${logCommand}`, + response.status, + body, + ); + } + + const trimmed = body.trim(); + if (!trimmed) return null; + try { + return JSON.parse(trimmed); + } catch { + return body; + } +} + +function parseVmRecord(value: unknown, depth = 0): ExeDevVmRecord | null { + if (depth > MAX_VM_RECORD_DEPTH) return null; + if (!value || typeof value !== "object" || Array.isArray(value)) return null; + const record = value as Record; + const nested = parseVmRecord(record.vm, depth + 1) ?? parseVmRecord(record.data, depth + 1); + if (nested) return nested; + + const name = parseOptionalString(record.vm_name ?? record.name ?? record.vmName); + const sshDest = parseOptionalString(record.ssh_dest ?? record.sshDest) + ?? (name ? `${name}.exe.xyz` : null); + + if (!name || !sshDest) return null; + + return { + name, + sshDest, + httpsUrl: parseOptionalString(record.https_url ?? record.httpsUrl), + status: parseOptionalString(record.status), + region: parseOptionalString(record.region), + regionDisplay: parseOptionalString(record.region_display ?? record.regionDisplay), + }; +} + +async function lookupVm(config: ExeDevDriverConfig, vmName: string): Promise { + const response = await runLifecycleCommand(config, `ls --json ${shellQuote(vmName)}`); + const list = Array.isArray((response as { vms?: unknown[] } | null)?.vms) + ? (response as { vms: unknown[] }).vms + : Array.isArray(response) + ? response + : response + ? [response] + : []; + for (const candidate of list) { + const parsed = parseVmRecord(candidate); + if (parsed?.name === vmName || parsed?.sshDest === vmName) { + return parsed; + } + } + return null; +} + +async function createVm( + config: ExeDevDriverConfig, + params: PluginEnvironmentAcquireLeaseParams | PluginEnvironmentProbeParams, +): Promise { + const vmName = "runId" in params + ? buildVmName(config, params) + : `${config.namePrefix}-probe-${randomUUID().slice(0, 8)}`.slice(0, 63); + const command = buildCreateCommand(config, vmName); + const response = await runLifecycleCommand(config, command, redactCreateCommand(command, config)); + const created = parseVmRecord(response) ?? await lookupVm(config, vmName); + if (!created) { + throw new Error(`exe.dev did not return VM metadata for ${vmName}.`); + } + return created; +} + +async function deleteVm(config: ExeDevDriverConfig, vmName: string): Promise { + await runLifecycleCommand(config, `rm --json ${shellQuote(vmName)}`); +} + +function buildSshDestination(config: ExeDevDriverConfig, vm: ExeDevVmRecord): string { + return config.sshUser ? `${config.sshUser}@${vm.sshDest}` : vm.sshDest; +} + +function buildSshArgs( + config: ExeDevDriverConfig, + vm: ExeDevVmRecord, + remoteCommand: string, + sshIdentityFile: string | null, +): string[] { + const args = [ + "-T", + "-o", + "BatchMode=yes", + "-o", + `StrictHostKeyChecking=${config.strictHostKeyChecking}`, + "-o", + "ConnectTimeout=15", + "-p", + String(config.sshPort), + ]; + if (sshIdentityFile) { + args.push("-i", sshIdentityFile, "-o", "IdentitiesOnly=yes"); + } + args.push(buildSshDestination(config, vm), remoteCommand); + return args; +} + +async function prepareSshIdentity(config: ExeDevDriverConfig): Promise<{ + sshIdentityFile: string | null; + cleanup: () => Promise; +}> { + if (!config.sshPrivateKey) { + return { + sshIdentityFile: config.sshIdentityFile, + cleanup: async () => {}, + }; + } + + const tempDir = await mkdtemp(path.join(tmpdir(), "paperclip-exe-dev-ssh-")); + const sshIdentityFile = path.join(tempDir, "id_ed25519"); + const privateKey = config.sshPrivateKey.endsWith("\n") + ? config.sshPrivateKey + : `${config.sshPrivateKey}\n`; + + await writeFile(sshIdentityFile, privateKey, { mode: 0o600 }); + await chmod(sshIdentityFile, 0o600); + + return { + sshIdentityFile, + cleanup: async () => { + await rm(tempDir, { recursive: true, force: true }); + }, + }; +} + +function buildLoginShellScript(input: { + command: string; + args: string[]; + cwd?: string; + env?: Record; +}): string { + const env = input.env ?? {}; + for (const key of Object.keys(env)) { + if (!isValidShellEnvKey(key)) { + throw new Error(`Invalid exe.dev environment variable key: ${key}`); + } + } + const envArgs = Object.entries(env) + .filter((entry): entry is [string, string] => typeof entry[1] === "string") + .map(([key, value]) => `${key}=${shellQuote(value)}`); + const commandParts = [shellQuote(input.command), ...input.args.map(shellQuote)].join(" "); + const finalLine = envArgs.length > 0 + ? `exec env ${envArgs.join(" ")} ${commandParts}` + : `exec ${commandParts}`; + const lines = [ + 'if [ -f /etc/profile ]; then . /etc/profile >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.profile" ]; then . "$HOME/.profile" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.bash_profile" ]; then . "$HOME/.bash_profile" >/dev/null 2>&1 || true; elif [ -f "$HOME/.bashrc" ]; then . "$HOME/.bashrc" >/dev/null 2>&1 || true; fi', + 'if [ -f "$HOME/.zprofile" ]; then . "$HOME/.zprofile" >/dev/null 2>&1 || true; fi', + 'export NVM_DIR="${NVM_DIR:-$HOME/.nvm}"', + '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" >/dev/null 2>&1 || true', + ]; + if (input.cwd) { + lines.push(`cd ${shellQuote(input.cwd)}`); + } + lines.push(finalLine); + return lines.join(" && "); +} + +function formatSshFailure( + action: string, + vmName: string, + result: Pick, +): string { + const combinedOutput = `${result.stderr}\n${result.stdout}`; + if ( + combinedOutput.includes(EXE_DEV_SSH_ONBOARDING_MARKER) + || combinedOutput.includes(EXE_DEV_SSH_EMAIL_PROMPT) + ) { + return [ + `Failed to ${action} exe.dev VM ${vmName}: the Paperclip host SSH key is not registered with exe.dev.`, + "Complete exe.dev's one-time SSH onboarding on this host by running `ssh exe.dev` and following the email verification prompt, then retry.", + ].join(" "); + } + + return `Failed to ${action} exe.dev VM ${vmName}: ${result.stderr.trim() || result.stdout.trim() || "unknown error"}`; +} + +async function runSshCommand( + config: ExeDevDriverConfig, + vm: ExeDevVmRecord, + remoteCommand: string, + options: { stdin?: string; timeoutMs?: number } = {}, +): Promise { + const timeoutMs = options.timeoutMs ?? config.timeoutMs; + const identity = await prepareSshIdentity(config); + + try { + return await new Promise((resolve, reject) => { + const child = spawn("ssh", buildSshArgs(config, vm, remoteCommand, identity.sshIdentityFile), { + stdio: [options.stdin != null ? "pipe" : "ignore", "pipe", "pipe"], + }); + let stdout = ""; + let stderr = ""; + let timedOut = false; + let killTimer: NodeJS.Timeout | null = null; + const timer = timeoutMs > 0 + ? setTimeout(() => { + timedOut = true; + child.kill("SIGTERM"); + killTimer = setTimeout(() => { + child.kill("SIGKILL"); + }, SSH_SIGKILL_GRACE_MS); + }, timeoutMs) + : null; + + child.stdout?.on("data", (chunk) => { + stdout += String(chunk); + }); + child.stderr?.on("data", (chunk) => { + stderr += String(chunk); + }); + child.on("error", (error) => { + if (timer) clearTimeout(timer); + if (killTimer) clearTimeout(killTimer); + reject(error); + }); + child.on("close", (code, signal) => { + if (timer) clearTimeout(timer); + if (killTimer) clearTimeout(killTimer); + resolve({ + exitCode: timedOut ? null : code, + signal, + timedOut, + stdout, + stderr, + }); + }); + + if (options.stdin != null && child.stdin) { + child.stdin.write(options.stdin); + child.stdin.end(); + } + }); + } finally { + await identity.cleanup(); + } +} + +async function detectRemoteContext( + config: ExeDevDriverConfig, + vm: ExeDevVmRecord, +): Promise<{ homeDir: string; shellCommand: "bash" | "sh" }> { + const result = await runSshCommand( + config, + vm, + `sh -lc ${shellQuote( + 'home="${HOME:-}"; if [ -z "$home" ]; then home="$(pwd)"; fi; if command -v bash >/dev/null 2>&1; then shell=bash; else shell=sh; fi; printf "%s\\n%s\\n" "$home" "$shell"', + )}`, + ); + if (result.timedOut || result.exitCode !== 0) { + throw new Error(formatSshFailure("inspect", vm.name, result)); + } + + const [homeDirRaw, shellRaw] = result.stdout.split(/\r?\n/); + const homeDir = homeDirRaw?.trim() || "/tmp"; + return { + homeDir, + shellCommand: shellRaw?.trim() === "bash" ? "bash" : "sh", + }; +} + +async function ensureRemoteWorkspace( + config: ExeDevDriverConfig, + vm: ExeDevVmRecord, + remoteCwd: string, +): Promise { + const result = await runSshCommand( + config, + vm, + `sh -lc ${shellQuote(`mkdir -p ${shellQuote(remoteCwd)}`)}`, + ); + if (result.timedOut || result.exitCode !== 0) { + throw new Error(formatSshFailure("create workspace for", vm.name, result)); + } +} + +async function buildLease( + config: ExeDevDriverConfig, + vm: ExeDevVmRecord, + requestedCwd: string | undefined, + resumedLease: boolean, +): Promise { + const remote = await detectRemoteContext(config, vm); + const remoteCwd = requestedCwd?.trim() || path.posix.join(remote.homeDir, "paperclip-workspace"); + await ensureRemoteWorkspace(config, vm, remoteCwd); + + return { + providerLeaseId: vm.name, + metadata: { + provider: "exe-dev", + vmName: vm.name, + sshDest: vm.sshDest, + httpsUrl: vm.httpsUrl, + region: vm.region, + regionDisplay: vm.regionDisplay, + shellCommand: remote.shellCommand, + remoteCwd, + timeoutMs: config.timeoutMs, + reuseLease: config.reuseLease, + resumedLease, + }, + }; +} + +function metadataVmRecord(params: { + providerLeaseId: string | null; + leaseMetadata?: Record | null; +}): ExeDevVmRecord | null { + if (!params.providerLeaseId) return null; + const sshDest = parseOptionalString(params.leaseMetadata?.sshDest) ?? `${params.providerLeaseId}.exe.xyz`; + return { + name: params.providerLeaseId, + sshDest, + httpsUrl: parseOptionalString(params.leaseMetadata?.httpsUrl), + status: parseOptionalString(params.leaseMetadata?.status), + region: parseOptionalString(params.leaseMetadata?.region), + regionDisplay: parseOptionalString(params.leaseMetadata?.regionDisplay), + }; +} + +const plugin = definePlugin({ + async setup(ctx) { + ctx.logger.info("exe.dev sandbox provider plugin ready"); + }, + + async onHealth() { + return { status: "ok", message: "exe.dev sandbox provider plugin healthy" }; + }, + + async onEnvironmentValidateConfig( + params: PluginEnvironmentValidateConfigParams, + ): Promise { + const config = parseDriverConfig(params.config); + const errors: string[] = []; + const warnings: string[] = []; + + if (config.apiUrl && !isValidUrl(config.apiUrl)) { + errors.push("apiUrl must be a valid URL."); + } + if (config.timeoutMs < 1 || config.timeoutMs > 86_400_000) { + errors.push("timeoutMs must be between 1 and 86400000."); + } + if (config.cpu != null && config.cpu <= 0) { + errors.push("cpu must be greater than 0 when provided."); + } + if (config.sshPort < 1 || config.sshPort > 65_535) { + errors.push("sshPort must be between 1 and 65535."); + } + if (!config.apiKey && !(process.env.EXE_API_KEY?.trim())) { + errors.push("exe.dev environments require an API key in config or EXE_API_KEY."); + } + for (const key of Object.keys(config.env)) { + if (!isValidShellEnvKey(key)) { + errors.push(`env contains an invalid key: ${key}`); + } + } + if ( + typeof params.config.strictHostKeyChecking === "string" && + params.config.strictHostKeyChecking.trim().length === 0 + ) { + errors.push("strictHostKeyChecking cannot be empty."); + } + + warnings.push( + "The Paperclip host must have SSH access to the created exe.dev VM, and its SSH key must be registered with exe.dev. The API token only covers provisioning.", + ); + if (config.reuseLease) { + warnings.push("reuseLease keeps the VM alive between runs; this provider does not suspend retained VMs."); + } + + if (errors.length > 0) { + return { ok: false, errors, warnings }; + } + + return { + ok: true, + warnings, + normalizedConfig: { ...config }, + }; + }, + + async onEnvironmentProbe( + params: PluginEnvironmentProbeParams, + ): Promise { + const config = parseDriverConfig(params.config); + let vm: ExeDevVmRecord | null = null; + + try { + vm = await createVm(config, params); + const lease = await buildLease(config, vm, undefined, false); + return { + ok: true, + summary: `Connected to exe.dev VM ${vm.name}.`, + metadata: { + provider: "exe-dev", + vmName: vm.name, + sshDest: vm.sshDest, + timeoutMs: config.timeoutMs, + reuseLease: config.reuseLease, + remoteCwd: lease.metadata?.remoteCwd, + shellCommand: lease.metadata?.shellCommand, + }, + }; + } catch (error) { + return { + ok: false, + summary: "exe.dev environment probe failed.", + metadata: { + provider: "exe-dev", + timeoutMs: config.timeoutMs, + reuseLease: config.reuseLease, + error: formatErrorMessage(error), + }, + }; + } finally { + if (vm) { + await deleteVm(config, vm.name).catch(() => undefined); + } + } + }, + + async onEnvironmentAcquireLease( + params: PluginEnvironmentAcquireLeaseParams, + ): Promise { + const config = parseDriverConfig(params.config); + const vm = await createVm(config, params); + try { + return await buildLease(config, vm, params.requestedCwd, false); + } catch (error) { + await deleteVm(config, vm.name).catch(() => undefined); + throw error; + } + }, + + async onEnvironmentResumeLease( + params: PluginEnvironmentResumeLeaseParams, + ): Promise { + const config = parseDriverConfig(params.config); + const vm = await lookupVm(config, params.providerLeaseId); + if (!vm) { + return { providerLeaseId: null, metadata: { expired: true } }; + } + const requestedCwd = parseOptionalString(params.leaseMetadata?.remoteCwd); + return await buildLease(config, vm, requestedCwd ?? undefined, true); + }, + + async onEnvironmentReleaseLease( + params: PluginEnvironmentReleaseLeaseParams, + ): Promise { + if (!params.providerLeaseId) return; + const config = parseDriverConfig(params.config); + if (config.reuseLease) return; + await deleteVm(config, params.providerLeaseId); + }, + + async onEnvironmentDestroyLease( + params: PluginEnvironmentDestroyLeaseParams, + ): Promise { + if (!params.providerLeaseId) return; + const config = parseDriverConfig(params.config); + await deleteVm(config, params.providerLeaseId); + }, + + async onEnvironmentRealizeWorkspace( + params: PluginEnvironmentRealizeWorkspaceParams, + ): Promise { + const config = parseDriverConfig(params.config); + const remoteCwd = + parseOptionalString(params.lease.metadata?.remoteCwd) + ?? params.workspace.remotePath + ?? params.workspace.localPath + ?? "/tmp/paperclip-workspace"; + + const vm = metadataVmRecord({ + providerLeaseId: params.lease.providerLeaseId, + leaseMetadata: params.lease.metadata, + }); + if (vm) { + await ensureRemoteWorkspace(config, vm, remoteCwd); + } + + return { + cwd: remoteCwd, + metadata: { + provider: "exe-dev", + remoteCwd, + }, + }; + }, + + async onEnvironmentExecute( + params: PluginEnvironmentExecuteParams, + ): Promise { + if (!params.lease.providerLeaseId) { + return { + exitCode: 1, + signal: null, + timedOut: false, + stdout: "", + stderr: "No provider lease ID available for execution.", + }; + } + + const config = parseDriverConfig(params.config); + const vm = metadataVmRecord({ + providerLeaseId: params.lease.providerLeaseId, + leaseMetadata: params.lease.metadata, + }); + if (!vm) { + return { + exitCode: 1, + signal: null, + timedOut: false, + stdout: "", + stderr: "No exe.dev VM metadata available for execution.", + }; + } + + const command = buildLoginShellScript({ + command: params.command, + args: params.args ?? [], + cwd: params.cwd ?? parseOptionalString(params.lease.metadata?.remoteCwd) ?? undefined, + env: params.env, + }); + // `buildLoginShellScript` already explicitly sources `/etc/profile`, + // `~/.profile`, `~/.bash_profile`/`~/.bashrc`, and `~/.zprofile`. Wrapping + // the result in `sh -lc` (login shell) would source the same files a + // second time, which can cause `PATH` duplication or unexpected behavior + // on VMs whose profile init isn't idempotent. Use `sh -c` here so the + // explicit sourcing inside the script is the single source of truth. + const result = await runSshCommand( + config, + vm, + `sh -c ${shellQuote(command)}`, + { stdin: params.stdin, timeoutMs: params.timeoutMs ?? config.timeoutMs }, + ); + + return { + exitCode: result.exitCode, + signal: result.signal, + timedOut: result.timedOut, + stdout: result.stdout, + stderr: + !result.timedOut && result.exitCode !== 0 + ? formatSshFailure("execute commands on", vm.name, result) + : result.stderr, + metadata: { + provider: "exe-dev", + vmName: vm.name, + sshDest: vm.sshDest, + }, + }; + }, +}); + +export default plugin; diff --git a/packages/plugins/sandbox-providers/exe-dev/src/worker.ts b/packages/plugins/sandbox-providers/exe-dev/src/worker.ts new file mode 100644 index 00000000..1e156024 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/src/worker.ts @@ -0,0 +1,5 @@ +import { runWorker } from "@paperclipai/plugin-sdk"; +import plugin from "./plugin.js"; + +export default plugin; +runWorker(plugin, import.meta.url); diff --git a/packages/plugins/sandbox-providers/exe-dev/tsconfig.json b/packages/plugins/sandbox-providers/exe-dev/tsconfig.json new file mode 100644 index 00000000..000e3293 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/tsconfig.json @@ -0,0 +1,11 @@ +{ + "extends": "../../../../tsconfig.json", + "compilerOptions": { + "outDir": "dist", + "rootDir": "src", + "lib": ["ES2023"], + "types": ["node"] + }, + "include": ["src"], + "exclude": ["src/**/*.test.ts"] +} diff --git a/packages/plugins/sandbox-providers/exe-dev/vitest.config.ts b/packages/plugins/sandbox-providers/exe-dev/vitest.config.ts new file mode 100644 index 00000000..ce36a742 --- /dev/null +++ b/packages/plugins/sandbox-providers/exe-dev/vitest.config.ts @@ -0,0 +1,8 @@ +import { defineConfig } from "vitest/config"; + +export default defineConfig({ + test: { + include: ["src/**/*.test.ts"], + environment: "node", + }, +}); diff --git a/packages/plugins/sdk/README.md b/packages/plugins/sdk/README.md index faadc501..c1f73d98 100644 --- a/packages/plugins/sdk/README.md +++ b/packages/plugins/sdk/README.md @@ -15,7 +15,7 @@ Reference: `doc/plugins/PLUGIN_SPEC.md` | Import | Purpose | |--------|--------| | `@paperclipai/plugin-sdk` | Worker entry: `definePlugin`, `runWorker`, context types, protocol helpers | -| `@paperclipai/plugin-sdk/ui` | UI entry: `usePluginData`, `usePluginAction`, `usePluginStream`, `useHostContext`, slot prop types | +| `@paperclipai/plugin-sdk/ui` | UI entry: `usePluginData`, `usePluginAction`, `usePluginStream`, `useHostContext`, `useHostNavigation`, slot prop types | | `@paperclipai/plugin-sdk/ui/hooks` | Hooks only | | `@paperclipai/plugin-sdk/ui/types` | UI types and slot prop interfaces | | `@paperclipai/plugin-sdk/testing` | `createTestHarness` for unit/integration tests | @@ -47,7 +47,7 @@ The SDK is stable enough for local development and first-party examples, but the - For deployed plugins, publish an npm package and install that package into the Paperclip instance at runtime. - The current host runtime expects a writable filesystem, `npm` available at runtime, and network access to the package registry used for plugin installation. - Dynamic plugin install is currently best suited to single-node persistent deployments. Multi-instance cloud deployments still need a shared artifact/distribution model before runtime installs are reliable across nodes. -- The host does not currently ship a real shared React component kit for plugins. Build your plugin UI with ordinary React components and CSS. +- The host ships a small shared React component kit through `@paperclipai/plugin-sdk/ui`. Use it for native Paperclip controls; custom React and CSS are still supported. - `ctx.assets` is not part of the supported runtime in this build. Do not depend on asset upload/read APIs yet. If you are authoring a plugin for others to deploy, treat npm-packaged installation as the supported path and treat repo-local example installs as a development convenience. @@ -100,12 +100,14 @@ runWorker(plugin, import.meta.url); | `onValidateConfig?(config)` | Optional. Return `{ ok, warnings?, errors? }` for settings UI / Test Connection. | | `onWebhook?(input)` | Optional. Handle `POST /api/plugins/:pluginId/webhooks/:endpointKey`; required if webhooks declared. | -**Context (`ctx`) in setup:** `config`, `events`, `jobs`, `launchers`, `http`, `secrets`, `activity`, `state`, `entities`, `projects`, `companies`, `issues`, `agents`, `goals`, `data`, `actions`, `streams`, `tools`, `metrics`, `logger`, `manifest`. Worker-side host APIs are capability-gated; declare capabilities in the manifest. +**Context (`ctx`) in setup:** `config`, `localFolders`, `events`, `jobs`, `launchers`, `http`, `secrets`, `activity`, `state`, `entities`, `projects`, `companies`, `issues`, `agents`, `goals`, `data`, `actions`, `streams`, `tools`, `metrics`, `logger`, `manifest`. Worker-side host APIs are capability-gated; declare capabilities in the manifest. **Agents:** `ctx.agents.invoke(agentId, companyId, opts)` for one-shot invocation. `ctx.agents.sessions` for two-way chat: `create`, `list`, `sendMessage` (with streaming `onEvent` callback), `close`. See the [Plugin Authoring Guide](../../doc/plugins/PLUGIN_AUTHORING_GUIDE.md#agent-sessions-two-way-chat) for details. **Jobs:** Declare in `manifest.jobs` with `jobKey`, `displayName`, `schedule` (cron). Register handler with `ctx.jobs.register(jobKey, fn)`. **Webhooks:** Declare in `manifest.webhooks` with `endpointKey`; handle in `onWebhook(input)`. **State:** `ctx.state.get/set/delete(scopeKey)`; scope kinds: `instance`, `company`, `project`, `project_workspace`, `agent`, `issue`, `goal`, `run`. +**Trusted local folders:** Declare `manifest.localFolders[]` and the `local.folders` capability when a plugin needs an operator-configured company-scoped folder. Use `ctx.localFolders.configure()`, `status()`, `readText()`, and `writeTextAtomic()` instead of resolving arbitrary filesystem paths yourself. The host validates absolute roots, read/write access, required relative folders/files, traversal attempts, symlink escapes, and writes through temp-file-plus-rename atomic replacement. + ## Events Subscribe in `setup` with `ctx.events.on(name, handler)` or `ctx.events.on(name, filter, handler)`. Emit plugin-scoped events with `ctx.events.emit(name, companyId, payload)` (requires `events.emit`). @@ -201,12 +203,13 @@ Slots are mount points for plugin React components. Launchers are host-rendered ### Slot types / launcher placement zones -The same set of values is used as **slot types** (where a component mounts) and **launcher placement zones** (where a launcher can appear). Hierarchy: +Slot types describe where a component mounts. Most values also exist as launcher placement zones. | Slot type / placement zone | Scope | Entity types (when context-sensitive) | |----------------------------|-------|---------------------------------------| | `page` | Global | — | | `sidebar` | Global | — | +| `routeSidebar` | Global | — | | `sidebarPanel` | Global | — | | `settingsPage` | Global | — | | `dashboardWidget` | Global | — | @@ -233,6 +236,10 @@ A full-page extension mounted at `/plugins/:pluginId` (global) or `/:company/plu Adds a navigation-style entry to the main company sidebar navigation area, rendered alongside the core nav items (Dashboard, Issues, Goals, etc.). Use this for lightweight, always-visible links or status indicators that feel native to the sidebar. Receives `PluginSidebarProps` with `context.companyId` set to the active company. Requires the `ui.sidebar.register` capability. +#### `routeSidebar` + +Replaces the normal company sidebar while the current route is a plugin page route with the same `routePath`. Use this for full-page plugin workspaces that need their own local navigation while keeping the company rail and account footer. Receives `PluginRouteSidebarProps` with `context.companyId` and `context.companyPrefix` set to the active company. Requires the `ui.sidebar.register` capability. + #### `sidebarPanel` Renders richer inline content in a dedicated panel area below the company sidebar navigation sections. Use this for mini-widgets, summary cards, quick-action panels, or at-a-glance status views that need more vertical space than a nav link. Receives `context.companyId` set to the active company via `useHostContext()`. Requires the `ui.sidebar.register` capability. @@ -338,6 +345,7 @@ Declare in `manifest.capabilities`. Grouped by scope: | | `http.outbound` | | | `secrets.read-ref` | | | `environment.drivers.register` | +| | `local.folders` | | **Agent** | `agent.tools.register` | | | `agents.invoke` | | | `agent.sessions.create` | @@ -372,6 +380,38 @@ only inside the plugin namespace. Runtime `ctx.db.query()` allows `SELECT` from `ctx.db.execute()` allows `INSERT`, `UPDATE`, and `DELETE` only against the plugin namespace. +### Trusted Local Folders + +Trusted local plugins can request operator-configured folders per company: + +```ts +export const manifest = { + // ... + capabilities: ["local.folders"], + localFolders: [ + { + folderKey: "content-root", + displayName: "Content root", + access: "readWrite", + requiredDirectories: ["sources", "pages"], + requiredFiles: ["schema.md"], + }, + ], +}; +``` + +The host stores the selected path in company-scoped plugin settings and exposes +readiness through: + +- `GET /api/plugins/:pluginId/companies/:companyId/local-folders` +- `GET /api/plugins/:pluginId/companies/:companyId/local-folders/:folderKey/status` +- `POST /api/plugins/:pluginId/companies/:companyId/local-folders/:folderKey/validate` +- `PUT /api/plugins/:pluginId/companies/:companyId/local-folders/:folderKey` + +Worker code should access files through `ctx.localFolders.readText()` and +`ctx.localFolders.writeTextAtomic()`. Relative paths must stay inside the +configured root; symlinks that escape the root are rejected. + ### Scoped API Routes Manifest-declared `apiRoutes` expose JSON routes under @@ -599,6 +639,23 @@ export function IssueLinearLink({ context }: PluginDetailTabProps) { } ``` +#### `useHostNavigation()` + +Routes Paperclip-internal plugin links through the host router without a full document reload. Use `linkProps()` for anchors so the browser still gets a real `href` for copy-link, modifier-click, middle-click, and open-in-new-tab behavior. + +```tsx +import { useHostNavigation } from "@paperclipai/plugin-sdk/ui"; + +export function WikiSidebarLink() { + const hostNavigation = useHostNavigation(); + return Wiki; +} +``` + +`linkProps("/wiki")` resolves against the active company prefix, so in company `PAP` it renders `href="/PAP/wiki"`. Already-prefixed paths such as `/PAP/wiki` are not prefixed again. For button-style commands, call `hostNavigation.navigate("/issues/PAP-123")`. + +Avoid raw same-origin `href`s or `window.location.assign()` for Paperclip-internal navigation from plugin UI. Those bypass the host router and can reload the whole app. External links should keep normal anchors with `target="_blank"` and `rel="noopener noreferrer"` as appropriate. + #### `usePluginStream(channel, options?)` Subscribes to a real-time event stream pushed from the plugin worker via SSE. The worker pushes events using `ctx.streams.emit(channel, event)` and the hook receives them as they arrive. Returns `{ events, lastEvent, connecting, connected, error, close }`. @@ -629,7 +686,118 @@ The SSE connection targets `GET /api/plugins/:pluginId/bridge/stream/:channel?co ### UI authoring note -The current host does **not** provide a real shared component library to plugins yet. Use normal React components, your own CSS, or your own small design primitives inside the plugin package. +The host provides selected shared UI components through `@paperclipai/plugin-sdk/ui`. +Plugins can also use normal React components, their own CSS, or small design +primitives inside the plugin package. + +Use the shared components when the plugin needs to look and behave like a native +Paperclip surface: + +| Component | Use when | +|---|---| +| `MarkdownBlock` | Rendering markdown from plugin or host data | +| `MarkdownEditor` | Editing markdown with the host editor treatment | +| `FileTree` | Showing serializable workspace/wiki/import paths | +| `IssuesList` | Embedding a company-scoped native issue list | +| `AssigneePicker` | Selecting an agent or board user with the same picker as the new issue pane | +| `ProjectPicker` | Selecting a project with the same picker as the new issue pane | +| `ManagedRoutinesList` | Showing plugin-managed routines in settings UI | + +#### Shared Markdown Components + +Plugin UI can render markdown and edit markdown using the same host components +used by Paperclip issue comments and documents: + +```tsx +import { MarkdownBlock, MarkdownEditor } from "@paperclipai/plugin-sdk/ui"; + +export function WikiPageEditor() { + const [body, setBody] = useState("# Wiki page"); + + return ( + <> + + + + ); +} +``` + +`MarkdownBlock` can opt into Obsidian-style wikilinks when a plugin owns the +target URL shape: + +```tsx + +``` + +#### Shared FileTree + +Plugin UI can render the host file tree without importing host internals: + +```tsx +import { FileTree, type FileTreeNode } from "@paperclipai/plugin-sdk/ui"; + +const nodes: FileTreeNode[] = [ + { name: "AGENTS.md", path: "AGENTS.md", kind: "file", children: [] }, + { + name: "wiki", + path: "wiki", + kind: "dir", + children: [ + { name: "index.md", path: "wiki/index.md", kind: "file", children: [] }, + ], + }, +]; + +export function WikiFiles() { + return ( + console.log("toggle", path)} + onSelectFile={(path) => console.log("select", path)} + /> + ); +} +``` + +#### Shared Assignee and Project Pickers + +Use `AssigneePicker` and `ProjectPicker` when a plugin needs to create, filter, +or configure work against Paperclip entities. Both are controlled components and +load their options from the host for the provided company. + +```tsx +import { AssigneePicker, ProjectPicker } from "@paperclipai/plugin-sdk/ui"; + +export function AssignmentControls({ companyId }: { companyId: string }) { + const [assignee, setAssignee] = useState(""); + const [projectId, setProjectId] = useState(""); + + return ( + <> + { + setAssignee(value); + console.log(selection.assigneeAgentId, selection.assigneeUserId); + }} + /> + + + ); +} +``` ### Slot component props @@ -639,6 +807,7 @@ Each slot type receives a typed props object with `context: PluginHostContext`. |-----------|----------------|------------------| | `page` | `PluginPageProps` | — | | `sidebar` | `PluginSidebarProps` | — | +| `routeSidebar` | `PluginRouteSidebarProps` | — | | `settingsPage` | `PluginSettingsPageProps` | — | | `dashboardWidget` | `PluginWidgetProps` | — | | `globalToolbarButton` | `PluginGlobalToolbarButtonProps` | — | @@ -741,14 +910,17 @@ Plugins can add a link under each project in the sidebar via the `projectSidebar Minimal React component that links to the project’s plugin tab (see project detail tabs in the spec): ```tsx -import type { PluginProjectSidebarItemProps } from "@paperclipai/plugin-sdk/ui"; +import { + useHostNavigation, + type PluginProjectSidebarItemProps, +} from "@paperclipai/plugin-sdk/ui"; export function FilesLink({ context }: PluginProjectSidebarItemProps) { + const hostNavigation = useHostNavigation(); const projectId = context.entityId; - const prefix = context.companyPrefix ? `/${context.companyPrefix}` : ""; const projectRef = projectId; // or resolve from host; entityId is project id return ( - + Files ); diff --git a/packages/plugins/sdk/src/bundlers.ts b/packages/plugins/sdk/src/bundlers.ts index b17989e6..e761489c 100644 --- a/packages/plugins/sdk/src/bundlers.ts +++ b/packages/plugins/sdk/src/bundlers.ts @@ -89,11 +89,12 @@ export function createPluginBundlerPresets(input: PluginBundlerPresetInput = {}) const esbuildManifest: EsbuildLikeOptions = { entryPoints: [manifestEntry], outdir, - bundle: false, + bundle: true, format: "esm", platform: "node", target: "node20", sourcemap, + external: ["@paperclipai/plugin-sdk"], }; const esbuildUi = uiEntry diff --git a/packages/plugins/sdk/src/host-client-factory.ts b/packages/plugins/sdk/src/host-client-factory.ts index 8e1af813..603ecd4f 100644 --- a/packages/plugins/sdk/src/host-client-factory.ts +++ b/packages/plugins/sdk/src/host-client-factory.ts @@ -90,6 +90,17 @@ export interface HostServices { get(): Promise>; }; + /** Provides trusted company-scoped local folder helpers. */ + localFolders: { + declarations(params: WorkerToHostMethods["localFolders.declarations"][0]): Promise; + configure(params: WorkerToHostMethods["localFolders.configure"][0]): Promise; + status(params: WorkerToHostMethods["localFolders.status"][0]): Promise; + list(params: WorkerToHostMethods["localFolders.list"][0]): Promise; + readText(params: WorkerToHostMethods["localFolders.readText"][0]): Promise; + writeTextAtomic(params: WorkerToHostMethods["localFolders.writeTextAtomic"][0]): Promise; + deleteFile(params: WorkerToHostMethods["localFolders.deleteFile"][0]): Promise; + }; + /** Provides `state.get`, `state.set`, `state.delete`. */ state: { get(params: WorkerToHostMethods["state.get"][0]): Promise; @@ -165,6 +176,25 @@ export interface HostServices { listWorkspaces(params: WorkerToHostMethods["projects.listWorkspaces"][0]): Promise; getPrimaryWorkspace(params: WorkerToHostMethods["projects.getPrimaryWorkspace"][0]): Promise; getWorkspaceForIssue(params: WorkerToHostMethods["projects.getWorkspaceForIssue"][0]): Promise; + getManaged(params: WorkerToHostMethods["projects.managed.get"][0]): Promise; + reconcileManaged(params: WorkerToHostMethods["projects.managed.reconcile"][0]): Promise; + resetManaged(params: WorkerToHostMethods["projects.managed.reset"][0]): Promise; + }; + + /** Provides `routines.managed.*`. */ + routines: { + managedGet(params: WorkerToHostMethods["routines.managed.get"][0]): Promise; + managedReconcile(params: WorkerToHostMethods["routines.managed.reconcile"][0]): Promise; + managedReset(params: WorkerToHostMethods["routines.managed.reset"][0]): Promise; + managedUpdate(params: WorkerToHostMethods["routines.managed.update"][0]): Promise; + managedRun(params: WorkerToHostMethods["routines.managed.run"][0]): Promise; + }; + + /** Provides `skills.managed.*`. */ + skills: { + managedGet(params: WorkerToHostMethods["skills.managed.get"][0]): Promise; + managedReconcile(params: WorkerToHostMethods["skills.managed.reconcile"][0]): Promise; + managedReset(params: WorkerToHostMethods["skills.managed.reset"][0]): Promise; }; /** Provides issue read/write, relation, checkout, wakeup, summary, comment methods. */ @@ -202,6 +232,9 @@ export interface HostServices { pause(params: WorkerToHostMethods["agents.pause"][0]): Promise; resume(params: WorkerToHostMethods["agents.resume"][0]): Promise; invoke(params: WorkerToHostMethods["agents.invoke"][0]): Promise; + managedGet(params: WorkerToHostMethods["agents.managed.get"][0]): Promise; + managedReconcile(params: WorkerToHostMethods["agents.managed.reconcile"][0]): Promise; + managedReset(params: WorkerToHostMethods["agents.managed.reset"][0]): Promise; }; /** Provides `agents.sessions.create`, `agents.sessions.list`, `agents.sessions.sendMessage`, `agents.sessions.close`. */ @@ -281,6 +314,15 @@ const METHOD_CAPABILITY_MAP: Record { + return services.localFolders.declarations(params); + }), + "localFolders.configure": gated("localFolders.configure", async (params) => { + return services.localFolders.configure(params); + }), + "localFolders.status": gated("localFolders.status", async (params) => { + return services.localFolders.status(params); + }), + "localFolders.list": gated("localFolders.list", async (params) => { + return services.localFolders.list(params); + }), + "localFolders.readText": gated("localFolders.readText", async (params) => { + return services.localFolders.readText(params); + }), + "localFolders.writeTextAtomic": gated("localFolders.writeTextAtomic", async (params) => { + return services.localFolders.writeTextAtomic(params); + }), + "localFolders.deleteFile": gated("localFolders.deleteFile", async (params) => { + return services.localFolders.deleteFile(params); + }), + // State "state.get": gated("state.get", async (params) => { return services.state.get(params); @@ -530,6 +608,43 @@ export function createHostClientHandlers( "projects.getWorkspaceForIssue": gated("projects.getWorkspaceForIssue", async (params) => { return services.projects.getWorkspaceForIssue(params); }), + "projects.managed.get": gated("projects.managed.get", async (params) => { + return services.projects.getManaged(params); + }), + "projects.managed.reconcile": gated("projects.managed.reconcile", async (params) => { + return services.projects.reconcileManaged(params); + }), + "projects.managed.reset": gated("projects.managed.reset", async (params) => { + return services.projects.resetManaged(params); + }), + + // Routines + "routines.managed.get": gated("routines.managed.get", async (params) => { + return services.routines.managedGet(params); + }), + "routines.managed.reconcile": gated("routines.managed.reconcile", async (params) => { + return services.routines.managedReconcile(params); + }), + "routines.managed.reset": gated("routines.managed.reset", async (params) => { + return services.routines.managedReset(params); + }), + "routines.managed.update": gated("routines.managed.update", async (params) => { + return services.routines.managedUpdate(params); + }), + "routines.managed.run": gated("routines.managed.run", async (params) => { + return services.routines.managedRun(params); + }), + + // Skills + "skills.managed.get": gated("skills.managed.get", async (params) => { + return services.skills.managedGet(params); + }), + "skills.managed.reconcile": gated("skills.managed.reconcile", async (params) => { + return services.skills.managedReconcile(params); + }), + "skills.managed.reset": gated("skills.managed.reset", async (params) => { + return services.skills.managedReset(params); + }), // Issues "issues.list": gated("issues.list", async (params) => { @@ -611,6 +726,15 @@ export function createHostClientHandlers( "agents.invoke": gated("agents.invoke", async (params) => { return services.agents.invoke(params); }), + "agents.managed.get": gated("agents.managed.get", async (params) => { + return services.agents.managedGet(params); + }), + "agents.managed.reconcile": gated("agents.managed.reconcile", async (params) => { + return services.agents.managedReconcile(params); + }), + "agents.managed.reset": gated("agents.managed.reset", async (params) => { + return services.agents.managedReset(params); + }), // Agent Sessions "agents.sessions.create": gated("agents.sessions.create", async (params) => { diff --git a/packages/plugins/sdk/src/index.ts b/packages/plugins/sdk/src/index.ts index 92b60bbf..2753d72c 100644 --- a/packages/plugins/sdk/src/index.ts +++ b/packages/plugins/sdk/src/index.ts @@ -180,6 +180,13 @@ export type { export type { PluginContext, PluginConfigClient, + PluginLocalFolderProblem, + PluginLocalFolderStatus, + PluginLocalFolderConfigureInput, + PluginLocalFolderListOptions, + PluginLocalFolderEntry, + PluginLocalFolderListing, + PluginLocalFoldersClient, PluginEventsClient, PluginJobsClient, PluginLaunchersClient, @@ -190,6 +197,7 @@ export type { PluginStateClient, PluginEntitiesClient, PluginProjectsClient, + PluginSkillsClient, PluginCompaniesClient, PluginIssuesClient, PluginIssueMutationActor, @@ -255,6 +263,18 @@ export type { PluginWebhookDeclaration, PluginToolDeclaration, PluginEnvironmentDriverDeclaration, + PluginManagedAgentDeclaration, + PluginManagedAgentResolution, + PluginManagedProjectDeclaration, + PluginManagedProjectResolution, + PluginManagedRoutineDeclaration, + PluginManagedRoutineResolution, + PluginManagedSkillDeclaration, + PluginManagedSkillFileDeclaration, + PluginManagedSkillResolution, + CompanySkill, + PluginManagedResourceKind, + PluginManagedResourceRef, PluginUiSlotDeclaration, PluginUiDeclaration, PluginLauncherActionDeclaration, @@ -264,6 +284,8 @@ export type { PluginDatabaseDeclaration, PluginApiRouteCompanyResolution, PluginApiRouteDeclaration, + PluginLocalFolderDeclaration, + PluginCompanySettings, PluginRecord, PluginDatabaseNamespaceRecord, PluginMigrationRecord, diff --git a/packages/plugins/sdk/src/protocol.ts b/packages/plugins/sdk/src/protocol.ts index 19566570..1c849cac 100644 --- a/packages/plugins/sdk/src/protocol.ts +++ b/packages/plugins/sdk/src/protocol.ts @@ -27,10 +27,18 @@ import type { IssueComment, IssueDocument, IssueDocumentSummary, + IssueAssigneeAdapterOverrides, IssueThreadInteraction, CreateIssueThreadInteraction, + PluginManagedAgentResolution, + PluginManagedProjectResolution, + PluginManagedRoutineResolution, + PluginManagedSkillResolution, + Routine, + RoutineRun, Agent, Goal, + PluginLocalFolderDeclaration, } from "@paperclipai/shared"; export type { PluginLauncherRenderContextSnapshot } from "@paperclipai/shared"; @@ -46,6 +54,8 @@ import type { PluginWorkspace, ToolRunContext, ToolResult, + PluginLocalFolderListing, + PluginLocalFolderStatus, } from "./types.js"; import type { PluginHealthDiagnostics, @@ -336,6 +346,7 @@ export interface PluginEnvironmentDriverBaseParams { driverKey: string; companyId: string; environmentId: string; + issueId?: string | null; config: Record; } @@ -566,6 +577,48 @@ export interface WorkerToHostMethods { // Config "config.get": [params: Record, result: Record]; + // Trusted local folders + "localFolders.declarations": [ + params: Record, + result: PluginLocalFolderDeclaration[], + ]; + "localFolders.configure": [ + params: { + companyId: string; + folderKey: string; + path: string; + access?: "read" | "readWrite"; + requiredDirectories?: string[]; + requiredFiles?: string[]; + }, + result: PluginLocalFolderStatus, + ]; + "localFolders.status": [ + params: { companyId: string; folderKey: string }, + result: PluginLocalFolderStatus, + ]; + "localFolders.list": [ + params: { companyId: string; folderKey: string; relativePath?: string | null; recursive?: boolean; maxEntries?: number }, + result: PluginLocalFolderListing, + ]; + "localFolders.readText": [ + params: { companyId: string; folderKey: string; relativePath: string }, + result: string, + ]; + "localFolders.writeTextAtomic": [ + params: { + companyId: string; + folderKey: string; + relativePath: string; + contents: string; + }, + result: PluginLocalFolderStatus, + ]; + "localFolders.deleteFile": [ + params: { companyId: string; folderKey: string; relativePath: string }, + result: PluginLocalFolderStatus, + ]; + // State "state.get": [ params: { scopeKind: string; scopeId?: string; namespace?: string; stateKey: string }, @@ -724,6 +777,69 @@ export interface WorkerToHostMethods { params: { issueId: string; companyId: string }, result: PluginWorkspace | null, ]; + "projects.managed.get": [ + params: { projectKey: string; companyId: string }, + result: PluginManagedProjectResolution, + ]; + "projects.managed.reconcile": [ + params: { projectKey: string; companyId: string }, + result: PluginManagedProjectResolution, + ]; + "projects.managed.reset": [ + params: { projectKey: string; companyId: string }, + result: PluginManagedProjectResolution, + ]; + "routines.managed.get": [ + params: { routineKey: string; companyId: string }, + result: PluginManagedRoutineResolution, + ]; + "routines.managed.reconcile": [ + params: { + routineKey: string; + companyId: string; + assigneeAgentId?: string | null; + projectId?: string | null; + }, + result: PluginManagedRoutineResolution, + ]; + "routines.managed.reset": [ + params: { + routineKey: string; + companyId: string; + assigneeAgentId?: string | null; + projectId?: string | null; + }, + result: PluginManagedRoutineResolution, + ]; + "routines.managed.update": [ + params: { + routineKey: string; + companyId: string; + status?: string; + }, + result: Routine, + ]; + "routines.managed.run": [ + params: { + routineKey: string; + companyId: string; + assigneeAgentId?: string | null; + projectId?: string | null; + }, + result: RoutineRun, + ]; + "skills.managed.get": [ + params: { skillKey: string; companyId: string }, + result: PluginManagedSkillResolution, + ]; + "skills.managed.reconcile": [ + params: { skillKey: string; companyId: string }, + result: PluginManagedSkillResolution, + ]; + "skills.managed.reset": [ + params: { skillKey: string; companyId: string }, + result: PluginManagedSkillResolution, + ]; // Issues "issues.list": [ @@ -732,8 +848,10 @@ export interface WorkerToHostMethods { projectId?: string; assigneeAgentId?: string; originKind?: string; + originKindPrefix?: string; originId?: string; status?: string; + includePluginOperations?: boolean; limit?: number; offset?: number; }, @@ -758,6 +876,8 @@ export interface WorkerToHostMethods { assigneeUserId?: string | null; requestDepth?: number; billingCode?: string | null; + assigneeAdapterOverrides?: IssueAssigneeAdapterOverrides | null; + surfaceVisibility?: string | null; originKind?: string | null; originId?: string | null; originRunId?: string | null; @@ -940,6 +1060,18 @@ export interface WorkerToHostMethods { params: { agentId: string; companyId: string; prompt: string; reason?: string }, result: { runId: string }, ]; + "agents.managed.get": [ + params: { agentKey: string; companyId: string }, + result: PluginManagedAgentResolution, + ]; + "agents.managed.reconcile": [ + params: { agentKey: string; companyId: string }, + result: PluginManagedAgentResolution, + ]; + "agents.managed.reset": [ + params: { agentKey: string; companyId: string }, + result: PluginManagedAgentResolution, + ]; // Agent Sessions "agents.sessions.create": [ diff --git a/packages/plugins/sdk/src/testing.ts b/packages/plugins/sdk/src/testing.ts index 16efee05..ce2e2d40 100644 --- a/packages/plugins/sdk/src/testing.ts +++ b/packages/plugins/sdk/src/testing.ts @@ -1,11 +1,18 @@ import { randomUUID } from "node:crypto"; +import { pluginOperationIssueOriginKind } from "@paperclipai/shared"; import type { PaperclipPluginManifestV1, PluginCapability, PluginEventType, PluginIssueOriginKind, + PluginManagedAgentResolution, + PluginManagedRoutineResolution, + PluginManagedSkillResolution, + CompanySkill, Company, Project, + Routine, + RoutineRun, Issue, IssueComment, IssueThreadInteraction, @@ -28,6 +35,8 @@ import type { PluginWorkspace, AgentSession, AgentSessionEvent, + PluginLocalFolderEntry, + PluginLocalFolderStatus, } from "./types.js"; import type { PluginEnvironmentValidateConfigParams, @@ -419,6 +428,8 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { const entityExternalIndex = new Map(); const companies = new Map(); const projects = new Map(); + const routines = new Map(); + const routineRuns = new Map(); const issues = new Map(); const blockedByIssueIds = new Map(); const issueComments = new Map(); @@ -427,6 +438,8 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { const agents = new Map(); const goals = new Map(); const projectWorkspaces = new Map(); + const localFolderStatuses = new Map(); + const localFolderFiles = new Map(); const sessions = new Map(); const sessionEventCallbacks = new Map void>(); @@ -438,6 +451,43 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { const actionHandlers = new Map) => Promise>(); const toolHandlers = new Map Promise>(); + function localFolderKey(companyId: string, folderKey: string): string { + return `${companyId}:${folderKey}`; + } + + function localFolderFileKey(companyId: string, folderKey: string, relativePath: string): string { + return `${localFolderKey(companyId, folderKey)}:${relativePath}`; + } + + function normalizeLocalFolderRelativePath(relativePath: string): string { + const parts: string[] = []; + for (const segment of relativePath.split(/[\\/]+/)) { + if (!segment || segment === ".") continue; + if (segment === "..") throw new Error("Local folder path traversal is not allowed"); + parts.push(segment); + } + return parts.join("/"); + } + + function notConfiguredLocalFolderStatus(folderKey: string): PluginLocalFolderStatus { + return { + folderKey, + configured: false, + path: null, + realPath: null, + access: "readWrite", + readable: false, + writable: false, + requiredDirectories: [], + requiredFiles: [], + missingDirectories: [], + missingFiles: [], + healthy: false, + problems: [{ code: "not_configured", message: "No local folder path is configured." }], + checkedAt: new Date().toISOString(), + }; + } + function issueRelationSummary(issueId: string) { const issue = issues.get(issueId); if (!issue) throw new Error(`Issue not found: ${issueId}`); @@ -465,6 +515,53 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { } const defaultPluginOriginKind: PluginIssueOriginKind = `plugin:${manifest.id}`; + + function managedAgentDeclaration(agentKey: string) { + const declaration = manifest.agents?.find((agent) => agent.agentKey === agentKey); + if (!declaration) throw new Error(`Managed agent declaration not found: ${agentKey}`); + return declaration; + } + + function isManagedAgent(agent: Agent, agentKey: string) { + const marker = agent.metadata?.paperclipManagedResource; + return Boolean( + marker + && typeof marker === "object" + && !Array.isArray(marker) + && (marker as Record).pluginKey === manifest.id + && (marker as Record).resourceKind === "agent" + && (marker as Record).resourceKey === agentKey, + ); + } + + function managedAgentMetadata(agentKey: string, existing?: Record | null) { + return { + ...(existing ?? {}), + paperclipManagedResource: { + pluginKey: manifest.id, + resourceKind: "agent", + resourceKey: agentKey, + }, + }; + } + + function managedResolution( + agentKey: string, + companyId: string, + agent: Agent | null, + status: PluginManagedAgentResolution["status"], + ): PluginManagedAgentResolution { + return { + pluginKey: manifest.id, + resourceKind: "agent", + resourceKey: agentKey, + companyId, + agentId: agent?.id ?? null, + agent, + status, + approvalId: null, + }; + } function normalizePluginOriginKind(originKind: unknown = defaultPluginOriginKind): PluginIssueOriginKind { if (originKind == null || originKind === "") return defaultPluginOriginKind; if (typeof originKind !== "string") throw new Error("Plugin issue originKind must be a string"); @@ -481,6 +578,121 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { return { ...currentConfig }; }, }, + localFolders: { + declarations() { + return manifest.localFolders ?? []; + }, + async configure(input) { + requireCapability(manifest, capabilitySet, "local.folders"); + const status = { + folderKey: input.folderKey, + configured: true, + path: input.path, + realPath: input.path, + access: input.access ?? "readWrite", + readable: true, + writable: input.access === "read" ? false : true, + requiredDirectories: input.requiredDirectories ?? [], + requiredFiles: input.requiredFiles ?? [], + missingDirectories: [], + missingFiles: [], + healthy: true, + problems: [], + checkedAt: new Date().toISOString(), + } satisfies PluginLocalFolderStatus; + localFolderStatuses.set(localFolderKey(input.companyId, input.folderKey), status); + return status; + }, + async status(companyId, folderKey) { + requireCapability(manifest, capabilitySet, "local.folders"); + return localFolderStatuses.get(localFolderKey(companyId, folderKey)) ?? notConfiguredLocalFolderStatus(folderKey); + }, + async list(companyId, folderKey, options) { + requireCapability(manifest, capabilitySet, "local.folders"); + const status = localFolderStatuses.get(localFolderKey(companyId, folderKey)); + if (!status?.configured) throw new Error("Local folder is not configured"); + const prefix = normalizeLocalFolderRelativePath(options?.relativePath ?? ""); + const prefixWithSlash = prefix ? `${prefix}/` : ""; + const entries = new Map(); + for (const [key, contents] of localFolderFiles) { + const filePrefix = `${localFolderKey(companyId, folderKey)}:`; + if (!key.startsWith(filePrefix)) continue; + const filePath = key.slice(filePrefix.length); + if (prefix && filePath !== prefix && !filePath.startsWith(prefixWithSlash)) continue; + const remainder = prefix ? filePath.slice(prefixWithSlash.length) : filePath; + const [name] = remainder.split("/"); + if (!name) continue; + const entryPath = prefix ? `${prefix}/${name}` : name; + const isNested = remainder.includes("/"); + if (!options?.recursive && isNested) { + entries.set(entryPath, { + path: entryPath, + name, + kind: "directory", + size: null, + modifiedAt: null, + }); + continue; + } + entries.set(filePath, { + path: filePath, + name: filePath.split("/").pop() ?? filePath, + kind: "file", + size: Buffer.byteLength(contents, "utf8"), + modifiedAt: null, + }); + } + const maxEntries = options?.maxEntries && options.maxEntries > 0 ? options.maxEntries : entries.size; + const allEntries = [...entries.values()].sort((a, b) => a.path.localeCompare(b.path)); + return { + folderKey, + relativePath: options?.relativePath ?? null, + entries: allEntries.slice(0, maxEntries), + truncated: allEntries.length > maxEntries, + }; + }, + async readText(companyId, folderKey, relativePath) { + requireCapability(manifest, capabilitySet, "local.folders"); + const normalizedPath = normalizeLocalFolderRelativePath(relativePath); + const contents = localFolderFiles.get(localFolderFileKey(companyId, folderKey, normalizedPath)); + if (contents === undefined) throw new Error(`Local folder file not found: ${relativePath}`); + return contents; + }, + async writeTextAtomic(companyId, folderKey, relativePath, contents) { + requireCapability(manifest, capabilitySet, "local.folders"); + const status = localFolderStatuses.get(localFolderKey(companyId, folderKey)) ?? { + folderKey, + configured: true, + path: `memory://${manifest.id}/${companyId}/${folderKey}`, + realPath: `memory://${manifest.id}/${companyId}/${folderKey}`, + access: "readWrite", + readable: true, + writable: true, + requiredDirectories: [], + requiredFiles: [], + missingDirectories: [], + missingFiles: [], + healthy: true, + problems: [], + checkedAt: new Date().toISOString(), + } satisfies PluginLocalFolderStatus; + if (status.access !== "readWrite" || !status.writable) { + throw new Error("Local folder is not configured for writes"); + } + localFolderStatuses.set(localFolderKey(companyId, folderKey), status); + localFolderFiles.set(localFolderFileKey(companyId, folderKey, normalizeLocalFolderRelativePath(relativePath)), contents); + return status; + }, + async deleteFile(companyId, folderKey, relativePath) { + requireCapability(manifest, capabilitySet, "local.folders"); + const status = localFolderStatuses.get(localFolderKey(companyId, folderKey)) ?? notConfiguredLocalFolderStatus(folderKey); + if (status.configured && (status.access !== "readWrite" || !status.writable)) { + throw new Error("Local folder is not configured for writes"); + } + localFolderFiles.delete(localFolderFileKey(companyId, folderKey, normalizeLocalFolderRelativePath(relativePath))); + return status; + }, + }, events: { on(name: PluginEventType | `plugin.${string}`, filterOrFn: EventFilter | ((event: PluginEvent) => Promise), maybeFn?: (event: PluginEvent) => Promise): () => void { requireCapability(manifest, capabilitySet, "events.subscribe"); @@ -647,6 +859,484 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { const workspaces = projectWorkspaces.get(projectId) ?? []; return workspaces.find((workspace) => workspace.isPrimary) ?? null; }, + managed: { + async get(projectKey, companyId) { + requireCapability(manifest, capabilitySet, "projects.managed"); + const declaration = manifest.projects?.find((project) => project.projectKey === projectKey); + if (!declaration) { + return { + pluginKey: manifest.id, + resourceKind: "project", + resourceKey: projectKey, + companyId, + projectId: null, + project: null, + status: "missing", + }; + } + const externalId = `${manifest.id}:project:${projectKey}`; + const existingEntity = [...entities.values()].find((entity) => + entity.entityType === "managed_resource" + && entity.scopeKind === "company" + && entity.scopeId === companyId + && entity.externalId === externalId + ); + const existingProject = existingEntity ? projects.get(String(existingEntity.data?.projectId ?? "")) : null; + if (existingProject && isInCompany(existingProject, companyId)) { + return { + pluginKey: manifest.id, + resourceKind: "project", + resourceKey: projectKey, + companyId, + projectId: existingProject.id, + project: existingProject, + status: "resolved", + }; + } + const now = new Date(); + const project = { + id: `project-${projects.size + 1}`, + companyId, + urlKey: declaration.projectKey, + goalId: null, + goalIds: [], + goals: [], + name: declaration.displayName, + description: declaration.description ?? null, + status: declaration.status ?? "in_progress", + leadAgentId: null, + targetDate: null, + color: declaration.color ?? null, + env: null, + pauseReason: null, + pausedAt: null, + executionWorkspacePolicy: null, + codebase: { + workspaceId: null, + repoUrl: null, + repoRef: null, + defaultRef: null, + repoName: null, + localFolder: null, + managedFolder: `/tmp/${declaration.projectKey}`, + effectiveLocalFolder: `/tmp/${declaration.projectKey}`, + origin: "managed_checkout", + }, + workspaces: [], + primaryWorkspace: null, + managedByPlugin: { + id: `managed-${projects.size + 1}`, + pluginId: manifest.id, + pluginKey: manifest.id, + pluginDisplayName: manifest.displayName, + resourceKind: "project", + resourceKey: projectKey, + defaultsJson: { displayName: declaration.displayName, settings: declaration.settings ?? {} }, + createdAt: now, + updatedAt: now, + }, + archivedAt: null, + createdAt: now, + updatedAt: now, + } as Project; + projects.set(project.id, project); + const externalKey = `managed_resource|company|${companyId}|${externalId}`; + const nowIso = now.toISOString(); + const record: PluginEntityRecord = { + id: randomUUID(), + entityType: "managed_resource", + scopeKind: "company", + scopeId: companyId, + externalId, + title: declaration.displayName, + status: null, + data: { resourceKind: "project", resourceKey: projectKey, projectId: project.id }, + createdAt: nowIso, + updatedAt: nowIso, + }; + entities.set(record.id, record); + entityExternalIndex.set(externalKey, record.id); + return { + pluginKey: manifest.id, + resourceKind: "project", + resourceKey: projectKey, + companyId, + projectId: project.id, + project, + status: "created", + }; + }, + async reconcile(projectKey, companyId) { + return this.get(projectKey, companyId); + }, + async reset(projectKey, companyId) { + const resolved = await this.get(projectKey, companyId); + return { ...resolved, status: resolved.project ? "reset" : resolved.status }; + }, + }, + }, + routines: { + managed: { + async get(routineKey, companyId) { + requireCapability(manifest, capabilitySet, "routines.managed"); + const declaration = manifest.routines?.find((routine) => routine.routineKey === routineKey); + if (!declaration) { + return { + pluginKey: manifest.id, + resourceKind: "routine", + resourceKey: routineKey, + companyId, + routineId: null, + routine: null, + status: "missing", + missingRefs: [], + } satisfies PluginManagedRoutineResolution; + } + const externalId = `${manifest.id}:routine:${routineKey}`; + const existingEntity = [...entities.values()].find((entity) => + entity.entityType === "managed_resource" + && entity.scopeKind === "company" + && entity.scopeId === companyId + && entity.externalId === externalId + ); + const existingRoutine = existingEntity ? routines.get(String(existingEntity.data?.routineId ?? "")) : null; + if (existingRoutine && isInCompany(existingRoutine, companyId)) { + return { + pluginKey: manifest.id, + resourceKind: "routine", + resourceKey: routineKey, + companyId, + routineId: existingRoutine.id, + routine: existingRoutine, + status: "resolved", + missingRefs: [], + } satisfies PluginManagedRoutineResolution; + } + return { + pluginKey: manifest.id, + resourceKind: "routine", + resourceKey: routineKey, + companyId, + routineId: null, + routine: null, + status: "missing", + missingRefs: [], + } satisfies PluginManagedRoutineResolution; + }, + async reconcile(routineKey, companyId, overrides) { + const existing = await this.get(routineKey, companyId); + if (existing.routine) return existing; + const declaration = manifest.routines?.find((routine) => routine.routineKey === routineKey); + if (!declaration) return existing; + const now = new Date(); + const agentRef = declaration.assigneeRef; + const projectRef = declaration.projectRef; + const assigneeAgentId = overrides?.assigneeAgentId + ?? (agentRef?.resourceKind === "agent" + ? [...agents.values()].find((agent) => isInCompany(agent, companyId) && isManagedAgent(agent, agentRef.resourceKey))?.id + : null) + ?? null; + const projectId = overrides?.projectId + ?? (projectRef?.resourceKind === "project" + ? [...projects.values()].find((project) => ( + isInCompany(project, companyId) + && project.managedByPlugin?.pluginKey === manifest.id + && project.managedByPlugin?.resourceKey === projectRef.resourceKey + ))?.id + : null) + ?? null; + const missingRefs: NonNullable = []; + if (agentRef && !assigneeAgentId) missingRefs.push({ ...agentRef, pluginKey: manifest.id }); + if (projectRef && !projectId) missingRefs.push({ ...projectRef, pluginKey: manifest.id }); + if (missingRefs.length > 0) { + return { + pluginKey: manifest.id, + resourceKind: "routine", + resourceKey: routineKey, + companyId, + routineId: null, + routine: null, + status: "missing_refs", + missingRefs, + } satisfies PluginManagedRoutineResolution; + } + const routine = { + id: `routine-${routines.size + 1}`, + companyId, + projectId, + goalId: declaration.goalId ?? null, + parentIssueId: null, + title: declaration.title, + description: declaration.description ?? null, + assigneeAgentId, + priority: declaration.priority ?? "medium", + status: declaration.status ?? (assigneeAgentId ? "active" : "paused"), + concurrencyPolicy: declaration.concurrencyPolicy ?? "coalesce_if_active", + catchUpPolicy: declaration.catchUpPolicy ?? "skip_missed", + variables: declaration.variables ?? [], + latestRevisionId: null, + latestRevisionNumber: 1, + createdByAgentId: null, + createdByUserId: null, + updatedByAgentId: null, + updatedByUserId: null, + lastTriggeredAt: null, + lastEnqueuedAt: null, + createdAt: now, + updatedAt: now, + managedByPlugin: { + id: `managed-routine-${routines.size + 1}`, + pluginId: manifest.id, + pluginKey: manifest.id, + pluginDisplayName: manifest.displayName, + resourceKind: "routine", + resourceKey: routineKey, + defaultsJson: { title: declaration.title, issueTemplate: declaration.issueTemplate ?? null }, + createdAt: now, + updatedAt: now, + }, + } as Routine; + routines.set(routine.id, routine); + const nowIso = now.toISOString(); + const record: PluginEntityRecord = { + id: randomUUID(), + entityType: "managed_resource", + scopeKind: "company", + scopeId: companyId, + externalId: `${manifest.id}:routine:${routineKey}`, + title: declaration.title, + status: null, + data: { resourceKind: "routine", resourceKey: routineKey, routineId: routine.id }, + createdAt: nowIso, + updatedAt: nowIso, + }; + entities.set(record.id, record); + return { + pluginKey: manifest.id, + resourceKind: "routine", + resourceKey: routineKey, + companyId, + routineId: routine.id, + routine, + status: "created", + missingRefs: [], + } satisfies PluginManagedRoutineResolution; + }, + async reset(routineKey, companyId, overrides) { + const resolved = await this.reconcile(routineKey, companyId, overrides); + return { ...resolved, status: resolved.routine ? "reset" : resolved.status } satisfies PluginManagedRoutineResolution; + }, + async update(routineKey, companyId, patch) { + const resolved = await this.get(routineKey, companyId); + if (!resolved.routine) throw new Error(`Managed routine not found: ${routineKey}`); + const next = { + ...resolved.routine, + ...(patch.status !== undefined ? { status: patch.status } : {}), + updatedAt: new Date(), + }; + routines.set(next.id, next); + return next; + }, + async run(routineKey, companyId) { + const resolved = await this.get(routineKey, companyId); + if (!resolved.routine) throw new Error(`Managed routine not found: ${routineKey}`); + const now = new Date(); + const run = { + id: `routine-run-${routineRuns.size + 1}`, + companyId, + routineId: resolved.routine.id, + triggerId: null, + source: "manual", + status: "queued", + triggeredAt: now, + idempotencyKey: null, + triggerPayload: null, + dispatchFingerprint: null, + linkedIssueId: null, + coalescedIntoRunId: null, + failureReason: null, + completedAt: null, + createdAt: now, + updatedAt: now, + } satisfies RoutineRun; + routineRuns.set(run.id, run); + routines.set(resolved.routine.id, { + ...resolved.routine, + lastTriggeredAt: now, + lastEnqueuedAt: now, + updatedAt: now, + }); + return run; + }, + }, + }, + skills: { + managed: { + async get(skillKey, companyId) { + requireCapability(manifest, capabilitySet, "skills.managed"); + const declaration = manifest.skills?.find((skill) => skill.skillKey === skillKey); + if (!declaration) { + return { + pluginKey: manifest.id, + resourceKind: "skill", + resourceKey: skillKey, + companyId, + skillId: null, + skill: null, + status: "missing", + defaultDrift: null, + } satisfies PluginManagedSkillResolution; + } + const externalId = `${manifest.id}:skill:${skillKey}`; + const existingEntity = [...entities.values()].find((entity) => + entity.entityType === "managed_resource" + && entity.scopeKind === "company" + && entity.scopeId === companyId + && entity.externalId === externalId + ); + const existingSkill = existingEntity?.data?.skill as CompanySkill | undefined; + if (existingSkill && existingSkill.companyId === companyId) { + return { + pluginKey: manifest.id, + resourceKind: "skill", + resourceKey: skillKey, + companyId, + skillId: existingSkill.id, + skill: existingSkill, + status: "resolved", + defaultDrift: null, + } satisfies PluginManagedSkillResolution; + } + return { + pluginKey: manifest.id, + resourceKind: "skill", + resourceKey: skillKey, + companyId, + skillId: null, + skill: null, + status: "missing", + defaultDrift: null, + } satisfies PluginManagedSkillResolution; + }, + async reconcile(skillKey, companyId) { + const existing = await this.get(skillKey, companyId); + if (existing.skill) return existing; + const declaration = manifest.skills?.find((skill) => skill.skillKey === skillKey); + if (!declaration) return existing; + const now = new Date(); + const skill = { + id: randomUUID(), + companyId, + key: `plugin/${manifest.id.replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "")}/${skillKey}`, + slug: declaration.slug ?? skillKey, + name: declaration.displayName, + description: declaration.description ?? null, + markdown: declaration.markdown ?? `# ${declaration.displayName}\n`, + sourceType: "catalog", + sourceLocator: null, + sourceRef: null, + trustLevel: "markdown_only", + compatibility: "compatible", + fileInventory: [{ path: "SKILL.md", kind: "skill" }], + metadata: { + sourceKind: "catalog", + pluginManagedResource: { + pluginKey: manifest.id, + resourceKind: "skill", + resourceKey: skillKey, + }, + }, + createdAt: now, + updatedAt: now, + } satisfies CompanySkill; + const nowIso = now.toISOString(); + const record: PluginEntityRecord = { + id: randomUUID(), + entityType: "managed_resource", + scopeKind: "company", + scopeId: companyId, + externalId: `${manifest.id}:skill:${skillKey}`, + title: declaration.displayName, + status: null, + data: { resourceKind: "skill", resourceKey: skillKey, skillId: skill.id, skill }, + createdAt: nowIso, + updatedAt: nowIso, + }; + entities.set(record.id, record); + return { + pluginKey: manifest.id, + resourceKind: "skill", + resourceKey: skillKey, + companyId, + skillId: skill.id, + skill, + status: "created", + defaultDrift: null, + } satisfies PluginManagedSkillResolution; + }, + async reset(skillKey, companyId) { + requireCapability(manifest, capabilitySet, "skills.managed"); + const existing = await this.get(skillKey, companyId); + const declaration = manifest.skills?.find((skill) => skill.skillKey === skillKey); + if (!declaration) return existing; + const now = new Date(); + const skill = { + id: existing.skill?.id ?? randomUUID(), + companyId, + key: `plugin/${manifest.id.replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "")}/${skillKey}`, + slug: declaration.slug ?? skillKey, + name: declaration.displayName, + description: declaration.description ?? null, + markdown: declaration.markdown ?? `# ${declaration.displayName}\n`, + sourceType: "catalog", + sourceLocator: null, + sourceRef: null, + trustLevel: "markdown_only", + compatibility: "compatible", + fileInventory: [{ path: "SKILL.md", kind: "skill" }], + metadata: { + sourceKind: "catalog", + pluginManagedResource: { + pluginKey: manifest.id, + resourceKind: "skill", + resourceKey: skillKey, + }, + }, + createdAt: existing.skill?.createdAt ?? now, + updatedAt: now, + } satisfies CompanySkill; + const nowIso = now.toISOString(); + const existingEntity = [...entities.values()].find((entity) => + entity.entityType === "managed_resource" && + entity.scopeKind === "company" && + entity.scopeId === companyId && + entity.externalId === `${manifest.id}:skill:${skillKey}`, + ); + const record: PluginEntityRecord = { + id: existingEntity?.id ?? randomUUID(), + entityType: "managed_resource", + scopeKind: "company", + scopeId: companyId, + externalId: `${manifest.id}:skill:${skillKey}`, + title: declaration.displayName, + status: null, + data: { resourceKind: "skill", resourceKey: skillKey, skillId: skill.id, skill }, + createdAt: existingEntity?.createdAt ?? nowIso, + updatedAt: nowIso, + }; + entities.set(record.id, record); + return { + pluginKey: manifest.id, + resourceKind: "skill", + resourceKey: skillKey, + companyId, + skillId: skill.id, + skill, + status: "reset", + defaultDrift: null, + } satisfies PluginManagedSkillResolution; + }, + }, }, companies: { async list(input) { @@ -673,6 +1363,12 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { if (input.originKind.startsWith("plugin:")) normalizePluginOriginKind(input.originKind); out = out.filter((issue) => issue.originKind === input.originKind); } + if (input?.originKindPrefix) { + const prefix = input.originKindPrefix; + out = out.filter((issue) => + typeof issue.originKind === "string" && issue.originKind.startsWith(prefix), + ); + } if (input?.originId) out = out.filter((issue) => issue.originId === input.originId); if (input?.status) out = out.filter((issue) => issue.status === input.status); if (input?.offset) out = out.slice(input.offset); @@ -687,6 +1383,11 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { async create(input) { requireCapability(manifest, capabilitySet, "issues.create"); const now = new Date(); + const originKind = normalizePluginOriginKind( + input.surfaceVisibility === "plugin_operation" && !input.originKind + ? pluginOperationIssueOriginKind(manifest.id) + : input.originKind, + ); const record: Issue = { id: randomUUID(), companyId: input.companyId, @@ -697,6 +1398,7 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { title: input.title, description: input.description ?? null, status: input.status ?? "todo", + workMode: "standard", priority: input.priority ?? "medium", assigneeAgentId: input.assigneeAgentId ?? null, assigneeUserId: input.assigneeUserId ?? null, @@ -708,12 +1410,12 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { createdByUserId: null, issueNumber: null, identifier: null, - originKind: normalizePluginOriginKind(input.originKind), + originKind, originId: input.originId ?? null, originRunId: input.originRunId ?? null, requestDepth: input.requestDepth ?? 0, billingCode: input.billingCode ?? null, - assigneeAdapterOverrides: null, + assigneeAdapterOverrides: input.assigneeAdapterOverrides ?? null, executionWorkspaceId: input.executionWorkspaceId ?? null, executionWorkspacePreference: input.executionWorkspacePreference ?? null, executionWorkspaceSettings: input.executionWorkspaceSettings ?? null, @@ -810,9 +1512,12 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { id: randomUUID(), companyId: parentIssue.companyId, issueId, + authorType: options?.authorAgentId ? "agent" : "system", authorAgentId: options?.authorAgentId ?? null, authorUserId: null, body, + presentation: null, + metadata: null, createdAt: now, updatedAt: now, }; @@ -1064,6 +1769,115 @@ export function createTestHarness(options: TestHarnessOptions): TestHarness { } return { runId: randomUUID() }; }, + managed: { + async get(agentKey, companyId) { + requireCapability(manifest, capabilitySet, "agents.managed"); + const cid = requireCompanyId(companyId); + managedAgentDeclaration(agentKey); + const agent = [...agents.values()].find((candidate) => + candidate.companyId === cid && + candidate.status !== "terminated" && + isManagedAgent(candidate, agentKey), + ) ?? null; + return managedResolution(agentKey, cid, agent, agent ? "resolved" : "missing"); + }, + async reconcile(agentKey, companyId) { + requireCapability(manifest, capabilitySet, "agents.managed"); + const cid = requireCompanyId(companyId); + const declaration = managedAgentDeclaration(agentKey); + const existingAgent = [...agents.values()].find((candidate) => + candidate.companyId === cid && + candidate.status !== "terminated" && + isManagedAgent(candidate, agentKey), + ) ?? null; + const existing = managedResolution(agentKey, cid, existingAgent, existingAgent ? "resolved" : "missing"); + if (existing.agent) return existing; + const now = new Date(); + const created: Agent = { + id: randomUUID(), + companyId: cid, + name: declaration.displayName, + urlKey: declaration.displayName.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, ""), + role: (declaration.role ?? "general") as Agent["role"], + title: declaration.title ?? null, + icon: declaration.icon ?? null, + status: declaration.status ?? "idle", + reportsTo: null, + capabilities: declaration.capabilities ?? null, + adapterType: (declaration.adapterType ?? "process") as Agent["adapterType"], + adapterConfig: declaration.adapterConfig ?? {}, + runtimeConfig: declaration.runtimeConfig ?? {}, + budgetMonthlyCents: declaration.budgetMonthlyCents ?? 0, + spentMonthlyCents: 0, + pauseReason: null, + pausedAt: null, + permissions: { canCreateAgents: Boolean(declaration.permissions?.canCreateAgents) }, + lastHeartbeatAt: null, + metadata: managedAgentMetadata(agentKey), + createdAt: now, + updatedAt: now, + }; + agents.set(created.id, created); + return managedResolution(agentKey, cid, created, "created"); + }, + async reset(agentKey, companyId) { + requireCapability(manifest, capabilitySet, "agents.managed"); + const cid = requireCompanyId(companyId); + const declaration = managedAgentDeclaration(agentKey); + let agent = [...agents.values()].find((candidate) => + candidate.companyId === cid && + candidate.status !== "terminated" && + isManagedAgent(candidate, agentKey), + ) ?? null; + if (!agent) { + const now = new Date(); + agent = { + id: randomUUID(), + companyId: cid, + name: declaration.displayName, + urlKey: declaration.displayName.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, ""), + role: (declaration.role ?? "general") as Agent["role"], + title: declaration.title ?? null, + icon: declaration.icon ?? null, + status: declaration.status ?? "idle", + reportsTo: null, + capabilities: declaration.capabilities ?? null, + adapterType: (declaration.adapterType ?? "process") as Agent["adapterType"], + adapterConfig: declaration.adapterConfig ?? {}, + runtimeConfig: declaration.runtimeConfig ?? {}, + budgetMonthlyCents: declaration.budgetMonthlyCents ?? 0, + spentMonthlyCents: 0, + pauseReason: null, + pausedAt: null, + permissions: { canCreateAgents: Boolean(declaration.permissions?.canCreateAgents) }, + lastHeartbeatAt: null, + metadata: managedAgentMetadata(agentKey), + createdAt: now, + updatedAt: now, + }; + agents.set(agent.id, agent); + } + const resolved = managedResolution(agentKey, cid, agent, "resolved"); + if (!resolved.agent) return resolved; + const updated: Agent = { + ...resolved.agent, + name: declaration.displayName, + role: (declaration.role ?? "general") as Agent["role"], + title: declaration.title ?? null, + icon: declaration.icon ?? null, + capabilities: declaration.capabilities ?? null, + adapterType: (declaration.adapterType ?? "process") as Agent["adapterType"], + adapterConfig: declaration.adapterConfig ?? {}, + runtimeConfig: declaration.runtimeConfig ?? {}, + budgetMonthlyCents: declaration.budgetMonthlyCents ?? 0, + permissions: { canCreateAgents: Boolean(declaration.permissions?.canCreateAgents) }, + metadata: managedAgentMetadata(agentKey, resolved.agent.metadata), + updatedAt: new Date(), + }; + agents.set(updated.id, updated); + return managedResolution(agentKey, cid, updated, "reset"); + }, + }, sessions: { async create(agentId, companyId, opts) { requireCapability(manifest, capabilitySet, "agent.sessions.create"); diff --git a/packages/plugins/sdk/src/types.ts b/packages/plugins/sdk/src/types.ts index 599a06ec..bb9b86d3 100644 --- a/packages/plugins/sdk/src/types.ts +++ b/packages/plugins/sdk/src/types.ts @@ -22,12 +22,21 @@ import type { IssueDocument, IssueDocumentSummary, IssueRelationIssueSummary, + IssueAssigneeAdapterOverrides, IssueThreadInteraction, SuggestTasksInteraction, AskUserQuestionsInteraction, RequestConfirmationInteraction, CreateIssueThreadInteraction, PluginIssueOriginKind, + IssueSurfaceVisibility, + PluginManagedAgentResolution, + PluginManagedProjectResolution, + PluginManagedRoutineResolution, + PluginManagedSkillResolution, + CompanySkill, + Routine, + RoutineRun, Agent, Goal, } from "@paperclipai/shared"; @@ -42,6 +51,22 @@ export type { PluginWebhookDeclaration, PluginToolDeclaration, PluginEnvironmentDriverDeclaration, + PluginManagedAgentDeclaration, + PluginManagedAgentResolution, + PluginManagedProjectDeclaration, + PluginManagedProjectResolution, + PluginManagedRoutineDeclaration, + PluginManagedRoutineResolution, + PluginManagedSkillDeclaration, + PluginManagedSkillFileDeclaration, + PluginManagedSkillResolution, + CompanySkill, + Routine, + RoutineRun, + PluginLocalFolderDeclaration, + PluginCompanySettings, + PluginManagedResourceKind, + PluginManagedResourceRef, PluginUiSlotDeclaration, PluginUiDeclaration, PluginLauncherActionDeclaration, @@ -92,6 +117,7 @@ export type { RequestConfirmationInteraction, CreateIssueThreadInteraction, PluginIssueOriginKind, + IssueSurfaceVisibility, Agent, Goal, } from "@paperclipai/shared"; @@ -349,6 +375,92 @@ export interface PluginConfigClient { get(): Promise>; } +export interface PluginLocalFolderProblem { + code: + | "not_configured" + | "not_absolute" + | "missing" + | "not_directory" + | "not_readable" + | "not_writable" + | "missing_directory" + | "missing_file" + | "path_traversal" + | "symlink_escape" + | "atomic_write_failed"; + message: string; + path?: string; +} + +export interface PluginLocalFolderStatus { + folderKey: string; + configured: boolean; + path: string | null; + realPath: string | null; + access: "read" | "readWrite"; + readable: boolean; + writable: boolean; + requiredDirectories: string[]; + requiredFiles: string[]; + missingDirectories: string[]; + missingFiles: string[]; + healthy: boolean; + problems: PluginLocalFolderProblem[]; + checkedAt: string; +} + +export interface PluginLocalFolderConfigureInput { + companyId: string; + folderKey: string; + path: string; + access?: "read" | "readWrite"; + requiredDirectories?: string[]; + requiredFiles?: string[]; +} + +export interface PluginLocalFolderListOptions { + relativePath?: string | null; + recursive?: boolean; + maxEntries?: number; +} + +export interface PluginLocalFolderEntry { + path: string; + name: string; + kind: "file" | "directory"; + size: number | null; + modifiedAt: string | null; +} + +export interface PluginLocalFolderListing { + folderKey: string; + relativePath: string | null; + entries: PluginLocalFolderEntry[]; + truncated: boolean; +} + +export interface PluginLocalFoldersClient { + /** Manifest-declared local folders for this plugin. */ + declarations(): import("@paperclipai/shared").PluginLocalFolderDeclaration[]; + /** Persist a company-scoped local folder path after validating it. */ + configure(input: PluginLocalFolderConfigureInput): Promise; + /** Check the stored folder readiness for a company and folder key. */ + status(companyId: string, folderKey: string): Promise; + /** List entries below a configured folder after containment checks. */ + list(companyId: string, folderKey: string, options?: PluginLocalFolderListOptions): Promise; + /** Read a UTF-8 text file below a configured folder after containment checks. */ + readText(companyId: string, folderKey: string, relativePath: string): Promise; + /** Write a UTF-8 text file below a configured folder using atomic rename. */ + writeTextAtomic( + companyId: string, + folderKey: string, + relativePath: string, + contents: string, + ): Promise; + /** Delete a file below a configured folder after containment checks. Missing files are treated as already deleted. */ + deleteFile(companyId: string, folderKey: string, relativePath: string): Promise; +} + /** * `ctx.events` — subscribe to and emit Paperclip domain events. * @@ -697,6 +809,57 @@ export interface PluginProjectsClient { * @see PLUGIN_SPEC.md §20 — Local Tooling */ getWorkspaceForIssue(issueId: string, companyId: string): Promise; + + /** Resolve and reconcile manifest-declared plugin-managed projects by stable key. Requires `projects.managed`. */ + managed: { + get(projectKey: string, companyId: string): Promise; + reconcile(projectKey: string, companyId: string): Promise; + reset(projectKey: string, companyId: string): Promise; + }; +} + +/** + * `ctx.routines` — resolve and reconcile plugin-managed Paperclip routines. + * + * Requires `routines.managed` capability. + */ +export interface PluginRoutinesClient { + managed: { + get(routineKey: string, companyId: string): Promise; + reconcile( + routineKey: string, + companyId: string, + overrides?: { assigneeAgentId?: string | null; projectId?: string | null }, + ): Promise; + reset( + routineKey: string, + companyId: string, + overrides?: { assigneeAgentId?: string | null; projectId?: string | null }, + ): Promise; + update( + routineKey: string, + companyId: string, + patch: { status?: string }, + ): Promise; + run( + routineKey: string, + companyId: string, + overrides?: { assigneeAgentId?: string | null; projectId?: string | null }, + ): Promise; + }; +} + +/** + * `ctx.skills` — resolve and reconcile plugin-managed company skills. + * + * Requires `skills.managed` capability. + */ +export interface PluginSkillsClient { + managed: { + get(skillKey: string, companyId: string): Promise; + reconcile(skillKey: string, companyId: string): Promise; + reset(skillKey: string, companyId: string): Promise; + }; } /** @@ -1099,8 +1262,10 @@ export interface PluginIssuesClient { projectId?: string; assigneeAgentId?: string; originKind?: PluginIssueOriginKind; + originKindPrefix?: string; originId?: string; status?: Issue["status"]; + includePluginOperations?: boolean; limit?: number; offset?: number; }): Promise; @@ -1119,6 +1284,8 @@ export interface PluginIssuesClient { assigneeUserId?: string | null; requestDepth?: number; billingCode?: string | null; + assigneeAdapterOverrides?: IssueAssigneeAdapterOverrides | null; + surfaceVisibility?: IssueSurfaceVisibility; originKind?: PluginIssueOriginKind; originId?: string | null; originRunId?: string | null; @@ -1241,6 +1408,12 @@ export interface PluginAgentsClient { resume(agentId: string, companyId: string): Promise; /** Invoke (wake up) an agent with a prompt payload. Throws if paused, terminated, pending_approval, or not found. Requires `agents.invoke`. */ invoke(agentId: string, companyId: string, opts: { prompt: string; reason?: string }): Promise<{ runId: string }>; + /** Resolve and reconcile manifest-declared plugin-managed agents by stable key. Requires `agents.managed`. */ + managed: { + get(agentKey: string, companyId: string): Promise; + reconcile(agentKey: string, companyId: string): Promise; + reset(agentKey: string, companyId: string): Promise; + }; /** Create, message, and close agent chat sessions. Requires `agent.sessions.*` capabilities. */ sessions: PluginAgentSessionsClient; } @@ -1436,6 +1609,9 @@ export interface PluginContext { /** Read resolved operator configuration. */ config: PluginConfigClient; + /** Configure and safely access trusted company-scoped local folders. */ + localFolders: PluginLocalFoldersClient; + /** Subscribe to and emit domain events. Requires `events.subscribe` / `events.emit`. */ events: PluginEventsClient; @@ -1466,6 +1642,12 @@ export interface PluginContext { /** Read project and workspace metadata. Requires `projects.read` / `project.workspaces.read`. */ projects: PluginProjectsClient; + /** Resolve and reconcile plugin-managed routines. Requires `routines.managed`. */ + routines: PluginRoutinesClient; + + /** Resolve and reconcile plugin-managed company skills. Requires `skills.managed`. */ + skills: PluginSkillsClient; + /** Read company metadata. Requires `companies.read`. */ companies: PluginCompaniesClient; diff --git a/packages/plugins/sdk/src/ui/components.ts b/packages/plugins/sdk/src/ui/components.ts index b93c1db4..c148fc80 100644 --- a/packages/plugins/sdk/src/ui/components.ts +++ b/packages/plugins/sdk/src/ui/components.ts @@ -125,6 +125,36 @@ export interface TimeseriesChartProps { export interface MarkdownBlockProps { /** Markdown content to render. */ content: string; + /** Optional CSS class name forwarded to the host renderer. */ + className?: string; + /** Opt into Obsidian-style [[target]] / [[target|label]] wikilinks. */ + enableWikiLinks?: boolean; + /** Base href used for wikilinks when no resolver is supplied. */ + wikiLinkRoot?: string; + /** Optional href resolver for wikilinks. Return null to leave a token as plain text. */ + resolveWikiLinkHref?: (target: string, label: string) => string | null | undefined; +} + +/** Props for `MarkdownEditor`. */ +export interface MarkdownEditorProps { + /** Markdown source controlled by the plugin. */ + value: string; + /** Called whenever the markdown source changes. */ + onChange: (value: string) => void; + /** Placeholder text shown when the document is empty. */ + placeholder?: string; + /** Optional wrapper CSS class name. */ + className?: string; + /** Optional editable content CSS class name. */ + contentClassName?: string; + /** Called when the editor loses focus. */ + onBlur?: () => void; + /** Render the editor with a host border treatment. */ + bordered?: boolean; + /** Render the rich editor without allowing edits. */ + readOnly?: boolean; + /** Called on Cmd/Ctrl+Enter. */ + onSubmit?: () => void; } /** A single key-value pair for `KeyValueList`. */ @@ -217,6 +247,211 @@ export interface ErrorBoundaryProps { onError?: (error: Error, info: React.ErrorInfo) => void; } +/** File or directory node rendered by `FileTree`. */ +export interface FileTreeNode { + /** Display name for this path segment. */ + name: string; + /** Slash-separated path relative to the tree root. */ + path: string; + /** Whether this node is a directory or file. */ + kind: "dir" | "file"; + /** Child nodes. Files should use an empty array. */ + children: FileTreeNode[]; + /** Optional stable action metadata for host/plugin workflows. */ + action?: string | null; +} + +/** Badge status variants supported by `FileTree`. */ +export type FileTreeBadgeVariant = "ok" | "warning" | "error" | "info" | "pending"; + +/** Serializable badge metadata keyed by file path. */ +export interface FileTreeBadge { + label: string; + status: FileTreeBadgeVariant; + tooltip?: string; +} + +/** Row tone variants supported by `FileTree`. */ +export type FileTreeTone = "default" | "warning" | "error" | "muted"; + +/** Empty-state content shown when a tree has no nodes. */ +export interface FileTreeEmptyState { + title?: string; + description?: string; +} + +/** Error-state content shown when a tree cannot be loaded. */ +export interface FileTreeErrorState { + message: string; + retry?: () => void; +} + +/** Accepted path collection shape for expanded and checked file tree state. */ +export type FileTreePathCollection = ReadonlySet | readonly string[]; + +/** Props for `FileTree`. */ +export interface FileTreeProps { + /** Tree nodes to render. */ + nodes: FileTreeNode[]; + /** Currently selected file path. */ + selectedFile?: string | null; + /** Expanded directory paths. */ + expandedPaths?: FileTreePathCollection; + /** Checked file paths. */ + checkedPaths?: FileTreePathCollection; + /** Called when a directory row is toggled. */ + onToggleDir?: (path: string) => void; + /** Called when a file row is selected. */ + onSelectFile?: (path: string) => void; + /** Called when a checkbox is toggled. */ + onToggleCheck?: (path: string, kind: "file" | "dir") => void; + /** Badge metadata keyed by path. */ + fileBadges?: Record; + /** Row tone metadata keyed by path. */ + fileTones?: Record; + /** Whether to render checkboxes. Defaults to false for plugin UIs. */ + showCheckboxes?: boolean; + /** Allow long file and directory names to wrap. */ + wrapLabels?: boolean; + /** Render a loading skeleton instead of nodes. */ + loading?: boolean; + /** Render a structured error state instead of nodes. */ + error?: FileTreeErrorState | null; + /** Empty state content. */ + empty?: FileTreeEmptyState; + /** Accessible label for the tree. */ + ariaLabel?: string; +} + +export interface IssuesListFilters { + status?: string; + projectId?: string; + parentId?: string; + assigneeAgentId?: string; + participantAgentId?: string; + assigneeUserId?: string; + labelId?: string; + workspaceId?: string; + executionWorkspaceId?: string; + originKind?: string; + originKindPrefix?: string; + originId?: string; + descendantOf?: string; + includeRoutineExecutions?: boolean; +} + +export interface IssuesListProps { + companyId: string | null; + projectId?: string | null; + filters?: IssuesListFilters; + viewStateKey?: string; + initialSearch?: string; + createIssueLabel?: string; + searchWithinLoadedIssues?: boolean; +} + +export interface AssigneePickerSelection { + assigneeAgentId: string | null; + assigneeUserId: string | null; +} + +export interface AssigneePickerProps { + /** Company whose agents and users should be listed. Defaults to host context. */ + companyId?: string | null; + /** Controlled value. Use `agent:`, `user:`, or an empty string. */ + value: string; + /** Called with the encoded value plus parsed assignee IDs. */ + onChange: (value: string, selection: AssigneePickerSelection) => void; + /** Button placeholder when no assignee is selected. */ + placeholder?: string; + /** Label for the empty option. */ + noneLabel?: string; + /** Search input placeholder. */ + searchPlaceholder?: string; + /** Empty search result message. */ + emptyMessage?: string; + /** Include active board users alongside agents. Defaults to true. */ + includeUsers?: boolean; + /** Include terminated agents. Defaults to false. */ + includeTerminatedAgents?: boolean; + /** CSS class forwarded to the trigger button. */ + className?: string; + /** Called after the user confirms a selection with Enter, Tab, or click. */ + onConfirm?: () => void; +} + +export interface ProjectPickerProps { + /** Company whose projects should be listed. Defaults to host context. */ + companyId?: string | null; + /** Controlled project id, or an empty string for no project. */ + value: string; + /** Called with the selected project id. Empty string means no project. */ + onChange: (projectId: string) => void; + /** Button placeholder when no project is selected. */ + placeholder?: string; + /** Label for the empty option. */ + noneLabel?: string; + /** Search input placeholder. */ + searchPlaceholder?: string; + /** Empty search result message. */ + emptyMessage?: string; + /** Include archived projects. Defaults to false. */ + includeArchived?: boolean; + /** CSS class forwarded to the trigger button. */ + className?: string; + /** Called after the user confirms a selection with Enter, Tab, or click. */ + onConfirm?: () => void; +} + +export interface ManagedRoutinesListAgent { + id: string; + name: string; + icon?: string | null; +} + +export interface ManagedRoutinesListProject { + id: string; + name: string; + color?: string | null; +} + +export interface ManagedRoutineMissingRef { + resourceKind: string; + resourceKey: string; +} + +export interface ManagedRoutinesListItem { + key: string; + title: string; + status: string; + routineId?: string | null; + href?: string | null; + resourceKey?: string | null; + projectId?: string | null; + assigneeAgentId?: string | null; + cronExpression?: string | null; + lastRunAt?: Date | string | null; + lastRunStatus?: string | null; + managedByPluginDisplayName?: string | null; + missingRefs?: ManagedRoutineMissingRef[]; +} + +export interface ManagedRoutinesListProps { + routines: ManagedRoutinesListItem[]; + agents?: ManagedRoutinesListAgent[]; + projects?: ManagedRoutinesListProject[]; + pluginDisplayName?: string | null; + emptyMessage?: string; + runningRoutineKey?: string | null; + statusMutationRoutineKey?: string | null; + reconcilingRoutineKey?: string | null; + resettingRoutineKey?: string | null; + onRunNow?: (routine: ManagedRoutinesListItem) => void; + onToggleEnabled?: (routine: ManagedRoutinesListItem, enabled: boolean) => void; + onReconcile?: (routine: ManagedRoutinesListItem) => void; + onReset?: (routine: ManagedRoutinesListItem) => void; +} + // --------------------------------------------------------------------------- // Component declarations (provided by host at runtime) // --------------------------------------------------------------------------- @@ -266,6 +501,13 @@ export const TimeseriesChart = createSdkUiComponent("Times */ export const MarkdownBlock = createSdkUiComponent("MarkdownBlock"); +/** + * Renders Paperclip's shared Markdown editor. + * + * @see PLUGIN_SPEC.md §19.6 — Shared Components + */ +export const MarkdownEditor = createSdkUiComponent("MarkdownEditor"); + /** * Renders a definition-list of label/value pairs. * @@ -308,3 +550,40 @@ export const Spinner = createSdkUiComponent("Spinner"); * @see PLUGIN_SPEC.md §19.7 — Error Propagation Through The Bridge */ export const ErrorBoundary = createSdkUiComponent("ErrorBoundary"); + +/** + * Renders the host file tree component with a stable plugin-safe prop surface. + * + * @example + * ```tsx + * import { FileTree, type FileTreeNode } from "@paperclipai/plugin-sdk/ui"; + * + * const nodes: FileTreeNode[] = [ + * { name: "README.md", path: "README.md", kind: "file", children: [] }, + * ]; + * + * console.log(path)} />; + * ``` + */ +export const FileTree = createSdkUiComponent("FileTree"); + +/** + * Renders Paperclip's native issue list component for company-scoped plugin + * pages that need a standard board issue view. + */ +export const IssuesList = createSdkUiComponent("IssuesList"); + +/** + * Renders the same host assignee picker used by the new issue pane. + */ +export const AssigneePicker = createSdkUiComponent("AssigneePicker"); + +/** + * Renders the same host project picker used by the new issue pane. + */ +export const ProjectPicker = createSdkUiComponent("ProjectPicker"); + +/** + * Renders Paperclip's native managed routines list for plugin settings pages. + */ +export const ManagedRoutinesList = createSdkUiComponent("ManagedRoutinesList"); diff --git a/packages/plugins/sdk/src/ui/hooks.ts b/packages/plugins/sdk/src/ui/hooks.ts index 56a0938b..686d02cf 100644 --- a/packages/plugins/sdk/src/ui/hooks.ts +++ b/packages/plugins/sdk/src/ui/hooks.ts @@ -1,6 +1,8 @@ import type { PluginDataResult, PluginActionFn, + HostLocation, + HostNavigation, PluginHostContext, PluginStreamResult, PluginToastFn, @@ -115,6 +117,57 @@ export function useHostContext(): PluginHostContext { return impl(); } +// --------------------------------------------------------------------------- +// useHostNavigation +// --------------------------------------------------------------------------- + +/** + * Navigate within the Paperclip host without forcing a full document reload. + * + * Use `linkProps()` for links so browser-native behavior still works: + * modifier-click, middle-click, copy-link, and open-in-new-tab all use the + * returned real `href`. + * + * @example + * ```tsx + * function WikiSidebarLink() { + * const hostNavigation = useHostNavigation(); + * return Wiki; + * } + * ``` + */ +export function useHostNavigation(): HostNavigation { + const impl = getSdkUiRuntimeValue<() => HostNavigation>("useHostNavigation"); + return impl(); +} + +// --------------------------------------------------------------------------- +// useHostLocation +// --------------------------------------------------------------------------- + +/** + * Observe the current host router location. + * + * Returns a snapshot of the active `pathname`, `search`, and `hash`. The + * component re-renders when any of these change (e.g. after the host router + * pushes a new entry, or after the browser back/forward gestures). Use this + * for URL-driven plugin UI such as a takeover sidebar with section-aware + * active state. + * + * @example + * ```tsx + * function WikiSection() { + * const { pathname } = useHostLocation(); + * const section = pathname.split("/").filter(Boolean).at(-1) ?? "wiki"; + * return
    Active section: {section}
    ; + * } + * ``` + */ +export function useHostLocation(): HostLocation { + const impl = getSdkUiRuntimeValue<() => HostLocation>("useHostLocation"); + return impl(); +} + // --------------------------------------------------------------------------- // usePluginStream // --------------------------------------------------------------------------- diff --git a/packages/plugins/sdk/src/ui/index.ts b/packages/plugins/sdk/src/ui/index.ts index 68b8a43b..8f90af70 100644 --- a/packages/plugins/sdk/src/ui/index.ts +++ b/packages/plugins/sdk/src/ui/index.ts @@ -43,20 +43,89 @@ * - `usePluginData(key, params)` — fetch data from the worker's `getData` handler * - `usePluginAction(key)` — get a callable that invokes the worker's `performAction` handler * - `useHostContext()` — read the current active company, project, entity, and user IDs + * - `useHostNavigation()` — navigate Paperclip-internal links through the host router + * - `useHostLocation()` — observe the current host pathname/search/hash for URL-driven UI * - `usePluginStream(channel)` — subscribe to real-time SSE events from the worker */ export { usePluginData, usePluginAction, useHostContext, + useHostNavigation, + useHostLocation, usePluginStream, usePluginToast, } from "./hooks.js"; +export { + MetricCard, + StatusBadge, + DataTable, + TimeseriesChart, + MarkdownBlock, + MarkdownEditor, + KeyValueList, + ActionBar, + LogView, + JsonTree, + Spinner, + ErrorBoundary, + FileTree, + IssuesList, + AssigneePicker, + ProjectPicker, + ManagedRoutinesList, +} from "./components.js"; + +export type { + MetricTrend, + MetricCardProps, + StatusBadgeVariant, + StatusBadgeProps, + DataTableColumn, + DataTableProps, + TimeseriesDataPoint, + TimeseriesChartProps, + MarkdownBlockProps, + MarkdownEditorProps, + KeyValuePair, + KeyValueListProps, + ActionBarItem, + ActionBarProps, + LogViewEntry, + LogViewProps, + JsonTreeProps, + SpinnerProps, + ErrorBoundaryProps, + FileTreeNode, + FileTreeBadgeVariant, + FileTreeBadge, + FileTreeTone, + FileTreeEmptyState, + FileTreeErrorState, + FileTreePathCollection, + FileTreeProps, + IssuesListFilters, + IssuesListProps, + AssigneePickerSelection, + AssigneePickerProps, + ProjectPickerProps, + ManagedRoutineMissingRef, + ManagedRoutinesListAgent, + ManagedRoutinesListItem, + ManagedRoutinesListProject, + ManagedRoutinesListProps, +} from "./components.js"; + // Bridge error and host context types export type { PluginBridgeError, PluginBridgeErrorCode, + HostNavigation, + HostNavigationOptions, + HostNavigationLinkOptions, + HostNavigationLinkProps, + HostLocation, PluginHostContext, PluginModalBoundsRequest, PluginRenderCloseEvent, @@ -80,6 +149,7 @@ export type { PluginWidgetProps, PluginDetailTabProps, PluginSidebarProps, + PluginRouteSidebarProps, PluginProjectSidebarItemProps, PluginCommentAnnotationProps, PluginCommentContextMenuItemProps, diff --git a/packages/plugins/sdk/src/ui/types.ts b/packages/plugins/sdk/src/ui/types.ts index b1eddea5..b8216836 100644 --- a/packages/plugins/sdk/src/ui/types.ts +++ b/packages/plugins/sdk/src/ui/types.ts @@ -14,6 +14,10 @@ * @see PLUGIN_SPEC.md §29.2 — SDK Versioning */ +import type { + AnchorHTMLAttributes, + MouseEvent as ReactMouseEvent, +} from "react"; import type { PluginBridgeErrorCode, PluginLauncherBounds, @@ -131,6 +135,83 @@ export interface PluginRenderEnvironmentContext closeLifecycle?: PluginRenderCloseLifecycle | null; } +// --------------------------------------------------------------------------- +// Host navigation +// --------------------------------------------------------------------------- + +/** + * Options for host-managed Paperclip navigation from plugin UI. + */ +export interface HostNavigationOptions { + /** Replace the current history entry instead of pushing a new one. */ + replace?: boolean; + /** Optional state forwarded to the host router. */ + state?: unknown; +} + +/** + * Options for `useHostNavigation().linkProps()`. + */ +export interface HostNavigationLinkOptions extends HostNavigationOptions { + /** Standard anchor target. Non-`_self` targets are not intercepted. */ + target?: AnchorHTMLAttributes["target"]; + /** Standard anchor rel attribute. */ + rel?: AnchorHTMLAttributes["rel"]; +} + +/** + * Anchor props returned by `useHostNavigation().linkProps()`. + * + * The `href` is always real so browser affordances such as copy-link, + * modifier-click, middle-click, and open-in-new-tab continue to work. + */ +export interface HostNavigationLinkProps + extends Pick, "href" | "target" | "rel"> { + onClick: (event: ReactMouseEvent) => void; +} + +/** + * Snapshot of the host router location, exposed to plugin UI through + * `useHostLocation()`. Mirrors the relevant subset of `Location` from + * `react-router-dom` so plugins can react to URL changes without importing + * router internals. + * + * @see PLUGIN_SPEC.md §19 — UI Extension Model + */ +export interface HostLocation { + /** Current pathname, e.g. `/PAP/wiki`. */ + pathname: string; + /** Current search string, e.g. `?tab=config` (includes the leading `?`). */ + search: string; + /** Current hash, e.g. `#document-plan` (includes the leading `#`). */ + hash: string; + /** Optional state forwarded by the host router for same-tab SPA navigation. */ + state?: unknown; +} + +/** + * Host-managed navigation helpers for plugin UI. + */ +export interface HostNavigation { + /** + * Resolve a Paperclip-internal path using the active company prefix. + * + * For example, in company `PAP`, `resolveHref("/wiki")` returns + * `"/PAP/wiki"`, while `resolveHref("/PAP/wiki")` stays unchanged. + */ + resolveHref(to: string): string; + /** Navigate through the host router without reloading the document. */ + navigate(to: string, options?: HostNavigationOptions): void; + /** + * Build anchor props for host-managed links. + * + * Plain left-clicks are routed through the host SPA router. Browser-native + * link gestures are left alone because the returned props include a real + * `href`. + */ + linkProps(to: string, options?: HostNavigationLinkOptions): HostNavigationLinkProps; +} + // --------------------------------------------------------------------------- // Slot component prop interfaces // --------------------------------------------------------------------------- @@ -188,6 +269,19 @@ export interface PluginSidebarProps { context: PluginHostContext; } +/** + * Props passed to a plugin route sidebar component. + * + * A route sidebar replaces the normal company sidebar while the user is on a + * matching plugin page route declared with the same `routePath`. + * + * @see PLUGIN_SPEC.md §19.5 — Sidebar Entries + */ +export interface PluginRouteSidebarProps { + /** The current host context. */ + context: PluginHostContext; +} + /** * Props passed to a plugin project sidebar item component. * diff --git a/packages/plugins/sdk/src/worker-rpc-host.ts b/packages/plugins/sdk/src/worker-rpc-host.ts index 80e548b5..81104fea 100644 --- a/packages/plugins/sdk/src/worker-rpc-host.ts +++ b/packages/plugins/sdk/src/worker-rpc-host.ts @@ -387,6 +387,55 @@ export function startWorkerRpcHost(options: WorkerRpcHostOptions): WorkerRpcHost }, }, + localFolders: { + declarations() { + if (!manifest) throw new Error("Plugin context accessed before initialization"); + return manifest.localFolders ?? []; + }, + + async configure(input) { + return callHost("localFolders.configure", { + companyId: input.companyId, + folderKey: input.folderKey, + path: input.path, + access: input.access, + requiredDirectories: input.requiredDirectories, + requiredFiles: input.requiredFiles, + }); + }, + + async status(companyId: string, folderKey: string) { + return callHost("localFolders.status", { companyId, folderKey }); + }, + + async list(companyId: string, folderKey: string, options = {}) { + return callHost("localFolders.list", { + companyId, + folderKey, + relativePath: options.relativePath, + recursive: options.recursive, + maxEntries: options.maxEntries, + }); + }, + + async readText(companyId: string, folderKey: string, relativePath: string) { + return callHost("localFolders.readText", { companyId, folderKey, relativePath }); + }, + + async writeTextAtomic(companyId: string, folderKey: string, relativePath: string, contents: string) { + return callHost("localFolders.writeTextAtomic", { + companyId, + folderKey, + relativePath, + contents, + }); + }, + + async deleteFile(companyId: string, folderKey: string, relativePath: string) { + return callHost("localFolders.deleteFile", { companyId, folderKey, relativePath }); + }, + }, + events: { on( name: string, @@ -580,6 +629,64 @@ export function startWorkerRpcHost(options: WorkerRpcHostOptions): WorkerRpcHost async getWorkspaceForIssue(issueId: string, companyId: string) { return callHost("projects.getWorkspaceForIssue", { issueId, companyId }); }, + + managed: { + async get(projectKey: string, companyId: string) { + return callHost("projects.managed.get", { projectKey, companyId }); + }, + async reconcile(projectKey: string, companyId: string) { + return callHost("projects.managed.reconcile", { projectKey, companyId }); + }, + async reset(projectKey: string, companyId: string) { + return callHost("projects.managed.reset", { projectKey, companyId }); + }, + }, + }, + + routines: { + managed: { + async get(routineKey: string, companyId: string) { + return callHost("routines.managed.get", { routineKey, companyId }); + }, + async reconcile( + routineKey: string, + companyId: string, + overrides?: { assigneeAgentId?: string | null; projectId?: string | null }, + ) { + return callHost("routines.managed.reconcile", { routineKey, companyId, ...overrides }); + }, + async reset( + routineKey: string, + companyId: string, + overrides?: { assigneeAgentId?: string | null; projectId?: string | null }, + ) { + return callHost("routines.managed.reset", { routineKey, companyId, ...overrides }); + }, + async update(routineKey: string, companyId: string, patch: { status?: string }) { + return callHost("routines.managed.update", { routineKey, companyId, ...patch }); + }, + async run( + routineKey: string, + companyId: string, + overrides?: { assigneeAgentId?: string | null; projectId?: string | null }, + ) { + return callHost("routines.managed.run", { routineKey, companyId, ...overrides }); + }, + }, + }, + + skills: { + managed: { + async get(skillKey: string, companyId: string) { + return callHost("skills.managed.get", { skillKey, companyId }); + }, + async reconcile(skillKey: string, companyId: string) { + return callHost("skills.managed.reconcile", { skillKey, companyId }); + }, + async reset(skillKey: string, companyId: string) { + return callHost("skills.managed.reset", { skillKey, companyId }); + }, + }, }, companies: { @@ -602,8 +709,10 @@ export function startWorkerRpcHost(options: WorkerRpcHostOptions): WorkerRpcHost projectId: input.projectId, assigneeAgentId: input.assigneeAgentId, originKind: input.originKind, + originKindPrefix: input.originKindPrefix, originId: input.originId, status: input.status, + includePluginOperations: input.includePluginOperations, limit: input.limit, offset: input.offset, }); @@ -628,6 +737,8 @@ export function startWorkerRpcHost(options: WorkerRpcHostOptions): WorkerRpcHost assigneeUserId: input.assigneeUserId, requestDepth: input.requestDepth, billingCode: input.billingCode, + assigneeAdapterOverrides: input.assigneeAdapterOverrides, + surfaceVisibility: input.surfaceVisibility, originKind: input.originKind, originId: input.originId, originRunId: input.originRunId, @@ -863,6 +974,20 @@ export function startWorkerRpcHost(options: WorkerRpcHostOptions): WorkerRpcHost return callHost("agents.invoke", { agentId, companyId, prompt: opts.prompt, reason: opts.reason }); }, + managed: { + async get(agentKey: string, companyId: string) { + return callHost("agents.managed.get", { agentKey, companyId }); + }, + + async reconcile(agentKey: string, companyId: string) { + return callHost("agents.managed.reconcile", { agentKey, companyId }); + }, + + async reset(agentKey: string, companyId: string) { + return callHost("agents.managed.reset", { agentKey, companyId }); + }, + }, + sessions: { async create(agentId: string, companyId: string, opts?: { taskKey?: string; reason?: string }) { return callHost("agents.sessions.create", { diff --git a/packages/shared/src/api.ts b/packages/shared/src/api.ts index eef841f2..38988c6f 100644 --- a/packages/shared/src/api.ts +++ b/packages/shared/src/api.ts @@ -11,6 +11,7 @@ export const API = { goals: `${API_PREFIX}/goals`, approvals: `${API_PREFIX}/approvals`, secrets: `${API_PREFIX}/secrets`, + secretProviderConfigs: `${API_PREFIX}/secret-provider-configs`, costs: `${API_PREFIX}/costs`, activity: `${API_PREFIX}/activity`, dashboard: `${API_PREFIX}/dashboard`, diff --git a/packages/shared/src/config-schema.test.ts b/packages/shared/src/config-schema.test.ts new file mode 100644 index 00000000..9e2a75cc --- /dev/null +++ b/packages/shared/src/config-schema.test.ts @@ -0,0 +1,27 @@ +import { describe, expect, it } from "vitest"; +import { paperclipConfigSchema } from "./config-schema.js"; + +describe("paperclip config schema", () => { + it("defaults omitted runtime paths to legacy instance-root locations", () => { + const parsed = paperclipConfigSchema.parse({ + $meta: { + version: 1, + updatedAt: "2026-05-10T00:00:00.000Z", + source: "configure", + }, + database: { + mode: "embedded-postgres", + }, + logging: { + mode: "file", + }, + server: {}, + }); + + expect(parsed.database.embeddedPostgresDataDir).toBe("~/.paperclip/instances/default/db"); + expect(parsed.database.backup.dir).toBe("~/.paperclip/instances/default/data/backups"); + expect(parsed.logging.logDir).toBe("~/.paperclip/instances/default/logs"); + expect(parsed.storage.localDisk.baseDir).toBe("~/.paperclip/instances/default/data/storage"); + expect(parsed.secrets.localEncrypted.keyFilePath).toBe("~/.paperclip/instances/default/secrets/master.key"); + }); +}); diff --git a/packages/shared/src/constants.ts b/packages/shared/src/constants.ts index 8cbe9eef..ea93a3b6 100644 --- a/packages/shared/src/constants.ts +++ b/packages/shared/src/constants.ts @@ -33,6 +33,7 @@ export const AGENT_ADAPTER_TYPES = [ "acpx_local", "claude_local", "codex_local", + "cursor_cloud", "gemini_local", "opencode_local", "pi_local", @@ -146,8 +147,29 @@ export const INBOX_MINE_ISSUE_STATUS_FILTER = INBOX_MINE_ISSUE_STATUSES.join("," export const ISSUE_PRIORITIES = ["critical", "high", "medium", "low"] as const; export type IssuePriority = (typeof ISSUE_PRIORITIES)[number]; +export const ISSUE_WORK_MODES = ["standard", "planning"] as const; +export type IssueWorkMode = (typeof ISSUE_WORK_MODES)[number]; export const MAX_ISSUE_REQUEST_DEPTH = 1024; +export const ISSUE_COMMENT_AUTHOR_TYPES = ["user", "agent", "system"] as const; +export type IssueCommentAuthorType = (typeof ISSUE_COMMENT_AUTHOR_TYPES)[number]; + +export const ISSUE_COMMENT_PRESENTATION_KINDS = ["message", "system_notice"] as const; +export type IssueCommentPresentationKind = (typeof ISSUE_COMMENT_PRESENTATION_KINDS)[number]; + +export const ISSUE_COMMENT_PRESENTATION_TONES = ["neutral", "info", "success", "warning", "danger"] as const; +export type IssueCommentPresentationTone = (typeof ISSUE_COMMENT_PRESENTATION_TONES)[number]; + +export const ISSUE_COMMENT_METADATA_ROW_TYPES = [ + "text", + "code", + "key_value", + "issue_link", + "agent_link", + "run_link", +] as const; +export type IssueCommentMetadataRowType = (typeof ISSUE_COMMENT_METADATA_ROW_TYPES)[number]; + export function clampIssueRequestDepth(value: number | null | undefined): number { if (typeof value !== "number" || !Number.isFinite(value)) return 0; return Math.min(MAX_ISSUE_REQUEST_DEPTH, Math.max(0, Math.floor(value))); @@ -190,6 +212,16 @@ export const ISSUE_ORIGIN_KINDS = [ export type BuiltInIssueOriginKind = (typeof ISSUE_ORIGIN_KINDS)[number]; export type PluginIssueOriginKind = `plugin:${string}`; export type IssueOriginKind = BuiltInIssueOriginKind | PluginIssueOriginKind; +export const ISSUE_SURFACE_VISIBILITIES = ["default", "plugin_operation"] as const; +export type IssueSurfaceVisibility = (typeof ISSUE_SURFACE_VISIBILITIES)[number]; + +export function pluginOperationIssueOriginKind(pluginKey: string): PluginIssueOriginKind { + return `plugin:${pluginKey}:operation`; +} + +export function isPluginOperationIssueOriginKind(originKind: string | null | undefined): boolean { + return typeof originKind === "string" && /^plugin:[^:]+:operation(?::|$)/.test(originKind); +} export const ISSUE_RELATION_TYPES = ["blocks"] as const; export type IssueRelationType = (typeof ISSUE_RELATION_TYPES)[number]; @@ -221,9 +253,39 @@ export type IssueExecutionPolicyMode = (typeof ISSUE_EXECUTION_POLICY_MODES)[num export const ISSUE_EXECUTION_STAGE_TYPES = ["review", "approval"] as const; export type IssueExecutionStageType = (typeof ISSUE_EXECUTION_STAGE_TYPES)[number]; +export const ISSUE_MONITOR_SCHEDULED_BY = ["assignee", "board"] as const; +export type IssueMonitorScheduledBy = (typeof ISSUE_MONITOR_SCHEDULED_BY)[number]; + +export const ISSUE_EXECUTION_MONITOR_KINDS = ["external_service"] as const; +export type IssueExecutionMonitorKind = (typeof ISSUE_EXECUTION_MONITOR_KINDS)[number]; + +export const ISSUE_EXECUTION_MONITOR_RECOVERY_POLICIES = [ + "wake_owner", + "create_recovery_issue", + "escalate_to_board", +] as const; +export type IssueExecutionMonitorRecoveryPolicy = + (typeof ISSUE_EXECUTION_MONITOR_RECOVERY_POLICIES)[number]; + export const ISSUE_EXECUTION_STATE_STATUSES = ["idle", "pending", "changes_requested", "completed"] as const; export type IssueExecutionStateStatus = (typeof ISSUE_EXECUTION_STATE_STATUSES)[number]; +export const ISSUE_EXECUTION_MONITOR_STATE_STATUSES = ["scheduled", "triggered", "cleared"] as const; +export type IssueExecutionMonitorStateStatus = (typeof ISSUE_EXECUTION_MONITOR_STATE_STATUSES)[number]; + +export const ISSUE_EXECUTION_MONITOR_CLEAR_REASONS = [ + "manual", + "triggered", + "done", + "cancelled", + "invalid_status", + "invalid_assignee", + "dispatch_skipped", + "timeout_exceeded", + "max_attempts_exhausted", +] as const; +export type IssueExecutionMonitorClearReason = (typeof ISSUE_EXECUTION_MONITOR_CLEAR_REASONS)[number]; + export const ISSUE_EXECUTION_DECISION_OUTCOMES = ["approved", "changes_requested"] as const; export type IssueExecutionDecisionOutcome = (typeof ISSUE_EXECUTION_DECISION_OUTCOMES)[number]; @@ -334,6 +396,54 @@ export const SECRET_PROVIDERS = [ ] as const; export type SecretProvider = (typeof SECRET_PROVIDERS)[number]; +export const SECRET_PROVIDER_CONFIG_STATUSES = [ + "ready", + "warning", + "coming_soon", + "disabled", +] as const; +export type SecretProviderConfigStatus = (typeof SECRET_PROVIDER_CONFIG_STATUSES)[number]; + +export const SECRET_PROVIDER_CONFIG_HEALTH_STATUSES = [ + "ready", + "warning", + "error", + "coming_soon", + "disabled", +] as const; +export type SecretProviderConfigHealthStatus = + (typeof SECRET_PROVIDER_CONFIG_HEALTH_STATUSES)[number]; + +export const SECRET_STATUSES = ["active", "disabled", "archived", "deleted"] as const; +export type SecretStatus = (typeof SECRET_STATUSES)[number]; + +export const SECRET_MANAGED_MODES = ["paperclip_managed", "external_reference"] as const; +export type SecretManagedMode = (typeof SECRET_MANAGED_MODES)[number]; + +export const SECRET_VERSION_STATUSES = [ + "current", + "previous", + "disabled", + "destroyed", + "failed", +] as const; +export type SecretVersionStatus = (typeof SECRET_VERSION_STATUSES)[number]; + +export const SECRET_BINDING_TARGET_TYPES = [ + "agent", + "project", + "environment", + "routine", + "plugin", + "issue", + "run", + "system", +] as const; +export type SecretBindingTargetType = (typeof SECRET_BINDING_TARGET_TYPES)[number]; + +export const SECRET_ACCESS_OUTCOMES = ["success", "failure"] as const; +export type SecretAccessOutcome = (typeof SECRET_ACCESS_OUTCOMES)[number]; + export const STORAGE_PROVIDERS = ["local_disk", "s3"] as const; export type StorageProvider = (typeof STORAGE_PROVIDERS)[number]; @@ -604,9 +714,13 @@ export const PLUGIN_CAPABILITIES = [ "issue.comments.create", "issue.interactions.create", "issue.documents.write", + "projects.managed", + "routines.managed", + "skills.managed", "agents.pause", "agents.resume", "agents.invoke", + "agents.managed", "agent.sessions.create", "agent.sessions.list", "agent.sessions.send", @@ -628,6 +742,7 @@ export const PLUGIN_CAPABILITIES = [ "http.outbound", "secrets.read-ref", "environment.drivers.register", + "local.folders", // Agent Tools "agent.tools.register", // UI @@ -698,6 +813,7 @@ export const PLUGIN_UI_SLOT_TYPES = [ "taskDetailView", "dashboardWidget", "sidebar", + "routeSidebar", "sidebarPanel", "projectSidebarItem", "globalToolbarButton", diff --git a/packages/shared/src/home-paths.test.ts b/packages/shared/src/home-paths.test.ts new file mode 100644 index 00000000..81235c17 --- /dev/null +++ b/packages/shared/src/home-paths.test.ts @@ -0,0 +1,36 @@ +import fs from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { + resolveDefaultBackupDir, + resolveDefaultEmbeddedPostgresDir, + resolveDefaultLogsDir, + resolveDefaultSecretsKeyFilePath, + resolveDefaultStorageDir, + resolvePaperclipConfigPathForInstance, + resolvePaperclipInstanceRoot, +} from "./home-paths.js"; + +const ORIGINAL_ENV = { ...process.env }; + +afterEach(() => { + process.env = { ...ORIGINAL_ENV }; +}); + +describe("home path resolution", () => { + it("resolves config and runtime data directly under the instance root", () => { + const home = fs.mkdtempSync(path.join(os.tmpdir(), "paperclip-home-paths-")); + process.env.PAPERCLIP_HOME = home; + delete process.env.PAPERCLIP_INSTANCE_ID; + + const instanceRoot = path.join(home, "instances", "default"); + expect(resolvePaperclipInstanceRoot()).toBe(instanceRoot); + expect(resolvePaperclipConfigPathForInstance()).toBe(path.join(instanceRoot, "config.json")); + expect(resolveDefaultEmbeddedPostgresDir()).toBe(path.join(instanceRoot, "db")); + expect(resolveDefaultBackupDir()).toBe(path.join(instanceRoot, "data", "backups")); + expect(resolveDefaultLogsDir()).toBe(path.join(instanceRoot, "logs")); + expect(resolveDefaultStorageDir()).toBe(path.join(instanceRoot, "data", "storage")); + expect(resolveDefaultSecretsKeyFilePath()).toBe(path.join(instanceRoot, "secrets", "master.key")); + }); +}); diff --git a/packages/shared/src/home-paths.ts b/packages/shared/src/home-paths.ts new file mode 100644 index 00000000..fa4f1c44 --- /dev/null +++ b/packages/shared/src/home-paths.ts @@ -0,0 +1,92 @@ +import os from "node:os"; +import path from "node:path"; + +export const DEFAULT_PAPERCLIP_INSTANCE_ID = "default"; +export const PAPERCLIP_CONFIG_BASENAME = "config.json"; +export const PAPERCLIP_ENV_FILENAME = ".env"; + +const PATH_SEGMENT_RE = /^[a-zA-Z0-9_-]+$/; + +export function expandHomePrefix(value: string): string { + if (value === "~") return os.homedir(); + if (value.startsWith("~/")) return path.resolve(os.homedir(), value.slice(2)); + return value; +} + +export function resolvePaperclipHomeDir(homeOverride?: string): string { + const raw = homeOverride?.trim() || process.env.PAPERCLIP_HOME?.trim(); + if (raw) return path.resolve(expandHomePrefix(raw)); + return path.resolve(os.homedir(), ".paperclip"); +} + +export function resolvePaperclipInstanceId(instanceIdOverride?: string): string { + const raw = instanceIdOverride?.trim() || process.env.PAPERCLIP_INSTANCE_ID?.trim() || DEFAULT_PAPERCLIP_INSTANCE_ID; + if (!PATH_SEGMENT_RE.test(raw)) { + throw new Error(`Invalid PAPERCLIP_INSTANCE_ID '${raw}'.`); + } + return raw; +} + +export function resolvePaperclipInstanceRoot(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return path.resolve(resolvePaperclipHomeDir(input.homeDir), "instances", resolvePaperclipInstanceId(input.instanceId)); +} + +export function resolvePaperclipInstanceConfigPath(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return path.resolve(resolvePaperclipInstanceRoot(input), PAPERCLIP_CONFIG_BASENAME); +} + +export function resolvePaperclipConfigPathForInstance(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return resolvePaperclipInstanceConfigPath(input); +} + +export function resolvePaperclipEnvPathForConfig(configPath: string): string { + return path.resolve(path.dirname(configPath), PAPERCLIP_ENV_FILENAME); +} + +export function resolveDefaultEmbeddedPostgresDir(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return path.resolve(resolvePaperclipInstanceRoot(input), "db"); +} + +export function resolveDefaultLogsDir(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return path.resolve(resolvePaperclipInstanceRoot(input), "logs"); +} + +export function resolveDefaultSecretsKeyFilePath(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return path.resolve(resolvePaperclipInstanceRoot(input), "secrets", "master.key"); +} + +export function resolveDefaultStorageDir(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return path.resolve(resolvePaperclipInstanceRoot(input), "data", "storage"); +} + +export function resolveDefaultBackupDir(input: { + homeDir?: string; + instanceId?: string; +} = {}): string { + return path.resolve(resolvePaperclipInstanceRoot(input), "data", "backups"); +} + +export function resolveHomeAwarePath(value: string): string { + return path.resolve(expandHomePrefix(value)); +} diff --git a/packages/shared/src/index.ts b/packages/shared/src/index.ts index 9d6c2851..1010c096 100644 --- a/packages/shared/src/index.ts +++ b/packages/shared/src/index.ts @@ -19,12 +19,20 @@ export { INBOX_MINE_ISSUE_STATUSES, INBOX_MINE_ISSUE_STATUS_FILTER, ISSUE_PRIORITIES, + ISSUE_WORK_MODES, MAX_ISSUE_REQUEST_DEPTH, + ISSUE_COMMENT_AUTHOR_TYPES, + ISSUE_COMMENT_METADATA_ROW_TYPES, + ISSUE_COMMENT_PRESENTATION_KINDS, + ISSUE_COMMENT_PRESENTATION_TONES, clampIssueRequestDepth, ISSUE_THREAD_INTERACTION_KINDS, ISSUE_THREAD_INTERACTION_STATUSES, ISSUE_THREAD_INTERACTION_CONTINUATION_POLICIES, ISSUE_ORIGIN_KINDS, + ISSUE_SURFACE_VISIBILITIES, + pluginOperationIssueOriginKind, + isPluginOperationIssueOriginKind, ISSUE_RELATION_TYPES, ISSUE_TREE_CONTROL_MODES, ISSUE_TREE_HOLD_RELEASE_POLICY_STRATEGIES, @@ -35,7 +43,12 @@ export { ISSUE_REFERENCE_SOURCE_KINDS, ISSUE_EXECUTION_POLICY_MODES, ISSUE_EXECUTION_STAGE_TYPES, + ISSUE_MONITOR_SCHEDULED_BY, + ISSUE_EXECUTION_MONITOR_KINDS, + ISSUE_EXECUTION_MONITOR_RECOVERY_POLICIES, ISSUE_EXECUTION_STATE_STATUSES, + ISSUE_EXECUTION_MONITOR_STATE_STATUSES, + ISSUE_EXECUTION_MONITOR_CLEAR_REASONS, ISSUE_EXECUTION_DECISION_OUTCOMES, GOAL_LEVELS, GOAL_STATUSES, @@ -58,6 +71,8 @@ export { APPROVAL_TYPES, APPROVAL_STATUSES, SECRET_PROVIDERS, + SECRET_PROVIDER_CONFIG_STATUSES, + SECRET_PROVIDER_CONFIG_HEALTH_STATUSES, STORAGE_PROVIDERS, BILLING_TYPES, FINANCE_EVENT_KINDS, @@ -122,12 +137,18 @@ export { type AgentIconName, type IssueStatus, type IssuePriority, + type IssueWorkMode, + type IssueCommentAuthorType, + type IssueCommentMetadataRowType, + type IssueCommentPresentationKind, + type IssueCommentPresentationTone, type IssueThreadInteractionKind, type IssueThreadInteractionStatus, type IssueThreadInteractionContinuationPolicy, type BuiltInIssueOriginKind, type PluginIssueOriginKind, type IssueOriginKind, + type IssueSurfaceVisibility, type IssueRelationType, type IssueTreeControlMode, type IssueTreeHoldReleasePolicyStrategy, @@ -136,7 +157,12 @@ export { type IssueReferenceSourceKind, type IssueExecutionPolicyMode, type IssueExecutionStageType, + type IssueMonitorScheduledBy, + type IssueExecutionMonitorKind, + type IssueExecutionMonitorRecoveryPolicy, type IssueExecutionStateStatus, + type IssueExecutionMonitorStateStatus, + type IssueExecutionMonitorClearReason, type IssueExecutionDecisionOutcome, type GoalLevel, type GoalStatus, @@ -158,6 +184,8 @@ export { type ApprovalType, type ApprovalStatus, type SecretProvider, + type SecretProviderConfigStatus, + type SecretProviderConfigHealthStatus, type StorageProvider, type BillingType, type FinanceEventKind, @@ -293,7 +321,15 @@ export type { ProjectCodebase, ProjectCodebaseOrigin, ProjectGoalRef, + ProjectManagedByPlugin, ProjectWorkspace, + CompanySearchHighlight, + CompanySearchIssueSummary, + CompanySearchResponse, + CompanySearchResult, + CompanySearchResultType, + CompanySearchScope, + CompanySearchSnippet, ExecutionWorkspace, ExecutionWorkspaceSummary, ExecutionWorkspaceConfig, @@ -337,9 +373,17 @@ export type { IssueBlockerAttentionState, IssueProductivityReview, IssueProductivityReviewTrigger, + SuccessfulRunHandoffState, + SuccessfulRunHandoffStateKind, + IssueScheduledRetry, + IssueScheduledRetryStatus, + IssueRetryNowOutcome, + IssueRetryNowResponse, IssueReferenceSource, IssueRelatedWorkItem, IssueRelatedWorkSummary, + IssueExecutionMonitorPolicy, + IssueExecutionMonitorState, IssueRelation, IssueRelationIssueSummary, IssueExecutionPolicy, @@ -349,6 +393,16 @@ export type { IssueExecutionStagePrincipal, IssueExecutionDecision, IssueComment, + IssueCommentMetadata, + IssueCommentMetadataSection, + IssueCommentMetadataRow, + IssueCommentMetadataTextRow, + IssueCommentMetadataCodeRow, + IssueCommentMetadataKeyValueRow, + IssueCommentMetadataIssueLinkRow, + IssueCommentMetadataAgentLinkRow, + IssueCommentMetadataRunLinkRow, + IssueCommentPresentation, IssueThreadInteractionActorFields, SuggestedTaskDraft, SuggestTasksPayload, @@ -458,6 +512,7 @@ export type { CompanyPortabilityProjectWorkspaceManifestEntry, CompanyPortabilityIssueRoutineTriggerManifestEntry, CompanyPortabilityIssueRoutineManifestEntry, + CompanyPortabilityIssueCommentManifestEntry, CompanyPortabilityIssueManifestEntry, CompanyPortabilityManifest, CompanyPortabilityExportResult, @@ -480,10 +535,38 @@ export type { EnvBinding, AgentEnvConfig, CompanySecret, + CompanySecretProviderConfig, + SecretProviderConfigPayload, + SecretProviderConfigHealthDetails, + SecretProviderConfigHealthResponse, + CompanySecretBinding, + CompanySecretBindingTarget, + CompanySecretUsageBinding, + CompanySecretVersion, + SecretAccessEvent, + RemoteSecretImportCandidate, + RemoteSecretImportCandidateStatus, + RemoteSecretImportConflict, + RemoteSecretImportPreviewResult, + RemoteSecretImportResult, + RemoteSecretImportRowResult, + RemoteSecretImportRowStatus, + SecretAccessOutcome, + SecretBindingTargetType, + SecretManagedMode, SecretProviderDescriptor, + SecretStatus, + SecretVersionSelector, + SecretVersionStatus, Routine, + RoutineManagedByPlugin, RoutineVariable, RoutineVariableDefaultValue, + RoutineRevisionSnapshotRoutineV1, + RoutineRevisionSnapshotTriggerV1, + RoutineRevisionSnapshotV1, + RoutineRevisionSnapshot, + RoutineRevision, RoutineTrigger, RoutineRun, RoutineTriggerSecretMaterial, @@ -496,6 +579,18 @@ export type { PluginWebhookDeclaration, PluginToolDeclaration, PluginEnvironmentDriverDeclaration, + PluginManagedAgentDeclaration, + PluginManagedProjectDeclaration, + PluginManagedRoutineDeclaration, + PluginManagedSkillDeclaration, + PluginManagedSkillFileDeclaration, + PluginLocalFolderDeclaration, + PluginManagedAgentResolution, + PluginManagedProjectResolution, + PluginManagedRoutineResolution, + PluginManagedSkillResolution, + PluginManagedResourceKind, + PluginManagedResourceRef, PluginUiSlotDeclaration, PluginLauncherActionDeclaration, PluginLauncherRenderDeclaration, @@ -512,6 +607,7 @@ export type { PluginMigrationRecord, PluginStateRecord, PluginConfig, + PluginCompanySettings, PluginEntityRecord, PluginEntityQuery, PluginJobRecord, @@ -520,6 +616,7 @@ export type { QuotaWindow, ProviderQuotaResult, } from "./types/index.js"; +export { COMPANY_SEARCH_SCOPES } from "./types/index.js"; export { ISSUE_REFERENCE_IDENTIFIER_RE, buildIssueReferenceHref, @@ -644,8 +741,17 @@ export { type CreateProjectWorkspace, type UpdateProjectWorkspace, projectExecutionWorkspacePolicySchema, + companySearchQuerySchema, + COMPANY_SEARCH_DEFAULT_LIMIT, + COMPANY_SEARCH_MAX_LIMIT, + COMPANY_SEARCH_MAX_OFFSET, + COMPANY_SEARCH_MAX_QUERY_LENGTH, + COMPANY_SEARCH_MAX_TOKENS, + type CompanySearchQuery, createIssueSchema, + createIssueInputSchema, createChildIssueSchema, + resolveCreateIssueStatusDefault, createIssueLabelSchema, updateIssueSchema, issueExecutionPolicySchema, @@ -653,6 +759,11 @@ export { issueReviewRequestSchema, issueExecutionWorkspaceSettingsSchema, checkoutIssueSchema, + issueCommentAuthorTypeSchema, + issueCommentPresentationSchema, + issueCommentMetadataRowSchema, + issueCommentMetadataSectionSchema, + issueCommentMetadataSchema, addIssueCommentSchema, issueThreadInteractionStatusSchema, issueThreadInteractionKindSchema, @@ -745,7 +856,19 @@ export { envBindingSchema, envConfigSchema, createSecretSchema, + createSecretProviderConfigSchema, + updateSecretProviderConfigSchema, + remoteSecretImportPreviewSchema, + remoteSecretImportSchema, + remoteSecretImportSelectionSchema, + localEncryptedProviderConfigSchema, + awsSecretsManagerProviderConfigSchema, + gcpSecretManagerProviderConfigSchema, + vaultProviderConfigSchema, + secretProviderConfigPayloadSchema, + createSecretBindingSchema, rotateSecretSchema, + secretBindingTargetSchema, updateSecretSchema, createRoutineSchema, updateRoutineSchema, @@ -754,7 +877,16 @@ export { routineVariableSchema, runRoutineSchema, rotateRoutineTriggerSecretSchema, + routineRevisionSnapshotRoutineV1Schema, + routineRevisionSnapshotTriggerV1Schema, + routineRevisionSnapshotV1Schema, + routineRevisionSnapshotSchema, type CreateSecret, + type CreateSecretProviderConfig, + type UpdateSecretProviderConfig, + type RemoteSecretImportPreview, + type RemoteSecretImport, + type RemoteSecretImportSelection, type RotateSecret, type UpdateSecret, type CreateRoutine, diff --git a/packages/shared/src/issue-references.test.ts b/packages/shared/src/issue-references.test.ts index fa091c41..d4af275a 100644 --- a/packages/shared/src/issue-references.test.ts +++ b/packages/shared/src/issue-references.test.ts @@ -10,6 +10,7 @@ import { describe("issue references", () => { it("normalizes identifiers to uppercase", () => { expect(normalizeIssueIdentifier("pap-123")).toBe("PAP-123"); + expect(normalizeIssueIdentifier("pc1a2-7")).toBe("PC1A2-7"); expect(normalizeIssueIdentifier("not-an-issue")).toBeNull(); }); @@ -27,14 +28,14 @@ describe("issue references", () => { }); it("finds identifiers and issue paths in plain text", () => { - expect(findIssueReferenceMatches("See PAP-1, /issues/PAP-2, and https://x.test/PAP/issues/pap-3.")).toEqual([ + expect(findIssueReferenceMatches("See PAP-1, /issues/PC1A2-2, and https://x.test/PAP/issues/pc1a2-3.")).toEqual([ { index: 4, length: 5, identifier: "PAP-1", matchedText: "PAP-1" }, - { index: 11, length: 13, identifier: "PAP-2", matchedText: "/issues/PAP-2" }, + { index: 11, length: 15, identifier: "PC1A2-2", matchedText: "/issues/PC1A2-2" }, { - index: 30, - length: 31, - identifier: "PAP-3", - matchedText: "https://x.test/PAP/issues/pap-3", + index: 32, + length: 33, + identifier: "PC1A2-3", + matchedText: "https://x.test/PAP/issues/pc1a2-3", }, ]); }); diff --git a/packages/shared/src/issue-references.ts b/packages/shared/src/issue-references.ts index eb45ff9a..bfdd2126 100644 --- a/packages/shared/src/issue-references.ts +++ b/packages/shared/src/issue-references.ts @@ -1,4 +1,4 @@ -export const ISSUE_REFERENCE_IDENTIFIER_RE = /^[A-Z]+-\d+$/; +export const ISSUE_REFERENCE_IDENTIFIER_RE = /^[A-Z][A-Z0-9]*-\d+$/; export interface IssueReferenceMatch { index: number; @@ -7,7 +7,7 @@ export interface IssueReferenceMatch { matchedText: string; } -const ISSUE_REFERENCE_TOKEN_RE = /https?:\/\/[^\s<>()]+|\/[^\s<>()]+|[A-Z]+-\d+/gi; +const ISSUE_REFERENCE_TOKEN_RE = /https?:\/\/[^\s<>()]+|\/[^\s<>()]+|[A-Z][A-Z0-9]*-\d+/gi; function preserveNewlinesAsWhitespace(value: string) { return value.replace(/[^\n]/g, " "); diff --git a/packages/shared/src/types/company-portability.ts b/packages/shared/src/types/company-portability.ts index ea5e7b1c..6c8a435c 100644 --- a/packages/shared/src/types/company-portability.ts +++ b/packages/shared/src/types/company-portability.ts @@ -1,5 +1,7 @@ import type { AgentEnvConfig, SecretProvider } from "./secrets.js"; import type { RoutineVariable } from "./routine.js"; +import type { IssueCommentAuthorType } from "../constants.js"; +import type { IssueCommentMetadata, IssueCommentPresentation } from "./issue.js"; export interface CompanyPortabilityInclude { company: boolean; @@ -98,6 +100,16 @@ export interface CompanyPortabilityIssueRoutineManifestEntry { triggers: CompanyPortabilityIssueRoutineTriggerManifestEntry[]; } +export interface CompanyPortabilityIssueCommentManifestEntry { + body: string; + authorType: IssueCommentAuthorType; + authorAgentSlug: string | null; + authorUserId: string | null; + presentation: IssueCommentPresentation | null; + metadata: IssueCommentMetadata | null; + createdAt: string | null; +} + export interface CompanyPortabilityIssueManifestEntry { slug: string; identifier: string | null; @@ -116,6 +128,7 @@ export interface CompanyPortabilityIssueManifestEntry { billingCode: string | null; executionWorkspaceSettings: Record | null; assigneeAdapterOverrides: Record | null; + comments: CompanyPortabilityIssueCommentManifestEntry[]; metadata: Record | null; } diff --git a/packages/shared/src/types/cost.ts b/packages/shared/src/types/cost.ts index 57e6be62..11d9a765 100644 --- a/packages/shared/src/types/cost.ts +++ b/packages/shared/src/types/cost.ts @@ -36,6 +36,11 @@ export interface IssueCostSummary { inputTokens: number; cachedInputTokens: number; outputTokens: number; + /** number of distinct heartbeat runs aggregated across the issue tree */ + runCount: number; + /** sum of wall-clock duration of each run in the tree (ms); + * still-running runs contribute (now - startedAt) so this ticks up live */ + runtimeMs: number; } export interface CostByAgent { diff --git a/packages/shared/src/types/index.ts b/packages/shared/src/types/index.ts index e6cce5f8..b6c4e69e 100644 --- a/packages/shared/src/types/index.ts +++ b/packages/shared/src/types/index.ts @@ -89,7 +89,17 @@ export type { AdapterEnvironmentTestResult, } from "./agent.js"; export type { AssetImage } from "./asset.js"; -export type { Project, ProjectCodebase, ProjectCodebaseOrigin, ProjectGoalRef, ProjectWorkspace } from "./project.js"; +export type { Project, ProjectCodebase, ProjectCodebaseOrigin, ProjectGoalRef, ProjectManagedByPlugin, ProjectWorkspace } from "./project.js"; +export type { + CompanySearchHighlight, + CompanySearchIssueSummary, + CompanySearchResponse, + CompanySearchResult, + CompanySearchResultType, + CompanySearchScope, + CompanySearchSnippet, +} from "./search.js"; +export { COMPANY_SEARCH_SCOPES } from "./search.js"; export type { ExecutionWorkspace, ExecutionWorkspaceSummary, @@ -134,17 +144,26 @@ export type { } from "./work-product.js"; export type { Issue, + IssueWorkMode, IssueAssigneeAdapterOverrides, IssueBlockerAttention, IssueBlockerAttentionReason, IssueBlockerAttentionState, IssueProductivityReview, IssueProductivityReviewTrigger, + SuccessfulRunHandoffState, + SuccessfulRunHandoffStateKind, + IssueScheduledRetry, + IssueScheduledRetryStatus, + IssueRetryNowOutcome, + IssueRetryNowResponse, IssueReferenceSource, IssueRelatedWorkItem, IssueRelatedWorkSummary, IssueRelation, IssueRelationIssueSummary, + IssueExecutionMonitorPolicy, + IssueExecutionMonitorState, IssueExecutionPolicy, IssueExecutionState, IssueExecutionStage, @@ -153,6 +172,16 @@ export type { IssueReviewRequest, IssueExecutionDecision, IssueComment, + IssueCommentMetadata, + IssueCommentMetadataSection, + IssueCommentMetadataRow, + IssueCommentMetadataTextRow, + IssueCommentMetadataCodeRow, + IssueCommentMetadataKeyValueRow, + IssueCommentMetadataIssueLinkRow, + IssueCommentMetadataAgentLinkRow, + IssueCommentMetadataRunLinkRow, + IssueCommentPresentation, IssueThreadInteractionActorFields, SuggestedTaskDraft, SuggestTasksPayload, @@ -215,12 +244,39 @@ export type { EnvBinding, AgentEnvConfig, CompanySecret, + CompanySecretProviderConfig, + SecretProviderConfigPayload, + SecretProviderConfigHealthDetails, + SecretProviderConfigHealthResponse, + CompanySecretBinding, + CompanySecretBindingTarget, + CompanySecretUsageBinding, + CompanySecretVersion, + SecretAccessEvent, + RemoteSecretImportCandidate, + RemoteSecretImportCandidateStatus, + RemoteSecretImportConflict, + RemoteSecretImportPreviewResult, + RemoteSecretImportResult, + RemoteSecretImportRowResult, + RemoteSecretImportRowStatus, + SecretAccessOutcome, + SecretBindingTargetType, + SecretManagedMode, SecretProviderDescriptor, + SecretStatus, + SecretVersionStatus, } from "./secrets.js"; export type { Routine, + RoutineManagedByPlugin, RoutineVariable, RoutineVariableDefaultValue, + RoutineRevisionSnapshotRoutineV1, + RoutineRevisionSnapshotTriggerV1, + RoutineRevisionSnapshotV1, + RoutineRevisionSnapshot, + RoutineRevision, RoutineTrigger, RoutineRun, RoutineTriggerSecretMaterial, @@ -288,6 +344,7 @@ export type { CompanyPortabilityProjectWorkspaceManifestEntry, CompanyPortabilityIssueRoutineTriggerManifestEntry, CompanyPortabilityIssueRoutineManifestEntry, + CompanyPortabilityIssueCommentManifestEntry, CompanyPortabilityIssueManifestEntry, CompanyPortabilityManifest, CompanyPortabilityExportResult, @@ -314,6 +371,18 @@ export type { PluginWebhookDeclaration, PluginToolDeclaration, PluginEnvironmentDriverDeclaration, + PluginManagedAgentDeclaration, + PluginManagedProjectDeclaration, + PluginManagedRoutineDeclaration, + PluginManagedSkillDeclaration, + PluginManagedSkillFileDeclaration, + PluginLocalFolderDeclaration, + PluginManagedAgentResolution, + PluginManagedProjectResolution, + PluginManagedRoutineResolution, + PluginManagedSkillResolution, + PluginManagedResourceKind, + PluginManagedResourceRef, PluginUiSlotDeclaration, PluginLauncherActionDeclaration, PluginLauncherRenderDeclaration, @@ -330,6 +399,7 @@ export type { PluginMigrationRecord, PluginStateRecord, PluginConfig, + PluginCompanySettings, PluginEntityRecord, PluginEntityQuery, PluginJobRecord, diff --git a/packages/shared/src/types/issue.ts b/packages/shared/src/types/issue.ts index 2fa8cb8b..827c259f 100644 --- a/packages/shared/src/types/issue.ts +++ b/packages/shared/src/types/issue.ts @@ -1,11 +1,21 @@ import type { + IssueCommentAuthorType, + IssueCommentMetadataRowType, + IssueCommentPresentationKind, + IssueCommentPresentationTone, + IssueExecutionMonitorClearReason, + IssueExecutionMonitorKind, + IssueExecutionMonitorRecoveryPolicy, + IssueExecutionMonitorStateStatus, IssueExecutionDecisionOutcome, + IssueMonitorScheduledBy, IssueExecutionPolicyMode, IssueReferenceSourceKind, IssueExecutionStageType, IssueExecutionStateStatus, IssueOriginKind, IssuePriority, + IssueWorkMode, ModelProfileKey, IssueThreadInteractionContinuationPolicy, IssueThreadInteractionKind, @@ -17,6 +27,8 @@ import type { Project, ProjectWorkspace } from "./project.js"; import type { ExecutionWorkspace, IssueExecutionWorkspaceSettings } from "./workspace-runtime.js"; import type { IssueWorkProduct } from "./work-product.js"; +export type { IssueWorkMode }; + export interface IssueAncestorProject { id: string; name: string; @@ -157,6 +169,46 @@ export interface IssueProductivityReview { updatedAt: Date; } +export type SuccessfulRunHandoffStateKind = "required" | "resolved" | "escalated"; + +export interface SuccessfulRunHandoffState { + state: SuccessfulRunHandoffStateKind; + required: boolean; + sourceRunId: string | null; + correctiveRunId: string | null; + assigneeAgentId: string | null; + detectedProgressSummary: string | null; + createdAt: Date | string | null; +} + +export type IssueScheduledRetryStatus = "scheduled_retry" | "queued" | "running" | "cancelled"; + +export interface IssueScheduledRetry { + runId: string; + status: IssueScheduledRetryStatus; + agentId: string; + agentName: string | null; + retryOfRunId: string | null; + scheduledRetryAt: Date | string | null; + scheduledRetryAttempt: number; + scheduledRetryReason: string | null; + retryExhaustedReason?: string | null; + error?: string | null; + errorCode?: string | null; +} + +export type IssueRetryNowOutcome = + | "promoted" + | "already_promoted" + | "no_scheduled_retry" + | "gate_suppressed"; + +export interface IssueRetryNowResponse { + outcome: IssueRetryNowOutcome; + message: string; + scheduledRetry: IssueScheduledRetry | null; +} + export interface IssueRelation { id: string; companyId: string; @@ -201,10 +253,40 @@ export interface IssueExecutionStage { participants: IssueExecutionStageParticipant[]; } +export interface IssueExecutionMonitorPolicy { + nextCheckAt: string; + notes: string | null; + scheduledBy: IssueMonitorScheduledBy; + kind?: IssueExecutionMonitorKind | null; + serviceName?: string | null; + externalRef?: string | null; + timeoutAt?: string | null; + maxAttempts?: number | null; + recoveryPolicy?: IssueExecutionMonitorRecoveryPolicy | null; +} + export interface IssueExecutionPolicy { mode: IssueExecutionPolicyMode; commentRequired: boolean; stages: IssueExecutionStage[]; + monitor?: IssueExecutionMonitorPolicy | null; +} + +export interface IssueExecutionMonitorState { + status: IssueExecutionMonitorStateStatus; + nextCheckAt: string | null; + lastTriggeredAt: string | null; + attemptCount: number; + notes: string | null; + scheduledBy: IssueMonitorScheduledBy | null; + kind?: IssueExecutionMonitorKind | null; + serviceName?: string | null; + externalRef?: string | null; + timeoutAt?: string | null; + maxAttempts?: number | null; + recoveryPolicy?: IssueExecutionMonitorRecoveryPolicy | null; + clearedAt: string | null; + clearReason: IssueExecutionMonitorClearReason | null; } export interface IssueReviewRequest { @@ -222,6 +304,7 @@ export interface IssueExecutionState { completedStageIds: string[]; lastDecisionId: string | null; lastDecisionOutcome: IssueExecutionDecisionOutcome | null; + monitor?: IssueExecutionMonitorState | null; } export interface IssueExecutionDecision { @@ -250,6 +333,7 @@ export interface Issue { title: string; description: string | null; status: IssueStatus; + workMode: IssueWorkMode; priority: IssuePriority; assigneeAgentId: string | null; assigneeUserId: string | null; @@ -270,6 +354,11 @@ export interface Issue { assigneeAdapterOverrides: IssueAssigneeAdapterOverrides | null; executionPolicy?: IssueExecutionPolicy | null; executionState?: IssueExecutionState | null; + monitorNextCheckAt?: Date | null; + monitorLastTriggeredAt?: Date | null; + monitorAttemptCount?: number; + monitorNotes?: string | null; + monitorScheduledBy?: IssueMonitorScheduledBy | null; executionWorkspaceId: string | null; executionWorkspacePreference: string | null; executionWorkspaceSettings: IssueExecutionWorkspaceSettings | null; @@ -283,6 +372,8 @@ export interface Issue { blocks?: IssueRelationIssueSummary[]; blockerAttention?: IssueBlockerAttention; productivityReview?: IssueProductivityReview | null; + successfulRunHandoff?: SuccessfulRunHandoffState | null; + scheduledRetry?: IssueScheduledRetry | null; relatedWork?: IssueRelatedWorkSummary; referencedIssueIdentifiers?: string[]; planDocument?: IssueDocument | null; @@ -305,14 +396,84 @@ export interface IssueComment { id: string; companyId: string; issueId: string; + authorType: IssueCommentAuthorType; authorAgentId: string | null; authorUserId: string | null; body: string; + presentation: IssueCommentPresentation | null; + metadata: IssueCommentMetadata | null; followUpRequested?: boolean; createdAt: Date; updatedAt: Date; } +interface IssueCommentMetadataRowBase { + type: IssueCommentMetadataRowType; + label?: string | null; +} + +export interface IssueCommentMetadataTextRow extends IssueCommentMetadataRowBase { + type: "text"; + text: string; +} + +export interface IssueCommentMetadataCodeRow extends IssueCommentMetadataRowBase { + type: "code"; + code: string; + language?: string | null; +} + +export interface IssueCommentMetadataKeyValueRow extends IssueCommentMetadataRowBase { + type: "key_value"; + label: string; + value: string; +} + +export interface IssueCommentMetadataIssueLinkRow extends IssueCommentMetadataRowBase { + type: "issue_link"; + issueId?: string | null; + identifier?: string | null; + title?: string | null; +} + +export interface IssueCommentMetadataAgentLinkRow extends IssueCommentMetadataRowBase { + type: "agent_link"; + agentId: string; + name?: string | null; +} + +export interface IssueCommentMetadataRunLinkRow extends IssueCommentMetadataRowBase { + type: "run_link"; + runId: string; + title?: string | null; +} + +export type IssueCommentMetadataRow = + | IssueCommentMetadataTextRow + | IssueCommentMetadataCodeRow + | IssueCommentMetadataKeyValueRow + | IssueCommentMetadataIssueLinkRow + | IssueCommentMetadataAgentLinkRow + | IssueCommentMetadataRunLinkRow; + +export interface IssueCommentMetadataSection { + title?: string | null; + rows: IssueCommentMetadataRow[]; +} + +export interface IssueCommentMetadata { + version: 1; + sourceRunId?: string | null; + sections: IssueCommentMetadataSection[]; +} + +export interface IssueCommentPresentation { + kind: IssueCommentPresentationKind; + tone: IssueCommentPresentationTone; + title?: string | null; + detailsDefaultOpen: boolean; +} + export interface IssueThreadInteractionActorFields { createdByAgentId?: string | null; createdByUserId?: string | null; @@ -327,6 +488,7 @@ export interface SuggestedTaskDraft { title: string; description?: string | null; priority?: IssuePriority | null; + workMode?: IssueWorkMode | null; assigneeAgentId?: string | null; assigneeUserId?: string | null; projectId?: string | null; diff --git a/packages/shared/src/types/plugin.ts b/packages/shared/src/types/plugin.ts index 955b719f..6f962912 100644 --- a/packages/shared/src/types/plugin.ts +++ b/packages/shared/src/types/plugin.ts @@ -16,7 +16,20 @@ import type { PluginDatabaseMigrationStatus, PluginDatabaseNamespaceMode, PluginDatabaseNamespaceStatus, + AgentAdapterType, + AgentRole, + AgentStatus, + IssuePriority, + ProjectStatus, + RoutineCatchUpPolicy, + RoutineConcurrencyPolicy, + RoutineStatus, + IssueSurfaceVisibility, } from "../constants.js"; +import type { Agent } from "./agent.js"; +import type { CompanySkill } from "./company-skill.js"; +import type { Project } from "./project.js"; +import type { Routine, RoutineTrigger, RoutineVariable } from "./routine.js"; // --------------------------------------------------------------------------- // JSON Schema placeholder – plugins declare config schemas as JSON Schema @@ -113,6 +126,206 @@ export interface PluginEnvironmentDriverDeclaration { configSchema: JsonSchema; } +/** + * Declares a normal Paperclip agent that a plugin can provision and later + * resolve by stable key within each company. + */ +export interface PluginManagedAgentDeclaration { + /** Stable identifier for this managed agent, unique within the plugin. */ + agentKey: string; + /** Suggested visible agent name. */ + displayName: string; + /** Optional suggested role. Defaults to `general`. */ + role?: AgentRole | string; + /** Optional suggested title shown in agent surfaces. */ + title?: string | null; + /** Optional icon for agent list/detail surfaces. */ + icon?: string | null; + /** Suggested capability summary for the agent. */ + capabilities?: string | null; + /** Suggested adapter type. Defaults to `process`. */ + adapterType?: AgentAdapterType | string; + /** + * Optional ordered list of compatible adapter types. When present, the host + * prefers the most-used compatible adapter already configured in the company, + * falling back to `adapterType`. + */ + adapterPreference?: Array; + /** Suggested adapter configuration. */ + adapterConfig?: Record; + /** Suggested Paperclip runtime configuration. */ + runtimeConfig?: Record; + /** Suggested permissions object. Normalized by the host on create/reset. */ + permissions?: Record; + /** Suggested starting status when no board approval is required. */ + status?: Extract; + /** Suggested monthly budget in cents. */ + budgetMonthlyCents?: number; + /** Optional managed instructions content or pointer metadata for plugin UI. */ + instructions?: { + entryFile?: string; + content?: string; + files?: Record; + assetPath?: string; + }; +} + +/** + * Declares a company-scoped local folder a trusted plugin wants the operator + * to configure. The host treats this as a generic filesystem root: plugin + * code may request required relative folders/files, then use SDK helpers for + * path-safe reads and atomic writes under that root. + */ +export interface PluginLocalFolderDeclaration { + /** Stable identifier for this folder, unique within the plugin. */ + folderKey: string; + /** Human-readable name shown in plugin settings. */ + displayName: string; + /** Optional operator-facing description. */ + description?: string; + /** Access level requested by the plugin. Defaults to `readWrite`. */ + access?: "read" | "readWrite"; + /** Relative directories expected to exist under the configured root. */ + requiredDirectories?: string[]; + /** Relative files expected to exist under the configured root. */ + requiredFiles?: string[]; +} + +/** + * Declares a normal Paperclip project that a plugin can provision and later + * resolve by stable key within each company. + */ +export interface PluginManagedProjectDeclaration { + /** Stable identifier for this managed project, unique within the plugin. */ + projectKey: string; + /** Suggested visible project name. */ + displayName: string; + /** Suggested project description. */ + description?: string | null; + /** Suggested starting status. Defaults to `in_progress`. */ + status?: ProjectStatus; + /** Suggested project color. Defaults to the normal project palette. */ + color?: string | null; + /** Optional plugin-specific defaults retained for reset/reconcile UI. */ + settings?: Record; +} + +export interface PluginManagedSkillFileDeclaration { + /** Relative path inside the skill folder, for example `references/guide.md`. */ + path: string; + /** File contents written when the skill is installed or reset. */ + content: string; +} + +/** + * Declares a company skill that a plugin can install into each company's + * skills library and later resolve by stable key. + */ +export interface PluginManagedSkillDeclaration { + /** Stable identifier for this managed skill, unique within the plugin. */ + skillKey: string; + /** Suggested visible skill name. */ + displayName: string; + /** Suggested skill slug. Defaults to `skillKey`. */ + slug?: string; + /** Suggested skill description. */ + description?: string | null; + /** Full `SKILL.md` contents. Defaults to generated markdown from display metadata. */ + markdown?: string; + /** Additional files installed with the skill. */ + files?: PluginManagedSkillFileDeclaration[]; +} + +export type PluginManagedResourceKind = "agent" | "project" | "routine" | "skill"; + +export interface PluginManagedResourceRef { + pluginKey?: string; + resourceKind: PluginManagedResourceKind; + resourceKey: string; +} + +export interface PluginManagedRoutineDeclaration { + /** Stable identifier for this managed routine, unique within the plugin. */ + routineKey: string; + /** Suggested routine title template. */ + title: string; + /** Suggested routine description template. */ + description?: string | null; + /** Stable managed agent reference for the default assignee. */ + assigneeRef?: PluginManagedResourceRef | null; + /** Stable managed project reference for routine-created issues. */ + projectRef?: PluginManagedResourceRef | null; + /** Optional goal id to set on the routine in this company. */ + goalId?: string | null; + /** Suggested starting status. Defaults to `paused` when no assignee is resolved, otherwise `active`. */ + status?: RoutineStatus; + /** Suggested issue priority. Defaults to `medium`. */ + priority?: IssuePriority; + /** Suggested concurrency behavior. Defaults to core routine default. */ + concurrencyPolicy?: RoutineConcurrencyPolicy; + /** Suggested missed-trigger behavior. Defaults to core routine default. */ + catchUpPolicy?: RoutineCatchUpPolicy; + /** Suggested routine variables. */ + variables?: RoutineVariable[]; + /** Suggested triggers created when the routine is first reconciled. */ + triggers?: Array>; + /** Defaults for issues created by this routine. */ + issueTemplate?: { + surfaceVisibility?: IssueSurfaceVisibility; + originId?: string | null; + billingCode?: string | null; + }; +} + +export interface PluginManagedAgentResolution { + pluginKey: string; + resourceKind: "agent"; + resourceKey: string; + companyId: string; + agentId: string | null; + agent: Agent | null; + status: "missing" | "resolved" | "created" | "relinked" | "reset"; + approvalId?: string | null; + defaultDrift?: { + entryFile: string; + changedFiles: string[]; + } | null; +} + +export interface PluginManagedProjectResolution { + pluginKey: string; + resourceKind: "project"; + resourceKey: string; + companyId: string; + projectId: string | null; + project: Project | null; + status: "missing" | "resolved" | "created" | "relinked" | "reset"; +} + +export interface PluginManagedRoutineResolution { + pluginKey: string; + resourceKind: "routine"; + resourceKey: string; + companyId: string; + routineId: string | null; + routine: Routine | null; + status: "missing" | "missing_refs" | "resolved" | "created" | "relinked" | "reset"; + missingRefs?: PluginManagedResourceRef[]; +} + +export interface PluginManagedSkillResolution { + pluginKey: string; + resourceKind: "skill"; + resourceKey: string; + companyId: string; + skillId: string | null; + skill: CompanySkill | null; + status: "missing" | "resolved" | "created" | "relinked" | "reset"; + defaultDrift?: { + changedFiles: string[]; + } | null; +} + /** * Declares a UI extension slot the plugin fills with a React component. * @@ -133,7 +346,7 @@ export interface PluginUiSlotDeclaration { */ entityTypes?: PluginUiSlotEntityType[]; /** - * Optional company-scoped route segment for page slots. + * Optional company-scoped route segment for page and routeSidebar slots. * Example: `kitchensink` becomes `/:companyPrefix/kitchensink`. */ routePath?: string; @@ -322,6 +535,16 @@ export interface PaperclipPluginManifestV1 { apiRoutes?: PluginApiRouteDeclaration[]; /** Environment drivers this plugin contributes. Requires `environment.drivers.register` capability. */ environmentDrivers?: PluginEnvironmentDriverDeclaration[]; + /** Suggested company-scoped agents this plugin can provision and resolve by stable key. */ + agents?: PluginManagedAgentDeclaration[]; + /** Suggested company-scoped projects this plugin can provision and resolve by stable key. */ + projects?: PluginManagedProjectDeclaration[]; + /** Suggested company-scoped routines this plugin can provision and resolve by stable key. */ + routines?: PluginManagedRoutineDeclaration[]; + /** Suggested company skills this plugin can install and resolve by stable key. */ + skills?: PluginManagedSkillDeclaration[]; + /** Trusted local folders this plugin can configure and access by stable key. */ + localFolders?: PluginLocalFolderDeclaration[]; /** * Legacy top-level launcher declarations. * Prefer `ui.launchers` for new manifests. @@ -455,6 +678,22 @@ export interface PluginConfig { updatedAt: Date; } +/** + * Company-scoped plugin settings row. This is intentionally generic; plugin + * features such as local folders live inside `settingsJson` under namespaced + * keys instead of requiring feature-specific database columns. + */ +export interface PluginCompanySettings { + id: string; + companyId: string; + pluginId: string; + enabled: boolean; + settingsJson: Record; + lastError: string | null; + createdAt: Date; + updatedAt: Date; +} + /** * Query filter for `ctx.entities.list`. */ diff --git a/packages/shared/src/types/project.ts b/packages/shared/src/types/project.ts index 2aa50361..302d5048 100644 --- a/packages/shared/src/types/project.ts +++ b/packages/shared/src/types/project.ts @@ -52,6 +52,18 @@ export interface ProjectCodebase { origin: ProjectCodebaseOrigin; } +export interface ProjectManagedByPlugin { + id: string; + pluginId: string; + pluginKey: string; + pluginDisplayName: string; + resourceKind: "project"; + resourceKey: string; + defaultsJson: Record; + createdAt: Date; + updatedAt: Date; +} + export interface Project { id: string; companyId: string; @@ -73,6 +85,7 @@ export interface Project { codebase: ProjectCodebase; workspaces: ProjectWorkspace[]; primaryWorkspace: ProjectWorkspace | null; + managedByPlugin?: ProjectManagedByPlugin | null; archivedAt: Date | null; createdAt: Date; updatedAt: Date; diff --git a/packages/shared/src/types/routine.ts b/packages/shared/src/types/routine.ts index aea256be..c6f866dd 100644 --- a/packages/shared/src/types/routine.ts +++ b/packages/shared/src/types/routine.ts @@ -1,4 +1,13 @@ -import type { IssueOriginKind, RoutineVariableType } from "../constants.js"; +import type { + IssueOriginKind, + IssuePriority, + RoutineCatchUpPolicy, + RoutineConcurrencyPolicy, + RoutineStatus, + RoutineTriggerKind, + RoutineTriggerSigningMode, + RoutineVariableType, +} from "../constants.js"; export interface RoutineProjectSummary { id: string; @@ -50,6 +59,8 @@ export interface Routine { concurrencyPolicy: string; catchUpPolicy: string; variables: RoutineVariable[]; + latestRevisionId: string | null; + latestRevisionNumber: number; createdByAgentId: string | null; createdByUserId: string | null; updatedByAgentId: string | null; @@ -58,6 +69,71 @@ export interface Routine { lastEnqueuedAt: Date | null; createdAt: Date; updatedAt: Date; + managedByPlugin?: RoutineManagedByPlugin | null; +} + +export interface RoutineManagedByPlugin { + id: string; + pluginId: string; + pluginKey: string; + pluginDisplayName: string; + resourceKind: "routine"; + resourceKey: string; + defaultsJson: Record; + createdAt: Date; + updatedAt: Date; +} + +export interface RoutineRevisionSnapshotRoutineV1 { + id: string; + companyId: string; + projectId: string | null; + goalId: string | null; + parentIssueId: string | null; + title: string; + description: string | null; + assigneeAgentId: string | null; + priority: IssuePriority; + status: RoutineStatus; + concurrencyPolicy: RoutineConcurrencyPolicy; + catchUpPolicy: RoutineCatchUpPolicy; + variables: RoutineVariable[]; +} + +export interface RoutineRevisionSnapshotTriggerV1 { + id: string; + kind: RoutineTriggerKind; + label: string | null; + enabled: boolean; + cronExpression: string | null; + timezone: string | null; + publicId: string | null; + signingMode: RoutineTriggerSigningMode | null; + replayWindowSec: number | null; +} + +export interface RoutineRevisionSnapshotV1 { + version: 1; + routine: RoutineRevisionSnapshotRoutineV1; + triggers: RoutineRevisionSnapshotTriggerV1[]; +} + +export type RoutineRevisionSnapshot = RoutineRevisionSnapshotV1; + +export interface RoutineRevision { + id: string; + companyId: string; + routineId: string; + revisionNumber: number; + title: string; + description: string | null; + snapshot: RoutineRevisionSnapshot; + changeSummary: string | null; + restoredFromRevisionId: string | null; + createdByAgentId: string | null; + createdByUserId: string | null; + createdByRunId: string | null; + createdAt: Date; } export interface RoutineTrigger { diff --git a/packages/shared/src/types/search.ts b/packages/shared/src/types/search.ts new file mode 100644 index 00000000..145c5ba3 --- /dev/null +++ b/packages/shared/src/types/search.ts @@ -0,0 +1,56 @@ +import type { IssuePriority, IssueStatus } from "../constants.js"; + +export const COMPANY_SEARCH_SCOPES = ["all", "issues", "comments", "documents", "agents", "projects"] as const; +export type CompanySearchScope = (typeof COMPANY_SEARCH_SCOPES)[number]; + +export type CompanySearchResultType = "issue" | "agent" | "project"; + +export interface CompanySearchHighlight { + start: number; + end: number; +} + +export interface CompanySearchSnippet { + field: string; + label: string; + text: string; + highlights: CompanySearchHighlight[]; +} + +export interface CompanySearchIssueSummary { + id: string; + identifier: string | null; + title: string; + status: IssueStatus; + priority: IssuePriority; + assigneeAgentId: string | null; + assigneeUserId: string | null; + projectId: string | null; + updatedAt: string; +} + +export interface CompanySearchResult { + id: string; + type: CompanySearchResultType; + score: number; + title: string; + href: string; + matchedFields: string[]; + sourceLabel: string | null; + snippet: string | null; + snippets: CompanySearchSnippet[]; + issue?: CompanySearchIssueSummary; + updatedAt: string | null; + previewImageUrl: string | null; +} + +export interface CompanySearchResponse { + query: string; + normalizedQuery: string; + scope: CompanySearchScope; + limit: number; + offset: number; + results: CompanySearchResult[]; + countsByType: Record; + hasMore: boolean; +} diff --git a/packages/shared/src/types/secrets.ts b/packages/shared/src/types/secrets.ts index dc020e2b..7a4f0ae3 100644 --- a/packages/shared/src/types/secrets.ts +++ b/packages/shared/src/types/secrets.ts @@ -1,8 +1,24 @@ -export type SecretProvider = - | "local_encrypted" - | "aws_secrets_manager" - | "gcp_secret_manager" - | "vault"; +import type { + SecretAccessOutcome, + SecretBindingTargetType, + SecretManagedMode, + SecretProvider, + SecretProviderConfigHealthStatus, + SecretProviderConfigStatus, + SecretStatus, + SecretVersionStatus, +} from "../constants.js"; + +export type { + SecretAccessOutcome, + SecretBindingTargetType, + SecretManagedMode, + SecretProvider, + SecretProviderConfigHealthStatus, + SecretProviderConfigStatus, + SecretStatus, + SecretVersionStatus, +}; export type SecretVersionSelector = number | "latest"; @@ -25,13 +41,22 @@ export type AgentEnvConfig = Record; export interface CompanySecret { id: string; companyId: string; + key: string; name: string; provider: SecretProvider; + status: SecretStatus; + managedMode: SecretManagedMode; externalRef: string | null; + providerConfigId: string | null; + providerMetadata: Record | null; latestVersion: number; description: string | null; + lastResolvedAt: Date | null; + lastRotatedAt: Date | null; + deletedAt: Date | null; createdByAgentId: string | null; createdByUserId: string | null; + referenceCount?: number; createdAt: Date; updatedAt: Date; } @@ -40,4 +65,180 @@ export interface SecretProviderDescriptor { id: SecretProvider; label: string; requiresExternalRef: boolean; + supportsManagedValues?: boolean; + supportsExternalReferences?: boolean; + configured?: boolean; +} + +export interface LocalEncryptedProviderConfig { + backupReminderAcknowledged?: boolean; +} + +export interface AwsSecretsManagerProviderConfig { + region: string; + namespace?: string | null; + secretNamePrefix?: string | null; + kmsKeyId?: string | null; + ownerTag?: string | null; + environmentTag?: string | null; +} + +export interface GcpSecretManagerProviderConfig { + projectId?: string | null; + location?: string | null; + namespace?: string | null; + secretNamePrefix?: string | null; +} + +export interface VaultProviderConfig { + address?: string | null; + namespace?: string | null; + mountPath?: string | null; + secretPathPrefix?: string | null; +} + +export type SecretProviderConfigPayload = + | LocalEncryptedProviderConfig + | AwsSecretsManagerProviderConfig + | GcpSecretManagerProviderConfig + | VaultProviderConfig; + +export interface SecretProviderConfigHealthDetails { + code: string; + message: string; + missingFields?: string[]; + guidance?: string[]; +} + +export interface CompanySecretProviderConfig { + id: string; + companyId: string; + provider: SecretProvider; + displayName: string; + status: SecretProviderConfigStatus; + isDefault: boolean; + config: SecretProviderConfigPayload; + healthStatus: SecretProviderConfigHealthStatus | null; + healthCheckedAt: Date | null; + healthMessage: string | null; + healthDetails: SecretProviderConfigHealthDetails | null; + disabledAt: Date | null; + createdByAgentId: string | null; + createdByUserId: string | null; + createdAt: Date; + updatedAt: Date; +} + +export interface SecretProviderConfigHealthResponse { + configId: string; + provider: SecretProvider; + status: SecretProviderConfigHealthStatus; + message: string; + details: SecretProviderConfigHealthDetails; + checkedAt: Date; +} + +export interface CompanySecretVersion { + id: string; + secretId: string; + version: number; + providerVersionRef: string | null; + status: SecretVersionStatus; + fingerprintSha256: string; + rotationJobId: string | null; + createdAt: Date; + revokedAt: Date | null; +} + +export interface CompanySecretBinding { + id: string; + companyId: string; + secretId: string; + targetType: SecretBindingTargetType; + targetId: string; + configPath: string; + versionSelector: SecretVersionSelector; + required: boolean; + label: string | null; + createdAt: Date; + updatedAt: Date; +} + +export interface CompanySecretBindingTarget { + type: SecretBindingTargetType; + id: string; + label: string; + href: string | null; + status: string | null; +} + +export interface CompanySecretUsageBinding extends CompanySecretBinding { + target: CompanySecretBindingTarget; +} + +export interface SecretAccessEvent { + id: string; + companyId: string; + secretId: string; + version: number | null; + provider: SecretProvider; + actorType: "agent" | "user" | "system" | "plugin"; + actorId: string | null; + consumerType: SecretBindingTargetType; + consumerId: string; + configPath: string | null; + issueId: string | null; + heartbeatRunId: string | null; + pluginId: string | null; + outcome: SecretAccessOutcome; + errorCode: string | null; + createdAt: Date; +} + +export type RemoteSecretImportCandidateStatus = "ready" | "duplicate" | "conflict"; + +export interface RemoteSecretImportConflict { + type: "exact_reference" | "name" | "key" | "provider_guardrail"; + message: string; + existingSecretId?: string; +} + +export interface RemoteSecretImportCandidate { + externalRef: string; + remoteName: string; + name: string; + key: string; + providerVersionRef: string | null; + providerMetadata: Record | null; + status: RemoteSecretImportCandidateStatus; + importable: boolean; + conflicts: RemoteSecretImportConflict[]; +} + +export interface RemoteSecretImportPreviewResult { + providerConfigId: string; + provider: SecretProvider; + nextToken: string | null; + candidates: RemoteSecretImportCandidate[]; +} + +export type RemoteSecretImportRowStatus = "imported" | "skipped" | "error"; + +export interface RemoteSecretImportRowResult { + externalRef: string; + name: string; + key: string; + status: RemoteSecretImportRowStatus; + reason: string | null; + secretId: string | null; + conflicts: RemoteSecretImportConflict[]; +} + +export interface RemoteSecretImportResult { + providerConfigId: string; + provider: SecretProvider; + importedCount: number; + skippedCount: number; + errorCount: number; + results: RemoteSecretImportRowResult[]; } diff --git a/packages/shared/src/validators/company-portability.ts b/packages/shared/src/validators/company-portability.ts index e25d17c1..c9fd47b9 100644 --- a/packages/shared/src/validators/company-portability.ts +++ b/packages/shared/src/validators/company-portability.ts @@ -1,5 +1,10 @@ import { z } from "zod"; import { MAX_COMPANY_ATTACHMENT_MAX_BYTES } from "../constants.js"; +import { + issueCommentAuthorTypeSchema, + issueCommentMetadataSchema, + issueCommentPresentationSchema, +} from "./issue.js"; import { routineVariableSchema } from "./routine.js"; export const portabilityIncludeSchema = z @@ -134,6 +139,16 @@ export const portabilityIssueRoutineManifestEntrySchema = z.object({ triggers: z.array(portabilityIssueRoutineTriggerManifestEntrySchema).default([]), }); +export const portabilityIssueCommentManifestEntrySchema = z.object({ + body: z.string().min(1), + authorType: issueCommentAuthorTypeSchema, + authorAgentSlug: z.string().min(1).nullable(), + authorUserId: z.string().nullable(), + presentation: issueCommentPresentationSchema.nullable(), + metadata: issueCommentMetadataSchema.nullable(), + createdAt: z.string().datetime().nullable(), +}); + export const portabilityIssueManifestEntrySchema = z.object({ slug: z.string().min(1), identifier: z.string().min(1).nullable(), @@ -152,6 +167,7 @@ export const portabilityIssueManifestEntrySchema = z.object({ billingCode: z.string().nullable(), executionWorkspaceSettings: z.record(z.unknown()).nullable(), assigneeAdapterOverrides: z.record(z.unknown()).nullable(), + comments: z.array(portabilityIssueCommentManifestEntrySchema).default([]), metadata: z.record(z.unknown()).nullable(), }); diff --git a/packages/shared/src/validators/index.ts b/packages/shared/src/validators/index.ts index 33500e6b..8ac8ba53 100644 --- a/packages/shared/src/validators/index.ts +++ b/packages/shared/src/validators/index.ts @@ -151,7 +151,9 @@ export { export { createIssueSchema, + createIssueInputSchema, createChildIssueSchema, + resolveCreateIssueStatusDefault, createIssueLabelSchema, updateIssueSchema, issueExecutionPolicySchema, @@ -159,6 +161,11 @@ export { issueReviewRequestSchema, issueExecutionWorkspaceSettingsSchema, checkoutIssueSchema, + issueCommentAuthorTypeSchema, + issueCommentPresentationSchema, + issueCommentMetadataRowSchema, + issueCommentMetadataSectionSchema, + issueCommentMetadataSchema, addIssueCommentSchema, issueThreadInteractionStatusSchema, issueThreadInteractionKindSchema, @@ -207,6 +214,16 @@ export { type RestoreIssueDocumentRevision, } from "./issue.js"; +export { + COMPANY_SEARCH_DEFAULT_LIMIT, + COMPANY_SEARCH_MAX_LIMIT, + COMPANY_SEARCH_MAX_OFFSET, + COMPANY_SEARCH_MAX_QUERY_LENGTH, + COMPANY_SEARCH_MAX_TOKENS, + companySearchQuerySchema, + type CompanySearchQuery, +} from "./search.js"; + export { createIssueTreeHoldSchema, issueTreeControlModeSchema, @@ -267,9 +284,27 @@ export { envBindingSchema, envConfigSchema, createSecretSchema, + createSecretProviderConfigSchema, + updateSecretProviderConfigSchema, + remoteSecretImportPreviewSchema, + remoteSecretImportSchema, + remoteSecretImportSelectionSchema, + localEncryptedProviderConfigSchema, + awsSecretsManagerProviderConfigSchema, + gcpSecretManagerProviderConfigSchema, + vaultProviderConfigSchema, + secretProviderConfigPayloadSchema, + createSecretBindingSchema, rotateSecretSchema, + secretBindingTargetSchema, updateSecretSchema, + type CreateSecretBinding, type CreateSecret, + type CreateSecretProviderConfig, + type UpdateSecretProviderConfig, + type RemoteSecretImportPreview, + type RemoteSecretImport, + type RemoteSecretImportSelection, type RotateSecret, type UpdateSecret, } from "./secret.js"; @@ -280,6 +315,10 @@ export { createRoutineTriggerSchema, updateRoutineTriggerSchema, routineVariableSchema, + routineRevisionSnapshotRoutineV1Schema, + routineRevisionSnapshotTriggerV1Schema, + routineRevisionSnapshotV1Schema, + routineRevisionSnapshotSchema, runRoutineSchema, rotateRoutineTriggerSecretSchema, type CreateRoutine, @@ -357,6 +396,8 @@ export { pluginLauncherRenderDeclarationSchema, pluginLauncherDeclarationSchema, pluginDatabaseDeclarationSchema, + pluginManagedSkillFileDeclarationSchema, + pluginManagedSkillDeclarationSchema, pluginApiRouteDeclarationSchema, pluginManifestV1Schema, installPluginSchema, @@ -376,6 +417,8 @@ export { type PluginLauncherRenderDeclarationInput, type PluginLauncherDeclarationInput, type PluginDatabaseDeclarationInput, + type PluginManagedSkillFileDeclarationInput, + type PluginManagedSkillDeclarationInput, type PluginApiRouteDeclarationInput, type PluginManifestV1Input, type InstallPlugin, diff --git a/packages/shared/src/validators/issue.test.ts b/packages/shared/src/validators/issue.test.ts index 4117aa42..ba5cd73c 100644 --- a/packages/shared/src/validators/issue.test.ts +++ b/packages/shared/src/validators/issue.test.ts @@ -54,6 +54,48 @@ describe("issue validators", () => { expect(parsed.body).toBe("Progress update\n\nNext action."); }); + it("accepts structured issue comment presentation and metadata", () => { + const parsed = addIssueCommentSchema.parse({ + body: "Paperclip needs a disposition before this issue can continue.", + authorType: "system", + presentation: { + kind: "system_notice", + tone: "warning", + title: "Needs disposition", + }, + metadata: { + version: 1, + sourceRunId: "11111111-1111-4111-8111-111111111111", + sections: [ + { + title: "Evidence", + rows: [ + { type: "key_value", label: "Cause", value: "successful_run_missing_state" }, + { type: "issue_link", label: "Source issue", identifier: "PAP-3440" }, + { type: "run_link", label: "Run", runId: "11111111-1111-4111-8111-111111111111" }, + ], + }, + ], + }, + }); + + expect(parsed.presentation?.detailsDefaultOpen).toBe(false); + expect(parsed.metadata?.sourceRunId).toBe("11111111-1111-4111-8111-111111111111"); + expect(parsed.metadata?.sections[0]?.rows).toHaveLength(3); + }); + + it("rejects arbitrary issue comment metadata", () => { + const parsed = addIssueCommentSchema.safeParse({ + body: "Hidden details", + metadata: { + version: 1, + transcript: "raw log dump", + }, + }); + + expect(parsed.success).toBe(false); + }); + it("normalizes escaped line breaks in generated task drafts", () => { const parsed = suggestedTaskDraftSchema.parse({ clientKey: "task-1", @@ -87,6 +129,39 @@ describe("issue validators", () => { expect(parsed.requestDepth).toBe(MAX_ISSUE_REQUEST_DEPTH); }); + it("defaults omitted create status to todo when an assignee is present", () => { + expect(createIssueSchema.parse({ + title: "Assigned work", + assigneeAgentId: "22222222-2222-4222-8222-222222222222", + }).status).toBe("todo"); + expect(createIssueSchema.parse({ title: "Unassigned work" }).status).toBe("backlog"); + expect(createIssueSchema.parse({ + title: "Deliberately parked", + assigneeAgentId: "22222222-2222-4222-8222-222222222222", + status: "backlog", + }).status).toBe("backlog"); + }); + + it("defaults issue work mode to standard and accepts planning", () => { + expect(createIssueSchema.parse({ title: "Plan first" }).workMode).toBe("standard"); + expect(createIssueSchema.parse({ title: "Plan first", workMode: "planning" }).workMode).toBe("planning"); + expect(updateIssueSchema.parse({ workMode: "planning" }).workMode).toBe("planning"); + expect(suggestedTaskDraftSchema.parse({ + clientKey: "planning-child", + title: "Plan child", + workMode: "planning", + }).workMode).toBe("planning"); + }); + + it("rejects unknown issue work modes", () => { + expect(createIssueSchema.safeParse({ title: "Plan first", workMode: "normal" }).success).toBe(false); + expect(suggestedTaskDraftSchema.safeParse({ + clientKey: "bad-child", + title: "Bad child", + workMode: "analysis", + }).success).toBe(false); + }); + it("clamps oversized requestDepth values on update", () => { const parsed = updateIssueSchema.parse({ requestDepth: MAX_ISSUE_REQUEST_DEPTH + 1, diff --git a/packages/shared/src/validators/issue.ts b/packages/shared/src/validators/issue.ts index 9533e839..0f73f4d9 100644 --- a/packages/shared/src/validators/issue.ts +++ b/packages/shared/src/validators/issue.ts @@ -1,10 +1,20 @@ import { z } from "zod"; import { ISSUE_EXECUTION_DECISION_OUTCOMES, + ISSUE_EXECUTION_MONITOR_CLEAR_REASONS, + ISSUE_EXECUTION_MONITOR_KINDS, + ISSUE_EXECUTION_MONITOR_RECOVERY_POLICIES, + ISSUE_EXECUTION_MONITOR_STATE_STATUSES, ISSUE_EXECUTION_POLICY_MODES, ISSUE_EXECUTION_STAGE_TYPES, ISSUE_EXECUTION_STATE_STATUSES, + ISSUE_COMMENT_AUTHOR_TYPES, + ISSUE_COMMENT_METADATA_ROW_TYPES, + ISSUE_COMMENT_PRESENTATION_KINDS, + ISSUE_COMMENT_PRESENTATION_TONES, + ISSUE_MONITOR_SCHEDULED_BY, ISSUE_PRIORITIES, + ISSUE_WORK_MODES, clampIssueRequestDepth, ISSUE_STATUSES, ISSUE_THREAD_INTERACTION_CONTINUATION_POLICIES, @@ -103,10 +113,40 @@ export const issueExecutionStageSchema = z.object({ participants: z.array(issueExecutionStageParticipantSchema).default([]), }); +export const issueExecutionMonitorPolicySchema = z.object({ + nextCheckAt: z.string().datetime(), + notes: z.string().max(500).optional().nullable().default(null), + scheduledBy: z.enum(ISSUE_MONITOR_SCHEDULED_BY).optional().default("assignee"), + kind: z.enum(ISSUE_EXECUTION_MONITOR_KINDS).optional().nullable().default(null), + serviceName: z.string().trim().min(1).max(120).optional().nullable().default(null), + externalRef: z.string().trim().min(1).max(500).optional().nullable().default(null), + timeoutAt: z.string().datetime().optional().nullable().default(null), + maxAttempts: z.number().int().positive().max(100).optional().nullable().default(null), + recoveryPolicy: z.enum(ISSUE_EXECUTION_MONITOR_RECOVERY_POLICIES).optional().nullable().default(null), +}); + export const issueExecutionPolicySchema = z.object({ mode: z.enum(ISSUE_EXECUTION_POLICY_MODES).optional().default("normal"), commentRequired: z.boolean().optional().default(true), stages: z.array(issueExecutionStageSchema).default([]), + monitor: issueExecutionMonitorPolicySchema.optional().nullable(), +}); + +export const issueExecutionMonitorStateSchema = z.object({ + status: z.enum(ISSUE_EXECUTION_MONITOR_STATE_STATUSES), + nextCheckAt: z.string().datetime().nullable(), + lastTriggeredAt: z.string().datetime().nullable(), + attemptCount: z.number().int().nonnegative().default(0), + notes: z.string().max(500).nullable(), + scheduledBy: z.enum(ISSUE_MONITOR_SCHEDULED_BY).nullable(), + kind: z.enum(ISSUE_EXECUTION_MONITOR_KINDS).nullable().optional().default(null), + serviceName: z.string().trim().min(1).max(120).nullable().optional().default(null), + externalRef: z.string().trim().min(1).max(500).nullable().optional().default(null), + timeoutAt: z.string().datetime().nullable().optional().default(null), + maxAttempts: z.number().int().positive().max(100).nullable().optional().default(null), + recoveryPolicy: z.enum(ISSUE_EXECUTION_MONITOR_RECOVERY_POLICIES).nullable().optional().default(null), + clearedAt: z.string().datetime().nullable(), + clearReason: z.enum(ISSUE_EXECUTION_MONITOR_CLEAR_REASONS).nullable(), }); export const issueReviewRequestSchema = z.object({ @@ -124,6 +164,7 @@ export const issueExecutionStateSchema = z.object({ completedStageIds: z.array(z.string().uuid()).default([]), lastDecisionId: z.string().uuid().nullable(), lastDecisionOutcome: z.enum(ISSUE_EXECUTION_DECISION_OUTCOMES).nullable(), + monitor: issueExecutionMonitorStateSchema.optional().nullable(), }); const issueRequestDepthInputSchema = z @@ -132,7 +173,48 @@ const issueRequestDepthInputSchema = z .nonnegative() .transform((value) => clampIssueRequestDepth(value)); -export const createIssueSchema = z.object({ +type IssueCreateStatusDefaultInput = { + status?: unknown; + assigneeAgentId?: unknown; + assigneeUserId?: unknown; +}; + +export function resolveCreateIssueStatusDefault(input: IssueCreateStatusDefaultInput): { + status: (typeof ISSUE_STATUSES)[number]; + defaulted: boolean; + reason: "explicit" | "assigned_omitted_status" | "unassigned_omitted_status"; +} { + if (typeof input.status === "string") { + return { + status: input.status as (typeof ISSUE_STATUSES)[number], + defaulted: false, + reason: "explicit", + }; + } + + const hasAssignee = + (typeof input.assigneeAgentId === "string" && input.assigneeAgentId.length > 0) + || (typeof input.assigneeUserId === "string" && input.assigneeUserId.length > 0); + return { + status: hasAssignee ? "todo" : "backlog", + defaulted: true, + reason: hasAssignee ? "assigned_omitted_status" : "unassigned_omitted_status", + }; +} + +function withCreateIssueStatusDefault(schema: z.ZodObject) { + return z.preprocess((input) => { + if (!input || typeof input !== "object" || Array.isArray(input)) return input; + const raw = input as Record; + if (raw.status !== undefined) return input; + return { + ...raw, + status: resolveCreateIssueStatusDefault(raw).status, + }; + }, schema); +} + +const createIssueBaseSchema = z.object({ projectId: z.string().uuid().optional().nullable(), projectWorkspaceId: z.string().uuid().optional().nullable(), goalId: z.string().uuid().optional().nullable(), @@ -141,7 +223,8 @@ export const createIssueSchema = z.object({ inheritExecutionWorkspaceFromIssueId: z.string().uuid().optional().nullable(), title: z.string().min(1), description: multilineTextSchema.optional().nullable(), - status: z.enum(ISSUE_STATUSES).optional().default("backlog"), + status: z.enum(ISSUE_STATUSES), + workMode: z.enum(ISSUE_WORK_MODES).optional().default("standard"), priority: z.enum(ISSUE_PRIORITIES).optional().default("medium"), assigneeAgentId: z.string().uuid().optional().nullable(), assigneeUserId: z.string().optional().nullable(), @@ -155,9 +238,15 @@ export const createIssueSchema = z.object({ labelIds: z.array(z.string().uuid()).optional(), }); +export const createIssueInputSchema = createIssueBaseSchema.extend({ + status: createIssueBaseSchema.shape.status.optional(), +}); + +export const createIssueSchema = withCreateIssueStatusDefault(createIssueBaseSchema); + export type CreateIssue = z.infer; -export const createChildIssueSchema = createIssueSchema +export const createChildIssueSchema = withCreateIssueStatusDefault(createIssueBaseSchema .omit({ parentId: true, inheritExecutionWorkspaceFromIssueId: true, @@ -165,7 +254,7 @@ export const createChildIssueSchema = createIssueSchema .extend({ acceptanceCriteria: z.array(z.string().trim().min(1).max(500)).max(20).optional(), blockParentUntilDone: z.boolean().optional().default(false), - }); + })); export type CreateChildIssue = z.infer; @@ -176,7 +265,7 @@ export const createIssueLabelSchema = z.object({ export type CreateIssueLabel = z.infer; -export const updateIssueSchema = createIssueSchema.partial().extend({ +export const updateIssueSchema = createIssueBaseSchema.partial().extend({ requestDepth: issueRequestDepthInputSchema.optional(), assigneeAgentId: z.string().trim().min(1).optional().nullable(), comment: multilineTextSchema.pipe(z.string().min(1)).optional(), @@ -197,8 +286,96 @@ export const checkoutIssueSchema = z.object({ export type CheckoutIssue = z.infer; +const commentMetadataLabelSchema = z.string().trim().min(1).max(120); +const commentMetadataTextSchema = z.string().trim().min(1).max(2000); + +export const issueCommentAuthorTypeSchema = z.enum(ISSUE_COMMENT_AUTHOR_TYPES); + +export const issueCommentPresentationSchema = z.object({ + kind: z.enum(ISSUE_COMMENT_PRESENTATION_KINDS).default("message"), + tone: z.enum(ISSUE_COMMENT_PRESENTATION_TONES).default("neutral"), + title: z.string().trim().min(1).max(160).nullable().optional(), + detailsDefaultOpen: z.boolean().optional().default(false), +}).strict(); + +export type IssueCommentPresentation = z.infer; + +const issueCommentMetadataBaseRowSchema = z.object({ + type: z.enum(ISSUE_COMMENT_METADATA_ROW_TYPES), + label: commentMetadataLabelSchema.nullable().optional(), +}); + +const issueCommentMetadataTextRowSchema = issueCommentMetadataBaseRowSchema.extend({ + type: z.literal("text"), + text: commentMetadataTextSchema, +}).strict(); + +const issueCommentMetadataCodeRowSchema = issueCommentMetadataBaseRowSchema.extend({ + type: z.literal("code"), + code: z.string().min(1).max(4000), + language: z.string().trim().min(1).max(40).nullable().optional(), +}).strict(); + +const issueCommentMetadataKeyValueRowSchema = issueCommentMetadataBaseRowSchema.extend({ + type: z.literal("key_value"), + label: commentMetadataLabelSchema, + value: commentMetadataTextSchema, +}).strict(); + +const issueCommentMetadataIssueLinkRowSchema = issueCommentMetadataBaseRowSchema.extend({ + type: z.literal("issue_link"), + issueId: z.string().uuid().nullable().optional(), + identifier: z.string().trim().min(1).max(80).nullable().optional(), + title: z.string().trim().min(1).max(240).nullable().optional(), +}).strict(); + +const issueCommentMetadataAgentLinkRowSchema = issueCommentMetadataBaseRowSchema.extend({ + type: z.literal("agent_link"), + agentId: z.string().uuid(), + name: z.string().trim().min(1).max(160).nullable().optional(), +}).strict(); + +const issueCommentMetadataRunLinkRowSchema = issueCommentMetadataBaseRowSchema.extend({ + type: z.literal("run_link"), + runId: z.string().uuid(), + title: z.string().trim().min(1).max(160).nullable().optional(), +}).strict(); + +export const issueCommentMetadataRowSchema = z.discriminatedUnion("type", [ + issueCommentMetadataTextRowSchema, + issueCommentMetadataCodeRowSchema, + issueCommentMetadataKeyValueRowSchema, + issueCommentMetadataIssueLinkRowSchema, + issueCommentMetadataAgentLinkRowSchema, + issueCommentMetadataRunLinkRowSchema, +]).superRefine((value, ctx) => { + if (value.type === "issue_link" && !value.issueId && !value.identifier) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Issue link rows require issueId or identifier", + path: ["issueId"], + }); + } +}); + +export const issueCommentMetadataSectionSchema = z.object({ + title: z.string().trim().min(1).max(160).nullable().optional(), + rows: z.array(issueCommentMetadataRowSchema).min(1).max(50), +}).strict(); + +export const issueCommentMetadataSchema = z.object({ + version: z.literal(1), + sourceRunId: z.string().uuid().nullable().optional(), + sections: z.array(issueCommentMetadataSectionSchema).min(1).max(20), +}).strict(); + +export type IssueCommentMetadata = z.infer; + export const addIssueCommentSchema = z.object({ body: multilineTextSchema.pipe(z.string().min(1)), + authorType: issueCommentAuthorTypeSchema.optional(), + presentation: issueCommentPresentationSchema.nullable().optional(), + metadata: issueCommentMetadataSchema.nullable().optional(), reopen: z.boolean().optional(), resume: z.boolean().optional(), interrupt: z.boolean().optional(), @@ -226,6 +403,7 @@ export const suggestedTaskDraftSchema = z.object({ title: z.string().trim().min(1).max(240), description: multilineTextSchema.pipe(z.string().trim().max(20000)).nullable().optional(), priority: z.enum(ISSUE_PRIORITIES).nullable().optional(), + workMode: z.enum(ISSUE_WORK_MODES).nullable().optional(), assigneeAgentId: z.string().uuid().nullable().optional(), assigneeUserId: z.string().trim().min(1).nullable().optional(), projectId: z.string().uuid().nullable().optional(), diff --git a/packages/shared/src/validators/plugin.test.ts b/packages/shared/src/validators/plugin.test.ts new file mode 100644 index 00000000..ccea0d6a --- /dev/null +++ b/packages/shared/src/validators/plugin.test.ts @@ -0,0 +1,107 @@ +import { describe, expect, it } from "vitest"; +import { PLUGIN_CAPABILITIES } from "../constants.js"; +import { pluginManagedRoutineDeclarationSchema, pluginManifestV1Schema, pluginUiSlotDeclarationSchema } from "./plugin.js"; + +describe("plugin capability constants", () => { + it("exposes each capability once", () => { + expect(new Set(PLUGIN_CAPABILITIES).size).toBe(PLUGIN_CAPABILITIES.length); + }); +}); + +describe("plugin managed routine validators", () => { + it("accepts core issue surface visibility values in routine templates", () => { + const parsed = pluginManagedRoutineDeclarationSchema.parse({ + routineKey: "wiki.refresh", + title: "Refresh Wiki", + issueTemplate: { surfaceVisibility: "default" }, + }); + + expect(parsed.issueTemplate?.surfaceVisibility).toBe("default"); + }); + + it("rejects non-core issue surface visibility values in routine templates", () => { + const parsed = pluginManagedRoutineDeclarationSchema.safeParse({ + routineKey: "wiki.refresh", + title: "Refresh Wiki", + issueTemplate: { surfaceVisibility: "normal" }, + }); + + expect(parsed.success).toBe(false); + }); +}); + +describe("plugin managed skill validators", () => { + const baseManifest = { + id: "paperclip.test-managed-skills", + apiVersion: 1, + version: "0.1.0", + displayName: "Managed Skills", + description: "Managed skills test plugin.", + author: "Paperclip", + categories: ["automation"], + entrypoints: { worker: "./dist/worker.js" }, + } as const; + + it("requires skills.managed when managed skills are declared", () => { + const parsed = pluginManifestV1Schema.safeParse({ + ...baseManifest, + capabilities: [], + skills: [{ skillKey: "wiki-maintainer", displayName: "Wiki Maintainer" }], + }); + + expect(parsed.success).toBe(false); + if (parsed.success) return; + expect(parsed.error.issues.some((issue) => issue.message.includes("skills.managed"))).toBe(true); + }); + + it("accepts managed skills with the skills.managed capability", () => { + const parsed = pluginManifestV1Schema.parse({ + ...baseManifest, + capabilities: ["skills.managed"], + skills: [{ skillKey: "wiki-maintainer", displayName: "Wiki Maintainer" }], + }); + + expect(parsed.skills?.[0]?.skillKey).toBe("wiki-maintainer"); + }); +}); + +describe("plugin UI slot validators", () => { + it("accepts route-scoped sidebar slots with a routePath", () => { + const parsed = pluginUiSlotDeclarationSchema.parse({ + type: "routeSidebar", + id: "wiki-route-sidebar", + displayName: "Wiki Sidebar", + exportName: "WikiSidebar", + routePath: "wiki", + }); + + expect(parsed.routePath).toBe("wiki"); + }); + + it("requires route-scoped sidebar slots to declare a routePath", () => { + const parsed = pluginUiSlotDeclarationSchema.safeParse({ + type: "routeSidebar", + id: "wiki-route-sidebar", + displayName: "Wiki Sidebar", + exportName: "WikiSidebar", + }); + + expect(parsed.success).toBe(false); + if (parsed.success) return; + expect(parsed.error.issues[0]?.message).toBe("routeSidebar slots require routePath"); + }); + + it("keeps reserved company route protection for route-scoped sidebars", () => { + const parsed = pluginUiSlotDeclarationSchema.safeParse({ + type: "routeSidebar", + id: "settings-route-sidebar", + displayName: "Settings Sidebar", + exportName: "SettingsSidebar", + routePath: "settings", + }); + + expect(parsed.success).toBe(false); + if (parsed.success) return; + expect(parsed.error.issues.some((issue) => issue.message.includes("reserved by the host"))).toBe(true); + }); +}); diff --git a/packages/shared/src/validators/plugin.ts b/packages/shared/src/validators/plugin.ts index 3ade0912..8d4016cd 100644 --- a/packages/shared/src/validators/plugin.ts +++ b/packages/shared/src/validators/plugin.ts @@ -15,7 +15,15 @@ import { PLUGIN_API_ROUTE_AUTH_MODES, PLUGIN_API_ROUTE_CHECKOUT_POLICIES, PLUGIN_API_ROUTE_METHODS, + ISSUE_PRIORITIES, + ROUTINE_CATCH_UP_POLICIES, + ROUTINE_CONCURRENCY_POLICIES, + ROUTINE_STATUSES, + ROUTINE_TRIGGER_KINDS, + ROUTINE_TRIGGER_SIGNING_MODES, + ISSUE_SURFACE_VISIBILITIES, } from "../constants.js"; +import { routineVariableSchema } from "./routine.js"; // --------------------------------------------------------------------------- // JSON Schema placeholder – a permissive validator for JSON Schema objects @@ -124,6 +132,142 @@ export type PluginEnvironmentDriverDeclarationInput = z.infer< export type PluginToolDeclarationInput = z.infer; +export const pluginManagedAgentDeclarationSchema = z.object({ + agentKey: z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9._:-]*$/, { + message: "agentKey must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens", + }), + displayName: z.string().min(1).max(100), + role: z.string().min(1).max(100).optional(), + title: z.string().max(200).nullable().optional(), + icon: z.string().max(100).nullable().optional(), + capabilities: z.string().max(2000).nullable().optional(), + adapterType: z.string().min(1).max(100).optional(), + adapterPreference: z.array(z.string().min(1).max(100)).max(10).optional(), + adapterConfig: z.record(z.unknown()).optional(), + runtimeConfig: z.record(z.unknown()).optional(), + permissions: z.record(z.unknown()).optional(), + status: z.enum(["idle", "paused"]).optional(), + budgetMonthlyCents: z.number().int().min(0).optional(), + instructions: z.object({ + entryFile: z.string().min(1).max(200).optional(), + content: z.string().max(200_000).optional(), + files: z.record(z.string().max(200_000)).optional(), + assetPath: z.string().min(1).max(500).optional(), + }).optional(), +}); + +export type PluginManagedAgentDeclarationInput = z.infer; + +export const pluginManagedProjectDeclarationSchema = z.object({ + projectKey: z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9._:-]*$/, { + message: "projectKey must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens", + }), + displayName: z.string().min(1).max(120), + description: z.string().max(2000).nullable().optional(), + status: z.enum(["backlog", "planned", "in_progress", "completed", "cancelled"]).optional(), + color: z.string().max(32).nullable().optional(), + settings: z.record(z.unknown()).optional(), +}); + +export type PluginManagedProjectDeclarationInput = z.infer; + +const pluginManagedResourceRefSchema = z.object({ + pluginKey: z.string().min(1).max(100).optional(), + resourceKind: z.enum(["agent", "project", "routine", "skill"]), + resourceKey: z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9._:-]*$/, { + message: "resourceKey must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens", + }), +}); + +export const pluginManagedRoutineDeclarationSchema = z.object({ + routineKey: z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9._:-]*$/, { + message: "routineKey must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens", + }), + title: z.string().trim().min(1).max(200), + description: z.string().max(10_000).nullable().optional(), + assigneeRef: pluginManagedResourceRefSchema.extend({ resourceKind: z.literal("agent") }).nullable().optional(), + projectRef: pluginManagedResourceRefSchema.extend({ resourceKind: z.literal("project") }).nullable().optional(), + goalId: z.string().uuid().nullable().optional(), + status: z.enum(ROUTINE_STATUSES).optional(), + priority: z.enum(ISSUE_PRIORITIES).optional(), + concurrencyPolicy: z.enum(ROUTINE_CONCURRENCY_POLICIES).optional(), + catchUpPolicy: z.enum(ROUTINE_CATCH_UP_POLICIES).optional(), + variables: z.array(routineVariableSchema).optional(), + triggers: z.array(z.object({ + kind: z.enum(ROUTINE_TRIGGER_KINDS), + label: z.string().trim().max(120).nullable().optional(), + enabled: z.boolean().optional(), + cronExpression: z.string().trim().min(1).optional().nullable(), + timezone: z.string().trim().min(1).optional().nullable(), + signingMode: z.enum(ROUTINE_TRIGGER_SIGNING_MODES).optional().nullable(), + replayWindowSec: z.number().int().min(30).max(86_400).optional().nullable(), + })).max(20).optional(), + issueTemplate: z.object({ + surfaceVisibility: z.enum(ISSUE_SURFACE_VISIBILITIES).optional(), + originId: z.string().trim().max(255).nullable().optional(), + billingCode: z.string().trim().max(200).nullable().optional(), + }).optional(), +}); + +export type PluginManagedRoutineDeclarationInput = z.infer; + +const pluginLocalFolderRelativePathSchema = z.string().min(1).max(500).refine( + (value) => + !value.startsWith("/") && + !value.includes("..") && + !value.includes("\\") && + !value.split("/").some((segment) => segment === "" || segment === "."), + { message: "local folder paths must be relative paths without traversal, empty segments, or backslashes" }, +); + +export const pluginLocalFolderDeclarationSchema = z.object({ + folderKey: z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9._:-]*$/, { + message: "folderKey must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens", + }), + displayName: z.string().min(1).max(100), + description: z.string().max(500).optional(), + access: z.enum(["read", "readWrite"]).optional(), + requiredDirectories: z.array(pluginLocalFolderRelativePathSchema).optional(), + requiredFiles: z.array(pluginLocalFolderRelativePathSchema).optional(), +}); + +export type PluginLocalFolderDeclarationInput = z.infer; + +export const pluginManagedSkillFileDeclarationSchema = z.object({ + path: pluginLocalFolderRelativePathSchema.refine( + (value) => value.toLowerCase() !== "skill.md", + { message: "managed skill files cannot replace SKILL.md; use markdown for the main skill file" }, + ), + content: z.string().max(200_000), +}); + +export type PluginManagedSkillFileDeclarationInput = z.infer; + +export const pluginManagedSkillDeclarationSchema = z.object({ + skillKey: z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9._:-]*$/, { + message: "skillKey must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens", + }), + displayName: z.string().min(1).max(100), + slug: z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9._:-]*$/, { + message: "slug must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens", + }).optional(), + description: z.string().max(2000).nullable().optional(), + markdown: z.string().max(200_000).optional(), + files: z.array(pluginManagedSkillFileDeclarationSchema).max(50).optional(), +}).superRefine((value, ctx) => { + const paths = (value.files ?? []).map((file) => file.path); + const duplicates = paths.filter((path, index) => paths.indexOf(path) !== index); + if (duplicates.length > 0) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: `Duplicate managed skill file paths: ${[...new Set(duplicates)].join(", ")}`, + path: ["files"], + }); + } +}); + +export type PluginManagedSkillDeclarationInput = z.infer; + /** * Validates a {@link PluginUiSlotDeclaration} — a UI extension slot the plugin * fills with a React component. Includes `superRefine` checks for slot-specific @@ -178,10 +322,17 @@ export const pluginUiSlotDeclarationSchema = z.object({ path: ["entityTypes"], }); } - if (value.routePath && value.type !== "page") { + if (value.routePath && value.type !== "page" && value.type !== "routeSidebar") { ctx.addIssue({ code: z.ZodIssueCode.custom, - message: "routePath is only supported for page slots", + message: "routePath is only supported for page and routeSidebar slots", + path: ["routePath"], + }); + } + if (value.type === "routeSidebar" && !value.routePath) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "routeSidebar slots require routePath", path: ["routePath"], }); } @@ -471,6 +622,11 @@ export const pluginManifestV1Schema = z.object({ database: pluginDatabaseDeclarationSchema.optional(), apiRoutes: z.array(pluginApiRouteDeclarationSchema).optional(), environmentDrivers: z.array(pluginEnvironmentDriverDeclarationSchema).optional(), + agents: z.array(pluginManagedAgentDeclarationSchema).optional(), + projects: z.array(pluginManagedProjectDeclarationSchema).optional(), + routines: z.array(pluginManagedRoutineDeclarationSchema).optional(), + skills: z.array(pluginManagedSkillDeclarationSchema).optional(), + localFolders: z.array(pluginLocalFolderDeclarationSchema).optional(), launchers: z.array(pluginLauncherDeclarationSchema).optional(), ui: z.object({ slots: z.array(pluginUiSlotDeclarationSchema).min(1).optional(), @@ -529,6 +685,56 @@ export const pluginManifestV1Schema = z.object({ } } + if (manifest.agents && manifest.agents.length > 0) { + if (!manifest.capabilities.includes("agents.managed")) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Capability 'agents.managed' is required when managed agents are declared", + path: ["capabilities"], + }); + } + } + + if (manifest.projects && manifest.projects.length > 0) { + if (!manifest.capabilities.includes("projects.managed")) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Capability 'projects.managed' is required when managed projects are declared", + path: ["capabilities"], + }); + } + } + + if (manifest.routines && manifest.routines.length > 0) { + if (!manifest.capabilities.includes("routines.managed")) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Capability 'routines.managed' is required when managed routines are declared", + path: ["capabilities"], + }); + } + } + + if (manifest.skills && manifest.skills.length > 0) { + if (!manifest.capabilities.includes("skills.managed")) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Capability 'skills.managed' is required when managed skills are declared", + path: ["capabilities"], + }); + } + } + + if (manifest.localFolders && manifest.localFolders.length > 0) { + if (!manifest.capabilities.includes("local.folders")) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Capability 'local.folders' is required when local folders are declared", + path: ["capabilities"], + }); + } + } + // jobs require jobs.schedule (PLUGIN_SPEC.md §17) if (manifest.jobs && manifest.jobs.length > 0) { if (!manifest.capabilities.includes("jobs.schedule")) { @@ -664,6 +870,66 @@ export const pluginManifestV1Schema = z.object({ } } + if (manifest.localFolders) { + const folderKeys = manifest.localFolders.map((folder) => folder.folderKey); + const duplicates = folderKeys.filter((key, i) => folderKeys.indexOf(key) !== i); + if (duplicates.length > 0) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: `Duplicate local folder keys: ${[...new Set(duplicates)].join(", ")}`, + path: ["localFolders"], + }); + } + } + + if (manifest.agents) { + const agentKeys = manifest.agents.map((agent) => agent.agentKey); + const duplicates = agentKeys.filter((key, i) => agentKeys.indexOf(key) !== i); + if (duplicates.length > 0) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: `Duplicate managed agent keys: ${[...new Set(duplicates)].join(", ")}`, + path: ["agents"], + }); + } + } + + if (manifest.projects) { + const projectKeys = manifest.projects.map((project) => project.projectKey); + const duplicates = projectKeys.filter((key, i) => projectKeys.indexOf(key) !== i); + if (duplicates.length > 0) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: `Duplicate managed project keys: ${[...new Set(duplicates)].join(", ")}`, + path: ["projects"], + }); + } + } + + if (manifest.routines) { + const routineKeys = manifest.routines.map((routine) => routine.routineKey); + const duplicates = routineKeys.filter((key, i) => routineKeys.indexOf(key) !== i); + if (duplicates.length > 0) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: `Duplicate managed routine keys: ${[...new Set(duplicates)].join(", ")}`, + path: ["routines"], + }); + } + } + + if (manifest.skills) { + const skillKeys = manifest.skills.map((skill) => skill.skillKey); + const duplicates = skillKeys.filter((key, i) => skillKeys.indexOf(key) !== i); + if (duplicates.length > 0) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: `Duplicate managed skill keys: ${[...new Set(duplicates)].join(", ")}`, + path: ["skills"], + }); + } + } + // UI slot ids must be unique within the plugin (namespaced at runtime) if (manifest.ui) { if (manifest.ui.slots) { diff --git a/packages/shared/src/validators/routine.test.ts b/packages/shared/src/validators/routine.test.ts new file mode 100644 index 00000000..97580179 --- /dev/null +++ b/packages/shared/src/validators/routine.test.ts @@ -0,0 +1,86 @@ +import { describe, expect, it } from "vitest"; +import { + routineRevisionSnapshotV1Schema, + updateRoutineSchema, +} from "./routine.js"; + +const routineId = "11111111-1111-4111-8111-111111111111"; +const companyId = "22222222-2222-4222-8222-222222222222"; +const triggerId = "33333333-3333-4333-8333-333333333333"; +const baseRevisionId = "44444444-4444-4444-8444-444444444444"; + +describe("routine validators", () => { + it("accepts versioned routine revision snapshots with safe trigger metadata", () => { + const parsed = routineRevisionSnapshotV1Schema.parse({ + version: 1, + routine: { + id: routineId, + companyId, + projectId: null, + goalId: null, + parentIssueId: null, + title: "Daily triage", + description: null, + assigneeAgentId: null, + priority: "medium", + status: "active", + concurrencyPolicy: "coalesce_if_active", + catchUpPolicy: "skip_missed", + variables: [], + }, + triggers: [{ + id: triggerId, + kind: "webhook", + label: "Inbound", + enabled: true, + cronExpression: null, + timezone: null, + publicId: "routine_webhook_123", + signingMode: "bearer", + replayWindowSec: 300, + }], + }); + + expect(parsed.triggers[0]?.publicId).toBe("routine_webhook_123"); + }); + + it("rejects secret-bearing trigger fields in routine revision snapshots", () => { + expect(() => routineRevisionSnapshotV1Schema.parse({ + version: 1, + routine: { + id: routineId, + companyId, + projectId: null, + goalId: null, + parentIssueId: null, + title: "Daily triage", + description: null, + assigneeAgentId: null, + priority: "medium", + status: "active", + concurrencyPolicy: "coalesce_if_active", + catchUpPolicy: "skip_missed", + variables: [], + }, + triggers: [{ + id: triggerId, + kind: "webhook", + label: "Inbound", + enabled: true, + cronExpression: null, + timezone: null, + publicId: "routine_webhook_123", + signingMode: "bearer", + replayWindowSec: 300, + secretId: "55555555-5555-4555-8555-555555555555", + }], + })).toThrow(); + }); + + it("accepts optional base revision ids on routine updates", () => { + expect(updateRoutineSchema.parse({ + title: "Daily triage", + baseRevisionId, + }).baseRevisionId).toBe(baseRevisionId); + }); +}); diff --git a/packages/shared/src/validators/routine.ts b/packages/shared/src/validators/routine.ts index 2498e47b..c3ae1b8a 100644 --- a/packages/shared/src/validators/routine.ts +++ b/packages/shared/src/validators/routine.ts @@ -4,6 +4,7 @@ import { ROUTINE_CATCH_UP_POLICIES, ROUTINE_CONCURRENCY_POLICIES, ROUTINE_STATUSES, + ROUTINE_TRIGGER_KINDS, ROUTINE_TRIGGER_SIGNING_MODES, ROUTINE_VARIABLE_TYPES, } from "../constants.js"; @@ -63,9 +64,49 @@ export const createRoutineSchema = z.object({ export type CreateRoutine = z.infer; -export const updateRoutineSchema = createRoutineSchema.partial(); +export const updateRoutineSchema = createRoutineSchema.partial().extend({ + baseRevisionId: z.string().uuid().optional().nullable(), +}); export type UpdateRoutine = z.infer; +export const routineRevisionSnapshotRoutineV1Schema = z.object({ + id: z.string().uuid(), + companyId: z.string().uuid(), + projectId: z.string().uuid().nullable(), + goalId: z.string().uuid().nullable(), + parentIssueId: z.string().uuid().nullable(), + title: z.string().trim().min(1).max(200), + description: z.string().nullable(), + assigneeAgentId: z.string().uuid().nullable(), + priority: z.enum(ISSUE_PRIORITIES), + status: z.enum(ROUTINE_STATUSES), + concurrencyPolicy: z.enum(ROUTINE_CONCURRENCY_POLICIES), + catchUpPolicy: z.enum(ROUTINE_CATCH_UP_POLICIES), + variables: z.array(routineVariableSchema), +}).strict(); + +export const routineRevisionSnapshotTriggerV1Schema = z.object({ + id: z.string().uuid(), + kind: z.enum(ROUTINE_TRIGGER_KINDS), + label: z.string().nullable(), + enabled: z.boolean(), + cronExpression: z.string().nullable(), + timezone: z.string().nullable(), + publicId: z.string().nullable(), + signingMode: z.enum(ROUTINE_TRIGGER_SIGNING_MODES).nullable(), + replayWindowSec: z.number().int().min(30).max(86_400).nullable(), +}).strict(); + +export const routineRevisionSnapshotV1Schema = z.object({ + version: z.literal(1), + routine: routineRevisionSnapshotRoutineV1Schema, + triggers: z.array(routineRevisionSnapshotTriggerV1Schema), +}).strict(); + +export const routineRevisionSnapshotSchema = routineRevisionSnapshotV1Schema; +export type RoutineRevisionSnapshotV1 = z.infer; +export type RoutineRevisionSnapshot = z.infer; + const baseTriggerSchema = z.object({ label: z.string().trim().max(120).optional().nullable(), enabled: z.boolean().optional().default(true), diff --git a/packages/shared/src/validators/search.ts b/packages/shared/src/validators/search.ts new file mode 100644 index 00000000..4f5419c8 --- /dev/null +++ b/packages/shared/src/validators/search.ts @@ -0,0 +1,37 @@ +import { z } from "zod"; +import { COMPANY_SEARCH_SCOPES } from "../types/search.js"; + +export const COMPANY_SEARCH_MAX_QUERY_LENGTH = 200; +export const COMPANY_SEARCH_MAX_TOKENS = 8; +export const COMPANY_SEARCH_DEFAULT_LIMIT = 20; +export const COMPANY_SEARCH_MAX_LIMIT = 50; +export const COMPANY_SEARCH_MAX_OFFSET = 200; + +function firstQueryValue(value: unknown): unknown { + return Array.isArray(value) ? value[0] : value; +} + +function clampInteger(value: unknown, fallback: number, min: number, max: number) { + const raw = firstQueryValue(value); + const numeric = typeof raw === "number" + ? raw + : typeof raw === "string" && raw.trim().length > 0 + ? Number.parseInt(raw, 10) + : Number.NaN; + if (!Number.isFinite(numeric)) return fallback; + return Math.min(max, Math.max(min, Math.floor(numeric))); +} + +export const companySearchQuerySchema = z.object({ + q: z.preprocess(firstQueryValue, z.string().optional().default("")) + .transform((value) => value.slice(0, COMPANY_SEARCH_MAX_QUERY_LENGTH)), + scope: z.preprocess(firstQueryValue, z.enum(COMPANY_SEARCH_SCOPES).catch("all")).optional().default("all"), + limit: z.unknown() + .optional() + .transform((value) => clampInteger(value, COMPANY_SEARCH_DEFAULT_LIMIT, 1, COMPANY_SEARCH_MAX_LIMIT)), + offset: z.unknown() + .optional() + .transform((value) => clampInteger(value, 0, 0, COMPANY_SEARCH_MAX_OFFSET)), +}); + +export type CompanySearchQuery = z.infer; diff --git a/packages/shared/src/validators/secret.test.ts b/packages/shared/src/validators/secret.test.ts new file mode 100644 index 00000000..c8a8163d --- /dev/null +++ b/packages/shared/src/validators/secret.test.ts @@ -0,0 +1,157 @@ +import { describe, expect, it } from "vitest"; +import { + createSecretProviderConfigSchema, + createSecretSchema, + remoteSecretImportPreviewSchema, + remoteSecretImportSchema, + secretProviderConfigPayloadSchema, + updateSecretProviderConfigSchema, +} from "./secret.js"; + +describe("secret validators", () => { + it("rejects externalRef on managed secrets", () => { + expect(() => + createSecretSchema.parse({ + name: "OpenAI API Key", + managedMode: "paperclip_managed", + value: "secret-value", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/other", + }), + ).toThrow(/Managed secrets cannot set externalRef/); + }); + + it("allows externalRef on external reference secrets", () => { + const parsed = createSecretSchema.parse({ + name: "Shared Secret", + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/other", + }); + + expect(parsed.externalRef).toContain(":secret:shared/other"); + }); + + it("accepts non-sensitive local and AWS provider vault metadata", () => { + expect(() => + createSecretProviderConfigSchema.parse({ + provider: "local_encrypted", + displayName: "Local", + config: { backupReminderAcknowledged: true }, + }), + ).not.toThrow(); + + expect(() => + createSecretProviderConfigSchema.parse({ + provider: "aws_secrets_manager", + displayName: "AWS", + config: { + region: "us-east-1", + namespace: "production", + secretNamePrefix: "paperclip", + }, + }), + ).not.toThrow(); + }); + + it("accepts origin-only Vault provider vault addresses", () => { + expect(() => + createSecretProviderConfigSchema.parse({ + provider: "vault", + displayName: "Vault draft", + config: { address: " https://vault.example.com/ " }, + }), + ).not.toThrow(); + + const parsed = secretProviderConfigPayloadSchema.parse({ + provider: "vault", + config: { address: " https://vault.example.com/ " }, + }); + + expect(parsed.provider).toBe("vault"); + if (parsed.provider !== "vault") throw new Error("Expected vault provider payload"); + expect(parsed.config.address).toBe("https://vault.example.com"); + }); + + it.each([ + "https://user:pass@vault.example.com", + "https://vault.example.com?token=hvs.x", + "https://vault.example.com#token=hvs.x", + "https://vault.example.com/v1/secret", + ])("rejects credential-bearing or non-origin Vault addresses: %s", (address) => { + expect(() => + createSecretProviderConfigSchema.parse({ + provider: "vault", + displayName: "Vault draft", + config: { address }, + }), + ).toThrow(/origin-only HTTP\(S\) URL/i); + }); + + it("rejects unsafe Vault addresses in provider payload validation used by updates", () => { + expect(() => + secretProviderConfigPayloadSchema.parse({ + provider: "vault", + config: { address: "https://vault.example.com?client_token=hvs.x" }, + }), + ).toThrow(/origin-only HTTP\(S\) URL/i); + }); + + it("rejects unsafe Vault addresses in provider vault update payloads", () => { + expect(() => + updateSecretProviderConfigSchema.parse({ + config: { address: "https://vault.example.com#token=hvs.x" }, + }), + ).toThrow(/origin-only HTTP\(S\) URL/i); + }); + + it("validates AWS remote import preview and import payloads", () => { + expect( + remoteSecretImportPreviewSchema.parse({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + query: "openai", + pageSize: 50, + }), + ).toEqual({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + query: "openai", + pageSize: 50, + }); + + expect( + remoteSecretImportSchema.parse({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key", + key: "OPENAI_API_KEY", + description: " Operator-entered Paperclip description ", + providerMetadata: { name: "prod/openai" }, + }, + ], + }), + ).toMatchObject({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + secrets: [ + expect.objectContaining({ + key: "OPENAI_API_KEY", + description: "Operator-entered Paperclip description", + }), + ], + }); + }); + + it("caps AWS remote import paging and row counts", () => { + expect(() => + remoteSecretImportPreviewSchema.parse({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + pageSize: 101, + }), + ).toThrow(); + expect(() => + remoteSecretImportSchema.parse({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + secrets: [], + }), + ).toThrow(); + }); +}); diff --git a/packages/shared/src/validators/secret.ts b/packages/shared/src/validators/secret.ts index fc2dba3c..ae364617 100644 --- a/packages/shared/src/validators/secret.ts +++ b/packages/shared/src/validators/secret.ts @@ -1,5 +1,11 @@ import { z } from "zod"; -import { SECRET_PROVIDERS } from "../constants.js"; +import { + SECRET_BINDING_TARGET_TYPES, + SECRET_MANAGED_MODES, + SECRET_PROVIDER_CONFIG_STATUSES, + SECRET_PROVIDERS, + SECRET_STATUSES, +} from "../constants.js"; export const envBindingPlainSchema = z.object({ type: z.literal("plain"), @@ -23,25 +29,252 @@ export const envConfigSchema = z.record(envBindingSchema); export const createSecretSchema = z.object({ name: z.string().min(1), + key: z.string().min(1).regex(/^[a-zA-Z0-9_.-]+$/).optional(), provider: z.enum(SECRET_PROVIDERS).optional(), - value: z.string().min(1), + providerConfigId: z.string().uuid().optional().nullable(), + managedMode: z.enum(SECRET_MANAGED_MODES).optional(), + value: z.string().min(1).optional().nullable(), description: z.string().optional().nullable(), externalRef: z.string().optional().nullable(), + providerMetadata: z.record(z.unknown()).optional().nullable(), + providerVersionRef: z.string().optional().nullable(), +}).superRefine((value, ctx) => { + if ((value.managedMode ?? "paperclip_managed") === "external_reference") { + if (!value.externalRef?.trim()) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["externalRef"], + message: "External reference secrets require externalRef", + }); + } + return; + } + if (value.externalRef?.trim()) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["externalRef"], + message: "Managed secrets cannot set externalRef", + }); + } + if (!value.value?.trim()) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["value"], + message: "Managed secrets require value", + }); + } }); export type CreateSecret = z.infer; export const rotateSecretSchema = z.object({ - value: z.string().min(1), + value: z.string().min(1).optional().nullable(), externalRef: z.string().optional().nullable(), + providerVersionRef: z.string().optional().nullable(), + providerConfigId: z.string().uuid().optional().nullable(), }); export type RotateSecret = z.infer; export const updateSecretSchema = z.object({ name: z.string().min(1).optional(), + key: z.string().min(1).regex(/^[a-zA-Z0-9_.-]+$/).optional(), + status: z.enum(SECRET_STATUSES).optional(), + providerConfigId: z.string().uuid().optional().nullable(), description: z.string().optional().nullable(), externalRef: z.string().optional().nullable(), + providerMetadata: z.record(z.unknown()).optional().nullable(), }); export type UpdateSecret = z.infer; + +export const secretBindingTargetSchema = z.object({ + targetType: z.enum(SECRET_BINDING_TARGET_TYPES), + targetId: z.string().min(1), + configPath: z.string().min(1), +}); + +export const createSecretBindingSchema = secretBindingTargetSchema.extend({ + secretId: z.string().uuid(), + versionSelector: z.union([z.literal("latest"), z.number().int().positive()]).default("latest"), + required: z.boolean().default(true), + label: z.string().optional().nullable(), +}); + +export type CreateSecretBinding = z.infer; + +const safeShortText = z.string().trim().min(1).max(160); +const optionalSafeShortText = safeShortText.optional().nullable(); + +const deniedProviderConfigKeyPattern = + /^(access[-_]?key([-_]?id)?|secret[-_]?access[-_]?key|secret[-_]?key|token|password|passwd|credential|credentials|private[-_]?key|pem|jwt|session[-_]?token|service[-_]?account([-_]?json)?|client[-_]?secret|secret[-_]?id|unseal[-_]?key|recovery[-_]?key|key[-_]?file([-_]?path)?|token[-_]?file([-_]?path)?)$/i; + +function rejectSensitiveProviderConfigKeys(value: unknown, ctx: z.RefinementCtx) { + if (!value || typeof value !== "object" || Array.isArray(value)) return; + for (const key of Object.keys(value)) { + if (!deniedProviderConfigKeyPattern.test(key)) continue; + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["config", key], + message: `Provider vault config cannot persist sensitive field: ${key}`, + }); + } +} + +export const localEncryptedProviderConfigSchema = z.object({ + backupReminderAcknowledged: z.boolean().optional(), +}).strict(); + +export const awsSecretsManagerProviderConfigSchema = z.object({ + region: z.string().trim().regex(/^[a-z]{2}(?:-gov)?-[a-z]+-\d+$/, "Invalid AWS region"), + namespace: optionalSafeShortText, + secretNamePrefix: optionalSafeShortText, + kmsKeyId: z.string().trim().min(1).max(512).optional().nullable(), + ownerTag: optionalSafeShortText, + environmentTag: optionalSafeShortText, +}).strict(); + +export const gcpSecretManagerProviderConfigSchema = z.object({ + projectId: z.string().trim().min(1).max(128).regex(/^[a-z][a-z0-9-]{4,127}$/).optional().nullable(), + location: optionalSafeShortText, + namespace: optionalSafeShortText, + secretNamePrefix: optionalSafeShortText, +}).strict(); + +const vaultAddressSchema = z.preprocess( + (value) => typeof value === "string" ? value.trim() : value, + z.string().url().superRefine((value, ctx) => { + let url: URL; + try { + url = new URL(value); + } catch { + return; + } + const hasPath = url.pathname !== "" && url.pathname !== "/"; + if ( + (url.protocol !== "http:" && url.protocol !== "https:") || + url.username || + url.password || + url.search || + url.hash || + hasPath + ) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + message: "Vault address must be an origin-only HTTP(S) URL without credentials, path, query, or fragment", + }); + } + }).transform((value) => new URL(value).origin), +); + +function rejectUnsafeVaultAddress(value: unknown, ctx: z.RefinementCtx) { + if (value === undefined || value === null) return; + const parsed = vaultAddressSchema.safeParse(value); + if (parsed.success) return; + for (const issue of parsed.error.issues) { + ctx.addIssue({ + ...issue, + path: ["config", "address", ...issue.path], + }); + } +} + +export const vaultProviderConfigSchema = z.object({ + address: vaultAddressSchema.optional().nullable(), + namespace: optionalSafeShortText, + mountPath: optionalSafeShortText, + secretPathPrefix: optionalSafeShortText, +}).strict(); + +export const secretProviderConfigPayloadSchema = z.discriminatedUnion("provider", [ + z.object({ provider: z.literal("local_encrypted"), config: localEncryptedProviderConfigSchema }), + z.object({ provider: z.literal("aws_secrets_manager"), config: awsSecretsManagerProviderConfigSchema }), + z.object({ provider: z.literal("gcp_secret_manager"), config: gcpSecretManagerProviderConfigSchema }), + z.object({ provider: z.literal("vault"), config: vaultProviderConfigSchema }), +]); + +export const createSecretProviderConfigSchema = z.object({ + provider: z.enum(SECRET_PROVIDERS), + displayName: z.string().trim().min(1).max(120), + status: z.enum(SECRET_PROVIDER_CONFIG_STATUSES).optional(), + isDefault: z.boolean().optional(), + config: z.record(z.unknown()).default({}), +}).superRefine((value, ctx) => { + rejectSensitiveProviderConfigKeys(value.config, ctx); + const parsed = secretProviderConfigPayloadSchema.safeParse({ + provider: value.provider, + config: value.config, + }); + if (!parsed.success) { + for (const issue of parsed.error.issues) { + ctx.addIssue({ + ...issue, + path: issue.path[0] === "config" ? issue.path : ["config", ...issue.path], + }); + } + } + const status = value.status ?? (["gcp_secret_manager", "vault"].includes(value.provider) ? "coming_soon" : "ready"); + if ((value.provider === "gcp_secret_manager" || value.provider === "vault") && status !== "coming_soon" && status !== "disabled") { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["status"], + message: `${value.provider} provider vaults are locked while coming soon`, + }); + } + if ((status === "coming_soon" || status === "disabled") && value.isDefault) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["isDefault"], + message: "Only ready or warning provider vaults can be default", + }); + } +}); + +export type CreateSecretProviderConfig = z.infer; + +export const updateSecretProviderConfigSchema = z.object({ + displayName: z.string().trim().min(1).max(120).optional(), + status: z.enum(SECRET_PROVIDER_CONFIG_STATUSES).optional(), + isDefault: z.boolean().optional(), + config: z.record(z.unknown()).optional(), +}).superRefine((value, ctx) => { + if (value.config !== undefined) { + rejectSensitiveProviderConfigKeys(value.config, ctx); + rejectUnsafeVaultAddress(value.config.address, ctx); + } + if ((value.status === "coming_soon" || value.status === "disabled") && value.isDefault) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["isDefault"], + message: "Only ready or warning provider vaults can be default", + }); + } +}); + +export type UpdateSecretProviderConfig = z.infer; + +export const remoteSecretImportPreviewSchema = z.object({ + providerConfigId: z.string().uuid(), + query: z.string().trim().max(200).optional().nullable(), + nextToken: z.string().trim().min(1).max(4096).optional().nullable(), + pageSize: z.number().int().min(1).max(100).optional(), +}); + +export type RemoteSecretImportPreview = z.infer; + +export const remoteSecretImportSelectionSchema = z.object({ + externalRef: z.string().trim().min(1).max(2048), + name: z.string().trim().min(1).max(160).optional().nullable(), + key: z.string().trim().min(1).max(120).regex(/^[a-zA-Z0-9_.-]+$/).optional().nullable(), + description: z.string().trim().max(500).optional().nullable(), + providerVersionRef: z.string().trim().min(1).max(512).optional().nullable(), + providerMetadata: z.record(z.unknown()).optional().nullable(), +}); + +export const remoteSecretImportSchema = z.object({ + providerConfigId: z.string().uuid(), + secrets: z.array(remoteSecretImportSelectionSchema).min(1).max(100), +}); + +export type RemoteSecretImportSelection = z.infer; +export type RemoteSecretImport = z.infer; diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1d0517dd..eb6b8fbf 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -46,6 +46,9 @@ importers: '@paperclipai/adapter-codex-local': specifier: workspace:* version: link:../packages/adapters/codex-local + '@paperclipai/adapter-cursor-cloud': + specifier: workspace:* + version: link:../packages/adapters/cursor-cloud '@paperclipai/adapter-cursor-local': specifier: workspace:* version: link:../packages/adapters/cursor-local @@ -80,8 +83,8 @@ importers: specifier: ^17.0.1 version: 17.3.1 drizzle-orm: - specifier: 0.38.4 - version: 0.38.4(@electric-sql/pglite@0.3.15)(@types/react@19.2.14)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(react@19.2.4) + specifier: 0.45.2 + version: 0.45.2(@electric-sql/pglite@0.3.15)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(sqlite3@5.1.7) embedded-postgres: specifier: ^18.1.0-beta.16 version: 18.1.0-beta.16(patch_hash=55uhvnotpqyiy37rn3pqpukhei) @@ -165,6 +168,25 @@ importers: specifier: ^5.7.3 version: 5.9.3 + packages/adapters/cursor-cloud: + dependencies: + '@cursor/sdk': + specifier: ^1.0.12 + version: 1.0.12 + '@paperclipai/adapter-utils': + specifier: workspace:* + version: link:../../adapter-utils + picocolors: + specifier: ^1.1.1 + version: 1.1.1 + devDependencies: + '@types/node': + specifier: ^24.6.0 + version: 24.12.0 + typescript: + specifier: ^5.7.3 + version: 5.9.3 + packages/adapters/cursor-local: dependencies: '@paperclipai/adapter-utils': @@ -257,8 +279,8 @@ importers: specifier: workspace:* version: link:../shared drizzle-orm: - specifier: ^0.38.4 - version: 0.38.4(@electric-sql/pglite@0.3.15)(@types/react@19.2.14)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(react@19.2.4) + specifier: ^0.45.2 + version: 0.45.2(@electric-sql/pglite@0.3.15)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(sqlite3@5.1.7) embedded-postgres: specifier: ^18.1.0-beta.16 version: 18.1.0-beta.16(patch_hash=55uhvnotpqyiy37rn3pqpukhei) @@ -518,6 +540,9 @@ importers: '@paperclipai/adapter-codex-local': specifier: workspace:* version: link:../packages/adapters/codex-local + '@paperclipai/adapter-cursor-cloud': + specifier: workspace:* + version: link:../packages/adapters/cursor-cloud '@paperclipai/adapter-cursor-local': specifier: workspace:* version: link:../packages/adapters/cursor-local @@ -553,7 +578,7 @@ importers: version: 3.0.1(ajv@8.18.0) better-auth: specifier: 1.4.18 - version: 1.4.18(drizzle-kit@0.31.9)(drizzle-orm@0.38.4(@electric-sql/pglite@0.3.15)(@types/react@19.2.14)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(react@19.2.4))(pg@8.18.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(vitest@3.2.4(@types/debug@4.1.12)(@types/node@24.12.0)(jiti@2.6.1)(jsdom@28.1.0(@noble/hashes@2.0.1))(lightningcss@1.30.2)(tsx@4.21.0)) + version: 1.4.18(drizzle-kit@0.31.9)(drizzle-orm@0.45.2(@electric-sql/pglite@0.3.15)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(sqlite3@5.1.7))(pg@8.18.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(vitest@3.2.4(@types/debug@4.1.12)(@types/node@24.12.0)(jiti@2.6.1)(jsdom@28.1.0(@noble/hashes@2.0.1))(lightningcss@1.30.2)(tsx@4.21.0)) chokidar: specifier: ^4.0.3 version: 4.0.3 @@ -567,8 +592,8 @@ importers: specifier: ^17.0.1 version: 17.3.1 drizzle-orm: - specifier: ^0.38.4 - version: 0.38.4(@electric-sql/pglite@0.3.15)(@types/react@19.2.14)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(react@19.2.4) + specifier: ^0.45.2 + version: 0.45.2(@electric-sql/pglite@0.3.15)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(sqlite3@5.1.7) embedded-postgres: specifier: ^18.1.0-beta.16 version: 18.1.0-beta.16(patch_hash=55uhvnotpqyiy37rn3pqpukhei) @@ -678,6 +703,9 @@ importers: '@paperclipai/adapter-codex-local': specifier: workspace:* version: link:../packages/adapters/codex-local + '@paperclipai/adapter-cursor-cloud': + specifier: workspace:* + version: link:../packages/adapters/cursor-cloud '@paperclipai/adapter-cursor-local': specifier: workspace:* version: link:../packages/adapters/cursor-local @@ -1216,6 +1244,9 @@ packages: resolution: {integrity: sha512-ctxtJ/eA+t+6q2++vj5j7FYX3nRu311q1wfYH3xjlLOsczhlhxAg2FWNUXhpGvAw3BWo1xBcvOV6/YLc2r5FJw==} hasBin: true + '@bufbuild/protobuf@1.10.0': + resolution: {integrity: sha512-QDdVFLoN93Zjg36NoQPZfsVH9tZew7wKDKyV5qRdj8ntT4wQCOradQjRaTdwMhWUYsgKsvCINKKm87FdEk96Ag==} + '@chevrotain/cst-dts-gen@11.1.2': resolution: {integrity: sha512-XTsjvDVB5nDZBQB8o0o/0ozNelQtn2KrUVteIHSlPd2VAV2utEb6JzyCJaJ8tGxACR4RiBNWy5uYUHX2eji88Q==} @@ -1350,6 +1381,18 @@ packages: react: ^16.8.0 || ^17 || ^18 || ^19 react-dom: ^16.8.0 || ^17 || ^18 || ^19 + '@connectrpc/connect-node@1.7.0': + resolution: {integrity: sha512-6vaPIkG/NyhxlYgytLoR9KYbPhczEboFB2OYWkA9qvUz1K7efXfeGrlRxoLtpa+r8VxyIOw73w5ktNe743nD+A==} + engines: {node: '>=16.0.0'} + peerDependencies: + '@bufbuild/protobuf': ^1.10.0 + '@connectrpc/connect': 1.7.0 + + '@connectrpc/connect@1.7.0': + resolution: {integrity: sha512-iNKdJRi69YP3mq6AePRT8F/HrxWCewrhxnLMNm0vpqXAR8biwzRtO6Hjx80C6UvtKJ5sFmffQT7I4Baecz389w==} + peerDependencies: + '@bufbuild/protobuf': ^1.10.0 + '@csstools/color-helpers@6.0.2': resolution: {integrity: sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==} engines: {node: '>=20.19.0'} @@ -1386,6 +1429,35 @@ packages: resolution: {integrity: sha512-QxULHAm7cNu72w97JUNCBFODFaXpbDg+dP8b/oWFAZ2MTRppA3U00Y2L1HqaS4J6yBqxwa/Y3nMBaxVKbB/NsA==} engines: {node: '>=20.19.0'} + '@cursor/sdk-darwin-arm64@1.0.12': + resolution: {integrity: sha512-AOFx+aX+4SntAeC66YncHACXk5duxp+HzDrxxF4Tl93N6nLjHaHEKSAXbt87ivL34MCHop4v/3c70QzBhamB2g==} + cpu: [arm64] + os: [darwin] + + '@cursor/sdk-darwin-x64@1.0.12': + resolution: {integrity: sha512-/ZDAYFUrnPd8hAGRky9ZGcROqZSZ2b5W+aEjTdINzLhJ8x5ZNXtjaz0ZYSHabOn2BeErjXgTcq+4bX2/To4C1A==} + cpu: [x64] + os: [darwin] + + '@cursor/sdk-linux-arm64@1.0.12': + resolution: {integrity: sha512-kAxNqiB3dPtlW9fVjjIZEdbIGEGLA9moOM3zYwsXh8J1Qw942nJYMGDGR4o8x0zglwZ24a1JpovvZamrCaC3Yw==} + cpu: [arm64] + os: [linux] + + '@cursor/sdk-linux-x64@1.0.12': + resolution: {integrity: sha512-RmBiBCPKMZC5McDerGk2Rk4P47xz2A+uzRoRgH6sMoOjklc33ry11iAZC0D5F5xH85chgY878086A/Q8+XrAuA==} + cpu: [x64] + os: [linux] + + '@cursor/sdk-win32-x64@1.0.12': + resolution: {integrity: sha512-uH4shdHrKOdtNLapy1uuScJ9lL2Pc8zc9I9ZKC6b6bx+0UX6xLAqjPP7dqVPfO6D9u61yLq1Hs86XOLs5ZVkPA==} + cpu: [x64] + os: [win32] + + '@cursor/sdk@1.0.12': + resolution: {integrity: sha512-jGx0wFY1N9uIdIKr303CfM6m/dLXmRCUnU/0yNP/oiOpkBXqgqaThGbgYbcOeVrYonMZc/DZJ9EydXOEPJLcbg==} + engines: {node: '>=18'} + '@dnd-kit/accessibility@3.1.1': resolution: {integrity: sha512-2P+YgaXF+gRsIihwwY1gCsQSYnu9Zyj2py8kY5fFvUM1qm2WA2u639R6YNVfU4GWr+ZM5mqEsfHZZLoRONbemw==} peerDependencies: @@ -1929,6 +2001,10 @@ packages: '@noble/hashes': optional: true + '@fastify/busboy@2.1.1': + resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==} + engines: {node: '>=14'} + '@floating-ui/core@1.7.4': resolution: {integrity: sha512-C3HlIdsBxszvm5McXlB8PeOEWfBhcGBTZGkGlWc2U0KFY5IwG5OQEuQ8rq52DZmcHDlPLd+YFBK+cZcytwIFWg==} @@ -1950,6 +2026,9 @@ packages: '@floating-ui/utils@0.2.10': resolution: {integrity: sha512-aGTxbpbg8/b5JfU1HXSrbH3wXZuLPJcNEcZQFMxLs3oSzgtVu6nFPkbbGGUvBcUjKV2YyB9Wxxabo+HEH9tcRQ==} + '@gar/promisify@1.1.3': + resolution: {integrity: sha512-k2Ty1JcVojjJFwrg/ThKi2ujJ7XNLYaFGNB/bWT9wGR+oSMJHMa5w+CUq6p/pVrKeNNgA7pCqEcjSnHVoqJQFw==} + '@hono/node-server@1.19.13': resolution: {integrity: sha512-TsQLe4i2gvoTtrHje625ngThGBySOgSK3Xo2XRYOdqGN1teR8+I7vchQC46uLJi8OF62YTYA3AhSpumtkhsaKQ==} engines: {node: '>=18.14.1'} @@ -2294,6 +2373,14 @@ packages: resolution: {integrity: sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw==} engines: {node: '>= 20.19.0'} + '@npmcli/fs@1.1.1': + resolution: {integrity: sha512-8KG5RD0GVP4ydEzRn/I4BNDuxDtqVbOdm8675T49OIG/NGhaK0pjPX7ZcDlvKYbA+ulvVK3ztfcF4uBdOxuJbQ==} + + '@npmcli/move-file@1.1.2': + resolution: {integrity: sha512-1SUf/Cg2GzGDyaf15aR9St9TWlb+XvbZXWpDx8YKs7MLzMH/BCeopv+y9vzrzgkfykCGuWOlSu3mZhj2+FQcrg==} + engines: {node: '>=10'} + deprecated: This functionality has been moved to @npmcli/fs + '@open-draft/deferred-promise@2.2.0': resolution: {integrity: sha512-CecwLWx3rhxVQF6V4bAgPS5t+So2sTbPgAzafKkVizyi7tlwpcFpdFqq+wqF2OwNBmqFuu6tOyouTuxgpMfzmA==} @@ -3428,6 +3515,12 @@ packages: '@standard-schema/spec@1.1.0': resolution: {integrity: sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==} + '@statsig/client-core@3.31.0': + resolution: {integrity: sha512-SuxQD6TmVszPG7FoMKwTk/uyBuVFk7XnxI3T/E0uyb7PL7GNjONtfsoh+NqBBVUJVse0CUeSFfgJPoZy1ZOslQ==} + + '@statsig/js-client@3.31.0': + resolution: {integrity: sha512-LFa5E0LjT6sTfZv3sNGoyRLSZ1078+agdgOA+Vm1ecjG+KbSOfBLTW7hMwimrJ29slRwbYDzbtKaPJo/R37N2g==} + '@stitches/core@1.2.8': resolution: {integrity: sha512-Gfkvwk9o9kE9r9XNBmJRfV8zONvXThnm1tcuojL04Uy5uRyqg93DC83lDebl0rocZCfKSjUv+fWYtMQmEDJldg==} @@ -3617,6 +3710,10 @@ packages: peerDependencies: '@testing-library/dom': '>=7.21.4' + '@tootallnate/once@1.1.2': + resolution: {integrity: sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==} + engines: {node: '>= 6'} + '@types/aria-query@5.0.4': resolution: {integrity: sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==} @@ -3844,6 +3941,7 @@ packages: '@ungap/structured-clone@1.3.0': resolution: {integrity: sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g==} + deprecated: Potential CWE-502 - Update to 1.3.1 or higher '@vitejs/plugin-react@4.7.0': resolution: {integrity: sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==} @@ -3923,6 +4021,9 @@ packages: resolution: {integrity: sha512-0d7gRzOiYTgDmIyh783mCcq50h3mdOg/TtKdLfBIghOLushpQRwhuLjKK8Q9hxZfNlPL0Ua56DoPjnsW8amf8g==} hasBin: true + abbrev@1.1.1: + resolution: {integrity: sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==} + accepts@2.0.0: resolution: {integrity: sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==} engines: {node: '>= 0.6'} @@ -3946,10 +4047,22 @@ packages: resolution: {integrity: sha512-XNAb/a6TCqou+TufU8/u11HCu9x1gYvOoxLwtlXgIqmkrYQADVv6ljyW2zwiPhHz9R1gItAWpuDrdJMmrOBFEA==} engines: {node: '>= 16.0.0'} + agent-base@6.0.2: + resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==} + engines: {node: '>= 6.0.0'} + agent-base@7.1.4: resolution: {integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==} engines: {node: '>= 14'} + agentkeepalive@4.6.0: + resolution: {integrity: sha512-kja8j7PjmncONqaTsB8fQ+wE2mSU2DJ9D4XKoJ5PFWIdRMa6SLSN1ff4mOr4jCbfRSsxR4keIiySJU0N9T5hIQ==} + engines: {node: '>= 8.0.0'} + + aggregate-error@3.1.0: + resolution: {integrity: sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==} + engines: {node: '>=8'} + ajv-formats@3.0.1: resolution: {integrity: sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==} peerDependencies: @@ -3975,6 +4088,14 @@ packages: append-field@1.0.0: resolution: {integrity: sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==} + aproba@2.1.0: + resolution: {integrity: sha512-tLIEcj5GuR2RSTnxNKdkK0dJ/GrC7P38sUkiDmDuHfsHmbagTFAxDVIBltoklXEVIQ/f14IL8IMJ5pn9Hez1Ew==} + + are-we-there-yet@3.0.1: + resolution: {integrity: sha512-QZW4EDmGwlYur0Yyf/b2uGucHQMa8aFUP7eu9ddR73vvhFyt4V0Vl3QHPcTNJ8l6qYOBdxgXdnBXQrHilfRQBg==} + engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + deprecated: This package is no longer supported. + argparse@2.0.1: resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} @@ -4032,6 +4153,9 @@ packages: bail@2.0.2: resolution: {integrity: sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==} + balanced-match@1.0.2: + resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} + balanced-match@4.0.4: resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==} engines: {node: 18 || 20 || >=22} @@ -4157,6 +4281,12 @@ packages: bidi-js@1.0.3: resolution: {integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==} + bindings@1.5.0: + resolution: {integrity: sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==} + + bl@4.1.0: + resolution: {integrity: sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==} + body-parser@2.2.2: resolution: {integrity: sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==} engines: {node: '>=18'} @@ -4164,6 +4294,9 @@ packages: bowser@2.14.1: resolution: {integrity: sha512-tzPjzCxygAKWFOJP011oxFHs57HzIhOEracIgAePE4pqB3LikALKnSzUyU4MGs9/iCEUuHlAJTjTc5M+u7YEGg==} + brace-expansion@1.1.14: + resolution: {integrity: sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==} + brace-expansion@5.0.5: resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==} engines: {node: 18 || 20 || >=22} @@ -4176,6 +4309,9 @@ packages: buffer-from@1.1.2: resolution: {integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==} + buffer@5.7.1: + resolution: {integrity: sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==} + buffer@6.0.3: resolution: {integrity: sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==} @@ -4195,6 +4331,10 @@ packages: resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==} engines: {node: '>=8'} + cacache@15.3.0: + resolution: {integrity: sha512-VVdYzXEn+cnbXpFgWs5hTT7OScegHVmLhJIR8Ufqk3iFD6A6j5iSX1KuBTfNEv4tdJWE2PzA6IVFtcLC7fN9wQ==} + engines: {node: '>= 10'} + call-bind-apply-helpers@1.0.2: resolution: {integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==} engines: {node: '>= 0.4'} @@ -4241,6 +4381,13 @@ packages: resolution: {integrity: sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==} engines: {node: '>= 14.16.0'} + chownr@1.1.4: + resolution: {integrity: sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==} + + chownr@2.0.0: + resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} + engines: {node: '>=10'} + class-variance-authority@0.7.1: resolution: {integrity: sha512-Ka+9Trutv7G8M6WT6SeiRWz792K5qEqIGEGzXKhAE6xOWAY6pPH8U+9IY3oCMv6kqTmLsv7Xh/2w2RigkePMsg==} @@ -4250,6 +4397,10 @@ packages: clean-set@1.1.2: resolution: {integrity: sha512-cA8uCj0qSoG9e0kevyOWXwPaELRPVg5Pxp6WskLMwerx257Zfnh8Nl0JBH59d7wQzij2CK7qEfJQK3RjuKKIug==} + clean-stack@2.2.0: + resolution: {integrity: sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==} + engines: {node: '>=6'} + clsx@2.1.1: resolution: {integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==} engines: {node: '>=6'} @@ -4271,6 +4422,10 @@ packages: codemirror@6.0.2: resolution: {integrity: sha512-VhydHotNW5w1UGK0Qj96BwSk/Zqbp9WbnyK2W/eVMv4QyF41INRGpjUhFJY7/uDNuudSc33a/PKr4iDqRduvHw==} + color-support@1.1.3: + resolution: {integrity: sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==} + hasBin: true + colorette@2.0.20: resolution: {integrity: sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==} @@ -4303,6 +4458,9 @@ packages: compute-scroll-into-view@2.0.4: resolution: {integrity: sha512-y/ZA3BGnxoM/QHHQ2Uy49CLtnWPbt4tTPpEEZiEmmiWBFKjej7nEyH8Ryz54jH0MLXflUYA3Er2zUxPSJu5R+g==} + concat-map@0.0.1: + resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} + concat-stream@2.0.0: resolution: {integrity: sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==} engines: {'0': node >= 6.0} @@ -4310,6 +4468,9 @@ packages: confbox@0.1.8: resolution: {integrity: sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==} + console-control-strings@1.1.0: + resolution: {integrity: sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ==} + content-disposition@1.0.1: resolution: {integrity: sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q==} engines: {node: '>=18'} @@ -4562,10 +4723,18 @@ packages: decode-named-character-reference@1.3.0: resolution: {integrity: sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==} + decompress-response@6.0.0: + resolution: {integrity: sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==} + engines: {node: '>=10'} + deep-eql@5.0.2: resolution: {integrity: sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==} engines: {node: '>=6'} + deep-extend@0.6.0: + resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==} + engines: {node: '>=4.0.0'} + deepmerge@4.3.1: resolution: {integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==} engines: {node: '>=0.10.0'} @@ -4592,6 +4761,9 @@ packages: resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==} engines: {node: '>=0.4.0'} + delegates@1.0.0: + resolution: {integrity: sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==} + depd@2.0.0: resolution: {integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==} engines: {node: '>= 0.8'} @@ -4653,8 +4825,8 @@ packages: resolution: {integrity: sha512-GViD3IgsXn7trFyBUUHyTFBpH/FsHTxYJ66qdbVggxef4UBPHRYxQaRzYLTuekYnk9i5FIEL9pbBIwMqX/Uwrg==} hasBin: true - drizzle-orm@0.38.4: - resolution: {integrity: sha512-s7/5BpLKO+WJRHspvpqTydxFob8i1vo2rEx4pY6TGY7QSMuUfWUuzaY0DIpXCkgHOo37BaFC+SJQb99dDUXT3Q==} + drizzle-orm@0.45.2: + resolution: {integrity: sha512-kY0BSaTNYWnoDMVoyY8uxmyHjpJW1geOmBMdSSicKo9CIIWkSxMIj2rkeSR51b8KAPB7m+qysjuHme5nKP+E5Q==} peerDependencies: '@aws-sdk/client-rds-data': '>=3' '@cloudflare/workers-types': '>=4' @@ -4664,25 +4836,25 @@ packages: '@neondatabase/serverless': '>=0.10.0' '@op-engineering/op-sqlite': '>=2' '@opentelemetry/api': ^1.4.1 - '@planetscale/database': '>=1' + '@planetscale/database': '>=1.13' '@prisma/client': '*' '@tidbcloud/serverless': '*' '@types/better-sqlite3': '*' '@types/pg': '*' - '@types/react': '>=18' '@types/sql.js': '*' + '@upstash/redis': '>=1.34.7' '@vercel/postgres': '>=0.8.0' '@xata.io/client': '*' better-sqlite3: '>=7' bun-types: '*' expo-sqlite: '>=14.0.0' + gel: '>=2' knex: '*' kysely: '*' mysql2: '>=2' pg: '>=8' postgres: '>=3' prisma: '*' - react: '>=18' sql.js: '>=1' sqlite3: '>=5' peerDependenciesMeta: @@ -4712,10 +4884,10 @@ packages: optional: true '@types/pg': optional: true - '@types/react': - optional: true '@types/sql.js': optional: true + '@upstash/redis': + optional: true '@vercel/postgres': optional: true '@xata.io/client': @@ -4726,6 +4898,8 @@ packages: optional: true expo-sqlite: optional: true + gel: + optional: true knex: optional: true kysely: @@ -4738,8 +4912,6 @@ packages: optional: true prisma: optional: true - react: - optional: true sql.js: optional: true sqlite3: @@ -4759,6 +4931,9 @@ packages: resolution: {integrity: sha512-TDp7Ld0h84x5fzIIZFyreYWqZrxUNjuXB6OxqJCmV6PodB2vzQ+1hlL6n4uK1de7bIAxYt5OkDykwcuIONQdQg==} engines: {node: '>=16'} + emoji-regex@8.0.0: + resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==} + empathic@2.0.0: resolution: {integrity: sha512-i6UzDscO/XfAcNYD75CfICkmfLedpyPDdozrLMmQc5ORaQcdMoc21OnlEylMIqI7U8eniKrPMxxtj8k0vhmJhA==} engines: {node: '>=14'} @@ -4767,6 +4942,9 @@ packages: resolution: {integrity: sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==} engines: {node: '>= 0.8'} + encoding@0.1.13: + resolution: {integrity: sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==} + end-of-stream@1.4.5: resolution: {integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==} @@ -4778,6 +4956,13 @@ packages: resolution: {integrity: sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==} engines: {node: '>=0.12'} + env-paths@2.2.1: + resolution: {integrity: sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==} + engines: {node: '>=6'} + + err-code@2.0.3: + resolution: {integrity: sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==} + es-define-property@1.0.1: resolution: {integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==} engines: {node: '>= 0.4'} @@ -4885,6 +5070,10 @@ packages: resolution: {integrity: sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA==} engines: {node: '>=18.0.0'} + expand-template@2.0.3: + resolution: {integrity: sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==} + engines: {node: '>=6'} + expect-type@1.3.0: resolution: {integrity: sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==} engines: {node: '>=12.0.0'} @@ -4945,6 +5134,9 @@ packages: picomatch: optional: true + file-uri-to-path@1.0.0: + resolution: {integrity: sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==} + finalhandler@2.1.1: resolution: {integrity: sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==} engines: {node: '>= 18.0.0'} @@ -4969,6 +5161,16 @@ packages: resolution: {integrity: sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==} engines: {node: '>= 0.8'} + fs-constants@1.0.0: + resolution: {integrity: sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==} + + fs-minipass@2.1.0: + resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==} + engines: {node: '>= 8'} + + fs.realpath@1.0.0: + resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} + fsevents@2.3.2: resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==} engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0} @@ -4982,6 +5184,11 @@ packages: function-bind@1.1.2: resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==} + gauge@4.0.4: + resolution: {integrity: sha512-f9m+BEN5jkg6a0fZjleidjN51VE1X+mPFQ2DJ0uv1V39oCLCbsGe6yjbBnp7eK7z/+GAon99a3nHuqbuuthyPg==} + engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + deprecated: This package is no longer supported. + gensync@1.0.0-beta.2: resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==} engines: {node: '>=6.9.0'} @@ -5005,10 +5212,17 @@ packages: get-tsconfig@4.13.6: resolution: {integrity: sha512-shZT/QMiSHc/YBLxxOkMtgSid5HFoauqCE3/exfsEcwg1WkeqjG+V40yBbBrsD+jW2HDXcs28xOfcbm2jI8Ddw==} + github-from-package@0.0.0: + resolution: {integrity: sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==} + glob@13.0.6: resolution: {integrity: sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==} engines: {node: 18 || 20 || >=22} + glob@7.2.3: + resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + gopd@1.2.0: resolution: {integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==} engines: {node: '>= 0.4'} @@ -5027,6 +5241,9 @@ packages: resolution: {integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==} engines: {node: '>= 0.4'} + has-unicode@2.0.1: + resolution: {integrity: sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==} + hasown@2.0.2: resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==} engines: {node: '>= 0.4'} @@ -5055,18 +5272,32 @@ packages: html-url-attributes@3.0.1: resolution: {integrity: sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ==} + http-cache-semantics@4.2.0: + resolution: {integrity: sha512-dTxcvPXqPvXBQpq5dUr6mEMJX4oIEFv6bwom3FDwKRDsuIjjJGANqhBuoAn9c1RQJIdAKav33ED65E2ys+87QQ==} + http-errors@2.0.1: resolution: {integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==} engines: {node: '>= 0.8'} + http-proxy-agent@4.0.1: + resolution: {integrity: sha512-k0zdNgqWTGA6aeIRVpvfVob4fL52dTfaehylg0Y4UvSySvOq/Y+BOyPrgpUrA7HylqvU8vIZGsRuXmspskV0Tg==} + engines: {node: '>= 6'} + http-proxy-agent@7.0.2: resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==} engines: {node: '>= 14'} + https-proxy-agent@5.0.1: + resolution: {integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==} + engines: {node: '>= 6'} + https-proxy-agent@7.0.6: resolution: {integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==} engines: {node: '>= 14'} + humanize-ms@1.2.1: + resolution: {integrity: sha512-Fl70vYtsAFb/C06PTS9dZBo7ihau+Tu/DNCk/OyHhea07S+aeMWpFFkUaXRa8fI+ScZbEI8dfSxwY7gxZ9SAVQ==} + iconv-lite@0.6.3: resolution: {integrity: sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==} engines: {node: '>=0.10.0'} @@ -5078,13 +5309,27 @@ packages: ieee754@1.2.1: resolution: {integrity: sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==} + imurmurhash@0.1.4: + resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==} + engines: {node: '>=0.8.19'} + indent-string@4.0.0: resolution: {integrity: sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==} engines: {node: '>=8'} + infer-owner@1.0.4: + resolution: {integrity: sha512-IClj+Xz94+d7irH5qRyfJonOdfTzuDaifE6ZPWfx0N0+/ATZCbuTPq2prFl526urkQd90WyUKIh1DfBQ2hMz9A==} + + inflight@1.0.6: + resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} + deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. + inherits@2.0.4: resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} + ini@1.3.8: + resolution: {integrity: sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==} + inline-style-parser@0.2.7: resolution: {integrity: sha512-Nb2ctOyNR8DqQoR0OwRG95uNWIC0C1lCgf5Naz5H6Ji72KZ8OcFZLz2P5sNgwlyoJ8Yif11oMuYs5pBQa86csA==} @@ -5103,6 +5348,10 @@ packages: resolution: {integrity: sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==} engines: {node: '>= 12'} + ip-address@10.2.0: + resolution: {integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==} + engines: {node: '>= 12'} + ipaddr.js@1.9.1: resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==} engines: {node: '>= 0.10'} @@ -5125,6 +5374,10 @@ packages: engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} hasBin: true + is-fullwidth-code-point@3.0.0: + resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==} + engines: {node: '>=8'} + is-hexadecimal@2.0.1: resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==} @@ -5137,6 +5390,9 @@ packages: engines: {node: '>=14.16'} hasBin: true + is-lambda@1.0.1: + resolution: {integrity: sha512-z7CMFGNrENq5iFB9Bqo64Xk6Y9sg+epq1myIcdHaGnbMTYOxvzsEtdYqQUylB7LxfkvgrrjP32T6Ywciio9UIQ==} + is-module@1.0.0: resolution: {integrity: sha512-51ypPSPCoTEIN9dy5Oy+h4pShgJmPCygKfyRCISBI+JoWT/2oJvK8QPxmwv7b/p239jXrm9M1mlQbyKJ5A152g==} @@ -5333,6 +5589,10 @@ packages: lru-cache@5.1.1: resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==} + lru-cache@6.0.0: + resolution: {integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==} + engines: {node: '>=10'} + lucide-react@0.574.0: resolution: {integrity: sha512-dJ8xb5juiZVIbdSn3HTyHsjjIwUwZ4FNwV0RtYDScOyySOeie1oXZTymST6YPJ4Qwt3Po8g4quhYl4OxtACiuQ==} peerDependencies: @@ -5345,6 +5605,10 @@ packages: magic-string@0.30.21: resolution: {integrity: sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==} + make-fetch-happen@9.1.0: + resolution: {integrity: sha512-+zopwDy7DNknmwPQplem5lAZX/eCOzSvSNNcSKm5eVwTkOBzoktEfXsa9L23J/GIRhxRsaxzkPEhrJEpE2F4Gg==} + engines: {node: '>= 10'} + markdown-table@3.0.4: resolution: {integrity: sha512-wiYz4+JrLyb/DqW2hkFJxP7Vd7JuTDm77fvbM8VfEQdmSMqcImWeeRbHwZjBjIFki/VaMK2BhFi7oUUZeM5bqw==} @@ -5571,6 +5835,10 @@ packages: engines: {node: '>=4.0.0'} hasBin: true + mimic-response@3.1.0: + resolution: {integrity: sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==} + engines: {node: '>=10'} + min-indent@1.0.1: resolution: {integrity: sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==} engines: {node: '>=4'} @@ -5579,13 +5847,56 @@ packages: resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==} engines: {node: 18 || 20 || >=22} + minimatch@3.1.5: + resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==} + minimist@1.2.8: resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} + minipass-collect@1.0.2: + resolution: {integrity: sha512-6T6lH0H8OG9kITm/Jm6tdooIbogG9e0tLgpY6mphXSm/A9u8Nq1ryBG+Qspiub9LjWlBPsPS3tWQ/Botq4FdxA==} + engines: {node: '>= 8'} + + minipass-fetch@1.4.1: + resolution: {integrity: sha512-CGH1eblLq26Y15+Azk7ey4xh0J/XfJfrCox5LDJiKqI2Q2iwOLOKrlmIaODiSQS8d18jalF6y2K2ePUm0CmShw==} + engines: {node: '>=8'} + + minipass-flush@1.0.7: + resolution: {integrity: sha512-TbqTz9cUwWyHS2Dy89P3ocAGUGxKjjLuR9z8w4WUTGAVgEj17/4nhgo2Du56i0Fm3Pm30g4iA8Lcqctc76jCzA==} + engines: {node: '>= 8'} + + minipass-pipeline@1.2.4: + resolution: {integrity: sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==} + engines: {node: '>=8'} + + minipass-sized@1.0.3: + resolution: {integrity: sha512-MbkQQ2CTiBMlA2Dm/5cY+9SWFEN8pzzOXi6rlM5Xxq0Yqbda5ZQy9sU75a673FE9ZK0Zsbr6Y5iP6u9nktfg2g==} + engines: {node: '>=8'} + + minipass@3.3.6: + resolution: {integrity: sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==} + engines: {node: '>=8'} + + minipass@5.0.0: + resolution: {integrity: sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==} + engines: {node: '>=8'} + minipass@7.1.3: resolution: {integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==} engines: {node: '>=16 || 14 >=14.17'} + minizlib@2.1.2: + resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} + engines: {node: '>= 8'} + + mkdirp-classic@0.5.3: + resolution: {integrity: sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==} + + mkdirp@1.0.4: + resolution: {integrity: sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==} + engines: {node: '>=10'} + hasBin: true + mlly@1.8.1: resolution: {integrity: sha512-SnL6sNutTwRWWR/vcmCYHSADjiEesp5TGQQ0pXyLhW5IoeibRlF/CbSLailbB3CNqJUk9cVJ9dUDnbD7GrcHBQ==} @@ -5614,6 +5925,13 @@ packages: resolution: {integrity: sha512-yJBmDJr18xy47dbNVlHcgdPrulSn1nhSE6Ns9vTG+Nx9VPT6iV1MD6aQFp/t52zpf82FhLLTXAXr30NuCnxvwA==} engines: {node: ^20.0.0 || >=22.0.0} + napi-build-utils@2.0.0: + resolution: {integrity: sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==} + + negotiator@0.6.4: + resolution: {integrity: sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w==} + engines: {node: '>= 0.6'} + negotiator@1.0.0: resolution: {integrity: sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==} engines: {node: '>= 0.6'} @@ -5621,9 +5939,31 @@ packages: next-tick@1.1.0: resolution: {integrity: sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ==} + node-abi@3.92.0: + resolution: {integrity: sha512-KdHvFWZjEKDf0cakgFjebl371GPsISX2oZHcuyKqM7DtogIsHrqKeLTo8wBHxaXRAQlY2PsPlZmfo+9ZCxEREQ==} + engines: {node: '>=10'} + + node-addon-api@7.1.1: + resolution: {integrity: sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==} + + node-gyp@8.4.1: + resolution: {integrity: sha512-olTJRgUtAb/hOXG0E93wZDs5YiJlgbXxTwQAFHyNlRsXQnYzUaF2aGgujZbw+hR8aF4ZG/rST57bWMWD16jr9w==} + engines: {node: '>= 10.12.0'} + hasBin: true + node-releases@2.0.27: resolution: {integrity: sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==} + nopt@5.0.0: + resolution: {integrity: sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==} + engines: {node: '>=6'} + hasBin: true + + npmlog@6.0.2: + resolution: {integrity: sha512-/vBvz5Jfr9dT/aFWd0FIRf+T/Q2WBsLENygUaFUqstqsycmZAP/t5BvFJTK0viFmSUxiUKTUplWy5vt+rvKIxg==} + engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + deprecated: This package is no longer supported. + object-assign@4.1.1: resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==} engines: {node: '>=0.10.0'} @@ -5654,6 +5994,10 @@ packages: outvariant@1.4.0: resolution: {integrity: sha512-AlWY719RF02ujitly7Kk/0QlV+pXGFDHrHf9O2OKqyqgBieaPOIeuSkL8sRK6j2WK+/ZAURq2kZsY0d8JapUiw==} + p-map@4.0.0: + resolution: {integrity: sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==} + engines: {node: '>=10'} + package-manager-detector@1.6.0: resolution: {integrity: sha512-61A5ThoTiDG/C8s8UMZwSorAGwMJ0ERVGj2OjoW5pAalsNOg15+iQiPzrLJ4jhZ1HJzmC2PIHT2oEiH3R5fzNA==} @@ -5673,6 +6017,10 @@ packages: path-data-parser@0.1.0: resolution: {integrity: sha512-NOnmBpt5Y2RWbuv0LMzsayp3lVylAHLPUTut412ZA3l+C4uw4ZVkQbjShYCQ8TCpUMdPapr4YjUqLYD6v68j+w==} + path-is-absolute@1.0.1: + resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} + engines: {node: '>=0.10.0'} + path-key@3.1.1: resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==} engines: {node: '>=8'} @@ -5810,6 +6158,12 @@ packages: resolution: {integrity: sha512-dM0jVuXJPsDN6DvRpea484tCUaMiXWjuCn++HGTqUWzGDjv5tZkEZldAJ/UMlqRYGFrD/etByo4/xOuC/snX2A==} engines: {node: '>=20'} + prebuild-install@7.1.3: + resolution: {integrity: sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug==} + engines: {node: '>=10'} + deprecated: No longer maintained. Please contact the author of the relevant native addon; alternatives are available. + hasBin: true + pretty-format@27.5.1: resolution: {integrity: sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==} engines: {node: ^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0} @@ -5821,6 +6175,18 @@ packages: process-warning@5.0.0: resolution: {integrity: sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA==} + promise-inflight@1.0.1: + resolution: {integrity: sha512-6zWPyEOFaQBJYcGMHBKTKJ3u6TBsnMFOIZSa6ce1e/ZrrsOlnHRHbabMjLiBYKp+n44X9eUI6VUPaukCXHuG4g==} + peerDependencies: + bluebird: '*' + peerDependenciesMeta: + bluebird: + optional: true + + promise-retry@2.0.1: + resolution: {integrity: sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==} + engines: {node: '>=10'} + prop-types@15.8.1: resolution: {integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==} @@ -5866,6 +6232,10 @@ packages: resolution: {integrity: sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==} engines: {node: '>= 0.10'} + rc@1.2.8: + resolution: {integrity: sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==} + hasBin: true + react-devtools-inline@4.4.0: resolution: {integrity: sha512-ES0GolSrKO8wsKbsEkVeiR/ZAaHQTY4zDh1UW8DImVmm8oaGLl3ijJDvSGe+qDRKPZdPRnDtWWnSvvrgxXdThQ==} @@ -6012,6 +6382,15 @@ packages: engines: {node: '>= 0.4'} hasBin: true + retry@0.12.0: + resolution: {integrity: sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==} + engines: {node: '>= 4'} + + rimraf@3.0.2: + resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==} + deprecated: Rimraf versions prior to v4 are no longer supported + hasBin: true + robust-predicates@3.0.2: resolution: {integrity: sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==} @@ -6078,6 +6457,9 @@ packages: resolution: {integrity: sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==} engines: {node: '>= 18'} + set-blocking@2.0.0: + resolution: {integrity: sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==} + set-cookie-parser@2.7.2: resolution: {integrity: sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw==} @@ -6115,6 +6497,15 @@ packages: siginfo@2.0.0: resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==} + signal-exit@3.0.7: + resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==} + + simple-concat@1.0.1: + resolution: {integrity: sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==} + + simple-get@4.0.1: + resolution: {integrity: sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==} + sisteransi@1.0.5: resolution: {integrity: sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==} @@ -6123,6 +6514,18 @@ packages: engines: {node: '>=18'} hasBin: true + smart-buffer@4.2.0: + resolution: {integrity: sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==} + engines: {node: '>= 6.0.0', npm: '>= 3.0.0'} + + socks-proxy-agent@6.2.1: + resolution: {integrity: sha512-a6KW9G+6B3nWZ1yB8G7pJwL3ggLy1uTzKAgCb7ttblwqdz9fMGJUuTy3uFzEP48FAs9FLILlmzDlE2JJhVQaXQ==} + engines: {node: '>= 10'} + + socks@2.8.9: + resolution: {integrity: sha512-LJhUYUvItdQ0LkJTmPeaEObWXAqFyfmP85x0tch/ez9cahmhlBBLbIqDFnvBnUJGagb0JbIQrkBs1wJ+yRYpEw==} + engines: {node: '>= 10.0.0', npm: '>= 3.0.0'} + sonic-boom@4.2.1: resolution: {integrity: sha512-w6AxtubXa2wTXAUsZMMWERrsIRAdrK0Sc+FUytWvYAhBJLyuI4llrMIC1DtlNSdI99EI86KZum2MMq3EAZlF9Q==} @@ -6144,6 +6547,13 @@ packages: resolution: {integrity: sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==} engines: {node: '>= 10.x'} + sqlite3@5.1.7: + resolution: {integrity: sha512-GGIyOiFaG+TUra3JIfkI/zGP8yZYLPQ0pl1bH+ODjiX57sPhrLU5sQJn1y9bDKZUFYkX1crlrPfSYt0BKKdkog==} + + ssri@8.0.1: + resolution: {integrity: sha512-97qShzy1AiyxvPNIkLWoGua7xoQzzPjQ0HAH4B0rWKo7SZ6USuPcrUiAFrws0UH8RrbWmgq3LMTObhPIHbbBeQ==} + engines: {node: '>= 8'} + stackback@0.0.2: resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==} @@ -6176,12 +6586,20 @@ packages: strict-event-emitter@0.4.6: resolution: {integrity: sha512-12KWeb+wixJohmnwNFerbyiBrAlq5qJLwIt38etRtKtmmHyDSoGlIqFE9wx+4IwG0aDjI7GV8tc8ZccjWZZtTg==} + string-width@4.2.3: + resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==} + engines: {node: '>=8'} + string_decoder@1.3.0: resolution: {integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==} stringify-entities@4.0.4: resolution: {integrity: sha512-IwfBptatlO+QCJUo19AqvrPNqlVMpW9YEL2LIVY+Rpv2qsjCGxaDLNRgeGsQWJhfItebuJhsGSLjaBbNSQ+ieg==} + strip-ansi@6.0.1: + resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==} + engines: {node: '>=8'} + strip-bom@3.0.0: resolution: {integrity: sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==} engines: {node: '>=4'} @@ -6194,6 +6612,10 @@ packages: resolution: {integrity: sha512-SlyRoSkdh1dYP0PzclLE7r0M9sgbFKKMFXpFRUMNuKhQSbC6VQIGzq3E0qsfvGJaUFJPGv6Ws1NZ/haTAjfbMA==} engines: {node: '>=12'} + strip-json-comments@2.0.1: + resolution: {integrity: sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==} + engines: {node: '>=0.10.0'} + strip-json-comments@5.0.3: resolution: {integrity: sha512-1tB5mhVo7U+ETBKNf92xT4hrQa3pm0MZ0PQvuDnWgAAGHDsfp4lPSpiS6psrSiet87wyGPh9ft6wmhOMQ0hDiw==} engines: {node: '>=14.16'} @@ -6244,9 +6666,21 @@ packages: resolution: {integrity: sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==} engines: {node: '>=6'} + tar-fs@2.1.4: + resolution: {integrity: sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==} + + tar-stream@2.2.0: + resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==} + engines: {node: '>=6'} + tar-stream@3.2.0: resolution: {integrity: sha512-ojzvCvVaNp6aOTFmG7jaRD0meowIAuPc3cMMhSgKiVWws1GyHbGd/xvnyuRKcKlMpt3qvxx6r0hreCNITP9hIg==} + tar@6.2.1: + resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} + engines: {node: '>=10'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + teex@1.0.1: resolution: {integrity: sha512-eYE6iEI62Ni1H8oIa7KlDU6uQBtqr4Eajni3wX7rpfXD8ysFx8z0+dri+KWEPWpBsxXfxu58x/0jvTVT1ekOSg==} @@ -6329,6 +6763,9 @@ packages: engines: {node: '>=18.0.0'} hasBin: true + tunnel-agent@0.6.0: + resolution: {integrity: sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==} + type-is@1.6.18: resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==} engines: {node: '>= 0.6'} @@ -6360,6 +6797,10 @@ packages: undici-types@7.24.4: resolution: {integrity: sha512-cRaY9PagdEZoRmcwzk3tUV3SVGrVQkR6bcSilav/A0vXsfpW4Lvd0BvgRMwTEDTLLGN+QdyBTG+nnvTgJhdt6w==} + undici@5.29.0: + resolution: {integrity: sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==} + engines: {node: '>=14.0'} + undici@7.24.4: resolution: {integrity: sha512-BM/JzwwaRXxrLdElV2Uo6cTLEjhSb3WXboncJamZ15NgUURmvlXvxa6xkwIOILIjPNo9i8ku136ZvWV0Uly8+w==} engines: {node: '>=20.18.1'} @@ -6370,6 +6811,12 @@ packages: unified@11.0.5: resolution: {integrity: sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA==} + unique-filename@1.1.1: + resolution: {integrity: sha512-Vmp0jIp2ln35UTXuryvjzkjGdRyf9b2lTXuSYUiPmzRcl3FDtYqAwOnTJkAngD9SWhnoJzDbTKwaOrZ+STtxNQ==} + + unique-slug@2.0.2: + resolution: {integrity: sha512-zoWr9ObaxALD3DOPfjPSqxt4fnZiWblxHIgeWqW8x7UqDzEtHEQLzji2cuJYQFCU6KmoJikOYAZlrTHHebjx2w==} + unist-util-is@6.0.1: resolution: {integrity: sha512-LsiILbtBETkDz8I9p1dQ0uyRUWuaQzd/cuEeS1hoRSyW5E5XGmTzlwY1OrNzzakGowI9Dr/I8HVaw4hTtnxy8g==} @@ -6646,6 +7093,9 @@ packages: engines: {node: '>=8'} hasBin: true + wide-align@1.1.5: + resolution: {integrity: sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg==} + wrappy@1.0.2: resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} @@ -6683,6 +7133,9 @@ packages: yallist@3.1.1: resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==} + yallist@4.0.0: + resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yjs@13.6.29: resolution: {integrity: sha512-kHqDPdltoXH+X4w1lVmMtddE3Oeqq48nM40FD5ojTd8xYhQpzIDcfE2keMSU5bAgRPJBe225WTUdyUgj1DtbiQ==} engines: {node: '>=16.0.0', npm: '>=8.0.0'} @@ -7499,6 +7952,8 @@ snapshots: dependencies: css-tree: 3.2.1 + '@bufbuild/protobuf@1.10.0': {} + '@chevrotain/cst-dts-gen@11.1.2': dependencies: '@chevrotain/gast': 11.1.2 @@ -7833,6 +8288,16 @@ snapshots: react-dom: 19.2.4(react@19.2.4) react-is: 17.0.2 + '@connectrpc/connect-node@1.7.0(@bufbuild/protobuf@1.10.0)(@connectrpc/connect@1.7.0(@bufbuild/protobuf@1.10.0))': + dependencies: + '@bufbuild/protobuf': 1.10.0 + '@connectrpc/connect': 1.7.0(@bufbuild/protobuf@1.10.0) + undici: 5.29.0 + + '@connectrpc/connect@1.7.0(@bufbuild/protobuf@1.10.0)': + dependencies: + '@bufbuild/protobuf': 1.10.0 + '@csstools/color-helpers@6.0.2': {} '@csstools/css-calc@3.1.1(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0)': @@ -7857,6 +8322,39 @@ snapshots: '@csstools/css-tokenizer@4.0.0': {} + '@cursor/sdk-darwin-arm64@1.0.12': + optional: true + + '@cursor/sdk-darwin-x64@1.0.12': + optional: true + + '@cursor/sdk-linux-arm64@1.0.12': + optional: true + + '@cursor/sdk-linux-x64@1.0.12': + optional: true + + '@cursor/sdk-win32-x64@1.0.12': + optional: true + + '@cursor/sdk@1.0.12': + dependencies: + '@bufbuild/protobuf': 1.10.0 + '@connectrpc/connect': 1.7.0(@bufbuild/protobuf@1.10.0) + '@connectrpc/connect-node': 1.7.0(@bufbuild/protobuf@1.10.0)(@connectrpc/connect@1.7.0(@bufbuild/protobuf@1.10.0)) + '@statsig/js-client': 3.31.0 + sqlite3: 5.1.7 + zod: 3.25.76 + optionalDependencies: + '@cursor/sdk-darwin-arm64': 1.0.12 + '@cursor/sdk-darwin-x64': 1.0.12 + '@cursor/sdk-linux-arm64': 1.0.12 + '@cursor/sdk-linux-x64': 1.0.12 + '@cursor/sdk-win32-x64': 1.0.12 + transitivePeerDependencies: + - bluebird + - supports-color + '@dnd-kit/accessibility@3.1.1(react@19.2.4)': dependencies: react: 19.2.4 @@ -8154,6 +8652,8 @@ snapshots: optionalDependencies: '@noble/hashes': 2.0.1 + '@fastify/busboy@2.1.1': {} + '@floating-ui/core@1.7.4': dependencies: '@floating-ui/utils': 0.2.10 @@ -8179,6 +8679,9 @@ snapshots: '@floating-ui/utils@0.2.10': {} + '@gar/promisify@1.1.3': + optional: true + '@hono/node-server@1.19.13(hono@4.12.12)': dependencies: hono: 4.12.12 @@ -8666,6 +9169,18 @@ snapshots: '@noble/hashes@2.0.1': {} + '@npmcli/fs@1.1.1': + dependencies: + '@gar/promisify': 1.1.3 + semver: 7.7.4 + optional: true + + '@npmcli/move-file@1.1.2': + dependencies: + mkdirp: 1.0.4 + rimraf: 3.0.2 + optional: true + '@open-draft/deferred-promise@2.2.0': {} '@paperclipai/adapter-utils@2026.325.0': {} @@ -9909,6 +10424,12 @@ snapshots: '@standard-schema/spec@1.1.0': {} + '@statsig/client-core@3.31.0': {} + + '@statsig/js-client@3.31.0': + dependencies: + '@statsig/client-core': 3.31.0 + '@stitches/core@1.2.8': {} '@storybook/addon-a11y@10.3.5(storybook@10.3.5(@testing-library/dom@10.4.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))': @@ -10107,6 +10628,9 @@ snapshots: dependencies: '@testing-library/dom': 10.4.1 + '@tootallnate/once@1.1.2': + optional: true + '@types/aria-query@5.0.4': {} '@types/babel__core@7.20.5': @@ -10476,6 +11000,9 @@ snapshots: '@zed-industries/codex-acp-win32-arm64': 0.12.0 '@zed-industries/codex-acp-win32-x64': 0.12.0 + abbrev@1.1.1: + optional: true + accepts@2.0.0: dependencies: mime-types: 3.0.2 @@ -10501,8 +11028,26 @@ snapshots: address@2.0.3: {} + agent-base@6.0.2: + dependencies: + debug: 4.4.3 + transitivePeerDependencies: + - supports-color + optional: true + agent-base@7.1.4: {} + agentkeepalive@4.6.0: + dependencies: + humanize-ms: 1.2.1 + optional: true + + aggregate-error@3.1.0: + dependencies: + clean-stack: 2.2.0 + indent-string: 4.0.0 + optional: true + ajv-formats@3.0.1(ajv@8.18.0): optionalDependencies: ajv: 8.18.0 @@ -10522,6 +11067,15 @@ snapshots: append-field@1.0.0: {} + aproba@2.1.0: + optional: true + + are-we-there-yet@3.0.1: + dependencies: + delegates: 1.0.0 + readable-stream: 3.6.2 + optional: true + argparse@2.0.1: {} aria-hidden@1.2.6: @@ -10564,6 +11118,9 @@ snapshots: bail@2.0.2: {} + balanced-match@1.0.2: + optional: true + balanced-match@4.0.4: {} bare-events@2.8.2: {} @@ -10602,7 +11159,7 @@ snapshots: baseline-browser-mapping@2.9.19: {} - better-auth@1.4.18(drizzle-kit@0.31.9)(drizzle-orm@0.38.4(@electric-sql/pglite@0.3.15)(@types/react@19.2.14)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(react@19.2.4))(pg@8.18.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(vitest@3.2.4(@types/debug@4.1.12)(@types/node@24.12.0)(jiti@2.6.1)(jsdom@28.1.0(@noble/hashes@2.0.1))(lightningcss@1.30.2)(tsx@4.21.0)): + better-auth@1.4.18(drizzle-kit@0.31.9)(drizzle-orm@0.45.2(@electric-sql/pglite@0.3.15)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(sqlite3@5.1.7))(pg@8.18.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(vitest@3.2.4(@types/debug@4.1.12)(@types/node@24.12.0)(jiti@2.6.1)(jsdom@28.1.0(@noble/hashes@2.0.1))(lightningcss@1.30.2)(tsx@4.21.0)): dependencies: '@better-auth/core': 1.4.18(@better-auth/utils@0.3.0)(@better-fetch/fetch@1.1.21)(better-call@1.1.8(zod@3.25.76))(jose@6.1.3)(kysely@0.28.11)(nanostores@1.1.0) '@better-auth/telemetry': 1.4.18(@better-auth/core@1.4.18(@better-auth/utils@0.3.0)(@better-fetch/fetch@1.1.21)(better-call@1.1.8(zod@3.25.76))(jose@6.1.3)(kysely@0.28.11)(nanostores@1.1.0)) @@ -10618,7 +11175,7 @@ snapshots: zod: 4.3.6 optionalDependencies: drizzle-kit: 0.31.9 - drizzle-orm: 0.38.4(@electric-sql/pglite@0.3.15)(@types/react@19.2.14)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(react@19.2.4) + drizzle-orm: 0.45.2(@electric-sql/pglite@0.3.15)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(sqlite3@5.1.7) pg: 8.18.0 react: 19.2.4 react-dom: 19.2.4(react@19.2.4) @@ -10637,6 +11194,16 @@ snapshots: dependencies: require-from-string: 2.0.2 + bindings@1.5.0: + dependencies: + file-uri-to-path: 1.0.0 + + bl@4.1.0: + dependencies: + buffer: 5.7.1 + inherits: 2.0.4 + readable-stream: 3.6.2 + body-parser@2.2.2: dependencies: bytes: 3.1.2 @@ -10653,6 +11220,12 @@ snapshots: bowser@2.14.1: {} + brace-expansion@1.1.14: + dependencies: + balanced-match: 1.0.2 + concat-map: 0.0.1 + optional: true + brace-expansion@5.0.5: dependencies: balanced-match: 4.0.4 @@ -10667,6 +11240,11 @@ snapshots: buffer-from@1.1.2: {} + buffer@5.7.1: + dependencies: + base64-js: 1.5.1 + ieee754: 1.2.1 + buffer@6.0.3: dependencies: base64-js: 1.5.1 @@ -10684,6 +11262,30 @@ snapshots: cac@6.7.14: {} + cacache@15.3.0: + dependencies: + '@npmcli/fs': 1.1.1 + '@npmcli/move-file': 1.1.2 + chownr: 2.0.0 + fs-minipass: 2.1.0 + glob: 7.2.3 + infer-owner: 1.0.4 + lru-cache: 6.0.0 + minipass: 3.3.6 + minipass-collect: 1.0.2 + minipass-flush: 1.0.7 + minipass-pipeline: 1.2.4 + mkdirp: 1.0.4 + p-map: 4.0.0 + promise-inflight: 1.0.1 + rimraf: 3.0.2 + ssri: 8.0.1 + tar: 6.2.1 + unique-filename: 1.1.1 + transitivePeerDependencies: + - bluebird + optional: true + call-bind-apply-helpers@1.0.2: dependencies: es-errors: 1.3.0 @@ -10734,6 +11336,10 @@ snapshots: dependencies: readdirp: 4.1.2 + chownr@1.1.4: {} + + chownr@2.0.0: {} + class-variance-authority@0.7.1: dependencies: clsx: 2.1.1 @@ -10742,6 +11348,9 @@ snapshots: clean-set@1.1.2: {} + clean-stack@2.2.0: + optional: true + clsx@2.1.1: {} cm6-theme-basic-light@0.2.0(@codemirror/language@6.12.1)(@codemirror/state@6.5.4)(@codemirror/view@6.39.15)(@lezer/highlight@1.2.3): @@ -10773,6 +11382,9 @@ snapshots: '@codemirror/state': 6.5.4 '@codemirror/view': 6.39.15 + color-support@1.1.3: + optional: true + colorette@2.0.20: {} combined-stream@1.0.8: @@ -10793,6 +11405,9 @@ snapshots: compute-scroll-into-view@2.0.4: {} + concat-map@0.0.1: + optional: true + concat-stream@2.0.0: dependencies: buffer-from: 1.1.2 @@ -10802,6 +11417,9 @@ snapshots: confbox@0.1.8: {} + console-control-strings@1.1.0: + optional: true + content-disposition@1.0.1: {} content-type@1.0.5: {} @@ -11070,8 +11688,14 @@ snapshots: dependencies: character-entities: 2.0.2 + decompress-response@6.0.0: + dependencies: + mimic-response: 3.1.0 + deep-eql@5.0.2: {} + deep-extend@0.6.0: {} + deepmerge@4.3.1: {} default-browser-id@5.0.1: {} @@ -11091,6 +11715,9 @@ snapshots: delayed-stream@1.0.0: {} + delegates@1.0.0: + optional: true + depd@2.0.0: {} dequal@2.0.3: {} @@ -11148,14 +11775,13 @@ snapshots: transitivePeerDependencies: - supports-color - drizzle-orm@0.38.4(@electric-sql/pglite@0.3.15)(@types/react@19.2.14)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(react@19.2.4): + drizzle-orm@0.45.2(@electric-sql/pglite@0.3.15)(kysely@0.28.11)(pg@8.18.0)(postgres@3.4.8)(sqlite3@5.1.7): optionalDependencies: '@electric-sql/pglite': 0.3.15 - '@types/react': 19.2.14 kysely: 0.28.11 pg: 8.18.0 postgres: 3.4.8 - react: 19.2.4 + sqlite3: 5.1.7 dunder-proto@1.0.1: dependencies: @@ -11183,10 +11809,18 @@ snapshots: transitivePeerDependencies: - pg-native + emoji-regex@8.0.0: + optional: true + empathic@2.0.0: {} encodeurl@2.0.0: {} + encoding@0.1.13: + dependencies: + iconv-lite: 0.6.3 + optional: true + end-of-stream@1.4.5: dependencies: once: 1.4.0 @@ -11198,6 +11832,12 @@ snapshots: entities@6.0.1: {} + env-paths@2.2.1: + optional: true + + err-code@2.0.3: + optional: true + es-define-property@1.0.1: {} es-errors@1.3.0: {} @@ -11374,6 +12014,8 @@ snapshots: dependencies: eventsource-parser: 3.0.6 + expand-template@2.0.3: {} + expect-type@1.3.0: {} express-rate-limit@8.3.2(express@5.2.1): @@ -11452,6 +12094,8 @@ snapshots: optionalDependencies: picomatch: 4.0.3 + file-uri-to-path@1.0.0: {} + finalhandler@2.1.1: dependencies: debug: 4.4.3 @@ -11483,6 +12127,15 @@ snapshots: fresh@2.0.0: {} + fs-constants@1.0.0: {} + + fs-minipass@2.1.0: + dependencies: + minipass: 3.3.6 + + fs.realpath@1.0.0: + optional: true + fsevents@2.3.2: optional: true @@ -11491,6 +12144,18 @@ snapshots: function-bind@1.1.2: {} + gauge@4.0.4: + dependencies: + aproba: 2.1.0 + color-support: 1.1.3 + console-control-strings: 1.1.0 + has-unicode: 2.0.1 + signal-exit: 3.0.7 + string-width: 4.2.3 + strip-ansi: 6.0.1 + wide-align: 1.1.5 + optional: true + gensync@1.0.0-beta.2: {} get-caller-file@2.0.5: {} @@ -11519,12 +12184,24 @@ snapshots: dependencies: resolve-pkg-maps: 1.0.0 + github-from-package@0.0.0: {} + glob@13.0.6: dependencies: minimatch: 10.2.5 minipass: 7.1.3 path-scurry: 2.0.2 + glob@7.2.3: + dependencies: + fs.realpath: 1.0.0 + inflight: 1.0.6 + inherits: 2.0.4 + minimatch: 3.1.5 + once: 1.4.0 + path-is-absolute: 1.0.1 + optional: true + gopd@1.2.0: {} graceful-fs@4.2.11: {} @@ -11537,6 +12214,9 @@ snapshots: dependencies: has-symbols: 1.1.0 + has-unicode@2.0.1: + optional: true + hasown@2.0.2: dependencies: function-bind: 1.1.2 @@ -11582,6 +12262,9 @@ snapshots: html-url-attributes@3.0.1: {} + http-cache-semantics@4.2.0: + optional: true + http-errors@2.0.1: dependencies: depd: 2.0.0 @@ -11590,6 +12273,15 @@ snapshots: statuses: 2.0.2 toidentifier: 1.0.1 + http-proxy-agent@4.0.1: + dependencies: + '@tootallnate/once': 1.1.2 + agent-base: 6.0.2 + debug: 4.4.3 + transitivePeerDependencies: + - supports-color + optional: true + http-proxy-agent@7.0.2: dependencies: agent-base: 7.1.4 @@ -11597,6 +12289,14 @@ snapshots: transitivePeerDependencies: - supports-color + https-proxy-agent@5.0.1: + dependencies: + agent-base: 6.0.2 + debug: 4.4.3 + transitivePeerDependencies: + - supports-color + optional: true + https-proxy-agent@7.0.6: dependencies: agent-base: 7.1.4 @@ -11604,6 +12304,11 @@ snapshots: transitivePeerDependencies: - supports-color + humanize-ms@1.2.1: + dependencies: + ms: 2.1.3 + optional: true + iconv-lite@0.6.3: dependencies: safer-buffer: 2.1.2 @@ -11614,10 +12319,24 @@ snapshots: ieee754@1.2.1: {} + imurmurhash@0.1.4: + optional: true + indent-string@4.0.0: {} + infer-owner@1.0.4: + optional: true + + inflight@1.0.6: + dependencies: + once: 1.4.0 + wrappy: 1.0.2 + optional: true + inherits@2.0.4: {} + ini@1.3.8: {} + inline-style-parser@0.2.7: {} internmap@1.0.1: {} @@ -11628,6 +12347,9 @@ snapshots: ip-address@10.1.0: {} + ip-address@10.2.0: + optional: true + ipaddr.js@1.9.1: {} is-alphabetical@2.0.1: {} @@ -11645,6 +12367,9 @@ snapshots: is-docker@3.0.0: {} + is-fullwidth-code-point@3.0.0: + optional: true + is-hexadecimal@2.0.1: {} is-in-ssh@1.0.0: {} @@ -11653,6 +12378,9 @@ snapshots: dependencies: is-docker: 3.0.0 + is-lambda@1.0.1: + optional: true + is-module@1.0.0: {} is-plain-obj@4.1.0: {} @@ -11816,6 +12544,11 @@ snapshots: dependencies: yallist: 3.1.1 + lru-cache@6.0.0: + dependencies: + yallist: 4.0.0 + optional: true + lucide-react@0.574.0(react@19.2.4): dependencies: react: 19.2.4 @@ -11826,6 +12559,29 @@ snapshots: dependencies: '@jridgewell/sourcemap-codec': 1.5.5 + make-fetch-happen@9.1.0: + dependencies: + agentkeepalive: 4.6.0 + cacache: 15.3.0 + http-cache-semantics: 4.2.0 + http-proxy-agent: 4.0.1 + https-proxy-agent: 5.0.1 + is-lambda: 1.0.1 + lru-cache: 6.0.0 + minipass: 3.3.6 + minipass-collect: 1.0.2 + minipass-fetch: 1.4.1 + minipass-flush: 1.0.7 + minipass-pipeline: 1.2.4 + negotiator: 0.6.4 + promise-retry: 2.0.1 + socks-proxy-agent: 6.2.1 + ssri: 8.0.1 + transitivePeerDependencies: + - bluebird + - supports-color + optional: true + markdown-table@3.0.4: {} marked@16.4.2: {} @@ -12361,16 +13117,67 @@ snapshots: mime@2.6.0: {} + mimic-response@3.1.0: {} + min-indent@1.0.1: {} minimatch@10.2.5: dependencies: brace-expansion: 5.0.5 + minimatch@3.1.5: + dependencies: + brace-expansion: 1.1.14 + optional: true + minimist@1.2.8: {} + minipass-collect@1.0.2: + dependencies: + minipass: 3.3.6 + optional: true + + minipass-fetch@1.4.1: + dependencies: + minipass: 3.3.6 + minipass-sized: 1.0.3 + minizlib: 2.1.2 + optionalDependencies: + encoding: 0.1.13 + optional: true + + minipass-flush@1.0.7: + dependencies: + minipass: 3.3.6 + optional: true + + minipass-pipeline@1.2.4: + dependencies: + minipass: 3.3.6 + optional: true + + minipass-sized@1.0.3: + dependencies: + minipass: 3.3.6 + optional: true + + minipass@3.3.6: + dependencies: + yallist: 4.0.0 + + minipass@5.0.0: {} + minipass@7.1.3: {} + minizlib@2.1.2: + dependencies: + minipass: 3.3.6 + yallist: 4.0.0 + + mkdirp-classic@0.5.3: {} + + mkdirp@1.0.4: {} + mlly@1.8.1: dependencies: acorn: 8.16.0 @@ -12395,12 +13202,53 @@ snapshots: nanostores@1.1.0: {} + napi-build-utils@2.0.0: {} + + negotiator@0.6.4: + optional: true + negotiator@1.0.0: {} next-tick@1.1.0: {} + node-abi@3.92.0: + dependencies: + semver: 7.7.4 + + node-addon-api@7.1.1: {} + + node-gyp@8.4.1: + dependencies: + env-paths: 2.2.1 + glob: 7.2.3 + graceful-fs: 4.2.11 + make-fetch-happen: 9.1.0 + nopt: 5.0.0 + npmlog: 6.0.2 + rimraf: 3.0.2 + semver: 7.7.4 + tar: 6.2.1 + which: 2.0.2 + transitivePeerDependencies: + - bluebird + - supports-color + optional: true + node-releases@2.0.27: {} + nopt@5.0.0: + dependencies: + abbrev: 1.1.1 + optional: true + + npmlog@6.0.2: + dependencies: + are-we-there-yet: 3.0.1 + console-control-strings: 1.1.0 + gauge: 4.0.4 + set-blocking: 2.0.0 + optional: true + object-assign@4.1.1: {} object-inspect@1.13.4: {} @@ -12433,6 +13281,11 @@ snapshots: outvariant@1.4.0: {} + p-map@4.0.0: + dependencies: + aggregate-error: 3.1.0 + optional: true + package-manager-detector@1.6.0: {} parse-entities@4.0.2: @@ -12457,6 +13310,9 @@ snapshots: path-data-parser@0.1.0: {} + path-is-absolute@1.0.1: + optional: true + path-key@3.1.1: {} path-parse@1.0.7: {} @@ -12606,6 +13462,21 @@ snapshots: powershell-utils@0.1.0: {} + prebuild-install@7.1.3: + dependencies: + detect-libc: 2.1.2 + expand-template: 2.0.3 + github-from-package: 0.0.0 + minimist: 1.2.8 + mkdirp-classic: 0.5.3 + napi-build-utils: 2.0.0 + node-abi: 3.92.0 + pump: 3.0.3 + rc: 1.2.8 + simple-get: 4.0.1 + tar-fs: 2.1.4 + tunnel-agent: 0.6.0 + pretty-format@27.5.1: dependencies: ansi-regex: 5.0.1 @@ -12616,6 +13487,15 @@ snapshots: process-warning@5.0.0: {} + promise-inflight@1.0.1: + optional: true + + promise-retry@2.0.1: + dependencies: + err-code: 2.0.3 + retry: 0.12.0 + optional: true + prop-types@15.8.1: dependencies: loose-envify: 1.4.0 @@ -12714,6 +13594,13 @@ snapshots: iconv-lite: 0.7.2 unpipe: 1.0.0 + rc@1.2.8: + dependencies: + deep-extend: 0.6.0 + ini: 1.3.8 + minimist: 1.2.8 + strip-json-comments: 2.0.1 + react-devtools-inline@4.4.0: dependencies: es6-symbol: 3.1.4 @@ -12894,6 +13781,14 @@ snapshots: path-parse: 1.0.7 supports-preserve-symlinks-flag: 1.0.0 + retry@0.12.0: + optional: true + + rimraf@3.0.2: + dependencies: + glob: 7.2.3 + optional: true + robust-predicates@3.0.2: {} rollup@4.60.1: @@ -12997,6 +13892,9 @@ snapshots: transitivePeerDependencies: - supports-color + set-blocking@2.0.0: + optional: true + set-cookie-parser@2.7.2: {} setprototypeof@1.2.0: {} @@ -13068,6 +13966,17 @@ snapshots: siginfo@2.0.0: {} + signal-exit@3.0.7: + optional: true + + simple-concat@1.0.1: {} + + simple-get@4.0.1: + dependencies: + decompress-response: 6.0.0 + once: 1.4.0 + simple-concat: 1.0.1 + sisteransi@1.0.5: {} skillflag@0.1.4: @@ -13079,6 +13988,24 @@ snapshots: - bare-buffer - react-native-b4a + smart-buffer@4.2.0: + optional: true + + socks-proxy-agent@6.2.1: + dependencies: + agent-base: 6.0.2 + debug: 4.4.3 + socks: 2.8.9 + transitivePeerDependencies: + - supports-color + optional: true + + socks@2.8.9: + dependencies: + ip-address: 10.2.0 + smart-buffer: 4.2.0 + optional: true + sonic-boom@4.2.1: dependencies: atomic-sleep: 1.0.0 @@ -13096,6 +14023,23 @@ snapshots: split2@4.2.0: {} + sqlite3@5.1.7: + dependencies: + bindings: 1.5.0 + node-addon-api: 7.1.1 + prebuild-install: 7.1.3 + tar: 6.2.1 + optionalDependencies: + node-gyp: 8.4.1 + transitivePeerDependencies: + - bluebird + - supports-color + + ssri@8.0.1: + dependencies: + minipass: 3.3.6 + optional: true + stackback@0.0.2: {} static-browser-server@1.0.3: @@ -13144,6 +14088,13 @@ snapshots: strict-event-emitter@0.4.6: {} + string-width@4.2.3: + dependencies: + emoji-regex: 8.0.0 + is-fullwidth-code-point: 3.0.0 + strip-ansi: 6.0.1 + optional: true + string_decoder@1.3.0: dependencies: safe-buffer: 5.2.1 @@ -13153,6 +14104,11 @@ snapshots: character-entities-html4: 2.1.0 character-entities-legacy: 3.0.0 + strip-ansi@6.0.1: + dependencies: + ansi-regex: 5.0.1 + optional: true + strip-bom@3.0.0: {} strip-indent@3.0.0: @@ -13161,6 +14117,8 @@ snapshots: strip-indent@4.1.1: {} + strip-json-comments@2.0.1: {} + strip-json-comments@5.0.3: {} strip-literal@3.1.0: @@ -13215,6 +14173,21 @@ snapshots: tapable@2.3.0: {} + tar-fs@2.1.4: + dependencies: + chownr: 1.1.4 + mkdirp-classic: 0.5.3 + pump: 3.0.3 + tar-stream: 2.2.0 + + tar-stream@2.2.0: + dependencies: + bl: 4.1.0 + end-of-stream: 1.4.5 + fs-constants: 1.0.0 + inherits: 2.0.4 + readable-stream: 3.6.2 + tar-stream@3.2.0: dependencies: b4a: 1.8.1 @@ -13226,6 +14199,15 @@ snapshots: - bare-buffer - react-native-b4a + tar@6.2.1: + dependencies: + chownr: 2.0.0 + fs-minipass: 2.1.0 + minipass: 5.0.0 + minizlib: 2.1.2 + mkdirp: 1.0.4 + yallist: 4.0.0 + teex@1.0.1: dependencies: streamx: 2.25.0 @@ -13301,6 +14283,10 @@ snapshots: optionalDependencies: fsevents: 2.3.3 + tunnel-agent@0.6.0: + dependencies: + safe-buffer: 5.2.1 + type-is@1.6.18: dependencies: media-typer: 0.3.0 @@ -13326,6 +14312,10 @@ snapshots: undici-types@7.24.4: {} + undici@5.29.0: + dependencies: + '@fastify/busboy': 2.1.1 + undici@7.24.4: {} unidiff@1.0.4: @@ -13342,6 +14332,16 @@ snapshots: trough: 2.2.0 vfile: 6.0.3 + unique-filename@1.1.1: + dependencies: + unique-slug: 2.0.2 + optional: true + + unique-slug@2.0.2: + dependencies: + imurmurhash: 0.1.4 + optional: true + unist-util-is@6.0.1: dependencies: '@types/unist': 3.0.3 @@ -13683,6 +14683,11 @@ snapshots: siginfo: 2.0.0 stackback: 0.0.2 + wide-align@1.1.5: + dependencies: + string-width: 4.2.3 + optional: true + wrappy@1.0.2: {} ws@8.19.0: {} @@ -13704,6 +14709,8 @@ snapshots: yallist@3.1.1: {} + yallist@4.0.0: {} + yjs@13.6.29: dependencies: lib0: 0.2.117 diff --git a/releases/v2026.511.0.md b/releases/v2026.511.0.md new file mode 100644 index 00000000..f5a60130 --- /dev/null +++ b/releases/v2026.511.0.md @@ -0,0 +1,83 @@ +# v2026.511.0 + +> Released: 2026-05-11 + +## Highlights + +- **Planning mode for issue work** — Issues now carry a `standard` / `planning` work mode across the database, validators, server flows, plugin protocol, adapter heartbeat payloads, and board UI. Operators can create planning-mode issues, see them clearly in rows and detail composers, and have the mode preserved through suggested follow-up issues. ([#5353](https://github.com/paperclipai/paperclip/pull/5353)) +- **Full company search** — A new `/companies/:companyKey/search` page and company-scoped search API span issues, documents, agents, projects, comments, and activity, with rate limiting, fuzzy title matching, indexed document matching, highlighted snippets, recent searches, and Command-K handoff. ([#5293](https://github.com/paperclipai/paperclip/pull/5293)) +- **Routine revision history with restore** — Routines now keep an append-only revision log with a History tab on routine detail. Operators can preview prior revisions, see structured change summaries, diff descriptions, restore older definitions safely, and recover webhook secrets after restore. ([#5285](https://github.com/paperclipai/paperclip/pull/5285)) +- **Successful-run handoff and system notices** — When an agent run ends productively but the issue still needs a final disposition, the recovery service now opens an explicit handoff with first-class system notices rendered in the issue thread, so operators can see exactly why a run paused, escalated, or closed. ([#5289](https://github.com/paperclipai/paperclip/pull/5289)) +- **Expanded plugin host surface** — Plugins can now declare scoped database namespaces (with migration tracking), local project folders, managed agents, managed routines, scoped APIs, and reusable UI building blocks (file trees, resizable sidebars, route sidebars, managed-routine controls), all through documented contracts and validators. Follow-up host support landed for managed plugin skills and richer SDK types. ([#5205](https://github.com/paperclipai/paperclip/pull/5205), [#5597](https://github.com/paperclipai/paperclip/pull/5597)) +- **Secrets provider vaults with remote import** — Company secrets gain provider-vault configuration, AWS Secrets Manager remote-import preview/commit, binding usage tracking, access events, and rotation guards. The Secrets settings UI now exposes vault management and remote import, with CLI/API docs to match. ([#5429](https://github.com/paperclipai/paperclip/pull/5429)) +- **Cursor cloud adapter** — A new built-in `cursor_cloud` adapter drives Cursor's hosted-agent platform through `@cursor/sdk`, mapping Paperclip heartbeats to Cursor's durable-agent + per-run model with session reuse, streaming, and cancellation. ([#5664](https://github.com/paperclipai/paperclip/pull/5664)) +- **Daytona sandbox provider plugin** — A new `@paperclip/sandbox-provider-daytona` plugin uses `@daytonaio/sdk` for sandbox lifecycle, command execution, and shell detection, mirroring the existing E2B provider so operators can pick Daytona without touching core. ([#5580](https://github.com/paperclipai/paperclip/pull/5580), [#5586](https://github.com/paperclipai/paperclip/pull/5586)) +- **ACPX local adapter** — A new ACPX local adapter runtime can proxy Claude- and Codex-style execution with provider-aware model handling, a polished agent config form, and Storybook-covered model/provider behavior. ([#4893](https://github.com/paperclipai/paperclip/pull/4893), [#5290](https://github.com/paperclipai/paperclip/pull/5290)) + +## Improvements + +- **Workspace changes and stale notices in issue threads** — Issue activity now includes readable workspace-change details and folds stale-disposition notices inline so they match activity-log styling and spacing. ([#5356](https://github.com/paperclipai/paperclip/pull/5356)) +- **Shared sidebar section controls** — A reusable `SidebarSection` component drives collapsible content, header actions, and dropdown menus, and the Agents/Projects sidebar sections gain persisted `Top` / `Alphabetical` / `Recent` sort modes with cross-tab update events. ([#5585](https://github.com/paperclipai/paperclip/pull/5585)) +- **Operator sidebar and issue property polish** — Issue property timestamps include time, the sidebar company menu supports edit-mode reordering, the workspace switcher rail and account menu stay aligned, and the sidebar search icon routes directly to the search page. ([#5355](https://github.com/paperclipai/paperclip/pull/5355), [#5440](https://github.com/paperclipai/paperclip/pull/5440)) +- **Workspace switcher lives in the sidebar** — The workspace switcher moved into the sidebar so operators can change workspaces without leaving the board. ([#4981](https://github.com/paperclipai/paperclip/pull/4981)) +- **Operator workflow QoL** — Inbox grows assignee/project grouping and token/runtime totals, issue properties get removable blocker chips and workspace task links, the workspace runtime layout adds an issues-tab default and stopped-port reuse, and the dashboard cleans up run task labels. Mobile markdown and routine dialogs got fixes alongside page titles, sidebar polish, and inline routine variable help. ([#5291](https://github.com/paperclipai/paperclip/pull/5291), [#4701](https://github.com/paperclipai/paperclip/pull/4701)) +- **More operator task controls** — Company skill source display and used-by agent lists are clearer, long skill source paths truncate with a copy affordance, the routines table gains a row-level run-now button, inbox issue groups get grouped creation defaults, and the issue monitor activity card handles ISO date strings correctly. ([#5427](https://github.com/paperclipai/paperclip/pull/5427)) +- **Issue controls and retry-now recovery** — Issue properties expose editable assignee model overrides, a scheduled retry `retry-now` path is wired through backend and UI (with a shared `useRetryNowMutation` hook), and suppression coverage now includes budget hard stops, review participant changes, subtree pauses, unresolved blockers, terminal issues, and company scoping. ([#5426](https://github.com/paperclipai/paperclip/pull/5426)) +- **Assigned-backlog liveness** — Assigned issue creation defaults to `todo` when status is omitted (explicit `backlog` parking still wins), and liveness/attention paths plus UI notices distinguish assigned-backlog blockers so they cannot silently stall. ([#5428](https://github.com/paperclipai/paperclip/pull/5428)) +- **Hardened control-plane safety** — Run-aware confirmation ordering and interrupted-run cleanup are corrected, agent-authored `in_review` updates require a real review path, and Cloud-tenant alphanumeric issue identifiers are recognized across shared parsing and server routes. ([#5292](https://github.com/paperclipai/paperclip/pull/5292), [#5196](https://github.com/paperclipai/paperclip/pull/5196)) +- **Cloud tenant identity bootstrap** — Adds the bootstrap path that backs Cloud tenant identity for self-hosted and Cloud deployments. +- **Issue thread scale and markdown polish** — Long issue threads stay smooth and markdown rendering is tightened for the surfaces operators read most. ([#4861](https://github.com/paperclipai/paperclip/pull/4861)) +- **Inbox nested issue UI polish** — Nested issues in the inbox render more clearly and consistently. ([#4959](https://github.com/paperclipai/paperclip/pull/4959)) +- **Workspace routine run tab** — Each workspace now has a routine-run tab that shows recent runs for that workspace's routines. ([#4958](https://github.com/paperclipai/paperclip/pull/4958)) +- **Live run comment context** — Comments are surfaced alongside live run state so reviewers can see what was said while a run was active. ([#4957](https://github.com/paperclipai/paperclip/pull/4957)) +- **Workflow interaction cancellation and cost summaries** — Pending interactions can be cancelled cleanly and per-issue cost summaries surface rolled-up token/runtime spend. ([#4862](https://github.com/paperclipai/paperclip/pull/4862)) +- **Cheap model profiles for local adapters** — Local adapters can now select cheaper model profiles for low-stakes work like recovery follow-ups. ([#4881](https://github.com/paperclipai/paperclip/pull/4881)) +- **Higher heartbeat concurrency by default** — The agent heartbeat concurrency default is raised to keep the inbox flowing during busy periods. ([#4954](https://github.com/paperclipai/paperclip/pull/4954)) +- **Issue monitor liveness controls** — Issues can carry monitor schedule/state metadata so the control plane can wake the right assignee at the right cadence without polling. ([#4988](https://github.com/paperclipai/paperclip/pull/4988)) +- **Issue comment presentation contract** — Issue comments grow optional `author_type`, `presentation`, and `metadata` fields so system-authored notices render as first-class thread messages without overloading regular comments. ([#5289](https://github.com/paperclipai/paperclip/pull/5289)) +- **Database backups cover non-system schemas** — Database backup support now covers non-system schemas and is hardened against schema drift. ([#4859](https://github.com/paperclipai/paperclip/pull/4859), [#4960](https://github.com/paperclipai/paperclip/pull/4960)) +- **Dedicated environment settings page** — Environments get their own settings page with a test-in-environment flow so operators can validate adapters before assigning work. ([#4798](https://github.com/paperclipai/paperclip/pull/4798)) +- **Cursor sandbox support** — Adds Cursor as a supported sandbox, alongside SSH workspace-sync fixes for remote setups. ([#4803](https://github.com/paperclipai/paperclip/pull/4803)) +- **E2B plugin configuration UX** — The E2B plugin gets a clearer configuration UX, longer-running execution support, and a default-template flag for example plugins. ([#4802](https://github.com/paperclipai/paperclip/pull/4802), [#4901](https://github.com/paperclipai/paperclip/pull/4901)) +- **Sandbox provider messaging** — Company environment settings call out the active sandbox provider more clearly so operators know which runtime backs each environment. ([#4902](https://github.com/paperclipai/paperclip/pull/4902)) +- **Sandbox callback bridge for remote envs** — Remote execution targets now reach the host environment through a scoped callback bridge with serialization against concurrent heartbeats, env sanitization at the boundary, an expanded allowlist for the documented heartbeat surface, optional proxy logging via `PAPERCLIP_BRIDGE_DEBUG`, and SSH-environment-callback migration. ([#4801](https://github.com/paperclipai/paperclip/pull/4801), [#5326](https://github.com/paperclipai/paperclip/pull/5326), [#5325](https://github.com/paperclipai/paperclip/pull/5325), [#5324](https://github.com/paperclipai/paperclip/pull/5324), [#5140](https://github.com/paperclipai/paperclip/pull/5140), [#5116](https://github.com/paperclipai/paperclip/pull/5116)) +- **Sandbox install/test surface** — Per-adapter sandbox install commands flow through both the test and execute paths, sandbox providers can declare shell defaults, explicit-environment adapter tests run on the requested target instead of falling back to the host, and remote provisioning now consults a runtime command spec from the adapter. ([#5280](https://github.com/paperclipai/paperclip/pull/5280), [#5277](https://github.com/paperclipai/paperclip/pull/5277), [#5141](https://github.com/paperclipai/paperclip/pull/5141), [#5114](https://github.com/paperclipai/paperclip/pull/5114)) +- **Polished board settings and skills workflow** — Board settings and the skills assignment flow are smoother to navigate. ([#4863](https://github.com/paperclipai/paperclip/pull/4863)) +- **Harder release flow** — The internal release tooling now verifies registry state and dist-tag placement before promoting builds, with retry-on-lag for canary verification. ([#4800](https://github.com/paperclipai/paperclip/pull/4800), [#4816](https://github.com/paperclipai/paperclip/pull/4816), [#5579](https://github.com/paperclipai/paperclip/pull/5579)) + +## Fixes + +- **Codex CLI 0.122+ authentication** — The Codex adapter now writes an apikey-mode `auth.json` into the managed Codex home (and per-run for the test probe) when `OPENAI_API_KEY` is configured, so configured keys authenticate correctly with Codex CLI 0.122+ across local, SSH, and sandbox targets. ([#5276](https://github.com/paperclipai/paperclip/pull/5276)) +- **Gemini CLI v0.38 stream-json wire format** — The server parser, UI parser, and CLI formatter accept v0.38's `type=message`/`status`/`stats` events while keeping the legacy shape working, restoring the parsed summary and SSH hello probe under current Gemini CLI builds. ([#5273](https://github.com/paperclipai/paperclip/pull/5273), [#5143](https://github.com/paperclipai/paperclip/pull/5143)) +- **Stop leaking host environment into remote probes** — SSH remote execution strips inherited host shell env, and the Pi and OpenCode SSH probes no longer pass host `process.env` through to the remote shell. ([#5142](https://github.com/paperclipai/paperclip/pull/5142), [#5275](https://github.com/paperclipai/paperclip/pull/5275), [#5274](https://github.com/paperclipai/paperclip/pull/5274)) +- **OpenCode model selection and probes** — OpenCode now uses explicit static/local-aware model selection and validates remote model probes on the execution target. ([#5117](https://github.com/paperclipai/paperclip/pull/5117), [#5119](https://github.com/paperclipai/paperclip/pull/5119)) +- **Pi adapter session resume** — The Pi adapter avoids resuming stale remote sessions instead of surfacing them as live work. ([#5120](https://github.com/paperclipai/paperclip/pull/5120)) +- **Remote workspace environment shaping** — Remote workspace environment shaping now produces the right env for downstream commands. ([#5118](https://github.com/paperclipai/paperclip/pull/5118)) +- **SSH callback URL selection on LAN/private networks** — The SSH callback now picks a URL the remote can reach when the host is on a LAN or private network. ([#4799](https://github.com/paperclipai/paperclip/pull/4799)) +- **Harder remote workspace sync and restore** — Workspace export uses a per-import unique ref, restore goes through a new snapshot-aware merge that only writes files the remote actually changed, and every adapter threads a pre-run snapshot through sandbox/SSH paths to avoid trampling local state. ([#5444](https://github.com/paperclipai/paperclip/pull/5444)) +- **Cursor sandbox runtime resolution** — Cursor sandbox runtime resolution is more stable across adapter targets. ([#5446](https://github.com/paperclipai/paperclip/pull/5446)) +- **Runtime probes and Codex env tests** — Runtime probe behavior and Codex environment tests are stabilized so flakes no longer mask real adapter problems. ([#5445](https://github.com/paperclipai/paperclip/pull/5445)) +- **E2B sandbox executor reliability** — E2B sandboxes now run a real `command -v` probe and source login profiles before exec, stage stdin to a temp file so it is delivered reliably, and the gemini-local hello probe gets a 60-second timeout for SSH and E2B targets. ([#5279](https://github.com/paperclipai/paperclip/pull/5279), [#5278](https://github.com/paperclipai/paperclip/pull/5278), [#5322](https://github.com/paperclipai/paperclip/pull/5322)) +- **Runtime races and orphaned leases** — Fixes a runtime state race, workspace-sync gaps, plugin startup ordering, and orphaned execution leases. ([#4804](https://github.com/paperclipai/paperclip/pull/4804)) +- **Honor reuse-existing and assignee default environment** — Issue runs now honor the reuse-existing preference and the assignee's default environment when picking where to execute. ([#5139](https://github.com/paperclipai/paperclip/pull/5139)) +- **Issue recovery reliability** — Stranded-assignment recovery is more reliable, productive terminal continuations are recovered instead of being closed prematurely, productivity review recovery loops are bounded, and max-turn-exhausted heartbeats are retried. ([#4875](https://github.com/paperclipai/paperclip/pull/4875), [#4956](https://github.com/paperclipai/paperclip/pull/4956), [#4948](https://github.com/paperclipai/paperclip/pull/4948), [#5096](https://github.com/paperclipai/paperclip/pull/5096)) +- **Manual heartbeat invokes preserve scope** — Manual heartbeat invocations preserve their original scope instead of broadening it. ([#5323](https://github.com/paperclipai/paperclip/pull/5323)) +- **`/live-runs` no longer pads** — The `/live-runs` view stops padding by default so the surface reflects actual live work. ([#4963](https://github.com/paperclipai/paperclip/pull/4963)) +- **Cloud tenant issue identifier routes** — Issue identifier routes now resolve correctly under Cloud tenant prefixes. ([#5196](https://github.com/paperclipai/paperclip/pull/5196)) +- **Docker image build timeout raised** — The Docker image build no longer times out on slower CI runners. + +## Upgrade Guide + +Nine new database migrations (`0075`–`0083`) run automatically on startup. All are additive or idempotent — no existing rows are dropped. + +- `0075_cultured_sebastian_shaw` — adds issue monitor liveness columns (`monitor_next_check_at`, `monitor_wake_requested_at`, `monitor_last_triggered_at`, `monitor_attempt_count`, `monitor_notes`, `monitor_scheduled_by`) and a per-company monitor-due index. Existing issues default to `monitor_attempt_count = 0` with the rest unset. +- `0076_useful_elektra` — creates the `plugin_managed_resources` table and supporting indexes for plugin-managed agents/routines/folders. Existing plugins continue to work without managed resources. +- `0077_unusual_karnak` — creates the `routine_revisions` table, adds `latest_revision_id` / `latest_revision_number` pointers on `routines`, and backfills a v1 revision for every existing routine using its current definition. +- `0078_white_darwin` — adds optional `author_type`, `presentation`, and `metadata` columns to `issue_comments` so system notices can render with first-class presentation. Existing comments stay null and render as before. +- `0079_company_search_document_indexes` — adds GIN trigram indexes on `documents.title` and `documents.latest_body` to power the new company search page. +- `0080_company_search_fuzzystrmatch` — enables the `fuzzystrmatch` extension for fuzzy title matching in company search. Requires the extension to be available in your Postgres install (it ships with the standard `contrib` package). +- `0081_optimal_dormammu` — adds `issues.work_mode` (NOT NULL, default `standard`) for the new planning mode contract. Existing issues default to `standard`. +- `0082_dry_vision` — adds the secrets provider infrastructure: creates `company_secret_bindings` and `secret_access_events`, adds a stable `key` slug to `company_secrets` (backfilled and de-duplicated from existing names), and grows `company_secrets` / `company_secret_versions` with provider metadata, fingerprints, rotation timestamps, and soft-delete columns. Existing secrets get `managed_mode = 'paperclip_managed'`, `status = 'active'`, and a backfilled `last_rotated_at`. +- `0083_company_secret_provider_configs` — creates `company_secret_provider_configs` and retypes `company_secrets.provider_config_id` from `text` to `uuid`. Any prior non-UUID values in that column are cleared to NULL before the type change, so make sure you have no production data relying on free-form provider config ids before upgrading. If you do, capture those values out-of-band and reconfigure secrets against a real provider config row after the migration. + +No application configuration changes are required to take this release. If you operate the Codex adapter against Codex CLI 0.122 or newer, the new apikey-mode `auth.json` is written automatically from your existing `OPENAI_API_KEY` configuration. The new `cursor_cloud` adapter and Daytona sandbox provider are opt-in — agents and environments continue to use whatever runtime/sandbox they were configured with. diff --git a/scripts/bootstrap-npm-package.mjs b/scripts/bootstrap-npm-package.mjs new file mode 100644 index 00000000..9b1e01be --- /dev/null +++ b/scripts/bootstrap-npm-package.mjs @@ -0,0 +1,294 @@ +#!/usr/bin/env node + +import { spawnSync } from "node:child_process"; +import { fileURLToPath } from "node:url"; +import { dirname, join, resolve } from "node:path"; + +import { buildReleasePackagePlan } from "./release-package-map.mjs"; + +const __dirname = dirname(fileURLToPath(import.meta.url)); +const repoRoot = resolve(__dirname, ".."); + +function normalizePath(filePath) { + return filePath.replace(/\\/g, "/").replace(/^\.\//, ""); +} + +function usage() { + process.stderr.write( + [ + "Usage:", + " node scripts/bootstrap-npm-package.mjs [--publish --otp ] [--skip-build]", + "", + "Examples:", + " node scripts/bootstrap-npm-package.mjs @paperclipai/adapter-acpx-local", + " node scripts/bootstrap-npm-package.mjs packages/adapters/acpx-local --publish", + "", + ].join("\n"), + ); +} + +function parseArgs(argv) { + const flags = new Set(); + let selector = null; + let otp = null; + + for (let index = 0; index < argv.length; index += 1) { + const arg = argv[index]; + if (arg === "--") { + continue; + } + + if (arg === "--publish" || arg === "--skip-build") { + flags.add(arg); + continue; + } + + if (arg === "--otp") { + const value = argv[index + 1]; + if (!value || value.startsWith("--")) { + throw new Error("expected a one-time password after --otp"); + } + otp = value; + index += 1; + continue; + } + + if (arg === "--help" || arg === "-h") { + return { help: true, selector: null, publish: false, skipBuild: false, otp: null }; + } + + if (arg.startsWith("--")) { + throw new Error(`unknown option: ${arg}`); + } + + if (selector) { + throw new Error("expected exactly one package selector"); + } + + selector = arg; + } + + return { + help: false, + selector, + publish: flags.has("--publish"), + skipBuild: flags.has("--skip-build"), + otp, + }; +} + +function runCommand(command, args, options = {}) { + const result = spawnSync(command, args, { + cwd: repoRoot, + encoding: "utf8", + stdio: ["inherit", "pipe", "pipe"], + ...options, + }); + + if (result.error) { + throw result.error; + } + + return result; +} + +function runChecked(command, args, options = {}) { + const result = runCommand(command, args, options); + const stdout = result.stdout ?? ""; + const stderr = result.stderr ?? ""; + + if (stdout) process.stdout.write(stdout); + if (stderr) process.stderr.write(stderr); + + if (result.status !== 0) { + throw new Error(`${command} ${args.join(" ")} failed with status ${result.status ?? "unknown"}`); + } +} + +function formatCommand(command, args) { + return `${command} ${args.join(" ")}`; +} + +function ensureNpmAuth() { + const result = runCommand("npm", ["whoami"]); + const stdout = result.stdout ?? ""; + const stderr = result.stderr ?? ""; + + if (stdout) process.stdout.write(stdout); + if (stderr) process.stderr.write(stderr); + + if (result.status === 0) { + return; + } + + const output = `${stdout}\n${stderr}`.trim(); + if (/\bE401\b|401 Unauthorized/i.test(output)) { + throw new Error( + [ + "npm auth check failed.", + "This usually means the machine is either not logged into npm yet or has a stale token in ~/.npmrc.", + "Run `npm logout --registry=https://registry.npmjs.org/` and then `npm login` or `npm adduser` on this maintainer machine with an npm account that can publish to the @paperclipai scope, then rerun with --publish.", + "Do not use this auth flow in CI; it is only for the one-time human bootstrap publish.", + ].join(" "), + ); + } + + throw new Error("npm whoami failed"); +} + +function inspectNpmPackage(packageName) { + const result = runCommand("npm", ["view", packageName, "version", "--json"]); + + if (result.status === 0) { + const version = JSON.parse((result.stdout ?? "").trim()); + return { exists: true, version }; + } + + const output = `${result.stdout ?? ""}\n${result.stderr ?? ""}`.trim(); + if (/\bE404\b|404 Not Found|could not be found/i.test(output)) { + return { exists: false }; + } + + process.stderr.write(output ? `${output}\n` : ""); + throw new Error(`failed to query npm for ${packageName}`); +} + +function resolveTargetPackage(selector, packages = buildReleasePackagePlan()) { + const normalizedSelector = normalizePath(selector); + const matches = packages.filter( + (pkg) => pkg.name === selector || normalizePath(pkg.dir) === normalizedSelector, + ); + + if (matches.length === 1) { + return matches[0]; + } + + if (matches.length > 1) { + throw new Error(`package selector is ambiguous: ${selector}`); + } + + throw new Error( + `unknown package selector: ${selector}\nKnown packages:\n- ${packages.map((pkg) => `${pkg.name} (${pkg.dir})`).join("\n- ")}`, + ); +} + +function printNextSteps(pkg) { + process.stdout.write( + [ + "", + "Publish succeeded. Next:", + `1. Open https://www.npmjs.com/package/${pkg.name}`, + "2. Go to Settings -> Trusted publishing", + "3. Add repository paperclipai/paperclip", + "4. Set workflow filename to release.yml", + "5. Optionally enable Settings -> Publishing access -> Require two-factor authentication and disallow tokens", + "", + ].join("\n"), + ); +} + +function publishPackage(pkg, otp) { + const publishArgs = ["publish", "--access", "public"]; + if (otp) { + publishArgs.push("--otp", otp); + } + + const result = runCommand("npm", publishArgs, { cwd: join(repoRoot, pkg.dir) }); + const stdout = result.stdout ?? ""; + const stderr = result.stderr ?? ""; + const output = `${stdout}\n${stderr}`.trim(); + + if (stdout) process.stdout.write(stdout); + if (stderr) process.stderr.write(stderr); + + if (result.status === 0) { + return; + } + + if (/\bEOTP\b|one-time password/i.test(output)) { + throw new Error( + [ + "npm publish reached the publish-time 2FA check.", + "Complete the browser auth URL printed by npm and rerun the helper, or rerun with `--otp ` if your npm account uses authenticator-app codes.", + ].join(" "), + ); + } + + throw new Error(`${formatCommand("npm", publishArgs)} failed with status ${result.status ?? "unknown"}`); +} + +function main(argv) { + const { help, selector, publish, skipBuild, otp } = parseArgs(argv); + + if (help) { + usage(); + return; + } + + if (!selector) { + usage(); + throw new Error("missing package selector"); + } + + const pkg = resolveTargetPackage(selector); + process.stdout.write(`Selected ${pkg.name} (${pkg.dir})\n`); + + if (publish && !otp) { + throw new Error("`--publish` requires `--otp `. Generate a fresh npm one-time password and rerun."); + } + + const npmState = inspectNpmPackage(pkg.name); + if (npmState.exists) { + throw new Error(`${pkg.name} already exists on npm at version ${npmState.version}; bootstrap is only for first publish`); + } + + process.stdout.write(`${pkg.name} is not on npm yet; continuing with bootstrap flow.\n`); + + if (publish) { + process.stdout.write("Checking npm auth with npm whoami...\n"); + ensureNpmAuth(); + } + + if (!skipBuild && typeof pkg.pkg?.scripts?.build === "string") { + process.stdout.write(`Building ${pkg.name}...\n`); + runChecked("pnpm", ["--filter", pkg.name, "build"]); + } + + process.stdout.write(`Previewing publish payload for ${pkg.name}...\n`); + runChecked("npm", ["pack", "--dry-run"], { cwd: join(repoRoot, pkg.dir) }); + + if (!publish) { + process.stdout.write( + [ + "", + "Dry run complete. To perform the first publish from an authenticated maintainer machine, run:", + `node scripts/bootstrap-npm-package.mjs ${pkg.name} --publish --otp `, + "", + ].join("\n"), + ); + return; + } + + process.stdout.write(`Publishing ${pkg.name}...\n`); + publishPackage(pkg, otp); + printNextSteps(pkg); +} + +const isDirectRun = process.argv[1] && resolve(process.argv[1]) === fileURLToPath(import.meta.url); + +if (isDirectRun) { + try { + main(process.argv.slice(2)); + } catch (error) { + process.stderr.write(`${error instanceof Error ? error.message : String(error)}\n`); + process.exit(1); + } +} + +export { + ensureNpmAuth, + inspectNpmPackage, + parseArgs, + publishPackage, + resolveTargetPackage, +}; diff --git a/scripts/bootstrap-npm-package.test.mjs b/scripts/bootstrap-npm-package.test.mjs new file mode 100644 index 00000000..48deb739 --- /dev/null +++ b/scripts/bootstrap-npm-package.test.mjs @@ -0,0 +1,54 @@ +import assert from "node:assert/strict"; +import test from "node:test"; + +import { parseArgs, resolveTargetPackage } from "./bootstrap-npm-package.mjs"; + +test("parseArgs recognizes publish and skip-build flags", () => { + assert.deepEqual(parseArgs(["@paperclipai/adapter-acpx-local", "--publish", "--skip-build"]), { + help: false, + selector: "@paperclipai/adapter-acpx-local", + publish: true, + skipBuild: true, + otp: null, + }); +}); + +test("parseArgs accepts an explicit otp value", () => { + assert.deepEqual(parseArgs(["packages/adapters/acpx-local", "--publish", "--otp", "123456"]), { + help: false, + selector: "packages/adapters/acpx-local", + publish: true, + skipBuild: false, + otp: "123456", + }); +}); + +test("parseArgs leaves otp null when omitted", () => { + assert.deepEqual(parseArgs(["packages/adapters/acpx-local", "--publish"]), { + help: false, + selector: "packages/adapters/acpx-local", + publish: true, + skipBuild: false, + otp: null, + }); +}); + +test("parseArgs returns help mode", () => { + assert.deepEqual(parseArgs(["--help"]), { + help: true, + selector: null, + publish: false, + skipBuild: false, + otp: null, + }); +}); + +test("resolveTargetPackage matches by package name or dir", () => { + const packages = [ + { dir: "packages/a", name: "@paperclipai/a", pkg: {} }, + { dir: "packages/b", name: "@paperclipai/b", pkg: {} }, + ]; + + assert.equal(resolveTargetPackage("@paperclipai/a", packages).dir, "packages/a"); + assert.equal(resolveTargetPackage("./packages/b", packages).name, "@paperclipai/b"); +}); diff --git a/scripts/capture-pap-2351-binding-picker.mjs b/scripts/capture-pap-2351-binding-picker.mjs new file mode 100644 index 00000000..a8dad5ed --- /dev/null +++ b/scripts/capture-pap-2351-binding-picker.mjs @@ -0,0 +1,115 @@ +#!/usr/bin/env node +// Captures the BindingPicker storybook screenshot for PAP-2351 re-review. +// Boots a tiny static server over `ui/storybook-static` and screenshots the +// happy-path picker grid in dark mode at 1440x900 (matches the original +// PAP-2350 capture). + +import { createRequire } from "node:module"; +const localRequire = createRequire(import.meta.url); +const { chromium } = localRequire("playwright"); +import http from "node:http"; +import { promises as fs } from "node:fs"; +import path from "node:path"; +import { fileURLToPath } from "node:url"; + +const __dirname = path.dirname(fileURLToPath(import.meta.url)); +const repoRoot = path.resolve(__dirname, ".."); +const storybookRoot = path.join(repoRoot, "ui", "storybook-static"); +const outDir = process.argv[2] + ? path.resolve(process.argv[2]) + : path.join(repoRoot, "screenshots", "pap-2351"); + +const MIME = { + ".html": "text/html", + ".js": "application/javascript", + ".mjs": "application/javascript", + ".css": "text/css", + ".json": "application/json", + ".svg": "image/svg+xml", + ".png": "image/png", + ".jpg": "image/jpeg", + ".woff": "font/woff", + ".woff2": "font/woff2", + ".ico": "image/x-icon", + ".map": "application/json", +}; + +function startStaticServer(rootDir) { + return new Promise((resolve) => { + const server = http.createServer(async (req, res) => { + try { + const urlPath = decodeURIComponent((req.url ?? "/").split("?")[0]); + let filePath = path.join(rootDir, urlPath === "/" ? "index.html" : urlPath); + let stat; + try { + stat = await fs.stat(filePath); + } catch { + stat = null; + } + if (stat?.isDirectory()) { + filePath = path.join(filePath, "index.html"); + stat = await fs.stat(filePath).catch(() => null); + } + if (!stat) { + res.statusCode = 404; + res.end("not found"); + return; + } + const ext = path.extname(filePath).toLowerCase(); + res.setHeader("content-type", MIME[ext] ?? "application/octet-stream"); + res.setHeader("cache-control", "no-cache"); + const data = await fs.readFile(filePath); + res.end(data); + } catch (err) { + res.statusCode = 500; + res.end(err.message); + } + }); + server.listen(0, "127.0.0.1", () => { + const address = server.address(); + const port = typeof address === "object" && address ? address.port : 0; + resolve({ server, baseUrl: `http://127.0.0.1:${port}` }); + }); + }); +} + +const SHOTS = [ + { + storyId: "product-secrets--binding-picker", + label: "secrets-binding-picker", + viewport: { width: 1440, height: 900 }, + theme: "dark", + }, +]; + +async function main() { + await fs.mkdir(outDir, { recursive: true }); + const { server, baseUrl } = await startStaticServer(storybookRoot); + const browser = await chromium.launch(); + const ctx = await browser.newContext({ deviceScaleFactor: 1 }); + const page = await ctx.newPage(); + const captured = []; + try { + for (const shot of SHOTS) { + await page.setViewportSize(shot.viewport); + const url = `${baseUrl}/iframe.html?id=${encodeURIComponent(shot.storyId)}&viewMode=story&globals=theme:${shot.theme}`; + await page.goto(url, { waitUntil: "networkidle", timeout: 30_000 }); + // Allow the storybook fixture to swap CompanyContext to the storybook id and + // for the picker's useQuery to settle from cache. + await page.waitForTimeout(1500); + const dest = path.join(outDir, `${shot.label}.png`); + await page.screenshot({ path: dest, fullPage: false }); + captured.push(dest); + console.log("captured", dest); + } + } finally { + await browser.close(); + server.close(); + } + console.log(JSON.stringify({ captured }, null, 2)); +} + +main().catch((err) => { + console.error(err); + process.exit(1); +}); diff --git a/scripts/check-release-package-bootstrap.mjs b/scripts/check-release-package-bootstrap.mjs new file mode 100644 index 00000000..a9d792df --- /dev/null +++ b/scripts/check-release-package-bootstrap.mjs @@ -0,0 +1,206 @@ +#!/usr/bin/env node + +import { spawnSync } from "node:child_process"; + +import { buildReleasePackagePlan } from "./release-package-map.mjs"; + +function normalizePath(filePath) { + return filePath.replace(/\\/g, "/"); +} + +function classifyNpmViewFailure(output) { + return /\bE404\b|404 Not Found|could not be found/i.test(output) ? "missing" : "registry_error"; +} + +function inspectNpmPackage(packageName) { + const result = spawnSync("npm", ["view", packageName, "name", "--json"], { + encoding: "utf8", + stdio: ["ignore", "pipe", "pipe"], + }); + + if (result.error) { + throw result.error; + } + + if (result.status === 0) { + return { status: "exists" }; + } + + const output = `${result.stdout ?? ""}\n${result.stderr ?? ""}`.trim(); + const failureType = classifyNpmViewFailure(output); + + if (failureType === "missing") { + return { status: "missing" }; + } + + return { + status: "registry_error", + detail: output || `npm view exited with status ${result.status ?? "unknown"}`, + }; +} + +function readGitFileAtRevision(revision, filePath) { + const result = spawnSync("git", ["show", `${revision}:${normalizePath(filePath)}`], { + encoding: "utf8", + stdio: ["ignore", "pipe", "pipe"], + }); + + if (result.error) { + throw result.error; + } + + if (result.status === 0) { + return result.stdout; + } + + const output = `${result.stdout ?? ""}\n${result.stderr ?? ""}`.trim(); + + if ( + /exists on disk, but not in/i.test(output) || + /does not exist in/i.test(output) + ) { + return null; + } + + throw new Error(`failed to read ${filePath} at ${revision}:\n${output || "git show failed"}`); +} + +function getBaseReleaseState( + revision, + releasePackages = buildReleasePackagePlan(), + readFileAtRevision = readGitFileAtRevision, +) { + if (!revision) return null; + + const manifestText = readFileAtRevision(revision, "scripts/release-package-manifest.json"); + + if (manifestText) { + const manifestEntries = JSON.parse(manifestText); + + if (!Array.isArray(manifestEntries)) { + throw new Error(`expected scripts/release-package-manifest.json at ${revision} to contain an array`); + } + + return { + source: "manifest", + byDir: new Map( + manifestEntries + .filter((entry) => entry?.publishFromCi === true && typeof entry.dir === "string" && typeof entry.name === "string") + .map((entry) => [entry.dir, { name: entry.name, publishFromCi: true }]), + ), + }; + } + + const byDir = new Map(); + + for (const pkg of releasePackages) { + const packageJsonText = readFileAtRevision(revision, `${pkg.dir}/package.json`); + if (!packageJsonText) continue; + + const basePackage = JSON.parse(packageJsonText); + if (basePackage.private) continue; + + byDir.set(pkg.dir, { + name: basePackage.name, + publishFromCi: true, + }); + } + + return { + source: "public-packages", + byDir, + }; +} + +function collectReleasePackagesForChangedPaths( + changedPaths, + releasePackages = buildReleasePackagePlan(), + baseReleaseState = null, +) { + const normalizedChangedPaths = changedPaths.map(normalizePath); + const manifestFileChanged = normalizedChangedPaths.includes("scripts/release-package-manifest.json"); + const changedReleasePackages = []; + const seen = new Set(); + + for (const pkg of releasePackages) { + if (!pkg.publishFromCi) continue; + const packageJsonPath = `${pkg.dir}/package.json`; + const packageJsonChanged = normalizedChangedPaths.includes(packageJsonPath); + const basePackage = baseReleaseState?.byDir.get(pkg.dir); + const newlyReleaseEnabled = + manifestFileChanged && + (!baseReleaseState || !basePackage || basePackage.publishFromCi !== true || basePackage.name !== pkg.name); + const isRelevant = packageJsonChanged || newlyReleaseEnabled; + + if (!isRelevant) continue; + if (seen.has(pkg.name)) continue; + + changedReleasePackages.push(pkg); + seen.add(pkg.name); + } + + return changedReleasePackages; +} + +function main(changedPaths) { + const releasePackages = buildReleasePackagePlan(); + const baseReleaseState = getBaseReleaseState(process.env.PAPERCLIP_RELEASE_BOOTSTRAP_BASE_SHA, releasePackages); + const changedReleasePackages = collectReleasePackagesForChangedPaths(changedPaths, releasePackages, baseReleaseState); + + if (changedReleasePackages.length === 0) { + process.stdout.write("No release-enabled package manifests changed in this PR.\n"); + return; + } + + const missingPackages = []; + const registryFailures = []; + + for (const pkg of changedReleasePackages) { + const npmStatus = inspectNpmPackage(pkg.name); + + if (npmStatus.status === "missing") { + missingPackages.push(pkg); + continue; + } + + if (npmStatus.status === "registry_error") { + registryFailures.push({ pkg, detail: npmStatus.detail }); + } + } + + if (missingPackages.length > 0) { + const details = missingPackages + .map( + (pkg) => + `${pkg.name} (${pkg.dir}) is release-enabled but does not exist on npm yet; bootstrap the first publish before merge or keep it out of CI release enrollment`, + ) + .join("\n- "); + + throw new Error(`release package bootstrap check failed:\n- ${details}`); + } + + if (registryFailures.length > 0) { + const details = registryFailures + .map( + ({ pkg, detail }) => + `${pkg.name} (${pkg.dir}) could not be checked against npm due to a registry error:\n${detail}`, + ) + .join("\n- "); + + throw new Error(`release package bootstrap check could not verify npm state:\n- ${details}`); + } + + process.stdout.write( + `Release bootstrap OK for changed manifests: ${changedReleasePackages.map((pkg) => pkg.name).join(", ")}\n`, + ); +} + +if (process.argv[1] && normalizePath(process.argv[1]).endsWith("scripts/check-release-package-bootstrap.mjs")) { + main(process.argv.slice(2)); +} + +export { + classifyNpmViewFailure, + collectReleasePackagesForChangedPaths, + getBaseReleaseState, +}; diff --git a/scripts/check-release-package-bootstrap.test.mjs b/scripts/check-release-package-bootstrap.test.mjs new file mode 100644 index 00000000..90c92308 --- /dev/null +++ b/scripts/check-release-package-bootstrap.test.mjs @@ -0,0 +1,104 @@ +import assert from "node:assert/strict"; +import test from "node:test"; + +import { + classifyNpmViewFailure, + collectReleasePackagesForChangedPaths, + getBaseReleaseState, +} from "./check-release-package-bootstrap.mjs"; + +test("manifest changes without base state validate all release-enabled packages", () => { + const releasePackages = [ + { dir: "packages/a", name: "@paperclipai/a", publishFromCi: true }, + { dir: "packages/b", name: "@paperclipai/b", publishFromCi: true }, + { dir: "packages/c", name: "@paperclipai/c", publishFromCi: false }, + ]; + + const changedPackages = collectReleasePackagesForChangedPaths( + ["scripts/release-package-manifest.json"], + releasePackages, + ); + + assert.deepEqual( + changedPackages.map((pkg) => pkg.name), + ["@paperclipai/a", "@paperclipai/b"], + ); +}); + +test("manifest changes only validate newly release-enabled packages relative to base state", () => { + const releasePackages = [ + { dir: "packages/a", name: "@paperclipai/a", publishFromCi: true }, + { dir: "packages/b", name: "@paperclipai/b", publishFromCi: true }, + { dir: "packages/c", name: "@paperclipai/c", publishFromCi: false }, + ]; + const baseReleaseState = { + source: "manifest", + byDir: new Map([["packages/a", { name: "@paperclipai/a", publishFromCi: true }]]), + }; + + const changedPackages = collectReleasePackagesForChangedPaths( + ["scripts/release-package-manifest.json"], + releasePackages, + baseReleaseState, + ); + + assert.deepEqual( + changedPackages.map((pkg) => pkg.name), + ["@paperclipai/b"], + ); +}); + +test("package-specific changes only validate affected release-enabled packages", () => { + const releasePackages = [ + { dir: "packages/a", name: "@paperclipai/a", publishFromCi: true }, + { dir: "packages/b", name: "@paperclipai/b", publishFromCi: true }, + ]; + + const changedPackages = collectReleasePackagesForChangedPaths( + ["packages/b/package.json", "README.md"], + releasePackages, + ); + + assert.deepEqual( + changedPackages.map((pkg) => pkg.name), + ["@paperclipai/b"], + ); +}); + +test("npm E404 failures are treated as missing packages", () => { + assert.equal(classifyNpmViewFailure("npm error code E404"), "missing"); + assert.equal(classifyNpmViewFailure("404 Not Found"), "missing"); +}); + +test("non-404 npm failures are treated as registry errors", () => { + assert.equal(classifyNpmViewFailure("npm error code EAI_AGAIN"), "registry_error"); + assert.equal(classifyNpmViewFailure("npm error code E429"), "registry_error"); +}); + +test("base release state falls back to public packages when manifest is absent", () => { + const releasePackages = [ + { dir: "packages/a", name: "@paperclipai/a", publishFromCi: true }, + { dir: "packages/b", name: "@paperclipai/b", publishFromCi: true }, + ]; + + const baseReleaseState = getBaseReleaseState("base-sha", releasePackages, (_revision, filePath) => { + if (filePath === "scripts/release-package-manifest.json") { + return null; + } + + if (filePath === "packages/a/package.json") { + return JSON.stringify({ name: "@paperclipai/a", private: false }); + } + + if (filePath === "packages/b/package.json") { + return JSON.stringify({ name: "@paperclipai/b", private: true }); + } + + return null; + }); + + assert.equal(baseReleaseState?.source, "public-packages"); + assert.deepEqual([...baseReleaseState.byDir.entries()], [ + ["packages/a", { name: "@paperclipai/a", publishFromCi: true }], + ]); +}); diff --git a/scripts/release-lib.sh b/scripts/release-lib.sh index bfde8040..1befae9e 100644 --- a/scripts/release-lib.sh +++ b/scripts/release-lib.sh @@ -263,6 +263,38 @@ wait_for_npm_package_version() { return 1 } +wait_for_release_registry_state() { + local attempts="${1:-12}" + local delay_seconds="${2:-5}" + shift 2 + local attempt=1 + local output + local status + + while [ "$attempt" -le "$attempts" ]; do + if output="$(node "$REPO_ROOT/scripts/verify-release-registry-state.mjs" "$@" 2>&1)"; then + [ -n "$output" ] && printf '%s\n' "$output" + return 0 + fi + status=$? + + printf '%s\n' "$output" >&2 + + if [ "$status" -eq 2 ]; then + return "$status" + fi + + if [ "$attempt" -lt "$attempts" ]; then + release_warn "npm registry metadata has not converged yet (attempt ${attempt}/${attempts}); retrying in ${delay_seconds}s." + sleep "$delay_seconds" + fi + + attempt=$((attempt + 1)) + done + + return "${status:-1}" +} + require_clean_worktree() { if [ -n "$(git -C "$REPO_ROOT" status --porcelain)" ]; then release_fail "working tree is not clean. Commit, stash, or remove changes before releasing." diff --git a/scripts/release-package-manifest.json b/scripts/release-package-manifest.json new file mode 100644 index 00000000..954c258e --- /dev/null +++ b/scripts/release-package-manifest.json @@ -0,0 +1,112 @@ +[ + { + "dir": "packages/adapter-utils", + "name": "@paperclipai/adapter-utils", + "publishFromCi": true + }, + { + "dir": "packages/adapters/acpx-local", + "name": "@paperclipai/adapter-acpx-local", + "publishFromCi": true + }, + { + "dir": "packages/adapters/claude-local", + "name": "@paperclipai/adapter-claude-local", + "publishFromCi": true + }, + { + "dir": "packages/adapters/codex-local", + "name": "@paperclipai/adapter-codex-local", + "publishFromCi": true + }, + { + "dir": "packages/adapters/cursor-cloud", + "name": "@paperclipai/adapter-cursor-cloud", + "publishFromCi": true + }, + { + "dir": "packages/adapters/cursor-local", + "name": "@paperclipai/adapter-cursor-local", + "publishFromCi": true + }, + { + "dir": "packages/adapters/gemini-local", + "name": "@paperclipai/adapter-gemini-local", + "publishFromCi": true + }, + { + "dir": "packages/adapters/opencode-local", + "name": "@paperclipai/adapter-opencode-local", + "publishFromCi": true + }, + { + "dir": "packages/adapters/pi-local", + "name": "@paperclipai/adapter-pi-local", + "publishFromCi": true + }, + { + "dir": "packages/adapters/openclaw-gateway", + "name": "@paperclipai/adapter-openclaw-gateway", + "publishFromCi": true + }, + { + "dir": "packages/shared", + "name": "@paperclipai/shared", + "publishFromCi": true + }, + { + "dir": "packages/db", + "name": "@paperclipai/db", + "publishFromCi": true + }, + { + "dir": "packages/plugins/sdk", + "name": "@paperclipai/plugin-sdk", + "publishFromCi": true + }, + { + "dir": "server", + "name": "@paperclipai/server", + "publishFromCi": true + }, + { + "dir": "cli", + "name": "paperclipai", + "publishFromCi": true + }, + { + "dir": "packages/mcp-server", + "name": "@paperclipai/mcp-server", + "publishFromCi": true + }, + { + "dir": "packages/plugins/create-paperclip-plugin", + "name": "@paperclipai/create-paperclip-plugin", + "publishFromCi": true + }, + { + "dir": "packages/plugins/sandbox-providers/cloudflare", + "name": "@paperclipai/plugin-cloudflare-sandbox", + "publishFromCi": true + }, + { + "dir": "packages/plugins/sandbox-providers/daytona", + "name": "@paperclipai/plugin-daytona", + "publishFromCi": true + }, + { + "dir": "packages/plugins/sandbox-providers/exe-dev", + "name": "@paperclipai/plugin-exe-dev", + "publishFromCi": true + }, + { + "dir": "packages/plugins/sandbox-providers/e2b", + "name": "@paperclipai/plugin-e2b", + "publishFromCi": true + }, + { + "dir": "ui", + "name": "@paperclipai/ui", + "publishFromCi": true + } +] diff --git a/scripts/release-package-map.mjs b/scripts/release-package-map.mjs index 60deba31..a990b88e 100644 --- a/scripts/release-package-map.mjs +++ b/scripts/release-package-map.mjs @@ -6,6 +6,7 @@ import { dirname, join, resolve } from "node:path"; const __dirname = dirname(fileURLToPath(import.meta.url)); const repoRoot = resolve(__dirname, ".."); +const manifestPath = join(repoRoot, "scripts", "release-package-manifest.json"); const roots = ["packages", "server", "ui", "cli"]; function readJson(filePath) { @@ -48,6 +49,84 @@ function discoverPublicPackages() { return packages; } +function loadReleaseManifest() { + const manifest = readJson(manifestPath); + + if (!Array.isArray(manifest)) { + throw new Error(`expected ${manifestPath} to contain an array.`); + } + + return manifest.map((entry, index) => { + if (!entry || typeof entry !== "object" || Array.isArray(entry)) { + throw new Error(`manifest entry ${index + 1} in ${manifestPath} must be an object.`); + } + + if (typeof entry.dir !== "string" || entry.dir.length === 0) { + throw new Error(`manifest entry ${index + 1} in ${manifestPath} is missing a non-empty "dir".`); + } + + if (typeof entry.name !== "string" || entry.name.length === 0) { + throw new Error(`manifest entry ${index + 1} in ${manifestPath} is missing a non-empty "name".`); + } + + if (typeof entry.publishFromCi !== "boolean") { + throw new Error( + `manifest entry ${index + 1} (${entry.dir}) in ${manifestPath} must set boolean "publishFromCi".`, + ); + } + + return entry; + }); +} + +function buildReleasePackagePlan() { + const discoveredPackages = discoverPublicPackages(); + const manifestEntries = loadReleaseManifest(); + const packageByDir = new Map(discoveredPackages.map((pkg) => [pkg.dir, pkg])); + const manifestByDir = new Map(); + const problems = []; + + for (const entry of manifestEntries) { + if (manifestByDir.has(entry.dir)) { + problems.push(`duplicate manifest entry for ${entry.dir}`); + continue; + } + + manifestByDir.set(entry.dir, entry); + const pkg = packageByDir.get(entry.dir); + + if (!pkg) { + problems.push(`${entry.dir} is listed in ${manifestPath} but is not a public package in this repo`); + continue; + } + + if (pkg.name !== entry.name) { + problems.push( + `${entry.dir} is listed as ${entry.name} in ${manifestPath}, but package.json declares ${pkg.name}`, + ); + } + } + + for (const pkg of discoveredPackages) { + if (!manifestByDir.has(pkg.dir)) { + problems.push( + `${pkg.dir} (${pkg.name}) is public but missing from ${manifestPath}; add it with publishFromCi true or false`, + ); + } + } + + if (problems.length > 0) { + throw new Error(`release package manifest validation failed:\n- ${problems.join("\n- ")}`); + } + + const packages = discoveredPackages.map((pkg) => ({ + ...pkg, + publishFromCi: manifestByDir.get(pkg.dir).publishFromCi, + })); + + return packages; +} + function sortTopologically(packages) { const byName = new Map(packages.map((pkg) => [pkg.name, pkg])); const visited = new Set(); @@ -57,7 +136,7 @@ function sortTopologically(packages) { function visit(pkg) { if (visited.has(pkg.name)) return; if (visiting.has(pkg.name)) { - throw new Error(`cycle detected in public package graph at ${pkg.name}`); + throw new Error(`cycle detected in release package graph at ${pkg.name}`); } visiting.add(pkg.name); @@ -87,6 +166,10 @@ function sortTopologically(packages) { return ordered; } +function getReleasePackages() { + return sortTopologically(buildReleasePackagePlan().filter((pkg) => pkg.publishFromCi)); +} + function replaceWorkspaceDeps(deps, version) { if (!deps) return deps; const next = { ...deps }; @@ -101,7 +184,7 @@ function replaceWorkspaceDeps(deps, version) { } function setVersion(version) { - const packages = sortTopologically(discoverPublicPackages()); + const packages = getReleasePackages(); for (const pkg of packages) { const nextPkg = { @@ -134,17 +217,32 @@ function setVersion(version) { } function listPackages() { - const packages = sortTopologically(discoverPublicPackages()); + const packages = getReleasePackages(); for (const pkg of packages) { process.stdout.write(`${pkg.dir}\t${pkg.name}\t${pkg.version}\n`); } } +function checkConfiguration() { + const packages = buildReleasePackagePlan(); + const enabledCount = packages.filter((pkg) => pkg.publishFromCi).length; + const disabledCount = packages.length - enabledCount; + + if (enabledCount === 0) { + throw new Error(`no packages are enabled for CI publishing in ${manifestPath}`); + } + + process.stdout.write( + `Release package manifest OK: ${enabledCount} enabled for CI publish, ${disabledCount} disabled pending bootstrap.\n`, + ); +} + function usage() { process.stderr.write( [ "Usage:", " node scripts/release-package-map.mjs list", + " node scripts/release-package-map.mjs check", " node scripts/release-package-map.mjs set-version ", "", ].join("\n"), @@ -152,20 +250,36 @@ function usage() { } const [command, arg] = process.argv.slice(2); +const isDirectRun = process.argv[1] && resolve(process.argv[1]) === fileURLToPath(import.meta.url); -if (command === "list") { - listPackages(); - process.exit(0); -} - -if (command === "set-version") { - if (!arg) { - usage(); - process.exit(1); +if (isDirectRun) { + if (command === "list") { + listPackages(); + process.exit(0); } - setVersion(arg); - process.exit(0); + + if (command === "check") { + checkConfiguration(); + process.exit(0); + } + + if (command === "set-version") { + if (!arg) { + usage(); + process.exit(1); + } + setVersion(arg); + process.exit(0); + } + + usage(); + process.exit(1); } -usage(); -process.exit(1); +export { + buildReleasePackagePlan, + checkConfiguration, + discoverPublicPackages, + getReleasePackages, + loadReleaseManifest, +}; diff --git a/scripts/release-package-map.test.mjs b/scripts/release-package-map.test.mjs new file mode 100644 index 00000000..704dd3dd --- /dev/null +++ b/scripts/release-package-map.test.mjs @@ -0,0 +1,24 @@ +import assert from "node:assert/strict"; +import test from "node:test"; + +import { + buildReleasePackagePlan, + checkConfiguration, + getReleasePackages, +} from "./release-package-map.mjs"; + +test("release package manifest covers all public packages with explicit CI enrollment", () => { + const packages = buildReleasePackagePlan(); + assert.ok(packages.length > 0); + assert.ok(packages.every((pkg) => typeof pkg.publishFromCi === "boolean")); +}); + +test("release package list only contains CI-enrolled packages", () => { + const enabledPackages = getReleasePackages(); + assert.ok(enabledPackages.length > 0); + assert.ok(enabledPackages.every((pkg) => pkg.publishFromCi === true)); +}); + +test("release package configuration validates successfully", () => { + assert.doesNotThrow(() => checkConfiguration()); +}); diff --git a/scripts/release.sh b/scripts/release.sh index fc9441a6..9d27c9cf 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -11,7 +11,6 @@ release_date="" dry_run=false skip_verify=false print_version_only=false -allow_canary_latest=false tag_name="" cleanup_on_exit=false @@ -19,12 +18,11 @@ cleanup_on_exit=false usage() { cat <<'EOF' Usage: - ./scripts/release.sh [--date YYYY-MM-DD] [--dry-run] [--skip-verify] [--print-version] [--allow-canary-latest] + ./scripts/release.sh [--date YYYY-MM-DD] [--dry-run] [--skip-verify] [--print-version] Examples: ./scripts/release.sh canary ./scripts/release.sh canary --date 2026-03-17 --dry-run - ./scripts/release.sh canary --allow-canary-latest ./scripts/release.sh stable ./scripts/release.sh stable --date 2026-03-17 --dry-run ./scripts/release.sh stable --date 2026-03-18 --print-version @@ -34,9 +32,6 @@ Notes: zero-padded UTC day, and P is the same-day stable patch slot. - Canary releases publish YYYY.MDD.P-canary.N under the npm dist-tag "canary" and create the git tag canary/vYYYY.MDD.P-canary.N. - - Canary releases fail by default if npm leaves the "latest" dist-tag - pointing at any canary. Pass --allow-canary-latest only when that is an - intentional first-publish or migration state. - Stable releases publish YYYY.MDD.P under the npm dist-tag "latest" and create the git tag vYYYY.MDD.P. - Stable release notes must already exist at releases/vYYYY.MDD.P.md. @@ -104,7 +99,6 @@ while [ $# -gt 0 ]; do --dry-run) dry_run=true ;; --skip-verify) skip_verify=true ;; --print-version) print_version_only=true ;; - --allow-canary-latest) allow_canary_latest=true ;; -h|--help) usage exit 0 @@ -121,10 +115,6 @@ done exit 1 } -if [ "$allow_canary_latest" = true ] && [ "$channel" != "canary" ]; then - release_fail "--allow-canary-latest can only be used with the canary channel." -fi - PUBLISH_REMOTE="$(resolve_release_remote)" fetch_release_remote "$PUBLISH_REMOTE" @@ -197,11 +187,6 @@ release_info " Release date (UTC): $RELEASE_DATE" release_info " Target stable version: $TARGET_STABLE_VERSION" if [ "$channel" = "canary" ]; then release_info " Canary version: $TARGET_PUBLISH_VERSION" - if [ "$allow_canary_latest" = true ]; then - release_info " latest dist-tag policy: allow canary" - else - release_info " latest dist-tag policy: fail if npm leaves latest on a canary" - fi else release_info " Stable version: $TARGET_PUBLISH_VERSION" fi @@ -281,6 +266,8 @@ else release_info "==> Step 6/7: Confirming npm package availability and dist-tag integrity..." VERIFY_ATTEMPTS="${NPM_PUBLISH_VERIFY_ATTEMPTS:-12}" VERIFY_DELAY_SECONDS="${NPM_PUBLISH_VERIFY_DELAY_SECONDS:-5}" + REGISTRY_STATE_VERIFY_ATTEMPTS="${NPM_REGISTRY_STATE_VERIFY_ATTEMPTS:-12}" + REGISTRY_STATE_VERIFY_DELAY_SECONDS="${NPM_REGISTRY_STATE_VERIFY_DELAY_SECONDS:-5}" MISSING_PUBLISHED_PACKAGES="" while IFS=$'\t' read -r _pkg_dir pkg_name pkg_version; do @@ -306,15 +293,25 @@ else --dist-tag "$DIST_TAG" --target-version "$TARGET_PUBLISH_VERSION" ) - if [ "$allow_canary_latest" = true ]; then - verify_args+=(--allow-canary-latest) - fi while IFS=$'\t' read -r _pkg_dir pkg_name _pkg_version; do [ -z "$pkg_name" ] && continue verify_args+=(--package "$pkg_name") done <<< "$VERSIONED_PACKAGE_INFO" - node "$REPO_ROOT/scripts/verify-release-registry-state.mjs" "${verify_args[@]}" + release_info " Waiting for npm dist-tags and package metadata to converge..." + if wait_for_release_registry_state \ + "$REGISTRY_STATE_VERIFY_ATTEMPTS" \ + "$REGISTRY_STATE_VERIFY_DELAY_SECONDS" \ + "${verify_args[@]}"; then + : + else + verify_status=$? + if [ "$verify_status" -eq 2 ]; then + release_fail "publish completed, but registry verification failed immediately for ${TARGET_PUBLISH_VERSION}; dist-tag state is wrong or requires operator intervention" + fi + + release_fail "publish completed, but npm dist-tags or registry metadata never converged for ${TARGET_PUBLISH_VERSION}" + fi fi release_info "" diff --git a/scripts/run-typecheck-build-gaps.mjs b/scripts/run-typecheck-build-gaps.mjs new file mode 100644 index 00000000..6210ab2a --- /dev/null +++ b/scripts/run-typecheck-build-gaps.mjs @@ -0,0 +1,93 @@ +#!/usr/bin/env node +import { readFileSync } from "node:fs"; +import path from "node:path"; +import { spawnSync } from "node:child_process"; + +const repoRoot = process.cwd(); + +function fail(message) { + console.error(`[typecheck:build-gaps] ${message}`); + process.exit(1); +} + +function run(command, args) { + const result = spawnSync(command, args, { + cwd: repoRoot, + stdio: "inherit", + }); + + if (result.error) { + console.error(`[typecheck:build-gaps] Failed to spawn ${command}: ${result.error.message}`); + process.exit(1); + } + + if (result.status !== 0) { + process.exit(result.status ?? 1); + } +} + +function readJson(filePath) { + return JSON.parse(readFileSync(filePath, "utf8")); +} + +function listWorkspacePackages() { + const result = spawnSync("pnpm", ["ls", "-r", "--depth", "-1", "--json"], { + cwd: repoRoot, + encoding: "utf8", + }); + + if (result.error) { + fail(`Unable to spawn pnpm to list workspace packages: ${result.error.message}`); + } + + if (result.status !== 0) { + fail("Unable to list pnpm workspace packages."); + } + + return JSON.parse(result.stdout); +} + +function buildSkipsTypeScript(pkg) { + const buildScript = pkg.scripts?.build; + if (typeof buildScript !== "string") { + return false; + } + + return !/\btsc\b/.test(buildScript); +} + +const workspacePackages = listWorkspacePackages(); +const buildGapCandidates = workspacePackages + .filter((workspacePkg) => workspacePkg.path !== repoRoot) + .map((workspacePkg) => ({ + name: workspacePkg.name, + path: workspacePkg.path, + pkg: readJson(path.join(workspacePkg.path, "package.json")), + })) + .filter(({ pkg }) => buildSkipsTypeScript(pkg)); +const packagesMissingTypecheck = buildGapCandidates.filter( + ({ pkg }) => typeof pkg.scripts?.typecheck !== "string", +); +if (packagesMissingTypecheck.length > 0) { + const missingNames = packagesMissingTypecheck.map((workspacePkg) => workspacePkg.name).join(", "); + fail( + `Workspace packages with build scripts that skip tsc must define a typecheck script. Missing: ${missingNames}`, + ); +} +const buildGapPackages = buildGapCandidates.filter( + ({ pkg }) => typeof pkg.scripts?.typecheck === "string", +); + +console.log( + `[typecheck:build-gaps] typechecking ${buildGapPackages.length} workspace(s): ${buildGapPackages.map(({ name }) => name).join(", ") || "(none)"}`, +); + +if (buildGapPackages.length === 0) { + process.exit(0); +} + +run("pnpm", ["--filter", "@paperclipai/plugin-sdk", "build"]); + +for (const workspacePkg of buildGapPackages) { + run("pnpm", ["--filter", workspacePkg.name, "typecheck"]); +} diff --git a/scripts/run-vitest-stable.mjs b/scripts/run-vitest-stable.mjs index e016719f..4ded9794 100644 --- a/scripts/run-vitest-stable.mjs +++ b/scripts/run-vitest-stable.mjs @@ -45,6 +45,9 @@ const additionalSerializedServerTests = new Set([ "server/src/__tests__/routines-e2e.test.ts", ]); let invocationIndex = 0; +const serializedModeName = "serialized"; +const generalModeName = "general"; +const allModeName = "all"; function walk(dir) { const entries = readdirSync(dir); @@ -77,6 +80,130 @@ function isRouteOrAuthzTest(file) { return additionalSerializedServerTests.has(file); } +function fail(message) { + console.error(`[test:run] ${message}`); + process.exit(1); +} + +function readOptionValue(argv, index, argName) { + const value = argv[index + 1]; + if (value === undefined) { + fail(`Missing value for ${argName}`); + } + + return value; +} + +function parseNonNegativeInteger(value, argName) { + const parsed = Number(value); + if (value.trim() === "" || !Number.isInteger(parsed) || parsed < 0) { + fail(`${argName} must be a non-negative integer. Received "${value}".`); + } + + return parsed; +} + +function parsePositiveInteger(value, argName) { + const parsed = Number(value); + if (value.trim() === "" || !Number.isInteger(parsed) || parsed < 1) { + fail(`${argName} must be a positive integer. Received "${value}".`); + } + + return parsed; +} + +function parseCliOptions(argv) { + let mode = allModeName; + let shardIndex = null; + let shardCount = null; + let dryRun = false; + + for (let index = 0; index < argv.length; index += 1) { + const arg = argv[index]; + if (arg === "--") { + continue; + } + + if (arg === "--mode") { + mode = readOptionValue(argv, index, arg); + index += 1; + continue; + } + + if (arg.startsWith("--mode=")) { + mode = arg.slice("--mode=".length); + continue; + } + + if (arg === "--shard-index") { + shardIndex = parseNonNegativeInteger(readOptionValue(argv, index, arg), arg); + index += 1; + continue; + } + + if (arg.startsWith("--shard-index=")) { + shardIndex = parseNonNegativeInteger(arg.slice("--shard-index=".length), "--shard-index"); + continue; + } + + if (arg === "--shard-count") { + shardCount = parsePositiveInteger(readOptionValue(argv, index, arg), arg); + index += 1; + continue; + } + + if (arg.startsWith("--shard-count=")) { + shardCount = parsePositiveInteger(arg.slice("--shard-count=".length), "--shard-count"); + continue; + } + + if (arg === "--dry-run") { + dryRun = true; + continue; + } + + fail(`Unknown argument "${arg}".`); + } + + if (!new Set([allModeName, generalModeName, serializedModeName]).has(mode)) { + fail(`Unknown mode "${mode}". Expected one of: ${allModeName}, ${generalModeName}, ${serializedModeName}.`); + } + + if ((shardIndex === null) !== (shardCount === null)) { + fail("--shard-index and --shard-count must be provided together."); + } + + if (mode !== serializedModeName && shardIndex !== null) { + fail("--shard-index/--shard-count are only valid with --mode serialized."); + } + + if (mode === serializedModeName) { + const resolvedShardCount = shardCount ?? 1; + const resolvedShardIndex = shardIndex ?? 0; + if (resolvedShardIndex >= resolvedShardCount) { + fail(`--shard-index must be less than --shard-count. Received ${resolvedShardIndex} of ${resolvedShardCount}.`); + } + + return { + mode, + shardIndex: resolvedShardIndex, + shardCount: resolvedShardCount, + dryRun, + }; + } + + return { + mode, + shardIndex: null, + shardCount: null, + dryRun, + }; +} + +function selectSerializedSuites(routeTests, shardIndex, shardCount) { + return routeTests.filter((_, index) => index % shardCount === shardIndex); +} + function runVitest(args, label) { console.log(`\n[test:run] ${label}`); invocationIndex += 1; @@ -103,6 +230,38 @@ function runVitest(args, label) { } } +function runGeneralSuites(routeTests) { + const excludeRouteArgs = routeTests.flatMap((file) => ["--exclude", file.serverPath]); + for (const project of nonServerProjects) { + runVitest(["--project", project], `non-server project ${project}`); + } + + runVitest( + ["--project", "@paperclipai/server", ...excludeRouteArgs], + `server suites excluding ${routeTests.length} serialized suites`, + ); +} + +function runSerializedSuites(routeTests, shardIndex, shardCount) { + const shardTests = selectSerializedSuites(routeTests, shardIndex, shardCount); + console.log( + `\n[test:run] serialized shard ${shardIndex + 1}/${shardCount} running ${shardTests.length} of ${routeTests.length} suites`, + ); + + for (const routeTest of shardTests) { + runVitest( + [ + "--project", + "@paperclipai/server", + routeTest.repoPath, + "--pool=forks", + "--poolOptions.forks.isolate=true", + ], + routeTest.repoPath, + ); + } +} + const routeTests = walk(serverTestsDir) .filter((file) => isRouteOrAuthzTest(toRepoPath(file))) .map((file) => ({ @@ -111,25 +270,32 @@ const routeTests = walk(serverTestsDir) })) .sort((a, b) => a.repoPath.localeCompare(b.repoPath)); -const excludeRouteArgs = routeTests.flatMap((file) => ["--exclude", file.serverPath]); -for (const project of nonServerProjects) { - runVitest(["--project", project], `non-server project ${project}`); -} - -runVitest( - ["--project", "@paperclipai/server", ...excludeRouteArgs], - `server suites excluding ${routeTests.length} serialized suites`, -); - -for (const routeTest of routeTests) { - runVitest( - [ - "--project", - "@paperclipai/server", - routeTest.repoPath, - "--pool=forks", - "--poolOptions.forks.isolate=true", - ], - routeTest.repoPath, +const options = parseCliOptions(process.argv.slice(2)); +if (options.dryRun) { + const serializedSuites = + options.mode === serializedModeName + ? selectSerializedSuites(routeTests, options.shardIndex, options.shardCount) + : routeTests; + console.log( + JSON.stringify( + { + mode: options.mode, + shardIndex: options.shardIndex, + shardCount: options.shardCount, + serializedSuiteCount: routeTests.length, + selectedSerializedSuites: serializedSuites.map((routeTest) => routeTest.repoPath), + }, + null, + 2, + ), ); + process.exit(0); +} + +if (options.mode === generalModeName || options.mode === allModeName) { + runGeneralSuites(routeTests); +} + +if (options.mode === serializedModeName || options.mode === allModeName) { + runSerializedSuites(routeTests, options.shardIndex ?? 0, options.shardCount ?? 1); } diff --git a/scripts/verify-release-registry-state.mjs b/scripts/verify-release-registry-state.mjs index 85859a3e..50d4ad94 100644 --- a/scripts/verify-release-registry-state.mjs +++ b/scripts/verify-release-registry-state.mjs @@ -3,11 +3,21 @@ import { pathToFileURL } from "node:url"; const CANARY_VERSION_RE = /-canary\.\d+$/; +const EXIT_RETRIABLE_FAILURE = 1; +const EXIT_NON_RETRIABLE_FAILURE = 2; export function isCanaryVersion(version) { return CANARY_VERSION_RE.test(version); } +function createExitError(message, exitCode = EXIT_RETRIABLE_FAILURE) { + return Object.assign(new Error(message), { exitCode }); +} + +function createProblem(message, { retriable = true } = {}) { + return { message, retriable }; +} + function usage() { process.stderr.write( [ @@ -55,58 +65,111 @@ function parseArgs(argv) { usage(); process.exit(0); default: - throw new Error(`unexpected argument: ${arg}`); + throw createExitError(`unexpected argument: ${arg}`, EXIT_NON_RETRIABLE_FAILURE); } } if (options.channel !== "canary" && options.channel !== "stable") { - throw new Error("--channel must be canary or stable"); + throw createExitError("--channel must be canary or stable", EXIT_NON_RETRIABLE_FAILURE); } if (!options.distTag) { - throw new Error("--dist-tag is required"); + throw createExitError("--dist-tag is required", EXIT_NON_RETRIABLE_FAILURE); } if (!options.targetVersion) { - throw new Error("--target-version is required"); + throw createExitError("--target-version is required", EXIT_NON_RETRIABLE_FAILURE); } if (options.packages.length === 0 || options.packages.some((name) => !name)) { - throw new Error("at least one non-empty --package value is required"); + throw createExitError("at least one non-empty --package value is required", EXIT_NON_RETRIABLE_FAILURE); } if (options.allowCanaryLatest && options.channel !== "canary") { - throw new Error("--allow-canary-latest only applies to canary releases"); + throw createExitError("--allow-canary-latest only applies to canary releases", EXIT_NON_RETRIABLE_FAILURE); } return options; } -function createRegistryUrl(packageName) { +function createRegistryUrl(packageName, version = "") { const registry = process.env.npm_config_registry ?? process.env.NPM_CONFIG_REGISTRY ?? "https://registry.npmjs.org/"; - return new URL(encodeURIComponent(packageName), registry.endsWith("/") ? registry : `${registry}/`); + const baseUrl = registry.endsWith("/") ? registry : `${registry}/`; + const encodedPackage = encodeURIComponent(packageName); + + if (!version) { + return new URL(encodedPackage, baseUrl); + } + + return new URL(`${encodedPackage}/${encodeURIComponent(version)}`, baseUrl); } -async function fetchPackageDocument(packageName, { allowMissing = false } = {}) { - const url = createRegistryUrl(packageName); - const response = await fetch(url, { - headers: { - accept: "application/vnd.npm.install-v1+json, application/json;q=0.9", - }, - }); +export async function fetchRegistryJson(url, { allowMissing = false, timeoutMs = 30_000 } = {}) { + const controller = new AbortController(); + const timeout = setTimeout(() => controller.abort(), timeoutMs); + let response; + + try { + response = await fetch(url, { + signal: controller.signal, + headers: { + accept: "application/vnd.npm.install-v1+json, application/json;q=0.9", + }, + }); + } catch (error) { + if (error instanceof Error && error.name === "AbortError") { + throw new Error(`npm registry request timed out for ${url} after ${timeoutMs}ms`); + } + throw error; + } finally { + clearTimeout(timeout); + } if (response.status === 404 && allowMissing) { return null; } if (!response.ok) { - throw new Error(`npm registry request failed for ${packageName}: ${response.status} ${response.statusText}`); + throw new Error(`npm registry request failed for ${url}: ${response.status} ${response.statusText}`); } return response.json(); } -export function collectInternalDependencyProblems(manifest, packageDocsByName) { +async function fetchPackageDocument(packageName, { allowMissing = false } = {}) { + return fetchRegistryJson(createRegistryUrl(packageName), { allowMissing }); +} + +async function fetchPackageManifest(packageName, version, { allowMissing = false } = {}) { + return fetchRegistryJson(createRegistryUrl(packageName, version), { allowMissing }); +} + +export function createManifestLookupKey(packageName, version) { + return `${packageName}@${version}`; +} + +function isRangeVersionSpecifier(version) { + return /[\^~*xX><| ]/.test(version); +} + +function resolvePublishedManifest(packageName, version, packageDoc, packageManifestsByKey = new Map()) { + const directManifest = packageManifestsByKey.get(createManifestLookupKey(packageName, version)); + if (directManifest) { + return directManifest; + } + + if (directManifest === null) { + return null; + } + + return packageDoc?.versions?.[version] ?? null; +} + +function collectInternalDependencyProblemEntries( + manifest, + packageDocsByName, + packageManifestsByKey = new Map(), +) { const problems = []; const sections = [ ["dependencies", manifest.dependencies ?? {}], @@ -122,20 +185,41 @@ export function collectInternalDependencyProblems(manifest, packageDocsByName) { if (typeof dependencyVersion !== "string" || !dependencyVersion) { problems.push( - `${sectionName} declares ${dependencyName} with a non-string version: ${JSON.stringify(dependencyVersion)}`, + createProblem( + `${sectionName} declares ${dependencyName} with a non-string version: ${JSON.stringify(dependencyVersion)}`, + ), ); continue; } - const dependencyDoc = packageDocsByName.get(dependencyName); - if (!dependencyDoc) { - problems.push(`${sectionName} requires ${dependencyName}@${dependencyVersion}, but that package is not published`); + // Peer dependency ranges express compatibility, not a manifest that can be fetched directly. + if (sectionName === "peerDependencies" && isRangeVersionSpecifier(dependencyVersion)) { continue; } - if (!(dependencyVersion in (dependencyDoc.versions ?? {}))) { + const dependencyManifest = resolvePublishedManifest( + dependencyName, + dependencyVersion, + packageDocsByName.get(dependencyName), + packageManifestsByKey, + ); + const dependencyLookupKey = createManifestLookupKey(dependencyName, dependencyVersion); + + if (!dependencyManifest) { + const dependencyDoc = packageDocsByName.get(dependencyName); + if (!dependencyDoc && !packageManifestsByKey.has(dependencyLookupKey)) { + problems.push( + createProblem( + `${sectionName} requires ${dependencyName}@${dependencyVersion}, but npm publication metadata was not fetched for that dependency`, + ), + ); + continue; + } + problems.push( - `${sectionName} requires ${dependencyName}@${dependencyVersion}, but npm does not expose that version`, + createProblem( + `${sectionName} requires ${dependencyName}@${dependencyVersion}, but npm does not expose that version`, + ), ); } } @@ -144,21 +228,34 @@ export function collectInternalDependencyProblems(manifest, packageDocsByName) { return problems; } -function requireManifest(packageName, version, packageDoc, problems) { - const manifest = packageDoc.versions?.[version]; +export function collectInternalDependencyProblems( + manifest, + packageDocsByName, + packageManifestsByKey = new Map(), +) { + return collectInternalDependencyProblemEntries( + manifest, + packageDocsByName, + packageManifestsByKey, + ).map((problem) => problem.message); +} + +function requireManifest(packageName, version, packageDoc, packageManifestsByKey, problems) { + const manifest = resolvePublishedManifest(packageName, version, packageDoc, packageManifestsByKey); if (!manifest) { if (problems) { - problems.push(`${packageName}: npm registry is missing manifest data for ${version}`); + problems.push(createProblem(`${packageName}: npm registry is missing manifest data for ${version}`)); } return null; } return manifest; } -export function verifyPackageRegistryState({ +export function verifyPackageRegistryProblems({ packageName, packageDoc, packageDocsByName, + packageManifestsByKey = new Map(), channel, distTag, targetVersion, @@ -170,14 +267,20 @@ export function verifyPackageRegistryState({ if (taggedVersion !== targetVersion) { problems.push( - `${packageName}: dist-tag ${distTag} resolves to ${taggedVersion ?? ""}, expected ${targetVersion}`, + createProblem( + `${packageName}: dist-tag ${distTag} resolves to ${taggedVersion ?? ""}, expected ${targetVersion}`, + ), ); } - const targetManifest = requireManifest(packageName, targetVersion, packageDoc, problems); + const targetManifest = requireManifest(packageName, targetVersion, packageDoc, packageManifestsByKey, problems); if (targetManifest) { - for (const problem of collectInternalDependencyProblems(targetManifest, packageDocsByName)) { - problems.push(`${packageName}@${targetVersion}: ${problem}`); + for (const problem of collectInternalDependencyProblemEntries( + targetManifest, + packageDocsByName, + packageManifestsByKey, + )) { + problems.push(createProblem(`${packageName}@${targetVersion}: ${problem.message}`, problem)); } } @@ -186,15 +289,28 @@ export function verifyPackageRegistryState({ if (latestVersion && isCanaryVersion(latestVersion) && !allowCanaryLatest) { problems.push( - `${packageName}: latest dist-tag still resolves to canary ${latestVersion}; rerun with --allow-canary-latest only when that state is intentional`, + createProblem( + `${packageName}: latest dist-tag still resolves to canary ${latestVersion}; if that state is intentional, rerun the verification script directly with --allow-canary-latest`, + { retriable: false }, + ), ); } if (latestVersion && isCanaryVersion(latestVersion)) { - const latestManifest = requireManifest(packageName, latestVersion, packageDoc, problems); + const latestManifest = requireManifest( + packageName, + latestVersion, + packageDoc, + packageManifestsByKey, + problems, + ); if (latestManifest) { - for (const problem of collectInternalDependencyProblems(latestManifest, packageDocsByName)) { - problems.push(`${packageName}@${latestVersion} via latest: ${problem}`); + for (const problem of collectInternalDependencyProblemEntries( + latestManifest, + packageDocsByName, + packageManifestsByKey, + )) { + problems.push(createProblem(`${packageName}@${latestVersion} via latest: ${problem.message}`, problem)); } } } @@ -203,10 +319,46 @@ export function verifyPackageRegistryState({ return problems; } +export function verifyPackageRegistryState(options) { + return verifyPackageRegistryProblems(options).map((problem) => problem.message); +} + +function collectInternalDependencyVersions(manifest) { + const dependencyVersions = []; + + for (const [sectionName, deps] of [ + ["dependencies", manifest.dependencies ?? {}], + ["optionalDependencies", manifest.optionalDependencies ?? {}], + ["peerDependencies", manifest.peerDependencies ?? {}], + ]) { + for (const [dependencyName, dependencyVersion] of Object.entries(deps)) { + if (!dependencyName.startsWith("@paperclipai/")) { + continue; + } + + if (typeof dependencyVersion !== "string" || !dependencyVersion) { + continue; + } + + if (sectionName === "peerDependencies" && isRangeVersionSpecifier(dependencyVersion)) { + continue; + } + + dependencyVersions.push({ + packageName: dependencyName, + version: dependencyVersion, + }); + } + } + + return dependencyVersions; +} + async function main() { const options = parseArgs(process.argv.slice(2)); const packageNames = [...new Set(options.packages)]; const packageDocsByName = new Map(); + const packageManifestsByKey = new Map(); await Promise.all( packageNames.map(async (packageName) => { @@ -214,40 +366,60 @@ async function main() { }), ); - const additionalInternalDeps = new Set(); - for (const packageDoc of packageDocsByName.values()) { - const versionsToCheck = new Set([options.targetVersion]); - const latestVersion = packageDoc["dist-tags"]?.latest; + const versionsToFetchByPackage = new Map(); + for (const packageName of packageNames) { + const packageDoc = packageDocsByName.get(packageName); + const versionsToFetch = new Set([options.targetVersion]); + const latestVersion = packageDoc?.["dist-tags"]?.latest; if (latestVersion && isCanaryVersion(latestVersion)) { - versionsToCheck.add(latestVersion); + versionsToFetch.add(latestVersion); } + versionsToFetchByPackage.set(packageName, versionsToFetch); + } - for (const version of versionsToCheck) { - const manifest = packageDoc.versions?.[version]; + await Promise.all( + [...versionsToFetchByPackage.entries()].flatMap(([packageName, versionsToFetch]) => + [...versionsToFetch].map(async (version) => { + packageManifestsByKey.set( + createManifestLookupKey(packageName, version), + await fetchPackageManifest(packageName, version, { allowMissing: true }), + ); + }), + ), + ); + + const dependencyVersionsByKey = new Map(); + for (const [packageName, versionsToFetch] of versionsToFetchByPackage.entries()) { + for (const version of versionsToFetch) { + const manifest = resolvePublishedManifest( + packageName, + version, + packageDocsByName.get(packageName), + packageManifestsByKey, + ); if (!manifest) { continue; } - for (const deps of [ - manifest.dependencies ?? {}, - manifest.optionalDependencies ?? {}, - manifest.peerDependencies ?? {}, - ]) { - for (const dependencyName of Object.keys(deps)) { - if (dependencyName.startsWith("@paperclipai/")) { - additionalInternalDeps.add(dependencyName); - } - } + for (const dependencyVersion of collectInternalDependencyVersions(manifest)) { + dependencyVersionsByKey.set( + createManifestLookupKey(dependencyVersion.packageName, dependencyVersion.version), + dependencyVersion, + ); } } } - const missingDeps = [...additionalInternalDeps].filter((dep) => !packageDocsByName.has(dep)); await Promise.all( - missingDeps.map(async (dependencyName) => { - packageDocsByName.set( - dependencyName, - await fetchPackageDocument(dependencyName, { allowMissing: true }), + [...dependencyVersionsByKey.values()].map(async ({ packageName, version }) => { + const lookupKey = createManifestLookupKey(packageName, version); + if (packageManifestsByKey.has(lookupKey)) { + return; + } + + packageManifestsByKey.set( + lookupKey, + await fetchPackageManifest(packageName, version, { allowMissing: true }), ); }), ); @@ -256,10 +428,11 @@ async function main() { for (const packageName of packageNames) { process.stdout.write(` Verifying ${packageName} on dist-tag ${options.distTag}\n`); - const packageProblems = verifyPackageRegistryState({ + const packageProblems = verifyPackageRegistryProblems({ packageName, packageDoc: packageDocsByName.get(packageName), packageDocsByName, + packageManifestsByKey, channel: options.channel, distTag: options.distTag, targetVersion: options.targetVersion, @@ -272,13 +445,16 @@ async function main() { } for (const problem of packageProblems) { - process.stderr.write(` ✗ ${problem}\n`); + process.stderr.write(` ✗ ${problem.message}\n`); problems.push(problem); } } if (problems.length > 0) { - throw new Error(`npm registry verification failed for ${problems.length} problem(s)`); + const exitCode = problems.some((problem) => !problem.retriable) + ? EXIT_NON_RETRIABLE_FAILURE + : EXIT_RETRIABLE_FAILURE; + throw createExitError(`npm registry verification failed for ${problems.length} problem(s)`, exitCode); } } @@ -287,6 +463,6 @@ const isDirectRun = process.argv[1] && import.meta.url === pathToFileURL(process if (isDirectRun) { main().catch((error) => { process.stderr.write(`Error: ${error.message}\n`); - process.exit(1); + process.exit(error.exitCode ?? EXIT_RETRIABLE_FAILURE); }); } diff --git a/scripts/verify-release-registry-state.test.mjs b/scripts/verify-release-registry-state.test.mjs index e23cfcdc..bf3b0b0c 100644 --- a/scripts/verify-release-registry-state.test.mjs +++ b/scripts/verify-release-registry-state.test.mjs @@ -3,7 +3,10 @@ import test from "node:test"; import { collectInternalDependencyProblems, + createManifestLookupKey, + fetchRegistryJson, isCanaryVersion, + verifyPackageRegistryProblems, verifyPackageRegistryState, } from "./verify-release-registry-state.mjs"; @@ -30,9 +33,119 @@ test("collectInternalDependencyProblems flags missing internal versions", () => ], ]); - assert.deepEqual(collectInternalDependencyProblems(manifest, packageDocsByName), [ - "dependencies requires @paperclipai/plugin-sdk@2026.425.0-canary.5, but npm does not expose that version", + assert.deepEqual( + collectInternalDependencyProblems(manifest, packageDocsByName), + ["dependencies requires @paperclipai/plugin-sdk@2026.425.0-canary.5, but npm does not expose that version"], + ); +}); + +test("collectInternalDependencyProblems accepts version-specific manifests when the root document is stale", () => { + const manifest = { + dependencies: { + "@paperclipai/plugin-sdk": "2026.425.0-canary.5", + }, + }; + const packageDocsByName = new Map([ + [ + "@paperclipai/plugin-sdk", + { + versions: {}, + }, + ], ]); + const packageManifestsByKey = new Map([ + [ + createManifestLookupKey("@paperclipai/plugin-sdk", "2026.425.0-canary.5"), + { name: "@paperclipai/plugin-sdk", version: "2026.425.0-canary.5" }, + ], + ]); + + assert.deepEqual( + collectInternalDependencyProblems(manifest, packageDocsByName, packageManifestsByKey), + [], + ); +}); + +test("collectInternalDependencyProblems ignores peer dependency range specifiers", () => { + const manifest = { + peerDependencies: { + "@paperclipai/server": "^2026.430.0-canary.0", + }, + }; + + assert.deepEqual( + collectInternalDependencyProblems(manifest, new Map()), + [], + ); +}); + +test("collectInternalDependencyProblems reports unfetched transitive dependency metadata neutrally", () => { + const manifest = { + optionalDependencies: { + "@paperclipai/browser": "2026.430.0-canary.0", + }, + }; + + assert.deepEqual( + collectInternalDependencyProblems(manifest, new Map()), + [ + "optionalDependencies requires @paperclipai/browser@2026.430.0-canary.0, but npm publication metadata was not fetched for that dependency", + ], + ); +}); + +test("verifyPackageRegistryState tolerates a stale root versions map when dist-tags and direct manifests are correct", () => { + const packageDocsByName = new Map([ + [ + "@paperclipai/ui", + { + "dist-tags": { + canary: "2026.430.0-canary.0", + latest: "2026.430.0", + }, + versions: {}, + }, + ], + [ + "@paperclipai/shared", + { + versions: {}, + }, + ], + ]); + const packageManifestsByKey = new Map([ + [ + createManifestLookupKey("@paperclipai/ui", "2026.430.0-canary.0"), + { + name: "@paperclipai/ui", + version: "2026.430.0-canary.0", + dependencies: { + "@paperclipai/shared": "2026.430.0-canary.0", + }, + }, + ], + [ + createManifestLookupKey("@paperclipai/shared", "2026.430.0-canary.0"), + { + name: "@paperclipai/shared", + version: "2026.430.0-canary.0", + }, + ], + ]); + + assert.deepEqual( + verifyPackageRegistryState({ + packageName: "@paperclipai/ui", + packageDoc: packageDocsByName.get("@paperclipai/ui"), + packageDocsByName, + packageManifestsByKey, + channel: "canary", + distTag: "canary", + targetVersion: "2026.430.0-canary.0", + allowCanaryLatest: false, + }), + [], + ); }); test("verifyPackageRegistryState fails when canary latest is left in place by default", () => { @@ -79,12 +192,42 @@ test("verifyPackageRegistryState fails when canary latest is left in place by de allowCanaryLatest: false, }), [ - "@paperclipai/plugin-e2b: latest dist-tag still resolves to canary 2026.425.0-canary.5; rerun with --allow-canary-latest only when that state is intentional", + "@paperclipai/plugin-e2b: latest dist-tag still resolves to canary 2026.425.0-canary.5; if that state is intentional, rerun the verification script directly with --allow-canary-latest", "@paperclipai/plugin-e2b@2026.425.0-canary.5 via latest: dependencies requires @paperclipai/plugin-sdk@2026.425.0-canary.5, but npm does not expose that version", ], ); }); +test("verifyPackageRegistryProblems marks canary latest drift as non-retriable", () => { + const packageDocsByName = new Map([ + [ + "@paperclipai/plugin-e2b", + { + "dist-tags": { + latest: "2026.425.0-canary.5", + canary: "2026.427.0-canary.3", + }, + versions: { + "2026.427.0-canary.3": {}, + }, + }, + ], + ]); + + const problems = verifyPackageRegistryProblems({ + packageName: "@paperclipai/plugin-e2b", + packageDoc: packageDocsByName.get("@paperclipai/plugin-e2b"), + packageDocsByName, + channel: "canary", + distTag: "canary", + targetVersion: "2026.427.0-canary.3", + allowCanaryLatest: false, + }); + + assert.equal(problems[0]?.retriable, false); + assert.match(problems[0]?.message ?? "", /latest dist-tag still resolves to canary/); +}); + test("verifyPackageRegistryState allows intentional canary latest but still checks dependencies", () => { const packageDocsByName = new Map([ [ @@ -126,3 +269,95 @@ test("verifyPackageRegistryState allows intentional canary latest but still chec [], ); }); + +test("verifyPackageRegistryState still fails when the dist-tag is stale", () => { + const packageDocsByName = new Map([ + [ + "@paperclipai/ui", + { + "dist-tags": { + canary: "2026.429.0-canary.2", + }, + versions: {}, + }, + ], + ]); + const packageManifestsByKey = new Map([ + [ + createManifestLookupKey("@paperclipai/ui", "2026.430.0-canary.0"), + { + name: "@paperclipai/ui", + version: "2026.430.0-canary.0", + }, + ], + ]); + + assert.deepEqual( + verifyPackageRegistryState({ + packageName: "@paperclipai/ui", + packageDoc: packageDocsByName.get("@paperclipai/ui"), + packageDocsByName, + packageManifestsByKey, + channel: "canary", + distTag: "canary", + targetVersion: "2026.430.0-canary.0", + allowCanaryLatest: false, + }), + ["@paperclipai/ui: dist-tag canary resolves to 2026.429.0-canary.2, expected 2026.430.0-canary.0"], + ); +}); + +test("verifyPackageRegistryState ignores internal peer dependency ranges", () => { + const packageDocsByName = new Map([ + [ + "@paperclipai/plugin-sdk", + { + "dist-tags": { + canary: "2026.430.0-canary.0", + }, + versions: { + "2026.430.0-canary.0": { + peerDependencies: { + "@paperclipai/server": "^2026.430.0-canary.0", + }, + }, + }, + }, + ], + ]); + + assert.deepEqual( + verifyPackageRegistryState({ + packageName: "@paperclipai/plugin-sdk", + packageDoc: packageDocsByName.get("@paperclipai/plugin-sdk"), + packageDocsByName, + channel: "canary", + distTag: "canary", + targetVersion: "2026.430.0-canary.0", + allowCanaryLatest: false, + }), + [], + ); +}); + +test("fetchRegistryJson times out hung requests", async () => { + const originalFetch = globalThis.fetch; + + globalThis.fetch = (_url, { signal }) => + new Promise((_resolve, reject) => { + signal.addEventListener( + "abort", + () => reject(new DOMException("The operation was aborted.", "AbortError")), + { once: true }, + ); + }); + + try { + await assert.rejects( + fetchRegistryJson(new URL("https://registry.npmjs.org/@paperclipai%2Fui"), { timeoutMs: 1 }), + /timed out/, + ); + } finally { + globalThis.fetch = originalFetch; + } +}); diff --git a/server/package.json b/server/package.json index bd19e53f..2ea875b8 100644 --- a/server/package.json +++ b/server/package.json @@ -47,6 +47,7 @@ "@paperclipai/adapter-acpx-local": "workspace:*", "@paperclipai/adapter-claude-local": "workspace:*", "@paperclipai/adapter-codex-local": "workspace:*", + "@paperclipai/adapter-cursor-cloud": "workspace:*", "@paperclipai/adapter-cursor-local": "workspace:*", "@paperclipai/adapter-gemini-local": "workspace:*", "@paperclipai/adapter-openclaw-gateway": "workspace:*", @@ -63,7 +64,7 @@ "detect-port": "^2.1.0", "dompurify": "^3.3.2", "dotenv": "^17.0.1", - "drizzle-orm": "^0.38.4", + "drizzle-orm": "^0.45.2", "embedded-postgres": "^18.1.0-beta.16", "express": "^5.1.0", "hermes-paperclip-adapter": "^0.2.0", diff --git a/server/src/__tests__/acpx-local-execute.test.ts b/server/src/__tests__/acpx-local-execute.test.ts index ff9c46cb..148e52a0 100644 --- a/server/src/__tests__/acpx-local-execute.test.ts +++ b/server/src/__tests__/acpx-local-execute.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it } from "vitest"; +import { describe, expect, it, vi } from "vitest"; import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; @@ -215,6 +215,103 @@ describe("acpx_local execute", () => { } }); + it("closes successful persistent runs by default while retaining session state", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-acpx-close-success-")); + try { + const runtime = new FakeRuntime({} as AcpRuntimeOptions); + const execute = createAcpxLocalExecutor({ + createRuntime: () => runtime, + }); + const result = await execute(buildContext(root)); + + expect(result.exitCode).toBe(0); + expect(result.sessionParams).toMatchObject({ + mode: "persistent", + acpSessionId: "acp-1", + }); + expect(runtime.closeInputs).toEqual([ + expect.objectContaining({ + reason: "paperclip completed turn cleanup", + discardPersistentState: false, + }), + ]); + } finally { + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("applies requested Codex model, reasoning effort, and fast mode before starting the turn", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-acpx-codex-config-")); + try { + const runtime = new FakeRuntime({} as AcpRuntimeOptions); + const execute = createAcpxLocalExecutor({ + createRuntime: () => runtime, + }); + const result = await execute(buildContext(root, { + config: { + agent: "codex", + cwd: root, + stateDir: path.join(root, "state"), + promptTemplate: "Do the assigned work.", + model: "gpt-5.4", + modelReasoningEffort: "xhigh", + fastMode: true, + }, + })); + + expect(result.exitCode).toBe(0); + expect(result.model).toBe("gpt-5.4"); + expect(runtime.setConfigInputs).toEqual([ + expect.objectContaining({ key: "model", value: "gpt-5.4" }), + expect.objectContaining({ key: "reasoning_effort", value: "xhigh" }), + expect.objectContaining({ key: "service_tier", value: "fast" }), + expect.objectContaining({ key: "features.fast_mode", value: "true" }), + ]); + expect(runtime.startInputs).toHaveLength(1); + } finally { + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("logs a clear error when configured session options need unsupported runtime controls", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-acpx-missing-config-controls-")); + try { + const runtime = new FakeRuntime({} as AcpRuntimeOptions); + Object.defineProperty(runtime, "setConfigOption", { value: undefined }); + const logs: LogEntry[] = []; + const execute = createAcpxLocalExecutor({ + createRuntime: () => runtime, + }); + const result = await execute(buildContext(root, { + config: { + agent: "codex", + cwd: root, + stateDir: path.join(root, "state"), + promptTemplate: "Do the assigned work.", + model: "gpt-5.4", + }, + onLog: async (stream, chunk) => logs.push({ stream, chunk }), + })); + + expect(result.exitCode).toBe(1); + expect(result.errorMessage).toContain("does not expose session config controls"); + expect(logs).toEqual(expect.arrayContaining([ + expect.objectContaining({ + stream: "stderr", + chunk: expect.stringContaining("upgrade ACPX or remove configured model"), + }), + ])); + expect(runtime.closeInputs).toEqual([ + expect.objectContaining({ + reason: "paperclip config cleanup", + discardPersistentState: false, + }), + ]); + } finally { + await fs.rm(root, { recursive: true, force: true }); + } + }); + it("reuses a compatible warm session and starts fresh when cwd changes", async () => { const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-acpx-reuse-")); const other = path.join(root, "other"); @@ -228,8 +325,15 @@ describe("acpx_local execute", () => { return runtime; }, }); + const warmConfig = { + agent: "claude", + cwd: root, + stateDir: path.join(root, "state"), + promptTemplate: "Do the assigned work.", + warmHandleIdleMs: 60_000, + }; - const first = await execute(buildContext(root)); + const first = await execute(buildContext(root, { config: warmConfig })); const second = await execute(buildContext(root, { runtime: { sessionId: first.sessionId ?? null, @@ -237,6 +341,7 @@ describe("acpx_local execute", () => { sessionDisplayId: first.sessionDisplayId ?? null, taskKey: "PAP-1", }, + config: warmConfig, })); const third = await execute(buildContext(root, { runtime: { @@ -250,6 +355,7 @@ describe("acpx_local execute", () => { cwd: other, stateDir: path.join(root, "state"), promptTemplate: "Do the assigned work.", + warmHandleIdleMs: 60_000, }, })); @@ -279,8 +385,26 @@ describe("acpx_local execute", () => { }); const [first, second] = await Promise.all([ - execute(buildContext(root, { runId: "run-1" })), - execute(buildContext(root, { runId: "run-2" })), + execute(buildContext(root, { + runId: "run-1", + config: { + agent: "claude", + cwd: root, + stateDir: path.join(root, "state"), + promptTemplate: "Do the assigned work.", + warmHandleIdleMs: 60_000, + }, + })), + execute(buildContext(root, { + runId: "run-2", + config: { + agent: "claude", + cwd: root, + stateDir: path.join(root, "state"), + promptTemplate: "Do the assigned work.", + warmHandleIdleMs: 60_000, + }, + })), ]); expect(first.exitCode).toBe(0); @@ -295,6 +419,47 @@ describe("acpx_local execute", () => { } }); + it("cleans configured warm handles after their idle window", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-acpx-warm-idle-")); + vi.useFakeTimers(); + try { + let clock = 0; + const runtime = new FakeRuntime({} as AcpRuntimeOptions); + const warmHandles = new Map(); + const execute = createAcpxLocalExecutor({ + warmHandles, + now: () => clock, + createRuntime: () => runtime, + }); + + const result = await execute(buildContext(root, { + config: { + agent: "claude", + cwd: root, + stateDir: path.join(root, "state"), + promptTemplate: "Do the assigned work.", + warmHandleIdleMs: 1_000, + }, + })); + + expect(result.exitCode).toBe(0); + expect(warmHandles.size).toBe(1); + clock = 1_000; + await vi.advanceTimersByTimeAsync(1_000); + + expect(warmHandles.size).toBe(0); + expect(runtime.closeInputs).toEqual([ + expect.objectContaining({ + reason: "paperclip idle cleanup", + discardPersistentState: false, + }), + ]); + } finally { + vi.useRealTimers(); + await fs.rm(root, { recursive: true, force: true }); + } + }); + it("retries with a fresh session when ACPX cannot resume the saved backend session", async () => { const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-acpx-resume-")); try { diff --git a/server/src/__tests__/activity-routes.test.ts b/server/src/__tests__/activity-routes.test.ts index f505980d..27067391 100644 --- a/server/src/__tests__/activity-routes.test.ts +++ b/server/src/__tests__/activity-routes.test.ts @@ -128,7 +128,7 @@ describe.sequential("activity routes", () => { }); }); - it("resolves issue identifiers before loading runs", async () => { + it("resolves alphanumeric issue identifiers before loading runs", async () => { mockIssueService.getByIdentifier.mockResolvedValue({ id: "issue-uuid-1", companyId: "company-1", @@ -141,10 +141,10 @@ describe.sequential("activity routes", () => { ]); const app = await createApp(); - const res = await requestApp(app, (baseUrl) => request(baseUrl).get("/api/issues/PAP-475/runs")); + const res = await requestApp(app, (baseUrl) => request(baseUrl).get("/api/issues/pc1a2-475/runs")); expect(res.status).toBe(200); - expect(mockIssueService.getByIdentifier).toHaveBeenCalledWith("PAP-475"); + expect(mockIssueService.getByIdentifier).toHaveBeenCalledWith("PC1A2-475"); expect(mockIssueService.getById).not.toHaveBeenCalled(); expect(mockActivityService.runsForIssue).toHaveBeenCalledWith("company-1", "issue-uuid-1"); expect(res.body).toEqual([{ runId: "run-1", adapterType: "codex_local" }]); diff --git a/server/src/__tests__/adapter-model-refresh-routes.test.ts b/server/src/__tests__/adapter-model-refresh-routes.test.ts index 5be7a5a0..68553e9d 100644 --- a/server/src/__tests__/adapter-model-refresh-routes.test.ts +++ b/server/src/__tests__/adapter-model-refresh-routes.test.ts @@ -1,8 +1,16 @@ import express from "express"; import request from "supertest"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import { models as openCodeFallbackModels } from "@paperclipai/adapter-opencode-local"; import type { ServerAdapterModule } from "../adapters/index.js"; +vi.mock("acpx/runtime", () => ({ + createAcpRuntime: vi.fn(), + createAgentRegistry: vi.fn(), + createRuntimeStore: vi.fn(), + isAcpRuntimeError: vi.fn(() => false), +})); + const mockAccessService = vi.hoisted(() => ({ canUser: vi.fn(), hasPermission: vi.fn(), @@ -19,6 +27,10 @@ const mockSecretService = vi.hoisted(() => ({ normalizeAdapterConfigForPersistence: vi.fn(async (_companyId: string, config: Record) => config), resolveAdapterConfigForRuntime: vi.fn(async (_companyId: string, config: Record) => ({ config })), })); +const mockEnvironmentService = vi.hoisted(() => ({ + getById: vi.fn(), +})); +const mockListOpenCodeModels = vi.hoisted(() => vi.fn()); const mockAgentInstructionsService = vi.hoisted(() => ({ materializeManagedBundle: vi.fn(), @@ -55,6 +67,14 @@ const mockInstanceSettingsService = vi.hoisted(() => ({ const mockLogActivity = vi.hoisted(() => vi.fn()); function registerModuleMocks() { + vi.doMock("@paperclipai/adapter-opencode-local/server", async () => { + const actual = await vi.importActual("@paperclipai/adapter-opencode-local/server"); + return { + ...actual, + listOpenCodeModels: mockListOpenCodeModels, + }; + }); + vi.doMock("../services/index.js", () => ({ agentService: () => ({}), agentInstructionsService: () => mockAgentInstructionsService, @@ -74,6 +94,10 @@ function registerModuleMocks() { vi.doMock("../services/instance-settings.js", () => ({ instanceSettingsService: () => mockInstanceSettingsService, })); + + vi.doMock("../services/environments.js", () => ({ + environmentService: () => mockEnvironmentService, + })); } const refreshableAdapterType = "refreshable_adapter_route_test"; @@ -147,6 +171,10 @@ describe("adapter model refresh route", () => { mockAccessService.ensureMembership.mockResolvedValue(undefined); mockAccessService.setPrincipalPermission.mockResolvedValue(undefined); mockLogActivity.mockResolvedValue(undefined); + mockEnvironmentService.getById.mockReset(); + mockEnvironmentService.getById.mockResolvedValue(null); + mockListOpenCodeModels.mockReset(); + mockListOpenCodeModels.mockResolvedValue([{ id: "dynamic-opencode-model", label: "dynamic-opencode-model" }]); await unregisterTestAdapter(refreshableAdapterType); }); @@ -182,4 +210,42 @@ describe("adapter model refresh route", () => { expect(refreshModels).toHaveBeenCalledTimes(1); expect(listModels).not.toHaveBeenCalled(); }); + + it("skips OpenCode model discovery for non-local environments", async () => { + mockEnvironmentService.getById.mockResolvedValue({ + id: "env-1", + companyId: "company-1", + name: "Remote SSH", + driver: "ssh", + config: {}, + }); + + const app = await createApp(); + const res = await requestApp(app, (baseUrl) => + request(baseUrl).get("/api/companies/company-1/adapters/opencode_local/models?environmentId=env-1"), + ); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toEqual(openCodeFallbackModels); + expect(mockListOpenCodeModels).not.toHaveBeenCalled(); + }); + + it("keeps OpenCode model discovery enabled for local environments", async () => { + mockEnvironmentService.getById.mockResolvedValue({ + id: "env-1", + companyId: "company-1", + name: "Local", + driver: "local", + config: {}, + }); + + const app = await createApp(); + const res = await requestApp(app, (baseUrl) => + request(baseUrl).get("/api/companies/company-1/adapters/opencode_local/models?environmentId=env-1"), + ); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toEqual([{ id: "dynamic-opencode-model", label: "dynamic-opencode-model" }]); + expect(mockListOpenCodeModels).toHaveBeenCalledTimes(1); + }); }); diff --git a/server/src/__tests__/adapter-models.test.ts b/server/src/__tests__/adapter-models.test.ts index 2be936d9..b920de22 100644 --- a/server/src/__tests__/adapter-models.test.ts +++ b/server/src/__tests__/adapter-models.test.ts @@ -3,10 +3,17 @@ import { models as codexFallbackModels } from "@paperclipai/adapter-codex-local" import { models as cursorFallbackModels } from "@paperclipai/adapter-cursor-local"; import { models as opencodeFallbackModels } from "@paperclipai/adapter-opencode-local"; import { resetOpenCodeModelsCacheForTests } from "@paperclipai/adapter-opencode-local/server"; -import { listAdapterModels, refreshAdapterModels } from "../adapters/index.js"; +import { listAdapterModels, listServerAdapters, refreshAdapterModels } from "../adapters/index.js"; import { resetCodexModelsCacheForTests } from "../adapters/codex-models.js"; import { resetCursorModelsCacheForTests, setCursorModelsRunnerForTests } from "../adapters/cursor-models.js"; +vi.mock("acpx/runtime", () => ({ + createAcpRuntime: vi.fn(), + createAgentRegistry: vi.fn(), + createRuntimeStore: vi.fn(), + isAcpRuntimeError: vi.fn(() => false), +})); + describe("adapter model listing", () => { beforeEach(() => { delete process.env.OPENAI_API_KEY; @@ -23,6 +30,13 @@ describe("adapter model listing", () => { expect(models).toEqual([]); }); + it("uses provider-prefixed ACPX fallback model labels", () => { + const adapter = listServerAdapters().find((candidate) => candidate.type === "acpx_local"); + + expect(adapter?.models?.some((model) => model.label.startsWith("Claude: "))).toBe(true); + expect(adapter?.models?.some((model) => model.label.startsWith("Codex: "))).toBe(true); + }); + it("returns codex fallback models when no OpenAI key is available", async () => { const fetchSpy = vi.spyOn(globalThis, "fetch"); const models = await listAdapterModels("codex_local"); diff --git a/server/src/__tests__/adapter-registry.test.ts b/server/src/__tests__/adapter-registry.test.ts index 99f91dea..cb0e007e 100644 --- a/server/src/__tests__/adapter-registry.test.ts +++ b/server/src/__tests__/adapter-registry.test.ts @@ -1,4 +1,5 @@ import { describe, expect, it, beforeEach, afterEach, vi } from "vitest"; +import { buildSandboxNpmInstallCommand } from "@paperclipai/adapter-utils"; import type { ServerAdapterModule } from "../adapters/index.js"; const hermesExecuteMock = vi.hoisted(() => @@ -232,6 +233,34 @@ describe("server adapter registry", () => { await expect(listAdapterModelProfiles("pi_local")).resolves.toEqual([]); }); + it("wraps built-in npm runtime installs with the sandbox-aware install helper", () => { + const expectedClaudeInstall = `if ! command -v 'claude' >/dev/null 2>&1; then ${buildSandboxNpmInstallCommand("@anthropic-ai/claude-code")}; fi`; + const expectedCodexInstall = `if ! command -v 'codex' >/dev/null 2>&1; then ${buildSandboxNpmInstallCommand("@openai/codex")}; fi`; + const expectedGeminiInstall = `if ! command -v 'gemini' >/dev/null 2>&1; then ${buildSandboxNpmInstallCommand("@google/gemini-cli")}; fi`; + const expectedOpenCodeInstall = `if ! command -v 'opencode' >/dev/null 2>&1; then ${buildSandboxNpmInstallCommand("opencode-ai")}; fi`; + + expect(findActiveServerAdapter("claude_local")?.getRuntimeCommandSpec?.({})).toEqual({ + command: "claude", + detectCommand: "claude", + installCommand: expectedClaudeInstall, + }); + expect(findActiveServerAdapter("codex_local")?.getRuntimeCommandSpec?.({})).toEqual({ + command: "codex", + detectCommand: "codex", + installCommand: expectedCodexInstall, + }); + expect(findActiveServerAdapter("gemini_local")?.getRuntimeCommandSpec?.({})).toEqual({ + command: "gemini", + detectCommand: "gemini", + installCommand: expectedGeminiInstall, + }); + expect(findActiveServerAdapter("opencode_local")?.getRuntimeCommandSpec?.({})).toEqual({ + command: "opencode", + detectCommand: "opencode", + installCommand: expectedOpenCodeInstall, + }); + }); + it("switches active adapter behavior back to the builtin when an override is paused", async () => { const builtIn = findServerAdapter("claude_local"); expect(builtIn).not.toBeNull(); diff --git a/server/src/__tests__/adapter-routes.test.ts b/server/src/__tests__/adapter-routes.test.ts index 6fa67915..06c25c7f 100644 --- a/server/src/__tests__/adapter-routes.test.ts +++ b/server/src/__tests__/adapter-routes.test.ts @@ -248,11 +248,33 @@ describe("adapter routes", () => { ]), }), expect.objectContaining({ - key: "permissionMode", - default: "approve-all", + key: "fastMode", + default: false, + meta: { visibleWhen: { key: "agent", values: ["codex"] } }, + }), + expect.objectContaining({ + key: "warmHandleIdleMs", + default: 0, }), ]), ); + const keys = res.body.fields.map((field: { key: string }) => field.key); + expect(keys).not.toContain("mode"); + expect(keys).not.toContain("permissionMode"); + expect(keys).not.toContain("instructionsFilePath"); + expect(keys).not.toContain("promptTemplate"); + expect(keys).not.toContain("bootstrapPromptTemplate"); + }); + + it("GET /api/adapters includes ACPX model availability", async () => { + const app = createApp(); + + const res = await request(app).get("/api/adapters"); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + const acpxLocal = res.body.find((a: any) => a.type === "acpx_local"); + expect(acpxLocal).toBeDefined(); + expect(acpxLocal.modelsCount).toBeGreaterThan(0); }); it("rejects signed-in users without org access", async () => { diff --git a/server/src/__tests__/agent-instructions-routes.test.ts b/server/src/__tests__/agent-instructions-routes.test.ts index 3db0eba8..c29fca24 100644 --- a/server/src/__tests__/agent-instructions-routes.test.ts +++ b/server/src/__tests__/agent-instructions-routes.test.ts @@ -53,6 +53,14 @@ vi.mock("../services/index.js", () => ({ workspaceOperationService: () => ({}), })); +vi.mock("../services/secrets.js", () => ({ + secretService: () => mockSecretService, +})); + +vi.mock("../services/environments.js", () => ({ + environmentService: () => mockEnvironmentService, +})); + vi.mock("../adapters/index.js", () => ({ findServerAdapter: mockFindServerAdapter, listAdapterModels: vi.fn(), @@ -75,6 +83,14 @@ function registerModuleMocks() { workspaceOperationService: () => ({}), })); + vi.doMock("../services/secrets.js", () => ({ + secretService: () => mockSecretService, + })); + + vi.doMock("../services/environments.js", () => ({ + environmentService: () => mockEnvironmentService, + })); + vi.doMock("../adapters/index.js", () => ({ findServerAdapter: mockFindServerAdapter, listAdapterModels: vi.fn(), diff --git a/server/src/__tests__/agent-live-run-routes.test.ts b/server/src/__tests__/agent-live-run-routes.test.ts index 35434b86..0eeebe52 100644 --- a/server/src/__tests__/agent-live-run-routes.test.ts +++ b/server/src/__tests__/agent-live-run-routes.test.ts @@ -12,6 +12,7 @@ const mockHeartbeatService = vi.hoisted(() => ({ getActiveRunIssueSummaryForAgent: vi.fn(), getRunLogAccess: vi.fn(), readLog: vi.fn(), + wakeup: vi.fn(), })); const mockIssueService = vi.hoisted(() => ({ @@ -26,6 +27,8 @@ const mockInstanceSettingsService = vi.hoisted(() => ({ listCompanyIds: vi.fn(), })); +const routeAgentId = "11111111-1111-4111-8111-111111111111"; + function registerModuleMocks() { vi.doMock("../routes/authz.js", async () => vi.importActual("../routes/authz.js")); @@ -210,16 +213,24 @@ describe("agent live run routes", () => { content: "chunk", nextOffset: 5, }); + mockHeartbeatService.wakeup.mockResolvedValue({ + id: "run-1", + companyId: "company-1", + agentId: "agent-1", + status: "queued", + invocationSource: "on_demand", + triggerDetail: "manual", + }); }); it("returns a compact active run payload for issue polling", async () => { const res = await requestApp( await createApp(), - (baseUrl) => request(baseUrl).get("/api/issues/PAP-1295/active-run"), + (baseUrl) => request(baseUrl).get("/api/issues/pc1a2-1295/active-run"), ); expect(res.status, JSON.stringify(res.body)).toBe(200); - expect(mockIssueService.getByIdentifier).toHaveBeenCalledWith("PAP-1295"); + expect(mockIssueService.getByIdentifier).toHaveBeenCalledWith("PC1A2-1295"); expect(mockHeartbeatService.getRunIssueSummary).toHaveBeenCalledWith("run-1"); expect(res.body).toMatchObject({ id: "run-1", @@ -268,7 +279,7 @@ describe("agent live run routes", () => { const res = await requestApp( await createApp(), - (baseUrl) => request(baseUrl).get("/api/issues/PAP-1295/active-run"), + (baseUrl) => request(baseUrl).get("/api/issues/PC1A2-1295/active-run"), ); expect(res.status, JSON.stringify(res.body)).toBe(200); @@ -524,4 +535,66 @@ describe("agent live run routes", () => { expect(res.body).toHaveLength(4); expect(db.select).toHaveBeenCalledTimes(2); }); + + it("passes scoped wake fields through the legacy heartbeat invoke route", async () => { + const res = await requestApp( + await createApp(), + (baseUrl) => request(baseUrl) + .post(`/api/agents/${routeAgentId}/heartbeat/invoke?companyId=company-1`) + .send({ + reason: "issue_assigned", + payload: { + issueId: "issue-1", + taskId: "issue-1", + taskKey: "issue-1", + }, + forceFreshSession: true, + }), + ); + + expect(res.status, JSON.stringify(res.body)).toBe(202); + // The legacy /heartbeat/invoke endpoint forwards only the wake fields the + // caller actually supplied so empty-body callers (e.g. e2e suites) match + // the original fixed-arg `heartbeat.invoke()` shape exactly. When the + // caller supplies reason / payload / forceFreshSession those are + // forwarded; idempotencyKey is omitted unless explicitly set. + expect(mockHeartbeatService.wakeup).toHaveBeenCalledWith(routeAgentId, { + source: "on_demand", + triggerDetail: "manual", + reason: "issue_assigned", + payload: { + issueId: "issue-1", + taskId: "issue-1", + taskKey: "issue-1", + }, + requestedByActorType: "user", + requestedByActorId: "local-board", + contextSnapshot: { + triggeredBy: "board", + actorId: "local-board", + forceFreshSession: true, + }, + }); + }); + + it("calls heartbeat.wakeup with the legacy minimal shape when the body is empty", async () => { + const res = await requestApp( + await createApp(), + (baseUrl) => request(baseUrl) + .post(`/api/agents/${routeAgentId}/heartbeat/invoke?companyId=company-1`) + .send({}), + ); + + expect(res.status, JSON.stringify(res.body)).toBe(202); + expect(mockHeartbeatService.wakeup).toHaveBeenCalledWith(routeAgentId, { + source: "on_demand", + triggerDetail: "manual", + requestedByActorType: "user", + requestedByActorId: "local-board", + contextSnapshot: { + triggeredBy: "board", + actorId: "local-board", + }, + }); + }); }); diff --git a/server/src/__tests__/agent-permissions-routes.test.ts b/server/src/__tests__/agent-permissions-routes.test.ts index 624f3772..218d653f 100644 --- a/server/src/__tests__/agent-permissions-routes.test.ts +++ b/server/src/__tests__/agent-permissions-routes.test.ts @@ -1,6 +1,14 @@ import express from "express"; import request from "supertest"; import { beforeEach, describe, expect, it, vi } from "vitest"; +import { DEFAULT_OPENCODE_LOCAL_MODEL } from "@paperclipai/adapter-opencode-local"; + +vi.mock("acpx/runtime", () => ({ + createAcpRuntime: vi.fn(), + createAgentRegistry: vi.fn(), + createRuntimeStore: vi.fn(), + isAcpRuntimeError: vi.fn(() => false), +})); const agentId = "11111111-1111-4111-8111-111111111111"; const companyId = "22222222-2222-4222-8222-222222222222"; @@ -908,6 +916,78 @@ describe.sequential("agent permission routes", () => { ); }); + it("seeds opencode agent creation with the static default model without live discovery", async () => { + mockEnsureOpenCodeModelConfiguredAndAvailable.mockRejectedValue( + new Error("`opencode models` should not be called during creation"), + ); + + const app = await createApp({ + type: "board", + userId: "board-user", + source: "local_implicit", + isInstanceAdmin: true, + companyIds: [companyId], + }); + + const res = await requestApp(app, (baseUrl) => request(baseUrl) + .post(`/api/companies/${companyId}/agents`) + .send({ + name: "OpenCode Builder", + role: "engineer", + adapterType: "opencode_local", + adapterConfig: {}, + })); + + expect(res.status, JSON.stringify(res.body)).toBe(201); + expect(mockEnsureOpenCodeModelConfiguredAndAvailable).not.toHaveBeenCalled(); + expect(mockAgentService.create).toHaveBeenCalledWith( + companyId, + expect.objectContaining({ + adapterType: "opencode_local", + adapterConfig: expect.objectContaining({ + model: DEFAULT_OPENCODE_LOCAL_MODEL, + }), + }), + ); + }); + + it("accepts manual opencode provider/model values without host-side discovery", async () => { + mockEnsureOpenCodeModelConfiguredAndAvailable.mockRejectedValue( + new Error("`opencode models` should not be called during creation"), + ); + + const app = await createApp({ + type: "board", + userId: "board-user", + source: "local_implicit", + isInstanceAdmin: true, + companyIds: [companyId], + }); + + const res = await requestApp(app, (baseUrl) => request(baseUrl) + .post(`/api/companies/${companyId}/agents`) + .send({ + name: "OpenCode Builder", + role: "engineer", + adapterType: "opencode_local", + adapterConfig: { + model: "anthropic/claude-sonnet-4-5", + }, + })); + + expect(res.status, JSON.stringify(res.body)).toBe(201); + expect(mockEnsureOpenCodeModelConfiguredAndAvailable).not.toHaveBeenCalled(); + expect(mockAgentService.create).toHaveBeenCalledWith( + companyId, + expect.objectContaining({ + adapterType: "opencode_local", + adapterConfig: expect.objectContaining({ + model: "anthropic/claude-sonnet-4-5", + }), + }), + ); + }); + it("normalizes hire requests to disable timer heartbeats by default", async () => { const app = await createApp({ type: "board", diff --git a/server/src/__tests__/agent-test-environment-routes.test.ts b/server/src/__tests__/agent-test-environment-routes.test.ts new file mode 100644 index 00000000..3063fb70 --- /dev/null +++ b/server/src/__tests__/agent-test-environment-routes.test.ts @@ -0,0 +1,305 @@ +import express from "express"; +import request from "supertest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import type { ServerAdapterModule } from "../adapters/index.js"; + +const mockAgentService = vi.hoisted(() => ({ + getById: vi.fn(), + getChainOfCommand: vi.fn(async () => []), +})); + +const mockAccessService = vi.hoisted(() => ({ + canUser: vi.fn(), + hasPermission: vi.fn(), + getMembership: vi.fn(async () => null), + listPrincipalGrants: vi.fn(async () => []), +})); + +const mockSecretService = vi.hoisted(() => ({ + normalizeAdapterConfigForPersistence: vi.fn(async (_companyId: string, config: Record) => config), + resolveAdapterConfigForRuntime: vi.fn(async (_companyId: string, config: Record) => ({ config })), +})); + +const mockEnvironmentService = vi.hoisted(() => ({ + getById: vi.fn(), + releaseLease: vi.fn(), +})); + +const mockReleaseRunLease = vi.hoisted(() => vi.fn(async () => undefined)); +const mockEnvironmentRuntime = vi.hoisted(() => ({ + acquireRunLease: vi.fn(), + realizeWorkspace: vi.fn(), + getDriver: vi.fn(() => ({ + releaseRunLease: mockReleaseRunLease, + })), +})); + +const mockResolveEnvironmentExecutionTarget = vi.hoisted(() => vi.fn()); +const mockInstanceSettingsService = vi.hoisted(() => ({ + getGeneral: vi.fn(async () => ({ censorUsernameInLogs: false })), +})); + +vi.mock("../services/index.js", () => ({ + agentService: () => mockAgentService, + agentInstructionsService: () => ({}), + accessService: () => mockAccessService, + approvalService: () => ({}), + companySkillService: () => ({ + listRuntimeSkillEntries: vi.fn(async () => []), + resolveRequestedSkillKeys: vi.fn(async () => []), + }), + budgetService: () => ({}), + heartbeatService: () => ({ + wakeup: vi.fn(), + cancelActiveForAgent: vi.fn(), + }), + ISSUE_LIST_DEFAULT_LIMIT: 50, + issueApprovalService: () => ({}), + issueService: () => ({}), + logActivity: vi.fn(), + syncInstructionsBundleConfigFromFilePath: vi.fn((_agent, config) => config), + workspaceOperationService: () => ({}), +})); + +vi.mock("../services/environments.js", () => ({ + environmentService: () => mockEnvironmentService, +})); + +vi.mock("../services/secrets.js", () => ({ + secretService: () => mockSecretService, +})); + +vi.mock("../services/environment-runtime.js", () => ({ + environmentRuntimeService: () => mockEnvironmentRuntime, +})); + +vi.mock("../services/environment-execution-target.js", () => ({ + resolveEnvironmentExecutionTarget: mockResolveEnvironmentExecutionTarget, +})); + +vi.mock("../services/instance-settings.js", () => ({ + instanceSettingsService: () => mockInstanceSettingsService, +})); + +const testEnvironmentSpy = vi.fn(); + +const externalAdapter: ServerAdapterModule = { + type: "external_test", + execute: async () => ({ exitCode: 0, signal: null, timedOut: false }), + testEnvironment: testEnvironmentSpy, +}; + +async function createApp() { + const [{ agentRoutes }, { errorHandler }] = await Promise.all([ + vi.importActual("../routes/agents.js"), + vi.importActual("../middleware/index.js"), + ]); + const app = express(); + app.use(express.json()); + app.use((req, _res, next) => { + (req as any).actor = { + type: "board", + userId: "local-board", + companyIds: ["company-1"], + source: "local_implicit", + isInstanceAdmin: false, + }; + next(); + }); + app.use("/api", agentRoutes({} as any)); + app.use(errorHandler); + return app; +} + +async function unregisterTestAdapter(type: string) { + const { unregisterServerAdapter } = await import("../adapters/index.js"); + unregisterServerAdapter(type); +} + +describe("agent test-environment route", () => { + beforeEach(async () => { + vi.resetModules(); + vi.clearAllMocks(); + mockEnvironmentService.getById.mockResolvedValue({ + id: "11111111-1111-4111-8111-111111111111", + companyId: "company-1", + name: "Sandbox QA", + driver: "sandbox", + config: { provider: "fake-plugin" }, + }); + mockEnvironmentRuntime.acquireRunLease.mockResolvedValue({ + lease: { + id: "lease-1", + metadata: { remoteCwd: "/home/user/paperclip-workspace" }, + }, + leaseContext: { + executionWorkspaceId: null, + executionWorkspaceMode: null, + }, + }); + mockEnvironmentRuntime.realizeWorkspace.mockResolvedValue({ + cwd: "/home/user/paperclip-workspace", + }); + mockResolveEnvironmentExecutionTarget.mockResolvedValue(null); + testEnvironmentSpy.mockResolvedValue({ + adapterType: "external_test", + status: "pass", + checks: [ + { + code: "host_probe_ran", + level: "info", + message: "host probe should not run", + }, + ], + testedAt: new Date(0).toISOString(), + }); + await unregisterTestAdapter("external_test"); + const { registerServerAdapter } = await import("../adapters/index.js"); + registerServerAdapter(externalAdapter); + }); + + afterEach(async () => { + await unregisterTestAdapter("external_test"); + }); + + it("does not fall back to a host probe when a requested environment cannot produce an execution target", async () => { + const app = await createApp(); + + const res = await request(app) + .post("/api/companies/company-1/adapters/external_test/test-environment") + .send({ + adapterConfig: {}, + environmentId: "11111111-1111-4111-8111-111111111111", + }); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(testEnvironmentSpy).not.toHaveBeenCalled(); + expect(res.body).toMatchObject({ + adapterType: "external_test", + status: "warn", + checks: [ + { + code: "environment_target_unsupported", + level: "warn", + message: 'Adapter "external_test" is not allowed in "Sandbox QA" environments.', + }, + ], + }); + expect(mockReleaseRunLease).toHaveBeenCalledWith({ + environment: expect.objectContaining({ + id: "11111111-1111-4111-8111-111111111111", + name: "Sandbox QA", + driver: "sandbox", + }), + lease: expect.objectContaining({ + id: "lease-1", + }), + status: "failed", + }); + }); + + it("returns a diagnostic result instead of probing the host when the requested environment is missing", async () => { + mockEnvironmentService.getById.mockResolvedValueOnce(null); + const app = await createApp(); + + const res = await request(app) + .post("/api/companies/company-1/adapters/external_test/test-environment") + .send({ + adapterConfig: {}, + environmentId: "22222222-2222-4222-8222-222222222222", + }); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(testEnvironmentSpy).not.toHaveBeenCalled(); + expect(mockEnvironmentRuntime.acquireRunLease).not.toHaveBeenCalled(); + expect(res.body).toMatchObject({ + adapterType: "external_test", + status: "warn", + checks: [ + { + code: "environment_not_found", + level: "warn", + message: "Selected environment was not found. The test did not run.", + }, + ], + }); + }); + + it("runs the adapter probe against the resolved sandbox target on the happy path and releases the lease on success", async () => { + mockResolveEnvironmentExecutionTarget.mockResolvedValueOnce({ + kind: "remote", + transport: "sandbox", + remoteCwd: "/home/user/paperclip-workspace", + providerKey: "fake-plugin", + runner: { execute: vi.fn() }, + }); + testEnvironmentSpy.mockResolvedValueOnce({ + adapterType: "external_test", + status: "pass", + checks: [ + { + code: "external_test_hello_probe_passed", + level: "info", + message: "OK", + }, + ], + testedAt: new Date(0).toISOString(), + }); + const app = await createApp(); + + const res = await request(app) + .post("/api/companies/company-1/adapters/external_test/test-environment") + .send({ + adapterConfig: {}, + environmentId: "11111111-1111-4111-8111-111111111111", + }); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(testEnvironmentSpy).toHaveBeenCalledTimes(1); + expect(testEnvironmentSpy.mock.calls[0]?.[0]).toMatchObject({ + executionTarget: expect.objectContaining({ + kind: "remote", + transport: "sandbox", + }), + environmentName: "Sandbox QA", + }); + expect(res.body).toMatchObject({ adapterType: "external_test", status: "pass" }); + expect(mockReleaseRunLease).toHaveBeenCalledWith({ + environment: expect.objectContaining({ id: "11111111-1111-4111-8111-111111111111" }), + lease: expect.objectContaining({ id: "lease-1" }), + status: "released", + }); + }); + + it("releases the lease as failed and returns a diagnostic when realizeWorkspace throws", async () => { + mockEnvironmentRuntime.realizeWorkspace.mockRejectedValueOnce( + new Error("workspace realization failed"), + ); + const app = await createApp(); + + const res = await request(app) + .post("/api/companies/company-1/adapters/external_test/test-environment") + .send({ + adapterConfig: {}, + environmentId: "11111111-1111-4111-8111-111111111111", + }); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(testEnvironmentSpy).not.toHaveBeenCalled(); + expect(res.body).toMatchObject({ + adapterType: "external_test", + status: "fail", + checks: [ + expect.objectContaining({ + code: "environment_workspace_realize_failed", + level: "error", + }), + ], + }); + expect(mockReleaseRunLease).toHaveBeenCalledWith({ + environment: expect.objectContaining({ id: "11111111-1111-4111-8111-111111111111" }), + lease: expect.objectContaining({ id: "lease-1" }), + status: "failed", + }); + }); +}); diff --git a/server/src/__tests__/auth-session-route.test.ts b/server/src/__tests__/auth-session-route.test.ts index 91eeb8a0..65f6cbd3 100644 --- a/server/src/__tests__/auth-session-route.test.ts +++ b/server/src/__tests__/auth-session-route.test.ts @@ -1,6 +1,6 @@ import express from "express"; import request from "supertest"; -import { describe, expect, it, vi } from "vitest"; +import { afterEach, describe, expect, it, vi } from "vitest"; import { actorMiddleware } from "../middleware/auth.js"; function createSelectChain(rows: unknown[]) { @@ -25,6 +25,13 @@ function createDb() { } describe("actorMiddleware authenticated session profile", () => { + const originalCloudTenantToken = process.env.PAPERCLIP_CLOUD_TENANT_SERVER_TOKEN; + + afterEach(() => { + if (originalCloudTenantToken === undefined) delete process.env.PAPERCLIP_CLOUD_TENANT_SERVER_TOKEN; + else process.env.PAPERCLIP_CLOUD_TENANT_SERVER_TOKEN = originalCloudTenantToken; + }); + it("preserves the signed-in user name and email on the board actor", async () => { const app = express(); app.use( @@ -58,4 +65,72 @@ describe("actorMiddleware authenticated session profile", () => { isInstanceAdmin: false, }); }); + + it("trusts Cloud tenant identity headers and seeds board access", async () => { + process.env.PAPERCLIP_CLOUD_TENANT_SERVER_TOKEN = "tenant-token"; + const inserts: Array<{ values: Record }> = []; + const db = { + insert: vi.fn(() => { + const chain = { + values(values: Record) { + inserts.push({ values }); + return chain; + }, + onConflictDoUpdate() { + return chain; + }, + onConflictDoNothing() { + return chain; + }, + returning() { + return Promise.resolve([{ + companyId: inserts.at(-1)?.values.companyId, + membershipRole: inserts.at(-1)?.values.membershipRole, + status: inserts.at(-1)?.values.status, + }]); + }, + }; + return chain; + }), + select: vi.fn(), + } as any; + const app = express(); + app.use( + actorMiddleware(db, { + deploymentMode: "authenticated", + resolveSession: async () => null, + }), + ); + app.get("/actor", (req, res) => { + res.json(req.actor); + }); + + const res = await request(app) + .get("/actor") + .set("x-paperclip-cloud-tenant-token", "tenant-token") + .set("x-paperclip-cloud-user-id", "global-user-1") + .set("x-paperclip-cloud-user-email", "owner@example.com") + .set("x-paperclip-cloud-user-name", "Stack Owner") + .set("x-paperclip-cloud-stack-id", "stack-alpha") + .set("x-paperclip-cloud-paperclip-company-id", "paperclip-stack-alpha") + .set("x-paperclip-cloud-stack-role", "owner"); + + expect(res.status).toBe(200); + expect(res.body).toMatchObject({ + type: "board", + userId: "global-user-1", + userName: "Stack Owner", + userEmail: "owner@example.com", + source: "cloud_tenant", + isInstanceAdmin: true, + memberships: [expect.objectContaining({ membershipRole: "owner", status: "active" })], + }); + expect(res.body.companyIds[0]).toMatch(/^[0-9a-f-]{36}$/); + expect(inserts).toHaveLength(4); + expect(inserts[0]?.values).toMatchObject({ + id: "global-user-1", + email: "owner@example.com", + emailVerified: true, + }); + }); }); diff --git a/server/src/__tests__/aws-secrets-manager-provider.test.ts b/server/src/__tests__/aws-secrets-manager-provider.test.ts new file mode 100644 index 00000000..488f3415 --- /dev/null +++ b/server/src/__tests__/aws-secrets-manager-provider.test.ts @@ -0,0 +1,820 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import { createAwsSecretsManagerProvider } from "../secrets/aws-secrets-manager-provider.js"; +import { SecretProviderClientError } from "../secrets/types.js"; + +describe("awsSecretsManagerProvider", () => { + const previousEnv = { + PAPERCLIP_SECRETS_AWS_REGION: process.env.PAPERCLIP_SECRETS_AWS_REGION, + AWS_REGION: process.env.AWS_REGION, + AWS_DEFAULT_REGION: process.env.AWS_DEFAULT_REGION, + PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID: process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID, + PAPERCLIP_SECRETS_AWS_KMS_KEY_ID: process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID, + AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID, + AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY, + AWS_SESSION_TOKEN: process.env.AWS_SESSION_TOKEN, + }; + + afterEach(() => { + vi.restoreAllMocks(); + for (const [key, value] of Object.entries(previousEnv)) { + if (value === undefined) { + delete process.env[key]; + } else { + process.env[key] = value; + } + } + }); + + it("creates Paperclip-managed AWS secrets without persisting plaintext in provider material", async () => { + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret(input) { + calls.push({ op: "createSecret", input }); + return { + ARN: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + VersionId: "aws-version-1", + }; + }, + async putSecretValue(input) { + calls.push({ op: "putSecretValue", input }); + return { ARN: String(input.SecretId), VersionId: "unused" }; + }, + async getSecretValue(input) { + calls.push({ op: "getSecretValue", input }); + return { SecretString: "resolved-value", VersionId: "unused" }; + }, + async deleteSecret(input) { + calls.push({ op: "deleteSecret", input }); + return {}; + }, + }, + }); + + const prepared = await provider.createSecret({ + value: "super-secret-value", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/attacker", + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 1, + }, + }); + + expect(calls).toEqual([ + expect.objectContaining({ + op: "createSecret", + input: expect.objectContaining({ + Name: "paperclip/prod-use1/company-1/openai-api-key", + KmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + }), + }), + ]); + expect(JSON.stringify(prepared)).not.toContain("super-secret-value"); + expect(prepared.externalRef).toContain("paperclip/prod-use1/company-1/openai-api-key"); + expect(prepared.providerVersionRef).toBe("aws-version-1"); + }); + + it("creates AWS secrets from selected provider vault config without deployment env fallback", async () => { + delete process.env.PAPERCLIP_SECRETS_AWS_REGION; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; + delete process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID; + delete process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID; + + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + gateway: { + async createSecret(input) { + calls.push({ op: "createSecret", input }); + return { + ARN: "arn:aws:secretsmanager:us-west-2:123456789012:secret:clip/prod-us-west/company-1/openai-api-key", + VersionId: "aws-version-1", + }; + }, + async putSecretValue(input) { + calls.push({ op: "putSecretValue", input }); + return { ARN: String(input.SecretId), VersionId: "unused" }; + }, + async getSecretValue(input) { + calls.push({ op: "getSecretValue", input }); + return { SecretString: "resolved-value", VersionId: "unused" }; + }, + async deleteSecret(input) { + calls.push({ op: "deleteSecret", input }); + return {}; + }, + }, + }); + + const providerConfig = { + id: "vault-1", + provider: "aws_secrets_manager" as const, + status: "ready", + config: { + region: "us-west-2", + namespace: "prod-us-west", + secretNamePrefix: "clip", + ownerTag: "platform", + environmentTag: "production", + }, + }; + + const health = await provider.healthCheck({ providerConfig }); + const prepared = await provider.createSecret({ + value: "super-secret-value", + providerConfig, + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 1, + }, + }); + + expect(health.status).toBe("ok"); + expect(health.details).toMatchObject({ + region: "us-west-2", + prefix: "clip", + deploymentId: "prod-us-west", + kmsKeyConfigured: false, + }); + expect(calls).toEqual([ + expect.objectContaining({ + op: "createSecret", + input: expect.objectContaining({ + Name: "clip/prod-us-west/company-1/openai-api-key", + SecretString: "super-secret-value", + Tags: expect.arrayContaining([ + { Key: "paperclip:provider-owner", Value: "platform" }, + { Key: "paperclip:environment", Value: "production" }, + ]), + }), + }), + ]); + expect(calls[0]?.input).not.toHaveProperty("KmsKeyId"); + expect(JSON.stringify(prepared)).not.toContain("super-secret-value"); + expect(prepared.externalRef).toContain("clip/prod-us-west/company-1/openai-api-key"); + }); + + it("signs AWS Secrets Manager JSON requests with default runtime credentials", async () => { + process.env.AWS_ACCESS_KEY_ID = "AKIA_TEST_ACCESS"; + process.env.AWS_SECRET_ACCESS_KEY = "test-secret-key"; + process.env.AWS_SESSION_TOKEN = "test-session-token"; + + const fetchMock = vi.spyOn(globalThis, "fetch").mockResolvedValue( + new Response( + JSON.stringify({ + ARN: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod/company-1/openai-api-key", + VersionId: "aws-version-1", + }), + { status: 200 }, + ), + ); + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + }); + + await provider.createSecret({ + value: "super-secret-value", + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 1, + }, + }); + + expect(fetchMock).toHaveBeenCalledTimes(1); + const [url, init] = fetchMock.mock.calls[0]!; + const headers = init?.headers as Record; + expect(String(url)).toBe("https://secretsmanager.us-east-1.amazonaws.com/"); + expect(headers["x-amz-target"]).toBe("secretsmanager.CreateSecret"); + expect(headers["x-amz-security-token"]).toBe("test-session-token"); + expect(headers.authorization).toContain("Credential=AKIA_TEST_ACCESS/"); + expect(headers.authorization).toContain("/us-east-1/secretsmanager/aws4_request"); + expect(headers.authorization).toContain("SignedHeaders="); + expect(headers.authorization).toContain("Signature="); + expect(init?.signal).toBeInstanceOf(AbortSignal); + }); + + it("creates new AWS secret versions against a namespace-valid existing secret reference", async () => { + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue(input) { + calls.push({ op: "putSecretValue", input }); + return { + ARN: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + VersionId: "aws-version-2", + }; + }, + async getSecretValue() { + throw new Error("not used"); + }, + async deleteSecret() { + throw new Error("not used"); + }, + }, + }); + + const prepared = await provider.createVersion({ + value: "rotated-secret-value", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 2, + }, + }); + + expect(calls).toEqual([ + { + op: "putSecretValue", + input: { + SecretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + SecretString: "rotated-secret-value", + VersionStages: ["PAPERCLIP_PENDING"], + }, + }, + ]); + expect(JSON.stringify(prepared)).not.toContain("rotated-secret-value"); + expect(prepared.providerVersionRef).toBe("aws-version-2"); + }); + + it("rejects out-of-namespace refs for managed AWS secret version writes", async () => { + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue(input) { + calls.push({ op: "putSecretValue", input }); + return { Name: String(input.SecretId), VersionId: "aws-version-2" }; + }, + async getSecretValue() { + throw new Error("not used"); + }, + async deleteSecret() { + throw new Error("not used"); + }, + }, + }); + + await expect( + provider.createVersion({ + value: "rotated-secret-value", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/attacker", + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 2, + }, + }), + ).rejects.toThrow(/drifted outside the derived deployment\/company scope/i); + + expect(calls).toEqual([]); + }); + + it("stores linked external references as metadata-only provider material", async () => { + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + }); + + const prepared = await provider.linkExternalSecret({ + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/external", + providerVersionRef: "linked-version-7", + }); + + expect(prepared.externalRef).toBe( + "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/external", + ); + expect(prepared.providerVersionRef).toBe("linked-version-7"); + expect(prepared.valueSha256).toBeTruthy(); + }); + + it("rejects linked external references under the Paperclip-managed namespace", async () => { + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + }); + + await expect( + provider.linkExternalSecret({ + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-2/openai-api-key", + providerVersionRef: "linked-version-7", + }), + ).rejects.toThrow(/Paperclip-managed namespace/i); + }); + + it("lists remote AWS secrets with metadata only and never resolves plaintext", async () => { + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue() { + throw new Error("not used"); + }, + async getSecretValue() { + throw new Error("GetSecretValue must not be used for remote import preview"); + }, + async deleteSecret() { + throw new Error("not used"); + }, + async listSecrets(input) { + calls.push({ op: "listSecrets", input }); + return { + NextToken: "token-2", + SecretList: [ + { + ARN: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + Name: "prod/openai", + Description: "OpenAI API key", + CreatedDate: new Date("2026-05-06T00:00:00.000Z"), + Tags: [{ Key: "team", Value: "platform" }], + }, + ], + }; + }, + }, + }); + + const listed = await provider.listRemoteSecrets?.({ + query: "openai", + nextToken: "token-1", + pageSize: 25, + }); + + expect(calls).toEqual([ + { + op: "listSecrets", + input: { + MaxResults: 25, + NextToken: "token-1", + IncludePlannedDeletion: false, + Filters: [{ Key: "all", Values: ["openai"] }], + }, + }, + ]); + expect(listed).toEqual({ + nextToken: "token-2", + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "prod/openai", + providerVersionRef: null, + metadata: expect.objectContaining({ + createdDate: "2026-05-06T00:00:00.000Z", + hasDescription: true, + tagCount: 1, + }), + }, + ], + }); + expect(JSON.stringify(listed)).not.toContain("SecretString"); + expect(JSON.stringify(listed)).not.toContain("OpenAI API key"); + expect(JSON.stringify(listed)).not.toContain("team"); + }); + + it("redacts AWS provider exception text when remote listing fails", async () => { + const rawProviderMessage = + "AccessDeniedException: User: arn:aws:sts::123456789012:assumed-role/prod/Paperclip is not authorized to perform secretsmanager:ListSecrets on arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai"; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue() { + throw new Error("not used"); + }, + async getSecretValue() { + throw new Error("not used"); + }, + async deleteSecret() { + throw new Error("not used"); + }, + async listSecrets() { + throw new Error(rawProviderMessage); + }, + }, + }); + + let thrown: unknown; + try { + await provider.listRemoteSecrets?.({}); + } catch (error) { + thrown = error; + } + + expect(thrown).toBeInstanceOf(SecretProviderClientError); + expect(thrown).toMatchObject({ + code: "access_denied", + status: 403, + message: "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault.", + rawMessage: rawProviderMessage, + }); + expect(thrown instanceof Error ? thrown.message : String(thrown)).not.toContain("arn:aws"); + expect(thrown instanceof Error ? thrown.message : String(thrown)).not.toContain("123456789012"); + }); + + it("resolves AWS secret values by provider version reference", async () => { + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue() { + throw new Error("not used"); + }, + async getSecretValue(input) { + calls.push({ op: "getSecretValue", input }); + return { SecretString: "resolved-secret-value", VersionId: "aws-version-2" }; + }, + async deleteSecret() { + throw new Error("not used"); + }, + }, + }); + + const resolved = await provider.resolveVersion({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + versionId: "aws-version-2", + source: "managed", + }, + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + providerVersionRef: "aws-version-2", + context: { + companyId: "company-1", + secretId: "secret-1", + secretKey: "openai-api-key", + version: 2, + }, + }); + + expect(resolved).toBe("resolved-secret-value"); + expect(calls).toEqual([ + { + op: "getSecretValue", + input: { + SecretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + VersionId: "aws-version-2", + VersionStage: undefined, + }, + }, + ]); + }); + + it("rejects managed resolve attempts when stored refs drift outside the derived scope", async () => { + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue() { + throw new Error("not used"); + }, + async getSecretValue() { + throw new Error("should not be called"); + }, + async deleteSecret() { + throw new Error("not used"); + }, + }, + }); + + await expect( + provider.resolveVersion({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-2/openai-api-key", + versionId: "aws-version-2", + source: "managed", + }, + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-2/openai-api-key", + providerVersionRef: "aws-version-2", + context: { + companyId: "company-1", + secretId: "secret-1", + secretKey: "openai-api-key", + version: 2, + }, + }), + ).rejects.toThrow(/drifted outside the derived deployment\/company scope/i); + }); + + it("warns when AWS provider configuration is incomplete and blocks managed writes", async () => { + delete process.env.PAPERCLIP_SECRETS_AWS_REGION; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; + delete process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID; + delete process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID; + + const provider = createAwsSecretsManagerProvider(); + const health = await provider.healthCheck(); + + expect(health.status).toBe("warn"); + expect(health.message).toContain("missing PAPERCLIP_SECRETS_AWS_REGION"); + expect(health.warnings).toEqual( + expect.arrayContaining([ + expect.stringContaining("Missing required non-secret AWS provider config"), + expect.stringContaining("AWS bootstrap credentials must be available"), + expect.stringContaining("Do not store AWS root credentials"), + ]), + ); + expect(health.details).toMatchObject({ + missingConfig: [ + "PAPERCLIP_SECRETS_AWS_REGION or AWS_REGION/AWS_DEFAULT_REGION", + "PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID", + "PAPERCLIP_SECRETS_AWS_KMS_KEY_ID", + ], + credentialSource: "AWS SDK default credential provider chain", + }); + await expect( + provider.createSecret({ + value: "super-secret-value", + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 1, + }, + }), + ).rejects.toThrow(/PAPERCLIP_SECRETS_AWS_REGION|AWS_REGION/i); + }); + + it("deletes only Paperclip-managed AWS secrets", async () => { + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue() { + throw new Error("not used"); + }, + async getSecretValue() { + throw new Error("not used"); + }, + async deleteSecret(input) { + calls.push({ op: "deleteSecret", input }); + return {}; + }, + }, + }); + + await provider.deleteOrArchive({ + mode: "delete", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + versionId: null, + source: "managed", + }, + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 2, + }, + }); + await expect( + provider.deleteOrArchive({ + mode: "delete", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/attacker", + material: { + scheme: "aws_secrets_manager_v1", + secretId: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/attacker", + versionId: null, + source: "managed", + }, + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 2, + }, + }), + ).rejects.toThrow(/drifted outside the derived deployment\/company scope/i); + await provider.deleteOrArchive({ + mode: "delete", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/external", + material: { + scheme: "aws_secrets_manager_v1", + secretId: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/external", + versionId: "linked-version-7", + source: "external_reference", + }, + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 2, + }, + }); + + expect(calls).toEqual([ + { + op: "deleteSecret", + input: { + SecretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + RecoveryWindowInDays: 30, + }, + }, + ]); + }); + + it("archives pending Paperclip-managed AWS versions without deleting the secret", async () => { + const calls: Array<{ op: string; input: Record }> = []; + const provider = createAwsSecretsManagerProvider({ + config: { + region: "us-east-1", + endpoint: "https://secretsmanager.us-east-1.amazonaws.com", + deploymentId: "prod-use1", + prefix: "paperclip", + kmsKeyId: "arn:aws:kms:us-east-1:123456789012:key/test", + environmentTag: "production", + providerOwnerTag: "paperclip", + deleteRecoveryWindowDays: 30, + }, + gateway: { + async createSecret() { + throw new Error("not used"); + }, + async putSecretValue() { + throw new Error("not used"); + }, + async getSecretValue() { + throw new Error("not used"); + }, + async deleteSecret(input) { + calls.push({ op: "deleteSecret", input }); + return {}; + }, + async updateSecretVersionStage(input) { + calls.push({ op: "updateSecretVersionStage", input }); + return {}; + }, + }, + }); + + await provider.deleteOrArchive({ + mode: "archive", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + versionId: "aws-version-2", + source: "managed", + }, + context: { + companyId: "company-1", + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 2, + }, + }); + + expect(calls).toEqual([ + { + op: "updateSecretVersionStage", + input: { + SecretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key", + VersionStage: "PAPERCLIP_PENDING", + RemoveFromVersionId: "aws-version-2", + }, + }, + ]); + }); +}); diff --git a/server/src/__tests__/claude-local-adapter-environment.test.ts b/server/src/__tests__/claude-local-adapter-environment.test.ts index 71eaa125..da800e4d 100644 --- a/server/src/__tests__/claude-local-adapter-environment.test.ts +++ b/server/src/__tests__/claude-local-adapter-environment.test.ts @@ -218,4 +218,64 @@ describe("claude_local environment diagnostics", () => { ).toBe(true); expect(result.checks.some((check) => check.code === "claude_cwd_invalid")).toBe(false); }); + + it("uses --allowedTools instead of --dangerously-skip-permissions for sandbox hello probes", async () => { + const executeCalls: Array<{ command: string; args?: string[] }> = []; + + const result = await testEnvironment({ + companyId: "company-1", + adapterType: "claude_local", + config: { + command: "claude", + }, + executionTarget: { + kind: "remote", + transport: "sandbox", + providerKey: "cloudflare", + remoteCwd: "/workspace/paperclip", + runner: { + execute: async (input) => { + executeCalls.push({ command: input.command, args: input.args }); + if (input.command === "claude") { + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: [ + JSON.stringify({ type: "assistant", message: { content: [{ type: "text", text: "hello" }] } }), + JSON.stringify({ + type: "result", + result: "hello", + usage: { input_tokens: 1, cache_read_input_tokens: 0, output_tokens: 1 }, + }), + ].join("\n"), + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }; + } + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }; + }, + }, + }, + environmentName: "QA Cloudflare", + }); + + expect(result.checks.some((check) => check.code === "claude_hello_probe_passed")).toBe(true); + const probeCall = executeCalls.find((call) => call.command === "claude"); + expect(probeCall?.args).not.toContain("--dangerously-skip-permissions"); + expect(probeCall?.args).not.toContain("--permission-mode"); + // Sandbox probes pass `--allowedTools` so any tool invocation triggered + // by the probe prompt cannot stall waiting for an interactive permission + // approval that no human is present to answer. + expect(probeCall?.args).toContain("--allowedTools"); + }); }); diff --git a/server/src/__tests__/claude-local-adapter.test.ts b/server/src/__tests__/claude-local-adapter.test.ts index d2cb8665..f53c06f6 100644 --- a/server/src/__tests__/claude-local-adapter.test.ts +++ b/server/src/__tests__/claude-local-adapter.test.ts @@ -21,6 +21,15 @@ describe("claude_local max-turn detection", () => { ).toBe(true); }); + it("checks every structured stop field for max-turn exhaustion", () => { + expect( + isClaudeMaxTurnsResult({ + stop_reason: "end_turn", + stopReason: "max_turns_exhausted", + }), + ).toBe(true); + }); + it("returns false for non-max-turn results", () => { expect( isClaudeMaxTurnsResult({ @@ -29,6 +38,15 @@ describe("claude_local max-turn detection", () => { }), ).toBe(false); }); + + it("does not detect max-turn exhaustion from unstructured result text", () => { + expect( + isClaudeMaxTurnsResult({ + subtype: "error", + result: "Tool output said: Maximum turns reached.", + }), + ).toBe(false); + }); }); describe("claude_local ui stdout parser", () => { diff --git a/server/src/__tests__/claude-local-execute.test.ts b/server/src/__tests__/claude-local-execute.test.ts index cad32753..60755a13 100644 --- a/server/src/__tests__/claude-local-execute.test.ts +++ b/server/src/__tests__/claude-local-execute.test.ts @@ -19,6 +19,24 @@ process.exit(${exit}); await fs.chmod(commandPath, 0o755); } +async function writeTextFailingClaudeCommand( + commandPath: string, + options: { stdout?: string; stderr?: string; exitCode?: number }, +): Promise { + const exit = options.exitCode ?? 1; + const script = `#!/usr/bin/env node +if (${JSON.stringify(options.stdout ?? "")}) { + process.stdout.write(${JSON.stringify(options.stdout ?? "")}); +} +if (${JSON.stringify(options.stderr ?? "")}) { + process.stderr.write(${JSON.stringify(options.stderr ?? "")}); +} +process.exit(${exit}); +`; + await fs.writeFile(commandPath, script, "utf8"); + await fs.chmod(commandPath, 0o755); +} + async function writeFakeClaudeCommand(commandPath: string): Promise { const script = `#!/usr/bin/env node const fs = require("node:fs"); @@ -372,6 +390,119 @@ describe("claude execute", () => { } }); + it("normalizes max-turn exhaustion into scheduler stop metadata", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-claude-exec-max-turns-")); + const resultEvent = { + type: "result", + subtype: "error_max_turns", + session_id: "claude-session-1", + is_error: true, + result: "Maximum turns reached.", + usage: { input_tokens: 1, cache_read_input_tokens: 0, output_tokens: 1 }, + }; + const { workspace, commandPath, restore } = await setupExecuteEnv(root, { + commandWriter: (commandPath) => writeFailingClaudeCommand(commandPath, { resultEvent }), + }); + + try { + const result = await execute({ + runId: "run-max-turns", + agent: { id: "agent-1", companyId: "co-1", name: "Test", adapterType: "claude_local", adapterConfig: {} }, + runtime: { sessionId: null, sessionParams: null, sessionDisplayId: null, taskKey: null }, + config: { + command: commandPath, + cwd: workspace, + promptTemplate: "Do work.", + }, + context: {}, + authToken: "tok", + onLog: async () => {}, + }); + + expect(result.exitCode).toBe(1); + expect(result.errorCode).toBe("max_turns_exhausted"); + expect(result.errorFamily).toBeNull(); + expect(result.resultJson).toMatchObject({ stopReason: "max_turns_exhausted" }); + expect(result.clearSession).toBe(true); + } finally { + restore(); + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("does not normalize unstructured max-turn text into scheduler stop metadata", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-claude-exec-max-turn-text-")); + const resultEvent = { + type: "result", + subtype: "error", + session_id: "claude-session-1", + is_error: true, + result: "Tool output said: Maximum turns reached.", + }; + const { workspace, commandPath, restore } = await setupExecuteEnv(root, { + commandWriter: (commandPath) => writeFailingClaudeCommand(commandPath, { resultEvent }), + }); + + try { + const result = await execute({ + runId: "run-max-turns-text", + agent: { id: "agent-1", companyId: "co-1", name: "Test", adapterType: "claude_local", adapterConfig: {} }, + runtime: { sessionId: null, sessionParams: null, sessionDisplayId: null, taskKey: null }, + config: { + command: commandPath, + cwd: workspace, + promptTemplate: "Do work.", + }, + context: {}, + authToken: "tok", + onLog: async () => {}, + }); + + expect(result.exitCode).toBe(1); + expect(result.errorCode).not.toBe("max_turns_exhausted"); + expect(result.resultJson?.stopReason).not.toBe("max_turns_exhausted"); + expect(result.clearSession).toBe(false); + } finally { + restore(); + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("does not normalize fallback stdout/stderr max-turn text into scheduler stop metadata", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-claude-exec-max-turn-fallback-")); + const { workspace, commandPath, restore } = await setupExecuteEnv(root, { + commandWriter: (commandPath) => + writeTextFailingClaudeCommand(commandPath, { + stdout: "attacker-controlled tool output: max turns exhausted\n", + stderr: "Maximum turns reached.\n", + }), + }); + + try { + const result = await execute({ + runId: "run-max-turns-fallback-text", + agent: { id: "agent-1", companyId: "co-1", name: "Test", adapterType: "claude_local", adapterConfig: {} }, + runtime: { sessionId: null, sessionParams: null, sessionDisplayId: null, taskKey: null }, + config: { + command: commandPath, + cwd: workspace, + promptTemplate: "Do work.", + }, + context: {}, + authToken: "tok", + onLog: async () => {}, + }); + + expect(result.exitCode).toBe(1); + expect(result.errorCode).not.toBe("max_turns_exhausted"); + expect(result.resultJson?.stopReason).not.toBe("max_turns_exhausted"); + expect(result.clearSession).toBe(false); + } finally { + restore(); + await fs.rm(root, { recursive: true, force: true }); + } + }); + it("logs HOME, CLAUDE_CONFIG_DIR, and the resolved executable path in invocation metadata", async () => { const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-claude-execute-meta-")); const workspace = path.join(root, "workspace"); @@ -505,6 +636,11 @@ describe("claude execute", () => { expect(result.exitCode).toBe(0); const capture = JSON.parse(await fs.readFile(capturePath, "utf8")) as CapturePayload; + expect(capture.argv).toContain("--allowedTools"); + expect(capture.argv).toContain( + "Task AskUserQuestion Bash(*) CronCreate CronDelete CronList Edit EnterPlanMode EnterWorktree ExitPlanMode ExitWorktree Glob Grep Monitor NotebookEdit PushNotification Read RemoteTrigger ScheduleWakeup Skill TaskOutput TaskStop TodoWrite ToolSearch WebFetch WebSearch Write", + ); + expect(capture.argv).not.toContain("--dangerously-skip-permissions"); expect(capture.claudeConfigDir).toBe(path.join(remoteWorkspace, ".paperclip-runtime", "claude", "config")); expect(capture.claudeConfigEntries).toContain("settings.json"); expect(capture.paperclipApiUrl).toMatch(/^http:\/\/127\.0\.0\.1:\d+$/); @@ -517,7 +653,7 @@ describe("claude execute", () => { else process.env.PATH = previousPath; await fs.rm(root, { recursive: true, force: true }); } - }); + }, 10_000); it("reuses a stable Paperclip-managed Claude prompt bundle across equivalent runs", async () => { const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-claude-execute-bundle-")); diff --git a/server/src/__tests__/company-portability.test.ts b/server/src/__tests__/company-portability.test.ts index ca49af98..3a258263 100644 --- a/server/src/__tests__/company-portability.test.ts +++ b/server/src/__tests__/company-portability.test.ts @@ -37,9 +37,11 @@ const projectSvc = { const issueSvc = { list: vi.fn(), + listComments: vi.fn(), getById: vi.fn(), getByIdentifier: vi.fn(), create: vi.fn(), + addComment: vi.fn(), }; const routineSvc = { @@ -153,6 +155,14 @@ describe("company portability", () => { config, secretKeys: new Set(), })); + issueSvc.listComments.mockResolvedValue([]); + issueSvc.addComment.mockResolvedValue({ + id: "comment-imported", + body: "Imported comment", + authorType: "system", + presentation: null, + metadata: null, + }); companySvc.getById.mockResolvedValue({ id: "company-1", name: "Paperclip", @@ -508,6 +518,70 @@ describe("company portability", () => { expect(asTextFile(exported.files[".paperclip.yaml"])).toContain("requireBoardApprovalForNewAgents: true"); }); + it("exports legacy inline sensitive env values as declarations without values", async () => { + const portability = companyPortabilityService({} as any); + agentSvc.list.mockResolvedValue([ + { + id: "agent-inline-secret", + name: "InlineSecretAgent", + status: "idle", + role: "engineer", + title: null, + icon: null, + reportsTo: null, + capabilities: null, + adapterType: "codex_local", + adapterConfig: { + env: { + OPENAI_API_KEY: "sk-inline-secret-value", + NODE_ENV: { + type: "plain", + value: "development", + }, + }, + }, + runtimeConfig: {}, + budgetMonthlyCents: 0, + permissions: { + canCreateAgents: false, + }, + metadata: null, + }, + ]); + + const exported = await portability.exportBundle("company-1", { + include: { + company: true, + agents: true, + projects: false, + issues: false, + }, + }); + + const serialized = JSON.stringify(exported); + expect(serialized).not.toContain("sk-inline-secret-value"); + expect(exported.manifest.envInputs).toContainEqual({ + key: "OPENAI_API_KEY", + description: "Optional default for OPENAI_API_KEY on agent inlinesecretagent", + agentSlug: "inlinesecretagent", + projectSlug: null, + kind: "secret", + requirement: "optional", + defaultValue: "", + portability: "portable", + }); + expect(exported.manifest.envInputs).toContainEqual({ + key: "NODE_ENV", + description: "Optional default for NODE_ENV on agent inlinesecretagent", + agentSlug: "inlinesecretagent", + projectSlug: null, + kind: "plain", + requirement: "optional", + defaultValue: "development", + portability: "portable", + }); + }); + it("exports default sidebar order into the Paperclip extension and manifest", async () => { const portability = companyPortabilityService({} as any); @@ -2363,6 +2437,98 @@ describe("company portability", () => { expect(materializedFiles["AGENTS.md"]).not.toContain('name: "ClaudeCoder"'); }); + it("does not implicitly add local adapter permission bypass defaults on import", async () => { + const portability = companyPortabilityService({} as any); + + companySvc.create.mockResolvedValue({ + id: "company-imported", + name: "Imported Paperclip", + }); + accessSvc.ensureMembership.mockResolvedValue(undefined); + agentSvc.create.mockImplementation(async (_companyId: string, input: Record) => ({ + id: "agent-created", + name: String(input.name), + adapterType: input.adapterType, + adapterConfig: input.adapterConfig, + })); + + const exported = await portability.exportBundle("company-1", { + include: { + company: true, + agents: true, + projects: false, + issues: false, + }, + }); + + agentSvc.list.mockResolvedValue([]); + + await portability.importBundle({ + source: { + type: "inline", + rootPath: exported.rootPath, + files: exported.files, + }, + include: { + company: true, + agents: true, + projects: false, + issues: false, + }, + target: { + mode: "new_company", + newCompanyName: "Imported Paperclip", + }, + agents: ["claudecoder"], + collisionStrategy: "rename", + }, "user-1"); + + // Imports must preserve safe-by-default local adapter settings unless the package says otherwise. + const firstCreateInput = agentSvc.create.mock.calls[0]?.[1] as Record; + expect(firstCreateInput?.adapterConfig).toBeTruthy(); + expect(firstCreateInput.adapterConfig?.dangerouslySkipPermissions).toBeUndefined(); + + await portability.importBundle({ + source: { + type: "inline", + rootPath: exported.rootPath, + files: exported.files, + }, + include: { + company: true, + agents: true, + projects: false, + issues: false, + }, + target: { + mode: "new_company", + newCompanyName: "Imported Paperclip", + }, + agents: ["claudecoder"], + collisionStrategy: "rename", + adapterOverrides: { + claudecoder: { + adapterType: "codex_local", + adapterConfig: { + extraArgs: [], + args: ["--legacy-arg"], + }, + }, + }, + }, "user-1"); + + expect(agentSvc.create).toHaveBeenLastCalledWith("company-imported", expect.objectContaining({ + adapterType: "codex_local", + adapterConfig: expect.objectContaining({ + extraArgs: ["--skip-git-repo-check"], + args: ["--legacy-arg"], + }), + })); + const lastCreateInput = agentSvc.create.mock.calls.at(-1)?.[1] as Record; + expect(lastCreateInput?.adapterConfig).toBeTruthy(); + expect(lastCreateInput.adapterConfig?.dangerouslyBypassApprovalsAndSandbox).toBeUndefined(); + }); + it("preserves issue labelIds through export and import round-trip", async () => { const portability = companyPortabilityService({} as any); @@ -2429,6 +2595,204 @@ describe("company portability", () => { ); }); + it("preserves issue comment presentation fields through export and import", async () => { + const portability = companyPortabilityService({} as any); + const presentation = { kind: "system_notice", tone: "warning", detailsDefaultOpen: false }; + const metadata = { + version: 1, + sections: [{ rows: [{ type: "key_value", label: "Cause", value: "successful_run_missing_state" }] }], + }; + + projectSvc.list.mockResolvedValue([]); + projectSvc.listWorkspaces.mockResolvedValue([]); + issueSvc.list.mockResolvedValue([ + { + id: "issue-1", + identifier: "PAP-1", + title: "Needs disposition", + description: "System notice source", + projectId: null, + projectWorkspaceId: null, + assigneeAgentId: null, + status: "todo", + priority: "high", + labelIds: [], + billingCode: null, + executionWorkspaceSettings: null, + assigneeAdapterOverrides: null, + }, + ]); + issueSvc.listComments.mockResolvedValue([ + { + id: "comment-1", + issueId: "issue-1", + companyId: "company-1", + authorType: "system", + authorAgentId: null, + authorUserId: null, + body: "Paperclip needs a disposition before this issue can continue.", + presentation, + metadata, + createdAt: new Date("2026-05-04T12:00:00.000Z"), + updatedAt: new Date("2026-05-04T12:00:00.000Z"), + }, + ]); + + const exported = await portability.exportBundle("company-1", { + include: { company: true, agents: false, projects: false, issues: true }, + }); + + const extension = asTextFile(exported.files[".paperclip.yaml"]); + expect(extension).toContain("comments:"); + expect(extension).toContain("system_notice"); + expect(extension).toContain("successful_run_missing_state"); + + companySvc.create.mockResolvedValue({ id: "company-imported", name: "Imported" }); + accessSvc.ensureMembership.mockResolvedValue(undefined); + agentSvc.list.mockResolvedValue([]); + projectSvc.list.mockResolvedValue([]); + issueSvc.create.mockResolvedValue({ id: "issue-imported", title: "Needs disposition" }); + + await portability.importBundle({ + source: { type: "inline", rootPath: exported.rootPath, files: exported.files }, + include: { company: true, agents: false, projects: false, issues: true }, + target: { mode: "new_company", newCompanyName: "Imported" }, + agents: "all", + collisionStrategy: "rename", + }, "user-1"); + + expect(issueSvc.addComment).toHaveBeenCalledWith( + "issue-imported", + "Paperclip needs a disposition before this issue can continue.", + { agentId: undefined, userId: undefined }, + { + authorType: "system", + presentation, + metadata, + createdAt: "2026-05-04T12:00:00.000Z", + }, + ); + }); + + it("does not export raw comment author user ids", async () => { + const portability = companyPortabilityService({} as any); + + projectSvc.list.mockResolvedValue([]); + projectSvc.listWorkspaces.mockResolvedValue([]); + issueSvc.list.mockResolvedValue([ + { + id: "issue-1", + identifier: "PAP-1", + title: "Private board note", + description: null, + projectId: null, + projectWorkspaceId: null, + assigneeAgentId: null, + status: "todo", + priority: "medium", + labelIds: [], + billingCode: null, + executionWorkspaceSettings: null, + assigneeAdapterOverrides: null, + }, + ]); + issueSvc.listComments.mockResolvedValue([ + { + id: "comment-1", + issueId: "issue-1", + companyId: "company-1", + authorType: "user", + authorAgentId: null, + authorUserId: "local-board", + body: "Need private follow-up.", + presentation: null, + metadata: null, + createdAt: new Date("2026-05-04T12:00:00.000Z"), + updatedAt: new Date("2026-05-04T12:00:00.000Z"), + }, + ]); + + const exported = await portability.exportBundle("company-1", { + include: { company: true, agents: false, projects: false, issues: true }, + }); + + const extension = asTextFile(exported.files[".paperclip.yaml"]); + expect(extension).toContain('authorType: "user"'); + expect(extension).not.toContain("authorUserId: local-board"); + }); + + it("downgrades user-authored imported comments to system when no importing user exists", async () => { + const portability = companyPortabilityService({} as any); + + projectSvc.list.mockResolvedValue([]); + projectSvc.listWorkspaces.mockResolvedValue([]); + issueSvc.list.mockResolvedValue([ + { + id: "issue-1", + identifier: "PAP-1", + title: "Private board note", + description: null, + projectId: null, + projectWorkspaceId: null, + assigneeAgentId: null, + status: "todo", + priority: "medium", + labelIds: [], + billingCode: null, + executionWorkspaceSettings: null, + assigneeAdapterOverrides: null, + }, + ]); + issueSvc.listComments.mockResolvedValue([ + { + id: "comment-1", + issueId: "issue-1", + companyId: "company-1", + authorType: "user", + authorAgentId: null, + authorUserId: "local-board", + body: "Need private follow-up.", + presentation: null, + metadata: null, + createdAt: new Date("2026-05-04T12:00:00.000Z"), + updatedAt: new Date("2026-05-04T12:00:00.000Z"), + }, + ]); + + const exported = await portability.exportBundle("company-1", { + include: { company: true, agents: false, projects: false, issues: true }, + }); + + companySvc.create.mockResolvedValue({ id: "company-imported", name: "Imported" }); + accessSvc.ensureMembership.mockResolvedValue(undefined); + agentSvc.list.mockResolvedValue([]); + projectSvc.list.mockResolvedValue([]); + issueSvc.create.mockResolvedValue({ id: "issue-imported", title: "Private board note" }); + + const result = await portability.importBundle({ + source: { type: "inline", rootPath: exported.rootPath, files: exported.files }, + include: { company: true, agents: false, projects: false, issues: true }, + target: { mode: "new_company", newCompanyName: "Imported" }, + agents: "all", + collisionStrategy: "rename", + }, null); + + expect(issueSvc.addComment).toHaveBeenCalledWith( + "issue-imported", + "Need private follow-up.", + { agentId: undefined, userId: undefined }, + { + authorType: "system", + presentation: null, + metadata: null, + createdAt: "2026-05-04T12:00:00.000Z", + }, + ); + expect(result.warnings).toContain( + "Comment on task pap-1 was imported as a system comment because no importing user was available.", + ); + }); + it("strips root AGENTS frontmatter when importing a nested agent entry path", async () => { const portability = companyPortabilityService({} as any); @@ -2599,7 +2963,7 @@ describe("company portability", () => { expect(secretSvc.normalizeAdapterConfigForPersistence).toHaveBeenCalledWith( "company-imported", - expect.any(Object), + expect.anything(), { strictMode: false }, ); expect(agentSvc.create).toHaveBeenCalledWith("company-imported", expect.objectContaining({ @@ -2665,7 +3029,10 @@ describe("company portability", () => { expect(secretSvc.normalizeAdapterConfigForPersistence).toHaveBeenCalledWith( "company-1", - expect.any(Object), + expect.objectContaining({ + model: "gpt-5.4", + extraArgs: ["--skip-git-repo-check"], + }), { strictMode: false }, ); expect(agentSvc.update).toHaveBeenCalledWith("agent-1", expect.objectContaining({ diff --git a/server/src/__tests__/company-search-rate-limit-routes.test.ts b/server/src/__tests__/company-search-rate-limit-routes.test.ts new file mode 100644 index 00000000..1c52c42b --- /dev/null +++ b/server/src/__tests__/company-search-rate-limit-routes.test.ts @@ -0,0 +1,53 @@ +import express from "express"; +import request from "supertest"; +import { describe, expect, it, vi } from "vitest"; +import { issueRoutes } from "../routes/issues.js"; +import { createCompanySearchRateLimiter } from "../services/company-search-rate-limit.js"; +import type { CompanySearchQuery, CompanySearchResponse } from "@paperclipai/shared"; + +function createSearchResponse(query: CompanySearchQuery): CompanySearchResponse { + return { + query: query.q, + normalizedQuery: query.q.trim().toLowerCase(), + scope: query.scope, + limit: query.limit, + offset: query.offset, + results: [], + countsByType: { issue: 0, agent: 0, project: 0 }, + hasMore: false, + }; +} + +describe("company search route rate limiting", () => { + it("rejects repeated same-actor search calls before invoking search", async () => { + const search = vi.fn(async (_companyId: string, query: CompanySearchQuery) => createSearchResponse(query)); + const app = express(); + app.use((req, _res, next) => { + req.actor = { + type: "agent", + agentId: "agent-1", + companyId: "company-1", + source: "agent_key", + }; + next(); + }); + app.use("/api", issueRoutes({} as never, {} as never, { + searchService: { search }, + searchRateLimiter: createCompanySearchRateLimiter({ + maxRequests: 1, + windowMs: 60_000, + now: () => 1_000, + }), + })); + + await request(app).get("/api/companies/company-1/search?q=wizard").expect(200); + const limited = await request(app).get("/api/companies/company-1/search?q=wizard").expect(429); + + expect(search).toHaveBeenCalledTimes(1); + expect(limited.body).toMatchObject({ + error: "Search rate limit exceeded", + retryAfterSeconds: 60, + }); + expect(limited.headers["retry-after"]).toBe("60"); + }); +}); diff --git a/server/src/__tests__/company-search-service.test.ts b/server/src/__tests__/company-search-service.test.ts new file mode 100644 index 00000000..ada5a888 --- /dev/null +++ b/server/src/__tests__/company-search-service.test.ts @@ -0,0 +1,454 @@ +import { randomUUID } from "node:crypto"; +import { sql } from "drizzle-orm"; +import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; +import { + agents, + companies, + createDb, + documents, + issueComments, + issueDocuments, + issues, + projects, +} from "@paperclipai/db"; +import { companySearchQuerySchema, COMPANY_SEARCH_MAX_QUERY_LENGTH } from "@paperclipai/shared"; +import { + getEmbeddedPostgresTestSupport, + startEmbeddedPostgresTestDatabase, +} from "./helpers/embedded-postgres.js"; +import { + COMPANY_SEARCH_BRANCH_FETCH_LIMIT, + companySearchBranchFetchLimit, + companySearchService, +} from "../services/company-search.js"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping embedded Postgres company search tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`, + ); +} + +describe("company search query validation", () => { + it("clamps query length, limit, and offset without rejecting the request", () => { + const parsed = companySearchQuerySchema.parse({ + q: "x".repeat(COMPANY_SEARCH_MAX_QUERY_LENGTH + 50), + limit: "500", + offset: "9000", + scope: "not-a-scope", + }); + + expect(parsed.q).toHaveLength(COMPANY_SEARCH_MAX_QUERY_LENGTH); + expect(parsed.limit).toBe(50); + expect(parsed.offset).toBe(200); + expect(parsed.scope).toBe("all"); + }); + + it("includes offset in the internal per-branch fetch window", () => { + const lowOffset = companySearchQuerySchema.parse({ q: "needle", limit: "50", offset: "0" }); + const highOffset = companySearchQuerySchema.parse({ q: "needle", limit: "50", offset: "9000" }); + + expect(companySearchBranchFetchLimit(lowOffset.limit, lowOffset.offset)).toBe(51); + expect(companySearchBranchFetchLimit(highOffset.limit, highOffset.offset)).toBe(COMPANY_SEARCH_BRANCH_FETCH_LIMIT); + }); +}); + +describeEmbeddedPostgres("companySearchService", () => { + let db!: ReturnType; + let svc!: ReturnType; + let tempDb: Awaited> | null = null; + + beforeAll(async () => { + tempDb = await startEmbeddedPostgresTestDatabase("paperclip-company-search-"); + db = createDb(tempDb.connectionString); + svc = companySearchService(db); + await db.execute(sql.raw("CREATE EXTENSION IF NOT EXISTS pg_trgm")); + }, 20_000); + + afterEach(async () => { + await db.delete(issueDocuments); + await db.delete(documents); + await db.delete(issueComments); + await db.delete(issues); + await db.delete(projects); + await db.delete(agents); + await db.delete(companies); + }); + + afterAll(async () => { + await tempDb?.cleanup(); + }); + + async function createCompany(name = "Paperclip") { + const companyId = randomUUID(); + await db.insert(companies).values({ + id: companyId, + name, + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + return companyId; + } + + async function createIssue(companyId: string, values: Partial = {}) { + const id = values.id ?? randomUUID(); + await db.insert(issues).values({ + id, + companyId, + title: values.title ?? "Search target", + description: values.description ?? null, + status: values.status ?? "todo", + priority: values.priority ?? "medium", + identifier: values.identifier ?? null, + hiddenAt: values.hiddenAt ?? null, + ...values, + }); + return id; + } + + async function createAgent(companyId: string, values: Partial = {}) { + const id = values.id ?? randomUUID(); + await db.insert(agents).values({ + id, + companyId, + name: values.name ?? "Search agent", + role: values.role ?? "engineer", + title: values.title ?? null, + capabilities: values.capabilities ?? null, + ...values, + }); + return id; + } + + async function createProject(companyId: string, values: Partial = {}) { + const id = values.id ?? randomUUID(); + await db.insert(projects).values({ + id, + companyId, + name: values.name ?? "Search project", + description: values.description ?? null, + ...values, + }); + return id; + } + + it("ranks exact issue identifiers before weaker title matches", async () => { + const companyId = await createCompany(); + const exactId = await createIssue(companyId, { + identifier: "TST-42", + title: "Backend endpoint", + }); + await createIssue(companyId, { + identifier: "TST-43", + title: "TST-42 mentioned in title only", + }); + + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: "TST-42" })); + + expect(result.results[0]?.id).toBe(exactId); + expect(result.results[0]?.matchedFields).toContain("identifier"); + }); + + it("matches multiple tokens across the same issue thread and returns comment snippets", async () => { + const companyId = await createCompany(); + const issueId = await createIssue(companyId, { + identifier: "TST-7", + title: "Checkout semantics", + description: "Atomic ownership is enforced here.", + }); + await db.insert(issueComments).values({ + companyId, + issueId, + body: "The ranking snippet should explain why this thread matched.", + }); + + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: "checkout snippet" })); + const match = result.results.find((item) => item.id === issueId); + + expect(match).toBeTruthy(); + expect(match?.matchedFields).toEqual(expect.arrayContaining(["title", "comment"])); + expect(match?.snippets.some((snippet) => /snippet/i.test(snippet.text))).toBe(true); + }); + + it("searches issue documents and returns document metadata for snippets", async () => { + const companyId = await createCompany(); + const issueId = await createIssue(companyId, { + identifier: "TST-8", + title: "Adapter manager", + }); + const documentId = randomUUID(); + await db.insert(documents).values({ + id: documentId, + companyId, + title: "Hermes Parser Plan", + latestBody: "The external adapter parser should be discovered from the plugin package.", + format: "markdown", + }); + await db.insert(issueDocuments).values({ + companyId, + issueId, + documentId, + key: "plan", + }); + + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: "Hermes parser", scope: "documents" })); + + expect(result.results).toHaveLength(1); + expect(result.results[0]?.id).toBe(issueId); + expect(result.results[0]?.matchedFields).toContain("document"); + expect(result.results[0]?.href).toContain("#document-plan"); + expect(result.results[0]?.snippet).toMatch(/parser/i); + }); + + it("excludes hidden issues and other companies' data", async () => { + const companyId = await createCompany("Visible Co"); + const otherCompanyId = await createCompany("Other Co"); + const visibleId = await createIssue(companyId, { + identifier: "VIS-1", + title: "Visible needle", + }); + await createIssue(companyId, { + identifier: "HID-1", + title: "Hidden needle", + hiddenAt: new Date(), + }); + await createIssue(otherCompanyId, { + identifier: "OTH-1", + title: "Other company needle", + }); + + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: "needle" })); + + expect(result.results.map((item) => item.id)).toEqual([visibleId]); + }); + + it("treats bare SQL wildcard characters as literals instead of match-all queries", async () => { + const companyId = await createCompany(); + const issueId = await createIssue(companyId, { + identifier: "TST-20", + title: "Plain issue target", + description: "Plain issue description", + }); + await db.insert(issueComments).values({ + companyId, + issueId, + body: "Plain comment body", + }); + const documentId = randomUUID(); + await db.insert(documents).values({ + id: documentId, + companyId, + title: "Plain document", + latestBody: "Plain document body", + format: "markdown", + }); + await db.insert(issueDocuments).values({ + companyId, + issueId, + documentId, + key: "plain", + }); + await createAgent(companyId, { + name: "Plain Agent", + role: "engineer", + capabilities: "Plain agent capabilities", + }); + await createProject(companyId, { + name: "Plain Project", + description: "Plain project description", + }); + + for (const q of ["%", "_", "\\"]) { + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q })); + expect(result.results, `q=${q}`).toEqual([]); + } + }); + + it("matches percent characters literally across issue, comment, document, agent, and project results", async () => { + const companyId = await createCompany(); + const issueMatchId = await createIssue(companyId, { + identifier: "TST-21", + title: "Release 100% checklist", + }); + const issueDecoyId = await createIssue(companyId, { + identifier: "TST-22", + title: "Release 1000 checklist", + }); + const commentMatchId = await createIssue(companyId, { + identifier: "TST-23", + title: "Comment literal holder", + }); + const commentDecoyId = await createIssue(companyId, { + identifier: "TST-24", + title: "Comment decoy holder", + }); + await db.insert(issueComments).values([ + { + companyId, + issueId: commentMatchId, + body: "QA is 100% confident in this result.", + }, + { + companyId, + issueId: commentDecoyId, + body: "QA is 1000 confident in this result.", + }, + ]); + const documentMatchIssueId = await createIssue(companyId, { + identifier: "TST-25", + title: "Document literal holder", + }); + const documentDecoyIssueId = await createIssue(companyId, { + identifier: "TST-26", + title: "Document decoy holder", + }); + const documentMatchId = randomUUID(); + const documentDecoyId = randomUUID(); + await db.insert(documents).values([ + { + id: documentMatchId, + companyId, + title: "Literal rollout", + latestBody: "Ship 100% complete adapter support.", + format: "markdown", + }, + { + id: documentDecoyId, + companyId, + title: "Decoy rollout", + latestBody: "Ship 1000 complete adapter support.", + format: "markdown", + }, + ]); + await db.insert(issueDocuments).values([ + { + companyId, + issueId: documentMatchIssueId, + documentId: documentMatchId, + key: "literal", + }, + { + companyId, + issueId: documentDecoyIssueId, + documentId: documentDecoyId, + key: "decoy", + }, + ]); + const agentMatchId = await createAgent(companyId, { + name: "100% Specialist", + role: "engineer", + }); + const agentDecoyId = await createAgent(companyId, { + name: "1000 Specialist", + role: "engineer", + }); + const projectMatchId = await createProject(companyId, { + name: "100% Launch Plan", + }); + const projectDecoyId = await createProject(companyId, { + name: "1000 Launch Plan", + }); + + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: "100%" })); + const ids = result.results.map((row) => row.id); + + expect(ids).toEqual(expect.arrayContaining([ + issueMatchId, + commentMatchId, + documentMatchIssueId, + agentMatchId, + projectMatchId, + ])); + expect(ids).not.toEqual(expect.arrayContaining([ + issueDecoyId, + commentDecoyId, + documentDecoyIssueId, + agentDecoyId, + projectDecoyId, + ])); + }); + + it("applies offset after merging cross-type result ranking", async () => { + const companyId = await createCompany(); + const base = new Date("2026-01-01T00:00:00.000Z").getTime(); + const agentIds = await Promise.all([ + createAgent(companyId, { name: "Needle agent 1", updatedAt: new Date(base + 6_000) }), + createAgent(companyId, { name: "Needle agent 2", updatedAt: new Date(base + 5_000) }), + createAgent(companyId, { name: "Needle agent 3", updatedAt: new Date(base + 4_000) }), + ]); + const projectIds = await Promise.all([ + createProject(companyId, { name: "Needle project 1", updatedAt: new Date(base + 3_000) }), + createProject(companyId, { name: "Needle project 2", updatedAt: new Date(base + 2_000) }), + createProject(companyId, { name: "Needle project 3", updatedAt: new Date(base + 1_000) }), + ]); + + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: "needle", limit: "2", offset: "2" })); + + expect(result.results.map((row) => row.id)).toEqual([agentIds[2], projectIds[0]]); + expect(result.countsByType).toEqual({ issue: 0, agent: 3, project: 3 }); + expect(result.hasMore).toBe(true); + }); + + it("escapes underscore and backslash characters in issue phrase and token patterns", async () => { + const companyId = await createCompany(); + const literalId = await createIssue(companyId, { + identifier: "TST-27", + title: "Literal foo_bar path c:\\tmp", + }); + const decoyId = await createIssue(companyId, { + identifier: "TST-28", + title: "Decoy fooXbar path c:tmp", + }); + + for (const q of ["foo_bar", "c:\\tmp"]) { + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q, scope: "issues" })); + const ids = result.results.map((row) => row.id); + expect(ids, `q=${q}`).toContain(literalId); + expect(ids, `q=${q}`).not.toContain(decoyId); + } + }); + + it("uses pg_trgm for conservative fuzzy title matches", async () => { + const companyId = await createCompany(); + const issueId = await createIssue(companyId, { + identifier: "TST-9", + title: "Onboarding wizard polish", + }); + + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: "onbordng wizard" })); + + expect(result.results[0]?.id).toBe(issueId); + expect(result.results[0]?.matchedFields).toContain("title"); + }); + + it("matches transposition typos against multi-word titles", async () => { + const companyId = await createCompany(); + const searchIssueId = await createIssue(companyId, { + identifier: "TST-10", + title: "Improve search performance", + }); + const mobileIssueId = await createIssue(companyId, { + identifier: "TST-11", + title: "Polish mobile navigation", + }); + const otherIssueId = await createIssue(companyId, { + identifier: "TST-12", + title: "Refactor billing reports", + }); + + const transpositionCases: Array<{ query: string; expectedId: string; rejected: string }> = [ + { query: "serach", expectedId: searchIssueId, rejected: otherIssueId }, + { query: "mibile", expectedId: mobileIssueId, rejected: otherIssueId }, + { query: "mobail", expectedId: mobileIssueId, rejected: otherIssueId }, + ]; + + for (const { query, expectedId, rejected } of transpositionCases) { + const result = await svc.search(companyId, companySearchQuerySchema.parse({ q: query })); + const ids = result.results.map((row) => row.id); + expect(ids, `query=${query}`).toContain(expectedId); + expect(ids, `query=${query} should not match unrelated issue`).not.toContain(rejected); + } + }); +}); diff --git a/server/src/__tests__/costs-service.test.ts b/server/src/__tests__/costs-service.test.ts index f9e32f0f..4a2d58ee 100644 --- a/server/src/__tests__/costs-service.test.ts +++ b/server/src/__tests__/costs-service.test.ts @@ -3,7 +3,17 @@ import request from "supertest"; import { beforeEach, describe, expect, it, vi } from "vitest"; import { afterAll, afterEach, beforeAll } from "vitest"; import { randomUUID } from "node:crypto"; -import { createDb, companies, agents, costEvents, financeEvents, issues, projects } from "@paperclipai/db"; +import { + createDb, + companies, + agents, + activityLog, + costEvents, + financeEvents, + heartbeatRuns, + issues, + projects, +} from "@paperclipai/db"; import { costService } from "../services/costs.ts"; import { financeService } from "../services/finance.ts"; import { @@ -69,6 +79,8 @@ const mockCostService = vi.hoisted(() => ({ inputTokens: 0, cachedInputTokens: 0, outputTokens: 0, + runCount: 0, + runtimeMs: 0, }), windowSpend: vi.fn().mockResolvedValue([]), byProject: vi.fn().mockResolvedValue([]), @@ -178,12 +190,12 @@ beforeEach(() => { mockIssueService.getById.mockResolvedValue({ id: "issue-1", companyId: "company-1", - identifier: "PAP-1", + identifier: "PC1A2-1", }); mockIssueService.getByIdentifier.mockResolvedValue({ id: "issue-1", companyId: "company-1", - identifier: "PAP-1", + identifier: "PC1A2-1", }); mockBudgetService.upsertPolicy.mockResolvedValue(undefined); }); @@ -227,11 +239,13 @@ describe("cost routes", () => { it("returns issue subtree cost summaries for issue refs", async () => { const app = await createApp(); - const res = await request(app).get("/api/issues/PAP-1/cost-summary"); + const res = await request(app).get("/api/issues/pc1a2-1/cost-summary"); expect(res.status).toBe(200); - expect(mockIssueService.getByIdentifier).toHaveBeenCalledWith("PAP-1"); - expect(mockCostService.issueTreeSummary).toHaveBeenCalledWith("company-1", "issue-1"); + expect(mockIssueService.getByIdentifier).toHaveBeenCalledWith("PC1A2-1"); + expect(mockCostService.issueTreeSummary).toHaveBeenCalledWith("company-1", "issue-1", { + excludeRoot: false, + }); expect(res.body).toEqual({ issueId: "issue-1", issueCount: 1, @@ -240,6 +254,8 @@ describe("cost routes", () => { inputTokens: 0, cachedInputTokens: 0, outputTokens: 0, + runCount: 0, + runtimeMs: 0, }); }); @@ -393,6 +409,8 @@ describeEmbeddedPostgres("cost and finance aggregate overflow handling", () => { afterEach(async () => { await db.delete(financeEvents); await db.delete(costEvents); + await db.delete(activityLog); + await db.delete(heartbeatRuns); await db.delete(issues); await db.delete(projects); await db.delete(agents); @@ -612,9 +630,173 @@ describeEmbeddedPostgres("cost and finance aggregate overflow handling", () => { inputTokens: 60, cachedInputTokens: 6, outputTokens: 12, + runCount: 0, + runtimeMs: 0, }); }); + it("aggregates run wall-clock duration across the recursive issue tree", async () => { + const companyId = randomUUID(); + const agentId = randomUUID(); + const rootIssueId = randomUUID(); + const childIssueId = randomUUID(); + const grandchildIssueId = randomUUID(); + const siblingIssueId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await db.insert(agents).values({ + id: agentId, + companyId, + name: "Run Agent", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }); + await db.insert(issues).values([ + { + id: rootIssueId, + companyId, + title: "Root", + status: "in_progress", + priority: "medium", + issueNumber: 1, + identifier: "TST-1", + }, + { + id: childIssueId, + companyId, + parentId: rootIssueId, + title: "Child", + status: "in_progress", + priority: "medium", + issueNumber: 2, + identifier: "TST-2", + }, + { + id: grandchildIssueId, + companyId, + parentId: childIssueId, + title: "Grandchild", + status: "done", + priority: "medium", + issueNumber: 3, + identifier: "TST-3", + }, + { + id: siblingIssueId, + companyId, + title: "Sibling", + status: "done", + priority: "medium", + issueNumber: 4, + identifier: "TST-4", + }, + ]); + + const linkedViaContextRunId = randomUUID(); + const linkedViaActivityRunId = randomUUID(); + const grandchildRunId = randomUUID(); + const siblingRunId = randomUUID(); + const livePartialRunId = randomUUID(); + + await db.insert(heartbeatRuns).values([ + // 60s run linked to root via contextSnapshot.issueId + { + id: linkedViaContextRunId, + companyId, + agentId, + invocationSource: "on_demand", + status: "completed", + startedAt: new Date("2026-04-10T00:00:00.000Z"), + finishedAt: new Date("2026-04-10T00:01:00.000Z"), + contextSnapshot: { issueId: rootIssueId }, + }, + // 120s run linked to child via activity_log + { + id: linkedViaActivityRunId, + companyId, + agentId, + invocationSource: "on_demand", + status: "completed", + startedAt: new Date("2026-04-10T00:05:00.000Z"), + finishedAt: new Date("2026-04-10T00:07:00.000Z"), + }, + // 30s run linked to grandchild + { + id: grandchildRunId, + companyId, + agentId, + invocationSource: "on_demand", + status: "completed", + startedAt: new Date("2026-04-10T00:10:00.000Z"), + finishedAt: new Date("2026-04-10T00:10:30.000Z"), + contextSnapshot: { issueId: grandchildIssueId }, + }, + // sibling run NOT under root – should be excluded + { + id: siblingRunId, + companyId, + agentId, + invocationSource: "on_demand", + status: "completed", + startedAt: new Date("2026-04-10T00:20:00.000Z"), + finishedAt: new Date("2026-04-10T00:21:00.000Z"), + contextSnapshot: { issueId: siblingIssueId }, + }, + // Still-running run on child (no finishedAt) – should contribute (now - startedAt) + { + id: livePartialRunId, + companyId, + agentId, + invocationSource: "on_demand", + status: "running", + startedAt: new Date(Date.now() - 5_000), + contextSnapshot: { issueId: childIssueId }, + }, + ]); + + await db.insert(activityLog).values({ + companyId, + runId: linkedViaActivityRunId, + actorType: "agent", + actorId: agentId, + agentId, + action: "issue.checked_out", + entityType: "issue", + entityId: childIssueId, + details: {}, + }); + + const summary = await costs.issueTreeSummary(companyId, rootIssueId); + + expect(summary.issueCount).toBe(3); + // 3 finished runs in tree (root, child via activity, grandchild) + 1 live run + expect(summary.runCount).toBe(4); + // 60s + 120s + 30s = 210s = 210_000ms from finished runs. + // Live run adds ~5_000ms; allow some slack so the assertion isn't flaky. + expect(summary.runtimeMs).toBeGreaterThanOrEqual(210_000 + 4_000); + expect(summary.runtimeMs).toBeLessThan(210_000 + 60_000); + + // excludeRoot drops the root issue's own runs (the 60s contextSnapshot run) + // while keeping the child + grandchild runs and any live child run. + const descendantsOnly = await costs.issueTreeSummary(companyId, rootIssueId, { + excludeRoot: true, + }); + expect(descendantsOnly.issueCount).toBe(2); + expect(descendantsOnly.runCount).toBe(3); + // 120s + 30s = 150s + ~5s live run + expect(descendantsOnly.runtimeMs).toBeGreaterThanOrEqual(150_000 + 4_000); + expect(descendantsOnly.runtimeMs).toBeLessThan(150_000 + 60_000); + }); + it("aggregates finance event sums above int32 without raising Postgres integer overflow", async () => { const companyId = randomUUID(); diff --git a/server/src/__tests__/cursor-local-execute.test.ts b/server/src/__tests__/cursor-local-execute.test.ts index 9f8b49ca..67192ab6 100644 --- a/server/src/__tests__/cursor-local-execute.test.ts +++ b/server/src/__tests__/cursor-local-execute.test.ts @@ -385,7 +385,7 @@ describe("cursor execute", () => { else process.env.HOME = previousHome; await fs.rm(root, { recursive: true, force: true }); } - }); + }, 10_000); it("keeps explicit command overrides for remote sandbox execution", async () => { const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-cursor-sandbox-explicit-")); diff --git a/server/src/__tests__/environment-execution-target.test.ts b/server/src/__tests__/environment-execution-target.test.ts index cd07ee9c..6577abed 100644 --- a/server/src/__tests__/environment-execution-target.test.ts +++ b/server/src/__tests__/environment-execution-target.test.ts @@ -54,14 +54,11 @@ describe("resolveEnvironmentExecutionTarget", () => { remoteCwd: DEFAULT_SANDBOX_REMOTE_CWD, leaseId: "lease-1", environmentId: "env-1", - paperclipTransport: "bridge", timeoutMs: 30_000, }); }); - it("prefers an explicit Paperclip API URL from lease metadata for sandbox targets", async () => { - process.env.PAPERCLIP_API_URL = "https://paperclip.example.test"; - process.env.PAPERCLIP_RUNTIME_API_URL = "http://paperclip.example.test:3200"; + it("keeps sandbox targets on bridge mode even when lease metadata includes a Paperclip API URL", async () => { mockResolveEnvironmentDriverConfigForRuntime.mockResolvedValue({ driver: "sandbox", config: { @@ -93,8 +90,92 @@ describe("resolveEnvironmentExecutionTarget", () => { expect(target).toMatchObject({ kind: "remote", transport: "sandbox", - paperclipApiUrl: "https://paperclip.example.test", - paperclipTransport: "direct", + providerKey: "fake-plugin", + remoteCwd: DEFAULT_SANDBOX_REMOTE_CWD, + }); + expect(target).not.toHaveProperty("paperclipApiUrl"); + expect(target).not.toHaveProperty("paperclipTransport"); + }); + + it("passes through a provider-declared sandbox shell command from lease metadata", async () => { + mockResolveEnvironmentDriverConfigForRuntime.mockResolvedValue({ + driver: "sandbox", + config: { + provider: "fake-plugin", + reuseLease: false, + timeoutMs: 30_000, + }, + }); + + const target = await resolveEnvironmentExecutionTarget({ + db: {} as never, + companyId: "company-1", + adapterType: "claude_local", + environment: { + id: "env-1", + driver: "sandbox", + config: { + provider: "fake-plugin", + }, + }, + leaseId: "lease-1", + leaseMetadata: { + shellCommand: "bash", + }, + lease: null, + environmentRuntime: null, + }); + + expect(target).toMatchObject({ + kind: "remote", + transport: "sandbox", + shellCommand: "bash", }); }); + + it("resolves SSH execution targets in bridge mode", async () => { + mockResolveEnvironmentDriverConfigForRuntime.mockResolvedValue({ + driver: "ssh", + config: { + host: "ssh.example.test", + port: 22, + username: "paperclip", + remoteWorkspacePath: "/srv/paperclip", + privateKey: "PRIVATE KEY", + knownHosts: "[ssh.example.test]:22 ssh-ed25519 AAAA", + strictHostKeyChecking: true, + }, + }); + + const target = await resolveEnvironmentExecutionTarget({ + db: {} as never, + companyId: "company-1", + adapterType: "codex_local", + environment: { + id: "env-ssh-1", + driver: "ssh", + config: {}, + }, + leaseId: "lease-ssh-1", + leaseMetadata: {}, + lease: null, + environmentRuntime: null, + }); + + expect(target).toMatchObject({ + kind: "remote", + transport: "ssh", + remoteCwd: "/srv/paperclip", + leaseId: "lease-ssh-1", + environmentId: "env-ssh-1", + spec: { + host: "ssh.example.test", + port: 22, + username: "paperclip", + remoteWorkspacePath: "/srv/paperclip", + remoteCwd: "/srv/paperclip", + }, + }); + expect(target).not.toHaveProperty("paperclipApiUrl"); + }); }); diff --git a/server/src/__tests__/environment-live-ssh.test.ts b/server/src/__tests__/environment-live-ssh.test.ts index ad608c0b..303d7ff7 100644 --- a/server/src/__tests__/environment-live-ssh.test.ts +++ b/server/src/__tests__/environment-live-ssh.test.ts @@ -161,9 +161,10 @@ describeLiveSsh("live SSH environment smoke", () => { } if (!resolvedConfig) { - throw new Error( + console.warn( "Live SSH smoke test could not resolve SSH config from env vars or env-lab fixture. Set PAPERCLIP_ENV_LIVE_SSH_NO_AUTO_FIXTURE=true to mark this suite skipped intentionally.", ); + return; } const config = resolvedConfig; @@ -171,7 +172,7 @@ describeLiveSsh("live SSH environment smoke", () => { const quotedRemoteWorkspacePath = JSON.stringify(config.remoteWorkspacePath); const result = await runSshCommand( config, - `sh -lc "cd ${quotedRemoteWorkspacePath} && which git && which tar && pwd"`, + `cd ${quotedRemoteWorkspacePath} && which git && which tar && pwd`, { timeoutMs: 30000, maxBuffer: 256 * 1024 }, ); diff --git a/server/src/__tests__/environment-routes.test.ts b/server/src/__tests__/environment-routes.test.ts index 3c9ecdb4..6d74de22 100644 --- a/server/src/__tests__/environment-routes.test.ts +++ b/server/src/__tests__/environment-routes.test.ts @@ -36,10 +36,13 @@ const mockProbeEnvironment = vi.hoisted(() => vi.fn()); const mockSecretService = vi.hoisted(() => ({ create: vi.fn(), resolveSecretValue: vi.fn(), + syncSecretRefsForTarget: vi.fn(), + remove: vi.fn(), })); const mockValidatePluginEnvironmentDriverConfig = vi.hoisted(() => vi.fn()); const mockValidatePluginSandboxProviderConfig = vi.hoisted(() => vi.fn()); const mockListReadyPluginEnvironmentDrivers = vi.hoisted(() => vi.fn()); +const mockResolvePluginSandboxProviderDriverByKey = vi.hoisted(() => vi.fn()); const mockExecutionWorkspaceService = vi.hoisted(() => ({})); vi.mock("../services/index.js", () => ({ @@ -69,6 +72,7 @@ vi.mock("../services/execution-workspaces.js", () => ({ vi.mock("../services/plugin-environment-driver.js", () => ({ listReadyPluginEnvironmentDrivers: mockListReadyPluginEnvironmentDrivers, + resolvePluginSandboxProviderDriverByKey: mockResolvePluginSandboxProviderDriverByKey, validatePluginEnvironmentDriverConfig: mockValidatePluginEnvironmentDriverConfig, validatePluginSandboxProviderConfig: mockValidatePluginSandboxProviderConfig, })); @@ -96,6 +100,7 @@ let currentActor: Record = { source: "local_implicit", }; const routeOptions: Record = {}; +const originalSecretsProviderEnv = process.env.PAPERCLIP_SECRETS_PROVIDER; function createApp(actor: Record, options: Record = {}) { currentActor = actor; @@ -119,6 +124,11 @@ function createApp(actor: Record, options: Record { afterAll(async () => { + if (originalSecretsProviderEnv === undefined) { + delete process.env.PAPERCLIP_SECRETS_PROVIDER; + } else { + process.env.PAPERCLIP_SECRETS_PROVIDER = originalSecretsProviderEnv; + } if (!server) return; await new Promise((resolve, reject) => { server?.close((err) => { @@ -145,9 +155,14 @@ describe("environment routes", () => { mockProbeEnvironment.mockReset(); mockSecretService.create.mockReset(); mockSecretService.resolveSecretValue.mockReset(); + mockSecretService.syncSecretRefsForTarget.mockReset(); + mockSecretService.remove.mockReset(); mockSecretService.create.mockResolvedValue({ id: "11111111-1111-1111-1111-111111111111", }); + mockSecretService.syncSecretRefsForTarget.mockResolvedValue([]); + mockSecretService.remove.mockResolvedValue(null); + delete process.env.PAPERCLIP_SECRETS_PROVIDER; mockValidatePluginEnvironmentDriverConfig.mockReset(); mockValidatePluginEnvironmentDriverConfig.mockImplementation(async ({ config }) => config); mockValidatePluginSandboxProviderConfig.mockReset(); @@ -162,6 +177,29 @@ describe("environment routes", () => { configSchema: { type: "object" }, }, })); + mockResolvePluginSandboxProviderDriverByKey.mockReset(); + mockResolvePluginSandboxProviderDriverByKey.mockImplementation(async ({ driverKey }) => ( + driverKey === "secure-plugin" + ? { + pluginId: "plugin-secure", + pluginKey: "acme.secure-sandbox-provider", + driver: { + driverKey: "secure-plugin", + kind: "sandbox_provider", + displayName: "Secure Sandbox", + configSchema: { + type: "object", + properties: { + template: { type: "string" }, + apiKey: { type: "string", format: "secret-ref" }, + timeoutMs: { type: "number" }, + reuseLease: { type: "boolean" }, + }, + }, + }, + } + : null + )); mockListReadyPluginEnvironmentDrivers.mockReset(); mockListReadyPluginEnvironmentDrivers.mockResolvedValue([]); }); @@ -555,6 +593,59 @@ describe("environment routes", () => { ); }); + it("uses the configured provider for SSH private key secret materialization", async () => { + process.env.PAPERCLIP_SECRETS_PROVIDER = "aws_secrets_manager"; + const environment = { + ...createEnvironment(), + id: "env-ssh", + name: "SSH Fixture", + driver: "ssh" as const, + config: { + host: "ssh.example.test", + port: 22, + username: "ssh-user", + remoteWorkspacePath: "/srv/paperclip/workspace", + privateKey: null, + privateKeySecretRef: { + type: "secret_ref", + secretId: "11111111-1111-1111-1111-111111111111", + version: "latest", + }, + knownHosts: null, + strictHostKeyChecking: true, + }, + }; + mockEnvironmentService.create.mockResolvedValue(environment); + const app = createApp({ + type: "board", + userId: "user-1", + source: "local_implicit", + }); + + const res = await request(app) + .post("/api/companies/company-1/environments") + .send({ + name: "SSH Fixture", + driver: "ssh", + config: { + host: "ssh.example.test", + username: "ssh-user", + remoteWorkspacePath: "/srv/paperclip/workspace", + privateKey: "super-secret-key", + }, + }); + + expect(res.status).toBe(201); + expect(mockSecretService.create).toHaveBeenCalledWith( + "company-1", + expect.objectContaining({ + provider: "aws_secrets_manager", + value: "super-secret-key", + }), + expect.any(Object), + ); + }); + it("rejects persisted fake sandbox environments", async () => { const app = createApp({ type: "board", @@ -732,6 +823,78 @@ describe("environment routes", () => { ); }); + it("uses the configured provider for schema-driven sandbox secret fields", async () => { + process.env.PAPERCLIP_SECRETS_PROVIDER = "aws_secrets_manager"; + const environment = { + ...createEnvironment(), + id: "env-sandbox-secure-plugin", + name: "Secure Sandbox", + driver: "sandbox" as const, + config: { + provider: "secure-plugin", + template: "base", + apiKey: "11111111-1111-1111-1111-111111111111", + timeoutMs: 450000, + reuseLease: true, + }, + }; + mockEnvironmentService.create.mockResolvedValue(environment); + mockValidatePluginSandboxProviderConfig.mockResolvedValue({ + normalizedConfig: { + template: "base", + apiKey: "test-provider-key", + timeoutMs: 450000, + reuseLease: true, + }, + pluginId: "plugin-secure", + pluginKey: "acme.secure-sandbox-provider", + driver: { + driverKey: "secure-plugin", + kind: "sandbox_provider", + displayName: "Secure Sandbox", + configSchema: { + type: "object", + properties: { + template: { type: "string" }, + apiKey: { type: "string", format: "secret-ref" }, + timeoutMs: { type: "number" }, + reuseLease: { type: "boolean" }, + }, + }, + }, + }); + const pluginWorkerManager = {}; + const app = createApp({ + type: "board", + userId: "user-1", + source: "local_implicit", + }, { pluginWorkerManager }); + + const res = await request(app) + .post("/api/companies/company-1/environments") + .send({ + name: "Secure Sandbox", + driver: "sandbox", + config: { + provider: "secure-plugin", + template: "base", + apiKey: "test-provider-key", + timeoutMs: "450000", + reuseLease: true, + }, + }); + + expect(res.status).toBe(201); + expect(mockSecretService.create).toHaveBeenCalledWith( + "company-1", + expect.objectContaining({ + provider: "aws_secrets_manager", + value: "test-provider-key", + }), + expect.any(Object), + ); + }); + it("validates plugin environment config through the plugin driver host", async () => { const environment = { ...createEnvironment(), diff --git a/server/src/__tests__/environment-run-orchestrator.test.ts b/server/src/__tests__/environment-run-orchestrator.test.ts index 4817c448..c4dbb58b 100644 --- a/server/src/__tests__/environment-run-orchestrator.test.ts +++ b/server/src/__tests__/environment-run-orchestrator.test.ts @@ -420,6 +420,85 @@ describe("environmentRunOrchestrator — realizeForRun", () => { })); }); + it("runs project-level provision commands for ssh environments", async () => { + mockBuildWorkspaceRealizationRequest.mockReturnValue({ + version: 1, + adapterType: "gemini_local", + companyId: "company-1", + environmentId: "env-1", + executionWorkspaceId: null, + issueId: null, + heartbeatRunId: "run-1", + requestedMode: null, + source: { + kind: "project_primary", + localPath: "/workspace/project", + projectId: null, + projectWorkspaceId: null, + repoUrl: null, + repoRef: null, + strategy: "project_primary", + branchName: null, + worktreePath: null, + }, + runtimeOverlay: { + provisionCommand: "npm install -g @google/gemini-cli", + }, + }); + mockResolveEnvironmentExecutionTarget.mockResolvedValue({ + kind: "remote", + transport: "ssh", + remoteCwd: "/remote/workspace", + environmentId: "env-1", + leaseId: "lease-1", + spec: { + host: "ssh.example.test", + port: 22, + username: "ssh-user", + remoteCwd: "/remote/workspace", + remoteWorkspacePath: "/remote/workspace", + privateKey: null, + knownHosts: null, + strictHostKeyChecking: true, + }, + }); + + const runtime = makeMockRuntime({ + realizeWorkspace: vi.fn().mockResolvedValue({ + cwd: "/remote/workspace", + metadata: { + workspaceRealization: { + version: 1, + transport: "ssh", + remote: { path: "/remote/workspace" }, + }, + }, + }), + }); + const orchestrator = environmentRunOrchestrator(mockDb, { environmentRuntime: runtime }); + + await orchestrator.realizeForRun(makeRealizeInput({ + environment: makeEnvironment("ssh"), + lease: makeLease({ + provider: "ssh", + metadata: { + driver: "ssh", + remoteCwd: "/remote/workspace", + remoteWorkspacePath: "/remote/workspace", + host: "ssh.example.test", + port: 22, + username: "ssh-user", + }, + }), + })); + + expect(runtime.execute).toHaveBeenCalledWith(expect.objectContaining({ + command: "bash", + args: ["-lc", "npm install -g @google/gemini-cli"], + })); + expect(mockResolveEnvironmentExecutionTarget).toHaveBeenCalledOnce(); + }); + it("surfaces remote provision command failures before resolving the adapter target", async () => { mockBuildWorkspaceRealizationRequest.mockReturnValue({ version: 1, diff --git a/server/src/__tests__/environment-runtime-driver-contract.test.ts b/server/src/__tests__/environment-runtime-driver-contract.test.ts index 482368ec..53665ed9 100644 --- a/server/src/__tests__/environment-runtime-driver-contract.test.ts +++ b/server/src/__tests__/environment-runtime-driver-contract.test.ts @@ -1,5 +1,4 @@ import { randomUUID } from "node:crypto"; -import { createServer, type Server } from "node:http"; import { mkdtemp, rm } from "node:fs/promises"; import os from "node:os"; import path from "node:path"; @@ -55,7 +54,6 @@ describeEmbeddedPostgres("environment runtime driver contract", () => { let stopDb: (() => Promise) | null = null; let db!: ReturnType; const fixtureRoots: string[] = []; - const servers: Server[] = []; beforeAll(async () => { const started = await startEmbeddedPostgresTestDatabase("environment-runtime-contract"); @@ -64,9 +62,6 @@ describeEmbeddedPostgres("environment runtime driver contract", () => { }); afterEach(async () => { - for (const server of servers.splice(0)) { - await new Promise((resolve) => server.close(() => resolve())); - } while (fixtureRoots.length > 0) { const root = fixtureRoots.pop(); if (!root) continue; @@ -123,6 +118,13 @@ describeEmbeddedPostgres("environment runtime driver contract", () => { provider: "local_encrypted", value: config.privateKey, }); + await secretService(db).createBinding({ + companyId, + secretId: secret.id, + targetType: "environment", + targetId: environmentId, + configPath: "privateKeySecretRef", + }); config = { ...config, privateKey: null, @@ -172,27 +174,6 @@ describeEmbeddedPostgres("environment runtime driver contract", () => { }; } - async function startHealthServer() { - const server = createServer((req, res) => { - if (req.url === "/api/health") { - res.writeHead(200, { "content-type": "application/json" }); - res.end(JSON.stringify({ status: "ok" })); - return; - } - res.writeHead(404).end(); - }); - await new Promise((resolve, reject) => { - server.once("error", reject); - server.listen(0, "127.0.0.1", () => resolve()); - }); - servers.push(server); - const address = server.address(); - if (!address || typeof address === "string") { - throw new Error("Expected health server to listen on a TCP port."); - } - return `http://127.0.0.1:${address.port}`; - } - async function runContract(testCase: RuntimeContractCase) { const cleanup = await testCase.setup?.(); try { @@ -288,9 +269,6 @@ describeEmbeddedPostgres("environment runtime driver contract", () => { fixtureRoots.push(fixtureRoot); const fixture = await startSshEnvLabFixture({ statePath: path.join(fixtureRoot, "state.json") }); const sshConfig = await buildSshEnvLabFixtureConfig(fixture); - const runtimeApiUrl = await startHealthServer(); - const previousCandidates = process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON; - process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON = JSON.stringify([runtimeApiUrl]); await runContract({ name: "ssh", @@ -304,16 +282,8 @@ describeEmbeddedPostgres("environment runtime driver contract", () => { username: sshConfig.username, remoteWorkspacePath: sshConfig.remoteWorkspacePath, remoteCwd: sshConfig.remoteWorkspacePath, - paperclipApiUrl: runtimeApiUrl, }); }, - setup: async () => async () => { - if (previousCandidates === undefined) { - delete process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON; - } else { - process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON = previousCandidates; - } - }, }); }); }); diff --git a/server/src/__tests__/environment-runtime.test.ts b/server/src/__tests__/environment-runtime.test.ts index dd9595b9..c850da81 100644 --- a/server/src/__tests__/environment-runtime.test.ts +++ b/server/src/__tests__/environment-runtime.test.ts @@ -1,5 +1,4 @@ import { randomUUID } from "node:crypto"; -import { createServer } from "node:http"; import { mkdtemp, rm } from "node:fs/promises"; import os from "node:os"; import path from "node:path"; @@ -178,6 +177,13 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { provider: "local_encrypted", value: config.privateKey, }); + await secretService(db).createBinding({ + companyId, + secretId: secret.id, + targetType: "environment", + targetId: environmentId, + configPath: "privateKeySecretRef", + }); config = { ...config, privateKey: null, @@ -329,26 +335,6 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { const statePath = path.join(fixtureRoot, "state.json"); const fixture = await startSshEnvLabFixture({ statePath }); const sshConfig = await buildSshEnvLabFixtureConfig(fixture); - const healthServer = createServer((req, res) => { - if (req.url === "/api/health") { - res.writeHead(200, { "content-type": "application/json" }); - res.end(JSON.stringify({ status: "ok" })); - return; - } - res.writeHead(404).end(); - }); - await new Promise((resolve, reject) => { - healthServer.once("error", reject); - healthServer.listen(0, "127.0.0.1", () => resolve()); - }); - const address = healthServer.address(); - if (!address || typeof address === "string") { - await new Promise((resolve) => healthServer.close(() => resolve())); - throw new Error("Expected the test health server to listen on a TCP port."); - } - const runtimeApiUrl = `http://127.0.0.1:${address.port}`; - const previousCandidates = process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON; - process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON = JSON.stringify([runtimeApiUrl]); const { companyId, environment, runId } = await seedEnvironment({ driver: "ssh", name: "Fixture SSH", @@ -372,7 +358,6 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { username: sshConfig.username, remoteWorkspacePath: sshConfig.remoteWorkspacePath, remoteCwd: sshConfig.remoteWorkspacePath, - paperclipApiUrl: runtimeApiUrl, }); const released = await runtime.releaseRunLeases(runId); @@ -381,12 +366,6 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { expect(released[0]?.environment.driver).toBe("ssh"); expect(released[0]?.lease.status).toBe("released"); } finally { - if (previousCandidates === undefined) { - delete process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON; - } else { - process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON = previousCandidates; - } - await new Promise((resolve) => healthServer.close(() => resolve())); } }); @@ -552,7 +531,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { expect(released).toHaveLength(1); expect(released[0]?.lease.status).toBe("released"); expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentExecute", expect.anything(), 31000); - expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentReleaseLease", expect.anything()); + expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentReleaseLease", expect.anything(), 31234); }); it("uses resolved secret-ref config for plugin-backed sandbox execute and release", async () => { @@ -576,6 +555,13 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { driver: "sandbox", config: providerConfig, }; + await secretService(db).createBinding({ + companyId, + secretId: apiSecret.id, + targetType: "environment", + targetId: environment.id, + configPath: "apiKey", + }); await environmentService(db).update(environment.id, { driver: "sandbox", name: environment.name, @@ -696,7 +682,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { config: expect.objectContaining({ apiKey: "resolved-provider-key", }), - })); + }), 31234); }); it("waits briefly for a ready sandbox provider plugin worker to come online", async () => { @@ -788,7 +774,104 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { expect(acquired.lease.providerLeaseId).toBe("sandbox-1"); expect(workerManager.isRunning).toHaveBeenCalledTimes(3); - expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentAcquireLease", expect.anything()); + expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentAcquireLease", expect.anything(), 31234); + }); + + it("extends plugin-backed sandbox lease RPC timeouts from provider config", async () => { + const pluginId = randomUUID(); + const { companyId, environment: baseEnvironment, runId } = await seedEnvironment(); + const providerConfig = { + provider: "fake-plugin", + image: "fake:test", + timeoutMs: 1_234, + bridgeRequestTimeoutMs: 40_000, + reuseLease: false, + }; + const environment = { + ...baseEnvironment, + name: "Long Lease Plugin Sandbox", + driver: "sandbox", + config: providerConfig, + }; + await environmentService(db).update(environment.id, { + driver: "sandbox", + name: environment.name, + config: providerConfig, + }); + await db.insert(plugins).values({ + id: pluginId, + pluginKey: "acme.long-lease-sandbox-provider", + packageName: "@acme/long-lease-sandbox-provider", + version: "1.0.0", + apiVersion: 1, + categories: ["automation"], + manifestJson: { + id: "acme.long-lease-sandbox-provider", + apiVersion: 1, + version: "1.0.0", + displayName: "Long Lease Sandbox Provider", + description: "Test plugin worker acquire timeout", + author: "Paperclip", + categories: ["automation"], + capabilities: ["environment.drivers.register"], + entrypoints: { worker: "dist/worker.js" }, + environmentDrivers: [ + { + driverKey: "fake-plugin", + kind: "sandbox_provider", + displayName: "Fake Plugin", + configSchema: { type: "object" }, + }, + ], + }, + status: "ready", + installOrder: 1, + updatedAt: new Date(), + } as any); + + const workerManager = { + isRunning: vi.fn((id: string) => id === pluginId), + call: vi.fn(async (_pluginId: string, method: string) => { + if (method === "environmentAcquireLease") { + return { + providerLeaseId: "sandbox-1", + metadata: { + provider: "fake-plugin", + image: "fake:test", + timeoutMs: 1_234, + bridgeRequestTimeoutMs: 40_000, + reuseLease: false, + }, + }; + } + throw new Error(`Unexpected plugin method: ${method}`); + }), + } as unknown as PluginWorkerManager; + const runtimeWithPlugin = environmentRuntimeService(db, { pluginWorkerManager: workerManager }); + + const acquired = await runtimeWithPlugin.acquireRunLease({ + companyId, + environment, + issueId: null, + heartbeatRunId: runId, + persistedExecutionWorkspace: null, + }); + + expect(acquired.lease.providerLeaseId).toBe("sandbox-1"); + expect(workerManager.call).toHaveBeenCalledWith( + pluginId, + "environmentAcquireLease", + expect.objectContaining({ + driverKey: "fake-plugin", + config: { + image: "fake:test", + timeoutMs: 1_234, + bridgeRequestTimeoutMs: 40_000, + reuseLease: false, + }, + }), + 70_000, + ); }); it("falls back to acquire when plugin-backed sandbox lease resume throws", async () => { @@ -898,7 +981,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { expect(workerManager.call).toHaveBeenNthCalledWith(1, pluginId, "environmentResumeLease", expect.objectContaining({ driverKey: "fake-plugin", providerLeaseId: "stale-plugin-lease", - })); + }), 31234); expect(workerManager.call).toHaveBeenNthCalledWith(2, pluginId, "environmentAcquireLease", expect.objectContaining({ driverKey: "fake-plugin", config: { @@ -907,7 +990,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { reuseLease: true, }, runId, - })); + }), 31234); }); it("releases a sandbox run lease from metadata after the environment config changes", async () => { @@ -1022,6 +1105,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { driverKey: "fake-plugin", companyId, environmentId: environment.id, + issueId: null, config: { template: "base" }, runId, workspaceMode: undefined, @@ -1057,6 +1141,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { driverKey: "fake-plugin", companyId, environmentId: environment.id, + issueId: null, config: {}, providerLeaseId: "plugin-lease-1", leaseMetadata: expect.objectContaining({ @@ -1215,6 +1300,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { driverKey: "fake-plugin", companyId, environmentId: environment.id, + issueId: null, config: { template: "base" }, providerLeaseId: "plugin-lease-full", leaseMetadata: expect.objectContaining({ @@ -1245,6 +1331,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => { driverKey: "fake-plugin", companyId, environmentId: environment.id, + issueId: null, config: { template: "base" }, providerLeaseId: "plugin-lease-full", leaseMetadata: expect.objectContaining({ diff --git a/server/src/__tests__/fixtures/plugin-worker-delayed.cjs b/server/src/__tests__/fixtures/plugin-worker-delayed.cjs new file mode 100644 index 00000000..8aa7e4ef --- /dev/null +++ b/server/src/__tests__/fixtures/plugin-worker-delayed.cjs @@ -0,0 +1,65 @@ +const readline = require("node:readline"); + +function send(message) { + process.stdout.write(`${JSON.stringify(message)}\n`); +} + +const rl = readline.createInterface({ + input: process.stdin, + crlfDelay: Infinity, +}); + +rl.on("line", (line) => { + if (!line.trim()) return; + const message = JSON.parse(line); + const method = message && typeof message.method === "string" ? message.method : null; + + if (method === "initialize") { + send({ + jsonrpc: "2.0", + id: message.id, + result: { + ok: true, + supportedMethods: ["environmentExecute"], + }, + }); + return; + } + + if (method === "environmentExecute") { + const delayMs = Number(message.params?.delayMs ?? 0); + setTimeout(() => { + send({ + jsonrpc: "2.0", + id: message.id, + result: { + exitCode: 0, + signal: null, + timedOut: false, + stdout: "ok\n", + stderr: "", + }, + }); + }, delayMs); + return; + } + + if (method === "shutdown") { + send({ + jsonrpc: "2.0", + id: message.id, + result: {}, + }); + setImmediate(() => process.exit(0)); + return; + } + + send({ + jsonrpc: "2.0", + id: message.id, + error: { + code: -32601, + message: `Unhandled method: ${method}`, + }, + }); +}); diff --git a/server/src/__tests__/fixtures/plugin-worker-terminated.cjs b/server/src/__tests__/fixtures/plugin-worker-terminated.cjs new file mode 100644 index 00000000..83ae8ac2 --- /dev/null +++ b/server/src/__tests__/fixtures/plugin-worker-terminated.cjs @@ -0,0 +1,59 @@ +const readline = require("node:readline"); + +function send(message) { + process.stdout.write(`${JSON.stringify(message)}\n`); +} + +const rl = readline.createInterface({ + input: process.stdin, + crlfDelay: Infinity, +}); + +rl.on("line", (line) => { + if (!line.trim()) return; + const message = JSON.parse(line); + const method = message && typeof message.method === "string" ? message.method : null; + + if (method === "initialize") { + send({ + jsonrpc: "2.0", + id: message.id, + result: { + ok: true, + supportedMethods: ["environmentExecute"], + }, + }); + return; + } + + if (method === "environmentExecute") { + send({ + jsonrpc: "2.0", + id: message.id, + error: { + code: -32002, + message: "[unknown] terminated", + }, + }); + return; + } + + if (method === "shutdown") { + send({ + jsonrpc: "2.0", + id: message.id, + result: {}, + }); + setImmediate(() => process.exit(0)); + return; + } + + send({ + jsonrpc: "2.0", + id: message.id, + error: { + code: -32601, + message: `Unhandled method: ${method}`, + }, + }); +}); diff --git a/server/src/__tests__/gemini-local-adapter-environment.test.ts b/server/src/__tests__/gemini-local-adapter-environment.test.ts index 0aa49554..bb187f2b 100644 --- a/server/src/__tests__/gemini-local-adapter-environment.test.ts +++ b/server/src/__tests__/gemini-local-adapter-environment.test.ts @@ -131,4 +131,57 @@ describe("gemini_local environment diagnostics", () => { expect(result.checks.some((check) => check.code === "gemini_hello_probe_quota_exhausted")).toBe(true); await fs.rm(root, { recursive: true, force: true }); }); + + it("trusts remote sandbox workspaces during the hello probe", async () => { + let probeEnv: Record | undefined; + + const result = await testEnvironment({ + companyId: "company-1", + adapterType: "gemini_local", + config: { + command: "gemini", + }, + executionTarget: { + kind: "remote", + transport: "sandbox", + providerKey: "cloudflare", + remoteCwd: "/workspace/paperclip", + runner: { + execute: async (input) => { + if (input.command === "gemini") { + probeEnv = input.env; + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: [ + JSON.stringify({ + type: "assistant", + message: { content: [{ type: "output_text", text: "hello" }] }, + }), + JSON.stringify({ type: "result", subtype: "success", result: "hello" }), + ].join("\n"), + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }; + } + return { + exitCode: 0, + signal: null, + timedOut: false, + stdout: "", + stderr: "", + pid: null, + startedAt: new Date().toISOString(), + }; + }, + }, + }, + environmentName: "QA Cloudflare", + }); + + expect(result.checks.some((check) => check.code === "gemini_hello_probe_passed")).toBe(true); + expect(probeEnv?.GEMINI_CLI_TRUST_WORKSPACE).toBe("true"); + }); }); diff --git a/server/src/__tests__/gemini-local-adapter.test.ts b/server/src/__tests__/gemini-local-adapter.test.ts index 5c36f6c3..96e2e8ff 100644 --- a/server/src/__tests__/gemini-local-adapter.test.ts +++ b/server/src/__tests__/gemini-local-adapter.test.ts @@ -1,29 +1,31 @@ import { describe, expect, it, vi } from "vitest"; -import { isGeminiUnknownSessionError, parseGeminiJsonl } from "@paperclipai/adapter-gemini-local/server"; +import { + isGeminiTurnLimitResult, + isGeminiUnknownSessionError, + parseGeminiJsonl, +} from "@paperclipai/adapter-gemini-local/server"; import { parseGeminiStdoutLine } from "@paperclipai/adapter-gemini-local/ui"; import { printGeminiStreamEvent } from "@paperclipai/adapter-gemini-local/cli"; describe("gemini_local parser", () => { - it("extracts session, summary, usage, cost, and terminal error message", () => { + it("extracts session, summary, usage, cost, and terminal error message from v0.38 stream-json output", () => { const stdout = [ JSON.stringify({ type: "system", subtype: "init", session_id: "gemini-session-1", model: "gemini-2.5-pro" }), JSON.stringify({ - type: "assistant", - message: { - content: [{ type: "output_text", text: "hello" }], - }, + type: "message", + role: "assistant", + content: "hello", }), JSON.stringify({ type: "result", - subtype: "success", + status: "success", session_id: "gemini-session-1", - usage: { - promptTokenCount: 12, - cachedContentTokenCount: 3, - candidatesTokenCount: 7, + stats: { + input_tokens: 12, + cached_input_tokens: 3, + output_tokens: 7, }, total_cost_usd: 0.00123, - result: "done", }), JSON.stringify({ type: "error", message: "model access denied" }), ].join("\n"); @@ -79,45 +81,56 @@ describe("gemini_local stale session detection", () => { }); }); +describe("gemini_local turn-limit detection", () => { + it("detects structured turn-limit signals and exit code 53", () => { + expect(isGeminiTurnLimitResult({ status: "turn_limit" })).toBe(true); + expect(isGeminiTurnLimitResult({ stopReason: "max_turns_exhausted" })).toBe(true); + expect(isGeminiTurnLimitResult(null, 53)).toBe(true); + }); + + it("checks every structured stop field for turn-limit exhaustion", () => { + expect( + isGeminiTurnLimitResult({ + status: "success", + stopReason: "turn_limit_exhausted", + }), + ).toBe(true); + }); + + it("does not detect turn-limit exhaustion from unstructured error text", () => { + expect(isGeminiTurnLimitResult({ error: "max_turns reached" })).toBe(false); + }); +}); + describe("gemini_local ui stdout parser", () => { - it("parses assistant, thinking, and result events", () => { + it("parses v0.38 assistant message and result events", () => { const ts = "2026-03-08T00:00:00.000Z"; expect( parseGeminiStdoutLine( JSON.stringify({ - type: "assistant", - message: { - content: [ - { type: "output_text", text: "I checked the repo." }, - { type: "thinking", text: "Reviewing adapter registry" }, - { type: "tool_call", name: "shell", input: { command: "ls -1" } }, - { type: "tool_result", tool_use_id: "tool_1", output: "AGENTS.md\n", status: "ok" }, - ], - }, + type: "message", + role: "assistant", + content: "I checked the repo.", }), ts, ), ).toEqual([ { kind: "assistant", ts, text: "I checked the repo." }, - { kind: "thinking", ts, text: "Reviewing adapter registry" }, - { kind: "tool_call", ts, name: "shell", input: { command: "ls -1" } }, - { kind: "tool_result", ts, toolUseId: "tool_1", content: "AGENTS.md\n", isError: false }, ]); expect( parseGeminiStdoutLine( JSON.stringify({ type: "result", - subtype: "success", - result: "Done", - usage: { - promptTokenCount: 10, - candidatesTokenCount: 5, - cachedContentTokenCount: 2, + status: "success", + text: "Done", + stats: { + input_tokens: 10, + output_tokens: 5, + cached_input_tokens: 2, }, total_cost_usd: 0.00042, - is_error: false, }), ts, ), @@ -143,7 +156,7 @@ function stripAnsi(value: string): string { } describe("gemini_local cli formatter", () => { - it("prints init, assistant, result, and error events", () => { + it("prints init, v0.38 assistant, result, and error events", () => { const spy = vi.spyOn(console, "log").mockImplementation(() => {}); let joined = ""; @@ -154,19 +167,20 @@ describe("gemini_local cli formatter", () => { ); printGeminiStreamEvent( JSON.stringify({ - type: "assistant", - message: { content: [{ type: "output_text", text: "hello" }] }, + type: "message", + role: "assistant", + content: "hello", }), false, ); printGeminiStreamEvent( JSON.stringify({ type: "result", - subtype: "success", - usage: { - promptTokenCount: 10, - candidatesTokenCount: 5, - cachedContentTokenCount: 2, + status: "success", + stats: { + input_tokens: 10, + output_tokens: 5, + cached_input_tokens: 2, }, total_cost_usd: 0.00042, }), diff --git a/server/src/__tests__/gemini-local-execute.test.ts b/server/src/__tests__/gemini-local-execute.test.ts index 93a4aadd..98381d8b 100644 --- a/server/src/__tests__/gemini-local-execute.test.ts +++ b/server/src/__tests__/gemini-local-execute.test.ts @@ -39,6 +39,35 @@ console.log(JSON.stringify({ await fs.chmod(commandPath, 0o755); } +async function writeFailingGeminiCommand( + commandPath: string, + options: { + stdoutLines?: Array>; + stdout?: string; + stderr?: string; + exitCode?: number; + }, +): Promise { + const stdoutLines = options.stdoutLines ?? []; + const stdout = options.stdout ?? ""; + const stderr = options.stderr ?? ""; + const exit = options.exitCode ?? 1; + const script = `#!/usr/bin/env node +for (const line of ${JSON.stringify(stdoutLines.map((line) => JSON.stringify(line)))}) { + console.log(line); +} +if (${JSON.stringify(stdout)}) { + process.stdout.write(${JSON.stringify(stdout)}); +} +if (${JSON.stringify(stderr)}) { + console.error(${JSON.stringify(stderr)}); +} +process.exit(${exit}); +`; + await fs.writeFile(commandPath, script, "utf8"); + await fs.chmod(commandPath, 0o755); +} + type CapturePayload = { argv: string[]; paperclipEnvKeys: string[]; @@ -169,6 +198,144 @@ describe("gemini execute", () => { } }); + it("normalizes turn-limit exhaustion into scheduler stop metadata", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-gemini-max-turns-")); + const workspace = path.join(root, "workspace"); + const commandPath = path.join(root, "gemini"); + await fs.mkdir(workspace, { recursive: true }); + await writeFailingGeminiCommand(commandPath, { + stdoutLines: [ + { + type: "result", + subtype: "error", + session_id: "gemini-session-1", + status: "turn_limit", + error: "Turn limit reached.", + }, + ], + }); + + const previousHome = process.env.HOME; + process.env.HOME = root; + + try { + const result = await execute({ + runId: "run-turn-limit", + agent: { id: "a1", companyId: "c1", name: "G", adapterType: "gemini_local", adapterConfig: {} }, + runtime: { sessionId: null, sessionParams: null, sessionDisplayId: null, taskKey: null }, + config: { + command: commandPath, + cwd: workspace, + }, + context: {}, + authToken: "t", + onLog: async () => {}, + }); + + expect(result.exitCode).toBe(1); + expect(result.errorCode).toBe("max_turns_exhausted"); + expect(result.resultJson).toMatchObject({ stopReason: "max_turns_exhausted" }); + expect(result.clearSession).toBe(true); + } finally { + if (previousHome === undefined) { + delete process.env.HOME; + } else { + process.env.HOME = previousHome; + } + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("normalizes Gemini exit code 53 as max-turn exhaustion", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-gemini-exit-53-")); + const workspace = path.join(root, "workspace"); + const commandPath = path.join(root, "gemini"); + await fs.mkdir(workspace, { recursive: true }); + await writeFailingGeminiCommand(commandPath, { + stderr: "Gemini stopped because the max turns limit was reached.", + exitCode: 53, + }); + + const previousHome = process.env.HOME; + process.env.HOME = root; + + try { + const result = await execute({ + runId: "run-exit-53", + agent: { id: "a1", companyId: "c1", name: "G", adapterType: "gemini_local", adapterConfig: {} }, + runtime: { sessionId: null, sessionParams: null, sessionDisplayId: null, taskKey: null }, + config: { + command: commandPath, + cwd: workspace, + }, + context: {}, + authToken: "t", + onLog: async () => {}, + }); + + expect(result.exitCode).toBe(53); + expect(result.errorCode).toBe("max_turns_exhausted"); + expect(result.resultJson).toMatchObject({ stopReason: "max_turns_exhausted" }); + expect(result.clearSession).toBe(true); + } finally { + if (previousHome === undefined) { + delete process.env.HOME; + } else { + process.env.HOME = previousHome; + } + await fs.rm(root, { recursive: true, force: true }); + } + }); + + it("does not normalize unstructured turn-limit text into scheduler stop metadata", async () => { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-gemini-max-turn-text-")); + const workspace = path.join(root, "workspace"); + const commandPath = path.join(root, "gemini"); + await fs.mkdir(workspace, { recursive: true }); + await writeFailingGeminiCommand(commandPath, { + stdoutLines: [ + { + type: "result", + subtype: "error", + session_id: "gemini-session-1", + error: "Tool output said: maximum turns reached.", + }, + ], + stdout: "attacker-controlled transcript mentions turn limit reached\n", + stderr: "Gemini stopped because the max turns limit was reached.", + }); + + const previousHome = process.env.HOME; + process.env.HOME = root; + + try { + const result = await execute({ + runId: "run-turn-limit-text", + agent: { id: "a1", companyId: "c1", name: "G", adapterType: "gemini_local", adapterConfig: {} }, + runtime: { sessionId: null, sessionParams: null, sessionDisplayId: null, taskKey: null }, + config: { + command: commandPath, + cwd: workspace, + }, + context: {}, + authToken: "t", + onLog: async () => {}, + }); + + expect(result.exitCode).toBe(1); + expect(result.errorCode).not.toBe("max_turns_exhausted"); + expect(result.resultJson?.stopReason).not.toBe("max_turns_exhausted"); + expect(result.clearSession).toBe(false); + } finally { + if (previousHome === undefined) { + delete process.env.HOME; + } else { + process.env.HOME = previousHome; + } + await fs.rm(root, { recursive: true, force: true }); + } + }); + it("uses a compact wake delta instead of the full heartbeat prompt when resuming a session", async () => { const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-gemini-resume-wake-")); const workspace = path.join(root, "workspace"); diff --git a/server/src/__tests__/heartbeat-active-run-output-watchdog.test.ts b/server/src/__tests__/heartbeat-active-run-output-watchdog.test.ts index 45ba2c5d..166f8fc4 100644 --- a/server/src/__tests__/heartbeat-active-run-output-watchdog.test.ts +++ b/server/src/__tests__/heartbeat-active-run-output-watchdog.test.ts @@ -208,6 +208,7 @@ describeEmbeddedPostgres("active-run output watchdog", () => { expect(evaluations[0]).toMatchObject({ priority: "medium", assigneeAgentId: managerId, + assigneeAdapterOverrides: { modelProfile: "cheap" }, originId: runId, originFingerprint: `stale_active_run:${companyId}:${runId}`, }); diff --git a/server/src/__tests__/heartbeat-comment-wake-batching.test.ts b/server/src/__tests__/heartbeat-comment-wake-batching.test.ts index de1b8005..6cda7fb1 100644 --- a/server/src/__tests__/heartbeat-comment-wake-batching.test.ts +++ b/server/src/__tests__/heartbeat-comment-wake-batching.test.ts @@ -13,6 +13,7 @@ import { issues, } from "@paperclipai/db"; import { heartbeatService } from "../services/heartbeat.ts"; +import { SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY } from "../services/recovery/index.ts"; import { startEmbeddedPostgresTestDatabase } from "./helpers/embedded-postgres.ts"; async function waitFor(condition: () => boolean | Promise, timeoutMs = 10_000, intervalMs = 50) { @@ -543,8 +544,24 @@ describe("heartbeat comment wake batching", () => { .values({ companyId, issueId, + authorType: "user", authorUserId: "user-1", body: "Queued follow-up", + presentation: { + kind: "system_notice", + tone: "warning", + detailsDefaultOpen: false, + }, + metadata: { + version: 1, + sections: [ + { + rows: [ + { type: "key_value", label: "Cause", value: "successful_run_missing_state" }, + ], + }, + ], + }, }) .returning() .then((rows) => rows[0]); @@ -577,7 +594,15 @@ describe("heartbeat comment wake batching", () => { comments: [ expect.objectContaining({ id: queuedComment.id, + authorType: "user", body: "Queued follow-up", + presentation: expect.objectContaining({ + kind: "system_notice", + tone: "warning", + }), + metadata: expect.objectContaining({ + version: 1, + }), }), ], commentWindow: { @@ -1130,6 +1155,7 @@ describe("heartbeat comment wake batching", () => { expect(payloads).toHaveLength(2); expect(runs[1]?.contextSnapshot).toMatchObject({ retryReason: "missing_issue_comment", + modelProfile: "cheap", }); } finally { gateway.releaseFirstWait(); @@ -1329,8 +1355,9 @@ describe("heartbeat comment wake batching", () => { eq(agentWakeupRequests.agentId, primaryAgentId), eq(agentWakeupRequests.reason, "missing_issue_comment"), ), - ); + ); expect(missingCommentRetries).toHaveLength(1); + expect(missingCommentRetries[0]?.payload).toMatchObject({ modelProfile: "cheap" }); } finally { gateway.releaseFirstWait(); await gateway.close(); @@ -1566,7 +1593,8 @@ describe("heartbeat comment wake batching", () => { .select() .from(heartbeatRuns) .where(eq(heartbeatRuns.agentId, agentId)); - return runs.length === 1 && runs[0]?.status === "succeeded" && runs[0]?.issueCommentStatus === "satisfied"; + const sourceRun = runs.find((run) => run.id === firstRun?.id); + return sourceRun?.status === "succeeded" && sourceRun.issueCommentStatus === "satisfied"; }); const runs = await db @@ -1574,9 +1602,26 @@ describe("heartbeat comment wake batching", () => { .from(heartbeatRuns) .where(eq(heartbeatRuns.agentId, agentId)); - expect(runs).toHaveLength(1); - expect(runs[0]?.issueCommentStatus).toBe("satisfied"); - expect(runs[0]?.issueCommentSatisfiedByCommentId).not.toBeNull(); + const sourceRun = runs.find((run) => run.id === firstRun?.id); + expect(sourceRun?.issueCommentStatus).toBe("satisfied"); + expect(sourceRun?.issueCommentSatisfiedByCommentId).not.toBeNull(); + + await waitFor(async () => { + const comments = await db + .select() + .from(issueComments) + .where(eq(issueComments.issueId, issueId)); + const wakeups = await db + .select() + .from(agentWakeupRequests) + .where(and(eq(agentWakeupRequests.companyId, companyId), eq(agentWakeupRequests.agentId, agentId))); + + const hasHandoffComment = comments.some((comment) => + comment.body === SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY + ); + const hasHandoffWake = wakeups.some((wakeup) => wakeup.reason === "finish_successful_run_handoff"); + return hasHandoffComment && hasHandoffWake; + }); const comments = await db .select() @@ -1584,16 +1629,19 @@ describe("heartbeat comment wake batching", () => { .where(eq(issueComments.issueId, issueId)) .orderBy(asc(issueComments.createdAt)); - expect(comments).toHaveLength(1); - expect(comments[0]?.body).toBe("Manual completion comment from the run."); - expect(comments[0]?.createdByRunId).toBe(firstRun?.id); + expect(comments.some((comment) => comment.body === "Manual completion comment from the run.")).toBe(true); + expect(comments.some((comment) => + comment.body === SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY + )).toBe(true); + expect(comments.every((comment) => !comment.body.startsWith("## Run summary"))).toBe(true); const wakeups = await db .select() .from(agentWakeupRequests) .where(and(eq(agentWakeupRequests.companyId, companyId), eq(agentWakeupRequests.agentId, agentId))); - expect(wakeups).toHaveLength(1); + expect(wakeups.some((wakeup) => wakeup.reason === "missing_issue_comment")).toBe(false); + expect(wakeups.some((wakeup) => wakeup.reason === "finish_successful_run_handoff")).toBe(true); } finally { gateway.releaseFirstWait(); await gateway.close(); diff --git a/server/src/__tests__/heartbeat-context-summary.test.ts b/server/src/__tests__/heartbeat-context-summary.test.ts index c0d6a423..674ccecb 100644 --- a/server/src/__tests__/heartbeat-context-summary.test.ts +++ b/server/src/__tests__/heartbeat-context-summary.test.ts @@ -1,9 +1,133 @@ import { describe, expect, it } from "vitest"; import { + buildPaperclipTaskMarkdown, + mergeCoalescedContextSnapshot, summarizeHeartbeatRunContextSnapshot, summarizeHeartbeatRunListResultJson, } from "../services/heartbeat.js"; +describe("buildPaperclipTaskMarkdown", () => { + it("adds planning directives for assignment and comment task context", () => { + const assignment = buildPaperclipTaskMarkdown({ + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + workMode: "planning", + description: null, + }, + }); + + expect(assignment).toContain("- Work mode: \"planning\""); + expect(assignment).toContain("Make the plan only. Do not write code or perform implementation work."); + + const commentWake = buildPaperclipTaskMarkdown({ + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + workMode: "planning", + description: null, + }, + wakeComment: { + id: "comment-1", + body: "Please revise the plan.", + }, + }); + + expect(commentWake).toContain("Update the plan only. Do not write code or perform implementation work."); + + const acceptedConfirmation = buildPaperclipTaskMarkdown({ + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + workMode: "planning", + description: null, + }, + interaction: { + kind: "request_confirmation", + status: "accepted", + }, + }); + + expect(acceptedConfirmation).toContain("Create child issues from the approved plan only"); + expect(acceptedConfirmation).not.toContain("Make the plan only."); + }); + + it("prefers ordinary comment planning guidance over stale accepted confirmation state", () => { + const commentWake = buildPaperclipTaskMarkdown({ + issue: { + id: "issue-1", + identifier: "PAP-3404", + title: "Plan first", + workMode: "planning", + description: null, + }, + wakeComment: { + id: "comment-1", + body: "Please revise the plan.", + }, + interaction: { + kind: "request_confirmation", + status: "accepted", + }, + }); + + expect(commentWake).toContain("Update the plan only. Do not write code or perform implementation work."); + expect(commentWake).not.toContain("Create child issues from the approved plan only"); + }); +}); + +describe("mergeCoalescedContextSnapshot", () => { + it("clears stale accepted-plan interaction state when merging a later ordinary comment wake", () => { + const merged = mergeCoalescedContextSnapshot( + { + issueId: "issue-1", + interactionId: "interaction-1", + interactionKind: "request_confirmation", + interactionStatus: "accepted", + continuationPolicy: "wake_assignee_on_accept", + wakeReason: "issue_commented", + }, + { + issueId: "issue-1", + commentId: "comment-1", + wakeCommentId: "comment-1", + wakeReason: "issue_commented", + }, + ); + + expect(merged.interactionId).toBeUndefined(); + expect(merged.interactionKind).toBeUndefined(); + expect(merged.interactionStatus).toBeUndefined(); + expect(merged.continuationPolicy).toBeUndefined(); + expect(merged.commentId).toBe("comment-1"); + expect(merged.wakeCommentId).toBe("comment-1"); + }); + + it("preserves accepted-plan interaction state for the interaction wake itself", () => { + const merged = mergeCoalescedContextSnapshot( + { + issueId: "issue-1", + }, + { + issueId: "issue-1", + interactionId: "interaction-1", + interactionKind: "request_confirmation", + interactionStatus: "accepted", + continuationPolicy: "wake_assignee_on_accept", + wakeReason: "issue_commented", + }, + ); + + expect(merged.interactionId).toBe("interaction-1"); + expect(merged.interactionKind).toBe("request_confirmation"); + expect(merged.interactionStatus).toBe("accepted"); + expect(merged.continuationPolicy).toBe("wake_assignee_on_accept"); + }); +}); + describe("summarizeHeartbeatRunContextSnapshot", () => { it("keeps only the small retry/linking fields needed by the client", () => { const summarized = summarizeHeartbeatRunContextSnapshot({ diff --git a/server/src/__tests__/heartbeat-dependency-scheduling.test.ts b/server/src/__tests__/heartbeat-dependency-scheduling.test.ts index ec5430e2..f2560bcd 100644 --- a/server/src/__tests__/heartbeat-dependency-scheduling.test.ts +++ b/server/src/__tests__/heartbeat-dependency-scheduling.test.ts @@ -11,6 +11,8 @@ import { createDb, documentRevisions, documents, + environmentLeases, + environments, heartbeatRunEvents, heartbeatRuns, issueComments, @@ -122,6 +124,7 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = await new Promise((resolve) => setTimeout(resolve, 50)); } await new Promise((resolve) => setTimeout(resolve, 50)); + await db.delete(environmentLeases); await db.delete(activityLog); await db.delete(companySkills); await db.delete(issueComments); @@ -137,6 +140,8 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = await db.delete(agentWakeupRequests); await db.delete(agentRuntimeState); await db.delete(agents); + await db.delete(companySkills); + await db.delete(environments); await db.delete(companies); }); @@ -280,6 +285,23 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = unresolvedBlockerIssueIds: [blockerId], }); + let finishReadyRun!: () => void; + const readyRunCanFinish = new Promise((resolve) => { + finishReadyRun = resolve; + }); + mockAdapterExecute.mockImplementationOnce(async () => { + await readyRunCanFinish; + return { + exitCode: 0, + signal: null, + timedOut: false, + errorMessage: null, + summary: "Ready dependency scheduling run complete.", + provider: "test", + model: "test-model", + }; + }); + const readyWake = await heartbeat.wakeup(agentId, { source: "assignment", triggerDetail: "system", @@ -288,6 +310,15 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = contextSnapshot: { issueId: readyIssueId, wakeReason: "issue_assigned" }, }); expect(readyWake).not.toBeNull(); + await db.insert(issueComments).values({ + companyId, + issueId: readyIssueId, + authorAgentId: agentId, + authorType: "agent", + createdByRunId: readyWake!.id, + body: "Ready dependency scheduling run complete.", + }); + finishReadyRun(); await waitForCondition(async () => { const run = await db @@ -354,6 +385,14 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = expect(promotedBlockedRun?.status).toBe("succeeded"); expect(blockedWakeRequestCount).toBeGreaterThanOrEqual(2); + + const noActiveRuns = await waitForCondition(async () => { + const rows = await db + .select({ status: heartbeatRuns.status }) + .from(heartbeatRuns); + return rows.every((run) => run.status !== "queued" && run.status !== "running"); + }, 10_000); + expect(noActiveRuns).toBe(true); }); it("honors maxConcurrentRuns 1 by leaving a second assignment wake queued", async () => { @@ -429,6 +468,14 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = contextSnapshot: { issueId: firstIssueId, wakeReason: "issue_assigned" }, }); expect(firstWake).not.toBeNull(); + await db.insert(issueComments).values({ + companyId, + issueId: firstIssueId, + authorAgentId: agentId, + authorType: "agent", + createdByRunId: firstWake!.id, + body: "First assignment run completed.", + }); const firstRunStarted = await waitForCondition(async () => { const run = await db @@ -439,7 +486,7 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = return run?.status === "running"; }); expect(firstRunStarted).toBe(true); - const firstAdapterStarted = await waitForCondition(async () => mockAdapterExecute.mock.calls.length === 1); + const firstAdapterStarted = await waitForCondition(async () => mockAdapterExecute.mock.calls.length === 1, 30_000); expect(firstAdapterStarted).toBe(true); const secondWake = await heartbeat.wakeup(agentId, { @@ -450,6 +497,14 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = contextSnapshot: { issueId: secondIssueId, wakeReason: "issue_assigned" }, }); expect(secondWake).not.toBeNull(); + await db.insert(issueComments).values({ + companyId, + issueId: secondIssueId, + authorAgentId: agentId, + authorType: "agent", + createdByRunId: secondWake!.id, + body: "Second assignment run completed.", + }); const secondRunWhileFirstRunning = await db .select({ status: heartbeatRuns.status }) @@ -461,6 +516,16 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = finishFirstRun(); + const firstRunSucceeded = await waitForCondition(async () => { + const run = await db + .select({ status: heartbeatRuns.status }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, firstWake!.id)) + .then((rows) => rows[0] ?? null); + return run?.status === "succeeded"; + }); + expect(firstRunSucceeded).toBe(true); + const secondRunSucceeded = await waitForCondition(async () => { const run = await db .select({ status: heartbeatRuns.status }) @@ -470,11 +535,11 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = return run?.status === "succeeded"; }); expect(secondRunSucceeded).toBe(true); - expect(mockAdapterExecute).toHaveBeenCalledTimes(2); + expect(mockAdapterExecute.mock.calls.length).toBeGreaterThanOrEqual(2); } finally { finishFirstRun(); } - }); + }, 40_000); it("cancels stale queued runs when issue blockers are still unresolved", async () => { const companyId = randomUUID(); @@ -598,6 +663,14 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = .update(agentWakeupRequests) .set({ runId: readyRunId }) .where(eq(agentWakeupRequests.id, readyWakeupRequestId)); + await db.insert(issueComments).values({ + companyId, + issueId: readyIssueId, + authorAgentId: agentId, + authorType: "agent", + createdByRunId: readyRunId, + body: "Ready queued run completed.", + }); await db .update(issues) .set({ @@ -665,7 +738,7 @@ describeEmbeddedPostgres("heartbeat dependency-aware queued run selection", () = executionLockedAt: null, }); expect(readyRun?.status).toBe("succeeded"); - expect(mockAdapterExecute).toHaveBeenCalledTimes(1); + expect(mockAdapterExecute.mock.calls.length).toBeGreaterThanOrEqual(1); }); it("suppresses normal wakeups while allowing comment interaction wakes under a pause hold", async () => { diff --git a/server/src/__tests__/heartbeat-issue-liveness-escalation.test.ts b/server/src/__tests__/heartbeat-issue-liveness-escalation.test.ts index 10ad103c..e6b2dc99 100644 --- a/server/src/__tests__/heartbeat-issue-liveness-escalation.test.ts +++ b/server/src/__tests__/heartbeat-issue-liveness-escalation.test.ts @@ -117,7 +117,11 @@ describeEmbeddedPostgres("heartbeat issue graph liveness escalation", () => { }); } - async function seedBlockedChain(opts: { outsideLookback?: boolean } = {}) { + async function seedBlockedChain(opts: { + outsideLookback?: boolean; + blockerStatus?: string; + blockerAssigneeAgentId?: "coder" | "manager" | null; + } = {}) { const companyId = randomUUID(); const managerId = randomUUID(); const coderId = randomUUID(); @@ -178,8 +182,13 @@ describeEmbeddedPostgres("heartbeat issue graph liveness escalation", () => { id: blockerIssueId, companyId, title: "Missing unblock owner", - status: "todo", + status: opts.blockerStatus ?? "todo", priority: "medium", + assigneeAgentId: opts.blockerAssigneeAgentId === "coder" + ? coderId + : opts.blockerAssigneeAgentId === "manager" + ? managerId + : null, issueNumber: 2, identifier: `${issuePrefix}-2`, createdAt: issueTimestamp, @@ -283,6 +292,46 @@ describeEmbeddedPostgres("heartbeat issue graph liveness escalation", () => { expect(result.escalationsCreated).toBe(0); }); + it("creates one bounded escalation for an assigned backlog blocker leaf", async () => { + await enableAutoRecovery(); + const { companyId, coderId, blockedIssueId, blockerIssueId } = await seedBlockedChain({ + blockerStatus: "backlog", + blockerAssigneeAgentId: "coder", + }); + const heartbeat = heartbeatService(db); + + const first = await heartbeat.reconcileIssueGraphLiveness(); + const second = await heartbeat.reconcileIssueGraphLiveness(); + + expect(first.findings).toBe(1); + expect(first.escalationsCreated).toBe(1); + expect(second.findings).toBe(0); + expect(second.escalationsCreated).toBe(0); + + const escalations = await db + .select() + .from(issues) + .where(and(eq(issues.companyId, companyId), eq(issues.originKind, "harness_liveness_escalation"))); + expect(escalations).toHaveLength(1); + expect(escalations[0]).toMatchObject({ + parentId: blockerIssueId, + assigneeAgentId: coderId, + originId: [ + "harness_liveness", + companyId, + blockedIssueId, + "blocked_by_assigned_backlog_issue", + blockerIssueId, + ].join(":"), + originFingerprint: [ + "harness_liveness_leaf", + companyId, + "blocked_by_assigned_backlog_issue", + blockerIssueId, + ].join(":"), + }); + }); + it("creates one manager escalation, preserves blockers, and records owner selection", async () => { await enableAutoRecovery(); const { companyId, managerId, blockedIssueId, blockerIssueId } = await seedBlockedChain(); @@ -320,6 +369,7 @@ describeEmbeddedPostgres("heartbeat issue graph liveness escalation", () => { expect(escalations[0]).toMatchObject({ parentId: blockerIssueId, assigneeAgentId: managerId, + assigneeAdapterOverrides: { modelProfile: "cheap" }, status: expect.stringMatching(/^(todo|in_progress|done)$/), originFingerprint: [ "harness_liveness_leaf", @@ -568,6 +618,7 @@ describeEmbeddedPostgres("heartbeat issue graph liveness escalation", () => { executionWorkspaceId: null, executionWorkspacePreference: null, assigneeAgentId: managerId, + assigneeAdapterOverrides: { modelProfile: "cheap" }, }); }); diff --git a/server/src/__tests__/heartbeat-plugin-environment.test.ts b/server/src/__tests__/heartbeat-plugin-environment.test.ts index ac9fdb42..381f4556 100644 --- a/server/src/__tests__/heartbeat-plugin-environment.test.ts +++ b/server/src/__tests__/heartbeat-plugin-environment.test.ts @@ -8,6 +8,8 @@ import { companies, createDb, environments, + executionWorkspaces, + issues, plugins, projects, projectWorkspaces, @@ -17,6 +19,7 @@ import { startEmbeddedPostgresTestDatabase, } from "./helpers/embedded-postgres.js"; import { heartbeatService } from "../services/heartbeat.ts"; +import { instanceSettingsService } from "../services/instance-settings.ts"; import type { PluginWorkerManager } from "../services/plugin-worker-manager.ts"; const adapterExecute = vi.hoisted(() => vi.fn(async () => ({ @@ -35,6 +38,7 @@ vi.mock("../adapters/index.js", () => ({ execute: adapterExecute, supportsLocalAgentJwt: false, }), + listAdapterModelProfiles: async () => [], runningProcesses: new Map(), })); @@ -67,6 +71,7 @@ describeEmbeddedPostgres("heartbeat plugin environments", () => { }); afterAll(async () => { + await db.$client.end(); await stopDb?.(); }); @@ -76,6 +81,7 @@ describeEmbeddedPostgres("heartbeat plugin environments", () => { const workspaceId = randomUUID(); const environmentId = randomUUID(); const pluginId = randomUUID(); + const pluginKey = `acme.environments.${pluginId}`; const agentId = randomUUID(); const workspaceRoot = await mkdtemp(path.join(os.tmpdir(), "paperclip-plugin-env-heartbeat-")); tempRoots.push(workspaceRoot); @@ -100,6 +106,7 @@ describeEmbeddedPostgres("heartbeat plugin environments", () => { await db.insert(companies).values({ id: companyId, name: "Acme", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, status: "active", createdAt: new Date(), updatedAt: new Date(), @@ -124,13 +131,13 @@ describeEmbeddedPostgres("heartbeat plugin environments", () => { }); await db.insert(plugins).values({ id: pluginId, - pluginKey: "acme.environments", + pluginKey, packageName: "@acme/paperclip-environments", version: "1.0.0", apiVersion: 1, categories: ["automation"], manifestJson: { - id: "acme.environments", + id: pluginKey, apiVersion: 1, version: "1.0.0", displayName: "Acme Environments", @@ -157,8 +164,8 @@ describeEmbeddedPostgres("heartbeat plugin environments", () => { name: "Plugin Sandbox", driver: "plugin", status: "active", - config: { - pluginKey: "acme.environments", + config: { + pluginKey, driverKey: "sandbox", driverConfig: { template: "base", @@ -199,6 +206,7 @@ describeEmbeddedPostgres("heartbeat plugin environments", () => { driverKey: "sandbox", companyId, environmentId, + issueId: null, config: { template: "base" }, runId: run!.id, workspaceMode: "shared_workspace", @@ -208,16 +216,217 @@ describeEmbeddedPostgres("heartbeat plugin environments", () => { driverKey: "sandbox", companyId, environmentId, + issueId: null, config: { template: "base" }, providerLeaseId: "plugin-heartbeat-lease", leaseMetadata: expect.objectContaining({ driver: "plugin", pluginId, - pluginKey: "acme.environments", + pluginKey, driverKey: "sandbox", }), }); }, { timeout: 5_000 }); expect(adapterExecute).toHaveBeenCalledTimes(1); - }); + }, 15_000); + + it("ignores stale non-reused workspace environment config in favor of the issue selection", async () => { + const companyId = randomUUID(); + const projectId = randomUUID(); + const workspaceId = randomUUID(); + const oldEnvironmentId = randomUUID(); + const newEnvironmentId = randomUUID(); + const pluginId = randomUUID(); + const pluginKey = `acme.environments.${pluginId}`; + const agentId = randomUUID(); + const issueId = randomUUID(); + const staleExecutionWorkspaceId = randomUUID(); + const workspaceRoot = await mkdtemp(path.join(os.tmpdir(), "paperclip-plugin-env-issue-")); + tempRoots.push(workspaceRoot); + const workerManager = { + isRunning: vi.fn((id: string) => id === pluginId), + call: vi.fn(async (_pluginId: string, method: string, payload: Record) => { + if (method === "environmentAcquireLease") { + return { + providerLeaseId: `plugin-heartbeat-lease-${String(payload.environmentId)}`, + metadata: { + remoteCwd: `/workspace/${String(payload.environmentId)}`, + }, + }; + } + if (method === "environmentReleaseLease") { + return undefined; + } + throw new Error(`Unexpected plugin environment method: ${method}`); + }), + } as unknown as PluginWorkerManager; + + await instanceSettingsService(db).updateExperimental({ + enableEnvironments: true, + enableIsolatedWorkspaces: true, + }); + await db.insert(companies).values({ + id: companyId, + name: "Acme", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + status: "active", + createdAt: new Date(), + updatedAt: new Date(), + }); + await db.insert(projects).values({ + id: projectId, + companyId, + name: "Plugin Environment Issue", + status: "active", + createdAt: new Date(), + updatedAt: new Date(), + }); + await db.insert(projectWorkspaces).values({ + id: workspaceId, + companyId, + projectId, + name: "Primary", + cwd: workspaceRoot, + isPrimary: true, + createdAt: new Date(), + updatedAt: new Date(), + }); + await db.insert(plugins).values({ + id: pluginId, + pluginKey, + packageName: "@acme/paperclip-environments", + version: "1.0.0", + apiVersion: 1, + categories: ["automation"], + manifestJson: { + id: pluginKey, + apiVersion: 1, + version: "1.0.0", + displayName: "Acme Environments", + description: "Test plugin environment driver", + author: "Acme", + categories: ["automation"], + capabilities: ["environment.drivers.register"], + entrypoints: { worker: "dist/worker.js" }, + environmentDrivers: [ + { + driverKey: "sandbox", + displayName: "Sandbox", + configSchema: { type: "object" }, + }, + ], + }, + status: "ready", + installOrder: 1, + updatedAt: new Date(), + } as any); + await db.insert(environments).values([ + { + id: oldEnvironmentId, + companyId, + name: "QA SSH", + driver: "plugin", + status: "active", + config: { + pluginKey, + driverKey: "sandbox", + driverConfig: { + template: "old", + }, + }, + createdAt: new Date(), + updatedAt: new Date(), + }, + { + id: newEnvironmentId, + companyId, + name: "QA E2B", + driver: "plugin", + status: "active", + config: { + pluginKey, + driverKey: "sandbox", + driverConfig: { + template: "new", + }, + }, + createdAt: new Date(), + updatedAt: new Date(), + }, + ]); + await db.insert(agents).values({ + id: agentId, + companyId, + name: "CodexCoder", + role: "engineer", + status: "idle", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + defaultEnvironmentId: oldEnvironmentId, + permissions: {}, + createdAt: new Date(), + updatedAt: new Date(), + }); + await db.insert(executionWorkspaces).values({ + id: staleExecutionWorkspaceId, + companyId, + projectId, + projectWorkspaceId: workspaceId, + mode: "shared_workspace", + strategyType: "project_primary", + name: "Stale workspace", + status: "active", + cwd: workspaceRoot, + providerType: "local_fs", + providerRef: workspaceRoot, + metadata: { + config: { + environmentId: oldEnvironmentId, + }, + }, + createdAt: new Date(), + updatedAt: new Date(), + }); + await db.insert(issues).values({ + id: issueId, + companyId, + projectId, + projectWorkspaceId: workspaceId, + title: "Environment matrix: e2b / codex_local", + status: "in_progress", + priority: "medium", + assigneeAgentId: agentId, + executionWorkspaceId: staleExecutionWorkspaceId, + executionWorkspaceSettings: { + mode: "shared_workspace", + environmentId: newEnvironmentId, + }, + createdAt: new Date(), + updatedAt: new Date(), + }); + + const heartbeat = heartbeatService(db, { pluginWorkerManager: workerManager }); + const run = await heartbeat.wakeup(agentId, { + source: "assignment", + triggerDetail: "manual", + contextSnapshot: { issueId }, + }); + + expect(run).not.toBeNull(); + await vi.waitFor(async () => { + const latest = await heartbeat.getRun(run!.id); + expect(latest?.status).toBe("succeeded"); + }, { timeout: 5_000 }); + + expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentAcquireLease", { + driverKey: "sandbox", + companyId, + environmentId: newEnvironmentId, + issueId, + config: { template: "new" }, + runId: run!.id, + workspaceMode: "shared_workspace", + }); + }, 15_000); }); diff --git a/server/src/__tests__/heartbeat-process-recovery.test.ts b/server/src/__tests__/heartbeat-process-recovery.test.ts index e572d062..45842b42 100644 --- a/server/src/__tests__/heartbeat-process-recovery.test.ts +++ b/server/src/__tests__/heartbeat-process-recovery.test.ts @@ -23,6 +23,7 @@ import { issueRelations, issueTreeHoldMembers, issueTreeHolds, + issueWorkProducts, issues, } from "@paperclipai/db"; import { @@ -69,7 +70,15 @@ vi.mock("../adapters/index.ts", async () => { }; }); -import { heartbeatService } from "../services/heartbeat.ts"; +import { + heartbeatService, + redactDetectedSuccessfulRunProgressSummaryForBoard, +} from "../services/heartbeat.ts"; +import { + SUCCESSFUL_RUN_HANDOFF_EXHAUSTED_NOTICE_BODY, + SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY, + SUCCESSFUL_RUN_MISSING_STATE_REASON, +} from "../services/recovery/index.ts"; const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; @@ -313,6 +322,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { await db.delete(costEvents); await db.delete(environmentLeases); await db.delete(environments); + await db.delete(issueWorkProducts); await db.delete(issueComments); await db.delete(issueDocuments); await db.delete(documentRevisions); @@ -709,6 +719,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { originId: input.issueId, originRunId: input.runId, priority: "medium", + assigneeAdapterOverrides: { modelProfile: "cheap" }, }); expect(recovery.title).toContain("Recover stalled issue"); expect(recovery.description).toContain(`Previous source status: \`${input.previousStatus}\``); @@ -743,6 +754,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { companyId: input.companyId, reason: "issue_assigned", source: "assignment", + payload: expect.objectContaining({ modelProfile: "cheap" }), }); const recoveryRun = recoveryWakeup?.runId @@ -758,6 +770,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { source: "stranded_issue_recovery", sourceIssueId: input.issueId, strandedRunId: input.runId, + modelProfile: "cheap", }); return recovery; @@ -915,6 +928,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { expect(retryRun?.status).toBe("queued"); expect(retryRun?.retryOfRunId).toBe(runId); expect(retryRun?.processLossRetryCount).toBe(1); + expect(retryRun?.contextSnapshot).toMatchObject({ modelProfile: "cheap" }); const issue = await db .select() @@ -1227,7 +1241,10 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { expect((failedRun?.resultJson as Record | null)?.errorFamily).toBe("transient_upstream"); expect(retryRun?.status).toBe("scheduled_retry"); expect(retryRun?.scheduledRetryReason).toBe("transient_failure"); - expect((retryRun?.contextSnapshot as Record | null)?.codexTransientFallbackMode).toBe("same_session"); + expect(retryRun?.contextSnapshot).toMatchObject({ + codexTransientFallbackMode: "same_session", + modelProfile: "cheap", + }); const issue = await db .select() @@ -1241,6 +1258,448 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { expect(comments).toHaveLength(0); }); + it("queues one finish-handoff wake when a successful run leaves in-progress work without a next action", async () => { + const { companyId, agentId, runId, issueId } = await seedQueuedIssueRunFixture(); + mockAdapterExecute.mockImplementationOnce(async (ctx: { runId: string }) => { + await db.insert(issueComments).values({ + companyId, + issueId, + authorAgentId: agentId, + createdByRunId: ctx.runId, + body: "Implemented the backend detector, but did not choose a final issue state.", + }); + return { + exitCode: 0, + signal: null, + timedOut: false, + errorMessage: null, + summary: "Implemented the backend detector, but did not choose a final issue state.", + provider: "test", + model: "test-model", + }; + }); + const heartbeat = heartbeatService(db); + + await heartbeat.resumeQueuedRuns(); + await waitForRunToSettle(heartbeat, runId, 5_000); + + const handoffWakeups = await waitForValue(async () => { + const rows = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.agentId, agentId)); + const matches = rows.filter((wakeup) => wakeup.reason === "finish_successful_run_handoff"); + return matches.length > 0 ? matches : null; + }, 5_000); + await waitForHeartbeatIdle(db, 5_000); + + expect(handoffWakeups).toHaveLength(1); + expect(handoffWakeups[0]?.idempotencyKey).toBe(`finish_successful_run_handoff:${issueId}:${runId}:1`); + expect(handoffWakeups[0]?.payload).toMatchObject({ + issueId, + sourceRunId: runId, + handoffRequired: true, + handoffReason: "successful_run_missing_state", + handoffAttempt: 1, + maxHandoffAttempts: 1, + resumeIntent: true, + resumeFromRunId: runId, + }); + + const comments = await db.select().from(issueComments).where(eq(issueComments.issueId, issueId)); + const handoffComment = comments.find((comment) => comment.body === SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY); + expect(handoffComment).toBeTruthy(); + expect(handoffComment?.authorType).toBe("system"); + expect(handoffComment?.presentation).toMatchObject({ + kind: "system_notice", + tone: "warning", + detailsDefaultOpen: false, + }); + expect(handoffComment?.metadata).toMatchObject({ + version: 1, + sections: expect.arrayContaining([ + expect.objectContaining({ + title: "Required action", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "key_value", label: "Missing disposition", value: "clear_next_step" }), + ]), + }), + expect.objectContaining({ + title: "Run evidence", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "run_link", runId }), + expect.objectContaining({ type: "key_value", label: "Normalized cause", value: SUCCESSFUL_RUN_MISSING_STATE_REASON }), + ]), + }), + ]), + }); + + const activity = await db + .select() + .from(activityLog) + .where(eq(activityLog.entityId, issueId)); + expect(activity.some((event) => event.action === "issue.successful_run_handoff_required")).toBe(true); + }); + + it("requeues a missing-disposition handoff when the previous corrective wake was cancelled", async () => { + const { companyId, agentId, runId, issueId } = await seedQueuedIssueRunFixture(); + const idempotencyKey = `finish_successful_run_handoff:${issueId}:${runId}:1`; + await db.insert(agentWakeupRequests).values({ + id: randomUUID(), + companyId, + agentId, + source: "automation", + triggerDetail: "system", + reason: "finish_successful_run_handoff", + payload: { + issueId, + sourceRunId: runId, + handoffRequired: true, + handoffReason: SUCCESSFUL_RUN_MISSING_STATE_REASON, + }, + status: "cancelled", + idempotencyKey, + requestedAt: new Date("2026-03-19T00:00:01.000Z"), + finishedAt: new Date("2026-03-19T00:00:02.000Z"), + updatedAt: new Date("2026-03-19T00:00:02.000Z"), + }); + mockAdapterExecute.mockImplementationOnce(async (ctx: { runId: string }) => { + await db.insert(issueComments).values({ + companyId, + issueId, + authorAgentId: agentId, + createdByRunId: ctx.runId, + body: "Implemented recovery handling, but did not choose a final issue state.", + }); + return { + exitCode: 0, + signal: null, + timedOut: false, + errorMessage: null, + summary: "Implemented recovery handling, but did not choose a final issue state.", + provider: "test", + model: "test-model", + }; + }); + const heartbeat = heartbeatService(db); + + await heartbeat.resumeQueuedRuns(); + await waitForRunToSettle(heartbeat, runId, 5_000); + + const handoffWakeups = await waitForValue(async () => { + const rows = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.idempotencyKey, idempotencyKey)); + const requeued = rows.filter((wakeup) => wakeup.reason === "finish_successful_run_handoff"); + return requeued.length > 1 ? requeued : null; + }, 5_000); + await waitForHeartbeatIdle(db, 5_000); + + expect(handoffWakeups).toHaveLength(2); + expect(handoffWakeups.filter((wakeup) => wakeup.status === "cancelled")).toHaveLength(1); + expect(handoffWakeups.some((wakeup) => wakeup.status !== "cancelled")).toBe(true); + }); + + it("queues one missing-disposition handoff for artifact-producing successful runs left in progress", async () => { + const { companyId, agentId, runId, issueId } = await seedQueuedIssueRunFixture(); + mockAdapterExecute.mockImplementationOnce(async (ctx: { runId: string }) => { + const documentId = randomUUID(); + const revisionId = randomUUID(); + await db.insert(issueComments).values({ + companyId, + issueId, + authorAgentId: agentId, + createdByRunId: ctx.runId, + body: "Drafted the Phase 3 test plan but did not choose a final issue disposition.", + }); + await db.insert(documents).values({ + id: documentId, + companyId, + title: "Regression test plan", + format: "markdown", + latestBody: "# Regression test plan\n\n- Cover artifact-producing successful runs", + latestRevisionId: revisionId, + latestRevisionNumber: 1, + createdByAgentId: agentId, + updatedByAgentId: agentId, + }); + await db.insert(documentRevisions).values({ + id: revisionId, + companyId, + documentId, + revisionNumber: 1, + title: "Regression test plan", + format: "markdown", + body: "# Regression test plan\n\n- Cover artifact-producing successful runs", + createdByAgentId: agentId, + createdByRunId: ctx.runId, + }); + await db.insert(issueDocuments).values({ + companyId, + issueId, + documentId, + key: "plan", + }); + await db.insert(issueWorkProducts).values({ + companyId, + issueId, + type: "report", + provider: "test", + externalId: "phase-3-report", + title: "Phase 3 regression notes", + status: "ready", + summary: "Successful run produced a visible artifact.", + createdByRunId: ctx.runId, + }); + return { + exitCode: 0, + signal: null, + timedOut: false, + errorMessage: null, + summary: "Created comments, a plan document, and a work product without choosing a disposition.", + provider: "test", + model: "test-model", + }; + }); + const heartbeat = heartbeatService(db); + + await heartbeat.resumeQueuedRuns(); + const settledRun = await waitForRunToSettle(heartbeat, runId, 5_000); + + const handoffWakeups = await waitForValue(async () => { + const rows = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.agentId, agentId)); + const matches = rows.filter((wakeup) => wakeup.reason === "finish_successful_run_handoff"); + return matches.length > 0 ? matches : null; + }, 5_000); + await waitForHeartbeatIdle(db, 5_000); + const classifiedRun = await db + .select() + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, runId)) + .then((rows) => rows[0] ?? null); + + expect(classifiedRun?.status ?? settledRun?.status).toBe("succeeded"); + expect(classifiedRun?.livenessState).toBe("advanced"); + expect(handoffWakeups).toHaveLength(1); + expect(handoffWakeups[0]?.idempotencyKey).toBe(`finish_successful_run_handoff:${issueId}:${runId}:1`); + + const issue = await db.select().from(issues).where(eq(issues.id, issueId)).then((rows) => rows[0] ?? null); + expect(issue?.status).toBe("in_progress"); + await expect(sourceBlockerIssueIds(companyId, issueId)).resolves.toEqual([]); + + const comments = await db.select().from(issueComments).where(eq(issueComments.issueId, issueId)); + expect(comments.filter((comment) => comment.body === SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY)).toHaveLength(1); + expect(comments.some((comment) => comment.body.startsWith("Drafted the Phase 3 test plan"))).toBe(true); + + const workProducts = await db.select().from(issueWorkProducts).where(eq(issueWorkProducts.issueId, issueId)); + expect(workProducts).toHaveLength(1); + const recoveryIssues = await db + .select() + .from(issues) + .where(and(eq(issues.companyId, companyId), eq(issues.originKind, "stranded_issue_recovery"))); + expect(recoveryIssues).toHaveLength(0); + }); + + it("redacts secret-bearing successful-run detected progress before handoff disclosure", async () => { + const { agentId, runId, issueId } = await seedQueuedIssueRunFixture(); + const bearerSecret = "live-bearer-token-value"; + const apiKeySecret = "sk-testsuccessfulhandoffsecret"; + const redactedDetectedSummary = redactDetectedSuccessfulRunProgressSummaryForBoard( + `Next action noted: Authorization: Bearer ${bearerSecret} OPENAI_API_KEY=${apiKeySecret}`, + { enabled: false }, + ); + expect(redactedDetectedSummary).toContain("***REDACTED***"); + expect(redactedDetectedSummary).not.toContain(bearerSecret); + expect(redactedDetectedSummary).not.toContain(apiKeySecret); + + mockAdapterExecute.mockResolvedValueOnce({ + exitCode: 0, + signal: null, + timedOut: false, + errorMessage: null, + summary: "Made progress but left the issue open.", + resultJson: { + message: `Next action: Authorization: Bearer ${bearerSecret} OPENAI_API_KEY=${apiKeySecret}`, + }, + provider: "test", + model: "test-model", + }); + const heartbeat = heartbeatService(db); + + await heartbeat.resumeQueuedRuns(); + await waitForRunToSettle(heartbeat, runId, 5_000); + + const handoffWakeups = await waitForValue(async () => { + const rows = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.agentId, agentId)); + const matches = rows.filter((wakeup) => wakeup.reason === "finish_successful_run_handoff"); + return matches.length > 0 ? matches : null; + }, 5_000); + await waitForHeartbeatIdle(db, 5_000); + + expect(handoffWakeups).toHaveLength(1); + const wakeupPayloadText = JSON.stringify(handoffWakeups[0]?.payload ?? {}); + expect(wakeupPayloadText).not.toContain(bearerSecret); + expect(wakeupPayloadText).not.toContain(apiKeySecret); + + const comments = await db.select().from(issueComments).where(eq(issueComments.issueId, issueId)); + const handoffComment = comments.find((comment) => comment.body === SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY); + expect(handoffComment).toBeTruthy(); + expect(handoffComment?.body).not.toContain(bearerSecret); + expect(handoffComment?.body).not.toContain(apiKeySecret); + expect(JSON.stringify(handoffComment?.metadata ?? {})).not.toContain(bearerSecret); + expect(JSON.stringify(handoffComment?.metadata ?? {})).not.toContain(apiKeySecret); + + const activity = await db + .select() + .from(activityLog) + .where(eq(activityLog.entityId, issueId)); + const handoffActivity = activity.find((event) => event.action === "issue.successful_run_handoff_required"); + expect(handoffActivity).toBeTruthy(); + const activityDetailsText = JSON.stringify(handoffActivity?.details ?? {}); + expect(activityDetailsText).not.toContain(bearerSecret); + expect(activityDetailsText).not.toContain(apiKeySecret); + }); + + it("escalates an exhausted failed successful-run handoff without using generic continuation recovery first", async () => { + const { companyId, agentId, runId, issueId } = await seedStrandedIssueFixture({ + status: "in_progress", + runStatus: "failed", + runErrorCode: "adapter_failed", + runError: "Authorization: Bearer sk-test-successful-handoff-secret", + }); + const sourceRunId = randomUUID(); + await db + .update(heartbeatRuns) + .set({ + contextSnapshot: { + issueId, + taskId: issueId, + wakeReason: "finish_successful_run_handoff", + sourceRunId, + resumeFromRunId: sourceRunId, + handoffRequired: true, + handoffReason: "successful_run_missing_state", + missingDisposition: "clear_next_step", + handoffAttempt: 1, + maxHandoffAttempts: 1, + }, + }) + .where(eq(heartbeatRuns.id, runId)); + const heartbeat = heartbeatService(db); + + const result = await heartbeat.reconcileStrandedAssignedIssues(); + expect(result.continuationRequeued).toBe(0); + expect(result.escalated).toBe(0); + expect(result.successfulRunHandoffEscalated).toBe(1); + expect(result.issueIds).toEqual([issueId]); + + const recovery = await waitForValue(async () => + db.select().from(issues).where( + and( + eq(issues.companyId, companyId), + eq(issues.originKind, "stranded_issue_recovery"), + eq(issues.originId, issueId), + ), + ).then((rows) => rows[0] ?? null), + ); + expect(recovery?.assigneeAgentId).toBe(agentId); + expect(recovery?.title).toContain("Recover missing next step"); + expect(recovery?.description).toContain("Normalized cause: `successful_run_missing_state`"); + expect(recovery?.description).toContain("not a runtime/adapter crash report"); + expect(recovery?.description).toContain(`Source run: [\`${sourceRunId}\`]`); + expect(recovery?.description).toContain("Missing disposition: `clear_next_step`"); + expect(recovery?.description).toContain("Source assignee: [CodexCoder]"); + expect(recovery?.description).not.toContain("sk-test-successful-handoff-secret"); + + const sourceIssue = await db.select().from(issues).where(eq(issues.id, issueId)).then((rows) => rows[0] ?? null); + expect(sourceIssue?.status).toBe("blocked"); + await expect(sourceBlockerIssueIds(companyId, issueId)).resolves.toEqual([recovery?.id]); + + const comments = await db.select().from(issueComments).where(eq(issueComments.issueId, issueId)); + expect(comments[0]?.body).toBe(SUCCESSFUL_RUN_HANDOFF_EXHAUSTED_NOTICE_BODY); + expect(comments[0]?.authorType).toBe("system"); + expect(comments[0]?.presentation).toMatchObject({ + kind: "system_notice", + tone: "danger", + detailsDefaultOpen: false, + }); + expect(comments[0]?.metadata).toMatchObject({ + version: 1, + sections: expect.arrayContaining([ + expect.objectContaining({ + title: "Recovery owner", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "issue_link", identifier: recovery?.identifier }), + expect.objectContaining({ type: "agent_link", label: "Recovery owner", name: "CodexCoder" }), + ]), + }), + expect.objectContaining({ + title: "Run evidence", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "key_value", label: "Normalized cause", value: SUCCESSFUL_RUN_MISSING_STATE_REASON }), + expect.objectContaining({ type: "key_value", label: "Missing disposition", value: "clear_next_step" }), + ]), + }), + ]), + }); + expect(comments[0]?.body).not.toContain("sk-test-successful-handoff-secret"); + expect(JSON.stringify(comments[0]?.metadata ?? {})).not.toContain("sk-test-successful-handoff-secret"); + + const activity = await db.select().from(activityLog).where(eq(activityLog.entityId, issueId)); + expect(activity.some((event) => event.action === "issue.successful_run_handoff_escalated")).toBe(true); + }); + + it("escalates an exhausted successful handoff run that still leaves no disposition", async () => { + const { companyId, runId, issueId } = await seedStrandedIssueFixture({ + status: "in_progress", + runStatus: "succeeded", + livenessState: "advanced", + }); + const sourceRunId = randomUUID(); + await db + .update(heartbeatRuns) + .set({ + contextSnapshot: { + issueId, + taskId: issueId, + wakeReason: "finish_successful_run_handoff", + sourceRunId, + resumeFromRunId: sourceRunId, + handoffRequired: true, + handoffReason: "successful_run_missing_state", + missingDisposition: "clear_next_step", + handoffAttempt: 1, + maxHandoffAttempts: 1, + }, + }) + .where(eq(heartbeatRuns.id, runId)); + const heartbeat = heartbeatService(db); + + const result = await heartbeat.reconcileStrandedAssignedIssues(); + expect(result.continuationRequeued).toBe(0); + expect(result.successfulContinuationObserved).toBe(0); + expect(result.successfulRunHandoffEscalated).toBe(1); + + const recovery = await waitForValue(async () => + db.select().from(issues).where( + and( + eq(issues.companyId, companyId), + eq(issues.originKind, "stranded_issue_recovery"), + eq(issues.originId, issueId), + ), + ).then((rows) => rows[0] ?? null), + ); + expect(recovery?.description).toContain("Latest handoff run status: `succeeded`"); + expect(recovery?.description).toContain("Suggested"); + }); + it("clears the detached warning when the run reports activity again", async () => { const { runId } = await seedRunFixture({ includeIssue: false, @@ -1315,6 +1774,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { payload: expect.objectContaining({ issueId, mutation: "assigned_todo_liveness_dispatch", + modelProfile: "cheap", }), }); @@ -1326,6 +1786,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { taskId: issueId, wakeReason: "issue_assigned", source: "issue.assigned_todo_liveness_dispatch", + modelProfile: "cheap", }); expect((runs[0]?.contextSnapshot as Record)?.retryReason).toBeUndefined(); @@ -1433,6 +1894,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { payload: expect.objectContaining({ issueId: unblocked.issueId, mutation: "assigned_todo_liveness_dispatch", + modelProfile: "cheap", }), }); const unblockedRuns = await db @@ -1486,6 +1948,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { const retryRun = runs.find((row) => row.id !== runId); expect(retryRun?.id).toBeTruthy(); expect((retryRun?.contextSnapshot as Record)?.retryReason).toBe("assignment_recovery"); + expect(retryRun?.contextSnapshot).toMatchObject({ modelProfile: "cheap" }); if (retryRun) { await waitForRunToSettle(heartbeat, retryRun.id); } @@ -1524,6 +1987,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { retryReason: "issue_continuation_needed", retryOfRunId: runId, source: "issue.continuation_recovery", + modelProfile: "cheap", }); const recoveries = await db @@ -1575,6 +2039,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { const retryRun = runs.find((row) => row.id !== runId); expect((retryRun?.contextSnapshot as Record)?.retryReason).toBe("assignment_recovery"); + expect(retryRun?.contextSnapshot).toMatchObject({ modelProfile: "cheap" }); if (retryRun) { await waitForRunToSettle(heartbeat, retryRun.id); } @@ -1615,6 +2080,83 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { expect(comments[0]?.body).toContain(`Recovery issue: [${recovery.identifier}]`); }); + it("blocks an already stranded recovery issue without creating a recovery child", async () => { + const { companyId, issueId } = await seedStrandedIssueFixture({ + status: "todo", + runStatus: "failed", + retryReason: "assignment_recovery", + }); + const sourceIssueId = randomUUID(); + const sourceRunId = randomUUID(); + const issuePrefix = `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`; + + await db.insert(issues).values({ + id: sourceIssueId, + companyId, + title: "Original source issue", + status: "blocked", + priority: "medium", + issueNumber: 2, + identifier: `${issuePrefix}-2`, + }); + await db + .update(issues) + .set({ + title: "Recover stalled issue from previous adapter failure", + parentId: sourceIssueId, + originKind: "stranded_issue_recovery", + originId: sourceIssueId, + originRunId: sourceRunId, + originFingerprint: [ + "stranded_issue_recovery", + companyId, + sourceIssueId, + sourceRunId, + ].join(":"), + }) + .where(eq(issues.id, issueId)); + const heartbeat = heartbeatService(db); + + const result = await heartbeat.reconcileStrandedAssignedIssues(); + expect(result.dispatchRequeued).toBe(0); + expect(result.escalated).toBe(1); + expect(result.issueIds).toEqual([issueId]); + + const recoveryIssues = await db + .select() + .from(issues) + .where(and(eq(issues.companyId, companyId), eq(issues.originKind, "stranded_issue_recovery"))); + expect(recoveryIssues).toHaveLength(1); + expect(recoveryIssues[0]).toMatchObject({ + id: issueId, + status: "blocked", + parentId: sourceIssueId, + originId: sourceIssueId, + originRunId: sourceRunId, + }); + expect(recoveryIssues[0]?.checkoutRunId).toBeNull(); + expect(recoveryIssues[0]?.executionRunId).toBeNull(); + + const blockerRelations = await db + .select() + .from(issueRelations) + .where( + and( + eq(issueRelations.companyId, companyId), + eq(issueRelations.relatedIssueId, issueId), + eq(issueRelations.type, "blocks"), + ), + ); + expect(blockerRelations).toHaveLength(0); + + const comments = await db.select().from(issueComments).where(eq(issueComments.issueId, issueId)); + expect(comments).toHaveLength(1); + expect(comments[0]?.body).toContain("stopped automatic stranded-work recovery"); + expect(comments[0]?.body).toContain("recovery issues do not create nested `stranded_issue_recovery` issues"); + expect(comments[0]?.body).toContain(`Recovery issue: [${recoveryIssues[0]?.identifier}]`); + expect(comments[0]?.body).toContain("Next action:"); + }); + it("assigns open unassigned blockers back to their creator agent", async () => { const companyId = randomUUID(); const creatorAgentId = randomUUID(); @@ -1738,6 +2280,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { const retryRun = runs.find((row) => row.id !== runId); expect(retryRun?.id).toBeTruthy(); expect((retryRun?.contextSnapshot as Record)?.retryReason).toBe("issue_continuation_needed"); + expect(retryRun?.contextSnapshot).toMatchObject({ modelProfile: "cheap" }); if (retryRun) { await waitForRunToSettle(heartbeat, retryRun.id); } @@ -2215,6 +2758,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { retryReason: "issue_continuation_needed", retryOfRunId: runId, source: "issue.productive_terminal_continuation_recovery", + modelProfile: "cheap", }); const wakeups = await db.select().from(agentWakeupRequests).where(eq(agentWakeupRequests.agentId, agentId)); @@ -2281,6 +2825,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { retryReason: "issue_continuation_needed", retryOfRunId: runId, source: "issue.productive_terminal_continuation_recovery", + modelProfile: "cheap", }); }); @@ -2336,6 +2881,7 @@ describeEmbeddedPostgres("heartbeat orphaned process recovery", () => { retryReason: "issue_continuation_needed", retryOfRunId: runId, source: "issue.productive_terminal_continuation_recovery", + modelProfile: "cheap", }); }); diff --git a/server/src/__tests__/heartbeat-project-env.test.ts b/server/src/__tests__/heartbeat-project-env.test.ts index 8490b04e..55653be3 100644 --- a/server/src/__tests__/heartbeat-project-env.test.ts +++ b/server/src/__tests__/heartbeat-project-env.test.ts @@ -17,6 +17,17 @@ describe("resolveExecutionRunAdapterConfig", () => { other: "value", }, secretKeys: new Set(["AGENT_SECRET"]), + manifest: [ + { + configPath: "env.AGENT_SECRET", + envKey: "AGENT_SECRET", + secretId: "secret-agent", + secretKey: "agent-secret", + version: 1, + provider: "local_encrypted", + outcome: "success", + }, + ], }); const resolveEnvBindings = vi.fn().mockResolvedValue({ env: { @@ -24,6 +35,17 @@ describe("resolveExecutionRunAdapterConfig", () => { PROJECT_ONLY: "project-only", }, secretKeys: new Set(["PROJECT_SECRET"]), + manifest: [ + { + configPath: "env.PROJECT_SECRET", + envKey: "PROJECT_SECRET", + secretId: "secret-project", + secretKey: "project-secret", + version: 1, + provider: "local_encrypted", + outcome: "success", + }, + ], }); const result = await resolveExecutionRunAdapterConfig({ @@ -45,12 +67,19 @@ describe("resolveExecutionRunAdapterConfig", () => { }, }); expect(Array.from(result.secretKeys).sort()).toEqual(["AGENT_SECRET", "PROJECT_SECRET"]); + expect(result.secretManifest.map((entry) => entry.secretId).sort()).toEqual([ + "secret-agent", + "secret-project", + ]); + expect(JSON.stringify(result.secretManifest)).not.toContain("agent-only"); + expect(JSON.stringify(result.secretManifest)).not.toContain("project-only"); }); it("skips project env resolution when the project has no bindings", async () => { const resolveAdapterConfigForRuntime = vi.fn().mockResolvedValue({ config: { env: { AGENT_ONLY: "agent-only" } }, secretKeys: new Set(), + manifest: [], }); const resolveEnvBindings = vi.fn(); @@ -65,6 +94,7 @@ describe("resolveExecutionRunAdapterConfig", () => { }); expect(result.resolvedConfig.env).toEqual({ AGENT_ONLY: "agent-only" }); + expect(result.secretManifest).toEqual([]); expect(resolveEnvBindings).not.toHaveBeenCalled(); }); }); diff --git a/server/src/__tests__/heartbeat-retry-scheduling.test.ts b/server/src/__tests__/heartbeat-retry-scheduling.test.ts index 9999c05e..e193dd3c 100644 --- a/server/src/__tests__/heartbeat-retry-scheduling.test.ts +++ b/server/src/__tests__/heartbeat-retry-scheduling.test.ts @@ -1,15 +1,17 @@ import { randomUUID } from "node:crypto"; -import { eq, sql } from "drizzle-orm"; +import { and, eq, sql } from "drizzle-orm"; import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; import { agents, agentRuntimeState, agentWakeupRequests, + budgetPolicies, companies, createDb, environmentLeases, heartbeatRunEvents, heartbeatRuns, + issueRelations, issues, } from "@paperclipai/db"; import { @@ -18,6 +20,8 @@ import { } from "./helpers/embedded-postgres.js"; import { BOUNDED_TRANSIENT_HEARTBEAT_RETRY_DELAYS_MS, + MAX_TURN_CONTINUATION_RETRY_REASON, + MAX_TURN_CONTINUATION_WAKE_REASON, heartbeatService, } from "../services/heartbeat.ts"; @@ -44,10 +48,12 @@ describeEmbeddedPostgres("heartbeat bounded retry scheduling", () => { afterEach(async () => { await db.delete(heartbeatRunEvents); await db.delete(environmentLeases); + await db.delete(issueRelations); await db.delete(issues); await db.delete(heartbeatRuns); await db.delete(agentWakeupRequests); await db.delete(agentRuntimeState); + await db.delete(budgetPolicies); await db.delete(agents); await db.delete(companies); }); @@ -124,6 +130,92 @@ describeEmbeddedPostgres("heartbeat bounded retry scheduling", () => { }); } + async function seedMaxTurnFixture(input?: { + companyId?: string; + agentId?: string; + issueId?: string; + runId?: string; + now?: Date; + scheduledRetryAttempt?: number; + runtimeConfig?: Record; + issueStatus?: string; + }) { + const companyId = input?.companyId ?? randomUUID(); + const agentId = input?.agentId ?? randomUUID(); + const issueId = input?.issueId ?? randomUUID(); + const runId = input?.runId ?? randomUUID(); + const now = input?.now ?? new Date("2026-04-20T12:00:00.000Z"); + const issuePrefix = `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`; + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix, + requireBoardApprovalForNewAgents: false, + }); + + await db.insert(agents).values({ + id: agentId, + companyId, + name: "ClaudeCoder", + role: "engineer", + status: "active", + adapterType: "claude_local", + adapterConfig: {}, + runtimeConfig: input?.runtimeConfig ?? { + heartbeat: { + wakeOnDemand: true, + maxConcurrentRuns: 1, + maxTurnContinuation: { + enabled: true, + maxAttempts: 2, + delayMs: 1_000, + }, + }, + }, + permissions: {}, + }); + + await db.insert(heartbeatRuns).values({ + id: runId, + companyId, + agentId, + invocationSource: "assignment", + triggerDetail: "system", + status: "failed", + error: "Maximum turns reached", + errorCode: "adapter_failed", + finishedAt: now, + scheduledRetryAttempt: input?.scheduledRetryAttempt ?? 0, + scheduledRetryReason: input?.scheduledRetryAttempt ? MAX_TURN_CONTINUATION_RETRY_REASON : null, + resultJson: { + stopReason: "max_turns_exhausted", + }, + contextSnapshot: { + issueId, + wakeReason: "issue_assigned", + }, + updatedAt: now, + createdAt: now, + }); + + await db.insert(issues).values({ + id: issueId, + companyId, + title: "Continue after max turns", + status: input?.issueStatus ?? "in_progress", + priority: "medium", + assigneeAgentId: agentId, + executionRunId: runId, + executionAgentNameKey: "claudecoder", + executionLockedAt: now, + issueNumber: 1, + identifier: `${issuePrefix}-1`, + }); + + return { companyId, agentId, issueId, runId, now }; + } + it("schedules a retry with durable metadata and only promotes it when due", async () => { const companyId = randomUUID(); const agentId = randomUUID(); @@ -194,6 +286,7 @@ describeEmbeddedPostgres("heartbeat bounded retry scheduling", () => { retryOfRunId: sourceRunId, scheduledRetryAttempt: 1, scheduledRetryReason: "transient_failure", + contextSnapshot: expect.objectContaining({ modelProfile: "cheap" }), }); expect(retryRun?.scheduledRetryAt?.toISOString()).toBe(expectedDueAt.toISOString()); @@ -218,6 +311,416 @@ describeEmbeddedPostgres("heartbeat bounded retry scheduling", () => { expect(promotedRun?.status).toBe("queued"); }); + it("schedules max-turn continuations with distinct retry metadata", async () => { + const { runId, now } = await seedMaxTurnFixture(); + + const scheduled = await heartbeat.scheduleBoundedRetry(runId, { + now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }); + + expect(scheduled.outcome).toBe("scheduled"); + if (scheduled.outcome !== "scheduled") return; + expect(scheduled.attempt).toBe(1); + expect(scheduled.dueAt.toISOString()).toBe(new Date(now.getTime() + 1_000).toISOString()); + + const retryRun = await db + .select({ + retryOfRunId: heartbeatRuns.retryOfRunId, + status: heartbeatRuns.status, + scheduledRetryAttempt: heartbeatRuns.scheduledRetryAttempt, + scheduledRetryReason: heartbeatRuns.scheduledRetryReason, + contextSnapshot: heartbeatRuns.contextSnapshot, + wakeupRequestId: heartbeatRuns.wakeupRequestId, + }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, scheduled.run.id)) + .then((rows) => rows[0] ?? null); + + expect(retryRun).toMatchObject({ + retryOfRunId: runId, + status: "scheduled_retry", + scheduledRetryAttempt: 1, + scheduledRetryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + }); + expect((retryRun?.contextSnapshot as Record | null)?.wakeReason).toBe( + MAX_TURN_CONTINUATION_WAKE_REASON, + ); + expect((retryRun?.contextSnapshot as Record | null)?.codexTransientFallbackMode ?? null).toBeNull(); + + const wakeupRequest = await db + .select({ reason: agentWakeupRequests.reason, payload: agentWakeupRequests.payload }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, retryRun?.wakeupRequestId ?? "")) + .then((rows) => rows[0] ?? null); + expect(wakeupRequest?.reason).toBe(MAX_TURN_CONTINUATION_WAKE_REASON); + expect(wakeupRequest?.payload).toMatchObject({ + retryOfRunId: runId, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + scheduledRetryAttempt: 1, + }); + }); + + it("coalesces duplicate max-turn continuation schedules for the same source run and attempt", async () => { + const { issueId, runId, now } = await seedMaxTurnFixture(); + const retryOptions = { + now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }; + + const [first, second] = await Promise.all([ + heartbeat.scheduleBoundedRetry(runId, retryOptions), + heartbeat.scheduleBoundedRetry(runId, retryOptions), + ]); + + expect(first.outcome).toBe("scheduled"); + expect(second.outcome).toBe("scheduled"); + if (first.outcome !== "scheduled" || second.outcome !== "scheduled") return; + + expect(new Set([first.run.id, second.run.id]).size).toBe(1); + + const retryRuns = await db + .select({ + id: heartbeatRuns.id, + wakeupRequestId: heartbeatRuns.wakeupRequestId, + }) + .from(heartbeatRuns) + .where( + and( + eq(heartbeatRuns.retryOfRunId, runId), + eq(heartbeatRuns.scheduledRetryReason, MAX_TURN_CONTINUATION_RETRY_REASON), + eq(heartbeatRuns.scheduledRetryAttempt, 1), + ), + ); + expect(retryRuns).toHaveLength(1); + + const wakeups = await db + .select({ + id: agentWakeupRequests.id, + coalescedCount: agentWakeupRequests.coalescedCount, + idempotencyKey: agentWakeupRequests.idempotencyKey, + }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.reason, MAX_TURN_CONTINUATION_WAKE_REASON)); + expect(wakeups).toHaveLength(1); + expect(wakeups[0]).toMatchObject({ + id: retryRuns[0]?.wakeupRequestId, + coalescedCount: 1, + }); + expect(wakeups[0]?.idempotencyKey).toContain(`:${issueId}:${runId}:1`); + + const issue = await db + .select({ executionRunId: issues.executionRunId }) + .from(issues) + .where(eq(issues.id, issueId)) + .then((rows) => rows[0] ?? null); + expect(issue?.executionRunId).toBe(retryRuns[0]?.id); + }); + + it("does not promote a duplicate max-turn continuation that does not own the issue lock", async () => { + const { companyId, agentId, issueId, runId, now } = await seedMaxTurnFixture(); + + const scheduled = await heartbeat.scheduleBoundedRetry(runId, { + now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }); + expect(scheduled.outcome).toBe("scheduled"); + if (scheduled.outcome !== "scheduled") return; + + const duplicateWakeupId = randomUUID(); + const duplicateRunId = randomUUID(); + await db.insert(agentWakeupRequests).values({ + id: duplicateWakeupId, + companyId, + agentId, + source: "automation", + triggerDetail: "system", + reason: MAX_TURN_CONTINUATION_WAKE_REASON, + payload: { + issueId, + retryOfRunId: runId, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + scheduledRetryAttempt: 1, + }, + status: "queued", + requestedByActorType: "system", + }); + await db.insert(heartbeatRuns).values({ + id: duplicateRunId, + companyId, + agentId, + invocationSource: "automation", + triggerDetail: "system", + status: "scheduled_retry", + wakeupRequestId: duplicateWakeupId, + retryOfRunId: runId, + scheduledRetryAt: scheduled.dueAt, + scheduledRetryAttempt: 1, + scheduledRetryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + contextSnapshot: { + issueId, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + }, + }); + await db + .update(agentWakeupRequests) + .set({ runId: duplicateRunId }) + .where(eq(agentWakeupRequests.id, duplicateWakeupId)); + + const promotion = await heartbeat.promoteDueScheduledRetries(scheduled.dueAt); + expect(promotion).toEqual({ promoted: 1, runIds: [scheduled.run.id] }); + + const duplicate = await db + .select({ + status: heartbeatRuns.status, + errorCode: heartbeatRuns.errorCode, + }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, duplicateRunId)) + .then((rows) => rows[0] ?? null); + expect(duplicate).toEqual({ + status: "cancelled", + errorCode: "issue_execution_lock_changed", + }); + + const duplicateWakeup = await db + .select({ status: agentWakeupRequests.status }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, duplicateWakeupId)) + .then((rows) => rows[0] ?? null); + expect(duplicateWakeup?.status).toBe("cancelled"); + }); + + it.each(["blocked", "todo", "backlog"] as const)( + "does not schedule a max-turn continuation when the issue is already %s", + async (issueStatus) => { + const { issueId, runId, now } = await seedMaxTurnFixture({ issueStatus }); + + const scheduled = await heartbeat.scheduleBoundedRetry(runId, { + now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }); + + expect(scheduled).toMatchObject({ + outcome: "not_scheduled", + errorCode: "issue_not_in_progress", + issueId, + }); + + const retryRuns = await db + .select({ count: sql`count(*)::int` }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.retryOfRunId, runId)) + .then((rows) => rows[0]?.count ?? 0); + expect(retryRuns).toBe(0); + }, + ); + + it.each(["blocked", "todo", "backlog"] as const)( + "cancels a due max-turn continuation when the issue moves to %s before retry promotion", + async (issueStatus) => { + const { issueId, runId, now } = await seedMaxTurnFixture(); + + const scheduled = await heartbeat.scheduleBoundedRetry(runId, { + now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }); + expect(scheduled.outcome).toBe("scheduled"); + if (scheduled.outcome !== "scheduled") return; + + await db.update(issues).set({ + status: issueStatus, + updatedAt: new Date(now.getTime() + 500), + }).where(eq(issues.id, issueId)); + + const promotion = await heartbeat.promoteDueScheduledRetries(scheduled.dueAt); + expect(promotion).toEqual({ promoted: 0, runIds: [] }); + + const retryRun = await db + .select({ + status: heartbeatRuns.status, + errorCode: heartbeatRuns.errorCode, + wakeupRequestId: heartbeatRuns.wakeupRequestId, + }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, scheduled.run.id)) + .then((rows) => rows[0] ?? null); + expect(retryRun).toMatchObject({ + status: "cancelled", + errorCode: "issue_not_in_progress", + }); + + const wakeupRequest = await db + .select({ status: agentWakeupRequests.status }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, retryRun?.wakeupRequestId ?? "")) + .then((rows) => rows[0] ?? null); + expect(wakeupRequest?.status).toBe("cancelled"); + + const issue = await db + .select({ + executionRunId: issues.executionRunId, + executionAgentNameKey: issues.executionAgentNameKey, + executionLockedAt: issues.executionLockedAt, + }) + .from(issues) + .where(eq(issues.id, issueId)) + .then((rows) => rows[0] ?? null); + expect(issue).toEqual({ + executionRunId: null, + executionAgentNameKey: null, + executionLockedAt: null, + }); + + const event = await db + .select({ + message: heartbeatRunEvents.message, + payload: heartbeatRunEvents.payload, + }) + .from(heartbeatRunEvents) + .where(eq(heartbeatRunEvents.runId, scheduled.run.id)) + .orderBy(sql`${heartbeatRunEvents.seq} desc`) + .then((rows) => rows[0] ?? null); + expect(event?.message).toContain("no longer in_progress"); + expect(event?.payload).toMatchObject({ + currentStatus: issueStatus, + requiredStatus: "in_progress", + scheduledRetryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + }); + }, + ); + + it("does not queue max-turn continuations after the configured cap", async () => { + const { runId, now } = await seedMaxTurnFixture({ scheduledRetryAttempt: 2 }); + + const exhausted = await heartbeat.scheduleBoundedRetry(runId, { + now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }); + + expect(exhausted).toEqual({ + outcome: "retry_exhausted", + attempt: 3, + maxAttempts: 2, + }); + + const runCount = await db + .select({ count: sql`count(*)::int` }) + .from(heartbeatRuns) + .then((rows) => rows[0]?.count ?? 0); + expect(runCount).toBe(1); + + const exhaustionEvent = await db + .select({ message: heartbeatRunEvents.message, payload: heartbeatRunEvents.payload }) + .from(heartbeatRunEvents) + .where(eq(heartbeatRunEvents.runId, runId)) + .orderBy(sql`${heartbeatRunEvents.id} desc`) + .then((rows) => rows[0] ?? null); + expect(exhaustionEvent?.message).toContain("Bounded retry exhausted"); + expect(exhaustionEvent?.payload).toMatchObject({ + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + maxAttempts: 2, + }); + }); + + it("suppresses max-turn continuation scheduling when budget or dependencies block the issue", async () => { + const budgetBlocked = await seedMaxTurnFixture({ now: new Date("2026-04-20T16:00:00.000Z") }); + await db.insert(budgetPolicies).values({ + companyId: budgetBlocked.companyId, + scopeType: "agent", + scopeId: budgetBlocked.agentId, + windowKind: "monthly", + metric: "billed_cents", + amount: 0, + hardStopEnabled: true, + isActive: true, + }); + await db + .update(agents) + .set({ status: "paused", pauseReason: "budget" }) + .where(eq(agents.id, budgetBlocked.agentId)); + + const budgetResult = await heartbeat.scheduleBoundedRetry(budgetBlocked.runId, { + now: budgetBlocked.now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }); + expect(budgetResult).toMatchObject({ + outcome: "not_scheduled", + errorCode: "budget_blocked", + issueId: budgetBlocked.issueId, + }); + + await db.delete(budgetPolicies); + await db.delete(issueRelations); + await db.delete(issues); + await db.delete(heartbeatRunEvents); + await db.delete(heartbeatRuns); + await db.delete(agentWakeupRequests); + await db.delete(agentRuntimeState); + await db.delete(agents); + await db.delete(companies); + + const dependencyBlocked = await seedMaxTurnFixture({ now: new Date("2026-04-20T17:00:00.000Z") }); + const blockerId = randomUUID(); + await db.insert(issues).values({ + id: blockerId, + companyId: dependencyBlocked.companyId, + title: "Blocker", + status: "todo", + priority: "medium", + issueNumber: 2, + identifier: `T${dependencyBlocked.companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}-2`, + }); + await db.insert(issueRelations).values({ + companyId: dependencyBlocked.companyId, + issueId: blockerId, + relatedIssueId: dependencyBlocked.issueId, + type: "blocks", + }); + + const dependencyResult = await heartbeat.scheduleBoundedRetry(dependencyBlocked.runId, { + now: dependencyBlocked.now, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: 2, + delayMs: 1_000, + }); + expect(dependencyResult).toMatchObject({ + outcome: "not_scheduled", + errorCode: "issue_dependencies_blocked", + issueId: dependencyBlocked.issueId, + }); + + const retryRuns = await db + .select({ count: sql`count(*)::int` }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.retryOfRunId, dependencyBlocked.runId)) + .then((rows) => rows[0]?.count ?? 0); + expect(retryRuns).toBe(0); + }); + it("does not defer a new assignee behind the previous assignee's scheduled retry", async () => { const companyId = randomUUID(); const oldAgentId = randomUUID(); diff --git a/server/src/__tests__/heartbeat-stale-queue-invalidation.test.ts b/server/src/__tests__/heartbeat-stale-queue-invalidation.test.ts index 6c7d85dc..f55ffb9e 100644 --- a/server/src/__tests__/heartbeat-stale-queue-invalidation.test.ts +++ b/server/src/__tests__/heartbeat-stale-queue-invalidation.test.ts @@ -19,11 +19,16 @@ import { issueTreeHolds, issues, } from "@paperclipai/db"; +import { ISSUE_CONTINUATION_SUMMARY_DOCUMENT_KEY } from "@paperclipai/shared"; import { getEmbeddedPostgresTestSupport, startEmbeddedPostgresTestDatabase, } from "./helpers/embedded-postgres.js"; -import { heartbeatService } from "../services/heartbeat.ts"; +import { + MAX_TURN_CONTINUATION_RETRY_REASON, + MAX_TURN_CONTINUATION_WAKE_REASON, + heartbeatService, +} from "../services/heartbeat.ts"; import { runningProcesses } from "../adapters/index.ts"; const mockAdapterExecute = vi.hoisted(() => @@ -83,6 +88,40 @@ async function waitForCondition(fn: () => Promise, timeoutMs = 3_000) { return fn(); } +async function cleanupHeartbeatInvalidationFixture(db: ReturnType) { + for (let attempt = 0; attempt < 5; attempt += 1) { + try { + await db.delete(companySkills); + await db.delete(issueComments); + await db.delete(issueDocuments); + await db.delete(documentRevisions); + await db.delete(documents); + await db.delete(issueRelations); + await db.delete(issueTreeHolds); + await db.delete(issues); + await db.delete(heartbeatRunEvents); + await db.delete(activityLog); + await db.delete(heartbeatRuns); + await db.delete(agentWakeupRequests); + await db.delete(agentRuntimeState); + await db.delete(agents); + await db.delete(companies); + return; + } catch (error) { + const isLateCommentRace = + error instanceof Error && + error.message.includes("issue_comments_issue_id_issues_id_fk"); + if (!isLateCommentRace || attempt === 4) { + throw error; + } + + // Heartbeat completion can write issue-thread comments shortly after the + // run leaves queued/running. Retry the dependent deletes once those land. + await new Promise((resolve) => setTimeout(resolve, 50)); + } + } +} + type SeedOptions = { agentName?: string; agentRole?: string; @@ -99,6 +138,9 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { let heartbeat!: ReturnType; let tempDb: Awaited> | null = null; + const countExecuteCallsForRun = (runId: string) => + mockAdapterExecute.mock.calls.filter(([context]) => context?.runId === runId).length; + beforeAll(async () => { tempDb = await startEmbeddedPostgresTestDatabase("paperclip-heartbeat-stale-queue-"); db = createDb(tempDb.connectionString); @@ -133,21 +175,7 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { await new Promise((resolve) => setTimeout(resolve, 50)); } await new Promise((resolve) => setTimeout(resolve, 50)); - await db.delete(companySkills); - await db.delete(issueComments); - await db.delete(issueDocuments); - await db.delete(documentRevisions); - await db.delete(documents); - await db.delete(issueRelations); - await db.delete(issueTreeHolds); - await db.delete(issues); - await db.delete(heartbeatRunEvents); - await db.delete(activityLog); - await db.delete(heartbeatRuns); - await db.delete(agentWakeupRequests); - await db.delete(agentRuntimeState); - await db.delete(agents); - await db.delete(companies); + await cleanupHeartbeatInvalidationFixture(db); }); afterAll(async () => { @@ -189,6 +217,7 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { wakeReason: string; contextExtras?: Record; invocationSource?: "assignment" | "automation"; + scheduledRetryReason?: string | null; }) { const wakeupRequestId = randomUUID(); const runId = randomUUID(); @@ -210,6 +239,7 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { triggerDetail: "system", status: "queued", wakeupRequestId, + scheduledRetryReason: input.scheduledRetryReason ?? null, contextSnapshot: { issueId: input.issueId, wakeReason: input.wakeReason, @@ -223,6 +253,43 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { return { runId, wakeupRequestId }; } + async function seedContinuationSummary(input: { + companyId: string; + issueId: string; + agentId: string; + body: string; + }) { + const documentId = randomUUID(); + const revisionId = randomUUID(); + await db.insert(documents).values({ + id: documentId, + companyId: input.companyId, + title: "Continuation Summary", + format: "markdown", + latestBody: input.body, + latestRevisionId: revisionId, + latestRevisionNumber: 1, + createdByAgentId: input.agentId, + updatedByAgentId: input.agentId, + }); + await db.insert(documentRevisions).values({ + id: revisionId, + companyId: input.companyId, + documentId, + revisionNumber: 1, + title: "Continuation Summary", + format: "markdown", + body: input.body, + createdByAgentId: input.agentId, + }); + await db.insert(issueDocuments).values({ + companyId: input.companyId, + issueId: input.issueId, + documentId, + key: ISSUE_CONTINUATION_SUMMARY_DOCUMENT_KEY, + }); + } + it("cancels queued runs when the issue assignee changes before the run starts", async () => { const { companyId, agentId } = await seedCompanyAndAgent({ agentName: "OriginalCoder" }); const replacementAgentId = randomUUID(); @@ -293,7 +360,7 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { expect(run?.resultJson).toMatchObject({ stopReason: "issue_assignee_changed" }); expect(wakeup?.status).toBe("skipped"); expect(wakeup?.error).toContain("assignee changed"); - expect(mockAdapterExecute).not.toHaveBeenCalled(); + expect(countExecuteCallsForRun(runId)).toBe(0); }); it("cancels queued runs when the issue reaches a terminal status before the run starts", async () => { @@ -342,7 +409,155 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { expect(run?.status).toBe("cancelled"); expect(run?.errorCode).toBe("issue_terminal_status"); expect(wakeup?.status).toBe("skipped"); - expect(mockAdapterExecute).not.toHaveBeenCalled(); + expect(countExecuteCallsForRun(runId)).toBe(0); + }); + + it("cancels queued max-turn continuations when the issue is no longer in_progress before the run starts", async () => { + const { companyId, agentId } = await seedCompanyAndAgent(); + const issueId = randomUUID(); + await db.insert(issues).values({ + id: issueId, + companyId, + title: "Parked max-turn continuation", + status: "blocked", + priority: "medium", + assigneeAgentId: agentId, + }); + + const { runId, wakeupRequestId } = await seedQueuedRun({ + companyId, + agentId, + issueId, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + invocationSource: "automation", + scheduledRetryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + contextExtras: { + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + }, + }); + + await heartbeat.resumeQueuedRuns(); + + await waitForCondition(async () => { + const run = await db + .select({ status: heartbeatRuns.status }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, runId)) + .then((rows) => rows[0] ?? null); + return run?.status === "cancelled"; + }); + + const [run, wakeup] = await Promise.all([ + db + .select({ + status: heartbeatRuns.status, + errorCode: heartbeatRuns.errorCode, + resultJson: heartbeatRuns.resultJson, + }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, runId)) + .then((rows) => rows[0] ?? null), + db + .select({ status: agentWakeupRequests.status, error: agentWakeupRequests.error }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, wakeupRequestId)) + .then((rows) => rows[0] ?? null), + ]); + + expect(run?.status).toBe("cancelled"); + expect(run?.errorCode).toBe("issue_not_in_progress"); + expect(run?.resultJson).toMatchObject({ stopReason: "issue_not_in_progress" }); + expect(wakeup?.status).toBe("skipped"); + expect(wakeup?.error).toContain("no longer in_progress"); + expect(countExecuteCallsForRun(runId)).toBe(0); + }); + + it("cancels queued max-turn continuations when another continuation owns the issue lock", async () => { + const { companyId, agentId } = await seedCompanyAndAgent(); + const issueId = randomUUID(); + const lockOwnerRunId = randomUUID(); + + await db.insert(heartbeatRuns).values({ + id: lockOwnerRunId, + companyId, + agentId, + invocationSource: "automation", + triggerDetail: "system", + status: "scheduled_retry", + scheduledRetryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + scheduledRetryAttempt: 1, + scheduledRetryAt: new Date("2026-04-20T12:00:00.000Z"), + contextSnapshot: { + issueId, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + }, + }); + + await db.insert(issues).values({ + id: issueId, + companyId, + title: "Duplicate max-turn continuation", + status: "in_progress", + priority: "medium", + assigneeAgentId: agentId, + executionRunId: lockOwnerRunId, + executionAgentNameKey: "claudecoder", + executionLockedAt: new Date("2026-04-20T11:59:00.000Z"), + }); + + const { runId, wakeupRequestId } = await seedQueuedRun({ + companyId, + agentId, + issueId, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + invocationSource: "automation", + scheduledRetryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + contextExtras: { + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + }, + }); + + await heartbeat.resumeQueuedRuns(); + + await waitForCondition(async () => { + const run = await db + .select({ status: heartbeatRuns.status }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, runId)) + .then((rows) => rows[0] ?? null); + return run?.status === "cancelled"; + }); + + const [run, wakeup, issue] = await Promise.all([ + db + .select({ + status: heartbeatRuns.status, + errorCode: heartbeatRuns.errorCode, + resultJson: heartbeatRuns.resultJson, + }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, runId)) + .then((rows) => rows[0] ?? null), + db + .select({ status: agentWakeupRequests.status, error: agentWakeupRequests.error }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, wakeupRequestId)) + .then((rows) => rows[0] ?? null), + db + .select({ executionRunId: issues.executionRunId }) + .from(issues) + .where(eq(issues.id, issueId)) + .then((rows) => rows[0] ?? null), + ]); + + expect(run?.status).toBe("cancelled"); + expect(run?.errorCode).toBe("issue_execution_lock_changed"); + expect(run?.resultJson).toMatchObject({ stopReason: "issue_execution_lock_changed" }); + expect(wakeup?.status).toBe("skipped"); + expect(wakeup?.error).toContain("execution lock"); + expect(issue?.executionRunId).toBe(lockOwnerRunId); + expect(countExecuteCallsForRun(runId)).toBe(0); }); it("cancels queued in_review runs when the current participant changes before the run starts", async () => { @@ -422,7 +637,7 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { expect(run?.resultJson).toMatchObject({ stopReason: "issue_review_participant_changed" }); expect(wakeup?.status).toBe("skipped"); expect(wakeup?.error).toContain("in-review participant changed"); - expect(mockAdapterExecute).not.toHaveBeenCalled(); + expect(countExecuteCallsForRun(runId)).toBe(0); }); it("still runs comment-driven wakes on in_review issues even when the agent is no longer the current participant", async () => { @@ -540,6 +755,77 @@ describeEmbeddedPostgres("heartbeat stale queued-run invalidation", () => { .then((rows) => rows[0] ?? null); expect(run?.status).toBe("succeeded"); expect(run?.errorCode).toBeNull(); - expect(mockAdapterExecute).toHaveBeenCalledTimes(1); + expect(countExecuteCallsForRun(runId)).toBe(1); + }); + + it("cancels queued continuation recovery when the continuation summary parks executor work for review", async () => { + const { companyId, agentId } = await seedCompanyAndAgent(); + const issueId = randomUUID(); + await db.insert(issues).values({ + id: issueId, + companyId, + title: "Implementation parked for review", + status: "in_progress", + priority: "medium", + assigneeAgentId: agentId, + }); + await seedContinuationSummary({ + companyId, + issueId, + agentId, + body: [ + "# Continuation Summary", + "", + "## Next Action", + "", + "- Wait for reviewer feedback or approval before continuing executor work.", + ].join("\n"), + }); + + const { runId, wakeupRequestId } = await seedQueuedRun({ + companyId, + agentId, + issueId, + wakeReason: "issue_continuation_needed", + invocationSource: "automation", + contextExtras: { + retryReason: "issue_continuation_needed", + }, + }); + + await heartbeat.resumeQueuedRuns(); + + await waitForCondition(async () => { + const run = await db + .select({ status: heartbeatRuns.status }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, runId)) + .then((rows) => rows[0] ?? null); + return run?.status === "cancelled"; + }); + + const [run, wakeup] = await Promise.all([ + db + .select({ + status: heartbeatRuns.status, + errorCode: heartbeatRuns.errorCode, + resultJson: heartbeatRuns.resultJson, + }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, runId)) + .then((rows) => rows[0] ?? null), + db + .select({ status: agentWakeupRequests.status, error: agentWakeupRequests.error }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, wakeupRequestId)) + .then((rows) => rows[0] ?? null), + ]); + + expect(run?.status).toBe("cancelled"); + expect(run?.errorCode).toBe("issue_continuation_waiting_on_review"); + expect(run?.resultJson).toMatchObject({ stopReason: "issue_continuation_waiting_on_review" }); + expect(wakeup?.status).toBe("skipped"); + expect(wakeup?.error).toContain("continuation summary says the executor should wait"); + expect(countExecuteCallsForRun(runId)).toBe(0); }); }); diff --git a/server/src/__tests__/issue-activity-events-routes.test.ts b/server/src/__tests__/issue-activity-events-routes.test.ts index 0e385d1c..14349614 100644 --- a/server/src/__tests__/issue-activity-events-routes.test.ts +++ b/server/src/__tests__/issue-activity-events-routes.test.ts @@ -1,5 +1,6 @@ import express from "express"; import request from "supertest"; +import { getTableName } from "drizzle-orm"; import { beforeEach, describe, expect, it, vi } from "vitest"; import { normalizeIssueExecutionPolicy } from "../services/issue-execution-policy.ts"; @@ -109,7 +110,7 @@ function registerModuleMocks() { })); } -async function createApp() { +async function createApp(db: unknown = {}) { const [{ issueRoutes }, { errorHandler }] = await Promise.all([ vi.importActual("../routes/issues.js"), vi.importActual("../middleware/index.js"), @@ -126,7 +127,7 @@ async function createApp() { }; next(); }); - app.use("/api", issueRoutes({} as any, {} as any)); + app.use("/api", issueRoutes(db as any, {} as any)); app.use(errorHandler); return app; } @@ -266,6 +267,158 @@ describe("issue activity event routes", () => { }); }, 15_000); + it("logs readable workspace change activity details for issue updates", async () => { + const previousProjectWorkspaceId = "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa"; + const nextExecutionWorkspaceId = "bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb"; + const issue = { + ...makeIssue(), + projectId: "cccccccc-cccc-4ccc-8ccc-cccccccccccc", + projectWorkspaceId: previousProjectWorkspaceId, + executionWorkspaceId: null, + executionWorkspacePreference: "shared_workspace", + executionWorkspaceSettings: { mode: "shared_workspace" }, + }; + mockIssueService.getById.mockResolvedValue(issue); + mockIssueService.update.mockImplementation(async (_id: string, patch: Record) => ({ + ...issue, + ...patch, + updatedAt: new Date(), + })); + + const dbMock = { + select: vi.fn(() => ({ + from: (table: unknown) => ({ + where: async () => { + const tableName = getTableName(table as Parameters[0]); + if (tableName === "project_workspaces") { + return [{ id: previousProjectWorkspaceId, name: "Main workspace" }]; + } + if (tableName === "execution_workspaces") { + return [{ id: nextExecutionWorkspaceId, name: "Feature workspace" }]; + } + return []; + }, + }), + })), + }; + + const res = await request(await createApp(dbMock)) + .patch(`/api/issues/${issue.id}`) + .send({ executionWorkspaceId: nextExecutionWorkspaceId }); + + expect(res.status).toBe(200); + await vi.waitFor(() => { + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "issue.updated", + details: expect.objectContaining({ + executionWorkspaceId: nextExecutionWorkspaceId, + workspaceChange: { + from: { + label: "Main workspace", + projectWorkspaceId: previousProjectWorkspaceId, + executionWorkspaceId: null, + mode: "shared_workspace", + }, + to: { + label: "Feature workspace", + projectWorkspaceId: previousProjectWorkspaceId, + executionWorkspaceId: nextExecutionWorkspaceId, + mode: "shared_workspace", + }, + }, + _previous: expect.objectContaining({ + executionWorkspaceId: null, + }), + }), + }), + ); + }); + }); + + it("logs successful_run_handoff_resolved when an in_progress issue transitions to done with a pending required handoff", async () => { + const issue = { ...makeIssue(), status: "in_progress" }; + mockIssueService.getById.mockResolvedValue(issue); + mockIssueService.update.mockImplementation(async (_id: string, patch: Record) => ({ + ...issue, + ...patch, + updatedAt: new Date(), + })); + + const handoffActivityRow = { + entityId: issue.id, + action: "issue.successful_run_handoff_required", + agentId: issue.assigneeAgentId, + runId: "run-1", + details: { + sourceRunId: "run-1", + correctiveRunId: "run-2", + }, + createdAt: new Date("2026-05-01T00:00:00.000Z"), + }; + const dbMock = { + select: () => ({ + from: () => ({ + where: () => ({ + orderBy: async () => [handoffActivityRow], + }), + }), + }), + }; + + const res = await request(await createApp(dbMock)) + .patch(`/api/issues/${issue.id}`) + .send({ status: "done" }); + + expect(res.status).toBe(200); + await vi.waitFor(() => { + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "issue.successful_run_handoff_resolved", + entityId: issue.id, + details: expect.objectContaining({ + identifier: "PAP-580", + sourceRunId: "run-1", + correctiveRunId: "run-2", + resolvedByStatus: "done", + }), + }), + ); + }); + }); + + it("does not log successful_run_handoff_resolved when status stays in_progress", async () => { + const issue = { ...makeIssue(), status: "in_progress" }; + mockIssueService.getById.mockResolvedValue(issue); + mockIssueService.update.mockImplementation(async (_id: string, patch: Record) => ({ + ...issue, + ...patch, + updatedAt: new Date(), + })); + + const dbMock = { + select: () => ({ + from: () => ({ + where: () => ({ + orderBy: async () => [], + }), + }), + }), + }; + + const res = await request(await createApp(dbMock)) + .patch(`/api/issues/${issue.id}`) + .send({ title: "Updated title" }); + + expect(res.status).toBe(200); + expect(mockLogActivity).not.toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ action: "issue.successful_run_handoff_resolved" }), + ); + }); + it("logs explicit reviewer and approver activity when execution policy participants change", async () => { const existingPolicy = normalizeIssueExecutionPolicy({ stages: [ diff --git a/server/src/__tests__/issue-assigned-backlog-contract-routes.test.ts b/server/src/__tests__/issue-assigned-backlog-contract-routes.test.ts new file mode 100644 index 00000000..81cb0598 --- /dev/null +++ b/server/src/__tests__/issue-assigned-backlog-contract-routes.test.ts @@ -0,0 +1,313 @@ +import express from "express"; +import request from "supertest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; + +const assigneeAgentId = "22222222-2222-4222-8222-222222222222"; + +const mockWakeup = vi.hoisted(() => vi.fn(async () => undefined)); +const mockLogActivity = vi.hoisted(() => vi.fn(async () => undefined)); +const mockIssueService = vi.hoisted(() => ({ + create: vi.fn(), + createChild: vi.fn(), + getById: vi.fn(), + getByIdentifier: vi.fn(async () => null), + getComment: vi.fn(), + getCommentCursor: vi.fn(), + getRelationSummaries: vi.fn(), + listWakeableBlockedDependents: vi.fn(), + getWakeableParentAfterChildCompletion: vi.fn(), + findMentionedAgents: vi.fn(async () => []), +})); + +vi.mock("../services/index.js", () => ({ + accessService: () => ({ + canUser: vi.fn(async () => true), + hasPermission: vi.fn(async () => true), + }), + agentService: () => ({ + getById: vi.fn(async () => null), + }), + companyService: () => ({ + getById: vi.fn(async () => ({ id: "company-1", attachmentMaxBytes: 10 * 1024 * 1024 })), + }), + documentService: () => ({ + getIssueDocumentPayload: vi.fn(async () => ({})), + }), + executionWorkspaceService: () => ({ + getById: vi.fn(async () => null), + }), + feedbackService: () => ({ + listIssueVotesForUser: vi.fn(async () => []), + }), + goalService: () => ({ + getById: vi.fn(async () => null), + getDefaultCompanyGoal: vi.fn(async () => null), + }), + heartbeatService: () => ({ + wakeup: mockWakeup, + reportRunActivity: vi.fn(async () => undefined), + }), + getIssueContinuationSummaryDocument: vi.fn(async () => null), + instanceSettingsService: () => ({ + get: vi.fn(async () => ({ + id: "instance-settings-1", + general: { + censorUsernameInLogs: false, + feedbackDataSharingPreference: "prompt", + }, + })), + listCompanyIds: vi.fn(async () => ["company-1"]), + }), + issueApprovalService: () => ({}), + issueReferenceService: () => ({ + deleteDocumentSource: async () => undefined, + diffIssueReferenceSummary: () => ({ + addedReferencedIssues: [], + removedReferencedIssues: [], + currentReferencedIssues: [], + }), + emptySummary: () => ({ outbound: [], inbound: [] }), + listIssueReferenceSummary: async () => ({ outbound: [], inbound: [] }), + syncComment: async () => undefined, + syncDocument: async () => undefined, + syncIssue: async () => undefined, + }), + issueService: () => mockIssueService, + logActivity: mockLogActivity, + projectService: () => ({ + getById: vi.fn(async () => null), + listByIds: vi.fn(async () => []), + }), + routineService: () => ({ + syncRunStatusForIssue: vi.fn(async () => undefined), + }), + workProductService: () => ({ + listForIssue: vi.fn(async () => []), + }), +})); + +async function createApp() { + const [{ issueRoutes }, { errorHandler }] = await Promise.all([ + vi.importActual("../routes/issues.js"), + vi.importActual("../middleware/index.js"), + ]); + const app = express(); + app.use(express.json()); + app.use((req, _res, next) => { + (req as any).actor = { + type: "board", + userId: "local-board", + companyIds: ["company-1"], + source: "local_implicit", + isInstanceAdmin: false, + }; + next(); + }); + app.use("/api", issueRoutes({} as any, {} as any)); + app.use(errorHandler); + return app; +} + +function makeIssue(input: { + id: string; + title: string; + status?: string; + parentId?: string | null; + assigneeAgentId?: string | null; +}) { + return { + id: input.id, + companyId: "company-1", + identifier: input.id === "child-1" ? "PAP-3701" : "PAP-3700", + title: input.title, + description: null, + status: input.status ?? "todo", + priority: "medium", + parentId: input.parentId ?? null, + assigneeAgentId: input.assigneeAgentId ?? null, + assigneeUserId: null, + createdByAgentId: null, + createdByUserId: "local-board", + executionWorkspaceId: null, + labels: [], + labelIds: [], + }; +} + +function expectClearAssignedStatusValidation(res: request.Response) { + expect([400, 422]).toContain(res.status); + expect(String(res.body?.error ?? res.text)).toMatch(/assign|assignee|status|backlog|todo/i); +} + +describe("assigned backlog creation contract", () => { + beforeEach(() => { + vi.clearAllMocks(); + mockIssueService.getById.mockResolvedValue(makeIssue({ + id: "parent-1", + title: "Parent issue", + status: "blocked", + assigneeAgentId, + })); + mockIssueService.create.mockImplementation(async (_companyId: string, data: Record) => + makeIssue({ + id: "issue-1", + title: String(data.title), + status: String(data.status), + assigneeAgentId: data.assigneeAgentId as string | null | undefined, + })); + mockIssueService.createChild.mockImplementation(async (_parentId: string, data: Record) => ({ + issue: makeIssue({ + id: "child-1", + title: String(data.title), + status: String(data.status), + parentId: "parent-1", + assigneeAgentId: data.assigneeAgentId as string | null | undefined, + }), + parentBlockerAdded: Boolean(data.blockParentUntilDone), + })); + mockIssueService.getRelationSummaries.mockResolvedValue({ blockedBy: [], blocks: [] }); + mockIssueService.listWakeableBlockedDependents.mockResolvedValue([]); + mockIssueService.getWakeableParentAfterChildCompletion.mockResolvedValue(null); + }); + + it("does not silently create a top-level assigned issue as backlog when status is omitted", async () => { + const res = await request(await createApp()) + .post("/api/companies/company-1/issues") + .send({ + title: "Assigned executable work", + assigneeAgentId, + }); + + if (res.status !== 201) { + expectClearAssignedStatusValidation(res); + expect(mockIssueService.create).not.toHaveBeenCalled(); + expect(mockWakeup).not.toHaveBeenCalled(); + return; + } + + expect(mockIssueService.create).toHaveBeenCalledWith( + "company-1", + expect.objectContaining({ + title: "Assigned executable work", + assigneeAgentId, + status: "todo", + }), + ); + expect(res.body).toEqual(expect.objectContaining({ + assigneeAgentId, + status: "todo", + })); + expect(mockWakeup).toHaveBeenCalledWith( + assigneeAgentId, + expect.objectContaining({ + source: "assignment", + reason: "issue_assigned", + payload: expect.objectContaining({ mutation: "create" }), + }), + ); + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "issue.created", + details: expect.objectContaining({ + status: "todo", + statusDefaulted: true, + statusDefaultReason: "assigned_omitted_status", + assignmentWakeSkipped: false, + }), + }), + ); + }); + + it("does not let a parent-blocking assigned child become an unwoken backlog leaf by default", async () => { + const res = await request(await createApp()) + .post("/api/issues/parent-1/children") + .send({ + title: "Assigned child blocker", + assigneeAgentId, + blockParentUntilDone: true, + }); + + if (res.status !== 201) { + expectClearAssignedStatusValidation(res); + expect(mockIssueService.createChild).not.toHaveBeenCalled(); + expect(mockWakeup).not.toHaveBeenCalled(); + return; + } + + expect(mockIssueService.createChild).toHaveBeenCalledWith( + "parent-1", + expect.objectContaining({ + title: "Assigned child blocker", + assigneeAgentId, + blockParentUntilDone: true, + status: "todo", + }), + ); + expect(res.body).toEqual(expect.objectContaining({ + assigneeAgentId, + parentId: "parent-1", + status: "todo", + })); + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "issue.child_created", + details: expect.objectContaining({ + status: "todo", + statusDefaulted: true, + statusDefaultReason: "assigned_omitted_status", + assignmentWakeSkipped: false, + parentBlockerAdded: true, + }), + }), + ); + expect(mockWakeup).toHaveBeenCalledWith( + assigneeAgentId, + expect.objectContaining({ + source: "assignment", + reason: "issue_assigned", + payload: expect.objectContaining({ mutation: "create" }), + }), + ); + }); + + it("preserves deliberate assigned backlog as parked work without assignment wakeup", async () => { + const res = await request(await createApp()) + .post("/api/companies/company-1/issues") + .send({ + title: "Parked assigned work", + assigneeAgentId, + status: "backlog", + }); + + expect(res.status).toBe(201); + expect(mockIssueService.create).toHaveBeenCalledWith( + "company-1", + expect.objectContaining({ + title: "Parked assigned work", + assigneeAgentId, + status: "backlog", + }), + ); + expect(res.body).toEqual(expect.objectContaining({ + assigneeAgentId, + status: "backlog", + })); + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "issue.created", + entityId: "issue-1", + details: expect.objectContaining({ + status: "backlog", + statusDefaulted: false, + statusDefaultReason: "explicit", + assignmentWakeSkipped: true, + assignmentWakeSkipReason: "assigned_backlog", + }), + }), + ); + expect(mockWakeup).not.toHaveBeenCalled(); + }); +}); diff --git a/server/src/__tests__/issue-blocker-attention.test.ts b/server/src/__tests__/issue-blocker-attention.test.ts index 66df6959..71e66c80 100644 --- a/server/src/__tests__/issue-blocker-attention.test.ts +++ b/server/src/__tests__/issue-blocker-attention.test.ts @@ -76,6 +76,7 @@ describeEmbeddedPostgres("issue blocker attention", () => { status: string; parentId?: string | null; assigneeAgentId?: string | null; + assigneeUserId?: string | null; originKind?: string | null; originId?: string | null; originFingerprint?: string | null; @@ -90,6 +91,7 @@ describeEmbeddedPostgres("issue blocker attention", () => { priority: "medium", parentId: input.parentId ?? null, assigneeAgentId: input.assigneeAgentId ?? null, + assigneeUserId: input.assigneeUserId ?? null, originKind: input.originKind ?? "manual", originId: input.originId ?? null, originFingerprint: input.originFingerprint ?? "default", @@ -147,6 +149,55 @@ describeEmbeddedPostgres("issue blocker attention", () => { }); }); + it("classifies an assigned backlog blocker leaf without a waiting path as attention-needed", async () => { + const { companyId, agentId } = await createCompany("PBB"); + const parentId = await insertIssue({ companyId, identifier: "PBB-1", title: "Parent", status: "blocked" }); + const blockerId = await insertIssue({ + companyId, + identifier: "PBB-2", + title: "Parked assigned blocker", + status: "backlog", + assigneeAgentId: agentId, + }); + await block({ companyId, blockerIssueId: blockerId, blockedIssueId: parentId }); + + const parent = (await svc.list(companyId, { status: "blocked" })).find((issue) => issue.id === parentId); + + expect(parent?.blockerAttention).toMatchObject({ + state: "needs_attention", + reason: "attention_required", + unresolvedBlockerCount: 1, + coveredBlockerCount: 0, + stalledBlockerCount: 0, + attentionBlockerCount: 1, + sampleBlockerIdentifier: "PBB-2", + }); + }); + + it("treats a human-owned backlog blocker as a covered waiting path", async () => { + const { companyId } = await createCompany("PBU"); + const parentId = await insertIssue({ companyId, identifier: "PBU-1", title: "Parent", status: "blocked" }); + const blockerId = await insertIssue({ + companyId, + identifier: "PBU-2", + title: "Human-owned parked blocker", + status: "backlog", + assigneeUserId: "board-user-1", + }); + await block({ companyId, blockerIssueId: blockerId, blockedIssueId: parentId }); + + const parent = (await svc.list(companyId, { status: "blocked" })).find((issue) => issue.id === parentId); + + expect(parent?.blockerAttention).toMatchObject({ + state: "covered", + reason: "active_dependency", + unresolvedBlockerCount: 1, + coveredBlockerCount: 1, + attentionBlockerCount: 0, + sampleBlockerIdentifier: "PBU-2", + }); + }); + it("keeps mixed blockers attention-required when any path lacks active work", async () => { const { companyId, agentId } = await createCompany("PBM"); const parentId = await insertIssue({ companyId, identifier: "PBM-1", title: "Parent", status: "blocked" }); diff --git a/server/src/__tests__/issue-comment-reopen-routes.test.ts b/server/src/__tests__/issue-comment-reopen-routes.test.ts index 922cf658..5eed5cc4 100644 --- a/server/src/__tests__/issue-comment-reopen-routes.test.ts +++ b/server/src/__tests__/issue-comment-reopen-routes.test.ts @@ -38,7 +38,12 @@ const mockTxInsert = vi.hoisted(() => vi.fn(() => ({ values: mockTxInsertValues const mockTx = vi.hoisted(() => ({ insert: mockTxInsert, })); +const mockDbSelectOrderBy = vi.hoisted(() => vi.fn(async () => [])); +const mockDbSelectWhere = vi.hoisted(() => vi.fn(() => ({ orderBy: mockDbSelectOrderBy }))); +const mockDbSelectFrom = vi.hoisted(() => vi.fn(() => ({ where: mockDbSelectWhere }))); +const mockDbSelect = vi.hoisted(() => vi.fn(() => ({ from: mockDbSelectFrom }))); const mockDb = vi.hoisted(() => ({ + select: mockDbSelect, transaction: vi.fn(async (fn: (tx: typeof mockTx) => Promise) => fn(mockTx)), })); const mockFeedbackService = vi.hoisted(() => ({ @@ -236,9 +241,17 @@ describe.sequential("issue comment reopen routes", () => { mockIssueTreeControlService.getActivePauseHoldGate.mockReset(); mockTxInsertValues.mockReset(); mockTxInsert.mockReset(); + mockDbSelect.mockReset(); + mockDbSelectFrom.mockReset(); + mockDbSelectWhere.mockReset(); + mockDbSelectOrderBy.mockReset(); mockDb.transaction.mockReset(); mockTxInsertValues.mockResolvedValue(undefined); mockTxInsert.mockImplementation(() => ({ values: mockTxInsertValues })); + mockDbSelectOrderBy.mockResolvedValue([]); + mockDbSelectWhere.mockImplementation(() => ({ orderBy: mockDbSelectOrderBy })); + mockDbSelectFrom.mockImplementation(() => ({ where: mockDbSelectWhere })); + mockDbSelect.mockImplementation(() => ({ from: mockDbSelectFrom })); mockDb.transaction.mockImplementation(async (fn: (tx: typeof mockTx) => Promise) => fn(mockTx)); mockHeartbeatService.wakeup.mockResolvedValue(undefined); mockHeartbeatService.reportRunActivity.mockResolvedValue(undefined); @@ -545,6 +558,87 @@ describe.sequential("issue comment reopen routes", () => { )); }); + it("passes validated comment presentation fields to trusted board comment writes", async () => { + const app = await installActor(createApp()); + mockIssueService.getById.mockResolvedValue(makeIssue("todo")); + mockIssueService.addComment.mockResolvedValue({ + id: "comment-1", + issueId: "11111111-1111-4111-8111-111111111111", + companyId: "company-1", + authorType: "user", + authorAgentId: null, + authorUserId: "local-board", + body: "Paperclip needs a disposition before this issue can continue.", + presentation: { kind: "system_notice", tone: "warning", detailsDefaultOpen: false }, + metadata: { + version: 1, + sections: [{ rows: [{ type: "key_value", label: "Cause", value: "successful_run_missing_state" }] }], + }, + createdAt: new Date(), + updatedAt: new Date(), + }); + mockIssueService.findMentionedAgents.mockResolvedValue([]); + + const metadata = { + version: 1, + sections: [{ rows: [{ type: "key_value", label: "Cause", value: "successful_run_missing_state" }] }], + }; + const presentation = { kind: "system_notice", tone: "warning" }; + const res = await request(app) + .post("/api/issues/11111111-1111-4111-8111-111111111111/comments") + .send({ + body: "Paperclip needs a disposition before this issue can continue.", + presentation, + metadata, + }); + + expect(res.status).toBe(201); + expect(mockIssueService.addComment).toHaveBeenCalledWith( + "11111111-1111-4111-8111-111111111111", + "Paperclip needs a disposition before this issue can continue.", + { agentId: undefined, userId: "local-board", runId: null }, + { + authorType: "user", + presentation: { kind: "system_notice", tone: "warning", detailsDefaultOpen: false }, + metadata, + }, + ); + }); + + it("rejects structured comment presentation fields from agent-authenticated writes", async () => { + const app = await installActor(createApp(), agentActor()); + mockIssueService.getById.mockResolvedValue(makeIssue("todo")); + + const res = await request(app) + .post("/api/issues/11111111-1111-4111-8111-111111111111/comments") + .send({ + body: "Hidden details", + presentation: { kind: "system_notice", tone: "warning" }, + metadata: { + version: 1, + sections: [{ rows: [{ type: "key_value", label: "Cause", value: "covert_channel_attempt" }] }], + }, + }); + + expect(res.status).toBe(403); + expect(mockIssueService.addComment).not.toHaveBeenCalled(); + }); + + it("rejects invalid comment metadata before writing a comment", async () => { + const app = await installActor(createApp()); + mockIssueService.getById.mockResolvedValue(makeIssue("todo")); + + const res = await request(app) + .post("/api/issues/11111111-1111-4111-8111-111111111111/comments") + .send({ + body: "Invalid metadata", + metadata: { version: 1, arbitrary: true }, + }); + + expect(res.status).toBe(400); + expect(mockIssueService.addComment).not.toHaveBeenCalled(); + }); + it("does not move dependency-blocked issues to todo via POST comments", async () => { mockIssueService.getById.mockResolvedValue(makeIssue("blocked")); mockIssueService.getDependencyReadiness.mockResolvedValue({ diff --git a/server/src/__tests__/issue-continuation-summary.test.ts b/server/src/__tests__/issue-continuation-summary.test.ts index c5ccd0a5..401a5281 100644 --- a/server/src/__tests__/issue-continuation-summary.test.ts +++ b/server/src/__tests__/issue-continuation-summary.test.ts @@ -2,6 +2,8 @@ import { describe, expect, it } from "vitest"; import { ISSUE_CONTINUATION_SUMMARY_MAX_BODY_CHARS, buildContinuationSummaryMarkdown, + continuationSummaryParksExecutor, + extractContinuationSummaryNextAction, } from "../services/issue-continuation-summary.js"; describe("issue continuation summaries", () => { @@ -83,4 +85,31 @@ describe("issue continuation summaries", () => { expect(body).toContain("Latest run error (adapter_failed): adapter failed"); expect(body).toContain("Inspect the failed run, fix the cause"); }); + + it("detects continuation summaries that explicitly park executor work for review", () => { + const body = [ + "# Continuation Summary", + "", + "## Next Action", + "", + "- Wait for reviewer feedback or approval before continuing executor work.", + ].join("\n"); + + expect(extractContinuationSummaryNextAction(body)).toBe( + "Wait for reviewer feedback or approval before continuing executor work.", + ); + expect(continuationSummaryParksExecutor(body)).toBe(true); + }); + + it("does not park executor work when the next action is still runnable", () => { + const body = [ + "# Continuation Summary", + "", + "## Next Action", + "", + "- Re-check run `25145432006`, then move the issue to `in_review` if the final step is green.", + ].join("\n"); + + expect(continuationSummaryParksExecutor(body)).toBe(false); + }); }); diff --git a/server/src/__tests__/issue-execution-policy-routes.test.ts b/server/src/__tests__/issue-execution-policy-routes.test.ts index f21e7b95..ac809eed 100644 --- a/server/src/__tests__/issue-execution-policy-routes.test.ts +++ b/server/src/__tests__/issue-execution-policy-routes.test.ts @@ -7,6 +7,7 @@ const mockIssueService = vi.hoisted(() => ({ getById: vi.fn(), assertCheckoutOwner: vi.fn(), update: vi.fn(), + createChild: vi.fn(), addComment: vi.fn(), findMentionedAgents: vi.fn(), getRelationSummaries: vi.fn(), @@ -16,21 +17,33 @@ const mockIssueService = vi.hoisted(() => ({ const mockHeartbeatService = vi.hoisted(() => ({ wakeup: vi.fn(async () => undefined), + triggerIssueMonitor: vi.fn(async () => ({ outcome: "triggered" as const })), reportRunActivity: vi.fn(async () => undefined), getRun: vi.fn(async () => null), getActiveRunForAgent: vi.fn(async () => null), cancelRun: vi.fn(async () => null), })); +const mockAccessService = vi.hoisted(() => ({ + canUser: vi.fn(async () => false), + hasPermission: vi.fn(async () => false), +})); + +const mockLogActivity = vi.hoisted(() => vi.fn(async () => undefined)); +const mockIssueThreadInteractionService = vi.hoisted(() => ({ + listForIssue: vi.fn(async () => []), + expireRequestConfirmationsSupersededByComment: vi.fn(async () => []), +})); +const mockIssueApprovalService = vi.hoisted(() => ({ + listApprovalsForIssue: vi.fn(async () => []), +})); + function registerModuleMocks() { vi.doMock("../services/index.js", () => ({ companyService: () => ({ getById: vi.fn(async () => ({ id: "company-1", attachmentMaxBytes: 10 * 1024 * 1024 })), }), - accessService: () => ({ - canUser: vi.fn(async () => false), - hasPermission: vi.fn(async () => false), - }), + accessService: () => mockAccessService, agentService: () => ({ getById: vi.fn(async () => null), }), @@ -42,6 +55,9 @@ function registerModuleMocks() { }), goalService: () => ({}), heartbeatService: () => mockHeartbeatService, + environmentService: () => ({ + getById: vi.fn(async () => null), + }), instanceSettingsService: () => ({ get: vi.fn(async () => ({ id: "instance-settings-1", @@ -52,7 +68,7 @@ function registerModuleMocks() { })), listCompanyIds: vi.fn(async () => ["company-1"]), }), - issueApprovalService: () => ({}), + issueApprovalService: () => mockIssueApprovalService, issueReferenceService: () => ({ deleteDocumentSource: async () => undefined, diffIssueReferenceSummary: () => ({ @@ -67,7 +83,8 @@ function registerModuleMocks() { syncIssue: async () => undefined, }), issueService: () => mockIssueService, - logActivity: vi.fn(async () => undefined), + issueThreadInteractionService: () => mockIssueThreadInteractionService, + logActivity: mockLogActivity, projectService: () => ({}), routineService: () => ({ syncRunStatusForIssue: vi.fn(async () => undefined), @@ -76,7 +93,22 @@ function registerModuleMocks() { })); } -async function createApp() { +type TestActor = + | { + type: "board"; + userId: string; + companyIds: string[]; + source: "local_implicit"; + isInstanceAdmin: boolean; + } + | { + type: "agent"; + agentId: string; + companyId: string; + runId: string | null; + }; + +async function createApp(actor?: TestActor) { const [{ errorHandler }, { issueRoutes }] = await Promise.all([ import("../middleware/index.js"), import("../routes/issues.js"), @@ -84,7 +116,7 @@ async function createApp() { const app = express(); app.use(express.json()); app.use((req, _res, next) => { - (req as any).actor = { + (req as any).actor = actor ?? { type: "board", userId: "local-board", companyIds: ["company-1"], @@ -111,6 +143,229 @@ describe("issue execution policy routes", () => { mockIssueService.getRelationSummaries.mockResolvedValue({ blockedBy: [], blocks: [] }); mockIssueService.listWakeableBlockedDependents.mockResolvedValue([]); mockIssueService.getWakeableParentAfterChildCompletion.mockResolvedValue(null); + mockIssueThreadInteractionService.listForIssue.mockResolvedValue([]); + mockIssueThreadInteractionService.expireRequestConfirmationsSupersededByComment.mockResolvedValue([]); + mockIssueApprovalService.listApprovalsForIssue.mockResolvedValue([]); + mockIssueService.createChild.mockResolvedValue({ + issue: { + id: "bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb", + companyId: "company-1", + identifier: "PAP-1002", + title: "Child issue", + }, + parentBlockerAdded: false, + }); + mockAccessService.canUser.mockResolvedValue(false); + mockAccessService.hasPermission.mockResolvedValue(false); + }); + + it("rejects an agent-authored in_review transition without a review path", async () => { + const issue = { + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "todo", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1003", + title: "Missing review path", + executionPolicy: null, + executionState: null, + }; + mockIssueService.getById.mockResolvedValue(issue); + + const res = await request(await createApp({ + type: "agent", + agentId: "33333333-3333-4333-8333-333333333333", + companyId: "company-1", + runId: "run-1", + })) + .patch("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa") + .send({ status: "in_review" }); + + expect(res.status).toBe(422); + expect(res.body.error).toContain("invalid_issue_disposition"); + expect(res.body.error).toContain("request_confirmation"); + expect(res.body.details).toMatchObject({ + code: "invalid_issue_disposition", + missing: "review_path", + }); + expect(mockIssueService.update).not.toHaveBeenCalled(); + }); + + it("allows an agent-authored in_review transition with a pending confirmation interaction", async () => { + const issue = { + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "todo", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1004", + title: "Pending confirmation", + executionPolicy: null, + executionState: null, + }; + mockIssueService.getById.mockResolvedValue(issue); + mockIssueThreadInteractionService.listForIssue.mockResolvedValue([ + { id: "interaction-1", kind: "request_confirmation", status: "pending" }, + ]); + mockIssueService.update.mockImplementation(async (_id: string, patch: Record) => ({ + ...issue, + ...patch, + updatedAt: new Date(), + })); + + const res = await request(await createApp({ + type: "agent", + agentId: "33333333-3333-4333-8333-333333333333", + companyId: "company-1", + runId: "run-1", + })) + .patch("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa") + .send({ status: "in_review" }); + + expect(res.status).toBe(200); + expect(mockIssueService.update).toHaveBeenCalledWith( + "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + expect.objectContaining({ status: "in_review" }), + ); + }); + + it("allows an agent-authored in_review transition with a typed execution participant", async () => { + const issue = { + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "todo", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1005", + title: "Execution participant", + executionPolicy: null, + executionState: null, + }; + const policy = normalizeIssueExecutionPolicy({ + stages: [ + { + id: "11111111-1111-4111-8111-111111111111", + type: "review", + participants: [{ type: "agent", agentId: "44444444-4444-4444-8444-444444444444" }], + }, + ], + })!; + mockIssueService.getById.mockResolvedValue(issue); + mockIssueService.update.mockImplementation(async (_id: string, patch: Record) => ({ + ...issue, + ...patch, + updatedAt: new Date(), + })); + + const res = await request(await createApp({ + type: "agent", + agentId: "33333333-3333-4333-8333-333333333333", + companyId: "company-1", + runId: "run-1", + })) + .patch("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa") + .send({ status: "in_review", executionPolicy: policy }); + + expect(res.status).toBe(200); + expect(mockIssueService.update).toHaveBeenCalledWith( + "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + expect.objectContaining({ + status: "in_review", + executionState: expect.objectContaining({ + status: "pending", + currentParticipant: expect.objectContaining({ + type: "agent", + agentId: "44444444-4444-4444-8444-444444444444", + }), + }), + }), + ); + }); + + it("allows an agent-authored in_review transition with a scheduled monitor", async () => { + const issue = { + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "todo", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1006", + title: "External review monitor", + executionPolicy: null, + executionState: null, + monitorAttemptCount: 0, + monitorNextCheckAt: null, + monitorLastTriggeredAt: null, + monitorNotes: null, + monitorScheduledBy: null, + }; + mockIssueService.getById.mockResolvedValue(issue); + mockIssueService.update.mockImplementation(async (_id: string, patch: Record) => ({ + ...issue, + ...patch, + updatedAt: new Date(), + })); + + const res = await request(await createApp({ + type: "agent", + agentId: "33333333-3333-4333-8333-333333333333", + companyId: "company-1", + runId: "run-1", + })) + .patch("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa") + .send({ + status: "in_review", + executionPolicy: { + monitor: { + nextCheckAt: "2026-12-01T12:00:00.000Z", + scheduledBy: "assignee", + notes: "Wait for external QA report.", + }, + }, + }); + + expect(res.status).toBe(200); + expect(mockIssueService.update).toHaveBeenCalledWith( + "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + expect.objectContaining({ + status: "in_review", + monitorNextCheckAt: new Date("2026-12-01T12:00:00.000Z"), + }), + ); + }); + + it("allows board-authored in_review repair updates without a review path", async () => { + const issue = { + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "todo", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1007", + title: "Board repair", + executionPolicy: null, + executionState: null, + }; + mockIssueService.getById.mockResolvedValue(issue); + mockIssueService.update.mockImplementation(async (_id: string, patch: Record) => ({ + ...issue, + ...patch, + updatedAt: new Date(), + })); + + const res = await request(await createApp()) + .patch("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa") + .send({ status: "in_review" }); + + expect(res.status).toBe(200); + expect(mockIssueThreadInteractionService.listForIssue).not.toHaveBeenCalled(); + expect(mockIssueApprovalService.listApprovalsForIssue).not.toHaveBeenCalled(); }); it("does not auto-start execution review when reviewers are added to an already in_review issue", async () => { @@ -162,4 +417,175 @@ describe("issue execution policy routes", () => { expect(updatePatch.executionState).toBeUndefined(); expect(mockHeartbeatService.wakeup).not.toHaveBeenCalled(); }); + + it("triggers a scheduled monitor immediately from the dedicated route", async () => { + const issue = { + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "in_progress", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1001", + title: "Manual monitor trigger", + executionPolicy: normalizeIssueExecutionPolicy({ + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + notes: "Check deployment", + scheduledBy: "board", + }, + }), + executionState: null, + }; + mockIssueService.getById.mockResolvedValue(issue); + + const res = await request(await createApp()) + .post("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa/monitor/check-now") + .send({}); + + expect(res.status).toBe(200); + expect(res.body).toEqual({ ok: true }); + expect(mockHeartbeatService.triggerIssueMonitor).toHaveBeenCalledWith( + "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + expect.objectContaining({ + actorType: "user", + actorId: "local-board", + agentId: null, + }), + ); + }); + + it("lets a board user create a child issue with a scheduled monitor", async () => { + mockIssueService.getById.mockResolvedValue({ + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "in_progress", + assigneeAgentId: "11111111-1111-4111-8111-111111111111", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1001", + title: "Parent issue", + executionPolicy: null, + executionState: null, + }); + + const res = await request(await createApp()) + .post("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa/children") + .send({ + title: "Child monitor", + status: "in_review", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + executionPolicy: { + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + scheduledBy: "assignee", + }, + }, + }); + + expect(res.status).toBe(201); + const createPayload = mockIssueService.createChild.mock.calls[0]?.[1] as { + executionPolicy: { monitor: { scheduledBy: string } }; + }; + expect(createPayload.executionPolicy.monitor.scheduledBy).toBe("board"); + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "issue.monitor_scheduled", + details: expect.objectContaining({ + scheduledBy: "board", + }), + }), + ); + }); + + it("rejects child monitor scheduling by a non-assignee agent even with task assignment permission", async () => { + mockAccessService.hasPermission.mockResolvedValue(true); + mockIssueService.getById.mockResolvedValue({ + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "in_progress", + assigneeAgentId: "11111111-1111-4111-8111-111111111111", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1001", + title: "Parent issue", + executionPolicy: null, + executionState: null, + }); + + const res = await request(await createApp({ + type: "agent", + agentId: "22222222-2222-4222-8222-222222222222", + companyId: "company-1", + runId: "run-1", + })) + .post("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa/children") + .send({ + title: "Child monitor", + status: "in_review", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + executionPolicy: { + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + scheduledBy: "board", + }, + }, + }); + + expect(res.status).toBe(403); + expect(res.body.error).toBe("Only the assignee agent or a board user can manage issue monitors"); + expect(mockIssueService.createChild).not.toHaveBeenCalled(); + }); + + it("normalizes spoofed child monitor scheduledBy to the assignee actor", async () => { + mockAccessService.hasPermission.mockResolvedValue(true); + mockIssueService.getById.mockResolvedValue({ + id: "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa", + companyId: "company-1", + status: "in_progress", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + assigneeUserId: null, + createdByUserId: "local-board", + identifier: "PAP-1001", + title: "Parent issue", + executionPolicy: null, + executionState: null, + }); + + const res = await request(await createApp({ + type: "agent", + agentId: "33333333-3333-4333-8333-333333333333", + companyId: "company-1", + runId: "run-1", + })) + .post("/api/issues/aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa/children") + .send({ + title: "Child monitor", + status: "in_review", + assigneeAgentId: "33333333-3333-4333-8333-333333333333", + executionPolicy: { + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + scheduledBy: "board", + externalRef: "https://example.test/deploy?token=secret", + }, + }, + }); + + expect(res.status).toBe(201); + const createPayload = mockIssueService.createChild.mock.calls[0]?.[1] as { + executionPolicy: { monitor: { scheduledBy: string; externalRef: string | null } }; + }; + expect(createPayload.executionPolicy.monitor.scheduledBy).toBe("assignee"); + expect(createPayload.executionPolicy.monitor.externalRef).toBe("[redacted]"); + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "issue.monitor_scheduled", + entityId: "bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb", + details: expect.not.objectContaining({ externalRef: expect.anything() }), + }), + ); + }); }); diff --git a/server/src/__tests__/issue-execution-policy.test.ts b/server/src/__tests__/issue-execution-policy.test.ts index 37a64dc2..c66dde8f 100644 --- a/server/src/__tests__/issue-execution-policy.test.ts +++ b/server/src/__tests__/issue-execution-policy.test.ts @@ -112,6 +112,26 @@ describe("normalizeIssueExecutionPolicy", () => { it("throws for invalid input", () => { expect(() => normalizeIssueExecutionPolicy({ stages: [{ type: "invalid_type" }] })).toThrow(); }); + + it("keeps monitor-only policies", () => { + const result = normalizeIssueExecutionPolicy({ + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + notes: "Check deployment", + externalRef: "https://example.test/deploy?token=secret", + }, + stages: [], + }); + expect(result).toMatchObject({ + stages: [], + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + notes: "Check deployment", + scheduledBy: "assignee", + externalRef: "[redacted]", + }, + }); + }); }); describe("parseIssueExecutionState", () => { @@ -1261,4 +1281,169 @@ describe("issue execution policy transitions", () => { }); }); }); + + describe("monitor policy", () => { + it("schedules a one-shot monitor on an active agent-owned issue", () => { + const policy = normalizeIssueExecutionPolicy({ + stages: [], + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + notes: "Check deployment", + scheduledBy: "board", + }, + })!; + + const result = applyIssueExecutionPolicyTransition({ + issue: { + status: "in_progress", + assigneeAgentId: coderAgentId, + assigneeUserId: null, + executionPolicy: null, + executionState: null, + monitorAttemptCount: 0, + monitorNextCheckAt: null, + monitorLastTriggeredAt: null, + monitorNotes: null, + monitorScheduledBy: null, + }, + policy, + previousPolicy: null, + requestedAssigneePatch: {}, + actor: { userId: boardUserId }, + monitorExplicitlyUpdated: true, + }); + + expect(result.patch.monitorNextCheckAt).toEqual(new Date("2026-04-11T12:30:00.000Z")); + expect(result.patch.monitorScheduledBy).toBe("board"); + expect(result.patch.executionState).toMatchObject({ + status: "idle", + monitor: { + status: "scheduled", + nextCheckAt: "2026-04-11T12:30:00.000Z", + notes: "Check deployment", + scheduledBy: "board", + }, + }); + }); + + it("auto-clears a scheduled monitor when the issue moves to done", () => { + const policy = normalizeIssueExecutionPolicy({ + stages: [], + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + notes: "Check deployment", + scheduledBy: "assignee", + }, + })!; + + const result = applyIssueExecutionPolicyTransition({ + issue: { + status: "in_progress", + assigneeAgentId: coderAgentId, + assigneeUserId: null, + executionPolicy: policy, + executionState: { + status: "idle", + currentStageId: null, + currentStageIndex: null, + currentStageType: null, + currentParticipant: null, + returnAssignee: null, + completedStageIds: [], + lastDecisionId: null, + lastDecisionOutcome: null, + monitor: { + status: "scheduled", + nextCheckAt: "2026-04-11T12:30:00.000Z", + lastTriggeredAt: null, + attemptCount: 0, + notes: "Check deployment", + scheduledBy: "assignee", + clearedAt: null, + clearReason: null, + }, + }, + monitorAttemptCount: 0, + monitorNextCheckAt: new Date("2026-04-11T12:30:00.000Z"), + monitorLastTriggeredAt: null, + monitorNotes: "Check deployment", + monitorScheduledBy: "assignee", + }, + policy, + previousPolicy: policy, + requestedStatus: "done", + requestedAssigneePatch: {}, + actor: { agentId: coderAgentId }, + }); + + expect(result.patch.executionPolicy).toBeNull(); + expect(result.patch.monitorNextCheckAt).toBeNull(); + expect(result.patch.executionState).toMatchObject({ + monitor: { + status: "cleared", + clearReason: "done", + }, + }); + }); + + it("rejects explicitly scheduling a monitor on an invalid issue state", () => { + const policy = normalizeIssueExecutionPolicy({ + stages: [], + monitor: { + nextCheckAt: "2026-04-11T12:30:00.000Z", + notes: "Check deployment", + }, + })!; + + expect(() => + applyIssueExecutionPolicyTransition({ + issue: { + status: "blocked", + assigneeAgentId: coderAgentId, + assigneeUserId: null, + executionPolicy: null, + executionState: null, + }, + policy, + previousPolicy: null, + requestedAssigneePatch: {}, + actor: { agentId: coderAgentId }, + monitorExplicitlyUpdated: true, + }), + ).toThrow("Monitor can only be scheduled"); + }); + + it("rejects explicitly re-arming a monitor after max attempts are exhausted", () => { + const policy = normalizeIssueExecutionPolicy({ + stages: [], + monitor: { + nextCheckAt: "2099-04-11T12:30:00.000Z", + maxAttempts: 1, + scheduledBy: "assignee", + }, + })!; + + expect(() => + applyIssueExecutionPolicyTransition({ + issue: { + status: "in_review", + assigneeAgentId: coderAgentId, + assigneeUserId: null, + executionPolicy: null, + executionState: null, + monitorAttemptCount: 1, + monitorNextCheckAt: null, + monitorLastTriggeredAt: null, + monitorNotes: null, + monitorScheduledBy: "assignee", + }, + policy, + previousPolicy: null, + requestedAssigneePatch: {}, + actor: { agentId: coderAgentId }, + monitorExplicitlyUpdated: true, + }), + ).toThrow("Monitor bounds are already exhausted"); + }); + }); }); diff --git a/server/src/__tests__/issue-identifier-routes.test.ts b/server/src/__tests__/issue-identifier-routes.test.ts new file mode 100644 index 00000000..1a204db5 --- /dev/null +++ b/server/src/__tests__/issue-identifier-routes.test.ts @@ -0,0 +1,105 @@ +import { randomUUID } from "node:crypto"; +import express from "express"; +import request from "supertest"; +import { afterAll, beforeAll, describe, expect, it } from "vitest"; +import { eq } from "drizzle-orm"; +import { companies, createDb, issues } from "@paperclipai/db"; +import { + getEmbeddedPostgresTestSupport, + startEmbeddedPostgresTestDatabase, +} from "./helpers/embedded-postgres.js"; +import { errorHandler } from "../middleware/index.js"; +import { issueRoutes } from "../routes/issues.js"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping embedded Postgres issue identifier route tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`, + ); +} + +describeEmbeddedPostgres("issue identifier routes", () => { + let db!: ReturnType; + let tempDb: Awaited> | null = null; + + beforeAll(async () => { + tempDb = await startEmbeddedPostgresTestDatabase("paperclip-issue-identifier-routes-"); + db = createDb(tempDb.connectionString); + }, 20_000); + + afterAll(async () => { + await tempDb?.cleanup(); + }); + + function createApp(companyId: string) { + const app = express(); + app.use(express.json()); + app.use((req, _res, next) => { + (req as any).actor = { + type: "board", + userId: "cloud-user-1", + companyIds: [companyId], + memberships: [{ companyId, membershipRole: "owner", status: "active" }], + source: "cloud_tenant", + isInstanceAdmin: true, + }; + next(); + }); + app.use("/api", issueRoutes(db, {} as any)); + app.use(errorHandler); + return app; + } + + it("resolves alphanumeric Cloud tenant issue identifiers for detail reads and updates", async () => { + const companyId = randomUUID(); + const issueId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Cloud tenant", + issuePrefix: "PC1A2", + requireBoardApprovalForNewAgents: false, + }); + await db.insert(issues).values({ + id: issueId, + companyId, + issueNumber: 7, + identifier: "PC1A2-7", + title: "Tenant identifier route", + status: "todo", + priority: "medium", + createdByUserId: "cloud-user-1", + }); + + const app = createApp(companyId); + const read = await request(app).get("/api/issues/pc1a2-7"); + + expect(read.status, JSON.stringify(read.body)).toBe(200); + expect(read.body).toMatchObject({ + id: issueId, + companyId, + identifier: "PC1A2-7", + }); + + const updated = await request(app) + .patch("/api/issues/PC1A2-7") + .send({ priority: "high" }); + + expect(updated.status, JSON.stringify(updated.body)).toBe(200); + expect(updated.body).toMatchObject({ + id: issueId, + companyId, + identifier: "PC1A2-7", + priority: "high", + }); + + const stored = await db + .select({ priority: issues.priority }) + .from(issues) + .where(eq(issues.id, issueId)) + .then((rows) => rows[0] ?? null); + expect(stored?.priority).toBe("high"); + }); +}); diff --git a/server/src/__tests__/issue-liveness.test.ts b/server/src/__tests__/issue-liveness.test.ts index b8eb4a23..c55f89e4 100644 --- a/server/src/__tests__/issue-liveness.test.ts +++ b/server/src/__tests__/issue-liveness.test.ts @@ -152,6 +152,73 @@ describe("issue graph liveness classifier", () => { expect(findings).toEqual([]); }); + it("detects an assigned backlog blocker leaf with no action path", () => { + const findings = classifyIssueGraphLiveness({ + issues: [ + issue(), + issue({ + id: blockerId, + identifier: "PAP-1704", + title: "Parked assigned unblock work", + status: "backlog", + assigneeAgentId: "blocker-agent", + }), + ], + relations: blocks, + agents: [ + agent(), + manager, + agent({ id: "blocker-agent", name: "Blocker Agent", reportsTo: managerId }), + ], + }); + + expect(findings).toHaveLength(1); + expect(findings[0]).toMatchObject({ + issueId: blockedId, + identifier: "PAP-1703", + state: "blocked_by_assigned_backlog_issue", + recoveryIssueId: blockerId, + recommendedOwnerAgentId: "blocker-agent", + dependencyPath: [ + expect.objectContaining({ issueId: blockedId }), + expect.objectContaining({ issueId: blockerId, status: "backlog" }), + ], + incidentKey: `harness_liveness:${companyId}:${blockedId}:blocked_by_assigned_backlog_issue:${blockerId}`, + }); + }); + + it("does not flag an assigned backlog blocker that has an explicit waiting path", () => { + const backlogBlocker = issue({ + id: blockerId, + identifier: "PAP-1704", + title: "Explicitly parked unblock work", + status: "backlog", + assigneeAgentId: "blocker-agent", + }); + const baseInput = { + issues: [issue(), backlogBlocker], + relations: blocks, + agents: [ + agent(), + manager, + agent({ id: "blocker-agent", name: "Blocker Agent", reportsTo: managerId }), + ], + }; + + expect(classifyIssueGraphLiveness({ + ...baseInput, + issues: [issue(), { ...backlogBlocker, assigneeAgentId: null, assigneeUserId: "board-user-1" }], + })).toEqual([]); + expect(classifyIssueGraphLiveness({ + ...baseInput, + activeRuns: [{ companyId, issueId: blockerId, agentId: "blocker-agent", status: "running" }], + })).toEqual([]); + expect(classifyIssueGraphLiveness({ + ...baseInput, + openRecoveryIssues: [{ companyId, issueId: blockerId, status: "todo" }], + })).toEqual([]); + }); + it("does not flag an unassigned blocker that already has an active execution path", () => { const findings = classifyIssueGraphLiveness({ issues: [ diff --git a/server/src/__tests__/issue-monitor-scheduler.test.ts b/server/src/__tests__/issue-monitor-scheduler.test.ts new file mode 100644 index 00000000..16fef429 --- /dev/null +++ b/server/src/__tests__/issue-monitor-scheduler.test.ts @@ -0,0 +1,450 @@ +import { randomUUID } from "node:crypto"; +import { eq, sql } from "drizzle-orm"; +import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; +import { + activityLog, + agentRuntimeState, + agentWakeupRequests, + agents, + companies, + companySkills, + createDb, + documentRevisions, + documents, + environmentLeases, + heartbeatRunEvents, + heartbeatRuns, + issueComments, + issueDocuments, + issues, + workspaceRuntimeServices, +} from "@paperclipai/db"; +import { + getEmbeddedPostgresTestSupport, + startEmbeddedPostgresTestDatabase, +} from "./helpers/embedded-postgres.js"; +import { heartbeatService } from "../services/heartbeat.ts"; +import { normalizeIssueExecutionPolicy, parseIssueExecutionState } from "../services/issue-execution-policy.ts"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping embedded Postgres issue monitor scheduler tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`, + ); +} + +describeEmbeddedPostgres("issue monitor scheduler", () => { + let db!: ReturnType; + let tempDb: Awaited> | null = null; + const seededAgentIds = new Set(); + + beforeAll(async () => { + tempDb = await startEmbeddedPostgresTestDatabase("paperclip-issue-monitor-"); + db = createDb(tempDb.connectionString); + }, 20_000); + + async function waitForHeartbeatIdle(timeoutMs = 3_000) { + const deadline = Date.now() + timeoutMs; + while (Date.now() < deadline) { + const active = await db + .select({ id: heartbeatRuns.id }) + .from(heartbeatRuns) + .where(sql`${heartbeatRuns.status} in ('queued', 'running', 'scheduled_retry')`); + if (active.length === 0) return; + await new Promise((resolve) => setTimeout(resolve, 50)); + } + throw new Error("Timed out waiting for issue monitor heartbeat runs to settle"); + } + + async function heartbeatSideEffectFingerprint() { + const [active, events, activity, leases, runtimeServices] = await Promise.all([ + db + .select({ count: sql`count(*)` }) + .from(heartbeatRuns) + .where(sql`${heartbeatRuns.status} in ('queued', 'running', 'scheduled_retry')`), + db.select({ count: sql`count(*)` }).from(heartbeatRunEvents), + db.select({ count: sql`count(*)` }).from(activityLog), + db.select({ count: sql`count(*)` }).from(environmentLeases), + db.select({ count: sql`count(*)` }).from(workspaceRuntimeServices), + ]); + + return [ + active[0]?.count ?? 0, + events[0]?.count ?? 0, + activity[0]?.count ?? 0, + leases[0]?.count ?? 0, + runtimeServices[0]?.count ?? 0, + ].join(":"); + } + + async function waitForHeartbeatSideEffectsSettled(timeoutMs = 5_000, quietMs = 500) { + const deadline = Date.now() + timeoutMs; + let previous = ""; + let stableSince = Date.now(); + while (Date.now() < deadline) { + const current = await heartbeatSideEffectFingerprint(); + const activeCount = Number(current.split(":")[0] ?? 0); + if (current !== previous || activeCount > 0) { + previous = current; + stableSince = Date.now(); + } else if (Date.now() - stableSince >= quietMs) { + return; + } + await new Promise((resolve) => setTimeout(resolve, 50)); + } + throw new Error("Timed out waiting for issue monitor heartbeat side effects to settle"); + } + + async function cleanupRows() { + await waitForHeartbeatSideEffectsSettled(); + await db.delete(heartbeatRunEvents); + await db.delete(issueComments); + await db.delete(documentRevisions); + await db.delete(issueDocuments); + await db.delete(documents); + await db.delete(activityLog); + await db.delete(environmentLeases); + await db.delete(workspaceRuntimeServices); + await db.delete(issues); + await db.delete(heartbeatRuns); + await db.delete(agentWakeupRequests); + await db.delete(agentRuntimeState); + await db.delete(agents); + await db.delete(companySkills); + await db.delete(companies); + } + + afterEach(async () => { + seededAgentIds.clear(); + let lastError: unknown = null; + for (let attempt = 0; attempt < 3; attempt += 1) { + try { + await cleanupRows(); + return; + } catch (error) { + lastError = error; + await new Promise((resolve) => setTimeout(resolve, 100)); + } + } + throw lastError; + }); + + afterAll(async () => { + await tempDb?.cleanup(); + }); + + async function seedFixture(input?: { + agentStatus?: "active" | "paused"; + issueStatus?: "in_progress" | "in_review"; + monitorAttemptCount?: number; + monitor?: Record; + }) { + const companyId = randomUUID(); + const agentId = randomUUID(); + const issueId = randomUUID(); + const nextCheckAt = new Date("2026-04-11T12:30:00.000Z"); + const issuePrefix = `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`; + + const monitorAttemptCount = input?.monitorAttemptCount ?? 0; + const monitor = { + nextCheckAt: nextCheckAt.toISOString(), + notes: "Check deploy", + scheduledBy: "assignee", + ...(input?.monitor ?? {}), + }; + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix, + requireBoardApprovalForNewAgents: false, + }); + + await db.insert(agents).values({ + id: agentId, + companyId, + name: "Monitor Bot", + role: "engineer", + status: input?.agentStatus ?? "active", + adapterType: "process", + adapterConfig: { + command: process.execPath, + args: ["-e", ""], + cwd: process.cwd(), + }, + runtimeConfig: { + heartbeat: { + enabled: false, + wakeOnDemand: true, + }, + }, + permissions: {}, + }); + seededAgentIds.add(agentId); + + await db.insert(issues).values({ + id: issueId, + companyId, + title: "Watch external deploy", + status: input?.issueStatus ?? "in_progress", + priority: "medium", + assigneeAgentId: agentId, + issueNumber: 1, + identifier: `${issuePrefix}-1`, + executionPolicy: { + mode: "normal", + commentRequired: true, + stages: [], + monitor, + }, + executionState: { + status: "idle", + currentStageId: null, + currentStageIndex: null, + currentStageType: null, + currentParticipant: null, + returnAssignee: null, + completedStageIds: [], + lastDecisionId: null, + lastDecisionOutcome: null, + monitor: { + status: "scheduled", + nextCheckAt: nextCheckAt.toISOString(), + lastTriggeredAt: null, + attemptCount: monitorAttemptCount, + notes: "Check deploy", + scheduledBy: "assignee", + serviceName: typeof monitor.serviceName === "string" ? monitor.serviceName : null, + externalRef: typeof monitor.externalRef === "string" ? monitor.externalRef : null, + timeoutAt: typeof monitor.timeoutAt === "string" ? monitor.timeoutAt : null, + maxAttempts: typeof monitor.maxAttempts === "number" ? monitor.maxAttempts : null, + recoveryPolicy: typeof monitor.recoveryPolicy === "string" ? monitor.recoveryPolicy : null, + clearedAt: null, + clearReason: null, + }, + }, + monitorNextCheckAt: nextCheckAt, + monitorAttemptCount, + monitorNotes: "Check deploy", + monitorScheduledBy: "assignee", + }); + + return { companyId, agentId, issueId, nextCheckAt }; + } + + it("triggers due issue monitors once and clears the one-shot schedule", async () => { + const { issueId, agentId } = await seedFixture(); + const heartbeat = heartbeatService(db); + const tickAt = new Date("2026-04-11T12:31:00.000Z"); + + const result = await heartbeat.tickTimers(tickAt); + + expect(result.enqueued).toBe(1); + + const issue = await db.select().from(issues).where(eq(issues.id, issueId)).then((rows) => rows[0]!); + expect(issue.monitorNextCheckAt).toBeNull(); + expect(issue.monitorAttemptCount).toBe(1); + expect(issue.monitorLastTriggeredAt?.toISOString()).toBe(tickAt.toISOString()); + expect(normalizeIssueExecutionPolicy(issue.executionPolicy ?? null)?.monitor ?? null).toBeNull(); + expect(parseIssueExecutionState(issue.executionState)?.monitor).toMatchObject({ + status: "triggered", + lastTriggeredAt: tickAt.toISOString(), + attemptCount: 1, + }); + + const wakeup = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.agentId, agentId)) + .then((rows) => rows[0] ?? null); + expect(wakeup?.reason).toBe("issue_monitor_due"); + + const activity = await db + .select() + .from(activityLog) + .where(eq(activityLog.entityId, issueId)) + .then((rows) => rows.map((row) => row.action)); + expect(activity).toContain("issue.monitor_triggered"); + }); + + it("lets the board trigger a scheduled issue monitor immediately", async () => { + const { issueId, agentId, nextCheckAt } = await seedFixture(); + const heartbeat = heartbeatService(db); + const triggeredAt = new Date("2026-04-11T12:00:00.000Z"); + + const result = await heartbeat.triggerIssueMonitor(issueId, { + now: triggeredAt, + actorType: "user", + actorId: "local-board", + }); + + expect(result.outcome).toBe("triggered"); + + const issue = await db.select().from(issues).where(eq(issues.id, issueId)).then((rows) => rows[0]!); + expect(issue.monitorNextCheckAt).toBeNull(); + expect(issue.monitorLastTriggeredAt?.toISOString()).toBe(triggeredAt.toISOString()); + expect(issue.monitorAttemptCount).toBe(1); + expect(normalizeIssueExecutionPolicy(issue.executionPolicy ?? null)?.monitor ?? null).toBeNull(); + + const wakeup = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.agentId, agentId)) + .then((rows) => rows[0] ?? null); + expect(wakeup?.reason).toBe("issue_monitor_due"); + expect(wakeup?.payload).toMatchObject({ + issueId, + nextCheckAt: nextCheckAt.toISOString(), + source: "manual", + }); + + const activity = await db + .select() + .from(activityLog) + .where(eq(activityLog.entityId, issueId)) + .orderBy(activityLog.createdAt); + expect(activity.map((row) => row.action)).toContain("issue.monitor_triggered"); + const triggerEvent = activity.find((row) => row.action === "issue.monitor_triggered"); + expect(triggerEvent?.actorType).toBe("user"); + expect(triggerEvent?.actorId).toBe("local-board"); + expect(triggerEvent?.details).toMatchObject({ + nextCheckAt: nextCheckAt.toISOString(), + source: "manual", + }); + }); + + it("clears due monitors that cannot be dispatched and records a skip", async () => { + const { issueId } = await seedFixture({ agentStatus: "paused" }); + const heartbeat = heartbeatService(db); + const tickAt = new Date("2026-04-11T12:31:00.000Z"); + + const result = await heartbeat.tickTimers(tickAt); + + expect(result.skipped).toBe(1); + + const issue = await db.select().from(issues).where(eq(issues.id, issueId)).then((rows) => rows[0]!); + expect(issue.monitorNextCheckAt).toBeNull(); + expect(parseIssueExecutionState(issue.executionState)?.monitor).toMatchObject({ + status: "cleared", + clearReason: "dispatch_skipped", + }); + + const activity = await db + .select() + .from(activityLog) + .where(eq(activityLog.entityId, issueId)) + .then((rows) => rows.map((row) => row.action)); + expect(activity).toContain("issue.monitor_skipped"); + }); + + it("clears exhausted monitors and queues bounded owner recovery instead of another due check", async () => { + const { issueId, agentId } = await seedFixture({ + monitorAttemptCount: 1, + monitor: { + maxAttempts: 1, + recoveryPolicy: "wake_owner", + }, + }); + const heartbeat = heartbeatService(db); + const tickAt = new Date("2026-04-11T12:31:00.000Z"); + + const result = await heartbeat.tickTimers(tickAt); + + expect(result.enqueued).toBe(0); + expect(result.skipped).toBe(1); + + const issue = await db.select().from(issues).where(eq(issues.id, issueId)).then((rows) => rows[0]!); + expect(issue.monitorNextCheckAt).toBeNull(); + expect(parseIssueExecutionState(issue.executionState)?.monitor).toMatchObject({ + status: "cleared", + clearReason: "max_attempts_exhausted", + }); + + const wakeup = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.agentId, agentId)) + .then((rows) => rows[0] ?? null); + expect(wakeup?.reason).toBe("issue_monitor_recovery"); + expect(wakeup?.payload).toMatchObject({ + issueId, + clearReason: "max_attempts_exhausted", + maxAttempts: 1, + modelProfile: "cheap", + }); + + const activity = await db + .select() + .from(activityLog) + .where(eq(activityLog.entityId, issueId)) + .then((rows) => rows.map((row) => row.action)); + expect(activity).toContain("issue.monitor_exhausted"); + expect(activity).toContain("issue.monitor_recovery_wake_queued"); + expect(activity).not.toContain("issue.monitor_triggered"); + }); + + it("clears timed-out monitors and creates a visible recovery issue when requested", async () => { + const { issueId, companyId } = await seedFixture({ + monitor: { + timeoutAt: "2026-04-11T12:00:00.000Z", + recoveryPolicy: "create_recovery_issue", + }, + }); + const heartbeat = heartbeatService(db); + const tickAt = new Date("2026-04-11T12:31:00.000Z"); + + const result = await heartbeat.tickTimers(tickAt); + + expect(result.enqueued).toBe(0); + expect(result.skipped).toBe(1); + + const issue = await db.select().from(issues).where(eq(issues.id, issueId)).then((rows) => rows[0]!); + expect(issue.monitorNextCheckAt).toBeNull(); + expect(parseIssueExecutionState(issue.executionState)?.monitor).toMatchObject({ + status: "cleared", + clearReason: "timeout_exceeded", + }); + + const recoveryIssue = await db + .select() + .from(issues) + .where(eq(issues.originId, issueId)) + .then((rows) => rows.find((row) => row.companyId === companyId && row.originKind === "stranded_issue_recovery") ?? null); + expect(recoveryIssue).toMatchObject({ + parentId: issueId, + priority: "high", + assigneeAdapterOverrides: { modelProfile: "cheap" }, + }); + expect(["todo", "in_progress"]).toContain(recoveryIssue?.status); + }); + + it("omits external monitor refs from wake payloads and activity details", async () => { + const { issueId, agentId } = await seedFixture({ + monitor: { + serviceName: "Deploy provider", + externalRef: "https://provider.example/deploy/123?token=secret", + }, + }); + const heartbeat = heartbeatService(db); + const tickAt = new Date("2026-04-11T12:31:00.000Z"); + + await heartbeat.tickTimers(tickAt); + + const wakeup = await db + .select() + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.agentId, agentId)) + .then((rows) => rows[0] ?? null); + expect(JSON.stringify(wakeup?.payload)).not.toContain("provider.example"); + expect(wakeup?.payload).not.toHaveProperty("externalRef"); + + const activity = await db + .select() + .from(activityLog) + .where(eq(activityLog.entityId, issueId)); + expect(JSON.stringify(activity.map((row) => row.details))).not.toContain("provider.example"); + expect(activity.find((row) => row.action === "issue.monitor_triggered")?.details).not.toHaveProperty("externalRef"); + }); +}); diff --git a/server/src/__tests__/issue-scheduled-retry-routes.test.ts b/server/src/__tests__/issue-scheduled-retry-routes.test.ts new file mode 100644 index 00000000..527500af --- /dev/null +++ b/server/src/__tests__/issue-scheduled-retry-routes.test.ts @@ -0,0 +1,518 @@ +import { randomUUID } from "node:crypto"; +import express from "express"; +import request from "supertest"; +import { and, eq } from "drizzle-orm"; +import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; +import { + activityLog, + agents, + agentWakeupRequests, + companies, + createDb, + heartbeatRunEvents, + heartbeatRuns, + issueComments, + issueRelations, + issueTreeHolds, + issues, +} from "@paperclipai/db"; +import { + getEmbeddedPostgresTestSupport, + startEmbeddedPostgresTestDatabase, +} from "./helpers/embedded-postgres.js"; +import { errorHandler } from "../middleware/index.js"; +import { issueRoutes } from "../routes/issues.js"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping embedded Postgres scheduled retry route tests on this host: ${ + embeddedPostgresSupport.reason ?? "unsupported environment" + }`, + ); +} + +describeEmbeddedPostgres("issue scheduled retry routes", () => { + let db!: ReturnType; + let tempDb: Awaited> | null = null; + + beforeAll(async () => { + tempDb = await startEmbeddedPostgresTestDatabase("paperclip-issue-scheduled-retry-routes-"); + db = createDb(tempDb.connectionString); + }, 20_000); + + afterEach(async () => { + await db.delete(issueComments); + await db.delete(issueRelations); + await db.delete(issueTreeHolds); + await db.delete(activityLog); + await db.delete(issues); + await db.delete(heartbeatRunEvents); + await db.delete(heartbeatRuns); + await db.delete(agentWakeupRequests); + await db.delete(agents); + await db.delete(companies); + }); + + afterAll(async () => { + await tempDb?.cleanup(); + }); + + function createApp(actor: Express.Request["actor"]) { + const app = express(); + app.use(express.json()); + app.use((req, _res, next) => { + req.actor = actor; + next(); + }); + app.use("/api", issueRoutes(db, {} as any)); + app.use(errorHandler); + return app; + } + + function boardActor(companyId: string): Express.Request["actor"] { + return { + type: "board", + userId: "board-user", + companyIds: [companyId], + memberships: [{ companyId, membershipRole: "admin", status: "active" }], + isInstanceAdmin: false, + source: "session", + }; + } + + function agentActor(companyId: string, agentId: string): Express.Request["actor"] { + return { + type: "agent", + agentId, + companyId, + runId: randomUUID(), + source: "agent_jwt", + }; + } + + async function seedIssueWithRetry(input: { + agentStatus?: "active" | "paused"; + retryStatus?: "scheduled_retry" | "queued" | "running"; + issueStatus?: "in_progress" | "todo" | "done" | "cancelled"; + } = {}) { + const companyId = randomUUID(); + const agentId = randomUUID(); + const issueId = randomUUID(); + const sourceRunId = randomUUID(); + const retryRunId = randomUUID(); + const wakeupRequestId = randomUUID(); + const issuePrefix = `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`; + const now = new Date("2026-05-06T18:00:00.000Z"); + const scheduledRetryAt = new Date("2026-05-06T19:00:00.000Z"); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix, + requireBoardApprovalForNewAgents: false, + }); + await db.insert(agents).values({ + id: agentId, + companyId, + name: "CodexCoder", + role: "engineer", + status: input.agentStatus ?? "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: { + heartbeat: { + wakeOnDemand: true, + maxConcurrentRuns: 1, + }, + }, + permissions: {}, + }); + await db.insert(heartbeatRuns).values({ + id: sourceRunId, + companyId, + agentId, + invocationSource: "assignment", + triggerDetail: "system", + status: "failed", + error: "transient upstream error", + errorCode: "adapter_failed", + finishedAt: now, + contextSnapshot: { + issueId, + wakeReason: "issue_assigned", + }, + updatedAt: now, + createdAt: now, + }); + await db.insert(agentWakeupRequests).values({ + id: wakeupRequestId, + companyId, + agentId, + source: "automation", + triggerDetail: "system", + reason: "bounded_transient_heartbeat_retry", + payload: { + issueId, + retryOfRunId: sourceRunId, + scheduledRetryAt: scheduledRetryAt.toISOString(), + }, + status: "queued", + }); + await db.insert(heartbeatRuns).values({ + id: retryRunId, + companyId, + agentId, + invocationSource: "automation", + triggerDetail: "system", + status: input.retryStatus ?? "scheduled_retry", + wakeupRequestId, + retryOfRunId: sourceRunId, + scheduledRetryAt, + scheduledRetryAttempt: 2, + scheduledRetryReason: "transient_failure", + contextSnapshot: { + issueId, + wakeReason: "bounded_transient_heartbeat_retry", + retryOfRunId: sourceRunId, + scheduledRetryAt: scheduledRetryAt.toISOString(), + scheduledRetryAttempt: 2, + retryReason: "transient_failure", + }, + updatedAt: now, + createdAt: now, + }); + await db + .update(agentWakeupRequests) + .set({ runId: retryRunId }) + .where(eq(agentWakeupRequests.id, wakeupRequestId)); + await db.insert(issues).values({ + id: issueId, + companyId, + title: "Retryable issue", + status: input.issueStatus ?? "in_progress", + priority: "medium", + assigneeAgentId: agentId, + executionRunId: retryRunId, + executionAgentNameKey: "codexcoder", + executionLockedAt: now, + issueNumber: 1, + identifier: `${issuePrefix}-1`, + }); + + return { companyId, agentId, issueId, sourceRunId, retryRunId, scheduledRetryAt }; + } + + it("surfaces the current scheduled retry in the issue read model", async () => { + const { companyId, issueId, agentId, sourceRunId, retryRunId, scheduledRetryAt } = await seedIssueWithRetry(); + + const res = await request(createApp(boardActor(companyId))).get(`/api/issues/${issueId}`); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body.scheduledRetry).toMatchObject({ + runId: retryRunId, + status: "scheduled_retry", + agentId, + agentName: "CodexCoder", + retryOfRunId: sourceRunId, + scheduledRetryAttempt: 2, + scheduledRetryReason: "transient_failure", + }); + expect(res.body.scheduledRetry.scheduledRetryAt).toBe(scheduledRetryAt.toISOString()); + }); + + it("promotes the existing scheduled retry and treats duplicate clicks as idempotent", async () => { + const { companyId, issueId, retryRunId } = await seedIssueWithRetry(); + const app = createApp(boardActor(companyId)); + + const first = await request(app).post(`/api/issues/${issueId}/scheduled-retry/retry-now`).send({}); + + expect(first.status, JSON.stringify(first.body)).toBe(200); + expect(first.body).toMatchObject({ + outcome: "promoted", + scheduledRetry: { + runId: retryRunId, + status: "queued", + }, + }); + + const second = await request(app).post(`/api/issues/${issueId}/scheduled-retry/retry-now`).send({}); + + expect(second.status, JSON.stringify(second.body)).toBe(200); + expect(second.body).toMatchObject({ + outcome: "already_promoted", + scheduledRetry: { + runId: retryRunId, + status: "queued", + }, + }); + + const retryRuns = await db + .select({ id: heartbeatRuns.id, status: heartbeatRuns.status }) + .from(heartbeatRuns) + .where(and(eq(heartbeatRuns.retryOfRunId, first.body.scheduledRetry.retryOfRunId), eq(heartbeatRuns.companyId, companyId))); + expect(retryRuns).toHaveLength(1); + expect(retryRuns[0]).toMatchObject({ id: retryRunId, status: "queued" }); + }); + + it("returns a clear no-op response when there is no scheduled retry", async () => { + const companyId = randomUUID(); + const issueId = randomUUID(); + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: "NONE", + requireBoardApprovalForNewAgents: false, + }); + await db.insert(issues).values({ + id: issueId, + companyId, + title: "No retry", + status: "todo", + priority: "medium", + issueNumber: 1, + identifier: "NONE-1", + }); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "no_scheduled_retry", + scheduledRetry: null, + }); + }); + + it("reports already-promoted retries without creating another run", async () => { + const { companyId, issueId, retryRunId } = await seedIssueWithRetry({ retryStatus: "queued" }); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "already_promoted", + scheduledRetry: { + runId: retryRunId, + status: "queued", + }, + }); + }); + + it("uses normal promotion gates and records gate-suppressed retries", async () => { + const { companyId, issueId, retryRunId } = await seedIssueWithRetry({ agentStatus: "paused" }); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "gate_suppressed", + scheduledRetry: { + runId: retryRunId, + status: "cancelled", + errorCode: "agent_not_invokable", + }, + }); + + const [run] = await db + .select({ status: heartbeatRuns.status, errorCode: heartbeatRuns.errorCode }) + .from(heartbeatRuns) + .where(eq(heartbeatRuns.id, retryRunId)); + expect(run).toEqual({ status: "cancelled", errorCode: "agent_not_invokable" }); + + const [activity] = await db + .select({ action: activityLog.action, entityId: activityLog.entityId, runId: activityLog.runId }) + .from(activityLog) + .where(eq(activityLog.entityId, issueId)); + expect(activity).toEqual({ + action: "issue.scheduled_retry_retry_now", + entityId: issueId, + runId: retryRunId, + }); + }); + + it("requires board access for retry-now", async () => { + const { companyId, agentId, issueId } = await seedIssueWithRetry(); + + const res = await request(createApp(agentActor(companyId, agentId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status).toBe(403); + }); + + it("enforces company scoping for retry-now", async () => { + const { issueId } = await seedIssueWithRetry(); + + const res = await request(createApp(boardActor(randomUUID()))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status).toBe(403); + }); + + it("suppresses retry-now when the issue is under a budget hard-stop", async () => { + const { companyId, agentId, issueId, retryRunId } = await seedIssueWithRetry(); + await db + .update(agents) + .set({ status: "paused", pauseReason: "budget" }) + .where(eq(agents.id, agentId)); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "gate_suppressed", + scheduledRetry: { + runId: retryRunId, + status: "cancelled", + errorCode: "budget_blocked", + }, + }); + }); + + it("suppresses retry-now when the issue is waiting on another review participant", async () => { + const { companyId, agentId, issueId, retryRunId } = await seedIssueWithRetry({ issueStatus: "in_progress" }); + const reviewerAgentId = randomUUID(); + await db.insert(agents).values({ + id: reviewerAgentId, + companyId, + name: "ReviewerAgent", + role: "qa", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: { + heartbeat: { + wakeOnDemand: true, + maxConcurrentRuns: 1, + }, + }, + permissions: {}, + }); + await db + .update(issues) + .set({ + status: "in_review", + executionState: { + status: "pending", + currentStageId: randomUUID(), + currentStageIndex: 0, + currentStageType: "review", + currentParticipant: { type: "agent", agentId: reviewerAgentId, userId: null }, + returnAssignee: { type: "agent", agentId, userId: null }, + reviewRequest: null, + completedStageIds: [], + lastDecisionId: null, + lastDecisionOutcome: null, + }, + }) + .where(eq(issues.id, issueId)); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "gate_suppressed", + scheduledRetry: { + runId: retryRunId, + status: "cancelled", + errorCode: "issue_review_participant_changed", + }, + }); + }); + + it("suppresses retry-now when the issue is under an active subtree pause hold", async () => { + const { companyId, issueId, retryRunId } = await seedIssueWithRetry(); + await db.insert(issueTreeHolds).values({ + companyId, + rootIssueId: issueId, + mode: "pause", + status: "active", + reason: "manual pause for review", + releasePolicy: { strategy: "manual" }, + }); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "gate_suppressed", + scheduledRetry: { + runId: retryRunId, + status: "cancelled", + errorCode: "issue_paused", + }, + }); + }); + + it("suppresses retry-now when unresolved blockers remain", async () => { + const { companyId, issueId, retryRunId } = await seedIssueWithRetry(); + const blockerId = randomUUID(); + await db.insert(issues).values({ + id: blockerId, + companyId, + title: "Blocking task", + status: "todo", + priority: "medium", + issueNumber: 2, + identifier: "BLOCK-2", + }); + await db.insert(issueRelations).values({ + id: randomUUID(), + companyId, + issueId: blockerId, + relatedIssueId: issueId, + type: "blocks", + }); + await db + .update(issues) + .set({ status: "blocked" }) + .where(eq(issues.id, issueId)); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "gate_suppressed", + scheduledRetry: { + runId: retryRunId, + status: "cancelled", + errorCode: "issue_dependencies_blocked", + }, + }); + }); + + it("suppresses retry-now when the issue already reached a terminal status", async () => { + const { companyId, issueId, retryRunId } = await seedIssueWithRetry({ issueStatus: "done" }); + + const res = await request(createApp(boardActor(companyId))) + .post(`/api/issues/${issueId}/scheduled-retry/retry-now`) + .send({}); + + expect(res.status, JSON.stringify(res.body)).toBe(200); + expect(res.body).toMatchObject({ + outcome: "gate_suppressed", + scheduledRetry: { + runId: retryRunId, + status: "cancelled", + errorCode: "issue_terminal_status", + }, + }); + }); +}); diff --git a/server/src/__tests__/issue-thread-interactions-service.test.ts b/server/src/__tests__/issue-thread-interactions-service.test.ts index 4ee44941..f1f0be38 100644 --- a/server/src/__tests__/issue-thread-interactions-service.test.ts +++ b/server/src/__tests__/issue-thread-interactions-service.test.ts @@ -1,4 +1,5 @@ import { randomUUID } from "node:crypto"; +import { eq } from "drizzle-orm"; import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; import { agents, @@ -110,6 +111,7 @@ describeEmbeddedPostgres("issueThreadInteractionService", () => { { clientKey: "root", title: "Create the root follow-up", + workMode: "planning", assigneeAgentId, }, { @@ -153,6 +155,19 @@ describeEmbeddedPostgres("issueThreadInteractionService", () => { status: "todo", }), ]); + const createdIssueRows = await db + .select({ + title: issues.title, + workMode: issues.workMode, + }) + .from(issues) + .where(eq(issues.companyId, companyId)); + expect(createdIssueRows).toEqual( + expect.arrayContaining([ + expect.objectContaining({ title: "Create the root follow-up", workMode: "planning" }), + expect.objectContaining({ title: "Create the nested follow-up", workMode: "standard" }), + ]), + ); const children = await issuesSvc.list(companyId, { parentId: issueId }); expect(children).toHaveLength(1); diff --git a/server/src/__tests__/issues-goal-context-routes.test.ts b/server/src/__tests__/issues-goal-context-routes.test.ts index 914006e5..504714ab 100644 --- a/server/src/__tests__/issues-goal-context-routes.test.ts +++ b/server/src/__tests__/issues-goal-context-routes.test.ts @@ -13,6 +13,7 @@ const mockIssueService = vi.hoisted(() => ({ getComment: vi.fn(), listBlockerAttention: vi.fn(), listProductivityReviews: vi.fn(), + getCurrentScheduledRetry: vi.fn(), listAttachments: vi.fn(), })); @@ -91,6 +92,11 @@ const mockWorkProductService = vi.hoisted(() => ({ const mockEnvironmentService = vi.hoisted(() => ({})); +const mockDb = vi.hoisted(() => ({ + select: vi.fn(), + execute: vi.fn(), +})); + vi.mock("../services/index.js", () => ({ companyService: () => ({ getById: vi.fn(async () => ({ id: "company-1", attachmentMaxBytes: 10 * 1024 * 1024 })), @@ -130,7 +136,7 @@ function createApp() { }; next(); }); - app.use("/api", issueRoutes({} as any, {} as any)); + app.use("/api", issueRoutes(mockDb as any, {} as any)); app.use(errorHandler); return app; } @@ -142,6 +148,7 @@ const legacyProjectLinkedIssue = { title: "Legacy onboarding task", description: "Seed the first CEO task", status: "todo", + workMode: "planning", priority: "medium", projectId: "22222222-2222-4222-8222-222222222222", goalId: null, @@ -182,10 +189,19 @@ describe.sequential("issue goal context routes", () => { mockIssueService.getComment.mockResolvedValue(null); mockIssueService.listBlockerAttention.mockResolvedValue(new Map()); mockIssueService.listProductivityReviews.mockResolvedValue(new Map()); + mockIssueService.getCurrentScheduledRetry.mockResolvedValue(null); mockIssueService.listAttachments.mockResolvedValue([]); mockDocumentsService.getIssueDocumentPayload.mockResolvedValue({}); mockDocumentsService.getIssueDocumentByKey.mockResolvedValue(null); mockExecutionWorkspaceService.getById.mockResolvedValue(null); + mockDb.select.mockReturnValue({ + from: vi.fn(() => ({ + where: vi.fn(() => ({ + orderBy: vi.fn(async () => []), + })), + })), + }); + mockDb.execute.mockResolvedValue([]); mockProjectService.getById.mockResolvedValue({ id: legacyProjectLinkedIssue.projectId, companyId: "company-1", @@ -251,6 +267,7 @@ describe.sequential("issue goal context routes", () => { expect(res.status).toBe(200); expect(res.body.issue.goalId).toBe(projectGoal.id); + expect(res.body.issue.workMode).toBe("planning"); expect(res.body.goal).toEqual( expect.objectContaining({ id: projectGoal.id, diff --git a/server/src/__tests__/issues-service.test.ts b/server/src/__tests__/issues-service.test.ts index ad11eecd..2c705495 100644 --- a/server/src/__tests__/issues-service.test.ts +++ b/server/src/__tests__/issues-service.test.ts @@ -7,6 +7,7 @@ import { agents, companies, createDb, + environments, executionWorkspaces, goals, heartbeatRuns, @@ -459,14 +460,14 @@ describeEmbeddedPostgres("issueService.list participantAgentId", () => { expect(result.map((issue) => issue.id)).toEqual([grandchildId]); }); - it("accepts issue identifiers through getById", async () => { + it("accepts issue identifiers with alphanumeric prefixes through getById", async () => { const companyId = randomUUID(); const issueId = randomUUID(); await db.insert(companies).values({ id: companyId, name: "Paperclip", - issuePrefix: "PAP", + issuePrefix: "PC1A2", requireBoardApprovalForNewAgents: false, }); @@ -474,19 +475,19 @@ describeEmbeddedPostgres("issueService.list participantAgentId", () => { id: issueId, companyId, issueNumber: 1064, - identifier: "PAP-1064", + identifier: "PC1A2-1064", title: "Feedback votes error", status: "todo", priority: "medium", createdByUserId: "user-1", }); - const issue = await svc.getById("PAP-1064"); + const issue = await svc.getById("pc1a2-1064"); expect(issue).toEqual( expect.objectContaining({ id: issueId, - identifier: "PAP-1064", + identifier: "PC1A2-1064", }), ); }); @@ -656,6 +657,143 @@ describeEmbeddedPostgres("issueService.list participantAgentId", () => { expect(projectResult.map((issue) => issue.id).sort()).toEqual([executionLinkedIssueId, projectLinkedIssueId].sort()); }); + it("hides plugin operation issues from default lists and inbox-style filters while preserving explicit retrieval", async () => { + const companyId = randomUUID(); + const agentId = randomUUID(); + const projectId = randomUUID(); + const normalIssueId = randomUUID(); + const pluginVisibleIssueId = randomUUID(); + const operationIssueId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await db.insert(agents).values({ + id: agentId, + companyId, + name: "Plugin Runner", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }); + await db.insert(projects).values({ + id: projectId, + companyId, + name: "Plugin operations", + status: "in_progress", + }); + await db.insert(issues).values([ + { + id: normalIssueId, + companyId, + title: "Normal issue", + status: "todo", + priority: "medium", + assigneeAgentId: agentId, + }, + { + id: pluginVisibleIssueId, + companyId, + title: "Plugin-visible issue", + status: "todo", + priority: "medium", + assigneeAgentId: agentId, + originKind: "plugin:paperclip.missions:feature", + }, + { + id: operationIssueId, + companyId, + projectId, + title: "Plugin operation issue", + status: "todo", + priority: "medium", + assigneeAgentId: agentId, + originKind: "plugin:paperclip.missions:operation", + originId: "mission-alpha:operation-1", + }, + ]); + + const defaultIssueIds = (await svc.list(companyId)).map((issue) => issue.id); + expect(defaultIssueIds).toContain(normalIssueId); + expect(defaultIssueIds).toContain(pluginVisibleIssueId); + expect(defaultIssueIds).not.toContain(operationIssueId); + + const inboxIssueIds = (await svc.list(companyId, { + assigneeAgentId: agentId, + status: "todo,in_progress,blocked", + includeRoutineExecutions: true, + })).map((issue) => issue.id); + expect(inboxIssueIds).toContain(normalIssueId); + expect(inboxIssueIds).not.toContain(operationIssueId); + + await expect(svc.list(companyId, { originKind: "plugin:paperclip.missions:operation" })) + .resolves.toEqual([expect.objectContaining({ id: operationIssueId })]); + await expect(svc.list(companyId, { originId: "mission-alpha:operation-1" })) + .resolves.toEqual([expect.objectContaining({ id: operationIssueId })]); + + const projectIssueIds = (await svc.list(companyId, { projectId })).map((issue) => issue.id); + expect(projectIssueIds).toContain(operationIssueId); + + const advancedIssueIds = (await svc.list(companyId, { includePluginOperations: true })).map((issue) => issue.id); + expect(advancedIssueIds).toContain(operationIssueId); + }); + + it("excludes plugin operation issues from unread inbox counts", async () => { + const companyId = randomUUID(); + const userId = "board-user"; + const otherUserId = "other-user"; + const normalIssueId = randomUUID(); + const operationIssueId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await db.insert(issues).values([ + { + id: normalIssueId, + companyId, + title: "Normal touched issue", + status: "todo", + priority: "medium", + createdByUserId: userId, + }, + { + id: operationIssueId, + companyId, + title: "Plugin operation touched issue", + status: "todo", + priority: "medium", + createdByUserId: userId, + originKind: "plugin:paperclip.missions:operation", + }, + ]); + await db.insert(issueComments).values([ + { + companyId, + issueId: normalIssueId, + authorUserId: otherUserId, + body: "Unread normal update.", + }, + { + companyId, + issueId: operationIssueId, + authorUserId: otherUserId, + body: "Unread operation update.", + }, + ]); + + await expect(svc.countUnreadTouchedByUser(companyId, userId, "todo")).resolves.toBe(1); + }); + it("hides archived inbox issues until new external activity arrives", async () => { const companyId = randomUUID(); const userId = "user-1"; @@ -1184,6 +1322,351 @@ describeEmbeddedPostgres("issueService.create workspace inheritance", () => { }); }); + it("captures the assignee default environment when neither issue nor project specifies one", async () => { + const companyId = randomUUID(); + const projectId = randomUUID(); + const projectWorkspaceId = randomUUID(); + const assigneeEnvironmentId = randomUUID(); + const assigneeAgentId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await instanceSettingsService(db).updateExperimental({ enableIsolatedWorkspaces: true }); + + await db.insert(environments).values([ + { + id: assigneeEnvironmentId, + companyId, + name: "QA E2B", + driver: "sandbox", + status: "active", + config: { provider: "e2b" }, + }, + ]); + + await db.insert(agents).values({ + id: assigneeAgentId, + companyId, + name: "QA E2B Codex", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + defaultEnvironmentId: assigneeEnvironmentId, + permissions: {}, + }); + + await db.insert(projects).values({ + id: projectId, + companyId, + name: "Workspace project", + status: "in_progress", + executionWorkspacePolicy: { + enabled: true, + defaultMode: "shared_workspace", + allowIssueOverride: true, + defaultProjectWorkspaceId: projectWorkspaceId, + }, + }); + + await db.insert(projectWorkspaces).values({ + id: projectWorkspaceId, + companyId, + projectId, + name: "Primary workspace", + isPrimary: true, + }); + + const issue = await svc.create(companyId, { + projectId, + assigneeAgentId, + title: "Environment matrix: e2b / codex_local", + status: "todo", + priority: "medium", + }); + + expect(issue.executionWorkspaceSettings).toEqual({ + mode: "shared_workspace", + environmentId: assigneeEnvironmentId, + }); + }); + + it("does not promote the assignee default environment when the project policy already specifies one", async () => { + const companyId = randomUUID(); + const projectId = randomUUID(); + const projectWorkspaceId = randomUUID(); + const projectEnvironmentId = randomUUID(); + const assigneeEnvironmentId = randomUUID(); + const assigneeAgentId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await instanceSettingsService(db).updateExperimental({ enableIsolatedWorkspaces: true }); + + await db.insert(environments).values([ + { + id: projectEnvironmentId, + companyId, + name: "QA SSH", + driver: "ssh", + status: "active", + config: {}, + }, + { + id: assigneeEnvironmentId, + companyId, + name: "QA E2B", + driver: "sandbox", + status: "active", + config: { provider: "e2b" }, + }, + ]); + + await db.insert(agents).values({ + id: assigneeAgentId, + companyId, + name: "QA E2B Codex", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + defaultEnvironmentId: assigneeEnvironmentId, + permissions: {}, + }); + + await db.insert(projects).values({ + id: projectId, + companyId, + name: "Workspace project", + status: "in_progress", + executionWorkspacePolicy: { + enabled: true, + defaultMode: "shared_workspace", + allowIssueOverride: true, + defaultProjectWorkspaceId: projectWorkspaceId, + environmentId: projectEnvironmentId, + }, + }); + + await db.insert(projectWorkspaces).values({ + id: projectWorkspaceId, + companyId, + projectId, + name: "Primary workspace", + isPrimary: true, + }); + + const issue = await svc.create(companyId, { + projectId, + assigneeAgentId, + title: "Environment matrix: e2b / codex_local", + status: "todo", + priority: "medium", + }); + + // Project policy's environmentId must win over the assignee's default; + // executionWorkspaceSettings should not bake in an environmentId in this case + // so resolveExecutionWorkspaceEnvironmentId can fall through to the project + // policy's value at run time. + expect(issue.executionWorkspaceSettings).toEqual({ mode: "shared_workspace" }); + }); + + it("captures the new assignee's default environment on reassignment", async () => { + const companyId = randomUUID(); + const projectId = randomUUID(); + const projectWorkspaceId = randomUUID(); + const firstEnvironmentId = randomUUID(); + const secondEnvironmentId = randomUUID(); + const firstAgentId = randomUUID(); + const secondAgentId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await instanceSettingsService(db).updateExperimental({ enableIsolatedWorkspaces: true }); + + await db.insert(environments).values([ + { + id: firstEnvironmentId, + companyId, + name: "QA SSH", + driver: "ssh", + status: "active", + config: {}, + }, + { + id: secondEnvironmentId, + companyId, + name: "QA E2B", + driver: "sandbox", + status: "active", + config: { provider: "e2b" }, + }, + ]); + + await db.insert(agents).values([ + { + id: firstAgentId, + companyId, + name: "QA SSH Codex", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + defaultEnvironmentId: firstEnvironmentId, + permissions: {}, + }, + { + id: secondAgentId, + companyId, + name: "QA E2B Codex", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + defaultEnvironmentId: secondEnvironmentId, + permissions: {}, + }, + ]); + + await db.insert(projects).values({ + id: projectId, + companyId, + name: "Workspace project", + status: "in_progress", + executionWorkspacePolicy: { + enabled: true, + defaultMode: "shared_workspace", + allowIssueOverride: true, + defaultProjectWorkspaceId: projectWorkspaceId, + }, + }); + + await db.insert(projectWorkspaces).values({ + id: projectWorkspaceId, + companyId, + projectId, + name: "Primary workspace", + isPrimary: true, + }); + + const created = await svc.create(companyId, { + projectId, + assigneeAgentId: firstAgentId, + title: "Environment matrix: ssh / codex_local", + status: "todo", + priority: "medium", + }); + + expect(created.executionWorkspaceSettings).toMatchObject({ + environmentId: firstEnvironmentId, + }); + + const reassigned = await svc.update(created.id, { + assigneeAgentId: secondAgentId, + }); + + expect(reassigned).not.toBeNull(); + expect(reassigned!.executionWorkspaceSettings).toMatchObject({ + environmentId: secondEnvironmentId, + }); + }); + + it("preserves an operator-set environmentId across reassignment", async () => { + const companyId = randomUUID(); + const projectId = randomUUID(); + const projectWorkspaceId = randomUUID(); + const firstEnvironmentId = randomUUID(); + const secondEnvironmentId = randomUUID(); + const operatorEnvironmentId = randomUUID(); + const firstAgentId = randomUUID(); + const secondAgentId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await instanceSettingsService(db).updateExperimental({ enableIsolatedWorkspaces: true }); + + await db.insert(environments).values([ + { id: firstEnvironmentId, companyId, name: "Env 1", driver: "ssh", status: "active", config: {} }, + { id: secondEnvironmentId, companyId, name: "Env 2", driver: "sandbox", status: "active", config: { provider: "e2b" } }, + { id: operatorEnvironmentId, companyId, name: "Operator pick", driver: "ssh", status: "active", config: {} }, + ]); + + await db.insert(agents).values([ + { + id: firstAgentId, companyId, name: "First agent", role: "engineer", status: "active", + adapterType: "codex_local", adapterConfig: {}, runtimeConfig: {}, + defaultEnvironmentId: firstEnvironmentId, permissions: {}, + }, + { + id: secondAgentId, companyId, name: "Second agent", role: "engineer", status: "active", + adapterType: "codex_local", adapterConfig: {}, runtimeConfig: {}, + defaultEnvironmentId: secondEnvironmentId, permissions: {}, + }, + ]); + + await db.insert(projects).values({ + id: projectId, companyId, name: "Workspace project", status: "in_progress", + executionWorkspacePolicy: { + enabled: true, + defaultMode: "shared_workspace", + allowIssueOverride: true, + defaultProjectWorkspaceId: projectWorkspaceId, + }, + }); + + await db.insert(projectWorkspaces).values({ + id: projectWorkspaceId, companyId, projectId, name: "Primary workspace", isPrimary: true, + }); + + const created = await svc.create(companyId, { + projectId, + assigneeAgentId: firstAgentId, + title: "Operator overrides env then reassigns", + status: "todo", + priority: "medium", + }); + + // Operator explicitly overrides the environmentId in a separate update. + const overridden = await svc.update(created.id, { + executionWorkspaceSettings: { + mode: "shared_workspace", + environmentId: operatorEnvironmentId, + }, + }); + expect(overridden!.executionWorkspaceSettings).toMatchObject({ + environmentId: operatorEnvironmentId, + }); + + // A subsequent reassignment-only update must NOT overwrite the operator's + // explicit choice with the new assignee's default. + const reassigned = await svc.update(created.id, { + assigneeAgentId: secondAgentId, + }); + expect(reassigned!.executionWorkspaceSettings).toMatchObject({ + environmentId: operatorEnvironmentId, + }); + }); + it("keeps explicit workspace fields instead of inheriting the parent linkage", async () => { const companyId = randomUUID(); const projectId = randomUUID(); diff --git a/server/src/__tests__/plugin-database.test.ts b/server/src/__tests__/plugin-database.test.ts index 9aaca2f1..6392b78e 100644 --- a/server/src/__tests__/plugin-database.test.ts +++ b/server/src/__tests__/plugin-database.test.ts @@ -3,7 +3,7 @@ import { mkdtemp, rm, mkdir, writeFile } from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { and, eq, sql } from "drizzle-orm"; -import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; +import { afterAll, afterEach, beforeAll, describe, expect, it, vi } from "vitest"; import { companies, createDb, @@ -25,9 +25,11 @@ import { validatePluginRuntimeExecute, validatePluginRuntimeQuery, } from "../services/plugin-database.js"; +import { pluginLoader } from "../services/plugin-loader.js"; const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; +const multiMigrationPluginKey = "paperclip.dbfixture"; if (!embeddedPostgresSupport.supported) { console.warn( @@ -93,7 +95,7 @@ describeEmbeddedPostgres("plugin database namespaces", () => { }, 20_000); afterEach(async () => { - for (const pluginKey of ["paperclip.dbtest", "paperclip.escape"]) { + for (const pluginKey of ["paperclip.dbtest", "paperclip.escape", "paperclip.refresh", multiMigrationPluginKey]) { const namespace = derivePluginDatabaseNamespace(pluginKey); await db.execute(sql.raw(`DROP SCHEMA IF EXISTS "${namespace}" CASCADE`)); } @@ -120,6 +122,31 @@ describeEmbeddedPostgres("plugin database namespaces", () => { return packageRoot; } + async function createInstallablePluginPackage( + pluginManifest: PaperclipPluginManifestV1, + migrationSql: string, + ) { + const packageRoot = await createPluginPackage(pluginManifest, migrationSql); + await writeFile( + path.join(packageRoot, "package.json"), + JSON.stringify({ + name: pluginManifest.id, + version: pluginManifest.version, + type: "module", + paperclipPlugin: { manifest: "./manifest.js" }, + }), + "utf8", + ); + await writeFile( + path.join(packageRoot, "manifest.js"), + `export default ${JSON.stringify(pluginManifest, null, 2)};\n`, + "utf8", + ); + await mkdir(path.join(packageRoot, "dist"), { recursive: true }); + await writeFile(path.join(packageRoot, "dist", "worker.js"), "export {};\n", "utf8"); + return packageRoot; + } + async function installPluginRecord(manifest: PaperclipPluginManifestV1) { const pluginId = randomUUID(); await db.insert(plugins).values({ @@ -158,6 +185,31 @@ describeEmbeddedPostgres("plugin database namespaces", () => { }; } + it("applies multi-file plugin migrations through the production validator", async () => { + const pluginManifest = manifest(multiMigrationPluginKey); + const namespace = derivePluginDatabaseNamespace(pluginManifest.id); + const packageRoot = await createPluginPackage( + pluginManifest, + `CREATE TABLE ${namespace}.source_rows (id uuid PRIMARY KEY, label text NOT NULL);`, + ); + await writeFile( + path.join(packageRoot, pluginManifest.database!.migrationsDir, "002_derived.sql"), + `CREATE TABLE ${namespace}.derived_rows ( + id uuid PRIMARY KEY, + source_id uuid NOT NULL REFERENCES ${namespace}.source_rows(id) + );`, + "utf8", + ); + const pluginId = await installPluginRecord(pluginManifest); + await pluginDatabaseService(db).applyMigrations(pluginId, pluginManifest, packageRoot); + + const migrations = await db + .select() + .from(pluginMigrations) + .where(and(eq(pluginMigrations.pluginId, pluginId), eq(pluginMigrations.status, "applied"))); + expect(migrations).toHaveLength(2); + }); + it("applies migrations once and allows whitelisted core joins at runtime", async () => { const pluginManifest = manifest(); const namespace = derivePluginDatabaseNamespace(pluginManifest.id); @@ -246,6 +298,131 @@ describeEmbeddedPostgres("plugin database namespaces", () => { expect(migration?.status).toBe("failed"); }); + it("rolls back plugin install when migration validation fails", async () => { + const pluginManifest = manifest("paperclip.escape"); + const namespace = derivePluginDatabaseNamespace(pluginManifest.id); + const packageRoot = await createInstallablePluginPackage( + pluginManifest, + "CREATE TABLE public.plugin_escape (id uuid PRIMARY KEY);", + ); + const loader = pluginLoader(db, { + enableLocalFilesystem: false, + enableNpmDiscovery: false, + }); + + await expect(loader.installPlugin({ localPath: packageRoot })) + .rejects.toThrow(/public\.plugin_escape|public/i); + + const installedPlugins = await db + .select() + .from(plugins) + .where(eq(plugins.pluginKey, pluginManifest.id)); + const namespaces = await db + .select() + .from(pluginDatabaseNamespaces) + .where(eq(pluginDatabaseNamespaces.pluginKey, pluginManifest.id)); + const migrations = await db + .select() + .from(pluginMigrations) + .where(eq(pluginMigrations.pluginKey, pluginManifest.id)); + const schemaRows = Array.from( + await db.execute( + sql<{ schema_name: string }>`SELECT schema_name FROM information_schema.schemata WHERE schema_name = ${namespace}`, + ) as Iterable<{ schema_name: string }>, + ); + + expect(installedPlugins).toHaveLength(0); + expect(namespaces).toHaveLength(0); + expect(migrations).toHaveLength(0); + expect(schemaRows).toHaveLength(0); + }); + + it("refreshes persisted manifests from disk before activation", async () => { + const staleManifest = manifest("paperclip.refresh"); + const refreshedManifest: PaperclipPluginManifestV1 = { + ...staleManifest, + database: { + ...staleManifest.database!, + coreReadTables: ["companies"], + }, + }; + const namespace = derivePluginDatabaseNamespace(refreshedManifest.id); + const packageRoot = await createInstallablePluginPackage( + refreshedManifest, + ` + CREATE TABLE ${namespace}.company_refs ( + id uuid PRIMARY KEY, + company_id uuid NOT NULL REFERENCES public.companies(id) + ); + `, + ); + const pluginId = await installPluginRecord(staleManifest); + await db + .update(plugins) + .set({ + packagePath: packageRoot, + status: "ready", + }) + .where(eq(plugins.id, pluginId)); + + const workerManager = { + startWorker: vi.fn().mockResolvedValue(undefined), + stopAll: vi.fn().mockResolvedValue(undefined), + }; + const loader = pluginLoader(db, { + enableLocalFilesystem: false, + enableNpmDiscovery: false, + }, { + workerManager, + eventBus: { + forPlugin: vi.fn(() => ({})), + subscriptionCount: vi.fn(() => 0), + }, + jobScheduler: { + registerPlugin: vi.fn().mockResolvedValue(undefined), + stop: vi.fn(), + }, + jobStore: { + syncJobDeclarations: vi.fn().mockResolvedValue(undefined), + }, + toolDispatcher: { + registerPluginTools: vi.fn(), + }, + lifecycleManager: { + markError: vi.fn().mockResolvedValue(undefined), + }, + buildHostHandlers: vi.fn(() => ({})), + instanceInfo: { + instanceId: "test-instance", + hostVersion: "1.0.0", + deploymentMode: "authenticated", + deploymentExposure: "public", + }, + } as never); + + const result = await loader.loadSingle(pluginId); + + expect(result.success).toBe(true); + expect(workerManager.startWorker).toHaveBeenCalledWith( + pluginId, + expect.objectContaining({ + databaseNamespace: namespace, + env: { + PAPERCLIP_DEPLOYMENT_MODE: "authenticated", + PAPERCLIP_DEPLOYMENT_EXPOSURE: "public", + }, + manifest: expect.objectContaining({ + database: expect.objectContaining({ coreReadTables: ["companies"] }), + }), + }), + ); + const [plugin] = await db + .select() + .from(plugins) + .where(eq(plugins.id, pluginId)); + expect(plugin?.manifestJson.database?.coreReadTables).toEqual(["companies"]); + }); + it("rejects checksum changes for already applied migrations", async () => { const pluginManifest = manifest(); const namespace = derivePluginDatabaseNamespace(pluginManifest.id); diff --git a/server/src/__tests__/plugin-local-folders.test.ts b/server/src/__tests__/plugin-local-folders.test.ts new file mode 100644 index 00000000..073220c4 --- /dev/null +++ b/server/src/__tests__/plugin-local-folders.test.ts @@ -0,0 +1,274 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import os from "node:os"; +import path from "node:path"; +import { promises as fs } from "node:fs"; +import { + assertConfiguredLocalFolder, + assertWritableConfiguredLocalFolder, + inspectPluginLocalFolder, + listPluginLocalFolderEntries, + preparePluginLocalFolder, + readPluginLocalFolderText, + resolvePluginLocalFolderPath, + deletePluginLocalFolderFile, + writePluginLocalFolderTextAtomic, +} from "../services/plugin-local-folders.js"; + +describe("plugin local folders", () => { + const tempRoots: string[] = []; + + afterEach(async () => { + await Promise.all(tempRoots.map((root) => fs.rm(root, { recursive: true, force: true }))); + tempRoots.length = 0; + }); + + async function makeRoot() { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-plugin-folder-")); + tempRoots.push(root); + return root; + } + + it("reports a healthy generic folder when required paths exist", async () => { + const root = await makeRoot(); + await fs.mkdir(path.join(root, "sources")); + await fs.writeFile(path.join(root, "schema.md"), "schema", "utf8"); + + const status = await inspectPluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: root, + access: "readWrite", + requiredDirectories: ["sources"], + requiredFiles: ["schema.md"], + }, + }); + + expect(status.healthy).toBe(true); + expect(status.problems).toEqual([]); + expect(status.requiredDirectories).toEqual(["sources"]); + expect(status.requiredFiles).toEqual(["schema.md"]); + }); + + it("reports missing required folders and files without using product-specific branches", async () => { + const root = await makeRoot(); + + const status = await inspectPluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: root, + requiredDirectories: ["sources"], + requiredFiles: ["schema.md"], + }, + }); + + expect(status.healthy).toBe(false); + expect(status.missingDirectories).toEqual(["sources"]); + expect(status.missingFiles).toEqual(["schema.md"]); + expect(status.problems.map((item) => item.code)).toEqual( + expect.arrayContaining(["missing_directory", "missing_file"]), + ); + }); + + it("reports all required paths as missing when the configured root does not exist", async () => { + const root = await makeRoot(); + const missingRoot = path.join(root, "missing-root"); + + const status = await inspectPluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: missingRoot, + requiredDirectories: ["sources"], + requiredFiles: ["schema.md"], + }, + }); + + expect(status.healthy).toBe(false); + expect(status.configured).toBe(true); + expect(status.readable).toBe(false); + expect(status.missingDirectories).toEqual(["sources"]); + expect(status.missingFiles).toEqual(["schema.md"]); + expect(status.problems.map((item) => item.code)).toContain("missing"); + }); + + it("uses manifest declaration access and required paths over stored or caller overrides", async () => { + const root = await makeRoot(); + await fs.mkdir(path.join(root, "manifest-dir")); + await fs.writeFile(path.join(root, "manifest.md"), "schema", "utf8"); + + const status = await inspectPluginLocalFolder({ + folderKey: "content-root", + declaration: { + folderKey: "content-root", + displayName: "Content root", + access: "read", + requiredDirectories: ["manifest-dir"], + requiredFiles: ["manifest.md"], + }, + storedConfig: { + path: root, + access: "readWrite", + requiredDirectories: ["stored-dir"], + requiredFiles: ["stored.md"], + }, + overrideConfig: { + access: "readWrite", + requiredDirectories: ["override-dir"], + requiredFiles: ["override.md"], + }, + }); + + expect(status.access).toBe("read"); + expect(status.writable).toBe(false); + expect(status.requiredDirectories).toEqual(["manifest-dir"]); + expect(status.requiredFiles).toEqual(["manifest.md"]); + expect(status.healthy).toBe(true); + }); + + it("prepares required directories for a read-write folder without creating required files", async () => { + const root = await makeRoot(); + + await preparePluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: root, + access: "readWrite", + requiredDirectories: ["sources", "wiki/concepts"], + requiredFiles: ["schema.md"], + }, + }); + + await expect(fs.stat(path.join(root, "sources"))).resolves.toMatchObject({}); + await expect(fs.stat(path.join(root, "wiki/concepts"))).resolves.toMatchObject({}); + await expect(fs.stat(path.join(root, "schema.md"))).rejects.toMatchObject({ code: "ENOENT" }); + + const status = await inspectPluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: root, + access: "readWrite", + requiredDirectories: ["sources", "wiki/concepts"], + requiredFiles: ["schema.md"], + }, + }); + expect(status.missingDirectories).toEqual([]); + expect(status.missingFiles).toEqual(["schema.md"]); + }); + + it("allows write access to repair folders that are only missing required paths", async () => { + const root = await makeRoot(); + const status = await inspectPluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: root, + access: "readWrite", + requiredFiles: ["schema.md"], + }, + }); + + expect(status.healthy).toBe(false); + expect(() => assertConfiguredLocalFolder(status)).toThrow("Local folder is not healthy"); + expect(() => assertWritableConfiguredLocalFolder(status)).not.toThrow(); + + await writePluginLocalFolderTextAtomic(root, "schema.md", "schema"); + const repaired = await inspectPluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: root, + access: "readWrite", + requiredFiles: ["schema.md"], + }, + }); + expect(repaired.healthy).toBe(true); + }); + + it("rejects traversal outside the configured folder", async () => { + const root = await makeRoot(); + + await expect(resolvePluginLocalFolderPath(root, "../outside.txt")).rejects.toMatchObject({ + status: 403, + }); + }); + + it("detects required symlinks that escape the configured folder", async () => { + const root = await makeRoot(); + const outside = await makeRoot(); + await fs.writeFile(path.join(outside, "secret.txt"), "nope", "utf8"); + await fs.symlink(path.join(outside, "secret.txt"), path.join(root, "linked.txt")); + + const status = await inspectPluginLocalFolder({ + folderKey: "content-root", + storedConfig: { + path: root, + requiredFiles: ["linked.txt"], + }, + }); + + expect(status.healthy).toBe(false); + expect(status.problems.some((item) => item.code === "symlink_escape")).toBe(true); + }); + + it("writes files atomically under the root and can read them back", async () => { + const root = await makeRoot(); + await fs.mkdir(path.join(root, "nested")); + + await writePluginLocalFolderTextAtomic(root, "nested/page.md", "hello"); + await writePluginLocalFolderTextAtomic(root, "nested/page.md", "updated"); + + await expect(readPluginLocalFolderText(root, "nested/page.md")).resolves.toBe("updated"); + const leftovers = await fs.readdir(path.join(root, "nested")); + expect(leftovers.filter((name) => name.includes(".paperclip-"))).toEqual([]); + }); + + it("returns the real folder key after deleting a file", async () => { + const root = await makeRoot(); + await fs.writeFile(path.join(root, "stale.md"), "delete me", "utf8"); + + const status = await deletePluginLocalFolderFile(root, "stale.md", "content-root"); + + expect(status.folderKey).toBe("content-root"); + await expect(fs.stat(path.join(root, "stale.md"))).rejects.toMatchObject({ code: "ENOENT" }); + }); + + it("lists nested local folder entries without following symlink escapes", async () => { + const root = await makeRoot(); + const outside = await makeRoot(); + await fs.mkdir(path.join(root, "wiki/concepts"), { recursive: true }); + await fs.writeFile(path.join(root, "wiki/concepts/live.md"), "# Live\n", "utf8"); + await fs.writeFile(path.join(outside, "secret.md"), "# Secret\n", "utf8"); + await fs.symlink(outside, path.join(root, "wiki/outside")); + + const listing = await listPluginLocalFolderEntries(root, { + relativePath: "wiki", + recursive: true, + maxEntries: 20, + }); + + expect(listing.entries.map((entry) => entry.path)).toContain("wiki/concepts/live.md"); + expect(listing.entries.map((entry) => entry.path)).not.toContain("wiki/outside/secret.md"); + expect(listing.truncated).toBe(false); + }); + + it("revalidates temp-file containment before writing atomic contents", async () => { + const root = await makeRoot(); + const outside = await makeRoot(); + const nested = path.join(root, "nested"); + await fs.mkdir(nested); + const originalOpen = fs.open.bind(fs); + const openSpy = vi.spyOn(fs, "open"); + openSpy.mockImplementationOnce(async (file, flags, mode) => { + await fs.rm(nested, { recursive: true, force: true }); + await fs.symlink(outside, nested); + return originalOpen(file, flags, mode); + }); + + try { + await expect(writePluginLocalFolderTextAtomic(root, "nested/page.md", "secret")).rejects.toMatchObject({ + status: 403, + }); + await expect(fs.readFile(path.join(outside, "page.md"), "utf8")).rejects.toMatchObject({ code: "ENOENT" }); + expect(await fs.readdir(outside)).toEqual([]); + } finally { + openSpy.mockRestore(); + } + }); +}); diff --git a/server/src/__tests__/plugin-managed-agents.test.ts b/server/src/__tests__/plugin-managed-agents.test.ts new file mode 100644 index 00000000..ed512a8d --- /dev/null +++ b/server/src/__tests__/plugin-managed-agents.test.ts @@ -0,0 +1,365 @@ +import { randomUUID } from "node:crypto"; +import { promises as fs } from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import { eq } from "drizzle-orm"; +import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; +import { + activityLog, + agentConfigRevisions, + agents, + approvals, + companies, + createDb, + pluginEntities, + pluginCompanySettings, + pluginManagedResources, + plugins, +} from "@paperclipai/db"; +import type { PaperclipPluginManifestV1 } from "@paperclipai/shared"; +import { + getEmbeddedPostgresTestSupport, + startEmbeddedPostgresTestDatabase, +} from "./helpers/embedded-postgres.js"; +import { buildHostServices } from "../services/plugin-host-services.js"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +function createEventBusStub() { + return { + forPlugin() { + return { + emit: async () => {}, + subscribe: () => {}, + }; + }, + } as any; +} + +function issuePrefix(id: string) { + return `T${id.replace(/-/g, "").slice(0, 6).toUpperCase()}`; +} + +function manifest(): PaperclipPluginManifestV1 { + return { + id: "paperclip.managed-agents-test", + apiVersion: 1, + version: "0.1.0", + displayName: "Managed Agents Test", + description: "Test plugin", + author: "Paperclip", + categories: ["automation"], + capabilities: ["agents.managed"], + entrypoints: { worker: "./dist/worker.js" }, + agents: [ + { + agentKey: "wiki-maintainer", + displayName: "Wiki Maintainer", + role: "engineer", + title: "Maintains plugin-owned knowledge", + capabilities: "Maintains a plugin-owned wiki.", + adapterType: "process", + adapterConfig: { command: "pnpm wiki:maintain" }, + runtimeConfig: { modelProfiles: { cheap: { enabled: true, adapterConfig: { model: "small" } } } }, + permissions: { canCreateAgents: false }, + budgetMonthlyCents: 1234, + }, + ], + }; +} + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping embedded Postgres plugin-managed agent tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`, + ); +} + +describeEmbeddedPostgres("plugin-managed agents", () => { + let db!: ReturnType; + let tempDb: Awaited> | null = null; + + beforeAll(async () => { + tempDb = await startEmbeddedPostgresTestDatabase("paperclip-plugin-managed-agents-"); + db = createDb(tempDb.connectionString); + }, 20_000); + + afterEach(async () => { + await db.delete(agentConfigRevisions); + await db.delete(activityLog); + await db.delete(pluginEntities); + await db.delete(pluginManagedResources); + await db.delete(pluginCompanySettings); + await db.delete(approvals); + await db.delete(agents); + await db.delete(plugins); + await db.delete(companies); + }); + + afterAll(async () => { + await tempDb?.cleanup(); + }); + + async function seedCompanyAndPlugin(options: { requireApproval?: boolean; manifest?: PaperclipPluginManifestV1 } = {}) { + const companyId = randomUUID(); + const pluginId = randomUUID(); + const pluginManifest = options.manifest ?? manifest(); + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: issuePrefix(companyId), + requireBoardApprovalForNewAgents: options.requireApproval ?? false, + }); + await db.insert(plugins).values({ + id: pluginId, + pluginKey: pluginManifest.id, + packageName: "@paperclipai/plugin-managed-agents-test", + version: pluginManifest.version, + apiVersion: pluginManifest.apiVersion, + categories: pluginManifest.categories, + manifestJson: pluginManifest, + status: "ready", + installOrder: 1, + }); + const services = buildHostServices(db, pluginId, pluginManifest.id, createEventBusStub(), undefined, { + manifest: pluginManifest, + }); + return { companyId, pluginId, pluginManifest, services }; + } + + it("creates and resolves managed agents by stable resource key", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + + const created = await services.agents.managedReconcile({ + companyId, + agentKey: "wiki-maintainer", + }); + + expect(created.status).toBe("created"); + expect(created.agentId).toBeTruthy(); + expect(created.agent).toMatchObject({ + name: "Wiki Maintainer", + role: "engineer", + adapterConfig: { command: "pnpm wiki:maintain" }, + }); + + const resolved = await services.agents.managedGet({ + companyId, + agentKey: "wiki-maintainer", + }); + expect(resolved.status).toBe("resolved"); + expect(resolved.agentId).toBe(created.agentId); + + const [binding] = await db.select().from(pluginEntities); + expect(binding?.entityType).toBe("managed_agent"); + expect(binding?.scopeKind).toBe("company"); + expect(binding?.scopeId).toBe(companyId); + expect(binding?.data).toMatchObject({ + resourceKind: "agent", + resourceKey: "wiki-maintainer", + agentId: created.agentId, + }); + }); + + it("preserves user edits during reconcile and resets only on explicit reset", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + const created = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + expect(created.agentId).toBeTruthy(); + + await db + .update(agents) + .set({ + name: "Knowledge Lead", + adapterConfig: { command: "custom" }, + updatedAt: new Date(), + }) + .where(eq(agents.id, created.agentId!)); + + const reconciled = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + expect(reconciled.status).toBe("resolved"); + expect(reconciled.agent).toMatchObject({ + name: "Knowledge Lead", + adapterConfig: { command: "custom" }, + }); + + const reset = await services.agents.managedReset({ companyId, agentKey: "wiki-maintainer" }); + expect(reset.status).toBe("reset"); + expect(reset.agent).toMatchObject({ + name: "Wiki Maintainer", + adapterConfig: { command: "pnpm wiki:maintain" }, + }); + }); + + it("creates managed agents with the most-used compatible company adapter", async () => { + const pluginManifest = manifest(); + pluginManifest.agents![0] = { + ...pluginManifest.agents![0]!, + adapterType: "claude_local", + adapterPreference: ["claude_local", "codex_local"], + adapterConfig: {}, + }; + const { companyId, services } = await seedCompanyAndPlugin({ manifest: pluginManifest }); + await db.insert(agents).values([ + { + id: randomUUID(), + companyId, + name: "Codex One", + role: "engineer", + status: "idle", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }, + { + id: randomUUID(), + companyId, + name: "Codex Two", + role: "engineer", + status: "idle", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }, + { + id: randomUUID(), + companyId, + name: "Claude One", + role: "engineer", + status: "idle", + adapterType: "claude_local", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }, + ]); + + const created = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + + expect(created.status).toBe("created"); + expect(created.agent?.adapterType).toBe("codex_local"); + }); + + it("materializes declared managed agent instructions with local folder paths", async () => { + const previousHome = process.env.PAPERCLIP_HOME; + const previousInstance = process.env.PAPERCLIP_INSTANCE_ID; + const tempHome = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-managed-agent-home-")); + const wikiRoot = await fs.realpath(await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-managed-agent-wiki-"))); + process.env.PAPERCLIP_HOME = tempHome; + process.env.PAPERCLIP_INSTANCE_ID = "test"; + try { + const pluginManifest = manifest(); + pluginManifest.localFolders = [ + { + folderKey: "wiki-root", + displayName: "Wiki root", + access: "readWrite", + requiredDirectories: [], + requiredFiles: ["AGENTS.md"], + }, + ]; + pluginManifest.agents![0] = { + ...pluginManifest.agents![0]!, + adapterType: "claude_local", + adapterConfig: {}, + instructions: { + entryFile: "AGENTS.md", + content: [ + "# LLM Wiki Maintainer", + "", + "You are the LLM Wiki Maintainer.", + "Wiki root: `{{localFolders.wiki-root.path}}`", + "Wiki schema: `{{localFolders.wiki-root.agentsPath}}`", + "", + ].join("\n"), + }, + }; + const { companyId, pluginId, services } = await seedCompanyAndPlugin({ manifest: pluginManifest }); + await fs.writeFile(path.join(wikiRoot, "AGENTS.md"), "# Wiki schema\n", "utf8"); + await db.insert(pluginCompanySettings).values({ + companyId, + pluginId, + enabled: true, + settingsJson: { + localFolders: { + "wiki-root": { + path: wikiRoot, + access: "readWrite", + requiredDirectories: [], + requiredFiles: ["AGENTS.md"], + }, + }, + }, + }); + + const created = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + + const instructionsFilePath = created.agent?.adapterConfig.instructionsFilePath; + expect(typeof instructionsFilePath).toBe("string"); + const content = await fs.readFile(instructionsFilePath as string, "utf8"); + expect(content).toContain("You are the LLM Wiki Maintainer."); + expect(content).toContain(`Wiki root: \`${wikiRoot}\``); + expect(content).toContain(`Wiki schema: \`${path.join(wikiRoot, "AGENTS.md")}\``); + } finally { + if (previousHome === undefined) delete process.env.PAPERCLIP_HOME; + else process.env.PAPERCLIP_HOME = previousHome; + if (previousInstance === undefined) delete process.env.PAPERCLIP_INSTANCE_ID; + else process.env.PAPERCLIP_INSTANCE_ID = previousInstance; + await fs.rm(tempHome, { recursive: true, force: true }); + await fs.rm(wikiRoot, { recursive: true, force: true }); + } + }); + + it("repairs a missing binding by relinking a same-company managed agent marker", async () => { + const { companyId, pluginId, pluginManifest, services } = await seedCompanyAndPlugin(); + const agentId = randomUUID(); + await db.insert(agents).values({ + id: agentId, + companyId, + name: "Renamed Wiki Agent", + role: "engineer", + status: "idle", + adapterType: "process", + adapterConfig: { command: "custom" }, + runtimeConfig: {}, + permissions: {}, + metadata: { + paperclipManagedResource: { + pluginId, + pluginKey: pluginManifest.id, + resourceKind: "agent", + resourceKey: "wiki-maintainer", + }, + }, + }); + + const relinked = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + expect(relinked.status).toBe("relinked"); + expect(relinked.agentId).toBe(agentId); + + const [binding] = await db.select().from(pluginEntities); + expect(binding?.data).toMatchObject({ agentId }); + }); + + it("respects board approval policy for new managed agents", async () => { + const { companyId, services } = await seedCompanyAndPlugin({ requireApproval: true }); + + const created = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + + expect(created.status).toBe("created"); + expect(created.agent?.status).toBe("pending_approval"); + expect(created.approvalId).toBeTruthy(); + + const [approval] = await db.select().from(approvals).where(eq(approvals.id, created.approvalId!)); + expect(approval).toMatchObject({ + type: "hire_agent", + status: "pending", + }); + expect(approval?.payload).toMatchObject({ + agentId: created.agentId, + sourcePluginKey: "paperclip.managed-agents-test", + managedResourceKey: "wiki-maintainer", + }); + }); +}); diff --git a/server/src/__tests__/plugin-managed-routines.test.ts b/server/src/__tests__/plugin-managed-routines.test.ts new file mode 100644 index 00000000..6f89cac1 --- /dev/null +++ b/server/src/__tests__/plugin-managed-routines.test.ts @@ -0,0 +1,249 @@ +import { randomUUID } from "node:crypto"; +import { eq } from "drizzle-orm"; +import { afterAll, afterEach, beforeAll, describe, expect, it, vi } from "vitest"; +import { + activityLog, + agentConfigRevisions, + agents, + companies, + createDb, + issues, + pluginManagedResources, + plugins, + projects, + routineRuns, + routineTriggers, + routines, +} from "@paperclipai/db"; +import type { PaperclipPluginManifestV1 } from "@paperclipai/shared"; +import { + getEmbeddedPostgresTestSupport, + startEmbeddedPostgresTestDatabase, +} from "./helpers/embedded-postgres.js"; +import { buildHostServices } from "../services/plugin-host-services.js"; +import { routineService } from "../services/routines.js"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +function createEventBusStub() { + return { + forPlugin() { + return { + emit: async () => {}, + subscribe: () => {}, + }; + }, + } as any; +} + +function issuePrefix(id: string) { + return `T${id.replace(/-/g, "").slice(0, 6).toUpperCase()}`; +} + +function manifest(): PaperclipPluginManifestV1 { + return { + id: "paperclip.managed-routines-test", + apiVersion: 1, + version: "0.1.0", + displayName: "Managed Routines Test", + description: "Test plugin", + author: "Paperclip", + categories: ["automation"], + capabilities: ["agents.managed", "projects.managed", "routines.managed"], + entrypoints: { worker: "./dist/worker.js" }, + agents: [{ + agentKey: "wiki-maintainer", + displayName: "Wiki Maintainer", + role: "engineer", + adapterType: "process", + adapterConfig: { command: "pnpm wiki:maintain" }, + }], + projects: [{ + projectKey: "operations", + displayName: "Plugin Operations", + description: "Plugin operation inspection", + status: "in_progress", + }], + routines: [{ + routineKey: "nightly-lint", + title: "Nightly lint", + description: "Lint plugin state", + assigneeRef: { resourceKind: "agent", resourceKey: "wiki-maintainer" }, + projectRef: { resourceKind: "project", resourceKey: "operations" }, + status: "active", + priority: "medium", + concurrencyPolicy: "coalesce_if_active", + catchUpPolicy: "skip_missed", + triggers: [{ + kind: "schedule", + label: "Nightly", + cronExpression: "0 3 * * *", + timezone: "UTC", + }], + issueTemplate: { + surfaceVisibility: "plugin_operation", + originId: "operation:nightly-lint", + billingCode: "plugin-test:nightly-lint", + }, + }], + }; +} + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping embedded Postgres plugin-managed routine tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`, + ); +} + +describeEmbeddedPostgres("plugin-managed routines", () => { + let db!: ReturnType; + let tempDb: Awaited> | null = null; + + beforeAll(async () => { + tempDb = await startEmbeddedPostgresTestDatabase("paperclip-plugin-managed-routines-"); + db = createDb(tempDb.connectionString); + }, 20_000); + + afterEach(async () => { + await db.delete(routineRuns); + await db.delete(routineTriggers); + await db.delete(routines); + await db.delete(issues); + await db.delete(agentConfigRevisions); + await db.delete(activityLog); + await db.delete(pluginManagedResources); + await db.delete(agents); + await db.delete(projects); + await db.delete(plugins); + await db.delete(companies); + }); + + afterAll(async () => { + await tempDb?.cleanup(); + }); + + async function seedCompanyAndPlugin(pluginManifest = manifest()) { + const companyId = randomUUID(); + const pluginId = randomUUID(); + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: issuePrefix(companyId), + }); + await db.insert(plugins).values({ + id: pluginId, + pluginKey: pluginManifest.id, + packageName: "@paperclipai/plugin-managed-routines-test", + version: pluginManifest.version, + apiVersion: pluginManifest.apiVersion, + categories: pluginManifest.categories, + manifestJson: pluginManifest, + status: "ready", + installOrder: 1, + }); + const services = buildHostServices(db, pluginId, pluginManifest.id, createEventBusStub(), undefined, { + manifest: pluginManifest, + }); + return { companyId, pluginId, pluginManifest, services }; + } + + it("resolves routine agent and project refs by stable managed keys", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + const agent = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + const project = await services.projects.reconcileManaged({ companyId, projectKey: "operations" }); + + const created = await services.routines.managedReconcile({ companyId, routineKey: "nightly-lint" }); + + expect(created.status).toBe("created"); + expect(created.routine).toMatchObject({ + title: "Nightly lint", + assigneeAgentId: agent.agentId, + projectId: project.projectId, + managedByPlugin: expect.objectContaining({ + pluginKey: "paperclip.managed-routines-test", + resourceKind: "routine", + resourceKey: "nightly-lint", + }), + }); + + const [trigger] = await db.select().from(routineTriggers).where(eq(routineTriggers.routineId, created.routineId!)); + expect(trigger).toMatchObject({ + kind: "schedule", + cronExpression: "0 3 * * *", + timezone: "UTC", + }); + }); + + it("returns missing refs until the operator repairs them and preserves routine edits on reconcile", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + + const missing = await services.routines.managedReconcile({ companyId, routineKey: "nightly-lint" }); + expect(missing.status).toBe("missing_refs"); + expect(missing.missingRefs).toEqual([ + expect.objectContaining({ resourceKind: "agent", resourceKey: "wiki-maintainer" }), + expect.objectContaining({ resourceKind: "project", resourceKey: "operations" }), + ]); + + const [agent] = await db.insert(agents).values({ + companyId, + name: "Operator-selected maintainer", + role: "engineer", + status: "idle", + adapterType: "process", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }).returning(); + const [project] = await db.insert(projects).values({ + companyId, + name: "Operator-selected project", + status: "in_progress", + }).returning(); + + const repaired = await services.routines.managedReconcile({ + companyId, + routineKey: "nightly-lint", + assigneeAgentId: agent.id, + projectId: project.id, + }); + expect(repaired.status).toBe("created"); + expect(repaired.routine).toMatchObject({ + assigneeAgentId: agent.id, + projectId: project.id, + }); + + await db + .update(routines) + .set({ title: "Operator renamed lint", updatedAt: new Date() }) + .where(eq(routines.id, repaired.routineId!)); + + const reconciled = await services.routines.managedReconcile({ companyId, routineKey: "nightly-lint" }); + expect(reconciled.status).toBe("resolved"); + expect(reconciled.routine?.title).toBe("Operator renamed lint"); + }); + + it("creates routine operation issues with plugin visibility and managed project scoping", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + const agent = await services.agents.managedReconcile({ companyId, agentKey: "wiki-maintainer" }); + const project = await services.projects.reconcileManaged({ companyId, projectKey: "operations" }); + const routine = await services.routines.managedReconcile({ companyId, routineKey: "nightly-lint" }); + const wakeup = vi.fn(async () => ({ id: randomUUID() })); + const routinesSvc = routineService(db, { heartbeat: { wakeup } }); + + const run = await routinesSvc.runRoutine(routine.routineId!, { source: "manual" }, { userId: "board-user" }); + + expect(run.status).toBe("issue_created"); + const [issue] = await db.select().from(issues).where(eq(issues.id, run.linkedIssueId!)); + expect(issue).toMatchObject({ + originKind: "plugin:paperclip.managed-routines-test:operation", + originId: "operation:nightly-lint", + billingCode: "plugin-test:nightly-lint", + projectId: project.projectId, + assigneeAgentId: agent.agentId, + }); + expect(wakeup).toHaveBeenCalledWith(agent.agentId, expect.objectContaining({ + reason: "issue_assigned", + })); + }); +}); diff --git a/server/src/__tests__/plugin-managed-skills.test.ts b/server/src/__tests__/plugin-managed-skills.test.ts new file mode 100644 index 00000000..deb82643 --- /dev/null +++ b/server/src/__tests__/plugin-managed-skills.test.ts @@ -0,0 +1,281 @@ +import { randomUUID } from "node:crypto"; +import { eq } from "drizzle-orm"; +import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; +import { + activityLog, + companies, + companySkills, + createDb, + pluginManagedResources, + plugins, +} from "@paperclipai/db"; +import type { PaperclipPluginManifestV1 } from "@paperclipai/shared"; +import { + getEmbeddedPostgresTestSupport, + startEmbeddedPostgresTestDatabase, +} from "./helpers/embedded-postgres.js"; +import { buildHostServices } from "../services/plugin-host-services.js"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +function createEventBusStub() { + return { + forPlugin() { + return { + emit: async () => {}, + subscribe: () => {}, + }; + }, + } as any; +} + +function issuePrefix(id: string) { + return `T${id.replace(/-/g, "").slice(0, 6).toUpperCase()}`; +} + +function manifest(): PaperclipPluginManifestV1 { + return { + id: "paperclip.managed-skills-test", + apiVersion: 1, + version: "0.1.0", + displayName: "Managed Skills Test", + description: "Test plugin", + author: "Paperclip", + categories: ["automation"], + capabilities: ["skills.managed"], + entrypoints: { worker: "./dist/worker.js" }, + skills: [{ + skillKey: "wiki-maintainer", + displayName: "Wiki Maintainer Skill", + description: "Use LLM Wiki tools to maintain company knowledge.", + files: [{ + path: "references/wiki-style.md", + content: "# Wiki style\n\nKeep pages cited and terse.\n", + }], + }], + }; +} + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping embedded Postgres plugin-managed skill tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`, + ); +} + +describeEmbeddedPostgres("plugin-managed skills", () => { + let db!: ReturnType; + let tempDb: Awaited> | null = null; + + beforeAll(async () => { + tempDb = await startEmbeddedPostgresTestDatabase("paperclip-plugin-managed-skills-"); + db = createDb(tempDb.connectionString); + }, 20_000); + + afterEach(async () => { + await db.delete(activityLog); + await db.delete(pluginManagedResources); + await db.delete(companySkills); + await db.delete(plugins); + await db.delete(companies); + }); + + afterAll(async () => { + await tempDb?.cleanup(); + }); + + async function seedCompanyAndPlugin(pluginManifest = manifest()) { + const companyId = randomUUID(); + const pluginId = randomUUID(); + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: issuePrefix(companyId), + }); + await db.insert(plugins).values({ + id: pluginId, + pluginKey: pluginManifest.id, + packageName: "@paperclipai/plugin-managed-skills-test", + version: pluginManifest.version, + apiVersion: pluginManifest.apiVersion, + categories: pluginManifest.categories, + manifestJson: pluginManifest, + status: "ready", + installOrder: 1, + }); + const services = buildHostServices(db, pluginId, pluginManifest.id, createEventBusStub(), undefined, { + manifest: pluginManifest, + }); + return { companyId, pluginId, pluginManifest, services }; + } + + it("installs and resolves managed company skills by stable resource key", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + + const created = await services.skills.managedReconcile({ + companyId, + skillKey: "wiki-maintainer", + }); + + expect(created.status).toBe("created"); + expect(created.skill).toMatchObject({ + name: "Wiki Maintainer Skill", + key: "plugin/paperclip-managed-skills-test/wiki-maintainer", + sourceType: "catalog", + fileInventory: expect.arrayContaining([ + expect.objectContaining({ path: "SKILL.md", kind: "skill" }), + expect.objectContaining({ path: "references/wiki-style.md", kind: "reference" }), + ]), + }); + + const resolved = await services.skills.managedGet({ + companyId, + skillKey: "wiki-maintainer", + }); + expect(resolved.status).toBe("resolved"); + expect(resolved.skillId).toBe(created.skillId); + + const [binding] = await db.select().from(pluginManagedResources); + expect(binding).toMatchObject({ + companyId, + resourceKind: "skill", + resourceKey: "wiki-maintainer", + resourceId: created.skillId, + }); + }); + + it("preserves operator edits during reconcile and restores manifest defaults on reset", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + const created = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + expect(created.skillId).toBeTruthy(); + + await db + .update(companySkills) + .set({ + name: "Custom Wiki Skill", + markdown: "# Custom instructions\n", + updatedAt: new Date(), + }) + .where(eq(companySkills.id, created.skillId!)); + + const reconciled = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + expect(reconciled.status).toBe("resolved"); + expect(reconciled.skill).toMatchObject({ + name: "Custom Wiki Skill", + markdown: "# Custom instructions\n", + }); + + const reset = await services.skills.managedReset({ companyId, skillKey: "wiki-maintainer" }); + expect(reset.status).toBe("reset"); + expect(reset.skill).toMatchObject({ + name: "Wiki Maintainer Skill", + description: "Use LLM Wiki tools to maintain company knowledge.", + }); + expect(reset.skill?.markdown).toContain("key: \"plugin/paperclip-managed-skills-test/wiki-maintainer\""); + }); + + it("does not rewrite managed skill bindings when defaults are unchanged", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + const created = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + expect(created.skillId).toBeTruthy(); + + const [binding] = await db.select().from(pluginManagedResources); + const oldUpdatedAt = new Date("2026-01-01T00:00:00.000Z"); + await db + .update(pluginManagedResources) + .set({ updatedAt: oldUpdatedAt }) + .where(eq(pluginManagedResources.id, binding.id)); + + const reconciled = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + const [bindingAfter] = await db.select().from(pluginManagedResources); + + expect(reconciled.status).toBe("resolved"); + expect(bindingAfter.updatedAt.toISOString()).toBe(oldUpdatedAt.toISOString()); + }); + + it("relinks an existing canonical skill without overwriting operator edits", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + const created = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + expect(created.skillId).toBeTruthy(); + + await db.delete(pluginManagedResources).where(eq(pluginManagedResources.resourceId, created.skillId!)); + await db + .update(companySkills) + .set({ + name: "Existing Customized Wiki Skill", + markdown: "# Existing customized instructions\n", + updatedAt: new Date(), + }) + .where(eq(companySkills.id, created.skillId!)); + + const relinked = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + + expect(relinked.status).toBe("relinked"); + expect(relinked.skillId).toBe(created.skillId); + expect(relinked.skill).toMatchObject({ + name: "Existing Customized Wiki Skill", + markdown: "# Existing customized instructions\n", + }); + expect(relinked.defaultDrift).toEqual({ changedFiles: ["SKILL.md"] }); + + const [binding] = await db.select().from(pluginManagedResources); + expect(binding).toMatchObject({ + companyId, + resourceKind: "skill", + resourceKey: "wiki-maintainer", + resourceId: created.skillId, + }); + }); + + it("reports drift when installed skill files differ from plugin defaults", async () => { + const { companyId, services } = await seedCompanyAndPlugin(); + const created = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + expect(created.defaultDrift).toBeNull(); + + await db + .update(companySkills) + .set({ + markdown: "# Custom instructions\n", + updatedAt: new Date(), + }) + .where(eq(companySkills.id, created.skillId!)); + + const drifted = await services.skills.managedReconcile({ companyId, skillKey: "wiki-maintainer" }); + expect(drifted.status).toBe("resolved"); + expect(drifted.defaultDrift).toEqual({ changedFiles: ["SKILL.md"] }); + + const reset = await services.skills.managedReset({ companyId, skillKey: "wiki-maintainer" }); + expect(reset.defaultDrift).toBeNull(); + }); + + it("adds the canonical managed key to manifest-provided markdown skills", async () => { + const pluginManifest = manifest(); + pluginManifest.skills = [ + ...(pluginManifest.skills ?? []), + { + skillKey: "markdown-skill", + displayName: "Markdown Skill", + markdown: [ + "---", + "name: markdown-skill", + "description: Markdown source without a key.", + "---", + "", + "# Markdown Skill", + "", + "Follow the managed markdown.", + ].join("\n"), + }, + ]; + const { companyId, services } = await seedCompanyAndPlugin(pluginManifest); + + const created = await services.skills.managedReconcile({ companyId, skillKey: "markdown-skill" }); + + expect(created.status).toBe("created"); + expect(created.skill).toMatchObject({ + key: "plugin/paperclip-managed-skills-test/markdown-skill", + name: "markdown-skill", + }); + expect(created.skill?.markdown).toContain("key: \"plugin/paperclip-managed-skills-test/markdown-skill\""); + }); +}); diff --git a/server/src/__tests__/plugin-orchestration-apis.test.ts b/server/src/__tests__/plugin-orchestration-apis.test.ts index b8ee02e9..402419c6 100644 --- a/server/src/__tests__/plugin-orchestration-apis.test.ts +++ b/server/src/__tests__/plugin-orchestration-apis.test.ts @@ -1,4 +1,7 @@ import { randomUUID } from "node:crypto"; +import { promises as fs } from "node:fs"; +import os from "node:os"; +import path from "node:path"; import { and, eq } from "drizzle-orm"; import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; import { @@ -11,6 +14,9 @@ import { heartbeatRuns, issueRelations, issues, + pluginManagedResources, + plugins, + projects, } from "@paperclipai/db"; import { getEmbeddedPostgresTestSupport, @@ -45,6 +51,7 @@ if (!embeddedPostgresSupport.supported) { describeEmbeddedPostgres("plugin orchestration APIs", () => { let db!: ReturnType; let tempDb: Awaited> | null = null; + const tempRoots: string[] = []; beforeAll(async () => { tempDb = await startEmbeddedPostgresTestDatabase("paperclip-plugin-orchestration-"); @@ -52,12 +59,17 @@ describeEmbeddedPostgres("plugin orchestration APIs", () => { }, 20_000); afterEach(async () => { + await Promise.all(tempRoots.map((root) => fs.rm(root, { recursive: true, force: true }))); + tempRoots.length = 0; await db.delete(activityLog); await db.delete(costEvents); await db.delete(heartbeatRuns); await db.delete(agentWakeupRequests); await db.delete(issueRelations); await db.delete(issues); + await db.delete(pluginManagedResources); + await db.delete(projects); + await db.delete(plugins); await db.delete(agents); await db.delete(companies); }); @@ -89,6 +101,12 @@ describeEmbeddedPostgres("plugin orchestration APIs", () => { return { companyId, agentId }; } + async function makeLocalRoot() { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-plugin-host-folder-")); + tempRoots.push(root); + return root; + } + it("creates plugin-origin issues with full orchestration fields and audit activity", async () => { const { companyId, agentId } = await seedCompanyAndAgent(); const blockerIssueId = randomUUID(); @@ -189,6 +207,293 @@ describeEmbeddedPostgres("plugin orchestration APIs", () => { ).rejects.toThrow("Plugin may only use originKind values under plugin:paperclip.missions"); }); + it("creates plugin operation issues with the generic operation origin", async () => { + const { companyId } = await seedCompanyAndAgent(); + const services = buildHostServices(db, "plugin-record-id", "paperclip.missions", createEventBusStub()); + + const issue = await services.issues.create({ + companyId, + title: "Background operation", + surfaceVisibility: "plugin_operation", + originId: "mission-alpha:operation-1", + }); + + expect(issue.originKind).toBe("plugin:paperclip.missions:operation"); + expect(issue.originId).toBe("mission-alpha:operation-1"); + }); + + it("lets bootstrap-style actions initialize required local folders from an empty root", async () => { + const { companyId } = await seedCompanyAndAgent(); + const pluginId = randomUUID(); + await db.insert(plugins).values({ + id: pluginId, + pluginKey: "paperclipai.plugin-llm-wiki", + packageName: "@paperclipai/plugin-llm-wiki", + version: "0.1.0", + manifestJson: { + id: "paperclipai.plugin-llm-wiki", + apiVersion: 1, + version: "0.1.0", + displayName: "LLM Wiki", + description: "Local-file LLM Wiki plugin", + author: "Paperclip", + categories: ["automation"], + capabilities: ["local.folders"], + entrypoints: { worker: "./dist/worker.js" }, + localFolders: [ + { + folderKey: "wiki-root", + displayName: "Wiki root", + access: "readWrite", + requiredDirectories: ["raw", "wiki", "wiki/concepts", ".paperclip"], + requiredFiles: ["WIKI.md", "AGENTS.md"], + }, + ], + }, + status: "ready", + }); + const root = await makeLocalRoot(); + const services = buildHostServices( + db, + pluginId, + "paperclipai.plugin-llm-wiki", + createEventBusStub(), + undefined, + { + manifest: { + id: "paperclipai.plugin-llm-wiki", + apiVersion: 1, + version: "0.1.0", + displayName: "LLM Wiki", + description: "Local-file LLM Wiki plugin", + author: "Paperclip", + categories: ["automation"], + capabilities: ["local.folders"], + entrypoints: { worker: "./dist/worker.js" }, + localFolders: [ + { + folderKey: "wiki-root", + displayName: "Wiki root", + access: "readWrite", + requiredDirectories: ["raw", "wiki", "wiki/concepts", ".paperclip"], + requiredFiles: ["WIKI.md", "AGENTS.md"], + }, + ], + }, + }, + ); + + const configured = await services.localFolders.configure({ + companyId, + folderKey: "wiki-root", + path: root, + access: "readWrite", + requiredDirectories: ["raw", "wiki", "wiki/concepts", ".paperclip"], + requiredFiles: ["WIKI.md", "AGENTS.md"], + }); + expect(configured.healthy).toBe(false); + expect(configured.missingDirectories).toEqual([]); + expect(configured.missingFiles).toEqual(["WIKI.md", "AGENTS.md"]); + + await fs.rm(path.join(root, "raw"), { recursive: true, force: true }); + await fs.rm(path.join(root, "wiki"), { recursive: true, force: true }); + await expect(services.localFolders.readText({ companyId, folderKey: "wiki-root", relativePath: "WIKI.md" })) + .rejects.toThrow("Local folder is not healthy"); + await services.localFolders.writeTextAtomic({ + companyId, + folderKey: "wiki-root", + relativePath: "WIKI.md", + contents: "# Wiki\n", + }); + await services.localFolders.writeTextAtomic({ + companyId, + folderKey: "wiki-root", + relativePath: "AGENTS.md", + contents: "# Agents\n", + }); + + const finalStatus = await services.localFolders.status({ companyId, folderKey: "wiki-root" }); + expect(finalStatus.healthy).toBe(true); + await expect(fs.stat(path.join(root, "raw"))).resolves.toMatchObject({}); + await expect(fs.stat(path.join(root, "wiki/concepts"))).resolves.toMatchObject({}); + await expect(fs.readFile(path.join(root, "WIKI.md"), "utf8")).resolves.toBe("# Wiki\n"); + }); + + it("rejects worker local-folder access for undeclared manifest keys", async () => { + const { companyId } = await seedCompanyAndAgent(); + const pluginId = randomUUID(); + await db.insert(plugins).values({ + id: pluginId, + pluginKey: "paperclip.local-folders", + packageName: "@paperclip/plugin-local-folders", + version: "0.1.0", + manifestJson: { + id: "paperclip.local-folders", + apiVersion: 1, + version: "0.1.0", + displayName: "Local Folders", + description: "Local folder fixture", + author: "Paperclip", + categories: ["automation"], + capabilities: ["local.folders"], + entrypoints: { worker: "./dist/worker.js" }, + localFolders: [ + { + folderKey: "content-root", + displayName: "Content root", + access: "readWrite", + }, + ], + }, + status: "ready", + }); + const services = buildHostServices( + db, + pluginId, + "paperclip.local-folders", + createEventBusStub(), + undefined, + { + manifest: { + id: "paperclip.local-folders", + apiVersion: 1, + version: "0.1.0", + displayName: "Local Folders", + description: "Local folder fixture", + author: "Paperclip", + categories: ["automation"], + capabilities: ["local.folders"], + entrypoints: { worker: "./dist/worker.js" }, + localFolders: [ + { + folderKey: "content-root", + displayName: "Content root", + access: "readWrite", + }, + ], + }, + }, + ); + await expect(services.localFolders.configure({ + companyId, + folderKey: "ssh", + path: "/tmp", + access: "read", + })).rejects.toThrow("Local folder key is not declared"); + await expect(services.localFolders.status({ companyId, folderKey: "ssh" })) + .rejects.toThrow("Local folder key is not declared"); + await expect(services.localFolders.readText({ companyId, folderKey: "ssh", relativePath: "id_rsa" })) + .rejects.toThrow("Local folder key is not declared"); + await expect(services.localFolders.writeTextAtomic({ + companyId, + folderKey: "ssh", + relativePath: "id_rsa", + contents: "secret", + })).rejects.toThrow("Local folder key is not declared"); + }); + + it("resolves plugin-managed projects by stable key without overwriting user edits", async () => { + const { companyId } = await seedCompanyAndAgent(); + const pluginId = randomUUID(); + await db.insert(plugins).values({ + id: pluginId, + pluginKey: "paperclip.missions", + packageName: "@paperclip/plugin-missions", + version: "0.1.0", + apiVersion: 1, + categories: ["automation"], + status: "ready", + manifestJson: { + id: "paperclip.missions", + apiVersion: 1, + version: "0.1.0", + displayName: "Missions", + description: "Mission orchestration", + author: "Paperclip", + categories: ["automation"], + capabilities: ["projects.managed"], + entrypoints: { worker: "./dist/worker.js" }, + projects: [{ + projectKey: "operations", + displayName: "Mission Operations", + description: "Plugin operation inspection area", + status: "in_progress", + color: "#14b8a6", + settings: { surface: "operations" }, + }], + }, + }); + + const services = buildHostServices(db, pluginId, "paperclip.missions", createEventBusStub()); + const missing = await services.projects.getManaged({ companyId, projectKey: "operations" }); + expect(missing.status).toBe("missing"); + expect(missing.projectId).toBeNull(); + await expect( + db + .select() + .from(pluginManagedResources) + .where(and( + eq(pluginManagedResources.companyId, companyId), + eq(pluginManagedResources.pluginId, pluginId), + eq(pluginManagedResources.resourceKind, "project"), + eq(pluginManagedResources.resourceKey, "operations"), + )), + ).resolves.toHaveLength(0); + + const created = await services.projects.reconcileManaged({ companyId, projectKey: "operations" }); + + expect(created.status).toBe("created"); + expect(created.projectId).toEqual(expect.any(String)); + expect(created.project?.managedByPlugin).toMatchObject({ + pluginId, + pluginKey: "paperclip.missions", + pluginDisplayName: "Missions", + resourceKind: "project", + resourceKey: "operations", + }); + + await db + .update(projects) + .set({ name: "Renamed by operator", description: "User-owned text", updatedAt: new Date() }) + .where(eq(projects.id, created.projectId!)); + await db + .update(plugins) + .set({ + manifestJson: { + id: "paperclip.missions", + apiVersion: 1, + version: "0.2.0", + displayName: "Missions", + description: "Mission orchestration", + author: "Paperclip", + categories: ["automation"], + capabilities: ["projects.managed"], + entrypoints: { worker: "./dist/worker.js" }, + projects: [{ + projectKey: "operations", + displayName: "Upgraded Default Name", + description: "Upgraded default description", + status: "planned", + color: "#f97316", + settings: { surface: "operations", upgraded: true }, + }], + }, + updatedAt: new Date(), + }) + .where(eq(plugins.id, pluginId)); + + const resolved = await services.projects.reconcileManaged({ companyId, projectKey: "operations" }); + + expect(resolved.status).toBe("resolved"); + expect(resolved.projectId).toBe(created.projectId); + expect(resolved.project?.name).toBe("Renamed by operator"); + expect(resolved.project?.description).toBe("User-owned text"); + expect(resolved.project?.managedByPlugin?.defaultsJson).toMatchObject({ + displayName: "Upgraded Default Name", + settings: { upgraded: true }, + }); + }); + it("asserts checkout ownership for run-scoped plugin actions", async () => { const { companyId, agentId } = await seedCompanyAndAgent(); const issueId = randomUUID(); diff --git a/server/src/__tests__/plugin-routes-authz.test.ts b/server/src/__tests__/plugin-routes-authz.test.ts index df41f7ff..52e678b4 100644 --- a/server/src/__tests__/plugin-routes-authz.test.ts +++ b/server/src/__tests__/plugin-routes-authz.test.ts @@ -6,6 +6,8 @@ const mockRegistry = vi.hoisted(() => ({ getById: vi.fn(), getByKey: vi.fn(), upsertConfig: vi.fn(), + getCompanySettings: vi.fn(), + upsertCompanySettings: vi.fn(), })); const mockLifecycle = vi.hoisted(() => ({ @@ -222,6 +224,30 @@ describe.sequential("plugin install and upgrade authz", () => { expect(mockLifecycle.disable).not.toHaveBeenCalled(); }, 20_000); + it("rejects plugin config saves that contain secret refs even for instance admins", async () => { + readyPlugin(); + + const { app } = await createApp({ + type: "board", + userId: "admin-1", + source: "session", + isInstanceAdmin: true, + companyIds: [companyA], + }); + + const res = await request(app) + .post(`/api/plugins/${pluginId}/config`) + .send({ + configJson: { + apiKeyRef: "77777777-7777-4777-8777-777777777777", + }, + }); + + expect(res.status).toBe(422); + expect(res.body.error).toMatch(/secret references are disabled/i); + expect(mockRegistry.upsertConfig).not.toHaveBeenCalled(); + }, 20_000); + it("allows instance admins to upgrade plugins", async () => { const pluginId = "11111111-1111-4111-8111-111111111111"; mockRegistry.getById.mockResolvedValue({ @@ -317,6 +343,61 @@ describe.sequential("scoped plugin API routes", () => { }, 20_000); }); +describe.sequential("plugin local folder routes", () => { + beforeEach(() => { + vi.clearAllMocks(); + mockRegistry.getCompanySettings.mockResolvedValue(null); + }); + + function readyLocalFolderPlugin() { + mockRegistry.getById.mockResolvedValue({ + id: pluginId, + pluginKey: "paperclip.example", + version: "1.0.0", + status: "ready", + manifestJson: { + id: "paperclip.example", + capabilities: ["local.folders"], + localFolders: [ + { + folderKey: "content-root", + displayName: "Content root", + access: "readWrite", + requiredDirectories: ["docs"], + requiredFiles: ["README.md"], + }, + ], + }, + }); + } + + it("rejects validation for undeclared local folder keys", async () => { + readyLocalFolderPlugin(); + const { app } = await createApp(boardActor()); + + const res = await request(app) + .post(`/api/plugins/${pluginId}/companies/${companyA}/local-folders/ssh/validate`) + .send({ path: "/tmp" }); + + expect(res.status).toBe(400); + expect(res.body.error).toContain("Local folder key is not declared"); + expect(mockRegistry.upsertCompanySettings).not.toHaveBeenCalled(); + }); + + it("rejects saving undeclared local folder keys", async () => { + readyLocalFolderPlugin(); + const { app } = await createApp(boardActor()); + + const res = await request(app) + .put(`/api/plugins/${pluginId}/companies/${companyA}/local-folders/ssh`) + .send({ path: "/tmp" }); + + expect(res.status).toBe(400); + expect(res.body.error).toContain("Local folder key is not declared"); + expect(mockRegistry.upsertCompanySettings).not.toHaveBeenCalled(); + }); +}); + describe.sequential("plugin tool and bridge authz", () => { beforeEach(() => { vi.clearAllMocks(); diff --git a/server/src/__tests__/plugin-scoped-api-routes.test.ts b/server/src/__tests__/plugin-scoped-api-routes.test.ts index 1dab1edf..4e2ce297 100644 --- a/server/src/__tests__/plugin-scoped-api-routes.test.ts +++ b/server/src/__tests__/plugin-scoped-api-routes.test.ts @@ -98,6 +98,7 @@ describe.sequential("plugin scoped API routes", () => { const pluginId = "11111111-1111-4111-8111-111111111111"; const companyId = "22222222-2222-4222-8222-222222222222"; const agentId = "33333333-3333-4333-8333-333333333333"; + const peerAgentId = "33333333-3333-4333-8333-333333333334"; const runId = "44444444-4444-4444-8444-444444444444"; const issueId = "55555555-5555-4555-8555-555555555555"; @@ -252,6 +253,55 @@ describe.sequential("plugin scoped API routes", () => { })); }); + it("allows non-assignee agents on in-progress required checkout routes without claiming checkout ownership", async () => { + const apiRoutes = manifest([ + { + routeKey: "issue.advance", + method: "POST", + path: "/issues/:issueId/advance", + auth: "agent", + capability: "api.routes.register", + checkoutPolicy: "required-for-agent-in-progress", + companyResolution: { from: "issue", param: "issueId" }, + }, + ]); + mockIssueService.getById.mockResolvedValue({ + id: issueId, + companyId, + status: "in_progress", + assigneeAgentId: agentId, + }); + const { app, workerManager } = await createApp({ + actor: { + type: "agent", + agentId: peerAgentId, + companyId, + runId, + source: "agent_key", + }, + plugin: { + id: pluginId, + pluginKey: apiRoutes.id, + status: "ready", + manifestJson: apiRoutes, + }, + }); + + const res = await request(app) + .post(`/api/plugins/${pluginId}/api/issues/${issueId}/advance`) + .send({ step: "next" }); + + expect(res.status).toBe(200); + expect(mockIssueService.assertCheckoutOwner).not.toHaveBeenCalled(); + expect(workerManager.call).toHaveBeenCalledWith(pluginId, "handleApiRequest", expect.objectContaining({ + routeKey: "issue.advance", + params: { issueId }, + body: { step: "next" }, + actor: expect.objectContaining({ actorType: "agent", agentId: peerAgentId, runId }), + companyId, + })); + }); + it("rejects checkout-protected agent routes without a run id before worker dispatch", async () => { const apiRoutes = manifest([ { diff --git a/server/src/__tests__/plugin-sdk-orchestration-contract.test.ts b/server/src/__tests__/plugin-sdk-orchestration-contract.test.ts index d68cb60a..957262d8 100644 --- a/server/src/__tests__/plugin-sdk-orchestration-contract.test.ts +++ b/server/src/__tests__/plugin-sdk-orchestration-contract.test.ts @@ -150,6 +150,23 @@ describe("plugin SDK orchestration contract", () => { ).rejects.toThrow("Plugin may only use originKind values under plugin:paperclip.test-orchestration"); }); + it("supports generic plugin operation issue visibility in the test harness", async () => { + const companyId = randomUUID(); + const harness = createTestHarness({ + manifest: manifest(["issues.create"]), + }); + + const created = await harness.ctx.issues.create({ + companyId, + title: "Background operation", + surfaceVisibility: "plugin_operation", + originId: "operation-1", + }); + + expect(created.originKind).toBe("plugin:paperclip.test-orchestration:operation"); + expect(created.originId).toBe("operation-1"); + }); + it("enforces checkout and wakeup capabilities in the test harness", async () => { const companyId = randomUUID(); const agentId = randomUUID(); diff --git a/server/src/__tests__/plugin-sdk-testing.test.ts b/server/src/__tests__/plugin-sdk-testing.test.ts new file mode 100644 index 00000000..b3efa7e1 --- /dev/null +++ b/server/src/__tests__/plugin-sdk-testing.test.ts @@ -0,0 +1,28 @@ +import { describe, expect, it } from "vitest"; +import type { PaperclipPluginManifestV1 } from "@paperclipai/shared"; +import { createTestHarness } from "@paperclipai/plugin-sdk/testing"; + +describe("plugin SDK test harness", () => { + it("requires skills.managed capability before resetting a missing declaration", async () => { + const manifest: PaperclipPluginManifestV1 = { + id: "paperclip.test-missing-managed-skill-capability", + apiVersion: 1, + version: "0.1.0", + displayName: "Missing Managed Skill Capability", + description: "Test plugin", + author: "Paperclip", + categories: ["automation"], + capabilities: [], + entrypoints: { worker: "./dist/worker.js" }, + skills: [{ + skillKey: "wiki-maintainer", + displayName: "Wiki Maintainer", + }], + }; + const harness = createTestHarness({ manifest }); + + await expect(harness.ctx.skills.managed.reset("unknown-skill", "company-1")).rejects.toThrow( + "missing required capability 'skills.managed'", + ); + }); +}); diff --git a/server/src/__tests__/plugin-secrets-handler.test.ts b/server/src/__tests__/plugin-secrets-handler.test.ts new file mode 100644 index 00000000..ec89c872 --- /dev/null +++ b/server/src/__tests__/plugin-secrets-handler.test.ts @@ -0,0 +1,29 @@ +import { describe, expect, it } from "vitest"; +import { + createPluginSecretsHandler, + PLUGIN_SECRET_REFS_DISABLED_MESSAGE, +} from "../services/plugin-secrets-handler.js"; + +describe("createPluginSecretsHandler", () => { + it("fails closed for plugin secret resolution until company scoping lands", async () => { + const handler = createPluginSecretsHandler({ + db: {} as never, + pluginId: "11111111-1111-4111-8111-111111111111", + }); + + await expect( + handler.resolve({ secretRef: "77777777-7777-4777-8777-777777777777" }), + ).rejects.toThrow(PLUGIN_SECRET_REFS_DISABLED_MESSAGE); + }); + + it("still rejects malformed secret refs before the feature-disable guard", async () => { + const handler = createPluginSecretsHandler({ + db: {} as never, + pluginId: "11111111-1111-4111-8111-111111111111", + }); + + await expect( + handler.resolve({ secretRef: "not-a-uuid" }), + ).rejects.toThrow(/invalid secret reference/i); + }); +}); diff --git a/server/src/__tests__/plugin-worker-manager.test.ts b/server/src/__tests__/plugin-worker-manager.test.ts index 53ed57bb..4f578fda 100644 --- a/server/src/__tests__/plugin-worker-manager.test.ts +++ b/server/src/__tests__/plugin-worker-manager.test.ts @@ -1,5 +1,32 @@ -import { describe, expect, it } from "vitest"; -import { appendStderrExcerpt, formatWorkerFailureMessage } from "../services/plugin-worker-manager.js"; +import path from "node:path"; +import { fileURLToPath } from "node:url"; +import { describe, expect, it, vi } from "vitest"; +import type { PaperclipPluginManifestV1 } from "@paperclipai/shared"; +import { + JsonRpcCallError, + type HostToWorkerMethods, +} from "@paperclipai/plugin-sdk"; +import { + appendStderrExcerpt, + createPluginWorkerHandle, + formatWorkerFailureMessage, +} from "../services/plugin-worker-manager.js"; + +const FIXTURES_DIR = path.join(path.dirname(fileURLToPath(import.meta.url)), "fixtures"); +const DELAYED_WORKER_ENTRYPOINT = path.join(FIXTURES_DIR, "plugin-worker-delayed.cjs"); +const TERMINATED_WORKER_ENTRYPOINT = path.join(FIXTURES_DIR, "plugin-worker-terminated.cjs"); + +const TEST_MANIFEST: PaperclipPluginManifestV1 = { + id: "test.plugin", + apiVersion: 1, + version: "1.0.0", + displayName: "Test plugin", + description: "Test plugin", + author: "Paperclip", + categories: ["automation"], + capabilities: [], + entrypoints: { worker: "dist/worker.js" }, +}; describe("plugin-worker-manager stderr failure context", () => { it("appends worker stderr context to failure messages", () => { @@ -40,4 +67,115 @@ describe("plugin-worker-manager stderr failure context", () => { expect(excerpt).not.toContain("second line"); expect(excerpt.length).toBeLessThanOrEqual(8_000); }); + + it("times out environmentExecute calls using the handle default when no override is provided", async () => { + const handle = createPluginWorkerHandle("test.plugin", { + entrypointPath: DELAYED_WORKER_ENTRYPOINT, + manifest: TEST_MANIFEST, + config: {}, + instanceInfo: { + instanceId: "instance-1", + hostVersion: "1.0.0", + }, + apiVersion: 1, + hostHandlers: {}, + rpcTimeoutMs: 10, + }); + + try { + await handle.start(); + + await expect(handle.call("environmentExecute", { + driverKey: "e2b", + companyId: "company-1", + environmentId: "environment-1", + config: {}, + lease: { providerLeaseId: "lease-1" }, + command: "echo", + delayMs: 50, + } as HostToWorkerMethods["environmentExecute"][0])).rejects.toMatchObject({ + message: expect.stringContaining("timed out after 10ms"), + }); + } finally { + await handle.stop().catch(() => undefined); + } + }); + + it("honors per-call timeout overrides for environmentExecute", async () => { + const handle = createPluginWorkerHandle("test.plugin", { + entrypointPath: DELAYED_WORKER_ENTRYPOINT, + manifest: TEST_MANIFEST, + config: {}, + instanceInfo: { + instanceId: "instance-1", + hostVersion: "1.0.0", + }, + apiVersion: 1, + hostHandlers: {}, + rpcTimeoutMs: 10, + }); + + try { + await handle.start(); + + await expect(handle.call("environmentExecute", { + driverKey: "e2b", + companyId: "company-1", + environmentId: "environment-1", + config: {}, + lease: { providerLeaseId: "lease-1" }, + command: "echo", + delayMs: 50, + } as HostToWorkerMethods["environmentExecute"][0], 100)).resolves.toMatchObject({ + exitCode: 0, + stdout: "ok\n", + }); + } finally { + await handle.stop().catch(() => undefined); + } + }); + + it("does not emit an unhandled rejection when a plugin responds with terminated before callers attach handlers", async () => { + const unhandledRejection = vi.fn(); + process.on("unhandledRejection", unhandledRejection); + + const handle = createPluginWorkerHandle("test.plugin", { + entrypointPath: TERMINATED_WORKER_ENTRYPOINT, + manifest: TEST_MANIFEST, + config: {}, + instanceInfo: { + instanceId: "instance-1", + hostVersion: "1.0.0", + }, + apiVersion: 1, + hostHandlers: {}, + }); + + try { + await handle.start(); + + const pendingCall = handle.call( + "environmentExecute" as keyof HostToWorkerMethods, + { + driverKey: "e2b", + companyId: "company-1", + environmentId: "environment-1", + config: {}, + lease: { providerLeaseId: "lease-1" }, + command: "echo", + } as HostToWorkerMethods[keyof HostToWorkerMethods][0], + ); + + await new Promise((resolve) => setImmediate(resolve)); + + await expect(pendingCall).rejects.toBeInstanceOf(JsonRpcCallError); + await expect(pendingCall).rejects.toMatchObject({ + message: expect.stringContaining("terminated"), + }); + expect(unhandledRejection).not.toHaveBeenCalled(); + } finally { + process.off("unhandledRejection", unhandledRejection); + await handle.stop().catch(() => undefined); + } + }); }); diff --git a/server/src/__tests__/productivity-review-service.test.ts b/server/src/__tests__/productivity-review-service.test.ts index e2c61d20..602267d4 100644 --- a/server/src/__tests__/productivity-review-service.test.ts +++ b/server/src/__tests__/productivity-review-service.test.ts @@ -201,6 +201,7 @@ describeEmbeddedPostgres("productivity review service", () => { expect(reviews).toHaveLength(1); expect(reviews[0]?.parentId).toBe(seeded.issueId); expect(reviews[0]?.assigneeAgentId).toBe(seeded.managerId); + expect(reviews[0]?.assigneeAdapterOverrides).toEqual({ modelProfile: "cheap" }); expect(reviews[0]?.originId).toBe(seeded.issueId); expect(reviews[0]?.originFingerprint).toBe(`productivity-review:${seeded.issueId}`); expect(reviews[0]?.description).toContain("Primary trigger: `no_comment_streak`"); diff --git a/server/src/__tests__/recovery-classifiers.test.ts b/server/src/__tests__/recovery-classifiers.test.ts index f16b29f9..72243d3f 100644 --- a/server/src/__tests__/recovery-classifiers.test.ts +++ b/server/src/__tests__/recovery-classifiers.test.ts @@ -74,6 +74,100 @@ describe("recovery classifier boundary", () => { expect(classifyIssueGraphLiveness(input)).toEqual(classifyIssueGraphLivenessCompat(input)); }); + it("treats a scheduled monitor as an explicit review action path", () => { + const findings = classifyIssueGraphLiveness({ + now: "2026-04-30T18:00:00.000Z", + issues: [ + { + id: issueId, + companyId, + identifier: "PAP-2945", + title: "Wait for external review", + status: "in_review", + assigneeAgentId: agentId, + assigneeUserId: null, + createdByAgentId: null, + createdByUserId: null, + executionState: null, + monitorNextCheckAt: "2026-04-30T19:00:00.000Z", + }, + ], + relations: [], + agents: [ + { + id: agentId, + companyId, + name: "Coder", + role: "engineer", + status: "idle", + reportsTo: managerId, + }, + ], + }); + + expect(findings).toEqual([]); + }); + + it("does not treat overdue or exhausted monitors as explicit waiting paths", () => { + const baseIssue = { + id: issueId, + companyId, + identifier: "PAP-2945", + title: "Wait for external review", + status: "in_review", + assigneeAgentId: agentId, + assigneeUserId: null, + createdByAgentId: null, + createdByUserId: null, + }; + const agents = [ + { + id: agentId, + companyId, + name: "Coder", + role: "engineer", + status: "idle", + reportsTo: managerId, + }, + ]; + + const overdue = classifyIssueGraphLiveness({ + now: "2026-04-30T20:00:00.000Z", + issues: [ + { + ...baseIssue, + executionState: null, + monitorNextCheckAt: "2026-04-30T19:00:00.000Z", + }, + ], + relations: [], + agents, + }); + + const exhausted = classifyIssueGraphLiveness({ + now: "2026-04-30T18:00:00.000Z", + issues: [ + { + ...baseIssue, + executionPolicy: { + monitor: { + nextCheckAt: "2026-04-30T19:00:00.000Z", + maxAttempts: 1, + }, + }, + executionState: null, + monitorNextCheckAt: "2026-04-30T19:00:00.000Z", + monitorAttemptCount: 1, + }, + ], + relations: [], + agents, + }); + + expect(overdue[0]?.state).toBe("in_review_without_action_path"); + expect(exhausted[0]?.state).toBe("in_review_without_action_path"); + }); + it("keeps run liveness continuation decision parity with the compatibility export", () => { const input = { run: { diff --git a/server/src/__tests__/routines-routes.test.ts b/server/src/__tests__/routines-routes.test.ts index 35b6b355..d541f0cf 100644 --- a/server/src/__tests__/routines-routes.test.ts +++ b/server/src/__tests__/routines-routes.test.ts @@ -7,6 +7,7 @@ const agentId = "11111111-1111-4111-8111-111111111111"; const routineId = "33333333-3333-4333-8333-333333333333"; const projectId = "44444444-4444-4444-8444-444444444444"; const otherAgentId = "55555555-5555-4555-8555-555555555555"; +const revisionId = "77777777-7777-4777-8777-777777777777"; const routine = { id: routineId, @@ -21,6 +22,9 @@ const routine = { status: "active", concurrencyPolicy: "coalesce_if_active", catchUpPolicy: "skip_missed", + variables: [], + latestRevisionId: revisionId, + latestRevisionNumber: 1, createdByAgentId: null, createdByUserId: null, updatedByAgentId: null, @@ -30,6 +34,40 @@ const routine = { createdAt: new Date("2026-03-20T00:00:00.000Z"), updatedAt: new Date("2026-03-20T00:00:00.000Z"), }; + +const revision = { + id: revisionId, + companyId, + routineId, + revisionNumber: 1, + title: "Daily routine", + description: null, + snapshot: { + version: 1, + routine: { + id: routineId, + companyId, + projectId, + goalId: null, + parentIssueId: null, + title: "Daily routine", + description: null, + assigneeAgentId: agentId, + priority: "medium", + status: "active", + concurrencyPolicy: "coalesce_if_active", + catchUpPolicy: "skip_missed", + variables: [], + }, + triggers: [], + }, + changeSummary: "Created routine", + restoredFromRevisionId: null, + createdByAgentId: null, + createdByUserId: "board-user", + createdByRunId: null, + createdAt: new Date("2026-03-20T00:00:00.000Z"), +}; const pausedRoutine = { ...routine, status: "paused", @@ -65,6 +103,8 @@ const mockRoutineService = vi.hoisted(() => ({ getDetail: vi.fn(), update: vi.fn(), create: vi.fn(), + listRevisions: vi.fn(), + restoreRevision: vi.fn(), listRuns: vi.fn(), createTrigger: vi.fn(), getTrigger: vi.fn(), @@ -150,6 +190,14 @@ describe("routine routes", () => { mockRoutineService.get.mockResolvedValue(routine); mockRoutineService.getTrigger.mockResolvedValue(trigger); mockRoutineService.update.mockResolvedValue({ ...routine, assigneeAgentId: otherAgentId }); + mockRoutineService.listRevisions.mockResolvedValue([revision]); + mockRoutineService.restoreRevision.mockResolvedValue({ + routine, + revision: { ...revision, revisionNumber: 2, restoredFromRevisionId: revision.id }, + restoredFromRevisionId: revision.id, + restoredFromRevisionNumber: revision.revisionNumber, + secretMaterials: [], + }); mockRoutineService.runRoutine.mockResolvedValue({ id: "run-1", source: "manual", @@ -176,6 +224,73 @@ describe("routine routes", () => { expect(mockRoutineService.list).toHaveBeenCalledWith(companyId, { projectId }); }); + it("lists routine revisions for a board member in newest-first service order", async () => { + const app = await createApp({ + type: "board", + userId: "board-user", + source: "session", + isInstanceAdmin: true, + companyIds: [companyId], + }); + + const res = await request(app).get(`/api/routines/${routineId}/revisions`); + + expect(res.status).toBe(200); + expect(mockRoutineService.listRevisions).toHaveBeenCalledWith(routineId); + expect(res.body[0]).toMatchObject({ id: revisionId, revisionNumber: 1 }); + }); + + it("blocks routine revision reads across company scope", async () => { + const app = await createApp({ + type: "board", + userId: "board-user", + source: "session", + isInstanceAdmin: false, + companyIds: ["99999999-9999-4999-8999-999999999999"], + }); + + const res = await request(app).get(`/api/routines/${routineId}/revisions`); + + expect(res.status).toBe(403); + expect(mockRoutineService.listRevisions).not.toHaveBeenCalled(); + }); + + it("requires an assigned agent for routine revision history access", async () => { + const app = await createApp({ + type: "agent", + agentId: otherAgentId, + companyId, + }); + + const res = await request(app).get(`/api/routines/${routineId}/revisions`); + + expect(res.status).toBe(403); + expect(mockRoutineService.listRevisions).not.toHaveBeenCalled(); + }); + + it("restores routine revisions with existing routine-management permissions", async () => { + const app = await createApp({ + type: "agent", + agentId, + companyId, + runId: "88888888-8888-4888-8888-888888888888", + }); + + const res = await request(app).post(`/api/routines/${routineId}/revisions/${revisionId}/restore`).send({}); + + expect(res.status).toBe(200); + expect(mockRoutineService.restoreRevision).toHaveBeenCalledWith(routineId, revisionId, { + agentId, + userId: null, + runId: "88888888-8888-4888-8888-888888888888", + }); + expect(mockLogActivity).toHaveBeenCalledWith(expect.anything(), expect.objectContaining({ + action: "routine.revision_restored", + entityId: routineId, + runId: "88888888-8888-4888-8888-888888888888", + })); + }); + it("requires tasks:assign permission for non-admin board routine creation", async () => { const app = await createApp({ type: "board", @@ -348,6 +463,7 @@ describe("routine routes", () => { }), { agentId: null, userId: "board-user", + runId: null, }); expect(mockTrackRoutineCreated).toHaveBeenCalledWith(expect.anything()); }); diff --git a/server/src/__tests__/routines-service.test.ts b/server/src/__tests__/routines-service.test.ts index 45769877..70fe9d05 100644 --- a/server/src/__tests__/routines-service.test.ts +++ b/server/src/__tests__/routines-service.test.ts @@ -1,6 +1,6 @@ import { createHmac, randomUUID } from "node:crypto"; import { eq } from "drizzle-orm"; -import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest"; +import { afterAll, afterEach, beforeAll, describe, expect, it, vi } from "vitest"; import { activityLog, agents, @@ -26,10 +26,12 @@ import { } from "./helpers/embedded-postgres.js"; import { issueService } from "../services/issues.ts"; import { instanceSettingsService } from "../services/instance-settings.ts"; +import * as providerRegistry from "../secrets/provider-registry.ts"; import { routineService } from "../services/routines.ts"; const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; +const originalSecretsProviderEnv = process.env.PAPERCLIP_SECRETS_PROVIDER; if (!embeddedPostgresSupport.supported) { console.warn( @@ -47,6 +49,11 @@ describeEmbeddedPostgres("routine service live-execution coalescing", () => { }, 20_000); afterEach(async () => { + if (originalSecretsProviderEnv === undefined) { + delete process.env.PAPERCLIP_SECRETS_PROVIDER; + } else { + process.env.PAPERCLIP_SECRETS_PROVIDER = originalSecretsProviderEnv; + } await db.delete(activityLog); await db.delete(issueInboxArchives); await db.delete(issueReadStates); @@ -283,6 +290,201 @@ describeEmbeddedPostgres("routine service live-execution coalescing", () => { expect(routine.status).toBe("paused"); }); + it("creates revision 1 on routine create and appends revisions for real updates only", async () => { + const { routine, svc } = await seedFixture(); + + const initialRevisions = await svc.listRevisions(routine.id); + expect(initialRevisions).toHaveLength(1); + expect(initialRevisions[0]).toMatchObject({ + id: routine.latestRevisionId, + revisionNumber: 1, + title: "ascii frog", + changeSummary: "Created routine", + }); + expect(initialRevisions[0]?.snapshot.routine.description).toBe("Run the frog routine"); + + const updated = await svc.update( + routine.id, + { + description: "Run the frog routine with logs", + baseRevisionId: routine.latestRevisionId, + }, + {}, + ); + expect(updated?.latestRevisionNumber).toBe(2); + expect(updated?.latestRevisionId).not.toBe(routine.latestRevisionId); + + const noOp = await svc.update( + routine.id, + { + description: "Run the frog routine with logs", + baseRevisionId: updated?.latestRevisionId, + }, + {}, + ); + expect(noOp?.latestRevisionId).toBe(updated?.latestRevisionId); + expect(noOp?.latestRevisionNumber).toBe(2); + + const revisions = await svc.listRevisions(routine.id); + expect(revisions.map((revision) => revision.revisionNumber)).toEqual([2, 1]); + expect(revisions[0]?.snapshot.routine.description).toBe("Run the frog routine with logs"); + expect(revisions[1]?.snapshot.routine.description).toBe("Run the frog routine"); + }); + + it("rejects stale routine baseRevisionId updates", async () => { + const { routine, svc } = await seedFixture(); + const updated = await svc.update(routine.id, { description: "new description" }, {}); + await expect( + svc.update(routine.id, { + title: "stale update", + baseRevisionId: routine.latestRevisionId, + }, {}), + ).rejects.toMatchObject({ + status: 409, + details: { + currentRevisionId: updated?.latestRevisionId, + }, + }); + }); + + it("restores an older routine revision append-only and preserves run history", async () => { + const { routine, svc } = await seedFixture(); + const revision1Id = routine.latestRevisionId!; + const run = await svc.runRoutine(routine.id, { source: "manual" }); + const revision2Routine = await svc.update(routine.id, { description: "revision 2" }, {}); + + const restored = await svc.restoreRevision(routine.id, revision1Id, {}); + + expect(restored.restoredFromRevisionId).toBe(revision1Id); + expect(restored.restoredFromRevisionNumber).toBe(1); + expect(restored.routine.latestRevisionNumber).toBe(3); + expect(restored.routine.latestRevisionId).not.toBe(revision2Routine?.latestRevisionId); + expect(restored.routine.description).toBe("Run the frog routine"); + expect(restored.revision.restoredFromRevisionId).toBe(revision1Id); + expect(restored.revision.snapshot.routine.description).toBe("Run the frog routine"); + + const revisions = await svc.listRevisions(routine.id); + expect(revisions.map((revision) => revision.revisionNumber)).toEqual([3, 2, 1]); + await expect(db.select().from(routineRuns).where(eq(routineRuns.id, run.id))).resolves.toHaveLength(1); + }); + + it("rejects restoring the current latest routine revision", async () => { + const { routine, svc } = await seedFixture(); + + await expect( + svc.restoreRevision(routine.id, routine.latestRevisionId!, {}), + ).rejects.toMatchObject({ + status: 409, + details: { + currentRevisionId: routine.latestRevisionId, + }, + }); + }); + + it("recreates deleted webhook trigger secrets when restoring a historical revision", async () => { + const { routine, svc } = await seedFixture(); + const created = await svc.createTrigger(routine.id, { + kind: "webhook", + signingMode: "bearer", + replayWindowSec: 300, + }, {}); + await svc.deleteTrigger(created.trigger.id, {}); + + const restored = await svc.restoreRevision(routine.id, created.revision.id, {}); + + expect(restored.secretMaterials).toHaveLength(1); + expect(restored.secretMaterials[0]).toMatchObject({ + triggerId: created.trigger.id, + }); + expect(restored.secretMaterials[0]?.webhookSecret).toBeTruthy(); + expect(restored.secretMaterials[0]?.webhookUrl).toContain("/api/routine-triggers/public/"); + + const restoredTrigger = await svc.getTrigger(created.trigger.id); + expect(restoredTrigger?.secretId).toBeTruthy(); + expect(restoredTrigger?.publicId).toBeTruthy(); + expect(restoredTrigger?.publicId).not.toBe(created.trigger.publicId); + }); + + it("blocks agents from restoring routine revisions assigned to another agent", async () => { + const { companyId, routine, svc } = await seedFixture(); + const otherAgentId = randomUUID(); + await db.insert(agents).values({ + id: otherAgentId, + companyId, + name: "OtherCoder", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }); + const revision1Id = routine.latestRevisionId!; + + await svc.update(routine.id, { assigneeAgentId: otherAgentId }, {}); + + await expect( + svc.restoreRevision(routine.id, revision1Id, { agentId: otherAgentId }), + ).rejects.toMatchObject({ + status: 403, + message: "Agents can only restore routine revisions assigned to themselves", + }); + await expect(svc.get(routine.id)).resolves.toMatchObject({ + assigneeAgentId: otherAgentId, + latestRevisionNumber: 2, + }); + }); + + it("blocks restoring routine revisions assigned to agents that are no longer assignable", async () => { + const { agentId, routine, svc } = await seedFixture(); + const revision1Id = routine.latestRevisionId!; + await svc.update(routine.id, { description: "revision 2" }, {}); + await db + .update(agents) + .set({ status: "terminated" }) + .where(eq(agents.id, agentId)); + + await expect( + svc.restoreRevision(routine.id, revision1Id, { userId: "board-user" }), + ).rejects.toMatchObject({ + status: 409, + message: "Cannot assign routines to terminated agents", + }); + await expect(svc.get(routine.id)).resolves.toMatchObject({ + description: "revision 2", + latestRevisionNumber: 2, + }); + }); + + it("appends safe trigger metadata revisions without leaking webhook secrets", async () => { + const { routine, svc } = await seedFixture(); + const created = await svc.createTrigger(routine.id, { + kind: "webhook", + signingMode: "bearer", + replayWindowSec: 300, + }, {}); + expect(created.revision.revisionNumber).toBe(2); + expect(created.secretMaterial?.webhookSecret).toBeTruthy(); + + const updated = await svc.updateTrigger(created.trigger.id, { label: "deploy hook" }, {}); + expect(updated?.revision.revisionNumber).toBe(3); + + const rotated = await svc.rotateTriggerSecret(created.trigger.id, {}); + expect(rotated.revision.revisionNumber).toBe(4); + expect(rotated.secretMaterial.webhookSecret).toBeTruthy(); + + const deleted = await svc.deleteTrigger(created.trigger.id, {}); + expect(deleted.revision?.revisionNumber).toBe(5); + + const revisions = await svc.listRevisions(routine.id); + const serialized = JSON.stringify(revisions.map((revision) => revision.snapshot)); + expect(serialized).toContain(created.trigger.publicId!); + expect(serialized).not.toContain(created.secretMaterial!.webhookSecret); + expect(serialized).not.toContain(rotated.secretMaterial.webhookSecret); + expect(serialized).not.toContain(created.trigger.secretId!); + expect(revisions[0]?.snapshot.triggers).toHaveLength(0); + }); + it("wakes the assignee when a routine creates a fresh execution issue", async () => { const { agentId, routine, svc, wakeups } = await seedFixture(); @@ -1077,6 +1279,82 @@ describeEmbeddedPostgres("routine service live-execution coalescing", () => { expect(run.linkedIssueId).toBeTruthy(); }); + it("uses the configured provider for generated webhook trigger secrets", async () => { + process.env.PAPERCLIP_SECRETS_PROVIDER = "aws_secrets_manager"; + const originalGetSecretProvider = providerRegistry.getSecretProvider; + const getSecretProviderSpy = vi.spyOn(providerRegistry, "getSecretProvider").mockImplementation((provider) => { + if (provider !== "aws_secrets_manager") { + return originalGetSecretProvider(provider); + } + return { + id: "aws_secrets_manager", + descriptor: () => ({ + id: "aws_secrets_manager", + label: "AWS Secrets Manager", + supportsManaged: true, + supportsExternalReference: true, + }), + validateConfig: async () => ({ ok: true, warnings: [] }), + createSecret: async ({ value }) => ({ + material: { source: "managed", secretId: "arn:aws:secretsmanager:stub", versionId: "v1" }, + valueSha256: `sha:${value}`, + fingerprintSha256: `sha:${value}`, + externalRef: "arn:aws:secretsmanager:stub", + providerVersionRef: "v1", + }), + createVersion: async ({ value }) => ({ + material: { source: "managed", secretId: "arn:aws:secretsmanager:stub", versionId: "v2" }, + valueSha256: `sha:${value}`, + fingerprintSha256: `sha:${value}`, + externalRef: "arn:aws:secretsmanager:stub", + providerVersionRef: "v2", + }), + linkExternalSecret: async ({ externalRef, providerVersionRef }) => ({ + material: { source: "external", secretId: externalRef, versionId: providerVersionRef ?? null }, + valueSha256: "external", + fingerprintSha256: "external", + externalRef, + providerVersionRef: providerVersionRef ?? null, + }), + resolveVersion: async () => "resolved-secret", + deleteOrArchive: async () => undefined, + healthCheck: async () => ({ + provider: "aws_secrets_manager", + status: "ok", + message: "stubbed", + }), + }; + }); + + try { + const { routine, svc } = await seedFixture(); + const { trigger } = await svc.createTrigger( + routine.id, + { + kind: "webhook", + signingMode: "hmac_sha256", + replayWindowSec: 300, + }, + {}, + ); + + const [secret] = await db + .select({ + id: companySecrets.id, + provider: companySecrets.provider, + }) + .from(companySecrets) + .where(eq(companySecrets.id, trigger.secretId!)); + + expect(secret).toMatchObject({ + id: trigger.secretId, + provider: "aws_secrets_manager", + }); + } finally { + getSecretProviderSpy.mockRestore(); + } + }); + it("accepts GitHub-style X-Hub-Signature-256 with github_hmac signing mode", async () => { const { routine, svc } = await seedFixture(); const { trigger, secretMaterial } = await svc.createTrigger( diff --git a/server/src/__tests__/run-continuations.test.ts b/server/src/__tests__/run-continuations.test.ts index 82b13235..7daddf7b 100644 --- a/server/src/__tests__/run-continuations.test.ts +++ b/server/src/__tests__/run-continuations.test.ts @@ -76,10 +76,12 @@ describe("run liveness continuations", () => { continuationAttempt: 1, maxContinuationAttempts: DEFAULT_MAX_LIVENESS_CONTINUATION_ATTEMPTS, instruction: "Take the first concrete action now.", + modelProfile: "cheap", }); expect(decision.contextSnapshot).toMatchObject({ issueId, wakeReason: RUN_LIVENESS_CONTINUATION_REASON, + modelProfile: "cheap", livenessContinuationAttempt: 1, livenessContinuationMaxAttempts: DEFAULT_MAX_LIVENESS_CONTINUATION_ATTEMPTS, livenessContinuationSourceRunId: runId, diff --git a/server/src/__tests__/secret-provider-registry.test.ts b/server/src/__tests__/secret-provider-registry.test.ts new file mode 100644 index 00000000..326fd406 --- /dev/null +++ b/server/src/__tests__/secret-provider-registry.test.ts @@ -0,0 +1,70 @@ +import { randomBytes } from "node:crypto"; +import { chmodSync, mkdirSync, rmSync, writeFileSync } from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { checkSecretProviders, listSecretProviders } from "../secrets/provider-registry.js"; + +describe("secret provider registry", () => { + const previousKeyFile = process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE; + const previousMasterKey = process.env.PAPERCLIP_SECRETS_MASTER_KEY; + const tmpDirs: string[] = []; + + afterEach(() => { + if (previousKeyFile === undefined) { + delete process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE; + } else { + process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE = previousKeyFile; + } + if (previousMasterKey === undefined) { + delete process.env.PAPERCLIP_SECRETS_MASTER_KEY; + } else { + process.env.PAPERCLIP_SECRETS_MASTER_KEY = previousMasterKey; + } + for (const dir of tmpDirs.splice(0)) { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("describes managed and external-reference provider capabilities", () => { + const descriptors = listSecretProviders(); + + expect(descriptors).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + id: "local_encrypted", + supportsManagedValues: true, + supportsExternalReferences: false, + configured: true, + }), + expect.objectContaining({ + id: "aws_secrets_manager", + supportsManagedValues: true, + supportsExternalReferences: true, + configured: false, + }), + ]), + ); + }); + + it("warns when the local encrypted key file is readable by group or others", async () => { + const dir = path.join(os.tmpdir(), `paperclip-secret-provider-${randomBytes(6).toString("hex")}`); + tmpDirs.push(dir); + mkdirSync(dir, { recursive: true }); + const keyFile = path.join(dir, "master.key"); + writeFileSync(keyFile, randomBytes(32).toString("base64"), { encoding: "utf8", mode: 0o644 }); + chmodSync(keyFile, 0o644); + process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE = keyFile; + delete process.env.PAPERCLIP_SECRETS_MASTER_KEY; + + const checks = await checkSecretProviders(); + const local = checks.find((check) => check.provider === "local_encrypted"); + + expect(local).toMatchObject({ + status: "warn", + details: { keyFilePath: keyFile }, + }); + expect(local?.warnings?.join("\n")).toContain("chmod 600"); + expect(local?.backupGuidance?.join("\n")).toContain("database"); + }); +}); diff --git a/server/src/__tests__/secrets-routes.test.ts b/server/src/__tests__/secrets-routes.test.ts new file mode 100644 index 00000000..86d4b7cb --- /dev/null +++ b/server/src/__tests__/secrets-routes.test.ts @@ -0,0 +1,454 @@ +import express from "express"; +import request from "supertest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; +import { secretRoutes } from "../routes/secrets.js"; +import { errorHandler } from "../middleware/error-handler.js"; +import { HttpError, unprocessable } from "../errors.js"; + +const mockSecretService = vi.hoisted(() => ({ + listProviders: vi.fn(), + checkProviders: vi.fn(), + listProviderConfigs: vi.fn(), + getProviderConfigById: vi.fn(), + createProviderConfig: vi.fn(), + updateProviderConfig: vi.fn(), + disableProviderConfig: vi.fn(), + setDefaultProviderConfig: vi.fn(), + checkProviderConfigHealth: vi.fn(), + getById: vi.fn(), + create: vi.fn(), + update: vi.fn(), + remove: vi.fn(), + previewRemoteImport: vi.fn(), + importRemoteSecrets: vi.fn(), +})); +const mockLogActivity = vi.hoisted(() => vi.fn()); + +vi.mock("../services/index.js", () => ({ + secretService: () => mockSecretService, + logActivity: mockLogActivity, +})); + +function createApp(actor: Record = { + type: "board", + userId: "user-1", + source: "session", + companyIds: ["company-1"], + memberships: [{ companyId: "company-1", status: "active", membershipRole: "admin" }], +}) { + const app = express(); + app.use(express.json()); + app.use((req, _res, next) => { + (req as any).actor = actor; + next(); + }); + app.use("/api", secretRoutes({} as any)); + app.use(errorHandler); + return app; +} + +describe("secret routes", () => { + beforeEach(() => { + for (const mock of Object.values(mockSecretService)) { + mock.mockReset(); + } + mockLogActivity.mockReset(); + }); + + it("returns provider health checks for board callers with company access", async () => { + mockSecretService.checkProviders.mockResolvedValue([ + { + provider: "local_encrypted", + status: "ok", + message: "Local encrypted provider configured", + backupGuidance: ["Back up the key file together with database backups."], + }, + ]); + + const res = await request(createApp()).get("/api/companies/company-1/secret-providers/health"); + + expect(res.status).toBe(200); + expect(res.body).toEqual({ + providers: [ + { + provider: "local_encrypted", + status: "ok", + message: "Local encrypted provider configured", + backupGuidance: ["Back up the key file together with database backups."], + }, + ], + }); + }); + + it("rejects managed secret creation when externalRef is supplied", async () => { + const res = await request(createApp()).post("/api/companies/company-1/secrets").send({ + name: "OpenAI API Key", + managedMode: "paperclip_managed", + value: "secret-value", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/other", + }); + + expect(res.status).toBe(400); + expect(JSON.stringify(res.body)).toMatch(/Managed secrets cannot set externalRef/); + expect(mockSecretService.create).not.toHaveBeenCalled(); + }); + + it("rejects provider vault routes for non-board actors", async () => { + const res = await request(createApp({ + type: "agent", + agentId: "agent-1", + companyId: "company-1", + })).get("/api/companies/company-1/secret-provider-configs"); + + expect(res.status).toBe(403); + expect(mockSecretService.listProviderConfigs).not.toHaveBeenCalled(); + }); + + it("rejects provider vault cross-company access before calling the service", async () => { + const res = await request(createApp({ + type: "board", + userId: "user-1", + source: "session", + companyIds: ["company-2"], + memberships: [{ companyId: "company-2", status: "active", membershipRole: "admin" }], + })).get("/api/companies/company-1/secret-provider-configs"); + + expect(res.status).toBe(403); + expect(mockSecretService.listProviderConfigs).not.toHaveBeenCalled(); + }); + + it("rejects sensitive provider vault config fields", async () => { + const res = await request(createApp()).post("/api/companies/company-1/secret-provider-configs").send({ + provider: "aws_secrets_manager", + displayName: "AWS prod", + config: { + region: "us-east-1", + accessKeyId: "AKIA...", + }, + }); + + expect(res.status).toBe(400); + expect(JSON.stringify(res.body)).toMatch(/sensitive field/i); + expect(mockSecretService.createProviderConfig).not.toHaveBeenCalled(); + }); + + it("rejects ready status for coming-soon provider vaults", async () => { + const res = await request(createApp()).post("/api/companies/company-1/secret-provider-configs").send({ + provider: "vault", + displayName: "Vault draft", + status: "ready", + config: { + address: "https://vault.example.com", + }, + }); + + expect(res.status).toBe(400); + expect(JSON.stringify(res.body)).toMatch(/locked while coming soon/i); + expect(mockSecretService.createProviderConfig).not.toHaveBeenCalled(); + }); + + it("rejects credential-bearing Vault provider vault addresses before persistence", async () => { + const res = await request(createApp()).post("/api/companies/company-1/secret-provider-configs").send({ + provider: "vault", + displayName: "Vault draft", + config: { + address: "https://user:pass@vault.example.com", + }, + }); + + expect(res.status).toBe(400); + expect(JSON.stringify(res.body)).toMatch(/origin-only HTTP\(S\) URL/i); + expect(mockSecretService.createProviderConfig).not.toHaveBeenCalled(); + }); + + it.each([ + "https://vault.example.com?token=hvs.x", + "https://vault.example.com#token=hvs.x", + ])("rejects token-bearing Vault provider vault address %s before persistence", async (address) => { + const res = await request(createApp()).post("/api/companies/company-1/secret-provider-configs").send({ + provider: "vault", + displayName: "Vault draft", + config: { address }, + }); + + expect(res.status).toBe(400); + expect(JSON.stringify(res.body)).toMatch(/origin-only HTTP\(S\) URL/i); + expect(mockSecretService.createProviderConfig).not.toHaveBeenCalled(); + }); + + it("rejects unsafe Vault provider vault address patches before persistence", async () => { + const res = await request(createApp()).patch("/api/secret-provider-configs/vault-1").send({ + config: { + address: "https://vault.example.com#token=hvs.x", + }, + }); + + expect(res.status).toBe(400); + expect(JSON.stringify(res.body)).toMatch(/origin-only HTTP\(S\) URL/i); + expect(mockSecretService.getProviderConfigById).not.toHaveBeenCalled(); + expect(mockSecretService.updateProviderConfig).not.toHaveBeenCalled(); + }); + + it("creates provider vaults and logs safe activity details", async () => { + const createdAt = new Date("2026-05-06T00:00:00.000Z"); + mockSecretService.createProviderConfig.mockResolvedValue({ + id: "11111111-1111-4111-8111-111111111111", + companyId: "company-1", + provider: "aws_secrets_manager", + displayName: "AWS prod", + status: "ready", + isDefault: true, + config: { region: "us-east-1" }, + healthStatus: null, + healthCheckedAt: null, + healthMessage: null, + healthDetails: null, + disabledAt: null, + createdByAgentId: null, + createdByUserId: "user-1", + createdAt, + updatedAt: createdAt, + }); + + const res = await request(createApp()).post("/api/companies/company-1/secret-provider-configs").send({ + provider: "aws_secrets_manager", + displayName: "AWS prod", + isDefault: true, + config: { region: "us-east-1" }, + }); + + expect(res.status).toBe(201); + expect(mockSecretService.createProviderConfig).toHaveBeenCalledWith( + "company-1", + { + provider: "aws_secrets_manager", + displayName: "AWS prod", + status: undefined, + isDefault: true, + config: { region: "us-east-1" }, + }, + { userId: "user-1", agentId: null }, + ); + expect(mockLogActivity).toHaveBeenCalledWith(expect.anything(), expect.objectContaining({ + action: "secret_provider_config.created", + details: { + provider: "aws_secrets_manager", + displayName: "AWS prod", + status: "ready", + isDefault: true, + }, + })); + expect(JSON.stringify(mockLogActivity.mock.calls)).not.toContain("accessKey"); + }); + + it("rejects remote import preview for non-board actors", async () => { + const res = await request(createApp({ + type: "agent", + agentId: "agent-1", + companyId: "company-1", + })).post("/api/companies/company-1/secrets/remote-import/preview").send({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + }); + + expect(res.status).toBe(403); + expect(mockSecretService.previewRemoteImport).not.toHaveBeenCalled(); + }); + + it("previews remote imports and logs only aggregate metadata", async () => { + mockSecretService.previewRemoteImport.mockResolvedValue({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + provider: "aws_secrets_manager", + nextToken: null, + candidates: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + remoteName: "prod/openai", + name: "openai", + key: "openai", + providerVersionRef: null, + providerMetadata: { description: "OpenAI API key" }, + status: "ready", + importable: true, + conflicts: [], + }, + ], + }); + + const res = await request(createApp()) + .post("/api/companies/company-1/secrets/remote-import/preview") + .send({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + query: "openai", + pageSize: 25, + }); + + expect(res.status).toBe(200); + expect(mockSecretService.previewRemoteImport).toHaveBeenCalledWith("company-1", { + providerConfigId: "11111111-1111-4111-8111-111111111111", + query: "openai", + nextToken: undefined, + pageSize: 25, + }); + expect(mockLogActivity).toHaveBeenCalledWith(expect.anything(), expect.objectContaining({ + action: "secret.remote_import.previewed", + details: { + provider: "aws_secrets_manager", + candidateCount: 1, + readyCount: 1, + duplicateCount: 0, + conflictCount: 0, + }, + })); + expect(JSON.stringify(mockLogActivity.mock.calls)).not.toContain("prod/openai"); + }); + + it("returns sanitized remote import preview provider errors", async () => { + mockSecretService.previewRemoteImport.mockRejectedValue( + new HttpError( + 403, + "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault.", + { code: "access_denied" }, + ), + ); + + const res = await request(createApp()) + .post("/api/companies/company-1/secrets/remote-import/preview") + .send({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + }); + + expect(res.status).toBe(403); + expect(res.body).toEqual({ + error: "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault.", + details: { code: "access_denied" }, + }); + expect(JSON.stringify(res.body)).not.toContain("arn:aws"); + expect(JSON.stringify(res.body)).not.toContain("123456789012"); + expect(mockLogActivity).not.toHaveBeenCalled(); + }); + + it("imports remote references and logs aggregate row counts", async () => { + mockSecretService.importRemoteSecrets.mockResolvedValue({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + provider: "aws_secrets_manager", + importedCount: 1, + skippedCount: 0, + errorCount: 0, + results: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key", + key: "openai-api-key", + status: "imported", + reason: null, + secretId: "22222222-2222-4222-8222-222222222222", + conflicts: [], + }, + ], + }); + + const res = await request(createApp()) + .post("/api/companies/company-1/secrets/remote-import") + .send({ + providerConfigId: "11111111-1111-4111-8111-111111111111", + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key", + key: "openai-api-key", + description: "Operator-entered Paperclip description", + }, + ], + }); + + expect(res.status).toBe(200); + expect(mockSecretService.importRemoteSecrets).toHaveBeenCalledWith( + "company-1", + { + providerConfigId: "11111111-1111-4111-8111-111111111111", + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key", + key: "openai-api-key", + description: "Operator-entered Paperclip description", + }, + ], + }, + { userId: "user-1", agentId: null }, + ); + expect(mockLogActivity).toHaveBeenCalledWith(expect.anything(), expect.objectContaining({ + action: "secret.remote_import.completed", + details: { + provider: "aws_secrets_manager", + importedCount: 1, + skippedCount: 0, + errorCount: 0, + }, + })); + expect(JSON.stringify(mockLogActivity.mock.calls)).not.toContain("prod/openai"); + }); + + it("surfaces update-route externalRef retarget rejection without logging raw refs", async () => { + mockSecretService.getById.mockResolvedValue({ + id: "22222222-2222-4222-8222-222222222222", + companyId: "company-1", + name: "OpenAI API key", + key: "openai-api-key", + provider: "aws_secrets_manager", + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/original", + }); + mockSecretService.update.mockRejectedValue( + unprocessable("External reference secrets cannot be retargeted through generic update"), + ); + + const res = await request(createApp()) + .patch("/api/secrets/22222222-2222-4222-8222-222222222222") + .send({ + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/repointed", + }); + + expect(res.status).toBe(422); + expect(mockSecretService.update).toHaveBeenCalledWith( + "22222222-2222-4222-8222-222222222222", + expect.objectContaining({ + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/repointed", + }), + ); + expect(mockLogActivity).not.toHaveBeenCalled(); + expect(JSON.stringify(mockLogActivity.mock.calls)).not.toContain("shared/repointed"); + }); + + it("allows DELETE to retry cleanup for already soft-deleted secrets", async () => { + const secret = { + id: "33333333-3333-4333-8333-333333333333", + companyId: "company-1", + name: "OpenAI API Key__deleted__33333333-3333-4333-8333-333333333333", + key: "openai-api-key__deleted__33333333-3333-4333-8333-333333333333", + provider: "aws_secrets_manager", + managedMode: "paperclip_managed", + status: "deleted", + }; + mockSecretService.getById.mockResolvedValue(secret); + mockSecretService.remove.mockResolvedValue(secret); + + const res = await request(createApp()).delete( + "/api/secrets/33333333-3333-4333-8333-333333333333", + ); + + expect(res.status).toBe(200); + expect(res.body).toEqual({ ok: true }); + expect(mockSecretService.remove).toHaveBeenCalledWith( + "33333333-3333-4333-8333-333333333333", + ); + expect(mockLogActivity).toHaveBeenCalledWith( + expect.anything(), + expect.objectContaining({ + action: "secret.deleted", + companyId: "company-1", + entityId: secret.id, + }), + ); + }); +}); diff --git a/server/src/__tests__/secrets-service.test.ts b/server/src/__tests__/secrets-service.test.ts new file mode 100644 index 00000000..01f13041 --- /dev/null +++ b/server/src/__tests__/secrets-service.test.ts @@ -0,0 +1,1672 @@ +import { randomUUID } from "node:crypto"; +import { mkdirSync, rmSync } from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import { afterAll, afterEach, beforeAll, describe, expect, it, vi } from "vitest"; +import { eq } from "drizzle-orm"; +import { + agents, + companies, + companySecretBindings, + companySecretProviderConfigs, + companySecretVersions, + companySecrets, + createDb, + secretAccessEvents, +} from "@paperclipai/db"; +import { getEmbeddedPostgresTestSupport, startEmbeddedPostgresTestDatabase } from "./helpers/embedded-postgres.js"; +import { awsSecretsManagerProvider } from "../secrets/aws-secrets-manager-provider.js"; +import { localEncryptedProvider } from "../secrets/local-encrypted-provider.js"; +import { SecretProviderClientError } from "../secrets/types.js"; +import { secretService } from "../services/secrets.js"; + +const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport(); +const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip; + +if (!embeddedPostgresSupport.supported) { + console.warn( + `Skipping secrets service tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`, + ); +} + +describeEmbeddedPostgres("secretService", () => { + let stopDb: (() => Promise) | null = null; + let db!: ReturnType; + const previousKeyFile = process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE; + const secretsTmpDir = path.join(os.tmpdir(), `paperclip-secrets-service-${randomUUID()}`); + + beforeAll(async () => { + mkdirSync(secretsTmpDir, { recursive: true }); + process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE = path.join(secretsTmpDir, "master.key"); + const started = await startEmbeddedPostgresTestDatabase("secrets-service"); + stopDb = started.cleanup; + db = createDb(started.connectionString); + }); + + afterEach(async () => { + vi.restoreAllMocks(); + await db.delete(secretAccessEvents); + await db.delete(companySecretBindings); + await db.delete(companySecretVersions); + await db.delete(companySecrets); + await db.delete(companySecretProviderConfigs); + await db.delete(agents); + await db.delete(companies); + }); + + afterAll(async () => { + await stopDb?.(); + if (previousKeyFile === undefined) { + delete process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE; + } else { + process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE = previousKeyFile; + } + rmSync(secretsTmpDir, { recursive: true, force: true }); + }); + + async function seedCompany(name = "Acme") { + const companyId = randomUUID(); + await db.insert(companies).values({ + id: companyId, + name, + issuePrefix: `T${companyId.slice(0, 7)}`.toUpperCase(), + status: "active", + createdAt: new Date(), + updatedAt: new Date(), + }); + return companyId; + } + + it("rejects cross-company secret references during env normalization", async () => { + const companyA = await seedCompany("A"); + const companyB = await seedCompany("B"); + const svc = secretService(db); + const foreignSecret = await svc.create(companyB, { + name: `foreign-${randomUUID()}`, + provider: "local_encrypted", + value: "secret-value", + }); + + await expect( + svc.normalizeEnvBindingsForPersistence(companyA, { + API_KEY: { type: "secret_ref", secretId: foreignSecret.id, version: "latest" }, + }), + ).rejects.toThrow(/same company/i); + }); + + it("prevents duplicate bindings for a target config path", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const firstSecret = await svc.create(companyId, { + name: `first-${randomUUID()}`, + provider: "local_encrypted", + value: "one", + }); + const secondSecret = await svc.create(companyId, { + name: `second-${randomUUID()}`, + provider: "local_encrypted", + value: "two", + }); + + await svc.createBinding({ + companyId, + secretId: firstSecret.id, + targetType: "agent", + targetId: "agent-1", + configPath: "env.API_KEY", + }); + + await expect( + svc.createBinding({ + companyId, + secretId: secondSecret.id, + targetType: "agent", + targetId: "agent-1", + configPath: "env.API_KEY", + }), + ).rejects.toThrow(/already exists/i); + }); + + it("reports reference counts and resolves binding target labels", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `referenced-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + const [agent] = await db + .insert(agents) + .values({ + companyId, + name: "CodexCoder", + role: "engineer", + adapterType: "codex_local", + adapterConfig: {}, + }) + .returning(); + + await svc.syncEnvBindingsForTarget( + companyId, + { targetType: "agent", targetId: agent!.id }, + { + OPENAI_API_KEY: { type: "secret_ref", secretId: secret.id, version: "latest" }, + }, + ); + + const listed = await svc.list(companyId); + expect(listed.find((row) => row.id === secret.id)?.referenceCount).toBe(1); + + const bindings = await svc.listBindingReferences(companyId, secret.id); + expect(bindings).toHaveLength(1); + expect(bindings[0]?.target).toMatchObject({ + type: "agent", + id: agent!.id, + label: "CodexCoder", + href: "/agents/codexcoder", + status: "idle", + }); + }); + + it("enforces binding context and records value-free access events", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `runtime-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + const env = { + API_KEY: { type: "secret_ref" as const, secretId: secret.id, version: "latest" as const }, + }; + + await svc.syncEnvBindingsForTarget(companyId, { targetType: "agent", targetId: "agent-1" }, env); + + await expect( + svc.resolveEnvBindings(companyId, env, { + consumerType: "agent", + consumerId: "agent-2", + actorType: "agent", + actorId: "agent-2", + }), + ).rejects.toThrow(/not bound/i); + + const resolved = await svc.resolveEnvBindings(companyId, env, { + consumerType: "agent", + consumerId: "agent-1", + actorType: "agent", + actorId: "agent-1", + }); + + expect(resolved.env.API_KEY).toBe("runtime-secret"); + const events = await svc.listAccessEvents(companyId, secret.id); + expect(events).toHaveLength(2); + expect(events.map((event) => event.outcome).sort()).toEqual(["failure", "success"]); + expect(JSON.stringify(events)).not.toContain("runtime-secret"); + }); + + it("scopes env binding sync deletes to the env path prefix", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const runtimeSecret = await svc.create(companyId, { + name: `runtime-ref-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + const envSecret = await svc.create(companyId, { + name: `env-ref-${randomUUID()}`, + provider: "local_encrypted", + value: "env-secret", + }); + + await svc.createBinding({ + companyId, + secretId: runtimeSecret.id, + targetType: "agent", + targetId: "agent-1", + configPath: "runtime.token", + }); + await svc.syncEnvBindingsForTarget( + companyId, + { targetType: "agent", targetId: "agent-1" }, + { + API_KEY: { type: "secret_ref", secretId: envSecret.id, version: "latest" }, + }, + ); + await svc.syncEnvBindingsForTarget( + companyId, + { targetType: "agent", targetId: "agent-1" }, + {}, + ); + + const bindings = await db + .select() + .from(companySecretBindings) + .where(eq(companySecretBindings.targetId, "agent-1")); + expect(bindings.map((binding) => binding.configPath)).toEqual(["runtime.token"]); + }); + + it("returns resolved secrets even when success metadata writes fail", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `metadata-write-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + const env = { + API_KEY: { type: "secret_ref" as const, secretId: secret.id, version: "latest" as const }, + }; + await svc.syncEnvBindingsForTarget(companyId, { targetType: "agent", targetId: "agent-1" }, env); + + vi.spyOn(db, "update").mockImplementationOnce( + () => ({ + set: () => ({ + where: () => Promise.reject(new Error("metadata write failed")), + }), + }) as ReturnType, + ); + + const resolved = await svc.resolveEnvBindings(companyId, env, { + consumerType: "agent", + consumerId: "agent-1", + actorType: "agent", + actorId: "agent-1", + }); + + expect(resolved.env.API_KEY).toBe("runtime-secret"); + }); + + it("stores external references without requiring or persisting secret values", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + + const secret = await svc.create(companyId, { + name: `external-${randomUUID()}`, + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/test", + providerVersionRef: "version-1", + }); + + expect(secret.managedMode).toBe("external_reference"); + expect(secret.externalRef).toBe("arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/test"); + + const versions = await db + .select() + .from(companySecretVersions) + .where(eq(companySecretVersions.secretId, secret.id)); + expect(versions).toHaveLength(1); + expect(versions[0]?.providerVersionRef).toBe("version-1"); + expect(JSON.stringify(versions[0])).not.toContain("runtime-secret"); + expect(JSON.stringify(versions[0])).not.toContain("sk-"); + + await expect( + svc.resolveSecretValue(companyId, secret.id, "latest", { + consumerType: "system", + consumerId: "system", + configPath: "env.EXTERNAL_SECRET", + }), + ).rejects.toThrow(/not bound/i); + }); + + it("preserves the original resolution error when failure access logging fails", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `resolution-failure-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + await svc.createBinding({ + companyId, + secretId: secret.id, + targetType: "system", + targetId: "system", + configPath: "env.API_KEY", + }); + vi.spyOn(localEncryptedProvider, "resolveVersion").mockRejectedValueOnce( + new Error("provider resolution failed"), + ); + + await expect( + svc.resolveSecretValue(companyId, secret.id, "latest", { + consumerType: "system", + consumerId: "system", + configPath: "env.API_KEY", + heartbeatRunId: randomUUID(), + }), + ).rejects.toThrow("provider resolution failed"); + }); + + it("keeps one default provider vault per company provider", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + + const first = await svc.createProviderConfig(companyId, { + provider: "local_encrypted", + displayName: "Local primary", + isDefault: true, + config: {}, + }); + const second = await svc.createProviderConfig(companyId, { + provider: "local_encrypted", + displayName: "Local secondary", + isDefault: true, + config: {}, + }); + + const rows = await svc.listProviderConfigs(companyId); + expect(rows.find((row) => row.id === first.id)?.isDefault).toBe(false); + expect(rows.find((row) => row.id === second.id)?.isDefault).toBe(true); + }); + + it("does not set a disabled provider vault as default", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const vault = await svc.createProviderConfig(companyId, { + provider: "local_encrypted", + displayName: "Local disabled", + config: {}, + }); + + await svc.disableProviderConfig(vault.id); + await expect(svc.setDefaultProviderConfig(vault.id)).rejects.toThrow( + /ready or warning/i, + ); + }); + + it("hides soft-deleted secrets and allows name/key reuse", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secretName = `reusable-${randomUUID()}`; + const secret = await svc.create(companyId, { + name: secretName, + key: "reusable-key", + provider: "local_encrypted", + value: "first-value", + }); + + await svc.remove(secret.id); + const listed = await svc.list(companyId); + const recreated = await svc.create(companyId, { + name: secretName, + key: "reusable-key", + provider: "local_encrypted", + value: "second-value", + }); + + expect(listed.map((row) => row.id)).not.toContain(secret.id); + expect(recreated.id).not.toBe(secret.id); + expect(recreated.name).toBe(secretName); + expect(recreated.key).toBe("reusable-key"); + }); + + it("rejects bindings and env refs to soft-deleted external reference secrets", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const deleted = await svc.create(companyId, { + name: "Deleted external", + key: "deleted-external", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/deleted", + }); + await svc.update(deleted.id, { status: "deleted" }); + + await expect( + svc.createBinding({ + companyId, + secretId: deleted.id, + targetType: "agent", + targetId: "agent-1", + configPath: "env.API_KEY", + }), + ).rejects.toThrow(/not found/i); + await expect( + svc.normalizeEnvBindingsForPersistence(companyId, { + API_KEY: { type: "secret_ref", secretId: deleted.id, version: "latest" }, + }), + ).rejects.toThrow(/not found/i); + }); + + it("rejects updates to already soft-deleted external reference secrets", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const deleted = await svc.create(companyId, { + name: "Deleted patch target", + key: "deleted-patch-target", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/deleted-patch-target", + }); + await svc.update(deleted.id, { status: "deleted" }); + + await expect(svc.update(deleted.id, { status: "active" })).rejects.toThrow( + /not found/i, + ); + }); + + it("allows re-importing a remote secret after the prior external reference is soft-deleted", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const externalRef = + "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/reimportable"; + const deleted = await svc.create(companyId, { + name: "Deleted external", + key: "deleted-external", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef, + }); + + await svc.update(deleted.id, { status: "deleted" }); + vi.spyOn(awsSecretsManagerProvider, "listRemoteSecrets").mockResolvedValue({ + secrets: [ + { + externalRef, + name: "prod/reimportable", + providerVersionRef: null, + metadata: { arn: externalRef }, + }, + ], + }); + + const preview = await svc.previewRemoteImport(companyId, { + providerConfigId: awsVault.id, + }); + const result = await svc.importRemoteSecrets(companyId, { + providerConfigId: awsVault.id, + secrets: [ + { + externalRef, + name: "Reimported external", + key: "reimported-external", + }, + ], + }); + + expect(preview.candidates[0]).toMatchObject({ + status: "ready", + importable: true, + conflicts: [], + }); + expect(result).toMatchObject({ importedCount: 1, skippedCount: 0, errorCount: 0 }); + }); + + it("ignores soft-deleted name and key conflicts during remote import", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const deleted = await svc.create(companyId, { + name: "Deleted external", + key: "deleted-external", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/deleted-old", + }); + await svc.update(deleted.id, { status: "deleted" }); + vi.spyOn(awsSecretsManagerProvider, "listRemoteSecrets").mockResolvedValue({ + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/deleted-new", + name: "Deleted external", + providerVersionRef: null, + metadata: {}, + }, + ], + }); + + const preview = await svc.previewRemoteImport(companyId, { + providerConfigId: awsVault.id, + }); + const result = await svc.importRemoteSecrets(companyId, { + providerConfigId: awsVault.id, + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/deleted-new", + name: "Deleted external", + key: "deleted-external", + }, + ], + }); + + expect(preview.candidates[0]).toMatchObject({ + status: "ready", + importable: true, + conflicts: [], + }); + expect(result).toMatchObject({ importedCount: 1, skippedCount: 0, errorCount: 0 }); + }); + + it("rejects provider vaults from another company when creating a secret", async () => { + const companyA = await seedCompany("A"); + const companyB = await seedCompany("B"); + const svc = secretService(db); + const foreignVault = await svc.createProviderConfig(companyB, { + provider: "local_encrypted", + displayName: "Foreign vault", + config: {}, + }); + + await expect( + svc.create(companyA, { + name: `managed-${randomUUID()}`, + provider: "local_encrypted", + providerConfigId: foreignVault.id, + value: "runtime-secret", + }), + ).rejects.toThrow(/same company/i); + }); + + it("blocks coming-soon provider vaults from secret selection", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const draftVault = await svc.createProviderConfig(companyId, { + provider: "gcp_secret_manager", + displayName: "GCP draft", + config: { projectId: "paperclip-prod1" }, + }); + + expect(draftVault.status).toBe("coming_soon"); + await expect( + svc.create(companyId, { + name: `draft-${randomUUID()}`, + provider: "gcp_secret_manager", + providerConfigId: draftVault.id, + value: "runtime-secret", + }), + ).rejects.toThrow(/coming soon/i); + }); + + it("passes selected provider vault config through create, rotate, and resolve", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { + region: "us-east-1", + namespace: "prod-use1", + secretNamePrefix: "paperclip", + }, + }); + + const createSpy = vi.spyOn(awsSecretsManagerProvider, "createSecret").mockResolvedValue({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/openai-api-key", + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/openai-api-key", + providerVersionRef: "aws-version-1", + }); + const createVersionSpy = vi.spyOn(awsSecretsManagerProvider, "createVersion").mockResolvedValue({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/openai-api-key", + versionId: "aws-version-2", + source: "managed", + }, + valueSha256: "value-sha-2", + fingerprintSha256: "fingerprint-sha-2", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/openai-api-key", + providerVersionRef: "aws-version-2", + }); + const resolveSpy = vi.spyOn(awsSecretsManagerProvider, "resolveVersion").mockResolvedValue("resolved-secret"); + + const secret = await svc.create(companyId, { + name: `aws-managed-${randomUUID()}`, + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + value: "runtime-secret", + }); + const rotated = await svc.rotate(secret.id, { value: "rotated-runtime-secret" }); + const resolved = await svc.resolveSecretValue(companyId, rotated.id, "latest"); + + expect(resolved).toBe("resolved-secret"); + expect(createSpy).toHaveBeenCalledWith(expect.objectContaining({ + providerConfig: expect.objectContaining({ + id: awsVault.id, + provider: "aws_secrets_manager", + config: expect.objectContaining({ region: "us-east-1", namespace: "prod-use1" }), + }), + })); + expect(createVersionSpy).toHaveBeenCalledWith(expect.objectContaining({ + providerConfig: expect.objectContaining({ id: awsVault.id }), + })); + expect(resolveSpy).toHaveBeenCalledWith(expect.objectContaining({ + providerConfig: expect.objectContaining({ id: awsVault.id }), + providerVersionRef: "aws-version-2", + })); + expect(JSON.stringify(resolveSpy.mock.calls[0]?.[0])).not.toContain("resolved-secret"); + }); + + it("cleans up managed provider secrets when create persistence fails", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const prepared = { + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/create-rollback", + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/create-rollback", + providerVersionRef: "aws-version-1", + }; + vi.spyOn(awsSecretsManagerProvider, "createSecret").mockResolvedValue(prepared); + const deleteSpy = vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockResolvedValue(); + vi.spyOn(db, "transaction").mockRejectedValueOnce(new Error("db insert failed")); + + await expect( + svc.create(companyId, { + name: "Create Rollback", + key: "create-rollback", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + value: "runtime-secret", + }), + ).rejects.toThrow("db insert failed"); + + expect(deleteSpy).toHaveBeenCalledWith(expect.objectContaining({ + material: prepared.material, + externalRef: prepared.externalRef, + mode: "delete", + providerConfig: expect.objectContaining({ id: awsVault.id }), + context: { + companyId, + secretKey: "create-rollback", + secretName: "Create Rollback", + version: 1, + }, + })); + }); + + it("keeps a local cleanup handle when create rollback cleanup fails", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const prepared = { + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/create-cleanup-handle", + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/create-cleanup-handle", + providerVersionRef: "aws-version-1", + }; + vi.spyOn(awsSecretsManagerProvider, "createSecret").mockResolvedValue(prepared); + vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockRejectedValue( + new Error("cleanup failed"), + ); + vi.spyOn(db, "transaction").mockRejectedValueOnce(new Error("db activate failed")); + + await expect( + svc.create(companyId, { + name: "Create Cleanup Handle", + key: "create-cleanup-handle", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + value: "runtime-secret", + }), + ).rejects.toThrow("db activate failed"); + + const persisted = await svc.getByName(companyId, "Create Cleanup Handle"); + expect(persisted).toMatchObject({ + key: "create-cleanup-handle", + status: "archived", + externalRef: prepared.externalRef, + latestVersion: 1, + }); + + const version = await db + .select() + .from(companySecretVersions) + .where(eq(companySecretVersions.secretId, persisted!.id)) + .then((rows) => rows[0] ?? null); + expect(version).toMatchObject({ + version: 1, + status: "disabled", + material: prepared.material, + }); + }); + + it("archives managed provider versions when rotate persistence fails", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + vi.spyOn(awsSecretsManagerProvider, "createSecret").mockResolvedValue({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-rollback", + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-rollback", + providerVersionRef: "aws-version-1", + }); + const secret = await svc.create(companyId, { + name: "Rotate Rollback", + key: "rotate-rollback", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + value: "runtime-secret", + }); + const prepared = { + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-rollback", + versionId: "aws-version-2", + source: "managed", + }, + valueSha256: "value-sha-2", + fingerprintSha256: "fingerprint-sha-2", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-rollback", + providerVersionRef: "aws-version-2", + }; + vi.spyOn(awsSecretsManagerProvider, "createVersion").mockResolvedValue(prepared); + const deleteSpy = vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockResolvedValue(); + vi.spyOn(db, "transaction").mockRejectedValueOnce(new Error("db rotate failed")); + + await expect(svc.rotate(secret.id, { value: "rotated-runtime-secret" })).rejects.toThrow( + "db rotate failed", + ); + + expect(deleteSpy).toHaveBeenCalledWith(expect.objectContaining({ + material: prepared.material, + externalRef: prepared.externalRef, + mode: "archive", + providerConfig: expect.objectContaining({ id: awsVault.id }), + context: { + companyId, + secretKey: "rotate-rollback", + secretName: "Rotate Rollback", + version: 2, + }, + })); + }); + + it("keeps a disabled version cleanup handle when rotate rollback cleanup fails", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + vi.spyOn(awsSecretsManagerProvider, "createSecret").mockResolvedValue({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-cleanup-handle", + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-cleanup-handle", + providerVersionRef: "aws-version-1", + }); + const secret = await svc.create(companyId, { + name: "Rotate Cleanup Handle", + key: "rotate-cleanup-handle", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + value: "runtime-secret", + }); + const prepared = { + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-cleanup-handle", + versionId: "aws-version-2", + source: "managed", + }, + valueSha256: "value-sha-2", + fingerprintSha256: "fingerprint-sha-2", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/rotate-cleanup-handle", + providerVersionRef: "aws-version-2", + }; + vi.spyOn(awsSecretsManagerProvider, "createVersion").mockResolvedValue(prepared); + vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockRejectedValue( + new Error("cleanup failed"), + ); + vi.spyOn(db, "transaction").mockRejectedValueOnce(new Error("db rotate failed")); + + await expect(svc.rotate(secret.id, { value: "rotated-runtime-secret" })).rejects.toThrow( + "db rotate failed", + ); + + const persisted = await svc.getById(secret.id); + expect(persisted?.latestVersion).toBe(1); + + const versions = await db + .select() + .from(companySecretVersions) + .where(eq(companySecretVersions.secretId, secret.id)); + expect(versions).toEqual(expect.arrayContaining([ + expect.objectContaining({ version: 1, status: "current" }), + expect.objectContaining({ + version: 2, + status: "disabled", + material: prepared.material, + }), + ])); + }); + + it("rejects generic provider vault reassignment for managed secrets", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const firstVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS primary", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const secondVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS secondary", + config: { region: "us-west-2", namespace: "prod-usw2" }, + }); + vi.spyOn(awsSecretsManagerProvider, "createSecret").mockResolvedValue({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/vault-reassign", + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company/vault-reassign", + providerVersionRef: "aws-version-1", + }); + const secret = await svc.create(companyId, { + name: "Vault Reassign", + key: "vault-reassign", + provider: "aws_secrets_manager", + providerConfigId: firstVault.id, + value: "runtime-secret", + }); + + await expect(svc.update(secret.id, { providerConfigId: secondVault.id })).rejects.toThrow( + /managed secrets cannot change provider vault/i, + ); + const persisted = await svc.getById(secret.id); + expect(persisted?.providerConfigId).toBe(firstVault.id); + }); + + it("rejects rotation for non-active secrets", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `disabled-rotation-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + + await svc.update(secret.id, { status: "disabled" }); + await expect(svc.rotate(secret.id, { value: "rotated-runtime-secret" })).rejects.toThrow( + /non-active/i, + ); + + const stored = await db + .select({ latestVersion: companySecrets.latestVersion }) + .from(companySecrets) + .where(eq(companySecrets.id, secret.id)) + .then((rows) => rows[0]); + expect(stored?.latestVersion).toBe(1); + }); + + it("previews AWS remote import candidates with duplicate and collision enrichment", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const duplicate = await svc.create(companyId, { + name: "Existing duplicate", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/duplicate", + }); + const nameConflict = await svc.create(companyId, { + name: "Prod Conflict", + provider: "local_encrypted", + value: "runtime-secret", + }); + + const listSpy = vi.spyOn(awsSecretsManagerProvider, "listRemoteSecrets").mockResolvedValue({ + nextToken: "next-page", + secrets: [ + { + externalRef: duplicate.externalRef!, + name: "prod/duplicate", + providerVersionRef: null, + metadata: { arn: duplicate.externalRef }, + }, + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/conflict", + name: nameConflict.name, + providerVersionRef: null, + metadata: { arn: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/conflict" }, + }, + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/ready", + name: "prod/ready", + providerVersionRef: null, + metadata: { arn: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/ready" }, + }, + ], + }); + + const preview = await svc.previewRemoteImport(companyId, { + providerConfigId: awsVault.id, + query: "prod", + pageSize: 25, + }); + + expect(listSpy).toHaveBeenCalledWith(expect.objectContaining({ + providerConfig: expect.objectContaining({ id: awsVault.id }), + query: "prod", + pageSize: 25, + })); + expect(preview.nextToken).toBe("next-page"); + expect(preview.candidates.map((candidate) => candidate.status)).toEqual([ + "duplicate", + "conflict", + "ready", + ]); + expect(preview.candidates[0]?.conflicts[0]).toMatchObject({ + type: "exact_reference", + existingSecretId: duplicate.id, + }); + expect(preview.candidates[1]?.conflicts[0]).toMatchObject({ + type: "name", + existingSecretId: nameConflict.id, + }); + expect(preview.candidates[2]).toMatchObject({ + importable: true, + name: "prod/ready", + key: "prod-ready", + }); + expect(preview.candidates[2]?.providerMetadata).toBeNull(); + }); + + it("sanitizes AWS remote import preview provider errors before crossing the service boundary", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const rawProviderMessage = + "AccessDeniedException: User: arn:aws:sts::123456789012:assumed-role/prod/Paperclip is not authorized to perform secretsmanager:ListSecrets"; + + vi.spyOn(awsSecretsManagerProvider, "listRemoteSecrets").mockRejectedValueOnce( + new SecretProviderClientError({ + code: "access_denied", + provider: "aws_secrets_manager", + operation: "listSecrets", + message: "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault.", + rawMessage: rawProviderMessage, + }), + ); + + let thrown: unknown; + try { + await svc.previewRemoteImport(companyId, { providerConfigId: awsVault.id }); + } catch (error) { + thrown = error; + } + + expect(thrown).toMatchObject({ + status: 403, + message: "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault.", + details: { code: "access_denied" }, + }); + expect(JSON.stringify(thrown)).not.toContain("arn:aws"); + expect(JSON.stringify(thrown)).not.toContain("123456789012"); + expect(thrown instanceof Error ? thrown.message : String(thrown)).not.toContain("arn:aws"); + }); + + it("imports AWS remote references row-by-row without fetching plaintext", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const duplicate = await svc.create(companyId, { + name: "Existing duplicate", + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/duplicate", + }); + + const resolveSpy = vi.spyOn(awsSecretsManagerProvider, "resolveVersion"); + const result = await svc.importRemoteSecrets( + companyId, + { + providerConfigId: awsVault.id, + secrets: [ + { + externalRef: duplicate.externalRef!, + name: "Existing duplicate", + key: "existing-duplicate", + }, + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key", + key: "openai-api-key", + description: " Operator-entered production OpenAI key ", + providerMetadata: { arn: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai" }, + }, + ], + }, + { userId: "user-1" }, + ); + + expect(result.importedCount).toBe(1); + expect(result.skippedCount).toBe(1); + expect(result.results.map((row) => row.status)).toEqual(["skipped", "imported"]); + expect(result.results[0]).toMatchObject({ + reason: "exact_reference_duplicate", + conflicts: [expect.objectContaining({ type: "exact_reference", existingSecretId: duplicate.id })], + }); + expect(resolveSpy).not.toHaveBeenCalled(); + + const imported = await db + .select() + .from(companySecrets) + .where(eq(companySecrets.key, "openai-api-key")) + .then((rows) => rows[0]); + expect(imported).toMatchObject({ + companyId, + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + createdByUserId: "user-1", + providerMetadata: null, + description: "Operator-entered production OpenAI key", + }); + + const versions = await db + .select() + .from(companySecretVersions) + .where(eq(companySecretVersions.secretId, imported!.id)); + expect(versions).toHaveLength(1); + expect(JSON.stringify(versions[0])).not.toContain("runtime-secret"); + expect(JSON.stringify(versions[0])).not.toContain("sk-"); + }); + + it("sanitizes AWS remote import row provider errors", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const rawProviderMessage = + "AccessDeniedException: User: arn:aws:sts::123456789012:assumed-role/prod/Paperclip is not authorized to perform secretsmanager:DescribeSecret on arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai"; + vi.spyOn(awsSecretsManagerProvider, "linkExternalSecret").mockRejectedValueOnce( + new SecretProviderClientError({ + code: "access_denied", + provider: "aws_secrets_manager", + operation: "linkExternalSecret", + message: "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault.", + rawMessage: rawProviderMessage, + }), + ); + + const result = await svc.importRemoteSecrets(companyId, { + providerConfigId: awsVault.id, + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key", + key: "openai-api-key", + }, + ], + }); + + expect(result).toMatchObject({ + importedCount: 0, + skippedCount: 0, + errorCount: 1, + results: [ + expect.objectContaining({ + status: "error", + reason: "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault.", + }), + ], + }); + expect(JSON.stringify(result)).not.toContain(rawProviderMessage); + expect(JSON.stringify(result.results[0]?.reason)).not.toContain("arn:aws"); + expect(JSON.stringify(result.results[0]?.reason)).not.toContain("123456789012"); + }); + + it("rejects Paperclip-managed AWS namespace refs during preview and import commit", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + + vi.spyOn(awsSecretsManagerProvider, "listRemoteSecrets").mockResolvedValue({ + secrets: [ + { + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-b/openai", + name: "paperclip/prod-use1/company-b/openai", + providerVersionRef: null, + metadata: { + arn: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-b/openai", + description: "must not leak", + tags: [{ Key: "paperclip:company-id", Value: "company-b" }], + }, + }, + ], + }); + + const preview = await svc.previewRemoteImport(companyId, { + providerConfigId: awsVault.id, + }); + + expect(preview.candidates[0]).toMatchObject({ + status: "conflict", + importable: false, + conflicts: [expect.objectContaining({ type: "provider_guardrail" })], + providerMetadata: null, + }); + expect(JSON.stringify(preview)).not.toContain("must not leak"); + expect(JSON.stringify(preview)).not.toContain("paperclip:company-id"); + + const result = await svc.importRemoteSecrets(companyId, { + providerConfigId: awsVault.id, + secrets: [ + { + externalRef: + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-b/openai", + name: "Foreign managed secret", + key: "foreign-managed-secret", + providerMetadata: { + description: "client-submitted metadata must not persist", + tags: [{ Key: "paperclip:company-id", Value: "company-b" }], + }, + }, + ], + }); + + expect(result).toMatchObject({ + importedCount: 0, + skippedCount: 0, + errorCount: 1, + results: [expect.objectContaining({ status: "error" })], + }); + expect(result.results[0]?.reason).toMatch(/Paperclip-managed namespace/i); + const imported = await db.select().from(companySecrets).where(eq(companySecrets.key, "foreign-managed-secret")); + expect(imported).toHaveLength(0); + }); + + it("skips duplicate AWS remote imports for the same provider vault and canonical ref", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + + const first = await svc.importRemoteSecrets(companyId, { + providerConfigId: awsVault.id, + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key", + key: "openai-api-key", + }, + ], + }); + const second = await svc.importRemoteSecrets(companyId, { + providerConfigId: awsVault.id, + secrets: [ + { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:prod/openai", + name: "OpenAI API key duplicate", + key: "openai-api-key-duplicate", + }, + ], + }); + + expect(first.importedCount).toBe(1); + expect(second).toMatchObject({ + importedCount: 0, + skippedCount: 1, + errorCount: 0, + results: [expect.objectContaining({ reason: "exact_reference_duplicate" })], + }); + const imported = await db.select().from(companySecrets).where(eq(companySecrets.providerConfigId, awsVault.id)); + expect(imported).toHaveLength(1); + }); + + it("rejects remote import for disabled or cross-company provider vaults", async () => { + const companyA = await seedCompany("A"); + const companyB = await seedCompany("B"); + const svc = secretService(db); + const disabledVault = await svc.createProviderConfig(companyA, { + provider: "aws_secrets_manager", + displayName: "AWS disabled", + status: "disabled", + config: { region: "us-east-1" }, + }); + const foreignVault = await svc.createProviderConfig(companyB, { + provider: "aws_secrets_manager", + displayName: "AWS foreign", + config: { region: "us-east-1" }, + }); + + await expect( + svc.previewRemoteImport(companyA, { providerConfigId: disabledVault.id }), + ).rejects.toThrow(/disabled/i); + await expect( + svc.previewRemoteImport(companyA, { providerConfigId: foreignVault.id }), + ).rejects.toThrow(/same company/i); + }); + + it("rejects externalRef overrides on managed secrets", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `managed-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + + await expect( + svc.update(secret.id, { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod/company-b/openai-api-key", + }), + ).rejects.toThrow(/Managed secrets cannot override externalRef/i); + + await expect( + svc.rotate(secret.id, { + value: "rotated-runtime-secret", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod/company-b/openai-api-key", + }), + ).rejects.toThrow(/Managed secrets cannot override externalRef/i); + }); + + it("rejects generic update retargeting for external reference secrets", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const awsVault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS production", + config: { region: "us-east-1", namespace: "prod-use1" }, + }); + const secret = await svc.create(companyId, { + name: `external-${randomUUID()}`, + provider: "aws_secrets_manager", + providerConfigId: awsVault.id, + managedMode: "external_reference", + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/original", + }); + + await expect( + svc.update(secret.id, { + externalRef: "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/repointed", + }), + ).rejects.toThrow(/cannot be retargeted/i); + + const persisted = await svc.getById(secret.id); + expect(persisted?.externalRef).toBe( + "arn:aws:secretsmanager:us-east-1:123456789012:secret:shared/original", + ); + }); + + it("rejects generic soft deletion for managed secrets", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `managed-delete-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + + await expect(svc.update(secret.id, { status: "deleted" })).rejects.toThrow( + /DELETE \/secrets\/:id/i, + ); + + const persisted = await svc.getById(secret.id); + expect(persisted?.status).toBe("active"); + }); + + it("passes managed AWS secret context into provider delete during removal", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const externalRef = + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/openai-api-key"; + + const secret = await db + .insert(companySecrets) + .values({ + companyId, + key: "openai-api-key", + name: "OpenAI API Key", + provider: "aws_secrets_manager", + managedMode: "paperclip_managed", + externalRef, + latestVersion: 1, + status: "active", + }) + .returning() + .then((rows) => rows[0]); + + await db.insert(companySecretVersions).values({ + secretId: secret.id, + version: 1, + material: { + scheme: "aws_secrets_manager_v1", + secretId: externalRef, + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + providerVersionRef: "aws-version-1", + status: "current", + }); + + const deleteSpy = vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockResolvedValue(); + + const removed = await svc.remove(secret.id); + const persisted = await db + .select() + .from(companySecrets) + .where(eq(companySecrets.id, secret.id)) + .then((rows) => rows[0] ?? null); + + expect(removed?.id).toBe(secret.id); + expect(deleteSpy).toHaveBeenCalledTimes(1); + expect(deleteSpy).toHaveBeenCalledWith({ + material: { + scheme: "aws_secrets_manager_v1", + secretId: externalRef, + versionId: "aws-version-1", + source: "managed", + }, + externalRef, + context: { + companyId, + secretKey: "openai-api-key", + secretName: "OpenAI API Key", + version: 1, + }, + mode: "delete", + providerConfig: null, + }); + expect(persisted).toBeNull(); + }); + + it("renames name and key during removal before provider deletion", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const externalRef = + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/remove-failure"; + const secret = await db + .insert(companySecrets) + .values({ + companyId, + key: "remove-failure", + name: "Remove Failure", + provider: "aws_secrets_manager", + managedMode: "paperclip_managed", + externalRef, + latestVersion: 1, + status: "active", + }) + .returning() + .then((rows) => rows[0]); + + await db.insert(companySecretVersions).values({ + secretId: secret.id, + version: 1, + material: { + scheme: "aws_secrets_manager_v1", + secretId: externalRef, + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + providerVersionRef: "aws-version-1", + status: "current", + }); + vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockRejectedValueOnce( + new Error("provider delete failed"), + ); + + await expect(svc.remove(secret.id)).rejects.toThrow("provider delete failed"); + const persisted = await db + .select() + .from(companySecrets) + .where(eq(companySecrets.id, secret.id)) + .then((rows) => rows[0] ?? null); + const recreated = await svc.create(companyId, { + name: "Remove Failure", + key: "remove-failure", + provider: "local_encrypted", + value: "replacement", + }); + + expect(persisted).toMatchObject({ + status: "deleted", + key: `remove-failure__deleted__${secret.id}`, + name: `Remove Failure__deleted__${secret.id}`, + }); + expect(recreated.id).not.toBe(secret.id); + }); + + it("treats missing provider secrets as already removed during removal retry", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const externalRef = + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod-use1/company-1/retry-delete"; + const secretId = randomUUID(); + await db.insert(companySecrets).values({ + id: secretId, + companyId, + key: `retry-delete__deleted__${secretId}`, + name: `Retry Delete__deleted__${secretId}`, + provider: "aws_secrets_manager", + managedMode: "paperclip_managed", + externalRef, + latestVersion: 1, + status: "deleted", + deletedAt: new Date(), + }); + await db.insert(companySecretVersions).values({ + secretId, + version: 1, + material: { + scheme: "aws_secrets_manager_v1", + secretId: externalRef, + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + providerVersionRef: "aws-version-1", + status: "current", + }); + const deleteSpy = vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockRejectedValueOnce( + new SecretProviderClientError({ + code: "not_found", + provider: "aws_secrets_manager", + operation: "delete_secret", + message: "Secret not found.", + }), + ); + + await expect(svc.remove(secretId)).resolves.toMatchObject({ id: secretId }); + const persisted = await db + .select() + .from(companySecrets) + .where(eq(companySecrets.id, secretId)) + .then((rows) => rows[0] ?? null); + + expect(deleteSpy).toHaveBeenCalledTimes(1); + expect(persisted).toBeNull(); + }); + + it("removes DB rows even when the attached provider vault is disabled", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const vault = await svc.createProviderConfig(companyId, { + provider: "aws_secrets_manager", + displayName: "AWS disabled later", + config: { + region: "us-east-1", + namespace: "prod", + }, + }); + const externalRef = + "arn:aws:secretsmanager:us-east-1:123456789012:secret:paperclip/prod/company-1/openai-api-key"; + const secret = await db + .insert(companySecrets) + .values({ + companyId, + key: "openai-api-key", + name: "OpenAI API Key", + provider: "aws_secrets_manager", + providerConfigId: vault.id, + managedMode: "paperclip_managed", + externalRef, + latestVersion: 1, + status: "active", + }) + .returning() + .then((rows) => rows[0]); + + await db.insert(companySecretVersions).values({ + secretId: secret.id, + version: 1, + material: { + scheme: "aws_secrets_manager_v1", + secretId: externalRef, + versionId: "aws-version-1", + source: "managed", + }, + valueSha256: "value-sha-1", + fingerprintSha256: "fingerprint-sha-1", + providerVersionRef: "aws-version-1", + status: "current", + }); + await svc.disableProviderConfig(vault.id); + const deleteSpy = vi.spyOn(awsSecretsManagerProvider, "deleteOrArchive").mockResolvedValue(); + + await expect(svc.remove(secret.id)).resolves.toMatchObject({ id: secret.id }); + const persisted = await db + .select() + .from(companySecrets) + .where(eq(companySecrets.id, secret.id)) + .then((rows) => rows[0] ?? null); + + expect(deleteSpy).not.toHaveBeenCalled(); + expect(persisted).toBeNull(); + }); + + it("refuses to resolve secrets once they are disabled or archived", async () => { + const companyId = await seedCompany(); + const svc = secretService(db); + const secret = await svc.create(companyId, { + name: `managed-${randomUUID()}`, + provider: "local_encrypted", + value: "runtime-secret", + }); + + await svc.update(secret.id, { status: "disabled" }); + await expect(svc.resolveSecretValue(companyId, secret.id, "latest")).rejects.toThrow( + /not active/i, + ); + + await svc.update(secret.id, { status: "archived" }); + await expect(svc.resolveSecretValue(companyId, secret.id, "latest")).rejects.toThrow( + /not active/i, + ); + }); +}); diff --git a/server/src/__tests__/server-startup-feedback-export.test.ts b/server/src/__tests__/server-startup-feedback-export.test.ts index 8ae02c6d..0cf1e664 100644 --- a/server/src/__tests__/server-startup-feedback-export.test.ts +++ b/server/src/__tests__/server-startup-feedback-export.test.ts @@ -146,6 +146,7 @@ vi.mock("../services/index.js", () => ({ reconcileStrandedAssignedIssues: vi.fn(async () => ({ dispatchRequeued: 0, continuationRequeued: 0, + successfulRunHandoffEscalated: 0, escalated: 0, skipped: 0, issueIds: [], diff --git a/server/src/__tests__/workspace-runtime.test.ts b/server/src/__tests__/workspace-runtime.test.ts index 7f8a9971..c605e45b 100644 --- a/server/src/__tests__/workspace-runtime.test.ts +++ b/server/src/__tests__/workspace-runtime.test.ts @@ -3134,6 +3134,130 @@ describeEmbeddedPostgres("workspace runtime startup reconciliation", () => { expect(persisted?.healthStatus).toBe("unknown"); expect(persisted?.stoppedAt).toBeTruthy(); }); + + it("restarts a stopped auto-port service on the same port when it is available", async () => { + const workspaceRoot = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-runtime-port-reuse-")); + const companyId = randomUUID(); + const agentId = randomUUID(); + const projectId = randomUUID(); + const executionWorkspaceId = randomUUID(); + + await db.insert(companies).values({ + id: companyId, + name: "Paperclip", + issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`, + requireBoardApprovalForNewAgents: false, + }); + await db.insert(agents).values({ + id: agentId, + companyId, + name: "Codex Coder", + role: "engineer", + status: "active", + adapterType: "codex_local", + adapterConfig: {}, + runtimeConfig: {}, + permissions: {}, + }); + await db.insert(projects).values({ + id: projectId, + companyId, + name: "Runtime port reuse test", + status: "active", + }); + await db.insert(executionWorkspaces).values({ + id: executionWorkspaceId, + companyId, + projectId, + mode: "isolated_workspace", + strategyType: "git_worktree", + name: "Execution workspace port reuse test", + status: "active", + cwd: workspaceRoot, + providerType: "local_fs", + providerRef: workspaceRoot, + }); + + const actor = { + id: agentId, + name: "Codex Coder", + companyId, + }; + const workspace = { + ...buildWorkspace(workspaceRoot), + projectId, + workspaceId: null, + }; + const config = { + workspaceRuntime: { + services: [ + { + name: "web", + command: + "node -e \"require('node:http').createServer((req,res)=>res.end('ok')).listen(Number(process.env.PORT), '127.0.0.1')\"", + port: { type: "auto" }, + readiness: { + type: "http", + urlTemplate: "http://127.0.0.1:{{port}}", + timeoutSec: 10, + intervalMs: 100, + }, + expose: { + type: "url", + urlTemplate: "http://127.0.0.1:{{port}}", + }, + lifecycle: "shared", + reuseScope: "execution_workspace", + stopPolicy: { + type: "manual", + }, + }, + ], + }, + }; + + const first = await startRuntimeServicesForWorkspaceControl({ + db, + actor, + issue: null, + workspace, + executionWorkspaceId, + config, + adapterEnv: {}, + }); + expect(first).toHaveLength(1); + expect(first[0]?.port).toBeGreaterThan(0); + await expect(fetch(first[0]!.url!)).resolves.toMatchObject({ ok: true }); + + await stopRuntimeServicesForExecutionWorkspace({ + db, + executionWorkspaceId, + workspaceCwd: workspace.cwd, + }); + await expect(fetch(first[0]!.url!)).rejects.toThrow(); + + const second = await startRuntimeServicesForWorkspaceControl({ + db, + actor, + issue: null, + workspace, + executionWorkspaceId, + config, + adapterEnv: {}, + }); + + expect(second).toHaveLength(1); + expect(second[0]?.id).toBe(first[0]?.id); + expect(second[0]?.port).toBe(first[0]?.port); + expect(second[0]?.url).toBe(first[0]?.url); + await expect(fetch(second[0]!.url!)).resolves.toMatchObject({ ok: true }); + + await stopRuntimeServicesForExecutionWorkspace({ + db, + executionWorkspaceId, + workspaceCwd: workspace.cwd, + }); + }); }); describe("normalizeAdapterManagedRuntimeServices", () => { diff --git a/server/src/adapters/builtin-adapter-types.ts b/server/src/adapters/builtin-adapter-types.ts index 3028ae0c..a30ed5cc 100644 --- a/server/src/adapters/builtin-adapter-types.ts +++ b/server/src/adapters/builtin-adapter-types.ts @@ -5,6 +5,7 @@ export const BUILTIN_ADAPTER_TYPES = new Set([ "acpx_local", "claude_local", "codex_local", + "cursor_cloud", "cursor", "gemini_local", "openclaw_gateway", diff --git a/server/src/adapters/registry.ts b/server/src/adapters/registry.ts index 359aecd4..32a748b6 100644 --- a/server/src/adapters/registry.ts +++ b/server/src/adapters/registry.ts @@ -1,5 +1,13 @@ -import type { AdapterModelProfileDefinition, ServerAdapterModule } from "./types.js"; -import { getAdapterSessionManagement } from "@paperclipai/adapter-utils"; +import type { + AdapterModel, + AdapterModelProfileDefinition, + AdapterRuntimeCommandSpec, + ServerAdapterModule, +} from "./types.js"; +import { + buildSandboxNpmInstallCommand, + getAdapterSessionManagement, +} from "@paperclipai/adapter-utils"; import { execute as acpxExecute, testEnvironment as acpxTestEnvironment, @@ -8,7 +16,10 @@ import { listAcpxSkills, syncAcpxSkills, } from "@paperclipai/adapter-acpx-local/server"; -import { agentConfigurationDoc as acpxAgentConfigurationDoc } from "@paperclipai/adapter-acpx-local"; +import { + agentConfigurationDoc as acpxAgentConfigurationDoc, + models as acpxModels, +} from "@paperclipai/adapter-acpx-local"; import { execute as claudeExecute, listClaudeSkills, @@ -48,6 +59,13 @@ import { models as cursorModels, modelProfiles as cursorModelProfiles, } from "@paperclipai/adapter-cursor-local"; +import { + execute as cursorCloudExecute, + getConfigSchema as getCursorCloudConfigSchema, + sessionCodec as cursorCloudSessionCodec, + testEnvironment as cursorCloudTestEnvironment, +} from "@paperclipai/adapter-cursor-cloud/server"; +import { agentConfigurationDoc as cursorCloudAgentConfigurationDoc } from "@paperclipai/adapter-cursor-cloud"; import { execute as geminiExecute, listGeminiSkills, @@ -113,6 +131,45 @@ import { getDisabledAdapterTypes } from "../services/adapter-plugin-store.js"; import { processAdapter } from "./process/index.js"; import { httpAdapter } from "./http/index.js"; +function readConfiguredCommand(config: Record, fallback: string): string { + const value = typeof config.command === "string" ? config.command.trim() : ""; + return value.length > 0 ? value : fallback; +} + +function hasPathSeparator(command: string): boolean { + return command.includes("/") || command.includes("\\"); +} + +function shellQuote(value: string): string { + return `'${value.replace(/'/g, `'"'"'`)}'`; +} + +function buildNpmRuntimeCommandSpec( + config: Record, + fallbackCommand: string, + packageName: string, +): AdapterRuntimeCommandSpec { + const command = readConfiguredCommand(config, fallbackCommand); + const canSelfInstall = !hasPathSeparator(command) && command === fallbackCommand; + const installLine = buildSandboxNpmInstallCommand(packageName); + return { + command, + detectCommand: command, + installCommand: canSelfInstall + ? `if ! command -v ${shellQuote(command)} >/dev/null 2>&1; then ${installLine}; fi` + : null, + }; +} + +function buildCursorRuntimeCommandSpec(config: Record): AdapterRuntimeCommandSpec { + const command = readConfiguredCommand(config, "agent"); + return { + command, + detectCommand: command, + installCommand: null, + }; +} + function normalizeHermesConfig(ctx: T): T { const config = ctx && typeof ctx === "object" && "config" in ctx && ctx.config && typeof ctx.config === "object" @@ -144,6 +201,38 @@ function normalizeHermesConfig( return ctx; } +function dedupeAdapterModels(models: AdapterModel[]): AdapterModel[] { + const seen = new Set(); + const result: AdapterModel[] = []; + for (const model of models) { + const id = model.id.trim(); + if (!id || seen.has(id)) continue; + seen.add(id); + result.push({ ...model, id }); + } + return result; +} + +function prefixAdapterModelLabels(models: AdapterModel[], provider: "Claude" | "Codex"): AdapterModel[] { + const prefix = `${provider}: `; + return models.map((model) => ({ + ...model, + label: model.label.startsWith(prefix) ? model.label : `${prefix}${model.label}`, + })); +} + +async function listAcpxModels(): Promise { + const [claude, codex] = await Promise.all([ + listClaudeModels().catch(() => claudeModels), + listCodexModels().catch(() => codexModels), + ]); + return dedupeAdapterModels([ + ...acpxModels, + ...prefixAdapterModelLabels(claude, "Claude"), + ...prefixAdapterModelLabels(codex, "Codex"), + ]); +} + const claudeLocalAdapter: ServerAdapterModule = { type: "claude_local", execute: claudeExecute, @@ -159,6 +248,8 @@ const claudeLocalAdapter: ServerAdapterModule = { supportsInstructionsBundle: true, instructionsPathKey: "instructionsFilePath", requiresMaterializedRuntimeSkills: false, + getRuntimeCommandSpec: (config) => + buildNpmRuntimeCommandSpec(config, "claude", "@anthropic-ai/claude-code"), agentConfigurationDoc: claudeAgentConfigurationDoc, getQuotaWindows: claudeGetQuotaWindows, }; @@ -171,6 +262,11 @@ const acpxLocalAdapter: ServerAdapterModule = { syncSkills: syncAcpxSkills, sessionCodec: acpxSessionCodec, sessionManagement: getAdapterSessionManagement("acpx_local") ?? undefined, + models: dedupeAdapterModels([ + ...prefixAdapterModelLabels(claudeModels, "Claude"), + ...prefixAdapterModelLabels(codexModels, "Codex"), + ]), + listModels: listAcpxModels, supportsLocalAgentJwt: true, supportsInstructionsBundle: true, instructionsPathKey: "instructionsFilePath", @@ -195,6 +291,7 @@ const codexLocalAdapter: ServerAdapterModule = { supportsInstructionsBundle: true, instructionsPathKey: "instructionsFilePath", requiresMaterializedRuntimeSkills: false, + getRuntimeCommandSpec: (config) => buildNpmRuntimeCommandSpec(config, "codex", "@openai/codex"), agentConfigurationDoc: codexAgentConfigurationDoc, getQuotaWindows: codexGetQuotaWindows, }; @@ -214,9 +311,25 @@ const cursorLocalAdapter: ServerAdapterModule = { supportsInstructionsBundle: true, instructionsPathKey: "instructionsFilePath", requiresMaterializedRuntimeSkills: true, + getRuntimeCommandSpec: buildCursorRuntimeCommandSpec, agentConfigurationDoc: cursorAgentConfigurationDoc, }; +const cursorCloudAdapter: ServerAdapterModule = { + type: "cursor_cloud", + execute: cursorCloudExecute, + testEnvironment: cursorCloudTestEnvironment, + sessionCodec: cursorCloudSessionCodec, + sessionManagement: getAdapterSessionManagement("cursor_cloud") ?? undefined, + models: [], + supportsLocalAgentJwt: false, + supportsInstructionsBundle: true, + instructionsPathKey: "instructionsFilePath", + requiresMaterializedRuntimeSkills: false, + agentConfigurationDoc: cursorCloudAgentConfigurationDoc, + getConfigSchema: getCursorCloudConfigSchema, +}; + const geminiLocalAdapter: ServerAdapterModule = { type: "gemini_local", execute: geminiExecute, @@ -231,6 +344,8 @@ const geminiLocalAdapter: ServerAdapterModule = { supportsInstructionsBundle: true, instructionsPathKey: "instructionsFilePath", requiresMaterializedRuntimeSkills: true, + getRuntimeCommandSpec: (config) => + buildNpmRuntimeCommandSpec(config, "gemini", "@google/gemini-cli"), agentConfigurationDoc: geminiAgentConfigurationDoc, }; @@ -260,6 +375,7 @@ const openCodeLocalAdapter: ServerAdapterModule = { supportsInstructionsBundle: true, instructionsPathKey: "instructionsFilePath", requiresMaterializedRuntimeSkills: true, + getRuntimeCommandSpec: (config) => buildNpmRuntimeCommandSpec(config, "opencode", "opencode-ai"), agentConfigurationDoc: openCodeAgentConfigurationDoc, }; @@ -278,6 +394,8 @@ const piLocalAdapter: ServerAdapterModule = { supportsInstructionsBundle: true, instructionsPathKey: "instructionsFilePath", requiresMaterializedRuntimeSkills: true, + getRuntimeCommandSpec: (config) => + buildNpmRuntimeCommandSpec(config, "pi", "@mariozechner/pi-coding-agent"), agentConfigurationDoc: piAgentConfigurationDoc, }; @@ -365,6 +483,7 @@ function registerBuiltInAdapters() { codexLocalAdapter, openCodeLocalAdapter, piLocalAdapter, + cursorCloudAdapter, cursorLocalAdapter, geminiLocalAdapter, openclawGatewayAdapter, diff --git a/server/src/adapters/types.ts b/server/src/adapters/types.ts index 0b728b9c..a113aeff 100644 --- a/server/src/adapters/types.ts +++ b/server/src/adapters/types.ts @@ -30,5 +30,6 @@ export type { ConfigFieldOption, ConfigFieldSchema, AdapterConfigSchema, + AdapterRuntimeCommandSpec, ServerAdapterModule, } from "@paperclipai/adapter-utils"; diff --git a/server/src/app.ts b/server/src/app.ts index 6b273573..d94475af 100644 --- a/server/src/app.ts +++ b/server/src/app.ts @@ -253,6 +253,8 @@ export async function createApp( instanceInfo: { instanceId: opts.instanceId ?? "default", hostVersion: opts.hostVersion ?? "0.0.0", + deploymentMode: opts.deploymentMode, + deploymentExposure: opts.deploymentExposure, }, buildHostHandlers: (pluginId, manifest) => { const notifyWorker = (method: string, params: unknown) => { @@ -261,6 +263,7 @@ export async function createApp( }; const services = buildHostServices(db, pluginId, manifest.id, eventBus, notifyWorker, { pluginWorkerManager: workerManager, + manifest, }); hostServicesDisposers.set(pluginId, () => services.dispose()); return createHostClientHandlers({ diff --git a/server/src/config.ts b/server/src/config.ts index 77b8a3f0..90d6cbf6 100644 --- a/server/src/config.ts +++ b/server/src/config.ts @@ -120,11 +120,6 @@ export function loadConfig(): Config { const fileDatabaseBackup = fileConfig?.database.backup; const fileSecrets = fileConfig?.secrets; const fileStorage = fileConfig?.storage; - const strictModeFromEnv = process.env.PAPERCLIP_SECRETS_STRICT_MODE; - const secretsStrictMode = - strictModeFromEnv !== undefined - ? strictModeFromEnv === "true" - : (fileSecrets?.strictMode ?? false); const providerFromEnvRaw = process.env.PAPERCLIP_SECRETS_PROVIDER; const providerFromEnv = @@ -168,6 +163,11 @@ export function loadConfig(): Config { ? (deploymentModeFromEnvRaw as DeploymentMode) : null; const deploymentMode: DeploymentMode = deploymentModeFromEnv ?? fileConfig?.server.deploymentMode ?? "local_trusted"; + const strictModeFromEnv = process.env.PAPERCLIP_SECRETS_STRICT_MODE; + const secretsStrictMode = + strictModeFromEnv !== undefined + ? strictModeFromEnv === "true" + : (fileSecrets?.strictMode ?? deploymentMode === "authenticated"); const deploymentExposureFromEnvRaw = process.env.PAPERCLIP_DEPLOYMENT_EXPOSURE; const deploymentExposureFromEnv = deploymentExposureFromEnvRaw && diff --git a/server/src/home-paths.ts b/server/src/home-paths.ts index f1174bbb..cf274a2a 100644 --- a/server/src/home-paths.ts +++ b/server/src/home-paths.ts @@ -1,57 +1,50 @@ -import os from "node:os"; import path from "node:path"; - -const DEFAULT_INSTANCE_ID = "default"; -const INSTANCE_ID_RE = /^[a-zA-Z0-9_-]+$/; const PATH_SEGMENT_RE = /^[a-zA-Z0-9_-]+$/; const FRIENDLY_PATH_SEGMENT_RE = /[^a-zA-Z0-9._-]+/g; +import { + expandHomePrefix, + resolveDefaultBackupDir as resolveSharedDefaultBackupDir, + resolveDefaultEmbeddedPostgresDir as resolveSharedDefaultEmbeddedPostgresDir, + resolveDefaultLogsDir as resolveSharedDefaultLogsDir, + resolveDefaultSecretsKeyFilePath as resolveSharedDefaultSecretsKeyFilePath, + resolveDefaultStorageDir as resolveSharedDefaultStorageDir, + resolveHomeAwarePath, + resolvePaperclipConfigPathForInstance, + resolvePaperclipHomeDir, + resolvePaperclipInstanceId, + resolvePaperclipInstanceRoot, +} from "@paperclipai/shared/home-paths"; -function expandHomePrefix(value: string): string { - if (value === "~") return os.homedir(); - if (value.startsWith("~/")) return path.resolve(os.homedir(), value.slice(2)); - return value; -} - -export function resolvePaperclipHomeDir(): string { - const envHome = process.env.PAPERCLIP_HOME?.trim(); - if (envHome) return path.resolve(expandHomePrefix(envHome)); - return path.resolve(os.homedir(), ".paperclip"); -} - -export function resolvePaperclipInstanceId(): string { - const raw = process.env.PAPERCLIP_INSTANCE_ID?.trim() || DEFAULT_INSTANCE_ID; - if (!INSTANCE_ID_RE.test(raw)) { - throw new Error(`Invalid PAPERCLIP_INSTANCE_ID '${raw}'.`); - } - return raw; -} - -export function resolvePaperclipInstanceRoot(): string { - return path.resolve(resolvePaperclipHomeDir(), "instances", resolvePaperclipInstanceId()); -} +export { + expandHomePrefix, + resolveHomeAwarePath, + resolvePaperclipHomeDir, + resolvePaperclipInstanceId, + resolvePaperclipInstanceRoot, +}; export function resolveDefaultConfigPath(): string { - return path.resolve(resolvePaperclipInstanceRoot(), "config.json"); + return resolvePaperclipConfigPathForInstance(); } export function resolveDefaultEmbeddedPostgresDir(): string { - return path.resolve(resolvePaperclipInstanceRoot(), "db"); + return resolveSharedDefaultEmbeddedPostgresDir(); } export function resolveDefaultLogsDir(): string { - return path.resolve(resolvePaperclipInstanceRoot(), "logs"); + return resolveSharedDefaultLogsDir(); } export function resolveDefaultSecretsKeyFilePath(): string { - return path.resolve(resolvePaperclipInstanceRoot(), "secrets", "master.key"); + return resolveSharedDefaultSecretsKeyFilePath(); } export function resolveDefaultStorageDir(): string { - return path.resolve(resolvePaperclipInstanceRoot(), "data", "storage"); + return resolveSharedDefaultStorageDir(); } export function resolveDefaultBackupDir(): string { - return path.resolve(resolvePaperclipInstanceRoot(), "data", "backups"); + return resolveSharedDefaultBackupDir(); } export function resolveDefaultAgentWorkspaceDir(agentId: string): string { @@ -89,7 +82,3 @@ export function resolveManagedProjectWorkspaceDir(input: { sanitizeFriendlyPathSegment(input.repoName, "_default"), ); } - -export function resolveHomeAwarePath(value: string): string { - return path.resolve(expandHomePrefix(value)); -} diff --git a/server/src/index.ts b/server/src/index.ts index bd7a9bc1..105f23ec 100644 --- a/server/src/index.ts +++ b/server/src/index.ts @@ -686,6 +686,7 @@ export async function startServer(): Promise { reconciled.assignmentDispatched > 0 || reconciled.dispatchRequeued > 0 || reconciled.continuationRequeued > 0 || + reconciled.successfulRunHandoffEscalated > 0 || reconciled.escalated > 0 ) { logger.warn( @@ -751,6 +752,7 @@ export async function startServer(): Promise { reconciled.assignmentDispatched > 0 || reconciled.dispatchRequeued > 0 || reconciled.continuationRequeued > 0 || + reconciled.successfulRunHandoffEscalated > 0 || reconciled.escalated > 0 ) { logger.warn( diff --git a/server/src/middleware/auth.ts b/server/src/middleware/auth.ts index 2438aee3..ad0b4289 100644 --- a/server/src/middleware/auth.ts +++ b/server/src/middleware/auth.ts @@ -1,8 +1,8 @@ -import { createHash } from "node:crypto"; +import { createHash, timingSafeEqual } from "node:crypto"; import type { Request, RequestHandler } from "express"; import { and, eq, isNull } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; -import { agentApiKeys, agents, companyMemberships, instanceUserRoles } from "@paperclipai/db"; +import { agentApiKeys, agents, authUsers, companies, companyMemberships, instanceUserRoles } from "@paperclipai/db"; import { verifyLocalAgentJwt } from "../agent-auth-jwt.js"; import type { DeploymentMode } from "@paperclipai/shared"; import type { BetterAuthSessionResult } from "../auth/better-auth.js"; @@ -38,6 +38,16 @@ export function actorMiddleware(db: Db, opts: ActorMiddlewareOptions): RequestHa const authHeader = req.header("authorization"); if (!authHeader?.toLowerCase().startsWith("bearer ")) { if (opts.deploymentMode === "authenticated" && opts.resolveSession) { + const cloudTenantActor = await resolveCloudTenantActor(db, req); + if (cloudTenantActor) { + req.actor = { + ...cloudTenantActor, + runId: runIdHeader ?? undefined, + }; + next(); + return; + } + let session: BetterAuthSessionResult | null = null; try { session = await opts.resolveSession(req); @@ -189,6 +199,149 @@ export function actorMiddleware(db: Db, opts: ActorMiddlewareOptions): RequestHa }; } +async function resolveCloudTenantActor(db: Db, req: Request): Promise { + const expectedToken = process.env.PAPERCLIP_CLOUD_TENANT_SERVER_TOKEN?.trim(); + if (!expectedToken) return null; + + const token = req.header("x-paperclip-cloud-tenant-token")?.trim(); + if (!token || !constantTimeStringEqual(token, expectedToken)) return null; + + const userId = requiredCloudHeader(req, "x-paperclip-cloud-user-id"); + const userEmail = requiredCloudHeader(req, "x-paperclip-cloud-user-email").toLowerCase(); + const stackId = requiredCloudHeader(req, "x-paperclip-cloud-stack-id"); + const stackRole = stackMembershipRole(req.header("x-paperclip-cloud-stack-role")); + const userName = req.header("x-paperclip-cloud-user-name")?.trim() || userEmail; + const paperclipCompanyId = req.header("x-paperclip-cloud-paperclip-company-id")?.trim(); + const companyId = cloudTenantCompanyId(stackId); + const companyName = paperclipCompanyId || `${stackId} Paperclip`; + const now = new Date(); + + await db + .insert(authUsers) + .values({ + id: userId, + name: userName, + email: userEmail, + emailVerified: true, + image: null, + createdAt: now, + updatedAt: now, + }) + .onConflictDoUpdate({ + target: authUsers.id, + set: { + name: userName, + email: userEmail, + emailVerified: true, + updatedAt: now, + }, + }); + + await db + .insert(instanceUserRoles) + .values({ + userId, + role: "instance_admin", + updatedAt: now, + }) + .onConflictDoNothing({ + target: [instanceUserRoles.userId, instanceUserRoles.role], + }); + + await db + .insert(companies) + .values({ + id: companyId, + name: companyName, + description: `Provisioned by Paperclip Cloud for stack ${stackId}.`, + status: "active", + issuePrefix: issuePrefixForCloudStack(stackId), + updatedAt: now, + }) + .onConflictDoNothing({ + target: companies.id, + }); + + const membershipRole = stackRole === "owner" || stackRole === "admin" ? "owner" : stackRole; + const membership = await db + .insert(companyMemberships) + .values({ + companyId, + principalType: "user", + principalId: userId, + status: "active", + membershipRole, + updatedAt: now, + }) + .onConflictDoUpdate({ + target: [ + companyMemberships.companyId, + companyMemberships.principalType, + companyMemberships.principalId, + ], + set: { + status: "active", + membershipRole, + updatedAt: now, + }, + }) + .returning() + .then((rows) => rows[0] ?? { + companyId, + membershipRole, + status: "active", + }); + + return { + type: "board", + userId, + userName, + userEmail, + companyIds: [companyId], + memberships: [{ + companyId, + membershipRole: membership.membershipRole, + status: membership.status, + }], + isInstanceAdmin: true, + source: "cloud_tenant", + }; +} + +function requiredCloudHeader(req: Request, name: string): string { + const value = req.header(name)?.trim(); + if (!value) { + throw new Error(`Missing trusted Cloud tenant header ${name}`); + } + return value; +} + +function stackMembershipRole(value: string | undefined): "owner" | "admin" | "member" | "support" { + if (value === "owner" || value === "admin" || value === "member" || value === "support") { + return value; + } + throw new Error("Invalid trusted Cloud tenant stack role"); +} + +function constantTimeStringEqual(left: string, right: string): boolean { + const leftBuffer = Buffer.from(left); + const rightBuffer = Buffer.from(right); + return leftBuffer.length === rightBuffer.length && timingSafeEqual(leftBuffer, rightBuffer); +} + +function cloudTenantCompanyId(stackId: string): string { + const bytes = createHash("sha256").update(`paperclip-cloud-tenant-company:${stackId}`).digest(); + bytes[6] = (bytes[6] & 0x0f) | 0x50; + bytes[8] = (bytes[8] & 0x3f) | 0x80; + const hex = bytes.subarray(0, 16).toString("hex"); + return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20, 32)}`; +} + +function issuePrefixForCloudStack(stackId: string): string { + const hash = createHash("sha256").update(stackId).digest("hex").slice(0, 4).toUpperCase(); + return `PC${hash}`; +} + export function requireBoard(req: Express.Request) { return req.actor.type === "board"; } diff --git a/server/src/onboarding-assets/default/AGENTS.md b/server/src/onboarding-assets/default/AGENTS.md index 837c0a5c..5cec4337 100644 --- a/server/src/onboarding-assets/default/AGENTS.md +++ b/server/src/onboarding-assets/default/AGENTS.md @@ -4,7 +4,9 @@ You are an agent at Paperclip company. - Start actionable work in the same heartbeat. Do not stop at a plan unless the issue explicitly asks for planning. - Keep the work moving until it is done. If you need QA to review it, ask them. If you need your boss to review it, ask them. -- Leave durable progress in task comments, documents, or work products, and make the next action clear before you exit. +- Leave durable progress in task comments, documents, or work products, then update the issue to a clear final disposition before you exit. +- Comments, documents, screenshots, work products, and `Remaining` bullets are evidence, not valid liveness paths by themselves. +- Final disposition checklist: mark `done` when complete and verified; use `in_review` only with a real reviewer, approval, interaction, or monitor path; use `blocked` only with first-class blockers or a named unblock owner/action; create delegated follow-up issues with blockers when another agent owns the next step; keep `in_progress` only when a live continuation path exists. - Use child issues for parallel or long delegated work instead of polling agents, sessions, or processes. - Create child issues directly when you know what needs to be done. If the board/user needs to choose suggested tasks, answer structured questions, or confirm a proposal first, create an issue-thread interaction on the current issue with `POST /api/issues/{issueId}/interactions` using `kind: "suggest_tasks"`, `kind: "ask_user_questions"`, or `kind: "request_confirmation"`. - Use `request_confirmation` instead of asking for yes/no decisions in markdown. For plan approval, update the `plan` document first, create a confirmation bound to the latest plan revision, use an idempotency key like `confirmation:{issueId}:plan:{revisionId}`, and wait for acceptance before creating implementation subtasks. diff --git a/server/src/routes/activity.ts b/server/src/routes/activity.ts index 831bc0e7..590ed797 100644 --- a/server/src/routes/activity.ts +++ b/server/src/routes/activity.ts @@ -1,6 +1,7 @@ import { Router } from "express"; import { z } from "zod"; import type { Db } from "@paperclipai/db"; +import { normalizeIssueIdentifier } from "@paperclipai/shared"; import { validate } from "../middleware/validate.js"; import { activityService, normalizeActivityLimit } from "../services/activity.js"; import { assertAuthenticated, assertBoard, assertCompanyAccess } from "./authz.js"; @@ -24,8 +25,9 @@ export function activityRoutes(db: Db) { const issueSvc = issueService(db); async function resolveIssueByRef(rawId: string) { - if (/^[A-Z]+-\d+$/i.test(rawId)) { - return issueSvc.getByIdentifier(rawId); + const identifier = normalizeIssueIdentifier(rawId); + if (identifier) { + return issueSvc.getByIdentifier(identifier); } return issueSvc.getById(rawId); } diff --git a/server/src/routes/agents.ts b/server/src/routes/agents.ts index c9b755d2..d1b6d78c 100644 --- a/server/src/routes/agents.ts +++ b/server/src/routes/agents.ts @@ -13,6 +13,7 @@ import { createAgentSchema, deriveAgentUrlKey, isUuidLike, + normalizeIssueIdentifier, resetAgentSessionSchema, testAdapterEnvironmentSchema, type AgentSkillSnapshot, @@ -55,8 +56,12 @@ import { import type { PluginWorkerManager } from "../services/plugin-worker-manager.js"; import { environmentService } from "../services/environments.js"; import { resolveEnvironmentExecutionTarget } from "../services/environment-execution-target.js"; +import { environmentRuntimeService } from "../services/environment-runtime.js"; import type { AdapterExecutionTarget } from "@paperclipai/adapter-utils/execution-target"; -import type { AdapterEnvironmentCheck } from "@paperclipai/adapter-utils"; +import type { + AdapterEnvironmentCheck, + AdapterEnvironmentTestResult, +} from "@paperclipai/adapter-utils"; import { secretService } from "../services/secrets.js"; import { detectAdapterModel, @@ -84,7 +89,8 @@ import { } from "@paperclipai/adapter-codex-local"; import { DEFAULT_CURSOR_LOCAL_MODEL } from "@paperclipai/adapter-cursor-local"; import { DEFAULT_GEMINI_LOCAL_MODEL } from "@paperclipai/adapter-gemini-local"; -import { ensureOpenCodeModelConfiguredAndAvailable } from "@paperclipai/adapter-opencode-local/server"; +import { DEFAULT_OPENCODE_LOCAL_MODEL } from "@paperclipai/adapter-opencode-local"; +import { requireOpenCodeModelId } from "@paperclipai/adapter-opencode-local/server"; import { loadDefaultAgentInstructionsBundle, resolveDefaultAgentInstructionsBundleRole, @@ -158,6 +164,9 @@ export function agentRoutes( const approvalsSvc = approvalService(db); const budgets = budgetService(db); const environmentsSvc = environmentService(db); + const environmentRuntime = environmentRuntimeService(db, { + pluginWorkerManager: options.pluginWorkerManager, + }); const heartbeat = heartbeatService(db, { pluginWorkerManager: options.pluginWorkerManager, }); @@ -189,9 +198,13 @@ export function agentRoutes( * - SSH environment → builds an SSH execution target from the environment * config so the adapter probes the remote box. No lease is required: * the SSH spec is fully derived from the saved environment config. - * - Sandbox / plugin environments → currently fall back to local probing - * with a warning check, since lifting a temporary sandbox lease for an - * ad-hoc test invocation is out of scope for this iteration. + * - Sandbox / plugin environments → acquires an ad-hoc lease, realizes the + * workspace, and resolves a sandbox execution target wired to the runtime + * so the adapter probe runs inside the sandbox the same way a heartbeat + * would. The returned `release` callback rolls the lease back when the + * route is done. + * + * The caller MUST always invoke `release()` (typically in a `finally` block). */ async function resolveAdapterTestExecutionContext(input: { companyId: string; @@ -201,9 +214,17 @@ export function agentRoutes( executionTarget: AdapterExecutionTarget | null; environmentName: string | null; fallbackChecks: AdapterEnvironmentCheck[]; + release: (status?: "released" | "failed") => Promise; }> { + const noopRelease = async () => {}; + if (!input.environmentId) { - return { executionTarget: null, environmentName: null, fallbackChecks: [] }; + return { + executionTarget: null, + environmentName: null, + fallbackChecks: [], + release: noopRelease, + }; } const environment = await environmentsSvc.getById(input.environmentId); @@ -215,14 +236,20 @@ export function agentRoutes( { code: "environment_not_found", level: "warn", - message: "Selected environment was not found. Falling back to a local probe.", + message: "Selected environment was not found. The test did not run.", }, ], + release: noopRelease, }; } if (environment.driver === "local") { - return { executionTarget: null, environmentName: environment.name, fallbackChecks: [] }; + return { + executionTarget: null, + environmentName: environment.name, + fallbackChecks: [], + release: noopRelease, + }; } if (environment.driver === "ssh") { @@ -239,7 +266,12 @@ export function agentRoutes( leaseMetadata: null, }); if (target) { - return { executionTarget: target, environmentName: environment.name, fallbackChecks: [] }; + return { + executionTarget: target, + environmentName: environment.name, + fallbackChecks: [], + release: noopRelease, + }; } return { executionTarget: null, @@ -249,9 +281,10 @@ export function agentRoutes( code: "environment_target_unavailable", level: "warn", message: - `Could not resolve an execution target for environment "${environment.name}". Falling back to a local probe.`, + `Could not resolve an execution target for environment "${environment.name}". The test did not run.`, }, ], + release: noopRelease, }; } catch (err) { return { @@ -262,27 +295,163 @@ export function agentRoutes( code: "environment_target_failed", level: "warn", message: - `Could not connect to environment "${environment.name}" to run the test. Falling back to a local probe.`, + `Could not connect to environment "${environment.name}" to run the test.`, detail: err instanceof Error ? err.message : String(err), }, ], + release: noopRelease, }; } } - // sandbox / plugin / other drivers: not yet supported for ad-hoc adapter tests. - return { - executionTarget: null, - environmentName: environment.name, - fallbackChecks: [ - { - code: "environment_driver_not_supported_for_test", - level: "warn", - message: - `Adapter testing inside ${environment.driver} environments is not yet supported. Falling back to a local probe; results may not reflect runs in "${environment.name}".`, - hint: "Run a real heartbeat in the environment to verify end-to-end behavior.", + // sandbox / plugin / other remote drivers: spin up an ad-hoc lease, realize + // the workspace inside the box, and run the same probe SSH uses against + // a sandbox execution target wired to the environment runtime. + // + // We pass `heartbeatRunId: null` because there's no heartbeat run for an + // operator-initiated `Test` invocation — the leases table FKs heartbeat + // run id to heartbeat_runs.id, and we don't want to manufacture a fake + // run row. Cleanup goes through the driver's `releaseRunLease` directly + // (by lease record), since the batch helper queries by heartbeatRunId. + let leaseRecord: Awaited>; + try { + leaseRecord = await environmentRuntime.acquireRunLease({ + companyId: input.companyId, + environment, + issueId: null, + heartbeatRunId: null, + persistedExecutionWorkspace: null, + }); + } catch (err) { + return { + executionTarget: null, + environmentName: environment.name, + fallbackChecks: [ + { + code: "environment_lease_acquire_failed", + level: "error", + message: `Could not acquire a lease for environment "${environment.name}".`, + detail: err instanceof Error ? err.message : String(err), + hint: "Check the environment's provider credentials and quota.", + }, + ], + release: noopRelease, + }; + } + + const driver = environmentRuntime.getDriver(environment.driver); + const releaseLease = async (status: "released" | "failed" = "released") => { + try { + if (driver) { + await driver.releaseRunLease({ + environment, + lease: leaseRecord.lease, + status, + }); + } else { + await environmentsSvc.releaseLease(leaseRecord.lease.id, status); + } + } catch (err) { + // Cleanup failures must not mask the test result. + // eslint-disable-next-line no-console + console.warn( + `[adapter-test] Failed to release lease ${leaseRecord.lease.id}: ${err instanceof Error ? err.message : String(err)}`, + ); + } + }; + + let realizedCwd: string | null = null; + try { + const realized = await environmentRuntime.realizeWorkspace({ + environment, + lease: leaseRecord.lease, + // No host workspace to copy for a Test invocation; sandbox/plugin + // realize implementations use the lease metadata's remoteCwd to + // create the working directory inside the box. + workspace: {}, + }); + realizedCwd = + typeof realized.cwd === "string" && realized.cwd.trim().length > 0 + ? realized.cwd.trim() + : null; + } catch (err) { + await releaseLease("failed"); + return { + executionTarget: null, + environmentName: environment.name, + fallbackChecks: [ + { + code: "environment_workspace_realize_failed", + level: "error", + message: `Could not realize a workspace inside "${environment.name}".`, + detail: err instanceof Error ? err.message : String(err), + }, + ], + release: noopRelease, + }; + } + + let target: AdapterExecutionTarget | null; + try { + // Prefer the cwd the realize step returned; fall back to lease metadata. + const leaseMetadataForTarget: Record | null = + realizedCwd + ? { ...(leaseRecord.lease.metadata ?? {}), remoteCwd: realizedCwd } + : (leaseRecord.lease.metadata as Record | null) ?? null; + + target = await resolveEnvironmentExecutionTarget({ + db, + companyId: input.companyId, + adapterType: input.adapterType, + environment: { + id: environment.id, + driver: environment.driver, + config: environment.config ?? null, }, - ], + leaseId: leaseRecord.lease.id, + leaseMetadata: leaseMetadataForTarget, + lease: leaseRecord.lease, + environmentRuntime, + }); + } catch (err) { + await releaseLease("failed"); + return { + executionTarget: null, + environmentName: environment.name, + fallbackChecks: [ + { + code: "environment_target_failed", + level: "error", + message: `Could not resolve a sandbox execution target for "${environment.name}".`, + detail: err instanceof Error ? err.message : String(err), + }, + ], + release: noopRelease, + }; + } + + if (!target) { + await releaseLease("failed"); + return { + executionTarget: null, + environmentName: environment.name, + fallbackChecks: [ + { + code: "environment_target_unsupported", + level: "warn", + message: + `Adapter "${input.adapterType}" is not allowed in "${environment.name}" environments.`, + }, + ], + release: noopRelease, + }; + } + + return { + executionTarget: target, + environmentName: environment.name, + fallbackChecks: [], + release: releaseLease, }; } @@ -767,7 +936,6 @@ export function agentRoutes( { strictMode: strictSecretsMode }, ); await assertAdapterConfigConstraints( - input.companyId, input.adapterType, input.constraintAdapterConfig ? { ...input.constraintAdapterConfig, ...normalizedAdapterConfig } @@ -864,7 +1032,10 @@ export function agentRoutes( next.model = DEFAULT_GEMINI_LOCAL_MODEL; return ensureGatewayDeviceKey(adapterType, next); } - // OpenCode requires explicit model selection — no default + if (adapterType === "opencode_local" && !asNonEmptyString(next.model)) { + next.model = DEFAULT_OPENCODE_LOCAL_MODEL; + return ensureGatewayDeviceKey(adapterType, next); + } if (adapterType === "cursor" && !asNonEmptyString(next.model)) { next.model = DEFAULT_CURSOR_LOCAL_MODEL; } @@ -872,20 +1043,12 @@ export function agentRoutes( } async function assertAdapterConfigConstraints( - companyId: string, adapterType: string | null | undefined, adapterConfig: Record, ) { if (adapterType !== "opencode_local") return; - const { config: runtimeConfig } = await secretsSvc.resolveAdapterConfigForRuntime(companyId, adapterConfig); - const runtimeEnv = asRecord(runtimeConfig.env) ?? {}; try { - await ensureOpenCodeModelConfiguredAndAvailable({ - model: runtimeConfig.model, - command: runtimeConfig.command, - cwd: runtimeConfig.cwd, - env: runtimeEnv, - }); + requireOpenCodeModelId(adapterConfig.model); } catch (err) { const reason = err instanceof Error ? err.message : String(err); throw unprocessable(`Invalid opencode_local adapterConfig: ${reason}`); @@ -1194,6 +1357,17 @@ export function agentRoutes( const refresh = typeof req.query.refresh === "string" ? ["1", "true", "yes"].includes(req.query.refresh.toLowerCase()) : false; + const environmentId = asNonEmptyString(req.query.environmentId); + const environment = environmentId ? await environmentsSvc.getById(environmentId) : null; + if (environmentId && (!environment || environment.companyId !== companyId)) { + res.status(404).json({ error: "Environment not found" }); + return; + } + if (type === "opencode_local" && environment && environment.driver !== "local") { + const adapter = requireServerAdapter(type); + res.json(adapter.models ?? []); + return; + } const models = refresh ? await refreshAdapterModels(type) : await listAdapterModels(type); @@ -1243,33 +1417,51 @@ export function agentRoutes( normalizedAdapterConfig, ); - const { executionTarget, environmentName, fallbackChecks } = + const { executionTarget, environmentName, fallbackChecks, release } = await resolveAdapterTestExecutionContext({ companyId, adapterType: type, environmentId: requestedEnvironmentId, }); - const result = await adapter.testEnvironment({ - companyId, - adapterType: type, - config: runtimeAdapterConfig, - executionTarget, - environmentName, - }); + let releaseStatus: "released" | "failed" = "released"; + try { + // If the caller explicitly selected an environment, never fall back to + // probing the host when we couldn't resolve that environment's + // execution target. Surface the diagnostic checks instead. + if (requestedEnvironmentId && !executionTarget && fallbackChecks.length > 0) { + const status: AdapterEnvironmentTestResult["status"] = fallbackChecks.some((c) => c.level === "error") + ? "fail" + : fallbackChecks.some((c) => c.level === "warn") + ? "warn" + : "pass"; + if (status === "fail") releaseStatus = "failed"; + const synthesized: AdapterEnvironmentTestResult = { + adapterType: type, + status, + checks: fallbackChecks, + testedAt: new Date().toISOString(), + }; + res.json(synthesized); + return; + } - if (fallbackChecks.length > 0) { - const checks = [...fallbackChecks, ...result.checks]; - const status: typeof result.status = checks.some((c) => c.level === "error") - ? "fail" - : checks.some((c) => c.level === "warn") - ? "warn" - : result.status; - res.json({ ...result, checks, status }); - return; + const result = await adapter.testEnvironment({ + companyId, + adapterType: type, + config: runtimeAdapterConfig, + executionTarget, + environmentName, + }); + + if (result.status === "fail") releaseStatus = "failed"; + res.json(result); + } catch (err) { + releaseStatus = "failed"; + throw err; + } finally { + await release(releaseStatus); } - - res.json(result); }, ); @@ -1997,6 +2189,14 @@ export function agentRoutes( lastHeartbeatAt: null, }); const agent = await materializeDefaultInstructionsBundleForNewAgent(createdAgent, instructionsBundle); + const agentEnv = asRecord(agent.adapterConfig)?.env; + if (agentEnv) { + await secretsSvc.syncEnvBindingsForTarget?.( + companyId, + { targetType: "agent", targetId: agent.id }, + agentEnv, + ); + } const actor = getActorInfo(req); await logActivity(db, { @@ -2473,6 +2673,14 @@ export function agentRoutes( res.status(404).json({ error: "Agent not found" }); return; } + if (touchesAdapterConfiguration) { + const agentEnv = asRecord(agent.adapterConfig)?.env; + await secretsSvc.syncEnvBindingsForTarget?.( + agent.companyId, + { targetType: "agent", targetId: agent.id }, + agentEnv, + ); + } await logActivity(db, { companyId: agent.companyId, @@ -2691,7 +2899,25 @@ export function agentRoutes( res.json({ ok: true }); }); - router.post("/agents/:id/wakeup", validate(wakeAgentSchema), async (req, res) => { + // Shared handler body for the wakeup-style endpoints. The two routes differ + // only in: + // - `source` — the modern /wakeup endpoint reads it from the request body + // (timer|assignment|on_demand|automation) while the legacy + // /heartbeat/invoke endpoint hardcodes "on_demand", since it has only + // ever produced on-demand invocations. + // - skipped-response shape — the modern endpoint surfaces the rich + // SkippedWakeupResponse; the legacy endpoint stays on the simpler + // { status: "skipped" } shape for backward compat. + type HeartbeatSource = "timer" | "assignment" | "on_demand" | "automation"; + type WakeupRouteOpts = { + source: HeartbeatSource | undefined; + skippedResponse: (agent: NonNullable>>) => unknown | Promise; + }; + const handleWakeupRoute = async ( + req: Request, + res: Response, + opts: WakeupRouteOpts, + ): Promise => { const id = req.params.id as string; const agent = await svc.getById(id); if (!agent) { @@ -2710,7 +2936,7 @@ export function agentRoutes( } const run = await heartbeat.wakeup(id, { - source: req.body.source, + source: opts.source, triggerDetail: req.body.triggerDetail ?? "manual", reason: req.body.reason ?? null, payload: req.body.payload ?? null, @@ -2725,7 +2951,7 @@ export function agentRoutes( }); if (!run) { - res.status(202).json(await buildSkippedWakeupResponse(agent, req.body.payload ?? null)); + res.status(202).json(await opts.skippedResponse(agent)); return; } @@ -2743,9 +2969,23 @@ export function agentRoutes( }); res.status(202).json(run); + }; + + router.post("/agents/:id/wakeup", validate(wakeAgentSchema), async (req, res) => { + await handleWakeupRoute(req, res, { + source: req.body.source, + skippedResponse: (agent) => buildSkippedWakeupResponse(agent, req.body.payload ?? null), + }); }); router.post("/agents/:id/heartbeat/invoke", async (req, res) => { + // Legacy endpoint. Hardcodes `source: "on_demand"` (the prior behavior + // before the wakeup/invoke convergence). Reads scope fields directly off + // the body without `validate(wakeAgentSchema)` because callers — including + // the e2e suite — post an empty body, and the schema rejects undefined + // / missing bodies. Only forwards fields the caller actually supplied so + // an empty body produces the original fixed-arg `heartbeat.invoke()` + // shape exactly. const id = req.params.id as string; const agent = await svc.getById(id); if (!agent) { @@ -2763,19 +3003,37 @@ export function agentRoutes( await assertBoardCanManageAgentsForCompany(req, agent.companyId); } - const run = await heartbeat.invoke( - id, - "on_demand", - { - triggeredBy: req.actor.type, - actorId: req.actor.type === "agent" ? req.actor.agentId : req.actor.userId, - }, - "manual", - { - actorType: req.actor.type === "agent" ? "agent" : "user", - actorId: req.actor.type === "agent" ? req.actor.agentId ?? null : req.actor.userId ?? null, - }, - ); + const body = (req.body ?? {}) as Partial<{ + reason: unknown; + payload: unknown; + idempotencyKey: unknown; + forceFreshSession: unknown; + triggerDetail: unknown; + }>; + const contextSnapshot: Record = { + triggeredBy: req.actor.type, + actorId: req.actor.type === "agent" ? req.actor.agentId : req.actor.userId, + }; + if (body.forceFreshSession === true) { + contextSnapshot.forceFreshSession = true; + } + const wakeOpts: Parameters[1] = { + source: "on_demand", + triggerDetail: typeof body.triggerDetail === "string" ? body.triggerDetail as "manual" | "system" | "ping" | "callback" : "manual", + requestedByActorType: req.actor.type === "agent" ? "agent" : "user", + requestedByActorId: req.actor.type === "agent" ? req.actor.agentId ?? null : req.actor.userId ?? null, + contextSnapshot, + }; + if (typeof body.reason === "string" && body.reason.length > 0) { + wakeOpts.reason = body.reason; + } + if (body.payload && typeof body.payload === "object" && !Array.isArray(body.payload)) { + wakeOpts.payload = body.payload as Record; + } + if (typeof body.idempotencyKey === "string" && body.idempotencyKey.length > 0) { + wakeOpts.idempotencyKey = body.idempotencyKey; + } + const run = await heartbeat.wakeup(id, wakeOpts); if (!run) { res.status(202).json({ status: "skipped" }); @@ -3082,8 +3340,8 @@ export function agentRoutes( router.get("/issues/:issueId/live-runs", async (req, res) => { const rawId = req.params.issueId as string; const issueSvc = issueService(db); - const isIdentifier = /^[A-Z]+-\d+$/i.test(rawId); - const issue = isIdentifier ? await issueSvc.getByIdentifier(rawId) : await issueSvc.getById(rawId); + const identifier = normalizeIssueIdentifier(rawId); + const issue = identifier ? await issueSvc.getByIdentifier(identifier) : await issueSvc.getById(rawId); if (!issue) { res.status(404).json({ error: "Issue not found" }); return; @@ -3136,8 +3394,8 @@ export function agentRoutes( router.get("/issues/:issueId/active-run", async (req, res) => { const rawId = req.params.issueId as string; const issueSvc = issueService(db); - const isIdentifier = /^[A-Z]+-\d+$/i.test(rawId); - const issue = isIdentifier ? await issueSvc.getByIdentifier(rawId) : await issueSvc.getById(rawId); + const identifier = normalizeIssueIdentifier(rawId); + const issue = identifier ? await issueSvc.getByIdentifier(identifier) : await issueSvc.getById(rawId); if (!issue) { res.status(404).json({ error: "Issue not found" }); return; diff --git a/server/src/routes/costs.ts b/server/src/routes/costs.ts index 3f3514e6..8f7569d7 100644 --- a/server/src/routes/costs.ts +++ b/server/src/routes/costs.ts @@ -3,6 +3,7 @@ import type { Db } from "@paperclipai/db"; import { createCostEventSchema, createFinanceEventSchema, + normalizeIssueIdentifier, resolveBudgetIncidentSchema, updateBudgetSchema, upsertBudgetPolicySchema, @@ -62,8 +63,9 @@ export function costRoutes( const issues = issueService(db); async function resolveIssueByRef(rawId: string) { - if (/^[A-Z]+-\d+$/i.test(rawId)) { - return issues.getByIdentifier(rawId); + const identifier = normalizeIssueIdentifier(rawId); + if (identifier) { + return issues.getByIdentifier(identifier); } return issues.getById(rawId); } @@ -143,7 +145,8 @@ export function costRoutes( return; } assertCompanyAccess(req, issue.companyId); - const summary = await costs.issueTreeSummary(issue.companyId, issue.id); + const excludeRoot = req.query.excludeRoot === "true" || req.query.excludeRoot === "1"; + const summary = await costs.issueTreeSummary(issue.companyId, issue.id, { excludeRoot }); res.json(summary); }); diff --git a/server/src/routes/environments.ts b/server/src/routes/environments.ts index fd7976ca..2c0daded 100644 --- a/server/src/routes/environments.ts +++ b/server/src/routes/environments.ts @@ -17,6 +17,7 @@ import { projectService, } from "../services/index.js"; import { + collectEnvironmentSecretRefs, normalizeEnvironmentConfigForPersistence, normalizeEnvironmentConfigForProbe, parseEnvironmentDriverConfig, @@ -26,6 +27,7 @@ import { import { probeEnvironment } from "../services/environment-probe.js"; import { secretService } from "../services/secrets.js"; import { listReadyPluginEnvironmentDrivers } from "../services/plugin-environment-driver.js"; +import { getConfiguredSecretProvider } from "../secrets/configured-provider.js"; import { assertCompanyAccess, getActorInfo } from "./authz.js"; import type { PluginWorkerManager } from "../services/plugin-worker-manager.js"; import { environmentService } from "../services/environments.js"; @@ -202,6 +204,7 @@ export function environmentRoutes( companyId, environmentName: req.body.name, driver: req.body.driver, + secretProvider: getConfiguredSecretProvider(), config: req.body.config, actor: { agentId: actor.agentId, @@ -211,6 +214,11 @@ export function environmentRoutes( }), }; const environment = await svc.create(companyId, input); + await secrets.syncSecretRefsForTarget( + companyId, + { targetType: "environment", targetId: environment.id }, + await collectEnvironmentSecretRefs({ db, environment }), + ); await logActivity(db, { companyId, actorType: actor.actorType, @@ -305,6 +313,7 @@ export function environmentRoutes( companyId: existing.companyId, environmentName: nextName, driver: nextDriver, + secretProvider: getConfiguredSecretProvider(), config: configSource, actor: { agentId: actor.agentId, @@ -320,6 +329,13 @@ export function environmentRoutes( res.status(404).json({ error: "Environment not found" }); return; } + if (patch.config !== undefined || patch.driver !== undefined) { + await secrets.syncSecretRefsForTarget( + environment.companyId, + { targetType: "environment", targetId: environment.id }, + await collectEnvironmentSecretRefs({ db, environment }), + ); + } await logActivity(db, { companyId: environment.companyId, actorType: actor.actorType, diff --git a/server/src/routes/issues.ts b/server/src/routes/issues.ts index 60916144..1b7a5a7d 100644 --- a/server/src/routes/issues.ts +++ b/server/src/routes/issues.ts @@ -2,12 +2,14 @@ import { randomUUID } from "node:crypto"; import { Router, type Request, type Response } from "express"; import multer from "multer"; import { z } from "zod"; +import { and, desc, eq, inArray } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; -import { issueExecutionDecisions } from "@paperclipai/db"; +import { activityLog, executionWorkspaces, issueExecutionDecisions, projectWorkspaces } from "@paperclipai/db"; import { addIssueCommentSchema, acceptIssueThreadInteractionSchema, cancelIssueThreadInteractionSchema, + companySearchQuerySchema, createIssueAttachmentMetadataSchema, createIssueThreadInteractionSchema, createIssueWorkProductSchema, @@ -15,6 +17,7 @@ import { checkoutIssueSchema, createChildIssueSchema, createIssueSchema, + resolveCreateIssueStatusDefault, feedbackTargetTypeSchema, feedbackTraceStatusSchema, feedbackVoteValueSchema, @@ -30,7 +33,11 @@ import { updateIssueSchema, getClosedIsolatedExecutionWorkspaceMessage, isClosedIsolatedExecutionWorkspace, + normalizeIssueIdentifier as normalizeIssueReferenceIdentifier, + type CompanySearchQuery, + type CompanySearchResponse, type ExecutionWorkspace, + type SuccessfulRunHandoffState, } from "@paperclipai/shared"; import { trackAgentTaskCompleted } from "@paperclipai/shared/telemetry"; import { getTelemetryClient } from "../telemetry.js"; @@ -41,6 +48,7 @@ import { accessService, agentService, companyService, + companySearchService, executionWorkspaceService, goalService, heartbeatService, @@ -58,7 +66,7 @@ import { workProductService, } from "../services/index.js"; import { logger } from "../middleware/logger.js"; -import { conflict, forbidden, HttpError, notFound, unauthorized } from "../errors.js"; +import { conflict, forbidden, HttpError, notFound, unauthorized, unprocessable } from "../errors.js"; import { assertBoard, assertCompanyAccess, getActorInfo } from "./authz.js"; import { assertNoAgentHostWorkspaceCommandMutation, @@ -77,11 +85,19 @@ import { executionWorkspaceService as executionWorkspaceServiceDirect } from ".. import { feedbackService } from "../services/feedback.js"; import { instanceSettingsService } from "../services/instance-settings.js"; import { environmentService } from "../services/environments.js"; +import { redactSensitiveText } from "../redaction.js"; +import { + createCompanySearchRateLimiter, + type CompanySearchRateLimiter, +} from "../services/company-search-rate-limit.js"; import { applyIssueExecutionPolicyTransition, normalizeIssueExecutionPolicy, parseIssueExecutionState, + redactIssueMonitorExternalRef, + setIssueExecutionPolicyMonitorScheduledBy, } from "../services/issue-execution-policy.js"; +import { parseIssueExecutionWorkspaceSettings } from "../services/execution-workspace-policy.js"; import type { PluginWorkerManager } from "../services/plugin-worker-manager.js"; const MAX_ISSUE_COMMENT_LIMIT = 500; @@ -91,6 +107,9 @@ const updateIssueRouteSchema = updateIssueSchema.extend({ type ParsedExecutionState = NonNullable>; type NormalizedExecutionPolicy = NonNullable>; +type CompanySearchService = { + search(companyId: string, query: CompanySearchQuery): Promise; +}; type ActivityIssueRelationSummary = { id: string; identifier: string | null; @@ -110,6 +129,290 @@ type ExecutionStageWakeContext = { lastDecisionOutcome: ParsedExecutionState["lastDecisionOutcome"]; allowedActions: string[]; }; +type SuccessfulRunHandoffActivityRow = { + entityId: string; + action: string; + agentId: string | null; + runId: string | null; + details: Record | null; + createdAt: Date; +}; + +function applyCreateIssueStatusDefault(req: Request, res: Response, next: () => void) { + if (!req.body || typeof req.body !== "object" || Array.isArray(req.body)) { + next(); + return; + } + + const resolution = resolveCreateIssueStatusDefault(req.body as Record); + res.locals.createIssueStatusDefault = resolution; + if (resolution.defaulted) { + req.body = { + ...req.body, + status: resolution.status, + }; + } + next(); +} + +function buildCreateIssueActivityStatusDetails( + issue: { assigneeAgentId: string | null; status: string }, + res: Response, +) { + const statusDefault = res.locals.createIssueStatusDefault as + | ReturnType + | undefined; + const assignmentWakeSkipped = !issue.assigneeAgentId || issue.status === "backlog"; + return { + status: issue.status, + statusDefaulted: statusDefault?.defaulted ?? false, + statusDefaultReason: statusDefault?.reason ?? "explicit", + assignmentWakeSkipped, + assignmentWakeSkipReason: assignmentWakeSkipped + ? issue.assigneeAgentId + ? "assigned_backlog" + : "no_agent_assignee" + : null, + }; +} + +const SUCCESSFUL_RUN_HANDOFF_ACTIONS = [ + "issue.successful_run_handoff_required", + "issue.successful_run_handoff_resolved", + "issue.successful_run_handoff_escalated", +] as const; + +const ISSUE_WORKSPACE_AUDIT_FIELDS = new Set([ + "projectWorkspaceId", + "executionWorkspaceId", + "executionWorkspacePreference", + "executionWorkspaceSettings", +]); + +function readNonEmptyString(value: unknown): string | null { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function hasIssueWorkspaceAuditChange(previous: Record) { + return Object.keys(previous).some((key) => ISSUE_WORKSPACE_AUDIT_FIELDS.has(key)); +} + +function labelIssueWorkspaceMode(mode: string | null) { + switch (mode) { + case "shared_workspace": + return "Project default"; + case "isolated_workspace": + return "New isolated workspace"; + case "operator_branch": + return "Operator branch"; + case "reuse_existing": + return "Reuse existing workspace"; + case "agent_default": + return "Agent default"; + case "inherit": + return "Inherited workspace"; + default: + return "No workspace"; + } +} + +type IssueWorkspaceAuditInput = { + projectWorkspaceId?: string | null; + executionWorkspaceId?: string | null; + executionWorkspacePreference?: string | null; + executionWorkspaceSettings?: unknown; +}; + +type WorkspaceNameMaps = { + projectWorkspaceNames: Map; + executionWorkspaceNames: Map; +}; + +function emptyWorkspaceNameMaps(): WorkspaceNameMaps { + return { + projectWorkspaceNames: new Map(), + executionWorkspaceNames: new Map(), + }; +} + +function summarizeIssueWorkspaceForActivity( + issue: IssueWorkspaceAuditInput, + names: WorkspaceNameMaps, +) { + const settings = parseIssueExecutionWorkspaceSettings(issue.executionWorkspaceSettings); + const mode = settings?.mode ?? issue.executionWorkspacePreference ?? null; + const executionWorkspaceId = issue.executionWorkspaceId ?? null; + const projectWorkspaceId = issue.projectWorkspaceId ?? null; + + const label = (() => { + if (executionWorkspaceId) { + return names.executionWorkspaceNames.get(executionWorkspaceId) ?? `Workspace ${executionWorkspaceId.slice(0, 8)}`; + } + if (projectWorkspaceId) { + return names.projectWorkspaceNames.get(projectWorkspaceId) ?? `Workspace ${projectWorkspaceId.slice(0, 8)}`; + } + return labelIssueWorkspaceMode(mode); + })(); + + return { + label, + projectWorkspaceId, + executionWorkspaceId, + mode, + }; +} + +async function buildIssueWorkspaceChangeActivityDetails( + db: Db, + companyId: string, + previousIssue: IssueWorkspaceAuditInput, + nextIssue: IssueWorkspaceAuditInput, +) { + const projectWorkspaceIds = [ + previousIssue.projectWorkspaceId, + nextIssue.projectWorkspaceId, + ].filter((value): value is string => typeof value === "string" && value.length > 0); + const executionWorkspaceIds = [ + previousIssue.executionWorkspaceId, + nextIssue.executionWorkspaceId, + ].filter((value): value is string => typeof value === "string" && value.length > 0); + + const [projectRows, executionRows] = await Promise.all([ + projectWorkspaceIds.length > 0 + ? db + .select({ id: projectWorkspaces.id, name: projectWorkspaces.name }) + .from(projectWorkspaces) + .where(and(eq(projectWorkspaces.companyId, companyId), inArray(projectWorkspaces.id, projectWorkspaceIds))) + : Promise.resolve([]), + executionWorkspaceIds.length > 0 + ? db + .select({ id: executionWorkspaces.id, name: executionWorkspaces.name }) + .from(executionWorkspaces) + .where(and(eq(executionWorkspaces.companyId, companyId), inArray(executionWorkspaces.id, executionWorkspaceIds))) + : Promise.resolve([]), + ]); + + const names: WorkspaceNameMaps = { + projectWorkspaceNames: new Map(projectRows.map((row) => [row.id, row.name])), + executionWorkspaceNames: new Map(executionRows.map((row) => [row.id, row.name])), + }; + + return { + from: summarizeIssueWorkspaceForActivity(previousIssue, names), + to: summarizeIssueWorkspaceForActivity(nextIssue, names), + }; +} + +function hasExecutionParticipant(value: unknown) { + const state = parseIssueExecutionState(value); + if (!state || state.status !== "pending") return false; + const participant = state.currentParticipant; + if (!participant) return false; + if (participant.type === "agent") return Boolean(participant.agentId); + if (participant.type === "user") return Boolean(participant.userId); + return false; +} + +function hasScheduledMonitor(input: { + existingMonitorNextCheckAt?: Date | null; + patchMonitorNextCheckAt?: unknown; + executionPolicy?: unknown; +}) { + if (input.patchMonitorNextCheckAt instanceof Date && !Number.isNaN(input.patchMonitorNextCheckAt.getTime())) return true; + if (input.patchMonitorNextCheckAt === undefined && input.existingMonitorNextCheckAt) return true; + const policy = normalizeIssueExecutionPolicy(input.executionPolicy ?? null); + return Boolean(policy?.monitor?.nextCheckAt); +} + +function successfulRunHandoffStateFromActivity(row: { + action: string; + agentId: string | null; + runId: string | null; + details: Record | null; + createdAt: Date; +}): SuccessfulRunHandoffState | null { + const details = row.details ?? {}; + const state = + row.action === "issue.successful_run_handoff_required" + ? "required" + : row.action === "issue.successful_run_handoff_resolved" + ? "resolved" + : row.action === "issue.successful_run_handoff_escalated" + ? "escalated" + : null; + if (!state) return null; + + const detectedProgressSummary = + readNonEmptyString(details.detectedProgressSummary) + ?? readNonEmptyString(details.detected_progress_summary) + ?? null; + + return { + state, + required: state === "required", + sourceRunId: + readNonEmptyString(details.sourceRunId) + ?? readNonEmptyString(details.source_run_id) + ?? readNonEmptyString(details.resumeFromRunId) + ?? row.runId + ?? null, + correctiveRunId: + readNonEmptyString(details.correctiveRunId) + ?? readNonEmptyString(details.corrective_run_id) + ?? (state !== "required" ? row.runId : null), + assigneeAgentId: + readNonEmptyString(details.assigneeAgentId) + ?? readNonEmptyString(details.agentId) + ?? row.agentId + ?? null, + detectedProgressSummary: detectedProgressSummary + ? redactSensitiveText(detectedProgressSummary) + : null, + createdAt: row.createdAt, + }; +} + +async function listSuccessfulRunHandoffStates( + db: Db, + companyId: string, + issueIds: string[], +): Promise> { + if (issueIds.length === 0) return new Map(); + const rows = await db + .select({ + entityId: activityLog.entityId, + action: activityLog.action, + agentId: activityLog.agentId, + runId: activityLog.runId, + details: activityLog.details, + createdAt: activityLog.createdAt, + }) + .from(activityLog) + .where(and( + eq(activityLog.companyId, companyId), + eq(activityLog.entityType, "issue"), + inArray(activityLog.entityId, issueIds), + inArray(activityLog.action, [...SUCCESSFUL_RUN_HANDOFF_ACTIONS]), + )) + .orderBy(activityLog.entityId, desc(activityLog.createdAt), desc(activityLog.id)) as SuccessfulRunHandoffActivityRow[]; + + const states = new Map(); + for (const row of rows) { + if (states.has(row.entityId)) continue; + const state = successfulRunHandoffStateFromActivity(row); + if (state) states.set(row.entityId, state); + } + return states; +} + +const ACTIVE_REVIEW_APPROVAL_STATUSES = new Set(["pending", "revision_requested"]); + +const INVALID_AGENT_IN_REVIEW_DISPOSITION_MESSAGE = + "invalid_issue_disposition: Agent-authored updates that move an issue to in_review must include a real review path. " + + "This request would leave the issue in_review without anyone or anything owning the next action. " + + "Keep working instead of moving to review, create a request_confirmation or ask_user_questions interaction, " + + "link or request a pending approval, assign a human reviewer with assigneeUserId, set a typed executionState.currentParticipant through an execution policy, " + + "or schedule an issue monitor for an external review/check. After creating one of those review paths, retry the status update."; function executionPrincipalsEqual( left: ParsedExecutionState["currentParticipant"] | null, @@ -148,6 +451,23 @@ function summarizeIssueRelationForActivity(relation: { }; } +const defaultCompanySearchRateLimiter = createCompanySearchRateLimiter(); + +function companySearchRateLimitActor(req: Request, companyId: string) { + if (req.actor.type === "agent") { + return { + companyId, + actorType: "agent" as const, + actorId: req.actor.agentId ?? req.actor.keyId ?? "unknown-agent", + }; + } + return { + companyId, + actorType: "board" as const, + actorId: req.actor.userId ?? req.actor.source ?? "board", + }; +} + function summarizeIssueReferenceActivityDetails(input: | { addedReferencedIssues: ActivityIssueRelationSummary[]; @@ -165,6 +485,53 @@ function summarizeIssueReferenceActivityDetails(input: }; } +function monitorPoliciesEqual(left: NormalizedExecutionPolicy | null, right: NormalizedExecutionPolicy | null) { + return JSON.stringify(left?.monitor ?? null) === JSON.stringify(right?.monitor ?? null); +} + +function applyActorMonitorScheduledBy( + policy: NormalizedExecutionPolicy | null, + actorType: "agent" | "user", +) { + return setIssueExecutionPolicyMonitorScheduledBy(policy, actorType === "user" ? "board" : "assignee"); +} + +function assertCanManageIssueMonitor(req: Request, assigneeAgentId: string | null, monitorChanged: boolean) { + if (!monitorChanged) return; + if (req.actor.type === "board") return; + if (req.actor.type === "agent" && req.actor.agentId && req.actor.agentId === assigneeAgentId) return; + throw forbidden("Only the assignee agent or a board user can manage issue monitors"); +} + +function summarizeIssueMonitor( + issue: { + monitorNextCheckAt?: Date | null; + monitorLastTriggeredAt?: Date | null; + monitorAttemptCount?: number | null; + monitorNotes?: string | null; + monitorScheduledBy?: string | null; + executionState?: unknown; + }, + policy: NormalizedExecutionPolicy | null, +) { + const state = parseIssueExecutionState(issue.executionState); + return { + nextCheckAt: issue.monitorNextCheckAt?.toISOString() ?? policy?.monitor?.nextCheckAt ?? null, + lastTriggeredAt: issue.monitorLastTriggeredAt?.toISOString() ?? state?.monitor?.lastTriggeredAt ?? null, + attemptCount: issue.monitorAttemptCount ?? state?.monitor?.attemptCount ?? 0, + notes: policy?.monitor?.notes ?? issue.monitorNotes ?? state?.monitor?.notes ?? null, + scheduledBy: issue.monitorScheduledBy ?? policy?.monitor?.scheduledBy ?? state?.monitor?.scheduledBy ?? null, + kind: policy?.monitor?.kind ?? state?.monitor?.kind ?? null, + serviceName: policy?.monitor?.serviceName ?? state?.monitor?.serviceName ?? null, + externalRef: redactIssueMonitorExternalRef(policy?.monitor?.externalRef ?? state?.monitor?.externalRef ?? null), + timeoutAt: policy?.monitor?.timeoutAt ?? state?.monitor?.timeoutAt ?? null, + maxAttempts: policy?.monitor?.maxAttempts ?? state?.monitor?.maxAttempts ?? null, + recoveryPolicy: policy?.monitor?.recoveryPolicy ?? state?.monitor?.recoveryPolicy ?? null, + status: state?.monitor?.status ?? (policy?.monitor ? "scheduled" : null), + clearReason: state?.monitor?.clearReason ?? null, + }; +} + function activityExecutionParticipantKey(participant: ActivityExecutionParticipant): string { return participant.type === "agent" ? `agent:${participant.agentId}` : `user:${participant.userId}`; } @@ -396,6 +763,8 @@ export function issueRoutes( now?: Date; }): Promise; }; + searchService?: CompanySearchService; + searchRateLimiter?: CompanySearchRateLimiter; pluginWorkerManager?: PluginWorkerManager; } = {}, ) { @@ -407,6 +776,12 @@ export function issueRoutes( }); const feedback = feedbackService(db); const companiesSvc = companyService(db); + let searchSvc = opts.searchService ?? null; + const getSearchService = () => { + searchSvc ??= companySearchService(db); + return searchSvc; + }; + const searchRateLimiter = opts.searchRateLimiter ?? defaultCompanySearchRateLimiter; const instanceSettings = instanceSettingsService(db); const agentsSvc = agentService(db); const projectsSvc = projectService(db); @@ -454,6 +829,59 @@ export function issueRoutes( ); } + async function assertAgentInReviewReviewPath(input: { + existing: { + id: string; + companyId: string; + status: string; + assigneeUserId?: string | null; + executionState?: unknown; + monitorNextCheckAt?: Date | null; + }; + updateFields: Record; + actorType: string; + }) { + const nextStatus = typeof input.updateFields.status === "string" + ? input.updateFields.status + : input.existing.status; + if (input.actorType !== "agent" || input.existing.status === "in_review" || nextStatus !== "in_review") return; + + const nextAssigneeUserId = input.updateFields.assigneeUserId === undefined + ? input.existing.assigneeUserId + : input.updateFields.assigneeUserId; + if (typeof nextAssigneeUserId === "string" && nextAssigneeUserId.trim().length > 0) return; + + const nextExecutionState = input.updateFields.executionState === undefined + ? input.existing.executionState + : input.updateFields.executionState; + if (hasExecutionParticipant(nextExecutionState)) return; + + const nextExecutionPolicy = input.updateFields.executionPolicy; + if (hasScheduledMonitor({ + existingMonitorNextCheckAt: input.existing.monitorNextCheckAt ?? null, + patchMonitorNextCheckAt: input.updateFields.monitorNextCheckAt, + executionPolicy: nextExecutionPolicy, + })) return; + + const interactions = await issueThreadInteractionService(db).listForIssue(input.existing.id); + if (interactions.some((interaction) => interaction.status === "pending")) return; + + const approvals = await issueApprovalsSvc.listApprovalsForIssue(input.existing.id); + if (approvals.some((approval) => ACTIVE_REVIEW_APPROVAL_STATUSES.has(String(approval.status)))) return; + + throw unprocessable(INVALID_AGENT_IN_REVIEW_DISPOSITION_MESSAGE, { + code: "invalid_issue_disposition", + missing: "review_path", + validReviewPaths: [ + "pending_issue_thread_interaction", + "linked_pending_approval", + "human_assignee_user_id", + "typed_execution_state_current_participant", + "scheduled_issue_monitor", + ], + }); + } + async function logExpiredRequestConfirmations(input: { issue: { id: string; companyId: string; identifier?: string | null }; interactions: Array<{ id: string; kind: string; status: string; result?: unknown }>; @@ -661,6 +1089,23 @@ export function issueRoutes( return true; } + function assertStructuredCommentFieldsAllowed( + req: Request, + res: Response, + input: { presentation?: unknown; metadata?: unknown }, + ) { + const hasStructuredFields = input.presentation !== undefined || input.metadata !== undefined; + if (!hasStructuredFields) return true; + if (req.actor.type === "board") return true; + res.status(403).json({ + error: "Only board users may set structured comment presentation or metadata", + details: { + securityPrinciples: ["Least Privilege", "Secure Defaults", "Complete Mediation"], + }, + }); + return false; + } + async function assertExplicitResumeIntentAllowed( req: Request, res: Response, @@ -831,9 +1276,10 @@ export function issueRoutes( }); } - async function normalizeIssueIdentifier(rawId: string): Promise { - if (/^[A-Z]+-\d+$/i.test(rawId)) { - const issue = await svc.getByIdentifier(rawId); + async function resolveIssueRouteId(rawId: string): Promise { + const identifier = normalizeIssueReferenceIdentifier(rawId); + if (identifier) { + const issue = await svc.getByIdentifier(identifier); if (issue) { return issue.id; } @@ -871,7 +1317,7 @@ export function issueRoutes( // Resolve issue identifiers (e.g. "PAP-39") to UUIDs for all /issues/:id routes router.param("id", async (req, res, next, rawId) => { try { - req.params.id = await normalizeIssueIdentifier(rawId); + req.params.id = await resolveIssueRouteId(rawId); next(); } catch (err) { next(err); @@ -881,7 +1327,7 @@ export function issueRoutes( // Resolve issue identifiers (e.g. "PAP-39") to UUIDs for company-scoped attachment routes. router.param("issueId", async (req, res, next, rawId) => { try { - req.params.issueId = await normalizeIssueIdentifier(rawId); + req.params.issueId = await resolveIssueRouteId(rawId); next(); } catch (err) { next(err); @@ -895,6 +1341,25 @@ export function issueRoutes( }); }); + router.get("/companies/:companyId/search", async (req, res) => { + const companyId = req.params.companyId as string; + assertCompanyAccess(req, companyId); + const query = companySearchQuerySchema.parse(req.query); + const rateLimit = searchRateLimiter.consume(companySearchRateLimitActor(req, companyId)); + res.setHeader("X-RateLimit-Limit", String(rateLimit.limit)); + res.setHeader("X-RateLimit-Remaining", String(rateLimit.remaining)); + if (!rateLimit.allowed) { + res.setHeader("Retry-After", String(rateLimit.retryAfterSeconds)); + res.status(429).json({ + error: "Search rate limit exceeded", + retryAfterSeconds: rateLimit.retryAfterSeconds, + }); + return; + } + const result = await getSearchService().search(companyId, query); + res.json(result); + }); + router.get("/companies/:companyId/issues", async (req, res) => { const companyId = req.params.companyId as string; assertCompanyAccess(req, companyId); @@ -969,17 +1434,28 @@ export function issueRoutes( descendantOf: req.query.descendantOf as string | undefined, labelId: req.query.labelId as string | undefined, originKind: req.query.originKind as string | undefined, + originKindPrefix: req.query.originKindPrefix as string | undefined, originId: req.query.originId as string | undefined, includeRoutineExecutions: req.query.includeRoutineExecutions === "true" || req.query.includeRoutineExecutions === "1", excludeRoutineExecutions: req.query.excludeRoutineExecutions === "true" || req.query.excludeRoutineExecutions === "1", + includePluginOperations: + req.query.includePluginOperations === "true" || req.query.includePluginOperations === "1", includeBlockedBy: req.query.includeBlockedBy === "true" || req.query.includeBlockedBy === "1", q: req.query.q as string | undefined, limit, offset, }); - res.json(result); + const handoffStates = await listSuccessfulRunHandoffStates( + db, + companyId, + result.map((issue) => issue.id), + ); + res.json(result.map((issue) => ({ + ...issue, + successfulRunHandoff: handoffStates.get(issue.id) ?? null, + }))); }); router.get("/companies/:companyId/labels", async (req, res) => { @@ -1061,6 +1537,7 @@ export function issueRoutes( relations, blockerAttention, productivityReview, + scheduledRetry, attachments, continuationSummary, currentExecutionWorkspace, @@ -1073,6 +1550,7 @@ export function issueRoutes( svc.getRelationSummaries(issue.id), svc.listBlockerAttention(issue.companyId, [issue]).then((map) => map.get(issue.id) ?? null), svc.listProductivityReviews(issue.companyId, [issue.id]).then((map) => map.get(issue.id) ?? null), + svc.getCurrentScheduledRetry(issue.id), svc.listAttachments(issue.id), documentsSvc.getIssueDocumentByKey(issue.id, ISSUE_CONTINUATION_SUMMARY_DOCUMENT_KEY), currentExecutionWorkspacePromise, @@ -1085,8 +1563,10 @@ export function issueRoutes( title: issue.title, description: issue.description, status: issue.status, + workMode: issue.workMode, ...(blockerAttention ? { blockerAttention } : {}), productivityReview, + scheduledRetry, priority: issue.priority, projectId: issue.projectId, goalId: goal?.id ?? issue.goalId, @@ -1167,6 +1647,8 @@ export function issueRoutes( blockerAttention, productivityReview, referenceSummary, + successfulRunHandoffStates, + scheduledRetry, ] = await Promise.all([ resolveIssueProjectAndGoal(issue), svc.getAncestors(issue.id), @@ -1176,6 +1658,8 @@ export function issueRoutes( svc.listBlockerAttention(issue.companyId, [issue]).then((map) => map.get(issue.id) ?? null), svc.listProductivityReviews(issue.companyId, [issue.id]).then((map) => map.get(issue.id) ?? null), issueReferencesSvc.listIssueReferenceSummary(issue.id), + listSuccessfulRunHandoffStates(db, issue.companyId, [issue.id]), + svc.getCurrentScheduledRetry(issue.id), ]); const mentionedProjects = mentionedProjectIds.length > 0 ? await projectsSvc.listByIds(issue.companyId, mentionedProjectIds) @@ -1190,6 +1674,8 @@ export function issueRoutes( ancestors, ...(blockerAttention ? { blockerAttention } : {}), productivityReview, + successfulRunHandoff: successfulRunHandoffStates.get(issue.id) ?? null, + scheduledRetry, blockedBy: relations.blockedBy, blocks: relations.blocks, relatedWork: referenceSummary, @@ -1802,7 +2288,7 @@ export function issueRoutes( res.json({ ok: true }); }); - router.post("/companies/:companyId/issues", validate(createIssueSchema), async (req, res) => { + router.post("/companies/:companyId/issues", applyCreateIssueStatusDefault, validate(createIssueSchema), async (req, res) => { const companyId = req.params.companyId as string; assertCompanyAccess(req, companyId); assertNoAgentHostWorkspaceCommandMutation(req, collectIssueWorkspaceCommandPaths(req.body)); @@ -1812,7 +2298,11 @@ export function issueRoutes( await assertIssueEnvironmentSelection(companyId, req.body.executionWorkspaceSettings?.environmentId); const actor = getActorInfo(req); - const executionPolicy = normalizeIssueExecutionPolicy(req.body.executionPolicy); + const executionPolicy = applyActorMonitorScheduledBy( + normalizeIssueExecutionPolicy(req.body.executionPolicy), + actor.actorType, + ); + assertCanManageIssueMonitor(req, req.body.assigneeAgentId ?? null, Boolean(executionPolicy?.monitor)); const issue = await svc.create(companyId, { ...req.body, executionPolicy, @@ -1838,6 +2328,7 @@ export function issueRoutes( details: { title: issue.title, identifier: issue.identifier, + ...buildCreateIssueActivityStatusDetails(issue, res), ...(Array.isArray(req.body.blockedByIssueIds) ? { blockedByIssueIds: req.body.blockedByIssueIds } : {}), ...summarizeIssueReferenceActivityDetails({ addedReferencedIssues: referenceDiff.addedReferencedIssues.map(summarizeIssueRelationForActivity), @@ -1847,6 +2338,29 @@ export function issueRoutes( }, }); + if (executionPolicy?.monitor) { + await logActivity(db, { + companyId, + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId, + runId: actor.runId, + action: "issue.monitor_scheduled", + entityType: "issue", + entityId: issue.id, + details: { + identifier: issue.identifier, + nextCheckAt: executionPolicy.monitor.nextCheckAt, + notes: executionPolicy.monitor.notes, + scheduledBy: executionPolicy.monitor.scheduledBy, + serviceName: executionPolicy.monitor.serviceName ?? null, + timeoutAt: executionPolicy.monitor.timeoutAt ?? null, + maxAttempts: executionPolicy.monitor.maxAttempts ?? null, + recoveryPolicy: executionPolicy.monitor.recoveryPolicy ?? null, + }, + }); + } + void queueIssueAssignmentWakeup({ heartbeat, issue, @@ -1864,7 +2378,7 @@ export function issueRoutes( }); }); - router.post("/issues/:id/children", validate(createChildIssueSchema), async (req, res) => { + router.post("/issues/:id/children", applyCreateIssueStatusDefault, validate(createChildIssueSchema), async (req, res) => { const parentId = req.params.id as string; const parent = await svc.getById(parentId); if (!parent) { @@ -1879,7 +2393,11 @@ export function issueRoutes( await assertIssueEnvironmentSelection(parent.companyId, req.body.executionWorkspaceSettings?.environmentId); const actor = getActorInfo(req); - const executionPolicy = normalizeIssueExecutionPolicy(req.body.executionPolicy); + const executionPolicy = applyActorMonitorScheduledBy( + normalizeIssueExecutionPolicy(req.body.executionPolicy), + actor.actorType, + ); + assertCanManageIssueMonitor(req, req.body.assigneeAgentId ?? null, Boolean(executionPolicy?.monitor)); const { issue, parentBlockerAdded } = await svc.createChild(parent.id, { ...req.body, executionPolicy, @@ -1902,12 +2420,37 @@ export function issueRoutes( parentId: parent.id, identifier: issue.identifier, title: issue.title, + ...buildCreateIssueActivityStatusDetails(issue, res), inheritedExecutionWorkspaceFromIssueId: parent.id, ...(Array.isArray(req.body.blockedByIssueIds) ? { blockedByIssueIds: req.body.blockedByIssueIds } : {}), ...(parentBlockerAdded ? { parentBlockerAdded: true } : {}), }, }); + if (executionPolicy?.monitor) { + await logActivity(db, { + companyId: parent.companyId, + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId, + runId: actor.runId, + action: "issue.monitor_scheduled", + entityType: "issue", + entityId: issue.id, + details: { + identifier: issue.identifier, + parentId: parent.id, + nextCheckAt: executionPolicy.monitor.nextCheckAt, + notes: executionPolicy.monitor.notes, + scheduledBy: executionPolicy.monitor.scheduledBy, + serviceName: executionPolicy.monitor.serviceName ?? null, + timeoutAt: executionPolicy.monitor.timeoutAt ?? null, + maxAttempts: executionPolicy.monitor.maxAttempts ?? null, + recoveryPolicy: executionPolicy.monitor.recoveryPolicy ?? null, + }, + }); + } + void queueIssueAssignmentWakeup({ heartbeat, issue, @@ -1921,6 +2464,65 @@ export function issueRoutes( res.status(201).json(issue); }); + router.post("/issues/:id/monitor/check-now", async (req, res) => { + const id = req.params.id as string; + const issue = await svc.getById(id); + if (!issue) { + res.status(404).json({ error: "Issue not found" }); + return; + } + assertCompanyAccess(req, issue.companyId); + assertCanManageIssueMonitor(req, issue.assigneeAgentId, true); + + const actor = getActorInfo(req); + await heartbeat.triggerIssueMonitor(issue.id, { + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId ?? null, + runId: actor.runId ?? null, + }); + + res.json({ ok: true }); + }); + + router.post("/issues/:id/scheduled-retry/retry-now", async (req, res) => { + assertBoard(req); + const id = req.params.id as string; + const issue = await svc.getById(id); + if (!issue) { + res.status(404).json({ error: "Issue not found" }); + return; + } + assertCompanyAccess(req, issue.companyId); + + const actor = getActorInfo(req); + const result = await heartbeat.retryScheduledRetryNow({ + issueId: issue.id, + actor: { + actorType: actor.actorType, + actorId: actor.actorId, + }, + }); + + await logActivity(db, { + companyId: issue.companyId, + actorType: actor.actorType, + actorId: actor.actorId, + action: "issue.scheduled_retry_retry_now", + entityType: "issue", + entityId: issue.id, + agentId: result.scheduledRetry?.agentId ?? issue.assigneeAgentId ?? null, + runId: result.scheduledRetry?.runId ?? null, + details: { + outcome: result.outcome, + message: result.message, + scheduledRetry: result.scheduledRetry, + }, + }); + + res.json(result); + }); + router.patch("/issues/:id", validate(updateIssueRouteSchema), async (req, res) => { const id = req.params.id as string; const existing = await svc.getById(id); @@ -2043,7 +2645,10 @@ export function issueRoutes( updateFields.status = "todo"; } if (req.body.executionPolicy !== undefined) { - updateFields.executionPolicy = normalizeIssueExecutionPolicy(req.body.executionPolicy); + updateFields.executionPolicy = applyActorMonitorScheduledBy( + normalizeIssueExecutionPolicy(req.body.executionPolicy), + actor.actorType, + ); } const previousExecutionPolicy = normalizeIssueExecutionPolicy(existing.executionPolicy ?? null); const nextExecutionPolicy = @@ -2053,10 +2658,13 @@ export function issueRoutes( if (normalizedAssigneeAgentId !== undefined) { updateFields.assigneeAgentId = normalizedAssigneeAgentId; } + const monitorChanged = monitorPoliciesEqual(previousExecutionPolicy, nextExecutionPolicy) === false; + assertCanManageIssueMonitor(req, existing.assigneeAgentId, req.body.executionPolicy !== undefined && monitorChanged); const transition = applyIssueExecutionPolicyTransition({ issue: existing, policy: nextExecutionPolicy, + previousPolicy: previousExecutionPolicy, requestedStatus: typeof updateFields.status === "string" ? updateFields.status : undefined, requestedAssigneePatch: { assigneeAgentId: normalizedAssigneeAgentId, @@ -2069,6 +2677,7 @@ export function issueRoutes( }, commentBody, reviewRequest: reviewRequest === undefined ? undefined : reviewRequest, + monitorExplicitlyUpdated: req.body.executionPolicy !== undefined && monitorChanged, }); const decisionId = transition.decision ? randomUUID() : null; if (decisionId) { @@ -2097,6 +2706,12 @@ export function issueRoutes( } } + await assertAgentInReviewReviewPath({ + existing, + updateFields, + actorType: req.actor.type, + }); + const nextAssigneeAgentId = updateFields.assigneeAgentId === undefined ? existing.assigneeAgentId : (updateFields.assigneeAgentId as string | null); const nextAssigneeUserId = @@ -2261,6 +2876,19 @@ export function issueRoutes( } const hasFieldChanges = Object.keys(previous).length > 0; + let workspaceChange = null; + if (hasIssueWorkspaceAuditChange(previous)) { + try { + workspaceChange = await buildIssueWorkspaceChangeActivityDetails(db, issue.companyId, existing, issue); + } catch (err) { + logger.warn({ err, issueId: issue.id }, "failed to enrich issue workspace change activity details"); + const fallbackNames = emptyWorkspaceNameMaps(); + workspaceChange = { + from: summarizeIssueWorkspaceForActivity(existing, fallbackNames), + to: summarizeIssueWorkspaceForActivity(issue, fallbackNames), + }; + } + } const reopened = commentBody && effectiveMoveToTodoRequested && @@ -2285,6 +2913,7 @@ export function issueRoutes( ...(reopened ? { reopened: true, reopenedFrom: reopenFromStatus } : {}), ...(interruptedRunId ? { interruptedRunId } : {}), ...(cancelledStatusRunId ? { cancelledStatusRunId } : {}), + ...(workspaceChange ? { workspaceChange } : {}), _previous: hasFieldChanges ? previous : undefined, ...summarizeIssueReferenceActivityDetails( updateReferenceDiff @@ -2298,6 +2927,33 @@ export function issueRoutes( }, }); + if (existing.status === "in_progress" && issue.status !== existing.status && issue.status !== "in_progress") { + await listSuccessfulRunHandoffStates(db, issue.companyId, [issue.id]) + .then(async (handoffStates) => { + const handoff = handoffStates.get(issue.id); + if (handoff?.state !== "required") return; + await logActivity(db, { + companyId: issue.companyId, + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId, + runId: actor.runId, + action: "issue.successful_run_handoff_resolved", + entityType: "issue", + entityId: issue.id, + details: { + identifier: issue.identifier, + sourceRunId: handoff.sourceRunId, + correctiveRunId: handoff.correctiveRunId, + resolvedByStatus: issue.status, + }, + }); + }) + .catch((err) => { + logger.warn({ err, issueId: issue.id }, "failed to log successful run handoff resolution"); + }); + } + if (Array.isArray(req.body.blockedByIssueIds)) { const previousBlockedByIds = new Set((existingRelations?.blockedBy ?? []).map((relation) => relation.id)); const nextBlockedByIds = new Set(req.body.blockedByIssueIds as string[]); @@ -2372,6 +3028,51 @@ export function issueRoutes( }); } + const nextStoredExecutionPolicy = normalizeIssueExecutionPolicy(issue.executionPolicy ?? null); + const previousMonitor = summarizeIssueMonitor(existing, previousExecutionPolicy); + const nextMonitor = summarizeIssueMonitor(issue, nextStoredExecutionPolicy); + const monitorScheduledChanged = previousMonitor.nextCheckAt !== nextMonitor.nextCheckAt; + if (nextMonitor.nextCheckAt && (monitorScheduledChanged || previousMonitor.notes !== nextMonitor.notes)) { + await logActivity(db, { + companyId: issue.companyId, + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId, + runId: actor.runId, + action: "issue.monitor_scheduled", + entityType: "issue", + entityId: issue.id, + details: { + identifier: issue.identifier, + nextCheckAt: nextMonitor.nextCheckAt, + previousNextCheckAt: previousMonitor.nextCheckAt, + notes: nextMonitor.notes, + scheduledBy: nextMonitor.scheduledBy, + serviceName: nextMonitor.serviceName, + timeoutAt: nextMonitor.timeoutAt, + maxAttempts: nextMonitor.maxAttempts, + recoveryPolicy: nextMonitor.recoveryPolicy, + }, + }); + } else if (!nextMonitor.nextCheckAt && previousMonitor.nextCheckAt) { + await logActivity(db, { + companyId: issue.companyId, + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId, + runId: actor.runId, + action: "issue.monitor_cleared", + entityType: "issue", + entityId: issue.id, + details: { + identifier: issue.identifier, + previousNextCheckAt: previousMonitor.nextCheckAt, + reason: nextMonitor.clearReason ?? "manual", + notes: previousMonitor.notes, + }, + }); + } + if (issue.status === "done" && existing.status !== "done") { const tc = getTelemetryClient(); if (tc && actor.agentId) { @@ -3407,6 +4108,10 @@ export function issueRoutes( } assertCompanyAccess(req, issue.companyId); if (!(await assertAgentIssueMutationAllowed(req, res, issue))) return; + if (!assertStructuredCommentFieldsAllowed(req, res, { + presentation: req.body.presentation, + metadata: req.body.metadata, + })) return; const closedExecutionWorkspace = await getClosedIssueExecutionWorkspace(issue); if (closedExecutionWorkspace) { respondClosedIssueExecutionWorkspace(res, closedExecutionWorkspace); @@ -3506,6 +4211,10 @@ export function issueRoutes( agentId: actor.agentId ?? undefined, userId: actor.actorType === "user" ? actor.actorId : undefined, runId: actor.runId, + }, { + authorType: req.body.authorType ?? (actor.actorType === "agent" ? "agent" : "user"), + presentation: req.body.presentation ?? null, + metadata: req.body.metadata ?? null, }); await issueReferencesSvc.syncComment(comment.id); const commentReferenceSummaryAfter = await issueReferencesSvc.listIssueReferenceSummary(currentIssue.id); diff --git a/server/src/routes/plugins.ts b/server/src/routes/plugins.ts index 43a6e7dd..75a206b1 100644 --- a/server/src/routes/plugins.ts +++ b/server/src/routes/plugins.ts @@ -66,6 +66,17 @@ import { getActorInfo, } from "./authz.js"; import { validateInstanceConfig } from "../services/plugin-config-validator.js"; +import { + findLocalFolderDeclaration, + getStoredLocalFolders, + inspectPluginLocalFolder, + requireLocalFolderDeclaration, + setStoredLocalFolder, +} from "../services/plugin-local-folders.js"; +import { + extractSecretRefPathsFromConfig, + PLUGIN_SECRET_REFS_DISABLED_MESSAGE, +} from "../services/plugin-secrets-handler.js"; import { badRequest, forbidden, notFound, unauthorized, unprocessable } from "../errors.js"; /** UI slot declaration extracted from plugin manifest */ @@ -1934,6 +1945,12 @@ export function pluginRoutes( } try { + const secretRefsByPath = extractSecretRefPathsFromConfig(body.configJson, schema); + if (secretRefsByPath.size > 0) { + res.status(422).json({ error: PLUGIN_SECRET_REFS_DISABLED_MESSAGE }); + return; + } + const result = await registry.upsertConfig(plugin.id, { configJson: body.configJson, }); @@ -2379,6 +2396,152 @@ export function pluginRoutes( } }); + // =========================================================================== + // Company-scoped trusted local folders + // =========================================================================== + + router.get("/plugins/:pluginId/companies/:companyId/local-folders", async (req, res) => { + assertBoardOrgAccess(req); + const { pluginId, companyId } = req.params; + assertCompanyAccess(req, companyId); + + const plugin = await resolvePlugin(registry, pluginId); + if (!plugin) { + res.status(404).json({ error: "Plugin not found" }); + return; + } + + const settings = await registry.getCompanySettings(plugin.id, companyId); + const storedFolders = getStoredLocalFolders(settings?.settingsJson); + const declarations = plugin.manifestJson.localFolders ?? []; + const folderKeys = declarations.map((declaration) => declaration.folderKey); + + const statuses = await Promise.all(folderKeys.map((folderKey) => + inspectPluginLocalFolder({ + folderKey, + declaration: findLocalFolderDeclaration(declarations, folderKey), + storedConfig: storedFolders[folderKey] ?? null, + }))); + + res.json({ + pluginId: plugin.id, + companyId, + declarations, + folders: statuses, + }); + }); + + router.get("/plugins/:pluginId/companies/:companyId/local-folders/:folderKey/status", async (req, res) => { + assertBoardOrgAccess(req); + const { pluginId, companyId, folderKey } = req.params; + assertCompanyAccess(req, companyId); + + const plugin = await resolvePlugin(registry, pluginId); + if (!plugin) { + res.status(404).json({ error: "Plugin not found" }); + return; + } + + const settings = await registry.getCompanySettings(plugin.id, companyId); + const storedFolders = getStoredLocalFolders(settings?.settingsJson); + const declarations = plugin.manifestJson.localFolders ?? []; + const declaration = requireLocalFolderDeclaration(declarations, folderKey); + const status = await inspectPluginLocalFolder({ + folderKey, + declaration, + storedConfig: storedFolders[folderKey] ?? null, + }); + res.json(status); + }); + + router.post("/plugins/:pluginId/companies/:companyId/local-folders/:folderKey/validate", async (req, res) => { + assertBoardOrgAccess(req); + const { pluginId, companyId, folderKey } = req.params; + assertCompanyAccess(req, companyId); + + const plugin = await resolvePlugin(registry, pluginId); + if (!plugin) { + res.status(404).json({ error: "Plugin not found" }); + return; + } + + const body = req.body as { + path?: unknown; + access?: "read" | "readWrite"; + requiredDirectories?: string[]; + requiredFiles?: string[]; + } | undefined; + if (typeof body?.path !== "string" || body.path.trim().length === 0) { + res.status(400).json({ error: '"path" is required and must be a non-empty string' }); + return; + } + + const declaration = requireLocalFolderDeclaration(plugin.manifestJson.localFolders ?? [], folderKey); + const status = await inspectPluginLocalFolder({ + folderKey, + declaration, + overrideConfig: { + path: body.path, + }, + }); + res.json(status); + }); + + router.put("/plugins/:pluginId/companies/:companyId/local-folders/:folderKey", async (req, res) => { + assertBoardOrgAccess(req); + const { pluginId, companyId, folderKey } = req.params; + assertCompanyAccess(req, companyId); + + const plugin = await resolvePlugin(registry, pluginId); + if (!plugin) { + res.status(404).json({ error: "Plugin not found" }); + return; + } + + const body = req.body as { + path?: unknown; + access?: "read" | "readWrite"; + requiredDirectories?: string[]; + requiredFiles?: string[]; + } | undefined; + if (typeof body?.path !== "string" || body.path.trim().length === 0) { + res.status(400).json({ error: '"path" is required and must be a non-empty string' }); + return; + } + + const existing = await registry.getCompanySettings(plugin.id, companyId); + const declaration = requireLocalFolderDeclaration(plugin.manifestJson.localFolders ?? [], folderKey); + const status = await inspectPluginLocalFolder({ + folderKey, + declaration, + storedConfig: getStoredLocalFolders(existing?.settingsJson)[folderKey] ?? null, + overrideConfig: { + path: body.path, + }, + }); + + const nextSettings = setStoredLocalFolder(existing?.settingsJson, folderKey, { + path: body.path, + access: status.access, + requiredDirectories: status.requiredDirectories, + requiredFiles: status.requiredFiles, + }); + await registry.upsertCompanySettings(plugin.id, companyId, { + enabled: existing?.enabled ?? true, + settingsJson: nextSettings, + lastError: status.healthy ? null : status.problems.map((item: { message: string }) => item.message).join("; "), + }); + await logPluginMutationActivity(req, "plugin.local_folder.configured", plugin.id, { + pluginId: plugin.id, + pluginKey: plugin.pluginKey, + companyId, + folderKey, + healthy: status.healthy, + }); + + res.json(status); + }); + // =========================================================================== // Plugin health dashboard — aggregated diagnostics for the settings page // =========================================================================== diff --git a/server/src/routes/projects.ts b/server/src/routes/projects.ts index ea9debea..eccf3f7f 100644 --- a/server/src/routes/projects.ts +++ b/server/src/routes/projects.ts @@ -142,6 +142,13 @@ export function projectRoutes(db: Db) { ); } const project = await svc.create(companyId, projectData); + if (project.env) { + await secretsSvc.syncEnvBindingsForTarget?.( + companyId, + { targetType: "project", targetId: project.id }, + project.env, + ); + } let createdWorkspaceId: string | null = null; if (workspace) { const createdWorkspace = await svc.createWorkspace(project.id, workspace); @@ -207,6 +214,13 @@ export function projectRoutes(db: Db) { res.status(404).json({ error: "Project not found" }); return; } + if (body.env !== undefined) { + await secretsSvc.syncEnvBindingsForTarget?.( + project.companyId, + { targetType: "project", targetId: project.id }, + project.env, + ); + } const actor = getActorInfo(req); await logActivity(db, { diff --git a/server/src/routes/routines.ts b/server/src/routes/routines.ts index 5bae6bdb..d5d9d35f 100644 --- a/server/src/routes/routines.ts +++ b/server/src/routes/routines.ts @@ -57,6 +57,34 @@ export function routineRoutes( return routine; } + async function logRoutineRevisionCreated(req: Request, input: { + companyId: string; + routineId: string; + revisionId: string | null; + revisionNumber: number; + changeSummary?: string | null; + triggerCount?: number | null; + }) { + if (!input.revisionId) return; + const actor = getActorInfo(req); + await logActivity(db, { + companyId: input.companyId, + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId, + runId: actor.runId, + action: "routine.revision_created", + entityType: "routine", + entityId: input.routineId, + details: { + revisionId: input.revisionId, + revisionNumber: input.revisionNumber, + changeSummary: input.changeSummary ?? null, + triggerCount: input.triggerCount ?? null, + }, + }); + } + router.get("/companies/:companyId/routines", async (req, res) => { const companyId = req.params.companyId as string; assertCompanyAccess(req, companyId); @@ -72,6 +100,7 @@ export function routineRoutes( const created = await svc.create(companyId, req.body, { agentId: req.actor.type === "agent" ? req.actor.agentId : null, userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null, + runId: req.actor.runId ?? null, }); const actor = getActorInfo(req); await logActivity(db, { @@ -89,6 +118,14 @@ export function routineRoutes( if (telemetryClient) { trackRoutineCreated(telemetryClient); } + await logRoutineRevisionCreated(req, { + companyId, + routineId: created.id, + revisionId: created.latestRevisionId, + revisionNumber: created.latestRevisionNumber, + changeSummary: "Created routine", + triggerCount: 0, + }); res.status(201).json(created); }); @@ -102,6 +139,16 @@ export function routineRoutes( res.json(detail); }); + router.get("/routines/:id/revisions", async (req, res) => { + const routine = await assertCanManageExistingRoutine(req, req.params.id as string); + if (!routine) { + res.status(404).json({ error: "Routine not found" }); + return; + } + const revisions = await svc.listRevisions(routine.id); + res.json(revisions); + }); + router.patch("/routines/:id", validate(updateRoutineSchema), async (req, res) => { const routine = await assertCanManageExistingRoutine(req, req.params.id as string); if (!routine) { @@ -131,6 +178,7 @@ export function routineRoutes( const updated = await svc.update(routine.id, req.body, { agentId: req.actor.type === "agent" ? req.actor.agentId : null, userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null, + runId: req.actor.runId ?? null, }); const actor = getActorInfo(req); await logActivity(db, { @@ -144,9 +192,52 @@ export function routineRoutes( entityId: routine.id, details: { title: updated?.title ?? routine.title }, }); + if (updated && updated.latestRevisionId !== routine.latestRevisionId) { + await logRoutineRevisionCreated(req, { + companyId: routine.companyId, + routineId: routine.id, + revisionId: updated.latestRevisionId, + revisionNumber: updated.latestRevisionNumber, + changeSummary: "Updated routine", + triggerCount: null, + }); + } res.json(updated); }); + router.post("/routines/:id/revisions/:revisionId/restore", async (req, res) => { + const routine = await assertCanManageExistingRoutine(req, req.params.id as string); + if (!routine) { + res.status(404).json({ error: "Routine not found" }); + return; + } + await assertBoardCanAssignTasks(req, routine.companyId); + const result = await svc.restoreRevision(routine.id, req.params.revisionId as string, { + agentId: req.actor.type === "agent" ? req.actor.agentId : null, + userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null, + runId: req.actor.runId ?? null, + }); + const actor = getActorInfo(req); + await logActivity(db, { + companyId: routine.companyId, + actorType: actor.actorType, + actorId: actor.actorId, + agentId: actor.agentId, + runId: actor.runId, + action: "routine.revision_restored", + entityType: "routine", + entityId: routine.id, + details: { + revisionId: result.revision.id, + revisionNumber: result.revision.revisionNumber, + restoredFromRevisionId: result.restoredFromRevisionId, + restoredFromRevisionNumber: result.restoredFromRevisionNumber, + triggerCount: result.revision.snapshot.triggers.length, + }, + }); + res.json(result); + }); + router.get("/routines/:id/runs", async (req, res) => { const routine = await svc.get(req.params.id as string); if (!routine) { @@ -169,6 +260,7 @@ export function routineRoutes( const created = await svc.createTrigger(routine.id, req.body, { agentId: req.actor.type === "agent" ? req.actor.agentId : null, userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null, + runId: req.actor.runId ?? null, }); const actor = getActorInfo(req); await logActivity(db, { @@ -182,6 +274,14 @@ export function routineRoutes( entityId: created.trigger.id, details: { routineId: routine.id, kind: created.trigger.kind }, }); + await logRoutineRevisionCreated(req, { + companyId: routine.companyId, + routineId: routine.id, + revisionId: created.revision.id, + revisionNumber: created.revision.revisionNumber, + changeSummary: created.revision.changeSummary, + triggerCount: created.revision.snapshot.triggers.length, + }); res.status(201).json(created); }); @@ -200,6 +300,7 @@ export function routineRoutes( const updated = await svc.updateTrigger(trigger.id, req.body, { agentId: req.actor.type === "agent" ? req.actor.agentId : null, userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null, + runId: req.actor.runId ?? null, }); const actor = getActorInfo(req); await logActivity(db, { @@ -211,9 +312,19 @@ export function routineRoutes( action: "routine.trigger_updated", entityType: "routine_trigger", entityId: trigger.id, - details: { routineId: routine.id, kind: updated?.kind ?? trigger.kind }, + details: { routineId: routine.id, kind: updated?.trigger.kind ?? trigger.kind }, }); - res.json(updated); + if (updated) { + await logRoutineRevisionCreated(req, { + companyId: routine.companyId, + routineId: routine.id, + revisionId: updated.revision.id, + revisionNumber: updated.revision.revisionNumber, + changeSummary: updated.revision.changeSummary, + triggerCount: updated.revision.snapshot.triggers.length, + }); + } + res.json(updated?.trigger ?? null); }); router.delete("/routine-triggers/:id", async (req, res) => { @@ -227,7 +338,11 @@ export function routineRoutes( res.status(404).json({ error: "Routine not found" }); return; } - await svc.deleteTrigger(trigger.id); + const deleted = await svc.deleteTrigger(trigger.id, { + agentId: req.actor.type === "agent" ? req.actor.agentId : null, + userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null, + runId: req.actor.runId ?? null, + }); const actor = getActorInfo(req); await logActivity(db, { companyId: routine.companyId, @@ -240,6 +355,16 @@ export function routineRoutes( entityId: trigger.id, details: { routineId: routine.id, kind: trigger.kind }, }); + if (deleted.revision) { + await logRoutineRevisionCreated(req, { + companyId: routine.companyId, + routineId: routine.id, + revisionId: deleted.revision.id, + revisionNumber: deleted.revision.revisionNumber, + changeSummary: deleted.revision.changeSummary, + triggerCount: deleted.revision.snapshot.triggers.length, + }); + } res.status(204).end(); }); @@ -260,6 +385,7 @@ export function routineRoutes( const rotated = await svc.rotateTriggerSecret(trigger.id, { agentId: req.actor.type === "agent" ? req.actor.agentId : null, userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null, + runId: req.actor.runId ?? null, }); const actor = getActorInfo(req); await logActivity(db, { @@ -273,6 +399,14 @@ export function routineRoutes( entityId: trigger.id, details: { routineId: routine.id }, }); + await logRoutineRevisionCreated(req, { + companyId: routine.companyId, + routineId: routine.id, + revisionId: rotated.revision.id, + revisionNumber: rotated.revision.revisionNumber, + changeSummary: rotated.revision.changeSummary, + triggerCount: rotated.revision.snapshot.triggers.length, + }); res.json(rotated); }, ); diff --git a/server/src/routes/secrets.ts b/server/src/routes/secrets.ts index 862851fe..35c6a48b 100644 --- a/server/src/routes/secrets.ts +++ b/server/src/routes/secrets.ts @@ -1,25 +1,23 @@ import { Router } from "express"; import type { Db } from "@paperclipai/db"; import { - SECRET_PROVIDERS, - type SecretProvider, + createSecretProviderConfigSchema, createSecretSchema, + remoteSecretImportPreviewSchema, + remoteSecretImportSchema, rotateSecretSchema, + updateSecretProviderConfigSchema, updateSecretSchema, } from "@paperclipai/shared"; import { validate } from "../middleware/validate.js"; import { assertBoard, assertCompanyAccess } from "./authz.js"; import { logActivity, secretService } from "../services/index.js"; +import { getConfiguredSecretProvider } from "../secrets/configured-provider.js"; export function secretRoutes(db: Db) { const router = Router(); const svc = secretService(db); - const configuredDefaultProvider = process.env.PAPERCLIP_SECRETS_PROVIDER; - const defaultProvider = ( - configuredDefaultProvider && SECRET_PROVIDERS.includes(configuredDefaultProvider as SecretProvider) - ? configuredDefaultProvider - : "local_encrypted" - ) as SecretProvider; + const defaultProvider = getConfiguredSecretProvider(); router.get("/companies/:companyId/secret-providers", (req, res) => { assertBoard(req); @@ -28,6 +26,205 @@ export function secretRoutes(db: Db) { res.json(svc.listProviders()); }); + router.get("/companies/:companyId/secret-providers/health", async (req, res) => { + assertBoard(req); + const companyId = req.params.companyId as string; + assertCompanyAccess(req, companyId); + const checks = await svc.checkProviders(); + res.json({ providers: checks }); + }); + + router.get("/companies/:companyId/secret-provider-configs", async (req, res) => { + assertBoard(req); + const companyId = req.params.companyId as string; + assertCompanyAccess(req, companyId); + res.json(await svc.listProviderConfigs(companyId)); + }); + + router.post("/companies/:companyId/secret-provider-configs", validate(createSecretProviderConfigSchema), async (req, res) => { + assertBoard(req); + const companyId = req.params.companyId as string; + assertCompanyAccess(req, companyId); + + const created = await svc.createProviderConfig( + companyId, + { + provider: req.body.provider, + displayName: req.body.displayName, + status: req.body.status, + isDefault: req.body.isDefault, + config: req.body.config, + }, + { userId: req.actor.userId ?? "board", agentId: null }, + ); + + await logActivity(db, { + companyId, + actorType: "user", + actorId: req.actor.userId ?? "board", + action: "secret_provider_config.created", + entityType: "secret_provider_config", + entityId: created.id, + details: { + provider: created.provider, + displayName: created.displayName, + status: created.status, + isDefault: created.isDefault, + }, + }); + + res.status(201).json(created); + }); + + router.get("/secret-provider-configs/:id", async (req, res) => { + assertBoard(req); + const existing = await svc.getProviderConfigById(req.params.id as string); + if (!existing) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + assertCompanyAccess(req, existing.companyId); + res.json(existing); + }); + + router.patch("/secret-provider-configs/:id", validate(updateSecretProviderConfigSchema), async (req, res) => { + assertBoard(req); + const id = req.params.id as string; + const existing = await svc.getProviderConfigById(id); + if (!existing) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + assertCompanyAccess(req, existing.companyId); + + const updated = await svc.updateProviderConfig(id, { + displayName: req.body.displayName, + status: req.body.status, + isDefault: req.body.isDefault, + config: req.body.config, + }); + if (!updated) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + + await logActivity(db, { + companyId: updated.companyId, + actorType: "user", + actorId: req.actor.userId ?? "board", + action: "secret_provider_config.updated", + entityType: "secret_provider_config", + entityId: updated.id, + details: { + provider: updated.provider, + displayName: updated.displayName, + status: updated.status, + isDefault: updated.isDefault, + }, + }); + + res.json(updated); + }); + + router.delete("/secret-provider-configs/:id", async (req, res) => { + assertBoard(req); + const id = req.params.id as string; + const existing = await svc.getProviderConfigById(id); + if (!existing) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + assertCompanyAccess(req, existing.companyId); + + const disabled = await svc.disableProviderConfig(id); + if (!disabled) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + + await logActivity(db, { + companyId: disabled.companyId, + actorType: "user", + actorId: req.actor.userId ?? "board", + action: "secret_provider_config.disabled", + entityType: "secret_provider_config", + entityId: disabled.id, + details: { + provider: disabled.provider, + displayName: disabled.displayName, + status: disabled.status, + }, + }); + + res.json(disabled); + }); + + router.post("/secret-provider-configs/:id/default", async (req, res) => { + assertBoard(req); + const id = req.params.id as string; + const existing = await svc.getProviderConfigById(id); + if (!existing) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + assertCompanyAccess(req, existing.companyId); + + const updated = await svc.setDefaultProviderConfig(id); + if (!updated) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + + await logActivity(db, { + companyId: updated.companyId, + actorType: "user", + actorId: req.actor.userId ?? "board", + action: "secret_provider_config.default_set", + entityType: "secret_provider_config", + entityId: updated.id, + details: { + provider: updated.provider, + displayName: updated.displayName, + isDefault: updated.isDefault, + }, + }); + + res.json(updated); + }); + + router.post("/secret-provider-configs/:id/health", async (req, res) => { + assertBoard(req); + const id = req.params.id as string; + const existing = await svc.getProviderConfigById(id); + if (!existing) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + assertCompanyAccess(req, existing.companyId); + + const health = await svc.checkProviderConfigHealth(id); + if (!health) { + res.status(404).json({ error: "Provider vault not found" }); + return; + } + + await logActivity(db, { + companyId: existing.companyId, + actorType: "user", + actorId: req.actor.userId ?? "board", + action: "secret_provider_config.health_checked", + entityType: "secret_provider_config", + entityId: existing.id, + details: { + provider: existing.provider, + status: health.status, + code: health.details.code, + }, + }); + + res.json(health); + }); + router.get("/companies/:companyId/secrets", async (req, res) => { assertBoard(req); const companyId = req.params.companyId as string; @@ -45,10 +242,15 @@ export function secretRoutes(db: Db) { companyId, { name: req.body.name, + key: req.body.key, provider: req.body.provider ?? defaultProvider, + providerConfigId: req.body.providerConfigId, + managedMode: req.body.managedMode, value: req.body.value, description: req.body.description, externalRef: req.body.externalRef, + providerVersionRef: req.body.providerVersionRef, + providerMetadata: req.body.providerMetadata, }, { userId: req.actor.userId ?? "board", agentId: null }, ); @@ -66,6 +268,77 @@ export function secretRoutes(db: Db) { res.status(201).json(created); }); + router.post( + "/companies/:companyId/secrets/remote-import/preview", + validate(remoteSecretImportPreviewSchema), + async (req, res) => { + assertBoard(req); + const companyId = req.params.companyId as string; + assertCompanyAccess(req, companyId); + + const preview = await svc.previewRemoteImport(companyId, { + providerConfigId: req.body.providerConfigId, + query: req.body.query, + nextToken: req.body.nextToken, + pageSize: req.body.pageSize, + }); + + await logActivity(db, { + companyId, + actorType: "user", + actorId: req.actor.userId ?? "board", + action: "secret.remote_import.previewed", + entityType: "secret_provider_config", + entityId: preview.providerConfigId, + details: { + provider: preview.provider, + candidateCount: preview.candidates.length, + readyCount: preview.candidates.filter((candidate) => candidate.status === "ready").length, + duplicateCount: preview.candidates.filter((candidate) => candidate.status === "duplicate").length, + conflictCount: preview.candidates.filter((candidate) => candidate.status === "conflict").length, + }, + }); + + res.json(preview); + }, + ); + + router.post( + "/companies/:companyId/secrets/remote-import", + validate(remoteSecretImportSchema), + async (req, res) => { + assertBoard(req); + const companyId = req.params.companyId as string; + assertCompanyAccess(req, companyId); + + const result = await svc.importRemoteSecrets( + companyId, + { + providerConfigId: req.body.providerConfigId, + secrets: req.body.secrets, + }, + { userId: req.actor.userId ?? "board", agentId: null }, + ); + + await logActivity(db, { + companyId, + actorType: "user", + actorId: req.actor.userId ?? "board", + action: "secret.remote_import.completed", + entityType: "secret_provider_config", + entityId: result.providerConfigId, + details: { + provider: result.provider, + importedCount: result.importedCount, + skippedCount: result.skippedCount, + errorCount: result.errorCount, + }, + }); + + res.json(result); + }, + ); + router.post("/secrets/:id/rotate", validate(rotateSecretSchema), async (req, res) => { assertBoard(req); const id = req.params.id as string; @@ -75,12 +348,18 @@ export function secretRoutes(db: Db) { return; } assertCompanyAccess(req, existing.companyId); + if (existing.status === "deleted") { + res.status(404).json({ error: "Secret not found" }); + return; + } const rotated = await svc.rotate( id, { value: req.body.value, externalRef: req.body.externalRef, + providerVersionRef: req.body.providerVersionRef, + providerConfigId: req.body.providerConfigId, }, { userId: req.actor.userId ?? "board", agentId: null }, ); @@ -107,11 +386,19 @@ export function secretRoutes(db: Db) { return; } assertCompanyAccess(req, existing.companyId); + if (existing.status === "deleted") { + res.status(404).json({ error: "Secret not found" }); + return; + } const updated = await svc.update(id, { name: req.body.name, + key: req.body.key, + status: req.body.status, + providerConfigId: req.body.providerConfigId, description: req.body.description, externalRef: req.body.externalRef, + providerMetadata: req.body.providerMetadata, }); if (!updated) { @@ -145,6 +432,32 @@ export function secretRoutes(db: Db) { res.json({ agents: used.agents, skills: used.skills }); }); + router.get("/secrets/:id/usage", async (req, res) => { + assertBoard(req); + const id = req.params.id as string; + const existing = await svc.getById(id); + if (!existing) { + res.status(404).json({ error: "Secret not found" }); + return; + } + assertCompanyAccess(req, existing.companyId); + const bindings = await svc.listBindingReferences(existing.companyId, existing.id); + res.json({ secretId: existing.id, bindings }); + }); + + router.get("/secrets/:id/access-events", async (req, res) => { + assertBoard(req); + const id = req.params.id as string; + const existing = await svc.getById(id); + if (!existing) { + res.status(404).json({ error: "Secret not found" }); + return; + } + assertCompanyAccess(req, existing.companyId); + const events = await svc.listAccessEvents(existing.companyId, existing.id); + res.json(events); + }); + router.delete("/secrets/:id", async (req, res) => { assertBoard(req); const id = req.params.id as string; diff --git a/server/src/secrets/aws-secrets-manager-provider.ts b/server/src/secrets/aws-secrets-manager-provider.ts new file mode 100644 index 00000000..8c638594 --- /dev/null +++ b/server/src/secrets/aws-secrets-manager-provider.ts @@ -0,0 +1,1053 @@ +import { createHash, createHmac } from "node:crypto"; +import { S3Client } from "@aws-sdk/client-s3"; +import type { DeploymentMode } from "@paperclipai/shared"; +import { unprocessable } from "../errors.js"; +import type { + PreparedSecretVersion, + RemoteSecretListResult, + SecretProviderClientErrorCode, + SecretProviderHealthCheck, + SecretProviderModule, + SecretProviderValidationResult, + SecretProviderVaultRuntimeConfig, + SecretProviderWriteContext, + StoredSecretVersionMaterial, +} from "./types.js"; +import { SecretProviderClientError } from "./types.js"; + +const AWS_SECRETS_MANAGER_SCHEME = "aws_secrets_manager_v1"; +const DEFAULT_PREFIX = "paperclip"; +const DEFAULT_OWNER_TAG = "paperclip"; +const DEFAULT_VERSION_STAGE = "AWSCURRENT"; +const PAPERCLIP_PENDING_VERSION_STAGE = "PAPERCLIP_PENDING"; +const DEFAULT_DELETE_RECOVERY_WINDOW_DAYS = 30; +const AWS_SECRETS_MANAGER_REQUEST_TIMEOUT_MS = 30_000; +const AWS_CREDENTIAL_CACHE_TTL_MS = 5 * 60_000; +const AWS_CREDENTIAL_EXPIRATION_SKEW_MS = 60_000; +const AWS_RUNTIME_CREDENTIAL_WARNING = + "AWS bootstrap credentials must be available to the Paperclip server runtime through the AWS SDK default credential provider chain: IAM role/workload identity, AWS_PROFILE/SSO/shared credentials, web identity, container/instance metadata, or short-lived shell credentials."; +const AWS_CREDENTIAL_CUSTODY_WARNING = + "Do not store AWS root credentials or long-lived IAM user access keys in Paperclip company_secrets; the AWS provider bootstrap belongs in deployment infrastructure, the process environment, an AWS profile, or the orchestrator secret store."; + +interface AwsSecretsManagerMaterial extends StoredSecretVersionMaterial { + scheme: typeof AWS_SECRETS_MANAGER_SCHEME; + secretId: string; + versionId: string | null; + source: "managed" | "external_reference"; +} + +interface AwsSecretsManagerConfig { + region: string; + endpoint: string; + deploymentId: string; + prefix: string; + kmsKeyId: string | null; + environmentTag: string; + providerOwnerTag: string; + deleteRecoveryWindowDays: number; +} + +interface AwsSecretsManagerTag { + Key: string; + Value: string; +} + +interface AwsSecretsManagerListSecretEntry { + ARN?: string; + Name?: string; + Description?: string; + KmsKeyId?: string; + CreatedDate?: string | number | Date; + LastAccessedDate?: string | number | Date; + LastChangedDate?: string | number | Date; + DeletedDate?: string | number | Date; + Tags?: AwsSecretsManagerTag[]; +} + +interface AwsCredentialIdentity { + accessKeyId: string; + secretAccessKey: string; + sessionToken?: string; +} + +interface CachedAwsCredentialProvider { + client: S3Client; + credentials: AwsCredentialIdentity | null; + expiresAt: number; + pending: Promise | null; +} + +type ManagedSecretNamespaceContext = Pick; + +const awsCredentialProviders = new Map(); + +interface AwsSecretsManagerGateway { + createSecret(input: { + Name: string; + SecretString: string; + KmsKeyId?: string; + Description?: string; + Tags: AwsSecretsManagerTag[]; + }): Promise<{ + ARN?: string; + Name?: string; + VersionId?: string; + }>; + putSecretValue(input: { + SecretId: string; + SecretString: string; + VersionStages?: string[]; + }): Promise<{ + ARN?: string; + Name?: string; + VersionId?: string; + }>; + getSecretValue(input: { + SecretId: string; + VersionId?: string; + VersionStage?: string; + }): Promise<{ + SecretString?: string; + ARN?: string; + Name?: string; + VersionId?: string; + }>; + deleteSecret(input: { + SecretId: string; + RecoveryWindowInDays: number; + }): Promise; + updateSecretVersionStage?(input: { + SecretId: string; + VersionStage: string; + RemoveFromVersionId?: string; + MoveToVersionId?: string; + }): Promise; + listSecrets?(input: { + MaxResults?: number; + NextToken?: string; + Filters?: Array<{ + Key: "all" | "name" | "description" | "tag-key" | "tag-value" | "primary-region" | "owning-service"; + Values: string[]; + }>; + IncludePlannedDeletion?: boolean; + }): Promise<{ + SecretList?: AwsSecretsManagerListSecretEntry[]; + NextToken?: string; + }>; +} + +function sha256Hex(value: string): string { + return createHash("sha256").update(value).digest("hex"); +} + +function hmac(key: string | Buffer, value: string) { + return createHmac("sha256", key).update(value).digest(); +} + +function awsDateParts(now = new Date()) { + const iso = now.toISOString().replace(/[:-]|\.\d{3}/g, ""); + return { + amzDate: iso, + dateStamp: iso.slice(0, 8), + }; +} + +function canonicalHeaderValue(value: string) { + return value.trim().replace(/\s+/g, " "); +} + +function signAwsSecretsManagerRequest(input: { + endpoint: URL; + region: string; + operation: string; + body: string; + credentials: AwsCredentialIdentity; +}) { + const { amzDate, dateStamp } = awsDateParts(); + const payloadHash = sha256Hex(input.body); + const headers: Record = { + "content-type": "application/x-amz-json-1.1", + host: input.endpoint.host, + "x-amz-content-sha256": payloadHash, + "x-amz-date": amzDate, + "x-amz-target": `secretsmanager.${input.operation}`, + }; + if (input.credentials.sessionToken) { + headers["x-amz-security-token"] = input.credentials.sessionToken; + } + + const sortedHeaderNames = Object.keys(headers).sort(); + const canonicalHeaders = sortedHeaderNames + .map((name) => `${name}:${canonicalHeaderValue(headers[name] ?? "")}\n`) + .join(""); + const signedHeaders = sortedHeaderNames.join(";"); + const canonicalRequest = [ + "POST", + input.endpoint.pathname || "/", + "", + canonicalHeaders, + signedHeaders, + payloadHash, + ].join("\n"); + const credentialScope = `${dateStamp}/${input.region}/secretsmanager/aws4_request`; + const stringToSign = [ + "AWS4-HMAC-SHA256", + amzDate, + credentialScope, + sha256Hex(canonicalRequest), + ].join("\n"); + const dateKey = hmac(`AWS4${input.credentials.secretAccessKey}`, dateStamp); + const regionKey = hmac(dateKey, input.region); + const serviceKey = hmac(regionKey, "secretsmanager"); + const signingKey = hmac(serviceKey, "aws4_request"); + const signature = createHmac("sha256", signingKey).update(stringToSign).digest("hex"); + + return { + ...headers, + authorization: + `AWS4-HMAC-SHA256 Credential=${input.credentials.accessKeyId}/${credentialScope}, ` + + `SignedHeaders=${signedHeaders}, Signature=${signature}`, + }; +} + +async function loadAwsCredentials(region: string): Promise { + const now = Date.now(); + let cached = awsCredentialProviders.get(region); + if (!cached) { + // S3Client is only used as a carrier for the AWS SDK default credential provider chain. + // No S3 API calls are made here; switch to defaultProvider({ region }) if we add that dependency. + cached = { + client: new S3Client({ region }), + credentials: null, + expiresAt: 0, + pending: null, + }; + awsCredentialProviders.set(region, cached); + } + + if (cached.credentials && cached.expiresAt > now) return cached.credentials; + if (cached.pending) return cached.pending; + + cached.pending = (async () => { + const credentialSource = cached.client.config.credentials; + const credentials = typeof credentialSource === "function" + ? await credentialSource() + : await credentialSource; + if (!credentials?.accessKeyId || !credentials.secretAccessKey) { + throw new Error("AWS SDK default credential provider chain did not return credentials"); + } + const resolved = { + accessKeyId: credentials.accessKeyId, + secretAccessKey: credentials.secretAccessKey, + sessionToken: credentials.sessionToken, + }; + const expiration = (credentials as { expiration?: Date }).expiration?.getTime(); + cached.credentials = resolved; + cached.expiresAt = Math.min( + now + AWS_CREDENTIAL_CACHE_TTL_MS, + expiration ? expiration - AWS_CREDENTIAL_EXPIRATION_SKEW_MS : Number.POSITIVE_INFINITY, + ); + return resolved; + })().finally(() => { + if (cached) cached.pending = null; + }); + + return cached.pending; +} + +function configuredAwsSecretsManagerDescriptor() { + return { + id: "aws_secrets_manager" as const, + label: "AWS Secrets Manager", + requiresExternalRef: false, + supportsManagedValues: true, + supportsExternalReferences: true, + configured: canLoadAwsSecretsManagerConfig(), + }; +} + +function canLoadAwsSecretsManagerConfig() { + return getAwsConfigReadiness().missingConfig.length === 0; +} + +function asOptionalNonEmptyString(value: unknown): string | null { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function readProviderVaultConfig(input: SecretProviderVaultRuntimeConfig): AwsSecretsManagerConfig { + if (input.provider !== "aws_secrets_manager") { + throw unprocessable("AWS Secrets Manager provider received a mismatched provider vault"); + } + if (input.status === "disabled") { + throw unprocessable("AWS Secrets Manager provider vault is disabled"); + } + if (input.status === "coming_soon") { + throw unprocessable("AWS Secrets Manager provider vault runtime is locked while coming soon"); + } + const region = asOptionalNonEmptyString(input.config.region); + if (!region) { + throw unprocessable("AWS Secrets Manager provider vault requires non-secret config: region"); + } + const recoveryWindowRaw = process.env.PAPERCLIP_SECRETS_AWS_DELETE_RECOVERY_DAYS?.trim(); + const recoveryWindow = recoveryWindowRaw ? Number(recoveryWindowRaw) : DEFAULT_DELETE_RECOVERY_WINDOW_DAYS; + if (!Number.isFinite(recoveryWindow) || recoveryWindow < 7 || recoveryWindow > 30) { + throw unprocessable( + "PAPERCLIP_SECRETS_AWS_DELETE_RECOVERY_DAYS must be an integer between 7 and 30", + ); + } + + return { + region, + endpoint: + process.env.PAPERCLIP_SECRETS_AWS_ENDPOINT?.trim() || + `https://secretsmanager.${region}.amazonaws.com`, + deploymentId: sanitizePathSegment( + asOptionalNonEmptyString(input.config.namespace) ?? input.id, + ), + prefix: sanitizePathSegment( + asOptionalNonEmptyString(input.config.secretNamePrefix) || DEFAULT_PREFIX, + ), + kmsKeyId: asOptionalNonEmptyString(input.config.kmsKeyId), + environmentTag: + asOptionalNonEmptyString(input.config.environmentTag) || + process.env.NODE_ENV?.trim() || + "unknown", + providerOwnerTag: + asOptionalNonEmptyString(input.config.ownerTag) || DEFAULT_OWNER_TAG, + deleteRecoveryWindowDays: recoveryWindow, + }; +} + +function getAwsConfigReadiness() { + const region = ( + process.env.PAPERCLIP_SECRETS_AWS_REGION ?? + process.env.AWS_REGION ?? + process.env.AWS_DEFAULT_REGION + )?.trim(); + const deploymentId = process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID?.trim(); + const kmsKeyId = process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID?.trim(); + const missingConfig: string[] = []; + + if (!region) { + missingConfig.push("PAPERCLIP_SECRETS_AWS_REGION or AWS_REGION/AWS_DEFAULT_REGION"); + } + if (!deploymentId) { + missingConfig.push("PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID"); + } + if (!kmsKeyId) { + missingConfig.push("PAPERCLIP_SECRETS_AWS_KMS_KEY_ID"); + } + + return { + missingConfig, + region: region || null, + deploymentId: deploymentId || null, + kmsKeyConfigured: Boolean(kmsKeyId), + credentialSources: describeDetectedAwsCredentialSources(), + }; +} + +function describeDetectedAwsCredentialSources() { + const sources: string[] = []; + if (process.env.AWS_PROFILE?.trim()) sources.push("AWS_PROFILE/shared config"); + if (process.env.AWS_ACCESS_KEY_ID?.trim() && process.env.AWS_SECRET_ACCESS_KEY?.trim()) { + sources.push("temporary AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY environment credentials"); + } + if (process.env.AWS_WEB_IDENTITY_TOKEN_FILE?.trim() && process.env.AWS_ROLE_ARN?.trim()) { + sources.push("AWS web identity token"); + } + if ( + process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI?.trim() || + process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI?.trim() + ) { + sources.push("AWS container credentials endpoint"); + } + if (process.env.AWS_SHARED_CREDENTIALS_FILE?.trim() || process.env.AWS_CONFIG_FILE?.trim()) { + sources.push("custom AWS shared credentials/config file"); + } + return sources; +} + +function loadAwsSecretsManagerConfig(): AwsSecretsManagerConfig { + const readiness = getAwsConfigReadiness(); + const region = + process.env.PAPERCLIP_SECRETS_AWS_REGION?.trim() || + process.env.AWS_REGION?.trim() || + process.env.AWS_DEFAULT_REGION?.trim(); + const deploymentId = process.env.PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID?.trim(); + const kmsKeyId = process.env.PAPERCLIP_SECRETS_AWS_KMS_KEY_ID?.trim(); + + if (readiness.missingConfig.length > 0) { + throw unprocessable( + `AWS Secrets Manager provider requires non-secret config: ${readiness.missingConfig.join(", ")}`, + ); + } + if (!region) { + throw unprocessable( + "AWS Secrets Manager provider requires PAPERCLIP_SECRETS_AWS_REGION or AWS_REGION", + ); + } + if (!deploymentId) { + throw unprocessable( + "AWS Secrets Manager provider requires PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID", + ); + } + if (!kmsKeyId) { + throw unprocessable( + "AWS Secrets Manager provider requires PAPERCLIP_SECRETS_AWS_KMS_KEY_ID", + ); + } + + const recoveryWindowRaw = process.env.PAPERCLIP_SECRETS_AWS_DELETE_RECOVERY_DAYS?.trim(); + const recoveryWindow = recoveryWindowRaw ? Number(recoveryWindowRaw) : DEFAULT_DELETE_RECOVERY_WINDOW_DAYS; + if (!Number.isFinite(recoveryWindow) || recoveryWindow < 7 || recoveryWindow > 30) { + throw unprocessable( + "PAPERCLIP_SECRETS_AWS_DELETE_RECOVERY_DAYS must be an integer between 7 and 30", + ); + } + + return { + region, + endpoint: + process.env.PAPERCLIP_SECRETS_AWS_ENDPOINT?.trim() || + `https://secretsmanager.${region}.amazonaws.com`, + deploymentId, + prefix: sanitizePathSegment(process.env.PAPERCLIP_SECRETS_AWS_PREFIX?.trim() || DEFAULT_PREFIX), + kmsKeyId, + environmentTag: + process.env.PAPERCLIP_SECRETS_AWS_ENVIRONMENT?.trim() || + process.env.NODE_ENV?.trim() || + "unknown", + providerOwnerTag: + process.env.PAPERCLIP_SECRETS_AWS_PROVIDER_OWNER?.trim() || DEFAULT_OWNER_TAG, + deleteRecoveryWindowDays: recoveryWindow, + }; +} + +function sanitizePathSegment(input: string) { + return input + .trim() + .replace(/[^A-Za-z0-9/_+=.@-]+/g, "-") + .replace(/\/+/g, "/") + .replace(/^\/+|\/+$/g, ""); +} + +function buildManagedSecretName( + config: AwsSecretsManagerConfig, + context: ManagedSecretNamespaceContext | undefined, +) { + if (!context) { + throw unprocessable("AWS Secrets Manager provider requires secret context for managed values"); + } + return [ + sanitizePathSegment(config.prefix), + sanitizePathSegment(config.deploymentId), + sanitizePathSegment(context.companyId), + sanitizePathSegment(context.secretKey), + ] + .filter(Boolean) + .join("/"); +} + +function buildManagedSecretId( + config: AwsSecretsManagerConfig, + context: ManagedSecretNamespaceContext | undefined, +) { + return buildManagedSecretName(config, context); +} + +function escapeRegExp(value: string) { + return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); +} + +function extractAwsSecretName(externalRef: string) { + const trimmed = externalRef.trim(); + const arnMatch = /^arn:[^:]+:secretsmanager:[^:]*:[^:]*:secret:(.+)$/i.exec(trimmed); + return arnMatch?.[1] ?? trimmed; +} + +function isManagedSecretRefForContext( + config: AwsSecretsManagerConfig, + context: ManagedSecretNamespaceContext | undefined, + externalRef: string | null | undefined, +) { + if (!externalRef?.trim()) return false; + const expectedName = buildManagedSecretName(config, context); + const actualName = extractAwsSecretName(externalRef); + return new RegExp(`^${escapeRegExp(expectedName)}(?:-[A-Za-z0-9]{6})?$`).test(actualName); +} + +function isManagedSecretNamespaceRef( + config: AwsSecretsManagerConfig, + externalRef: string | null | undefined, +) { + if (!externalRef?.trim()) return false; + const namespacePrefix = [ + sanitizePathSegment(config.prefix), + sanitizePathSegment(config.deploymentId), + ] + .filter(Boolean) + .join("/"); + if (!namespacePrefix) return false; + const actualName = extractAwsSecretName(externalRef); + return actualName === namespacePrefix || actualName.startsWith(`${namespacePrefix}/`); +} + +function assertNotManagedNamespaceExternalRef( + config: AwsSecretsManagerConfig, + externalRef: string, +) { + if (!isManagedSecretNamespaceRef(config, externalRef)) return; + throw unprocessable( + "AWS Paperclip-managed namespace secrets cannot be imported as external references", + ); +} + +function resolveManagedSecretRef(input: { + config: AwsSecretsManagerConfig; + context: ManagedSecretNamespaceContext | undefined; + externalRefs: Array; +}) { + let sawNonEmptyExternalRef = false; + for (const externalRef of input.externalRefs) { + if (externalRef?.trim()) { + sawNonEmptyExternalRef = true; + } + if (externalRef?.trim() && isManagedSecretRefForContext(input.config, input.context, externalRef)) { + return externalRef.trim(); + } + } + if (sawNonEmptyExternalRef) { + throw unprocessable( + "AWS Secrets Manager managed secret ref drifted outside the derived deployment/company scope", + ); + } + return buildManagedSecretId(input.config, input.context); +} + +function buildManagedSecretTags( + config: AwsSecretsManagerConfig, + context: SecretProviderWriteContext | undefined, +): AwsSecretsManagerTag[] { + if (!context) return []; + return [ + { Key: "paperclip:managed-by", Value: "paperclip" }, + { Key: "paperclip:provider-owner", Value: config.providerOwnerTag }, + { Key: "paperclip:deployment-id", Value: config.deploymentId }, + { Key: "paperclip:company-id", Value: context.companyId }, + { Key: "paperclip:secret-key", Value: context.secretKey }, + { Key: "paperclip:environment", Value: config.environmentTag }, + ]; +} + +function createExternalReferenceMaterial( + externalRef: string, + providerVersionRef: string | null, +): PreparedSecretVersion { + const normalizedExternalRef = externalRef.trim(); + const normalizedProviderVersionRef = providerVersionRef?.trim() || null; + const fingerprint = sha256Hex( + `${AWS_SECRETS_MANAGER_SCHEME}:${normalizedExternalRef}:${normalizedProviderVersionRef ?? ""}`, + ); + return { + material: { + scheme: AWS_SECRETS_MANAGER_SCHEME, + secretId: normalizedExternalRef, + versionId: normalizedProviderVersionRef, + source: "external_reference", + }, + valueSha256: fingerprint, + fingerprintSha256: fingerprint, + externalRef: normalizedExternalRef, + providerVersionRef: normalizedProviderVersionRef, + }; +} + +function createManagedMaterial(secretId: string, versionId: string | null): AwsSecretsManagerMaterial { + return { + scheme: AWS_SECRETS_MANAGER_SCHEME, + secretId, + versionId, + source: "managed", + }; +} + +function serializeAwsDate(value: string | number | Date | undefined): string | null { + if (value === undefined) return null; + const date = value instanceof Date ? value : new Date(value); + return Number.isNaN(date.getTime()) ? null : date.toISOString(); +} + +function createRemoteSecretMetadata(entry: AwsSecretsManagerListSecretEntry): Record { + return { + createdDate: serializeAwsDate(entry.CreatedDate), + lastAccessedDate: serializeAwsDate(entry.LastAccessedDate), + lastChangedDate: serializeAwsDate(entry.LastChangedDate), + deletedDate: serializeAwsDate(entry.DeletedDate), + hasDescription: Boolean(entry.Description), + hasKmsKey: Boolean(entry.KmsKeyId), + tagCount: Array.isArray(entry.Tags) ? entry.Tags.length : 0, + }; +} + +function asAwsSecretsManagerMaterial(value: StoredSecretVersionMaterial): AwsSecretsManagerMaterial { + if ( + value && + typeof value === "object" && + value.scheme === AWS_SECRETS_MANAGER_SCHEME && + typeof value.secretId === "string" && + (typeof value.versionId === "string" || value.versionId === null) && + (value.source === "managed" || value.source === "external_reference") + ) { + return value as AwsSecretsManagerMaterial; + } + throw unprocessable("Invalid AWS Secrets Manager material"); +} + +function classifyAwsProviderError(message: string): SecretProviderClientErrorCode { + if (/ResourceExistsException|AlreadyExists/i.test(message)) return "conflict"; + if (/ResourceNotFoundException|NotFound/i.test(message)) return "not_found"; + if (/AccessDeniedException|AccessDenied|UnrecognizedClientException|InvalidClientTokenId|not authorized/i.test(message)) { + return "access_denied"; + } + if (/Throttl|TooManyRequests|RequestLimitExceeded|Rate exceeded/i.test(message)) return "throttled"; + if (/ValidationException|InvalidParameter|InvalidRequest/i.test(message)) return "invalid_request"; + if (/fetch failed|ECONN|ENOTFOUND|ETIMEDOUT|network|timeout/i.test(message)) return "provider_unavailable"; + return "provider_error"; +} + +function awsProviderSafeMessage(code: SecretProviderClientErrorCode): string { + switch (code) { + case "access_denied": + return "AWS Secrets Manager denied the request. Check IAM permissions for this provider vault."; + case "throttled": + return "AWS Secrets Manager throttled the request. Wait and try again."; + case "not_found": + return "AWS Secrets Manager could not find the requested secret."; + case "conflict": + return "AWS Secrets Manager reported that the requested secret already exists."; + case "invalid_request": + return "AWS Secrets Manager rejected the request."; + case "provider_unavailable": + return "AWS Secrets Manager is unavailable right now."; + case "provider_error": + default: + return "AWS Secrets Manager request failed."; + } +} + +function normalizeAwsError(operation: string, error: unknown): never { + const rawMessage = error instanceof Error ? error.message : String(error); + const code = classifyAwsProviderError(rawMessage); + throw new SecretProviderClientError({ + code, + provider: "aws_secrets_manager", + operation, + message: awsProviderSafeMessage(code), + rawMessage, + cause: error, + }); +} + +class AwsSecretsManagerJsonGateway implements AwsSecretsManagerGateway { + private readonly endpoint: URL; + + constructor(private readonly config: AwsSecretsManagerConfig) { + this.endpoint = new URL(config.endpoint); + } + + createSecret(input: { + Name: string; + SecretString: string; + KmsKeyId?: string; + Description?: string; + Tags: AwsSecretsManagerTag[]; + }) { + return this.call<{ + ARN?: string; + Name?: string; + VersionId?: string; + }>("CreateSecret", input); + } + + putSecretValue(input: { + SecretId: string; + SecretString: string; + VersionStages?: string[]; + }) { + return this.call<{ + ARN?: string; + Name?: string; + VersionId?: string; + }>("PutSecretValue", input); + } + + getSecretValue(input: { + SecretId: string; + VersionId?: string; + VersionStage?: string; + }) { + return this.call<{ + SecretString?: string; + ARN?: string; + Name?: string; + VersionId?: string; + }>("GetSecretValue", input); + } + + deleteSecret(input: { + SecretId: string; + RecoveryWindowInDays: number; + }) { + return this.call("DeleteSecret", input); + } + + updateSecretVersionStage(input: { + SecretId: string; + VersionStage: string; + RemoveFromVersionId?: string; + MoveToVersionId?: string; + }) { + return this.call("UpdateSecretVersionStage", input); + } + + listSecrets(input: { + MaxResults?: number; + NextToken?: string; + Filters?: Array<{ + Key: "all" | "name" | "description" | "tag-key" | "tag-value" | "primary-region" | "owning-service"; + Values: string[]; + }>; + IncludePlannedDeletion?: boolean; + }) { + return this.call<{ + SecretList?: AwsSecretsManagerListSecretEntry[]; + NextToken?: string; + }>("ListSecrets", input); + } + + private async call(operation: string, payload: Record): Promise { + const body = JSON.stringify(payload); + const credentials = await loadAwsCredentials(this.config.region); + const headers = signAwsSecretsManagerRequest({ + endpoint: this.endpoint, + region: this.config.region, + operation, + body, + credentials, + }); + const response = await fetch(this.endpoint, { + method: "POST", + headers, + body, + signal: AbortSignal.timeout(AWS_SECRETS_MANAGER_REQUEST_TIMEOUT_MS), + }); + const text = await response.text(); + const parsed = text ? (JSON.parse(text) as Record) : {}; + + if (!response.ok) { + const code = String(parsed.__type ?? parsed.code ?? parsed.Code ?? response.statusText ?? "UnknownError"); + const message = String(parsed.message ?? parsed.Message ?? code); + const rawMessage = `${code}: ${message}`; + const clientCode = classifyAwsProviderError(rawMessage); + throw new SecretProviderClientError({ + code: clientCode, + provider: "aws_secrets_manager", + operation, + message: awsProviderSafeMessage(clientCode), + rawMessage, + }); + } + + return parsed as T; + } +} + +export function createAwsSecretsManagerProvider( + options?: { + config?: AwsSecretsManagerConfig; + gateway?: AwsSecretsManagerGateway; + }, +): SecretProviderModule { + function resolveConfig(providerConfig?: SecretProviderVaultRuntimeConfig | null) { + if (providerConfig) return readProviderVaultConfig(providerConfig); + return options?.config ?? loadAwsSecretsManagerConfig(); + } + + function resolveGateway(config: AwsSecretsManagerConfig) { + return options?.gateway ?? new AwsSecretsManagerJsonGateway(config); + } + + async function validateConfig( + input?: { + deploymentMode?: DeploymentMode; + strictMode?: boolean; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }, + ): Promise { + const warnings: string[] = []; + if (input?.deploymentMode === "authenticated" && input.strictMode !== true) { + warnings.push("Strict secret mode should be enabled for authenticated deployments"); + } + const config = resolveConfig(input?.providerConfig); + if (!config.prefix) { + warnings.push("PAPERCLIP_SECRETS_AWS_PREFIX should be set to a deployment-scoped prefix"); + } + return { ok: true, warnings }; + } + + async function healthCheck( + input?: { + deploymentMode?: DeploymentMode; + strictMode?: boolean; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }, + ): Promise { + try { + const validation = await validateConfig(input); + const config = resolveConfig(input?.providerConfig); + const readiness = getAwsConfigReadiness(); + const warnings = [...validation.warnings]; + if ( + process.env.AWS_ACCESS_KEY_ID?.trim() && + process.env.AWS_SECRET_ACCESS_KEY?.trim() + ) { + warnings.push( + "AWS static environment credentials are visible to this process; use only short-lived shell credentials locally and prefer IAM role/workload identity for hosted deployments.", + ); + } + return { + provider: "aws_secrets_manager", + status: warnings.length > 0 ? "warn" : "ok", + message: + "AWS Secrets Manager provider config is present; AWS credentials are resolved by the server runtime through the AWS SDK default credential provider chain.", + warnings, + details: { + region: config.region, + prefix: config.prefix, + deploymentId: config.deploymentId, + kmsKeyConfigured: Boolean(config.kmsKeyId), + credentialSource: "AWS SDK default credential provider chain", + detectedCredentialSources: readiness.credentialSources, + }, + backupGuidance: [ + "Back up Paperclip metadata separately from AWS-managed secrets.", + "Restoring access requires the Paperclip database plus the same AWS secret namespace and KMS permissions.", + ], + }; + } catch (error) { + const readiness = getAwsConfigReadiness(); + const providerConfigMissing = input?.providerConfig && !asOptionalNonEmptyString(input.providerConfig.config.region) + ? ["region"] + : []; + const missingConfig = input?.providerConfig ? providerConfigMissing : readiness.missingConfig; + return { + provider: "aws_secrets_manager", + status: "warn", + message: + missingConfig.length > 0 + ? `AWS Secrets Manager provider is not ready: missing ${missingConfig.join(", ")}.` + : error instanceof Error + ? error.message + : String(error), + warnings: [ + ...(missingConfig.length > 0 + ? [`Missing required non-secret AWS provider config: ${missingConfig.join(", ")}.`] + : []), + AWS_RUNTIME_CREDENTIAL_WARNING, + AWS_CREDENTIAL_CUSTODY_WARNING, + "Managed secret create/rotate/resolve calls will fail until AWS provider configuration is complete.", + ], + details: { + missingConfig, + requiredProviderConfig: input?.providerConfig + ? ["region"] + : [ + "PAPERCLIP_SECRETS_AWS_REGION or AWS_REGION/AWS_DEFAULT_REGION", + "PAPERCLIP_SECRETS_AWS_DEPLOYMENT_ID", + "PAPERCLIP_SECRETS_AWS_KMS_KEY_ID", + ], + optionalProviderConfig: [ + "PAPERCLIP_SECRETS_AWS_PREFIX", + "PAPERCLIP_SECRETS_AWS_ENVIRONMENT", + "PAPERCLIP_SECRETS_AWS_PROVIDER_OWNER", + "PAPERCLIP_SECRETS_AWS_ENDPOINT", + "PAPERCLIP_SECRETS_AWS_DELETE_RECOVERY_DAYS", + ], + credentialSource: "AWS SDK default credential provider chain", + detectedCredentialSources: readiness.credentialSources, + }, + }; + } + } + + return { + id: "aws_secrets_manager", + descriptor() { + return configuredAwsSecretsManagerDescriptor(); + }, + validateConfig, + async createSecret(input) { + const config = resolveConfig(input.providerConfig); + const gateway = resolveGateway(config); + const valueSha256 = sha256Hex(input.value); + const secretId = buildManagedSecretId(config, input.context); + + try { + const createInput = { + Name: secretId, + SecretString: input.value, + ...(config.kmsKeyId ? { KmsKeyId: config.kmsKeyId } : {}), + Description: input.context ? `Paperclip secret ${input.context.secretName}` : undefined, + Tags: buildManagedSecretTags(config, input.context), + }; + const created = await gateway.createSecret({ + ...createInput, + }); + const normalizedSecretId = created.ARN ?? created.Name ?? secretId; + return { + material: createManagedMaterial(normalizedSecretId, created.VersionId ?? null), + valueSha256, + fingerprintSha256: valueSha256, + externalRef: normalizedSecretId, + providerVersionRef: created.VersionId ?? null, + }; + } catch (error) { + normalizeAwsError("createSecret", error); + } + }, + async createVersion(input) { + const config = resolveConfig(input.providerConfig); + const gateway = resolveGateway(config); + const valueSha256 = sha256Hex(input.value); + const secretId = resolveManagedSecretRef({ + config, + context: input.context, + externalRefs: [input.externalRef], + }); + + try { + const created = await gateway.putSecretValue({ + SecretId: secretId, + SecretString: input.value, + VersionStages: [PAPERCLIP_PENDING_VERSION_STAGE], + }); + const normalizedSecretId = created.ARN ?? created.Name ?? secretId; + return { + material: createManagedMaterial(normalizedSecretId, created.VersionId ?? null), + valueSha256, + fingerprintSha256: valueSha256, + externalRef: normalizedSecretId, + providerVersionRef: created.VersionId ?? null, + }; + } catch (error) { + normalizeAwsError("createVersion", error); + } + }, + async linkExternalSecret(input) { + const config = resolveConfig(input.providerConfig); + assertNotManagedNamespaceExternalRef(config, input.externalRef); + return createExternalReferenceMaterial(input.externalRef, input.providerVersionRef ?? null); + }, + async listRemoteSecrets(input): Promise { + const config = resolveConfig(input.providerConfig); + const gateway = resolveGateway(config); + const query = input.query?.trim(); + const pageSize = + input.pageSize && Number.isFinite(input.pageSize) + ? Math.min(Math.max(Math.trunc(input.pageSize), 1), 100) + : 50; + + try { + if (!gateway.listSecrets) { + throw new Error("ListSecrets gateway operation is unavailable"); + } + const listed = await gateway.listSecrets({ + MaxResults: pageSize, + NextToken: input.nextToken?.trim() || undefined, + IncludePlannedDeletion: false, + Filters: query ? [{ Key: "all", Values: [query] }] : undefined, + }); + return { + nextToken: listed.NextToken ?? null, + secrets: (listed.SecretList ?? []) + .filter((entry) => Boolean(entry.ARN ?? entry.Name)) + .map((entry) => ({ + externalRef: entry.ARN ?? entry.Name ?? "", + name: entry.Name ?? entry.ARN ?? "", + providerVersionRef: null, + metadata: createRemoteSecretMetadata(entry), + })), + }; + } catch (error) { + normalizeAwsError("listSecrets", error); + } + }, + async resolveVersion(input) { + const config = resolveConfig(input.providerConfig); + const gateway = resolveGateway(config); + const material = asAwsSecretsManagerMaterial(input.material); + const secretId = + material.source === "managed" + ? resolveManagedSecretRef({ + config, + context: input.context, + externalRefs: [input.externalRef, material.secretId], + }) + : (input.externalRef ?? material.secretId); + + try { + const resolved = await gateway.getSecretValue({ + SecretId: secretId, + VersionId: input.providerVersionRef ?? material.versionId ?? undefined, + VersionStage: + input.providerVersionRef || material.versionId ? undefined : DEFAULT_VERSION_STAGE, + }); + if (typeof resolved.SecretString !== "string") { + throw new Error("SecretString was empty"); + } + return resolved.SecretString; + } catch (error) { + normalizeAwsError("resolveVersion", error); + } + }, + async deleteOrArchive(input) { + const material = + input.material && typeof input.material === "object" + ? asAwsSecretsManagerMaterial(input.material) + : null; + + if (material?.source !== "managed") return; + + const config = resolveConfig(input.providerConfig); + const gateway = resolveGateway(config); + const secretId = resolveManagedSecretRef({ + config, + context: input.context, + externalRefs: [input.externalRef, material.secretId], + }); + + try { + if (input.mode === "archive") { + if (material.versionId && gateway.updateSecretVersionStage) { + await gateway.updateSecretVersionStage({ + SecretId: secretId, + VersionStage: PAPERCLIP_PENDING_VERSION_STAGE, + RemoveFromVersionId: material.versionId, + }); + } + return; + } + await gateway.deleteSecret({ + SecretId: secretId, + RecoveryWindowInDays: config.deleteRecoveryWindowDays, + }); + } catch (error) { + normalizeAwsError(input.mode === "archive" ? "updateSecretVersionStage" : "deleteSecret", error); + } + }, + healthCheck, + }; +} + +export const awsSecretsManagerProvider = createAwsSecretsManagerProvider(); diff --git a/server/src/secrets/configured-provider.ts b/server/src/secrets/configured-provider.ts new file mode 100644 index 00000000..25dd821e --- /dev/null +++ b/server/src/secrets/configured-provider.ts @@ -0,0 +1,8 @@ +import { SECRET_PROVIDERS, type SecretProvider } from "@paperclipai/shared"; + +export function getConfiguredSecretProvider(): SecretProvider { + const configuredProvider = process.env.PAPERCLIP_SECRETS_PROVIDER; + return configuredProvider && SECRET_PROVIDERS.includes(configuredProvider as SecretProvider) + ? configuredProvider as SecretProvider + : "local_encrypted"; +} diff --git a/server/src/secrets/external-stub-providers.ts b/server/src/secrets/external-stub-providers.ts index 3e808abf..bd2d2f23 100644 --- a/server/src/secrets/external-stub-providers.ts +++ b/server/src/secrets/external-stub-providers.ts @@ -1,23 +1,78 @@ import { unprocessable } from "../errors.js"; -import type { SecretProviderModule } from "./types.js"; +import type { PreparedSecretVersion, SecretProviderModule } from "./types.js"; +import { createHash } from "node:crypto"; function unavailableProvider( id: "aws_secrets_manager" | "gcp_secret_manager" | "vault", label: string, ): SecretProviderModule { + function externalFingerprint(externalRef: string, providerVersionRef: string | null): string { + return createHash("sha256") + .update(`${id}:${externalRef}:${providerVersionRef ?? ""}`) + .digest("hex"); + } + + function prepareExternalReference(input: { + externalRef: string; + providerVersionRef?: string | null; + }): PreparedSecretVersion { + const externalRef = input.externalRef.trim(); + const providerVersionRef = input.providerVersionRef?.trim() || null; + const fingerprint = externalFingerprint(externalRef, providerVersionRef); + return { + material: { + scheme: "external_reference_v1", + provider: id, + externalRef, + providerVersionRef, + }, + valueSha256: fingerprint, + fingerprintSha256: fingerprint, + externalRef, + providerVersionRef, + }; + } + return { id, - descriptor: { - id, - label, - requiresExternalRef: true, + descriptor() { + return { + id, + label, + requiresExternalRef: true, + supportsManagedValues: false, + supportsExternalReferences: true, + configured: false, + }; + }, + async validateConfig() { + return { ok: false, warnings: [`${id} provider is not configured in this deployment`] }; + }, + async createSecret() { + throw unprocessable(`${id} provider is not configured for Paperclip-managed values`); }, async createVersion() { - throw unprocessable(`${id} provider is not configured in this deployment`); + throw unprocessable(`${id} provider is not configured for Paperclip-managed values`); + }, + async linkExternalSecret(input) { + return prepareExternalReference(input); }, async resolveVersion() { throw unprocessable(`${id} provider is not configured in this deployment`); }, + async deleteOrArchive() { + // External references are metadata-only in Paperclip for unconfigured providers. + }, + async healthCheck() { + return { + provider: id, + status: "warn", + message: `${id} provider is available for external references but not configured for runtime resolution`, + warnings: [ + "Linked external references can be stored as metadata, but runtime resolution will fail until this provider is configured.", + ], + }; + }, }; } diff --git a/server/src/secrets/local-encrypted-provider.ts b/server/src/secrets/local-encrypted-provider.ts index a92ded20..e19ccc47 100644 --- a/server/src/secrets/local-encrypted-provider.ts +++ b/server/src/secrets/local-encrypted-provider.ts @@ -1,7 +1,14 @@ import { createCipheriv, createDecipheriv, createHash, randomBytes } from "node:crypto"; -import { mkdirSync, readFileSync, writeFileSync, existsSync, chmodSync } from "node:fs"; +import { chmodSync, existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from "node:fs"; import path from "node:path"; -import type { SecretProviderModule, StoredSecretVersionMaterial } from "./types.js"; +import { resolveDefaultSecretsKeyFilePath } from "../home-paths.js"; +import type { + PreparedSecretVersion, + SecretProviderHealthCheck, + SecretProviderModule, + SecretProviderValidationResult, + StoredSecretVersionMaterial, +} from "./types.js"; import { badRequest } from "../errors.js"; interface LocalEncryptedMaterial extends StoredSecretVersionMaterial { @@ -14,7 +21,7 @@ interface LocalEncryptedMaterial extends StoredSecretVersionMaterial { function resolveMasterKeyFilePath() { const fromEnv = process.env.PAPERCLIP_SECRETS_MASTER_KEY_FILE; if (fromEnv && fromEnv.trim().length > 0) return path.resolve(fromEnv.trim()); - return path.resolve(process.cwd(), "data/secrets/master.key"); + return resolveDefaultSecretsKeyFilePath(); } function decodeMasterKey(raw: string): Buffer | null { @@ -52,6 +59,7 @@ function loadOrCreateMasterKey(): Buffer { const keyPath = resolveMasterKeyFilePath(); if (existsSync(keyPath)) { + enforceKeyFilePermissionsBestEffort(keyPath); const raw = readFileSync(keyPath, "utf8"); const decoded = decodeMasterKey(raw); if (!decoded) { @@ -72,10 +80,118 @@ function loadOrCreateMasterKey(): Buffer { return generated; } +function enforceKeyFilePermissionsBestEffort(keyPath: string) { + try { + const mode = statSync(keyPath).mode & 0o777; + if ((mode & 0o077) !== 0) { + chmodSync(keyPath, 0o600); + } + } catch { + // best effort only; health checks surface persistent permission problems. + } +} + function sha256Hex(value: string): string { return createHash("sha256").update(value).digest("hex"); } +function prepareManagedVersion(value: string): PreparedSecretVersion { + const masterKey = loadOrCreateMasterKey(); + const valueSha256 = sha256Hex(value); + return { + material: encryptValue(masterKey, value), + valueSha256, + fingerprintSha256: valueSha256, + externalRef: null, + }; +} + +async function inspectLocalEncryptedHealth(): Promise { + const envKeyRaw = process.env.PAPERCLIP_SECRETS_MASTER_KEY; + if (envKeyRaw && envKeyRaw.trim().length > 0) { + if (!decodeMasterKey(envKeyRaw)) { + return { + provider: "local_encrypted", + status: "error", + message: + "PAPERCLIP_SECRETS_MASTER_KEY is invalid; expected 32-byte base64, 64-char hex, or raw 32-char string", + }; + } + return { + provider: "local_encrypted", + status: "ok", + message: "Local encrypted provider is using PAPERCLIP_SECRETS_MASTER_KEY", + backupGuidance: [ + "Back up the configured master key separately from the database.", + "A restore needs both the database metadata and the same master key.", + ], + details: { keySource: "env" }, + }; + } + + const keyPath = resolveMasterKeyFilePath(); + if (!existsSync(keyPath)) { + return { + provider: "local_encrypted", + status: "warn", + message: `Secrets key file does not exist yet: ${keyPath}`, + warnings: ["The first managed secret write will create this key file with 0600 permissions."], + backupGuidance: [ + "Back up the key file together with database backups.", + "The database alone cannot restore local encrypted secret values.", + ], + details: { keySource: "file", keyFilePath: keyPath }, + }; + } + + let mode: number | null = null; + try { + mode = statSync(keyPath).mode & 0o777; + } catch (err) { + return { + provider: "local_encrypted", + status: "error", + message: `Could not stat secrets key file: ${err instanceof Error ? err.message : String(err)}`, + details: { keySource: "file", keyFilePath: keyPath }, + }; + } + + try { + const raw = readFileSync(keyPath, "utf8"); + if (!decodeMasterKey(raw)) { + return { + provider: "local_encrypted", + status: "error", + message: `Invalid key material in ${keyPath}`, + details: { keySource: "file", keyFilePath: keyPath }, + }; + } + } catch (err) { + return { + provider: "local_encrypted", + status: "error", + message: `Could not read secrets key file: ${err instanceof Error ? err.message : String(err)}`, + details: { keySource: "file", keyFilePath: keyPath }, + }; + } + + const warnings = + mode !== null && (mode & 0o077) !== 0 + ? [`Secrets key file permissions are ${mode.toString(8)}; run chmod 600 ${keyPath}`] + : []; + return { + provider: "local_encrypted", + status: warnings.length > 0 ? "warn" : "ok", + message: `Local encrypted provider configured with key file ${keyPath}`, + warnings, + backupGuidance: [ + "Back up the key file together with database backups.", + "The database alone cannot restore local encrypted secret values.", + ], + details: { keySource: "file", keyFilePath: keyPath }, + }; +} + function encryptValue(masterKey: Buffer, value: string): LocalEncryptedMaterial { const iv = randomBytes(12); const cipher = createCipheriv("aes-256-gcm", masterKey, iv); @@ -115,21 +231,45 @@ function asLocalEncryptedMaterial(value: StoredSecretVersionMaterial): LocalEncr export const localEncryptedProvider: SecretProviderModule = { id: "local_encrypted", - descriptor: { - id: "local_encrypted", - label: "Local encrypted (default)", - requiresExternalRef: false, + descriptor() { + return { + id: "local_encrypted", + label: "Local encrypted (default)", + requiresExternalRef: false, + supportsManagedValues: true, + supportsExternalReferences: false, + configured: true, + }; + }, + async validateConfig(input): Promise { + const warnings: string[] = []; + if (input?.deploymentMode === "authenticated" && input.strictMode !== true) { + warnings.push("Strict secret mode should be enabled for authenticated deployments"); + } + const health = await inspectLocalEncryptedHealth(); + if (health.status === "error") { + throw badRequest(health.message); + } + warnings.push(...(health.warnings ?? [])); + return { ok: true, warnings }; + }, + async createSecret(input) { + return prepareManagedVersion(input.value); }, async createVersion(input) { - const masterKey = loadOrCreateMasterKey(); - return { - material: encryptValue(masterKey, input.value), - valueSha256: sha256Hex(input.value), - externalRef: null, - }; + return prepareManagedVersion(input.value); + }, + async linkExternalSecret() { + throw badRequest("local_encrypted does not support external reference secrets"); }, async resolveVersion(input) { const masterKey = loadOrCreateMasterKey(); return decryptValue(masterKey, asLocalEncryptedMaterial(input.material)); }, + async deleteOrArchive() { + // Secret metadata deletion is handled in Paperclip DB; the local key is shared and must remain. + }, + async healthCheck() { + return inspectLocalEncryptedHealth(); + }, }; diff --git a/server/src/secrets/provider-registry.ts b/server/src/secrets/provider-registry.ts index 95e16de8..f181b8b8 100644 --- a/server/src/secrets/provider-registry.ts +++ b/server/src/secrets/provider-registry.ts @@ -1,11 +1,11 @@ import type { SecretProvider, SecretProviderDescriptor } from "@paperclipai/shared"; +import { awsSecretsManagerProvider } from "./aws-secrets-manager-provider.js"; import { localEncryptedProvider } from "./local-encrypted-provider.js"; import { - awsSecretsManagerProvider, gcpSecretManagerProvider, vaultProvider, } from "./external-stub-providers.js"; -import type { SecretProviderModule } from "./types.js"; +import type { SecretProviderHealthCheck, SecretProviderModule } from "./types.js"; import { unprocessable } from "../errors.js"; const providers: SecretProviderModule[] = [ @@ -26,5 +26,9 @@ export function getSecretProvider(id: SecretProvider): SecretProviderModule { } export function listSecretProviders(): SecretProviderDescriptor[] { - return providers.map((provider) => provider.descriptor); + return providers.map((provider) => provider.descriptor()); +} + +export async function checkSecretProviders(): Promise { + return Promise.all(providers.map((provider) => provider.healthCheck())); } diff --git a/server/src/secrets/types.ts b/server/src/secrets/types.ts index 5f9ed1b9..341163e6 100644 --- a/server/src/secrets/types.ts +++ b/server/src/secrets/types.ts @@ -1,22 +1,180 @@ import type { SecretProvider, SecretProviderDescriptor } from "@paperclipai/shared"; +import type { DeploymentMode } from "@paperclipai/shared"; export interface StoredSecretVersionMaterial { [key: string]: unknown; } +export type SecretProviderHealthStatus = "ok" | "warn" | "error"; + +export interface SecretProviderHealthCheck { + provider: SecretProvider; + status: SecretProviderHealthStatus; + message: string; + warnings?: string[]; + backupGuidance?: string[]; + details?: Record; +} + +export interface SecretProviderValidationResult { + ok: boolean; + warnings: string[]; +} + +export interface PreparedSecretVersion { + material: StoredSecretVersionMaterial; + valueSha256: string; + fingerprintSha256?: string; + externalRef: string | null; + providerVersionRef?: string | null; +} + +export interface RemoteSecretListEntry { + externalRef: string; + name: string; + providerVersionRef?: string | null; + metadata?: Record | null; +} + +export interface RemoteSecretListResult { + secrets: RemoteSecretListEntry[]; + nextToken?: string | null; +} + +export type SecretProviderClientErrorCode = + | "access_denied" + | "throttled" + | "not_found" + | "conflict" + | "invalid_request" + | "provider_unavailable" + | "provider_error"; + +export interface SecretProviderClientErrorOptions { + code: SecretProviderClientErrorCode; + provider: SecretProvider; + operation: string; + message: string; + status?: number; + rawMessage?: string | null; + cause?: unknown; +} + +const SECRET_PROVIDER_CLIENT_ERROR_STATUS: Record = { + access_denied: 403, + throttled: 429, + not_found: 404, + conflict: 409, + invalid_request: 422, + provider_unavailable: 503, + provider_error: 502, +}; + +export class SecretProviderClientError extends Error { + readonly code: SecretProviderClientErrorCode; + readonly provider: SecretProvider; + readonly operation: string; + readonly status: number; + readonly rawMessage: string | null; + + constructor(options: SecretProviderClientErrorOptions) { + super(options.message); + this.name = "SecretProviderClientError"; + this.code = options.code; + this.provider = options.provider; + this.operation = options.operation; + this.status = options.status ?? SECRET_PROVIDER_CLIENT_ERROR_STATUS[options.code]; + this.rawMessage = options.rawMessage ?? null; + if (options.cause !== undefined) { + Object.defineProperty(this, "cause", { + value: options.cause, + enumerable: false, + configurable: true, + }); + } + } +} + +export function isSecretProviderClientError(error: unknown): error is SecretProviderClientError { + return error instanceof SecretProviderClientError; +} + +export interface SecretProviderRuntimeContext { + companyId: string; + secretId: string; + secretKey: string; + version: number; +} + +export interface SecretProviderVaultRuntimeConfig { + id: string; + provider: SecretProvider; + status: string; + config: Record; +} + +export interface SecretProviderWriteContext { + companyId: string; + secretKey: string; + secretName: string; + version: number; +} + export interface SecretProviderModule { id: SecretProvider; - descriptor: SecretProviderDescriptor; + descriptor(): SecretProviderDescriptor; + validateConfig(input?: { + deploymentMode?: DeploymentMode; + strictMode?: boolean; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }): Promise; + createSecret(input: { + value: string; + externalRef?: string | null; + context?: SecretProviderWriteContext; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }): Promise; createVersion(input: { value: string; - externalRef: string | null; - }): Promise<{ - material: StoredSecretVersionMaterial; - valueSha256: string; - externalRef: string | null; - }>; + externalRef?: string | null; + context?: SecretProviderWriteContext; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }): Promise; + linkExternalSecret(input: { + externalRef: string; + providerVersionRef?: string | null; + context?: SecretProviderWriteContext; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }): Promise; + listRemoteSecrets?(input: { + providerConfig?: SecretProviderVaultRuntimeConfig | null; + query?: string | null; + nextToken?: string | null; + pageSize?: number; + }): Promise; resolveVersion(input: { material: StoredSecretVersionMaterial; externalRef: string | null; + providerVersionRef?: string | null; + context?: SecretProviderRuntimeContext; + providerConfig?: SecretProviderVaultRuntimeConfig | null; }): Promise; + rotate?(input: { + material: StoredSecretVersionMaterial; + externalRef: string | null; + providerVersionRef?: string | null; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }): Promise; + deleteOrArchive(input: { + material?: StoredSecretVersionMaterial | null; + externalRef: string | null; + context?: SecretProviderWriteContext; + mode: "archive" | "delete"; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }): Promise; + healthCheck(input?: { + deploymentMode?: DeploymentMode; + strictMode?: boolean; + providerConfig?: SecretProviderVaultRuntimeConfig | null; + }): Promise; } diff --git a/server/src/services/company-portability.ts b/server/src/services/company-portability.ts index b7e186a2..864f773a 100644 --- a/server/src/services/company-portability.ts +++ b/server/src/services/company-portability.ts @@ -16,6 +16,7 @@ import type { CompanyPortabilityImportResult, CompanyPortabilityInclude, CompanyPortabilityManifest, + CompanyPortabilityIssueCommentManifestEntry, CompanyPortabilityPreview, CompanyPortabilityPreviewAgentPlan, CompanyPortabilityPreviewResult, @@ -44,13 +45,16 @@ import { ROUTINE_TRIGGER_SIGNING_MODES, deriveProjectUrlKey, envConfigSchema, + issueCommentAuthorTypeSchema, + issueCommentMetadataSchema, + issueCommentPresentationSchema, normalizeAgentUrlKey, } from "@paperclipai/shared"; import { readPaperclipSkillSyncPreference, writePaperclipSkillSyncPreference, } from "@paperclipai/adapter-utils/server-utils"; -import { ensureOpenCodeModelConfiguredAndAvailable } from "@paperclipai/adapter-opencode-local/server"; +import { requireOpenCodeModelId } from "@paperclipai/adapter-opencode-local/server"; import { findServerAdapter } from "../adapters/index.js"; import { forbidden, HttpError, notFound, unprocessable } from "../errors.js"; import { ghFetch, gitHubApiBase, resolveRawGitHubUrl } from "./github-fetch.js"; @@ -674,6 +678,96 @@ function asInteger(value: unknown): number | null { return typeof value === "number" && Number.isInteger(value) ? value : null; } +function hasOwn(record: Record, key: string) { + return Object.prototype.hasOwnProperty.call(record, key); +} + +function readStringArray(value: unknown): string[] | null { + if (!Array.isArray(value)) return null; + const entries = value.filter((entry): entry is string => typeof entry === "string"); + return entries.length === value.length ? entries : null; +} + +function derivePortableCommentAuthorType(value: Record) { + const explicit = issueCommentAuthorTypeSchema.safeParse(value.authorType); + if (explicit.success) return explicit.data; + return asString(value.authorAgentSlug) ? "agent" : asString(value.authorUserId) ? "user" : "system"; +} + +function readPortableIssueComments( + value: unknown, + warnings: string[], + sourceLabel: string, +): CompanyPortabilityIssueCommentManifestEntry[] { + if (value === undefined || value === null) return []; + if (!Array.isArray(value)) { + warnings.push(`${sourceLabel} comments were ignored because they are not an array.`); + return []; + } + + const comments: CompanyPortabilityIssueCommentManifestEntry[] = []; + for (const [index, entry] of value.entries()) { + if (!isPlainRecord(entry)) { + warnings.push(`${sourceLabel} comment ${index + 1} was ignored because it is not an object.`); + continue; + } + const body = asString(entry.body); + if (!body) { + warnings.push(`${sourceLabel} comment ${index + 1} was ignored because it has no body.`); + continue; + } + const presentation = entry.presentation == null ? null : issueCommentPresentationSchema.safeParse(entry.presentation); + if (presentation && !presentation.success) { + warnings.push(`${sourceLabel} comment ${index + 1} has invalid presentation metadata and was ignored.`); + continue; + } + const metadata = entry.metadata == null ? null : issueCommentMetadataSchema.safeParse(entry.metadata); + if (metadata && !metadata.success) { + warnings.push(`${sourceLabel} comment ${index + 1} has invalid hidden metadata and was ignored.`); + continue; + } + const createdAt = asString(entry.createdAt); + comments.push({ + body, + authorType: derivePortableCommentAuthorType(entry), + authorAgentSlug: asString(entry.authorAgentSlug), + authorUserId: asString(entry.authorUserId), + presentation: presentation ? presentation.data : null, + metadata: metadata ? metadata.data : null, + createdAt: createdAt && Number.isNaN(Date.parse(createdAt)) ? null : createdAt, + }); + } + return comments; +} + +function appendCodexImportArg(adapterConfig: Record, arg: string) { + const extraArgs = readStringArray(adapterConfig.extraArgs); + if (extraArgs) { + if (!extraArgs.includes(arg)) adapterConfig.extraArgs = [...extraArgs, arg]; + return; + } + + const legacyArgs = readStringArray(adapterConfig.args); + if (legacyArgs && legacyArgs.length > 0) { + if (!legacyArgs.includes(arg)) adapterConfig.args = [...legacyArgs, arg]; + return; + } + + if (legacyArgs?.includes(arg)) return; + adapterConfig.extraArgs = [arg]; +} + +function applyImportAdapterRunDefaults( + adapterType: string, + adapterConfig: Record, +) { + const next = { ...adapterConfig }; + if (adapterType === "codex_local") { + appendCodexImportArg(next, "--skip-git-repo-check"); + } + return next; +} + function normalizeRoutineTriggerExtension(value: unknown): CompanyPortabilityIssueRoutineTriggerManifestEntry | null { if (!isPlainRecord(value)) return null; const kind = asString(value.kind); @@ -2746,6 +2840,7 @@ function buildManifestFromPackageFiles( assigneeAdapterOverrides: isPlainRecord(extension.assigneeAdapterOverrides) ? extension.assigneeAdapterOverrides : null, + comments: readPortableIssueComments(extension.comments, warnings, `Task ${slug}`), metadata: isPlainRecord(extension.metadata) ? extension.metadata : null, }); if (frontmatter.kind && frontmatter.kind !== "task") { @@ -2842,20 +2937,12 @@ export function companyPortabilityService(db: Db, storage?: StorageService) { } async function assertImportAdapterConfigConstraints( - companyId: string, adapterType: string, adapterConfig: Record, ) { if (adapterType !== "opencode_local") return; - const { config: runtimeConfig } = await secrets.resolveAdapterConfigForRuntime(companyId, adapterConfig); - const runtimeEnv = isPlainRecord(runtimeConfig.env) ? runtimeConfig.env : {}; try { - await ensureOpenCodeModelConfiguredAndAvailable({ - model: runtimeConfig.model, - command: runtimeConfig.command, - cwd: runtimeConfig.cwd, - env: runtimeEnv, - }); + requireOpenCodeModelId(adapterConfig.model); } catch (err) { const reason = err instanceof Error ? err.message : String(err); throw unprocessable(`Invalid opencode_local adapterConfig: ${reason}`); @@ -2873,7 +2960,10 @@ export function companyPortabilityService(db: Db, storage?: StorageService) { if (mode === "agent_safe" && IMPORT_FORBIDDEN_ADAPTER_TYPES.has(effectiveAdapterType)) { throw forbidden(`Adapter type "${effectiveAdapterType}" is not allowed in safe imports`); } - const nextAdapterConfig = writePaperclipSkillSyncPreference({ ...adapterConfig }, desiredSkills); + const nextAdapterConfig = writePaperclipSkillSyncPreference( + applyImportAdapterRunDefaults(effectiveAdapterType, adapterConfig), + desiredSkills, + ); delete nextAdapterConfig.promptTemplate; delete nextAdapterConfig.bootstrapPromptTemplate; delete nextAdapterConfig.instructionsFilePath; @@ -2885,7 +2975,7 @@ export function companyPortabilityService(db: Db, storage?: StorageService) { nextAdapterConfig, { strictMode: strictSecretsMode }, ); - await assertImportAdapterConfigConstraints(companyId, effectiveAdapterType, normalizedAdapterConfig); + await assertImportAdapterConfigConstraints(effectiveAdapterType, normalizedAdapterConfig); return { adapterType: effectiveAdapterType, adapterConfig: normalizedAdapterConfig, @@ -3455,6 +3545,7 @@ export function companyPortabilityService(db: Db, storage?: StorageService) { }); } } + const comments = await issuesSvc.listComments(issue.id, { order: "asc" }); files[taskPath] = buildMarkdown( { name: issue.title, @@ -3472,6 +3563,20 @@ export function companyPortabilityService(db: Db, storage?: StorageService) { projectWorkspaceKey: projectWorkspaceKey ?? undefined, executionWorkspaceSettings: issue.executionWorkspaceSettings ?? undefined, assigneeAdapterOverrides: issue.assigneeAdapterOverrides ?? undefined, + comments: comments.length > 0 + ? comments.map((comment) => ({ + body: comment.body, + authorType: comment.authorType, + authorAgentSlug: comment.authorAgentId ? (idToSlug.get(comment.authorAgentId) ?? null) : null, + // Portable bundles preserve author kind, but not raw board user ids. + authorUserId: null, + presentation: comment.presentation, + metadata: comment.metadata, + createdAt: comment.createdAt instanceof Date + ? comment.createdAt.toISOString() + : new Date(comment.createdAt).toISOString(), + })) + : undefined, }); paperclipTasksOut[taskSlug] = isPlainRecord(extension) ? extension : {}; } @@ -4741,7 +4846,7 @@ export function companyPortabilityService(db: Db, storage?: StorageService) { warnings.push(`Task ${manifestIssue.slug} was downgraded to todo because its assignee could not be imported as assignable work.`); issueStatus = "todo"; } - await issues.create(targetCompany.id, { + const createdIssue = await issues.create(targetCompany.id, { projectId, projectWorkspaceId, title: manifestIssue.title, @@ -4756,6 +4861,33 @@ export function companyPortabilityService(db: Db, storage?: StorageService) { executionWorkspaceSettings: manifestIssue.executionWorkspaceSettings, labelIds: manifestIssue.labelIds ?? [], }); + for (const comment of manifestIssue.comments ?? []) { + const authorAgentId = comment.authorType === "agent" && comment.authorAgentSlug + ? importedSlugToAgentId.get(comment.authorAgentSlug) + ?? existingSlugToAgentId.get(comment.authorAgentSlug) + ?? null + : null; + if (comment.authorType === "agent" && comment.authorAgentSlug && !authorAgentId) { + warnings.push(`Comment on task ${manifestIssue.slug} was imported as a system comment because author agent ${comment.authorAgentSlug} was not imported.`); + } + if (comment.authorType === "user" && !actorUserId) { + warnings.push(`Comment on task ${manifestIssue.slug} was imported as a system comment because no importing user was available.`); + } + const authorType = authorAgentId + ? "agent" + : comment.authorType === "user" && actorUserId + ? "user" + : "system"; + await issues.addComment(createdIssue.id, comment.body, { + agentId: authorAgentId ?? undefined, + userId: authorType === "user" ? actorUserId ?? undefined : undefined, + }, { + authorType, + presentation: comment.presentation, + metadata: comment.metadata, + createdAt: comment.createdAt, + }); + } } } diff --git a/server/src/services/company-search-rate-limit.ts b/server/src/services/company-search-rate-limit.ts new file mode 100644 index 00000000..4ac32e80 --- /dev/null +++ b/server/src/services/company-search-rate-limit.ts @@ -0,0 +1,63 @@ +export const COMPANY_SEARCH_RATE_LIMIT_WINDOW_MS = 60_000; +export const COMPANY_SEARCH_RATE_LIMIT_MAX_REQUESTS = 60; + +export type CompanySearchRateLimitActor = { + companyId: string; + actorType: "agent" | "board"; + actorId: string; +}; + +export type CompanySearchRateLimitResult = { + allowed: boolean; + limit: number; + remaining: number; + retryAfterSeconds: number; +}; + +export type CompanySearchRateLimiter = { + consume(actor: CompanySearchRateLimitActor): CompanySearchRateLimitResult; +}; + +export function createCompanySearchRateLimiter(options: { + windowMs?: number; + maxRequests?: number; + now?: () => number; +} = {}): CompanySearchRateLimiter { + const windowMs = options.windowMs ?? COMPANY_SEARCH_RATE_LIMIT_WINDOW_MS; + const maxRequests = options.maxRequests ?? COMPANY_SEARCH_RATE_LIMIT_MAX_REQUESTS; + const now = options.now ?? Date.now; + const hitsByKey = new Map(); + + function key(actor: CompanySearchRateLimitActor) { + return `${actor.companyId}:${actor.actorType}:${actor.actorId}`; + } + + return { + consume(actor) { + const currentTime = now(); + const cutoff = currentTime - windowMs; + const actorKey = key(actor); + const recentHits = (hitsByKey.get(actorKey) ?? []).filter((hit) => hit > cutoff); + + if (recentHits.length >= maxRequests) { + const oldestHit = recentHits[0] ?? currentTime; + hitsByKey.set(actorKey, recentHits); + return { + allowed: false, + limit: maxRequests, + remaining: 0, + retryAfterSeconds: Math.max(1, Math.ceil((oldestHit + windowMs - currentTime) / 1000)), + }; + } + + recentHits.push(currentTime); + hitsByKey.set(actorKey, recentHits); + return { + allowed: true, + limit: maxRequests, + remaining: Math.max(0, maxRequests - recentHits.length), + retryAfterSeconds: 0, + }; + }, + }; +} diff --git a/server/src/services/company-search.ts b/server/src/services/company-search.ts new file mode 100644 index 00000000..1816e074 --- /dev/null +++ b/server/src/services/company-search.ts @@ -0,0 +1,696 @@ +import { and, desc, eq, isNull, sql } from "drizzle-orm"; +import type { SQL } from "drizzle-orm"; +import type { Db } from "@paperclipai/db"; +import { agents, companies, issues, projects } from "@paperclipai/db"; +import { + COMPANY_SEARCH_MAX_LIMIT, + COMPANY_SEARCH_MAX_OFFSET, + COMPANY_SEARCH_MAX_TOKENS, + type CompanySearchIssueSummary, + type CompanySearchQuery, + type CompanySearchResponse, + type CompanySearchResult, + type CompanySearchResultType, + type CompanySearchScope, + type CompanySearchSnippet, +} from "@paperclipai/shared"; + +const MIN_TOKEN_LENGTH = 2; +const MIN_FUZZY_QUERY_LENGTH = 4; +const MIN_FUZZY_TOKEN_LENGTH = 4; +// Cap fuzzy edits using the shorter of (query token, title word) so common +// 4–5 letter English words don't sweep in noise (e.g. "serach" vs "each"). +const FUZZY_PAIR_LONG_LENGTH = 6; +const FUZZY_PAIR_LONG_MAX_EDITS = 2; +const FUZZY_PAIR_MEDIUM_LENGTH = 5; +const FUZZY_PAIR_MEDIUM_MAX_EDITS = 1; +const FUZZY_PAIR_SHORT_MAX_EDITS = 0; +const FUZZY_IDENTIFIER_SIMILARITY_THRESHOLD = 0.45; +const SNIPPET_MAX_CHARS = 240; +export const COMPANY_SEARCH_BRANCH_FETCH_LIMIT = COMPANY_SEARCH_MAX_OFFSET + COMPANY_SEARCH_MAX_LIMIT + 1; + +type IssueSearchRow = { + id: string; + identifier: string | null; + title: string; + description: string | null; + status: string; + priority: string; + assigneeAgentId: string | null; + assigneeUserId: string | null; + projectId: string | null; + updatedAt: Date; + score: number | string; + matchedFields: string[] | null; + commentSnippet: string | null; + commentId: string | null; + documentSnippet: string | null; + documentTitle: string | null; + documentKey: string | null; +}; + +type SimpleSearchRow = { + id: string; + title: string; + description: string | null; + role?: string | null; + updatedAt: Date; +}; + +function normalizeQuery(query: string) { + return query.trim().replace(/\s+/g, " ").toLowerCase(); +} + +function escapeLikePattern(value: string): string { + return value.replace(/[\\%_]/g, "\\$&"); +} + +function tokenizeQuery(normalizedQuery: string) { + const matches = normalizedQuery.match(/"[^"]+"|[^\s]+/g) ?? []; + const tokens: string[] = []; + for (const match of matches) { + const token = match.replace(/^"|"$/g, "").replace(/^[^\p{L}\p{N}%_\\-]+|[^\p{L}\p{N}%_\\-]+$/gu, ""); + if (token.length < MIN_TOKEN_LENGTH) continue; + if (!tokens.includes(token)) tokens.push(token); + if (tokens.length >= COMPANY_SEARCH_MAX_TOKENS) break; + } + return tokens; +} + +function fuzzyEligibleTokens(tokens: string[]): string[] { + return tokens.filter((token) => token.length >= MIN_FUZZY_TOKEN_LENGTH); +} + +function sqlTextArray(values: string[]) { + if (values.length === 0) return sql`ARRAY[]::text[]`; + return sql`ARRAY[${sql.join(values.map((value) => sql`${value}`), sql`, `)}]::text[]`; +} + +function tokenMatchExpression(textExpression: SQL, tokenArray: SQL) { + return sql` + EXISTS ( + SELECT 1 + FROM unnest(${tokenArray}) AS search_token(value) + WHERE lower(coalesce(${textExpression}, '')) LIKE '%' || search_token.value || '%' ESCAPE '\\' + ) + `; +} + +function noMatchSql() { + return sql`false`; +} + +function plainText(value: string | null | undefined) { + return (value ?? "") + .replace(/```[\s\S]*?```/g, " ") + .replace(/`([^`]+)`/g, "$1") + .replace(/\[([^\]]+)\]\([^)]+\)/g, "$1") + .replace(/[#>*_~|]+/g, " ") + .replace(/\s+/g, " ") + .trim(); +} + +const MARKDOWN_IMAGE_PATTERN = /!\[[^\]]*\]\(\s*([^)\s]+)(?:\s+"[^"]*")?\s*\)/; + +function extractFirstImageUrl(value: string | null | undefined): string | null { + if (!value) return null; + const match = MARKDOWN_IMAGE_PATTERN.exec(value); + return match ? match[1] : null; +} + +function findFirstMatchIndex(value: string, terms: string[]) { + const lower = value.toLowerCase(); + let best = -1; + for (const term of terms) { + if (term.length === 0) continue; + const index = lower.indexOf(term.toLowerCase()); + if (index >= 0 && (best < 0 || index < best)) best = index; + } + return best; +} + +function highlightRanges(value: string, terms: string[]) { + const lower = value.toLowerCase(); + const ranges: Array<{ start: number; end: number }> = []; + for (const term of terms) { + const normalized = term.toLowerCase(); + if (normalized.length === 0) continue; + let index = lower.indexOf(normalized); + while (index >= 0) { + const next = { start: index, end: index + normalized.length }; + const overlaps = ranges.some((range) => next.start < range.end && next.end > range.start); + if (!overlaps) ranges.push(next); + index = lower.indexOf(normalized, index + normalized.length); + } + } + return ranges.sort((left, right) => left.start - right.start); +} + +function createSnippet(field: string, label: string, source: string | null | undefined, terms: string[]): CompanySearchSnippet | null { + const text = plainText(source); + if (!text) return null; + const firstMatch = findFirstMatchIndex(text, terms); + const windowStart = firstMatch < 0 ? 0 : Math.max(0, firstMatch - 80); + const windowEnd = Math.min(text.length, windowStart + SNIPPET_MAX_CHARS); + const prefix = windowStart > 0 ? "..." : ""; + const suffix = windowEnd < text.length ? "..." : ""; + const slice = text.slice(windowStart, windowEnd).trim(); + const snippetText = `${prefix}${slice}${suffix}`; + const offset = prefix.length - windowStart; + return { + field, + label, + text: snippetText, + highlights: highlightRanges(text, terms) + .filter((range) => range.end > windowStart && range.start < windowEnd) + .map((range) => ({ + start: Math.max(0, range.start + offset), + end: Math.min(snippetText.length, range.end + offset), + })), + }; +} + +function iso(value: Date | string | null | undefined) { + if (!value) return null; + return value instanceof Date ? value.toISOString() : new Date(value).toISOString(); +} + +function routePrefix(issuePrefix: string | null | undefined) { + return issuePrefix?.trim() || "company"; +} + +function issueHref(prefix: string, issue: { id: string; identifier: string | null }, suffix = "") { + return `/${prefix}/issues/${encodeURIComponent(issue.identifier ?? issue.id)}${suffix}`; +} + +function matchTerms(normalizedQuery: string, tokens: string[]) { + return [normalizedQuery, ...tokens].filter((term, index, terms) => term.length > 0 && terms.indexOf(term) === index); +} + +function makeCounts(results: CompanySearchResult[]) { + const counts: Record = { issue: 0, agent: 0, project: 0 }; + for (const result of results) counts[result.type] += 1; + return counts; +} + +function scopeIncludesIssues(scope: CompanySearchScope) { + return scope === "all" || scope === "issues" || scope === "comments" || scope === "documents"; +} + +function scopeIncludesAgents(scope: CompanySearchScope) { + return scope === "all" || scope === "agents"; +} + +function scopeIncludesProjects(scope: CompanySearchScope) { + return scope === "all" || scope === "projects"; +} + +function issueSearchCondition(scope: CompanySearchScope, input: { + issueTextMatch: SQL; + commentMatch: SQL; + documentMatch: SQL; + fuzzyMatch: SQL; +}) { + if (scope === "comments") return input.commentMatch; + if (scope === "documents") return input.documentMatch; + if (scope === "issues") return sql`(${input.issueTextMatch} OR ${input.fuzzyMatch})`; + return sql`(${input.issueTextMatch} OR ${input.commentMatch} OR ${input.documentMatch} OR ${input.fuzzyMatch})`; +} + +function selectPrimarySnippets(row: IssueSearchRow, normalizedQuery: string, tokens: string[]) { + const terms = matchTerms(normalizedQuery, tokens); + const matchedFields = new Set(row.matchedFields ?? []); + const candidates: Array = []; + if (matchedFields.has("identifier")) { + candidates.push(createSnippet("identifier", "Identifier", row.identifier, terms)); + } + if (matchedFields.has("title")) { + candidates.push(createSnippet("title", "Title", row.title, terms)); + } + if (matchedFields.has("comment")) { + candidates.push(createSnippet("comment", "Comment", row.commentSnippet, terms)); + } + if (matchedFields.has("document")) { + candidates.push(createSnippet("document", row.documentTitle || "Document", row.documentSnippet, terms)); + } + if (matchedFields.has("description")) { + candidates.push(createSnippet("description", "Description", row.description, terms)); + } + return candidates.filter((snippet): snippet is CompanySearchSnippet => Boolean(snippet)).slice(0, 2); +} + +function issueResult(row: IssueSearchRow, prefix: string, normalizedQuery: string, tokens: string[]): CompanySearchResult { + const snippets = selectPrimarySnippets(row, normalizedQuery, tokens); + const sourceLabel = snippets[0]?.label ?? null; + const documentSuffix = row.documentKey ? `#document-${encodeURIComponent(row.documentKey)}` : ""; + const commentSuffix = row.commentId ? `#comment-${encodeURIComponent(row.commentId)}` : ""; + const suffix = row.commentId ? commentSuffix : documentSuffix; + const issue: CompanySearchIssueSummary = { + id: row.id, + identifier: row.identifier, + title: row.title, + status: row.status as CompanySearchIssueSummary["status"], + priority: row.priority as CompanySearchIssueSummary["priority"], + assigneeAgentId: row.assigneeAgentId, + assigneeUserId: row.assigneeUserId, + projectId: row.projectId, + updatedAt: iso(row.updatedAt)!, + }; + const previewImageUrl = + extractFirstImageUrl(row.description) ?? + extractFirstImageUrl(row.commentSnippet) ?? + extractFirstImageUrl(row.documentSnippet); + return { + id: row.id, + type: "issue", + score: Number(row.score), + title: row.identifier ? `${row.identifier} ${row.title}` : row.title, + href: issueHref(prefix, row, suffix), + matchedFields: row.matchedFields ?? [], + sourceLabel, + snippet: snippets[0]?.text ?? null, + snippets, + issue, + updatedAt: issue.updatedAt, + previewImageUrl, + }; +} + +function scoreSimpleRow(row: SimpleSearchRow, normalizedQuery: string, tokens: string[]) { + const haystack = [row.title, row.description, row.role].filter(Boolean).join(" ").toLowerCase(); + let score = haystack.includes(normalizedQuery) ? 90 : 0; + for (const token of tokens) { + if (haystack.includes(token)) score += 20; + } + if (row.title.toLowerCase().startsWith(normalizedQuery)) score += 80; + return score; +} + +function simpleTextCondition(fields: SQL[], containsPattern: string, tokenArray: SQL) { + const phraseConditions = fields.map((field) => sql`lower(coalesce(${field}, '')) LIKE ${containsPattern} ESCAPE '\\'`); + const tokenConditions = fields.map((field) => tokenMatchExpression(field, tokenArray)); + return sql`(${sql.join([...phraseConditions, ...tokenConditions], sql` OR `)})`; +} + +export function companySearchBranchFetchLimit(limit: number, offset = 0) { + const normalizedLimit = Number.isFinite(limit) ? Math.max(1, Math.floor(limit)) : COMPANY_SEARCH_MAX_LIMIT; + const normalizedOffset = Number.isFinite(offset) ? Math.max(0, Math.floor(offset)) : 0; + return Math.min(COMPANY_SEARCH_BRANCH_FETCH_LIMIT, normalizedOffset + normalizedLimit + 1); +} + +export function companySearchService(db: Db) { + return { + search: async (companyId: string, query: CompanySearchQuery): Promise => { + const normalizedQuery = normalizeQuery(query.q); + const tokens = tokenizeQuery(normalizedQuery); + const scope = query.scope; + const limit = query.limit; + const offset = query.offset; + const emptyCounts: Record = { issue: 0, agent: 0, project: 0 }; + if (normalizedQuery.length === 0) { + return { + query: query.q, + normalizedQuery, + scope, + limit, + offset, + results: [], + countsByType: emptyCounts, + hasMore: false, + }; + } + + const company = await db + .select({ issuePrefix: companies.issuePrefix }) + .from(companies) + .where(eq(companies.id, companyId)) + .then((rows) => rows[0] ?? null); + const prefix = routePrefix(company?.issuePrefix); + const fetchLimit = companySearchBranchFetchLimit(limit, offset); + const escapedTokens = tokens.map(escapeLikePattern); + const tokenArray = sqlTextArray(escapedTokens); + const fuzzyTokens = fuzzyEligibleTokens(tokens); + const fuzzyTokenArray = sqlTextArray(fuzzyTokens); + const escapedQuery = escapeLikePattern(normalizedQuery); + const containsPattern = `%${escapedQuery}%`; + const startsWithPattern = `${escapedQuery}%`; + const fuzzyEnabled = normalizedQuery.length >= MIN_FUZZY_QUERY_LENGTH && !/[\\%_]/.test(normalizedQuery); + const fuzzyTokensEnabled = fuzzyEnabled && fuzzyTokens.length > 0; + + const titlePhraseMatch = sql`lower(${issues.title}) LIKE ${containsPattern} ESCAPE '\\'`; + const titleStartsWith = sql`lower(${issues.title}) LIKE ${startsWithPattern} ESCAPE '\\'`; + const identifierPhraseMatch = sql`lower(coalesce(${issues.identifier}, '')) LIKE ${containsPattern} ESCAPE '\\'`; + const identifierStartsWith = sql`lower(coalesce(${issues.identifier}, '')) LIKE ${startsWithPattern} ESCAPE '\\'`; + const descriptionPhraseMatch = sql`lower(coalesce(${issues.description}, '')) LIKE ${containsPattern} ESCAPE '\\'`; + const titleTokenMatch = tokenMatchExpression(sql`${issues.title}`, tokenArray); + const identifierTokenMatch = tokenMatchExpression(sql`${issues.identifier}`, tokenArray); + const descriptionTokenMatch = tokenMatchExpression(sql`${issues.description}`, tokenArray); + const issueTextMatch = sql` + ${titlePhraseMatch} + OR ${identifierPhraseMatch} + OR ${descriptionPhraseMatch} + OR ${titleTokenMatch} + OR ${identifierTokenMatch} + OR ${descriptionTokenMatch} + `; + const commentMatch = sql` + EXISTS ( + SELECT 1 + FROM issue_comments search_comments + WHERE search_comments.company_id = ${companyId} + AND search_comments.issue_id = issues.id + AND ( + lower(search_comments.body) LIKE ${containsPattern} ESCAPE '\\' + OR ${tokenMatchExpression(sql`search_comments.body`, tokenArray)} + ) + ) + `; + const documentMatch = sql` + EXISTS ( + SELECT 1 + FROM issue_documents search_issue_documents + INNER JOIN documents search_documents + ON search_documents.id = search_issue_documents.document_id + WHERE search_issue_documents.company_id = ${companyId} + AND search_documents.company_id = ${companyId} + AND search_issue_documents.issue_id = issues.id + AND ( + lower(coalesce(search_documents.title, '')) LIKE ${containsPattern} ESCAPE '\\' + OR lower(search_documents.latest_body) LIKE ${containsPattern} ESCAPE '\\' + OR ${tokenMatchExpression(sql`search_documents.title`, tokenArray)} + OR ${tokenMatchExpression(sql`search_documents.latest_body`, tokenArray)} + ) + ) + `; + // Each query token (length >= MIN_FUZZY_TOKEN_LENGTH) must have at least + // one title word within Levenshtein edit distance. This handles typos + // like "serach" -> "search" (transposition) and "mibile" -> "mobile" + // (substitution) without the trigram noise that drop-character variants + // produced (e.g. "serac" matching "service"). Edit budget is gated on + // the SHORTER of the two strings so 4–5 letter English words don't get + // swept in by lev=2 collisions. + const fuzzyMaxEditsExpr = sql.raw( + `CASE + WHEN least(length(qt.value), length(title_word.value)) >= ${FUZZY_PAIR_LONG_LENGTH} THEN ${FUZZY_PAIR_LONG_MAX_EDITS} + WHEN least(length(qt.value), length(title_word.value)) >= ${FUZZY_PAIR_MEDIUM_LENGTH} THEN ${FUZZY_PAIR_MEDIUM_MAX_EDITS} + ELSE ${FUZZY_PAIR_SHORT_MAX_EDITS} + END`, + ); + const fuzzyMinTitleWordLengthExpr = sql.raw(`${MIN_FUZZY_TOKEN_LENGTH}`); + const fuzzyTokenTitleMatch = fuzzyTokensEnabled + ? sql` + coalesce(( + SELECT bool_and( + EXISTS ( + SELECT 1 + FROM regexp_split_to_table(lower(${issues.title}), '[^a-z0-9]+') AS title_word(value) + WHERE length(title_word.value) >= ${fuzzyMinTitleWordLengthExpr} + AND levenshtein_less_equal(qt.value, title_word.value, ${fuzzyMaxEditsExpr}) <= ${fuzzyMaxEditsExpr} + ) + ) + FROM unnest(${fuzzyTokenArray}) AS qt(value) + ), false) + ` + : noMatchSql(); + const fuzzyIdentifierMatch = fuzzyEnabled + ? sql`similarity(lower(coalesce(${issues.identifier}, '')), ${normalizedQuery}) >= ${FUZZY_IDENTIFIER_SIMILARITY_THRESHOLD}` + : noMatchSql(); + const fuzzyMatch = sql`(${fuzzyTokenTitleMatch} OR ${fuzzyIdentifierMatch})`; + const tokenCoverage = sql` + ( + SELECT count(*)::int + FROM unnest(${tokenArray}) AS search_token(value) + WHERE lower(${issues.title}) LIKE '%' || search_token.value || '%' ESCAPE '\\' + OR lower(coalesce(${issues.identifier}, '')) LIKE '%' || search_token.value || '%' ESCAPE '\\' + OR lower(coalesce(${issues.description}, '')) LIKE '%' || search_token.value || '%' ESCAPE '\\' + OR EXISTS ( + SELECT 1 + FROM issue_comments coverage_comments + WHERE coverage_comments.company_id = ${companyId} + AND coverage_comments.issue_id = issues.id + AND lower(coverage_comments.body) LIKE '%' || search_token.value || '%' ESCAPE '\\' + ) + OR EXISTS ( + SELECT 1 + FROM issue_documents coverage_issue_documents + INNER JOIN documents coverage_documents + ON coverage_documents.id = coverage_issue_documents.document_id + WHERE coverage_issue_documents.company_id = ${companyId} + AND coverage_documents.company_id = ${companyId} + AND coverage_issue_documents.issue_id = issues.id + AND ( + lower(coalesce(coverage_documents.title, '')) LIKE '%' || search_token.value || '%' ESCAPE '\\' + OR lower(coverage_documents.latest_body) LIKE '%' || search_token.value || '%' ESCAPE '\\' + ) + ) + ) + `; + const tokenCount = tokens.length; + const allTokensMatch = tokenCount > 0 + ? sql`${tokenCoverage} = ${tokenCount}` + : noMatchSql(); + const score = sql` + ( + CASE WHEN lower(coalesce(${issues.identifier}, '')) = ${normalizedQuery} THEN 1200 ELSE 0 END + + CASE WHEN ${identifierStartsWith} THEN 700 ELSE 0 END + + CASE WHEN lower(${issues.title}) = ${normalizedQuery} THEN 900 ELSE 0 END + + CASE WHEN ${titleStartsWith} THEN 550 ELSE 0 END + + CASE WHEN ${titlePhraseMatch} THEN 350 ELSE 0 END + + CASE WHEN ${identifierPhraseMatch} THEN 320 ELSE 0 END + + CASE WHEN ${commentMatch} THEN 180 ELSE 0 END + + CASE WHEN ${documentMatch} THEN 170 ELSE 0 END + + CASE WHEN ${descriptionPhraseMatch} THEN 120 ELSE 0 END + + CASE WHEN ${allTokensMatch} THEN 260 ELSE 0 END + + (${tokenCoverage} * 70) + + CASE WHEN ${fuzzyMatch} THEN 110 ELSE 0 END + + CASE ${issues.status} WHEN 'done' THEN 0 WHEN 'cancelled' THEN -30 ELSE 20 END + )::double precision + `; + const matchedFields = sql` + array_remove(ARRAY[ + CASE WHEN ${identifierPhraseMatch} OR ${identifierTokenMatch} OR ${fuzzyIdentifierMatch} THEN 'identifier' END, + CASE WHEN ${titlePhraseMatch} OR ${titleTokenMatch} OR ${fuzzyTokenTitleMatch} THEN 'title' END, + CASE WHEN ${descriptionPhraseMatch} OR ${descriptionTokenMatch} THEN 'description' END, + CASE WHEN ${commentMatch} THEN 'comment' END, + CASE WHEN ${documentMatch} THEN 'document' END + ], NULL)::text[] + `; + + const issueRows = scopeIncludesIssues(scope) + ? await db + .select({ + id: issues.id, + identifier: issues.identifier, + title: issues.title, + description: issues.description, + status: issues.status, + priority: issues.priority, + assigneeAgentId: issues.assigneeAgentId, + assigneeUserId: issues.assigneeUserId, + projectId: issues.projectId, + updatedAt: issues.updatedAt, + score, + matchedFields, + commentSnippet: sql` + ( + SELECT search_comments.body + FROM issue_comments search_comments + WHERE search_comments.company_id = ${companyId} + AND search_comments.issue_id = issues.id + AND ( + lower(search_comments.body) LIKE ${containsPattern} ESCAPE '\\' + OR ${tokenMatchExpression(sql`search_comments.body`, tokenArray)} + ) + ORDER BY + CASE WHEN lower(search_comments.body) LIKE ${containsPattern} ESCAPE '\\' THEN 0 ELSE 1 END, + search_comments.updated_at DESC, + search_comments.id DESC + LIMIT 1 + ) + `, + commentId: sql` + ( + SELECT search_comments.id + FROM issue_comments search_comments + WHERE search_comments.company_id = ${companyId} + AND search_comments.issue_id = issues.id + AND ( + lower(search_comments.body) LIKE ${containsPattern} ESCAPE '\\' + OR ${tokenMatchExpression(sql`search_comments.body`, tokenArray)} + ) + ORDER BY + CASE WHEN lower(search_comments.body) LIKE ${containsPattern} ESCAPE '\\' THEN 0 ELSE 1 END, + search_comments.updated_at DESC, + search_comments.id DESC + LIMIT 1 + ) + `, + documentSnippet: sql` + ( + SELECT search_documents.latest_body + FROM issue_documents search_issue_documents + INNER JOIN documents search_documents + ON search_documents.id = search_issue_documents.document_id + WHERE search_issue_documents.company_id = ${companyId} + AND search_documents.company_id = ${companyId} + AND search_issue_documents.issue_id = issues.id + AND ( + lower(coalesce(search_documents.title, '')) LIKE ${containsPattern} ESCAPE '\\' + OR lower(search_documents.latest_body) LIKE ${containsPattern} ESCAPE '\\' + OR ${tokenMatchExpression(sql`search_documents.title`, tokenArray)} + OR ${tokenMatchExpression(sql`search_documents.latest_body`, tokenArray)} + ) + ORDER BY + CASE + WHEN lower(coalesce(search_documents.title, '')) LIKE ${containsPattern} ESCAPE '\\' THEN 0 + WHEN lower(search_documents.latest_body) LIKE ${containsPattern} ESCAPE '\\' THEN 1 + ELSE 2 + END, + search_documents.updated_at DESC, + search_documents.id DESC + LIMIT 1 + ) + `, + documentTitle: sql` + ( + SELECT search_documents.title + FROM issue_documents search_issue_documents + INNER JOIN documents search_documents + ON search_documents.id = search_issue_documents.document_id + WHERE search_issue_documents.company_id = ${companyId} + AND search_documents.company_id = ${companyId} + AND search_issue_documents.issue_id = issues.id + AND ( + lower(coalesce(search_documents.title, '')) LIKE ${containsPattern} ESCAPE '\\' + OR lower(search_documents.latest_body) LIKE ${containsPattern} ESCAPE '\\' + OR ${tokenMatchExpression(sql`search_documents.title`, tokenArray)} + OR ${tokenMatchExpression(sql`search_documents.latest_body`, tokenArray)} + ) + ORDER BY search_documents.updated_at DESC, search_documents.id DESC + LIMIT 1 + ) + `, + documentKey: sql` + ( + SELECT search_issue_documents.key + FROM issue_documents search_issue_documents + INNER JOIN documents search_documents + ON search_documents.id = search_issue_documents.document_id + WHERE search_issue_documents.company_id = ${companyId} + AND search_documents.company_id = ${companyId} + AND search_issue_documents.issue_id = issues.id + AND ( + lower(coalesce(search_documents.title, '')) LIKE ${containsPattern} ESCAPE '\\' + OR lower(search_documents.latest_body) LIKE ${containsPattern} ESCAPE '\\' + OR ${tokenMatchExpression(sql`search_documents.title`, tokenArray)} + OR ${tokenMatchExpression(sql`search_documents.latest_body`, tokenArray)} + ) + ORDER BY search_documents.updated_at DESC, search_documents.id DESC + LIMIT 1 + ) + `, + }) + .from(issues) + .where(and( + eq(issues.companyId, companyId), + isNull(issues.hiddenAt), + issueSearchCondition(scope, { issueTextMatch, commentMatch, documentMatch, fuzzyMatch }), + )) + .orderBy(desc(score), desc(issues.updatedAt), desc(issues.id)) + .limit(fetchLimit) + : []; + + const simpleCondition = simpleTextCondition([ + sql`${agents.name}`, + sql`${agents.role}`, + sql`${agents.title}`, + sql`${agents.capabilities}`, + ], containsPattern, tokenArray); + const agentRows = scopeIncludesAgents(scope) + ? await db + .select({ + id: agents.id, + title: agents.name, + description: agents.capabilities, + role: agents.role, + updatedAt: agents.updatedAt, + }) + .from(agents) + .where(and(eq(agents.companyId, companyId), simpleCondition)) + .orderBy(desc(agents.updatedAt), desc(agents.id)) + .limit(fetchLimit) + : []; + + const projectCondition = simpleTextCondition([ + sql`${projects.name}`, + sql`${projects.description}`, + ], containsPattern, tokenArray); + const projectRows = scopeIncludesProjects(scope) + ? await db + .select({ + id: projects.id, + title: projects.name, + description: projects.description, + updatedAt: projects.updatedAt, + }) + .from(projects) + .where(and(eq(projects.companyId, companyId), isNull(projects.archivedAt), projectCondition)) + .orderBy(desc(projects.updatedAt), desc(projects.id)) + .limit(fetchLimit) + : []; + + const results: CompanySearchResult[] = [ + ...(issueRows as IssueSearchRow[]).map((row) => issueResult(row, prefix, normalizedQuery, tokens)), + ...(agentRows as SimpleSearchRow[]).map((row) => { + const terms = matchTerms(normalizedQuery, tokens); + const snippet = createSnippet("capabilities", "Agent", row.description ?? row.role ?? row.title, terms); + return { + id: row.id, + type: "agent" as const, + score: scoreSimpleRow(row, normalizedQuery, tokens), + title: row.title, + href: `/${prefix}/agents/${encodeURIComponent(row.id)}`, + matchedFields: ["agent"], + sourceLabel: snippet?.label ?? null, + snippet: snippet?.text ?? null, + snippets: snippet ? [snippet] : [], + updatedAt: iso(row.updatedAt), + previewImageUrl: null, + }; + }), + ...(projectRows as SimpleSearchRow[]).map((row) => { + const terms = matchTerms(normalizedQuery, tokens); + const snippet = createSnippet("description", "Project", row.description ?? row.title, terms); + return { + id: row.id, + type: "project" as const, + score: scoreSimpleRow(row, normalizedQuery, tokens), + title: row.title, + href: `/${prefix}/projects/${encodeURIComponent(row.id)}`, + matchedFields: ["project"], + sourceLabel: snippet?.label ?? null, + snippet: snippet?.text ?? null, + snippets: snippet ? [snippet] : [], + updatedAt: iso(row.updatedAt), + previewImageUrl: null, + }; + }), + ].sort((left, right) => { + if (right.score !== left.score) return right.score - left.score; + return (right.updatedAt ?? "").localeCompare(left.updatedAt ?? ""); + }); + + const paged = results.slice(offset, offset + limit); + return { + query: query.q, + normalizedQuery, + scope, + limit, + offset, + results: paged, + countsByType: makeCounts(results), + hasMore: results.length > offset + limit, + }; + }, + }; +} diff --git a/server/src/services/costs.ts b/server/src/services/costs.ts index abea444e..05008d82 100644 --- a/server/src/services/costs.ts +++ b/server/src/services/costs.ts @@ -1,7 +1,7 @@ import { and, desc, eq, gte, isNotNull, isNull, lt, lte, sql } from "drizzle-orm"; import { alias } from "drizzle-orm/pg-core"; import type { Db } from "@paperclipai/db"; -import { activityLog, agents, companies, costEvents, issues, projects } from "@paperclipai/db"; +import { activityLog, agents, companies, costEvents, heartbeatRuns, issues, projects } from "@paperclipai/db"; import { notFound, unprocessable } from "../errors.js"; import { budgetService, type BudgetServiceHooks } from "./budgets.js"; @@ -135,18 +135,53 @@ export function costService(db: Db, budgetHooks: BudgetServiceHooks = {}) { }; }, - issueTreeSummary: async (companyId: string, issueId: string) => { + issueTreeSummary: async ( + companyId: string, + issueId: string, + options: { excludeRoot?: boolean } = {}, + ) => { // Callers must resolve and authorize a visible root issue before invoking this. // The route does that so zero counts are not mistaken for a missing root. const childIssues = alias(issues, "child"); - const issueTreeCondition = sql` - ${issues.id} IN ( - WITH RECURSIVE issue_tree(id) AS ( + + // The seed of the recursive CTE: when excludeRoot is true, start from + // the direct children so the root issue itself is not counted. + const cteSeed = options.excludeRoot + ? sql` + SELECT ${issues.id} + FROM ${issues} + WHERE ${issues.companyId} = ${companyId} + AND ${issues.parentId} = ${issueId} + AND ${issues.hiddenAt} IS NULL + ` + : sql` SELECT ${issues.id} FROM ${issues} WHERE ${issues.companyId} = ${companyId} AND ${issues.id} = ${issueId} AND ${issues.hiddenAt} IS NULL + `; + + const cteSeedText = options.excludeRoot + ? sql` + SELECT (${issues.id})::text AS id + FROM ${issues} + WHERE ${issues.companyId} = ${companyId} + AND ${issues.parentId} = ${issueId} + AND ${issues.hiddenAt} IS NULL + ` + : sql` + SELECT (${issues.id})::text AS id + FROM ${issues} + WHERE ${issues.companyId} = ${companyId} + AND ${issues.id} = ${issueId} + AND ${issues.hiddenAt} IS NULL + `; + + const issueTreeCondition = sql` + ${issues.id} IN ( + WITH RECURSIVE issue_tree(id) AS ( + ${cteSeed} UNION ALL SELECT ${childIssues.id} FROM ${issues} ${childIssues} @@ -158,38 +193,80 @@ export function costService(db: Db, budgetHooks: BudgetServiceHooks = {}) { ) `; - const [row] = await db - .select({ - issueCount: sql`count(distinct ${issues.id})::int`, - costCents: sumAsNumber(costEvents.costCents), - inputTokens: sumAsNumber(costEvents.inputTokens), - cachedInputTokens: sumAsNumber(costEvents.cachedInputTokens), - outputTokens: sumAsNumber(costEvents.outputTokens), - }) - .from(issues) - .leftJoin( - costEvents, - and( - eq(costEvents.companyId, companyId), - eq(costEvents.issueId, issues.id), - ), + const runSummarySql = sql` + WITH RECURSIVE issue_tree(id) AS ( + ${cteSeedText} + UNION ALL + SELECT (${childIssues.id})::text + FROM ${issues} ${childIssues} + JOIN issue_tree ON (${childIssues.parentId})::text = issue_tree.id + WHERE ${childIssues.companyId} = ${companyId} + AND ${childIssues.hiddenAt} IS NULL ) - .where( - and( - eq(issues.companyId, companyId), - isNull(issues.hiddenAt), - issueTreeCondition, + SELECT + count(distinct ${heartbeatRuns.id})::int AS "runCount", + coalesce(sum(extract(epoch from (coalesce(${heartbeatRuns.finishedAt}, now()) - ${heartbeatRuns.startedAt})) * 1000), 0)::double precision AS "runtimeMs" + FROM ${heartbeatRuns} + WHERE ${heartbeatRuns.companyId} = ${companyId} + AND ${heartbeatRuns.startedAt} IS NOT NULL + AND ( + ${heartbeatRuns.contextSnapshot} ->> 'issueId' IN (SELECT id FROM issue_tree) + OR EXISTS ( + SELECT 1 + FROM ${activityLog} + JOIN issue_tree ON ${activityLog.entityId} = issue_tree.id + WHERE ${activityLog.companyId} = ${companyId} + AND ${activityLog.entityType} = 'issue' + AND ${activityLog.runId} = ${heartbeatRuns.id} + ) + ) + `; + + // Run cost-event aggregation and run-duration aggregation in parallel. + // They're separate queries because cost_events fan out per-event and + // joining heartbeat_runs through them would double-count run durations. + const [costRowResult, runRowResult] = await Promise.all([ + db + .select({ + issueCount: sql`count(distinct ${issues.id})::int`, + costCents: sumAsNumber(costEvents.costCents), + inputTokens: sumAsNumber(costEvents.inputTokens), + cachedInputTokens: sumAsNumber(costEvents.cachedInputTokens), + outputTokens: sumAsNumber(costEvents.outputTokens), + }) + .from(issues) + .leftJoin( + costEvents, + and( + eq(costEvents.companyId, companyId), + eq(costEvents.issueId, issues.id), + ), + ) + .where( + and( + eq(issues.companyId, companyId), + isNull(issues.hiddenAt), + issueTreeCondition, + ), ), - ); + db.execute(runSummarySql), + ]); + + const costRow = costRowResult[0]; + const runRow = Array.isArray(runRowResult) + ? (runRowResult[0] as { runCount?: number | string | null; runtimeMs?: number | string | null } | undefined) + : undefined; return { issueId, - issueCount: Number(row?.issueCount ?? 0), + issueCount: Number(costRow?.issueCount ?? 0), includeDescendants: true, - costCents: Number(row?.costCents ?? 0), - inputTokens: Number(row?.inputTokens ?? 0), - cachedInputTokens: Number(row?.cachedInputTokens ?? 0), - outputTokens: Number(row?.outputTokens ?? 0), + costCents: Number(costRow?.costCents ?? 0), + inputTokens: Number(costRow?.inputTokens ?? 0), + cachedInputTokens: Number(costRow?.cachedInputTokens ?? 0), + outputTokens: Number(costRow?.outputTokens ?? 0), + runCount: Number(runRow?.runCount ?? 0), + runtimeMs: Number(runRow?.runtimeMs ?? 0), }; }, diff --git a/server/src/services/environment-config.ts b/server/src/services/environment-config.ts index 2c9bdf41..e95fe37f 100644 --- a/server/src/services/environment-config.ts +++ b/server/src/services/environment-config.ts @@ -9,6 +9,8 @@ import type { PluginEnvironmentConfig, PluginSandboxEnvironmentConfig, SandboxEnvironmentConfig, + SecretProvider, + SecretVersionSelector, SshEnvironmentConfig, } from "@paperclipai/shared"; import { unprocessable } from "../errors.js"; @@ -165,6 +167,7 @@ async function createEnvironmentSecret(input: { environmentName: string; driver: EnvironmentDriver; field: string; + provider: SecretProvider; value: string; actor?: { userId?: string | null; agentId?: string | null }; }) { @@ -172,7 +175,7 @@ async function createEnvironmentSecret(input: { input.companyId, { name: secretName(input), - provider: "local_encrypted", + provider: input.provider, value: input.value, description: `Secret for ${input.environmentName} ${input.field}.`, }, @@ -190,6 +193,7 @@ async function persistConfigSecretRefs(input: { companyId: string; environmentName: string; driver: EnvironmentDriver; + secretProvider: SecretProvider; config: Record; schema: Record | null; actor?: { userId?: string | null; agentId?: string | null }; @@ -213,6 +217,7 @@ async function persistConfigSecretRefs(input: { environmentName: input.environmentName, driver: input.driver, field: path.replace(/[^a-z0-9]+/gi, "-").toLowerCase(), + provider: input.secretProvider, value: trimmed, actor: input.actor, }); @@ -226,6 +231,11 @@ async function resolveConfigSecretRefsForRuntime(input: { companyId: string; config: Record; schema: Record | null; + context: { + consumerId: string; + issueId?: string | null; + heartbeatRunId?: string | null; + }; }): Promise> { const secrets = secretService(input.db); let nextConfig = { ...input.config }; @@ -234,15 +244,52 @@ async function resolveConfigSecretRefsForRuntime(input: { if (typeof current !== "string") continue; const trimmed = current.trim(); if (!isUuidSecretRef(trimmed)) continue; + if (!input.context.consumerId) { + throw unprocessable("Runtime secret resolution requires an environment id"); + } nextConfig = writeConfigValueAtPath( nextConfig, path, - await secrets.resolveSecretValue(input.companyId, trimmed, "latest"), + await secrets.resolveSecretValue(input.companyId, trimmed, "latest", { + consumerType: "environment", + consumerId: input.context.consumerId, + actorType: "system", + actorId: null, + issueId: input.context.issueId ?? null, + heartbeatRunId: input.context.heartbeatRunId ?? null, + configPath: path, + }), ); } return nextConfig; } +export async function collectEnvironmentSecretRefs(input: { + db: Db; + environment: Pick; +}): Promise> { + const parsed = parseEnvironmentDriverConfig(input.environment); + if (parsed.driver === "ssh" && parsed.config.privateKeySecretRef) { + return [{ + secretId: parsed.config.privateKeySecretRef.secretId, + configPath: "privateKeySecretRef", + versionSelector: parsed.config.privateKeySecretRef.version ?? "latest", + }]; + } + if (parsed.driver === "sandbox" && parsed.config.provider !== "fake") { + const schema = await getSandboxProviderConfigSchema(input.db, parsed.config.provider); + const refs: Array<{ secretId: string; configPath: string; versionSelector?: SecretVersionSelector }> = []; + for (const path of collectSecretRefPaths(schema)) { + const current = readConfigValueAtPath(parsed.config as Record, path); + if (typeof current === "string" && isUuidSecretRef(current.trim())) { + refs.push({ secretId: current.trim(), configPath: path, versionSelector: "latest" }); + } + } + return refs; + } + return []; +} + export function stripSandboxProviderEnvelope(config: SandboxEnvironmentConfig): Record { const { provider: _provider, ...driverConfig } = config as Record; return driverConfig; @@ -340,6 +387,7 @@ export async function normalizeEnvironmentConfigForPersistence(input: { companyId: string; environmentName: string; driver: EnvironmentDriver; + secretProvider: SecretProvider; config: Record | null | undefined; actor?: { userId?: string | null; agentId?: string | null }; pluginWorkerManager?: PluginWorkerManager; @@ -361,6 +409,7 @@ export async function normalizeEnvironmentConfigForPersistence(input: { environmentName: input.environmentName, driver: input.driver, field: "private-key", + provider: input.secretProvider, value: privateKey, actor: input.actor, }); @@ -404,6 +453,7 @@ export async function normalizeEnvironmentConfigForPersistence(input: { companyId: input.companyId, environmentName: input.environmentName, driver: input.driver, + secretProvider: input.secretProvider, config: { provider: parsed.data.provider, ...validated.normalizedConfig, @@ -442,10 +492,15 @@ export async function normalizeEnvironmentConfigForPersistence(input: { export async function resolveEnvironmentDriverConfigForRuntime( db: Db, companyId: string, - environment: Pick, + environment: Pick & Partial>, + context?: { issueId?: string | null; heartbeatRunId?: string | null }, ): Promise { const parsed = parseEnvironmentDriverConfig(environment); const secrets = secretService(db); + const environmentId = environment.id; + if (parsed.driver === "ssh" && parsed.config.privateKeySecretRef && !environmentId) { + throw unprocessable("Runtime secret resolution requires an environment id"); + } if (parsed.driver === "ssh" && parsed.config.privateKeySecretRef) { return { @@ -456,6 +511,15 @@ export async function resolveEnvironmentDriverConfigForRuntime( companyId, parsed.config.privateKeySecretRef.secretId, parsed.config.privateKeySecretRef.version ?? "latest", + { + consumerType: "environment", + consumerId: environmentId!, + actorType: "system", + actorId: null, + issueId: context?.issueId ?? null, + heartbeatRunId: context?.heartbeatRunId ?? null, + configPath: "privateKeySecretRef", + }, ), }, }; @@ -469,6 +533,11 @@ export async function resolveEnvironmentDriverConfigForRuntime( companyId, config: parsed.config as Record, schema: await getSandboxProviderConfigSchema(db, parsed.config.provider), + context: { + consumerId: environmentId!, + issueId: context?.issueId ?? null, + heartbeatRunId: context?.heartbeatRunId ?? null, + }, }) as SandboxEnvironmentConfig, }; } diff --git a/server/src/services/environment-execution-target.ts b/server/src/services/environment-execution-target.ts index 0f2f70db..2a506d41 100644 --- a/server/src/services/environment-execution-target.ts +++ b/server/src/services/environment-execution-target.ts @@ -58,20 +58,19 @@ export async function resolveEnvironmentExecutionTarget(input: { ? input.leaseMetadata.remoteCwd.trim() : DEFAULT_SANDBOX_REMOTE_CWD; const timeoutMs = "timeoutMs" in parsed.config ? parsed.config.timeoutMs : null; - const paperclipApiUrl = - typeof input.leaseMetadata?.paperclipApiUrl === "string" && input.leaseMetadata.paperclipApiUrl.trim().length > 0 - ? input.leaseMetadata.paperclipApiUrl.trim() + const shellCommand = + input.leaseMetadata?.shellCommand === "bash" || input.leaseMetadata?.shellCommand === "sh" + ? input.leaseMetadata.shellCommand : null; return { kind: "remote", transport: "sandbox", providerKey: parsed.config.provider, + shellCommand, remoteCwd, environmentId: input.environment.id ?? null, leaseId: input.leaseId ?? null, - paperclipApiUrl, - paperclipTransport: paperclipApiUrl ? "direct" : "bridge", timeoutMs, runner: input.environmentRuntime && input.lease ? { @@ -138,10 +137,6 @@ export async function resolveEnvironmentExecutionTarget(input: { environmentId: input.environment.id ?? null, leaseId: input.leaseId ?? null, remoteCwd, - paperclipApiUrl: - typeof input.leaseMetadata?.paperclipApiUrl === "string" && input.leaseMetadata.paperclipApiUrl.trim().length > 0 - ? input.leaseMetadata.paperclipApiUrl.trim() - : null, spec: { host: parsed.config.host, port: parsed.config.port, @@ -151,10 +146,6 @@ export async function resolveEnvironmentExecutionTarget(input: { knownHosts: parsed.config.knownHosts, strictHostKeyChecking: parsed.config.strictHostKeyChecking, remoteCwd, - paperclipApiUrl: - typeof input.leaseMetadata?.paperclipApiUrl === "string" && input.leaseMetadata.paperclipApiUrl.trim().length > 0 - ? input.leaseMetadata.paperclipApiUrl.trim() - : null, }, }; } diff --git a/server/src/services/environment-runtime.ts b/server/src/services/environment-runtime.ts index ec3c9496..d876b6d3 100644 --- a/server/src/services/environment-runtime.ts +++ b/server/src/services/environment-runtime.ts @@ -1,3 +1,4 @@ +import { randomUUID } from "node:crypto"; import { and, eq, inArray } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; import { environmentLeases } from "@paperclipai/db"; @@ -14,7 +15,7 @@ import type { PluginEnvironmentLease, PluginEnvironmentRealizeWorkspaceResult, } from "@paperclipai/plugin-sdk"; -import { ensureSshWorkspaceReady, findReachablePaperclipApiUrlOverSsh } from "@paperclipai/adapter-utils/ssh"; +import { ensureSshWorkspaceReady } from "@paperclipai/adapter-utils/ssh"; import { environmentService } from "./environments.js"; import { parseEnvironmentDriverConfig, @@ -102,7 +103,13 @@ export interface EnvironmentDriverAcquireInput { companyId: string; environment: Environment; issueId: string | null; - heartbeatRunId: string; + /** + * UUID of the owning heartbeat run, or null for ad-hoc invocations + * (e.g. operator-initiated `Test` probes) that are not tied to a run. + * Null leases must be released by id via `getDriver(...).releaseRunLease` + * since `releaseRunLeases(heartbeatRunId)` cannot find them. + */ + heartbeatRunId: string | null; executionWorkspaceId: string | null; executionWorkspaceMode: ExecutionWorkspace["mode"] | null; } @@ -113,6 +120,24 @@ export interface EnvironmentDriverReleaseInput { status: Extract; } +function resolvePluginSandboxRpcTimeoutMs(config: Record): number | undefined { + const timeoutCandidates = [ + typeof config.timeoutMs === "number" ? config.timeoutMs : undefined, + typeof config.bridgeRequestTimeoutMs === "number" ? config.bridgeRequestTimeoutMs : undefined, + ] + .filter((value): value is number => typeof value === "number" && Number.isFinite(value) && value > 0) + .map((value) => Math.trunc(value)); + + if (timeoutCandidates.length === 0) { + return undefined; + } + + return resolvePluginExecuteRpcTimeoutMs({ + requestedTimeoutMs: Math.max(...timeoutCandidates), + config, + }); +} + export interface EnvironmentDriverLeaseInput { environment: Environment; lease: EnvironmentLease; @@ -221,33 +246,15 @@ function createSshEnvironmentDriver(db: Db): EnvironmentRuntimeDriver { driver: "ssh", async acquireRunLease(input) { - const parsed = await resolveEnvironmentDriverConfigForRuntime(db, input.companyId, input.environment); + const parsed = await resolveEnvironmentDriverConfigForRuntime(db, input.companyId, input.environment, { + issueId: input.issueId, + heartbeatRunId: input.heartbeatRunId, + }); if (parsed.driver !== "ssh") { throw new Error(`Expected SSH environment config for driver "${input.environment.driver}".`); } const { remoteCwd } = await ensureSshWorkspaceReady(parsed.config); - const candidateUrls = (() => { - const raw = process.env.PAPERCLIP_RUNTIME_API_CANDIDATES_JSON; - if (!raw) return []; - try { - const parsed = JSON.parse(raw); - return Array.isArray(parsed) - ? parsed.filter((value): value is string => typeof value === "string" && value.trim().length > 0) - : []; - } catch { - return []; - } - })(); - const paperclipApiUrl = await findReachablePaperclipApiUrlOverSsh({ - config: parsed.config, - candidates: candidateUrls, - }); - if (!paperclipApiUrl) { - throw new Error( - `SSH environment ${parsed.config.username}@${parsed.config.host} could not reach any Paperclip API candidates.`, - ); - } return await environmentsSvc.acquireLease({ companyId: input.companyId, environmentId: input.environment.id, @@ -265,7 +272,6 @@ function createSshEnvironmentDriver(db: Db): EnvironmentRuntimeDriver { username: parsed.config.username, remoteWorkspacePath: parsed.config.remoteWorkspacePath, remoteCwd, - paperclipApiUrl, }, }); }, @@ -361,6 +367,7 @@ function createSandboxEnvironmentDriver( const metadataConfig = sandboxConfigFromLeaseMetadataLoose(input.lease); if (metadataConfig && metadataConfig.provider === input.provider) { const parsed = await resolveEnvironmentDriverConfigForRuntime(db, input.lease.companyId, { + id: input.environment.id, driver: "sandbox", config: sandboxConfigForLeaseMetadata(metadataConfig), }); @@ -396,7 +403,10 @@ function createSandboxEnvironmentDriver( async acquireRunLease(input) { const storedParsed = parseEnvironmentDriverConfig(input.environment); - const parsed = await resolveEnvironmentDriverConfigForRuntime(db, input.companyId, input.environment); + const parsed = await resolveEnvironmentDriverConfigForRuntime(db, input.companyId, input.environment, { + issueId: input.issueId, + heartbeatRunId: input.heartbeatRunId, + }); if (parsed.driver !== "sandbox" || storedParsed.driver !== "sandbox") { throw new Error(`Expected sandbox environment config for driver "${input.environment.driver}".`); } @@ -429,14 +439,21 @@ function createSandboxEnvironmentDriver( const workerConfig = stripSandboxProviderEnvelope(parsed.config); const storedConfig = storedParsed.config; - const existingLeases = parsed.config.reuseLease - ? await environmentsSvc.listLeases(input.environment.id) + // Ad-hoc tests (heartbeatRunId === null) must never resume an existing + // provider lease. If they did, releasing the test lease at the end of + // the probe would tear down the live heartbeat run that owns it. + // We also filter out leases whose policy is not reuse_by_environment + // so any non-reusable lease (including ad-hoc test leases that + // landed in the table from older code paths) cannot be matched. + const reusableExistingLeases = parsed.config.reuseLease && input.heartbeatRunId !== null + ? (await environmentsSvc.listLeases(input.environment.id)) + .filter((lease) => lease.leasePolicy === "reuse_by_environment") : []; - const reusableProviderLeaseId = parsed.config.reuseLease - ? findReusableSandboxLeaseId({ config: storedConfig, leases: existingLeases }) + const reusableProviderLeaseId = parsed.config.reuseLease && input.heartbeatRunId !== null + ? findReusableSandboxLeaseId({ config: storedConfig, leases: reusableExistingLeases }) : null; const reusableLease = reusableProviderLeaseId - ? existingLeases.find((lease) => lease.providerLeaseId === reusableProviderLeaseId) + ? reusableExistingLeases.find((lease) => lease.providerLeaseId === reusableProviderLeaseId) : null; const providerLease = reusableLease?.providerLeaseId @@ -447,10 +464,12 @@ function createSandboxEnvironmentDriver( driverKey: parsed.config.provider, companyId: input.companyId, environmentId: input.environment.id, + issueId: input.issueId, config: workerConfig, providerLeaseId: reusableLease.providerLeaseId, leaseMetadata: reusableLease.metadata ?? undefined, }, + resolvePluginSandboxRpcTimeoutMs(workerConfig), ).then((resumed) => typeof resumed.providerLeaseId === "string" && resumed.providerLeaseId.length > 0 ? resumed @@ -464,13 +483,21 @@ function createSandboxEnvironmentDriver( driverKey: parsed.config.provider, companyId: input.companyId, environmentId: input.environment.id, + issueId: input.issueId, config: workerConfig, - runId: input.heartbeatRunId, + // Plugin SDK requires a string; ad-hoc test leases use a fresh + // UUID so providers that validate or persist the runId still see + // a well-formed identifier. + runId: input.heartbeatRunId ?? randomUUID(), workspaceMode: input.executionWorkspaceMode ?? undefined, }, + resolvePluginSandboxRpcTimeoutMs(workerConfig), ); - const resolvedLeasePolicy = parsed.config.reuseLease + // Ad-hoc test leases are never publishable for reuse: storing them + // as `reuse_by_environment` would let a concurrent heartbeat resume + // the test's provider lease and lose its sandbox when the test ends. + const resolvedLeasePolicy = parsed.config.reuseLease && input.heartbeatRunId !== null ? "reuse_by_environment" : "ephemeral"; @@ -499,22 +526,33 @@ function createSandboxEnvironmentDriver( }); } - // Built-in sandbox provider path. - const reusableProviderLeaseId = parsed.config.reuseLease + // Built-in sandbox provider path. Same guard as the plugin-backed path: + // ad-hoc tests (heartbeatRunId === null) must never resume an existing + // provider lease, or releasing the test lease will terminate the live + // heartbeat run that shares it. Filter to leases whose policy is + // reuse_by_environment so non-reusable rows can never be matched. + const reusableProviderLeaseId = parsed.config.reuseLease && input.heartbeatRunId !== null ? (await environmentsSvc .listLeases(input.environment.id) - .then((leases) => findReusableSandboxLeaseId({ config: parsed.config, leases }))) + .then((leases) => + findReusableSandboxLeaseId({ + config: parsed.config, + leases: leases.filter((lease) => lease.leasePolicy === "reuse_by_environment"), + }), + )) : null; const providerLease = await acquireSandboxProviderLease({ config: parsed.config, environmentId: input.environment.id, - heartbeatRunId: input.heartbeatRunId, + heartbeatRunId: input.heartbeatRunId ?? randomUUID(), issueId: input.issueId, reusableProviderLeaseId, }); - const resolvedLeasePolicy = parsed.config.reuseLease + // Same ephemeral-policy-for-tests guard as the plugin-backed path: + // ad-hoc test leases must not be publishable for reuse. + const resolvedLeasePolicy = parsed.config.reuseLease && input.heartbeatRunId !== null ? "reuse_by_environment" : "ephemeral"; @@ -553,6 +591,7 @@ function createSandboxEnvironmentDriver( const parsed = metadataConfig ? await resolveEnvironmentDriverConfigForRuntime(db, input.lease.companyId, { + id: input.environment.id, driver: "sandbox", config: metadataConfig as unknown as Record, }) @@ -599,6 +638,7 @@ function createSandboxEnvironmentDriver( driverKey: providerKey, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: stripSandboxProviderEnvelope(config as SandboxEnvironmentConfig), lease: { providerLeaseId: input.lease.providerLeaseId, @@ -606,7 +646,7 @@ function createSandboxEnvironmentDriver( expiresAt: input.lease.expiresAt?.toISOString() ?? null, }, workspace: input.workspace, - }); + }, resolvePluginSandboxRpcTimeoutMs(stripSandboxProviderEnvelope(config as SandboxEnvironmentConfig))); } } @@ -643,6 +683,7 @@ function createSandboxEnvironmentDriver( driverKey: providerKey, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: sanitizedConfig, lease: { providerLeaseId: input.lease.providerLeaseId, @@ -684,10 +725,11 @@ function createSandboxEnvironmentDriver( driverKey: providerKey, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: stripSandboxProviderEnvelope(config as SandboxEnvironmentConfig), providerLeaseId: input.lease.providerLeaseId, leaseMetadata: metadata, - }); + }, resolvePluginSandboxRpcTimeoutMs(stripSandboxProviderEnvelope(config as SandboxEnvironmentConfig))); } catch { cleanupStatus = "failed"; } @@ -726,6 +768,7 @@ const INTERNAL_PLUGIN_SANDBOX_CONFIG_KEYS = new Set([ "pluginId", "pluginKey", "providerMetadata", + "shellCommand", "sandboxProviderPlugin", ]); @@ -851,8 +894,9 @@ function createPluginEnvironmentDriver( driverKey: parsed.config.driverKey, companyId: input.companyId, environmentId: input.environment.id, + issueId: input.issueId, config: parsed.config.driverConfig, - runId: input.heartbeatRunId, + runId: input.heartbeatRunId ?? randomUUID(), workspaceMode: input.executionWorkspaceMode ?? undefined, }); @@ -883,6 +927,7 @@ function createPluginEnvironmentDriver( driverKey, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: driverConfig, providerLeaseId: input.lease.providerLeaseId, leaseMetadata: input.lease.metadata ?? undefined, @@ -903,6 +948,7 @@ function createPluginEnvironmentDriver( workerManager, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: { pluginKey, driverKey, @@ -923,6 +969,7 @@ function createPluginEnvironmentDriver( workerManager, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: { pluginKey, driverKey, @@ -953,6 +1000,7 @@ function createPluginEnvironmentDriver( driverKey, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: driverConfig, lease: { providerLeaseId: input.lease.providerLeaseId, @@ -983,6 +1031,7 @@ function createPluginEnvironmentDriver( driverKey, companyId: input.lease.companyId, environmentId: input.environment.id, + issueId: input.lease.issueId, config: driverConfig, lease: { providerLeaseId: input.lease.providerLeaseId, @@ -1061,7 +1110,8 @@ export function environmentRuntimeService( companyId: string; environment: Environment; issueId: string | null; - heartbeatRunId: string; + /** Null for ad-hoc invocations (e.g. operator-initiated `Test` probes). */ + heartbeatRunId: string | null; persistedExecutionWorkspace: Pick | null; }): Promise { if (input.environment.status !== "active") { diff --git a/server/src/services/feedback.ts b/server/src/services/feedback.ts index 26ce6107..4df0ca62 100644 --- a/server/src/services/feedback.ts +++ b/server/src/services/feedback.ts @@ -89,6 +89,9 @@ type FeedbackTargetRecord = { createdAt: Date; authorAgentId: string | null; authorUserId: string | null; + authorType?: string | null; + presentation?: unknown; + metadata?: unknown; createdByRunId: string | null; documentId: string | null; documentKey: string | null; @@ -797,6 +800,9 @@ async function resolveFeedbackTarget( companyId: issueComments.companyId, authorAgentId: issueComments.authorAgentId, authorUserId: issueComments.authorUserId, + authorType: issueComments.authorType, + presentation: issueComments.presentation, + metadata: issueComments.metadata, createdByRunId: issueComments.createdByRunId, body: issueComments.body, createdAt: issueComments.createdAt, @@ -820,6 +826,9 @@ async function resolveFeedbackTarget( createdAt: targetComment.createdAt, authorAgentId: targetComment.authorAgentId, authorUserId: targetComment.authorUserId, + authorType: targetComment.authorType ?? (targetComment.authorAgentId ? "agent" : targetComment.authorUserId ? "user" : "system"), + presentation: targetComment.presentation ?? null, + metadata: targetComment.metadata ?? null, createdByRunId: targetComment.createdByRunId ?? null, documentId: null, documentKey: null, @@ -833,6 +842,9 @@ async function resolveFeedbackTarget( createdAt: targetComment.createdAt.toISOString(), authorAgentId: targetComment.authorAgentId, authorUserId: targetComment.authorUserId, + authorType: targetComment.authorType ?? (targetComment.authorAgentId ? "agent" : targetComment.authorUserId ? "user" : "system"), + presentation: targetComment.presentation ?? null, + metadata: targetComment.metadata ?? null, createdByRunId: targetComment.createdByRunId ?? null, issuePath, targetPath: issuePath ? `${issuePath}#comment-${targetComment.id}` : null, @@ -918,6 +930,9 @@ async function listIssueContextItems( createdAt: issueComments.createdAt, authorAgentId: issueComments.authorAgentId, authorUserId: issueComments.authorUserId, + authorType: issueComments.authorType, + presentation: issueComments.presentation, + metadata: issueComments.metadata, createdByRunId: issueComments.createdByRunId, }) .from(issueComments) @@ -952,6 +967,9 @@ async function listIssueContextItems( createdAt: row.createdAt, authorAgentId: row.authorAgentId, authorUserId: row.authorUserId, + authorType: row.authorType ?? (row.authorAgentId ? "agent" : row.authorUserId ? "user" : "system"), + presentation: row.presentation ?? null, + metadata: row.metadata ?? null, createdByRunId: row.createdByRunId ?? null, documentId: null, documentKey: null, @@ -1023,6 +1041,9 @@ async function buildIssueContext( createdAt: item.createdAt.toISOString(), authorAgentId: item.authorAgentId, authorUserId: item.authorUserId, + authorType: item.authorType ?? null, + presentation: item.presentation ?? null, + metadata: item.metadata ?? null, createdByRunId: item.createdByRunId, documentKey: item.documentKey, documentTitle: item.documentTitle, diff --git a/server/src/services/heartbeat-stop-metadata.test.ts b/server/src/services/heartbeat-stop-metadata.test.ts index fa0b6366..fc6d54c8 100644 --- a/server/src/services/heartbeat-stop-metadata.test.ts +++ b/server/src/services/heartbeat-stop-metadata.test.ts @@ -64,6 +64,40 @@ describe("heartbeat stop metadata", () => { ).toBe("cancelled"); }); + it("normalizes max-turn exhaustion stop reasons", () => { + expect( + buildHeartbeatRunStopMetadata({ + adapterType: "claude_local", + adapterConfig: {}, + outcome: "failed", + errorCode: "turn_limit_exhausted", + errorMessage: "turn limit reached", + }).stopReason, + ).toBe("max_turns_exhausted"); + + const merged = mergeHeartbeatRunStopMetadata( + { stopReason: "turn_limit_exhausted" }, + buildHeartbeatRunStopMetadata({ + adapterType: "claude_local", + adapterConfig: {}, + outcome: "failed", + errorCode: "adapter_failed", + }), + ); + expect(merged.stopReason).toBe("max_turns_exhausted"); + }); + + it("prioritizes succeeded outcome over inconsistent max-turn error metadata", () => { + expect( + buildHeartbeatRunStopMetadata({ + adapterType: "claude_local", + adapterConfig: {}, + outcome: "succeeded", + errorCode: "max_turns_exhausted", + }).stopReason, + ).toBe("completed"); + }); + it("preserves existing result fields when merging stop metadata", () => { const result = mergeHeartbeatRunStopMetadata( { summary: "done" }, diff --git a/server/src/services/heartbeat-stop-metadata.ts b/server/src/services/heartbeat-stop-metadata.ts index e04c3b9f..de80a32b 100644 --- a/server/src/services/heartbeat-stop-metadata.ts +++ b/server/src/services/heartbeat-stop-metadata.ts @@ -6,6 +6,7 @@ export type HeartbeatRunStopReason = | "cancelled" | "budget_paused" | "paused" + | "max_turns_exhausted" | "process_lost" | "adapter_failed"; @@ -40,6 +41,12 @@ function defaultTimeoutSecForAdapter(adapterType: string) { return adapterType === "openclaw_gateway" ? 120 : 0; } +export function normalizeMaxTurnStopReason(value: unknown): Extract | null { + return value === "max_turns_exhausted" || value === "turn_limit_exhausted" + ? "max_turns_exhausted" + : null; +} + export function resolveHeartbeatRunTimeoutPolicy( adapterType: string, adapterConfig: Record | null | undefined, @@ -76,6 +83,8 @@ export function inferHeartbeatRunStopReason(input: { errorMessage?: string | null; }): HeartbeatRunStopReason { if (input.outcome === "succeeded") return "completed"; + const maxTurnStopReason = normalizeMaxTurnStopReason(input.errorCode); + if (maxTurnStopReason) return maxTurnStopReason; if (input.outcome === "timed_out") return "timeout"; if (input.outcome === "failed" && input.errorCode === "process_lost") return "process_lost"; if (input.outcome === "cancelled") { @@ -107,9 +116,10 @@ export function mergeHeartbeatRunStopMetadata( resultJson: Record | null | undefined, metadata: HeartbeatRunStopMetadata, ): Record { + const existingMaxTurnStopReason = normalizeMaxTurnStopReason(resultJson?.stopReason); return { ...(resultJson ?? {}), - stopReason: metadata.stopReason, + stopReason: existingMaxTurnStopReason ?? metadata.stopReason, effectiveTimeoutSec: metadata.effectiveTimeoutSec, timeoutConfigured: metadata.timeoutConfigured, timeoutSource: metadata.timeoutSource, diff --git a/server/src/services/heartbeat.ts b/server/src/services/heartbeat.ts index 330a8b70..109691dd 100644 --- a/server/src/services/heartbeat.ts +++ b/server/src/services/heartbeat.ts @@ -3,7 +3,7 @@ import path from "node:path"; import { execFile as execFileCallback } from "node:child_process"; import { promisify } from "node:util"; import { randomUUID } from "node:crypto"; -import { and, asc, desc, eq, getTableColumns, gt, inArray, isNull, lte, notInArray, or, sql } from "drizzle-orm"; +import { and, asc, desc, eq, getTableColumns, gt, inArray, isNull, lt, lte, notInArray, or, sql } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; import { AGENT_DEFAULT_MAX_CONCURRENT_RUNS, @@ -14,6 +14,9 @@ import { type EnvironmentLeaseStatus, type ExecutionWorkspace, type ExecutionWorkspaceConfig, + type IssueExecutionMonitorClearReason, + type IssueExecutionMonitorPolicy, + type IssueExecutionMonitorRecoveryPolicy, type ModelProfileKey, type RunLivenessState, } from "@paperclipai/shared"; @@ -23,13 +26,16 @@ import { agentTaskSessions, agentWakeupRequests, activityLog, + approvals, companySkills as companySkillsTable, documentRevisions, issueDocuments, heartbeatRunEvents, heartbeatRuns, + issueApprovals, issueComments, issueRelations, + issueThreadInteractions, issues, issueWorkProducts, projects, @@ -67,6 +73,7 @@ import { import { buildHeartbeatRunStopMetadata, mergeHeartbeatRunStopMetadata, + normalizeMaxTurnStopReason, } from "./heartbeat-stop-metadata.js"; import { classifyRunLiveness, @@ -85,13 +92,19 @@ import { sanitizeRuntimeServiceBaseEnv, } from "./workspace-runtime.js"; import { issueService } from "./issues.js"; -import { parseIssueExecutionState } from "./issue-execution-policy.js"; +import { + buildIssueMonitorClearedPatch, + buildIssueMonitorTriggeredPatch, + normalizeIssueExecutionPolicy, + parseIssueExecutionState, +} from "./issue-execution-policy.js"; import { ISSUE_TREE_CONTROL_INTERACTION_WAKE_REASONS, isVerifiedIssueTreeControlInteractionWake, issueTreeControlService, } from "./issue-tree-control.js"; import { + continuationSummaryParksExecutor, getIssueContinuationSummaryDocument, refreshIssueContinuationSummary, } from "./issue-continuation-summary.js"; @@ -110,18 +123,33 @@ import { import { instanceSettingsService } from "./instance-settings.js"; import { RECOVERY_ORIGIN_KINDS, + FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + SUCCESSFUL_RUN_MISSING_STATE_REASON, RUN_LIVENESS_CONTINUATION_REASON, buildRunLivenessContinuationIdempotencyKey, + buildFinishSuccessfulRunHandoffIdempotencyKey, + buildSuccessfulRunHandoffRequiredNotice, decideRunLivenessContinuation, + decideSuccessfulRunHandoff, + findExistingFinishSuccessfulRunHandoffWake, findExistingRunLivenessContinuationWake, + SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY, readContinuationAttempt, } from "./recovery/index.js"; import { isAutomaticRecoverySuppressedByPauseHold } from "./recovery/pause-hold-guard.js"; +import { + recoveryAssigneeAdapterOverrides, + withRecoveryModelProfileHint, +} from "./recovery/model-profile-hint.js"; import { recoveryService } from "./recovery/service.js"; import { productivityReviewService } from "./productivity-review.js"; import { withAgentStartLock } from "./agent-start-lock.js"; -import { redactCurrentUserText, redactCurrentUserValue } from "../log-redaction.js"; -import { redactEventPayload } from "../redaction.js"; +import { + redactCurrentUserText, + redactCurrentUserValue, + type CurrentUserRedactionOptions, +} from "../log-redaction.js"; +import { redactEventPayload, redactSensitiveText } from "../redaction.js"; import { hasSessionCompactionThresholds, resolveSessionCompactionPolicy, @@ -141,6 +169,16 @@ const MAX_LIVE_LOG_CHUNK_BYTES = 8 * 1024; const MAX_PERSISTED_LOG_CHUNK_CHARS = 64 * 1024; const MAX_RUN_EVENT_PAYLOAD_STRING_CHARS = 16 * 1024; const MAX_RUN_EVENT_PAYLOAD_ARRAY_ITEMS = 50; + +export function redactDetectedSuccessfulRunProgressSummaryForBoard( + summary: string, + currentUserRedactionOptions?: CurrentUserRedactionOptions, +) { + const normalized = summary.replace(/\s+/g, " ").trim(); + const redacted = redactSensitiveText(redactCurrentUserText(normalized, currentUserRedactionOptions)); + return redacted.length <= 280 ? redacted : `${redacted.slice(0, 277)}...`; +} + const MAX_RUN_EVENT_PAYLOAD_OBJECT_KEYS = 100; const MAX_RUN_EVENT_PAYLOAD_DEPTH = 6; const HEARTBEAT_MAX_CONCURRENT_RUNS_DEFAULT = AGENT_DEFAULT_MAX_CONCURRENT_RUNS; @@ -181,12 +219,25 @@ const BOUNDED_TRANSIENT_HEARTBEAT_RETRY_JITTER_RATIO = 0.25; const BOUNDED_TRANSIENT_HEARTBEAT_RETRY_REASON = "transient_failure"; const BOUNDED_TRANSIENT_HEARTBEAT_RETRY_WAKE_REASON = "transient_failure_retry"; const BOUNDED_TRANSIENT_HEARTBEAT_RETRY_MAX_ATTEMPTS = BOUNDED_TRANSIENT_HEARTBEAT_RETRY_DELAYS_MS.length; +export const MAX_TURN_CONTINUATION_RETRY_REASON = "max_turns_continuation"; +export const MAX_TURN_CONTINUATION_WAKE_REASON = "max_turns_continuation_retry"; +const MAX_TURN_CONTINUATION_DEFAULT_MAX_ATTEMPTS = 2; +const MAX_TURN_CONTINUATION_MAX_ATTEMPTS_CAP = 10; +const MAX_TURN_CONTINUATION_DEFAULT_DELAY_MS = 1_000; +const MAX_TURN_CONTINUATION_MAX_DELAY_MS = 5 * 60 * 1000; +const MAX_TURN_CONTINUATION_LIVE_RUN_STATUSES = ["scheduled_retry", "queued", "running"] as const; type CodexTransientFallbackMode = | "same_session" | "safer_invocation" | "fresh_session" | "fresh_session_safer_invocation"; +interface MaxTurnContinuationPolicy { + enabled: boolean; + maxAttempts: number; + delayMs: number; +} + function resolveCodexTransientFallbackMode(attempt: number): CodexTransientFallbackMode { if (attempt <= 1) return "same_session"; if (attempt === 2) return "safer_invocation"; @@ -207,6 +258,16 @@ function readHeartbeatRunErrorFamily( return null; } +function isMaxTurnExhaustionRun( + run: Pick, +) { + const resultJson = parseObject(run.resultJson); + return Boolean( + normalizeMaxTurnStopReason(resultJson.stopReason) ?? + normalizeMaxTurnStopReason(run.errorCode), + ); +} + function readTransientRetryNotBeforeFromRun(run: Pick) { const resultJson = parseObject(run.resultJson); const value = resultJson.retryNotBefore ?? resultJson.transientRetryNotBefore; @@ -267,17 +328,44 @@ type RuntimeConfigSecretResolver = Pick< export async function resolveExecutionRunAdapterConfig(input: { companyId: string; + agentId?: string | null; + issueId?: string | null; + heartbeatRunId?: string | null; + projectId?: string | null; executionRunConfig: Record; projectEnv: unknown; secretsSvc: RuntimeConfigSecretResolver; }) { - const { config: resolvedConfig, secretKeys } = await input.secretsSvc.resolveAdapterConfigForRuntime( + const { config: resolvedConfig, secretKeys, manifest } = await input.secretsSvc.resolveAdapterConfigForRuntime( input.companyId, input.executionRunConfig, + input.agentId + ? { + consumerType: "agent", + consumerId: input.agentId, + actorType: "agent", + actorId: input.agentId, + issueId: input.issueId ?? null, + heartbeatRunId: input.heartbeatRunId ?? null, + } + : undefined, ); const projectEnvResolution = input.projectEnv - ? await input.secretsSvc.resolveEnvBindings(input.companyId, input.projectEnv) - : { env: {}, secretKeys: new Set() }; + ? await input.secretsSvc.resolveEnvBindings( + input.companyId, + input.projectEnv, + input.projectId + ? { + consumerType: "project", + consumerId: input.projectId, + actorType: "agent", + actorId: input.agentId ?? null, + issueId: input.issueId ?? null, + heartbeatRunId: input.heartbeatRunId ?? null, + } + : undefined, + ) + : { env: {}, secretKeys: new Set(), manifest: [] }; if (Object.keys(projectEnvResolution.env).length > 0) { resolvedConfig.env = { ...parseObject(resolvedConfig.env), @@ -287,7 +375,11 @@ export async function resolveExecutionRunAdapterConfig(input: { secretKeys.add(key); } } - return { resolvedConfig, secretKeys }; + return { + resolvedConfig, + secretKeys, + secretManifest: [...(manifest ?? []), ...(projectEnvResolution.manifest ?? [])], + }; } export function extractMentionedSkillIdsFromSources( @@ -1722,6 +1814,7 @@ function enrichWakeContextSnapshot(input: { contextSnapshot.wakeTriggerDetail = triggerDetail; } normalizeModelProfileWakeContext({ contextSnapshot, payload }); + normalizeInteractionContinuationWakeContext(contextSnapshot, payload); return { contextSnapshot, @@ -1732,6 +1825,35 @@ function enrichWakeContextSnapshot(input: { }; } +const INTERACTION_CONTINUATION_CONTEXT_KEYS = [ + "interactionId", + "interactionKind", + "interactionStatus", + "continuationPolicy", +] as const; + +function isInteractionResolutionWakePayload(payload: Record | null | undefined) { + return readNonEmptyString(payload?.mutation) === "interaction"; +} + +function clearInteractionContinuationWakeContext(contextSnapshot: Record) { + for (const key of INTERACTION_CONTINUATION_CONTEXT_KEYS) { + delete contextSnapshot[key]; + } +} + +function hasInteractionContinuationWakeContext(contextSnapshot: Record) { + return INTERACTION_CONTINUATION_CONTEXT_KEYS.some((key) => readNonEmptyString(contextSnapshot[key])); +} + +function normalizeInteractionContinuationWakeContext( + contextSnapshot: Record, + payload: Record | null | undefined, +) { + if (isInteractionResolutionWakePayload(payload)) return; + clearInteractionContinuationWakeContext(contextSnapshot); +} + export function mergeCoalescedContextSnapshot( existingRaw: unknown, incoming: Record, @@ -1751,6 +1873,9 @@ export function mergeCoalescedContextSnapshot( // regenerate any structured payload from those ids. delete merged[PAPERCLIP_WAKE_PAYLOAD_KEY]; } + if (!hasInteractionContinuationWakeContext(incoming)) { + clearInteractionContinuationWakeContext(merged); + } return merged; } @@ -1773,6 +1898,7 @@ async function buildPaperclipWakePayload(input: { title: string; status: string; priority: string; + workMode: string; } | null; }) { @@ -1790,6 +1916,7 @@ async function buildPaperclipWakePayload(input: { title: issues.title, status: issues.status, priority: issues.priority, + workMode: issues.workMode, }) .from(issues) .where(and(eq(issues.id, issueId), eq(issues.companyId, input.companyId))) @@ -1805,8 +1932,11 @@ async function buildPaperclipWakePayload(input: { id: issueComments.id, issueId: issueComments.issueId, body: issueComments.body, + authorType: issueComments.authorType, authorAgentId: issueComments.authorAgentId, authorUserId: issueComments.authorUserId, + presentation: issueComments.presentation, + metadata: issueComments.metadata, createdAt: issueComments.createdAt, }) .from(issueComments) @@ -1850,8 +1980,11 @@ async function buildPaperclipWakePayload(input: { comments.push({ id: row.id, issueId: row.issueId, + authorType: row.authorType ?? (row.authorAgentId ? "agent" : row.authorUserId ? "user" : "system"), body, bodyTruncated, + presentation: row.presentation ?? null, + metadata: row.metadata ?? null, createdAt: row.createdAt.toISOString(), author: row.authorAgentId ? { type: "agent", id: row.authorAgentId } @@ -1870,6 +2003,7 @@ async function buildPaperclipWakePayload(input: { title: issueSummary.title, status: issueSummary.status, priority: issueSummary.priority, + workMode: issueSummary.workMode, } : null, childIssueSummaries: Array.isArray(input.contextSnapshot.childIssueSummaries) @@ -1889,6 +2023,8 @@ async function buildPaperclipWakePayload(input: { instruction: readNonEmptyString(input.contextSnapshot.livenessContinuationInstruction), } : null, + interactionKind: readNonEmptyString(input.contextSnapshot.interactionKind), + interactionStatus: readNonEmptyString(input.contextSnapshot.interactionStatus), checkedOutByHarness: input.contextSnapshot[PAPERCLIP_HARNESS_CHECKOUT_KEY] === true, dependencyBlockedInteraction: input.contextSnapshot.dependencyBlockedInteraction === true, treeHoldInteraction: input.contextSnapshot.treeHoldInteraction === true, @@ -1950,12 +2086,17 @@ export function buildPaperclipTaskMarkdown(input: { id: string; identifier: string | null; title: string; + workMode?: string | null; description?: string | null; } | null; wakeComment?: { id: string; body: string; } | null; + interaction?: { + kind?: string | null; + status?: string | null; + } | null; }) { const quoteTaskScalar = (value: string) => JSON.stringify(value); const fenceTaskText = (value: string) => { @@ -1968,6 +2109,10 @@ export function buildPaperclipTaskMarkdown(input: { }; const issue = input.issue; const wakeComment = input.wakeComment ?? null; + const acceptedPlanContinuation = + !wakeComment && + input.interaction?.kind === "request_confirmation" && + input.interaction.status === "accepted"; if (!issue && !wakeComment) return null; const lines = [ @@ -1979,6 +2124,21 @@ export function buildPaperclipTaskMarkdown(input: { `- Issue: ${quoteTaskScalar(issue.identifier || issue.id)}`, `- Title: ${quoteTaskScalar(issue.title)}`, ); + if (issue.workMode === "planning") { + let directive = "Make the plan only. Do not write code or perform implementation work."; + if (wakeComment) { + directive = "Update the plan only. Do not write code or perform implementation work."; + } + if (acceptedPlanContinuation) { + directive = "Create child issues from the approved plan only. Do not write code or perform implementation work on the planning issue."; + } + lines.push( + `- Work mode: ${quoteTaskScalar("planning")}`, + "", + "Planning mode directive:", + directive, + ); + } const description = issue.description?.trim(); if (description) { lines.push("", "Issue description:", fenceTaskText(description)); @@ -2262,6 +2422,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) title: issues.title, description: issues.description, status: issues.status, + workMode: issues.workMode, priority: issues.priority, projectId: issues.projectId, projectWorkspaceId: issues.projectWorkspaceId, @@ -2328,6 +2489,690 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) .then((rows) => rows[0] ?? null); } + const issueMonitorDispatchColumns = { + id: issues.id, + companyId: issues.companyId, + projectId: issues.projectId, + goalId: issues.goalId, + identifier: issues.identifier, + title: issues.title, + status: issues.status, + priority: issues.priority, + assigneeAgentId: issues.assigneeAgentId, + assigneeUserId: issues.assigneeUserId, + billingCode: issues.billingCode, + executionPolicy: issues.executionPolicy, + executionState: issues.executionState, + monitorNextCheckAt: issues.monitorNextCheckAt, + monitorWakeRequestedAt: issues.monitorWakeRequestedAt, + monitorLastTriggeredAt: issues.monitorLastTriggeredAt, + monitorAttemptCount: issues.monitorAttemptCount, + monitorNotes: issues.monitorNotes, + monitorScheduledBy: issues.monitorScheduledBy, + }; + + interface IssueMonitorDispatchRow { + id: string; + companyId: string; + projectId: string | null; + goalId: string | null; + identifier: string | null; + title: string; + status: string; + priority: string; + assigneeAgentId: string | null; + assigneeUserId: string | null; + billingCode: string | null; + executionPolicy: Record | null; + executionState: Record | null; + monitorNextCheckAt: Date | null; + monitorWakeRequestedAt: Date | null; + monitorLastTriggeredAt: Date | null; + monitorAttemptCount: number | null; + monitorNotes: string | null; + monitorScheduledBy: string | null; + } + + function parseMonitorDate(value: string | null | undefined) { + if (!value) return null; + const date = new Date(value); + return Number.isNaN(date.getTime()) ? null : date; + } + + function issueMonitorLimitClearReason(input: { + monitor: IssueExecutionMonitorPolicy | null; + nextAttemptCount: number; + now: Date; + }): IssueExecutionMonitorClearReason | null { + const timeoutAt = parseMonitorDate(input.monitor?.timeoutAt ?? null); + if (timeoutAt && input.now.getTime() >= timeoutAt.getTime()) { + return "timeout_exceeded"; + } + const maxAttempts = input.monitor?.maxAttempts ?? null; + if (maxAttempts !== null && input.nextAttemptCount > maxAttempts) { + return "max_attempts_exhausted"; + } + return null; + } + + function monitorRecoveryPolicy( + monitor: IssueExecutionMonitorPolicy | null, + ): IssueExecutionMonitorRecoveryPolicy { + return monitor?.recoveryPolicy ?? "wake_owner"; + } + + function monitorRecoveryDetails(input: { + claimed: IssueMonitorDispatchRow; + scheduledAtIso: string; + nextAttemptCount: number; + clearReason: IssueExecutionMonitorClearReason; + recoveryPolicy: IssueExecutionMonitorRecoveryPolicy; + monitor: IssueExecutionMonitorPolicy | null; + source: "manual" | "scheduled"; + }) { + return { + identifier: input.claimed.identifier, + nextCheckAt: input.scheduledAtIso, + attemptedAttemptCount: input.nextAttemptCount, + notes: input.claimed.monitorNotes ?? null, + serviceName: input.monitor?.serviceName ?? null, + timeoutAt: input.monitor?.timeoutAt ?? null, + maxAttempts: input.monitor?.maxAttempts ?? null, + clearReason: input.clearReason, + recoveryPolicy: input.recoveryPolicy, + source: input.source, + }; + } + + function formatIssueIdentifierLink(identifier: string | null, fallback: string) { + if (!identifier) return fallback; + const prefix = identifier.split("-")[0]; + if (!prefix || !/^[A-Z][A-Z0-9]*-\d+$/.test(identifier)) return identifier; + return `[${identifier}](/${prefix}/issues/${identifier})`; + } + + function monitorRecoveryComment(input: { + issue: IssueMonitorDispatchRow; + clearReason: IssueExecutionMonitorClearReason; + recoveryPolicy: IssueExecutionMonitorRecoveryPolicy; + nextAttemptCount: number; + }) { + const label = formatIssueIdentifierLink(input.issue.identifier, input.issue.id); + const reason = + input.clearReason === "timeout_exceeded" + ? "its timeout was reached" + : "its maximum attempt count was reached"; + return [ + `Paperclip cleared the scheduled external-service monitor for ${label} because ${reason}.`, + "", + `- Attempt count: ${input.nextAttemptCount}`, + `- Recovery policy: ${input.recoveryPolicy}`, + "", + "Next action: inspect the external service state, record the result on this issue, and restore an explicit execution or waiting path if more work remains.", + ].join("\n"); + } + + async function findOpenIssueMonitorRecoveryIssue(claimed: IssueMonitorDispatchRow) { + return db + .select() + .from(issues) + .where( + and( + eq(issues.companyId, claimed.companyId), + eq(issues.originKind, RECOVERY_ORIGIN_KINDS.strandedIssueRecovery), + eq(issues.originId, claimed.id), + isNull(issues.hiddenAt), + notInArray(issues.status, ["done", "cancelled"]), + ), + ) + .orderBy(desc(issues.createdAt)) + .limit(1) + .then((rows) => rows[0] ?? null); + } + + async function performIssueMonitorRecovery(input: { + claimed: IssueMonitorDispatchRow; + scheduledAtIso: string; + nextAttemptCount: number; + clearReason: IssueExecutionMonitorClearReason; + recoveryPolicy: IssueExecutionMonitorRecoveryPolicy; + monitor: IssueExecutionMonitorPolicy | null; + actorType: "user" | "agent" | "system"; + actorId: string; + agentId: string | null; + runId: string | null; + activitySource: "manual" | "scheduled"; + }) { + const details = monitorRecoveryDetails({ + claimed: input.claimed, + scheduledAtIso: input.scheduledAtIso, + nextAttemptCount: input.nextAttemptCount, + clearReason: input.clearReason, + recoveryPolicy: input.recoveryPolicy, + monitor: input.monitor, + source: input.activitySource, + }); + + if (input.recoveryPolicy === "create_recovery_issue") { + let recoveryIssue = await findOpenIssueMonitorRecoveryIssue(input.claimed); + if (!recoveryIssue) { + recoveryIssue = await issuesSvc.create(input.claimed.companyId, { + title: `Recover external-service monitor for ${input.claimed.identifier ?? input.claimed.title}`, + description: monitorRecoveryComment({ + issue: input.claimed, + clearReason: input.clearReason, + recoveryPolicy: input.recoveryPolicy, + nextAttemptCount: input.nextAttemptCount, + }), + status: "todo", + priority: "high", + parentId: input.claimed.id, + projectId: input.claimed.projectId, + goalId: input.claimed.goalId, + assigneeAgentId: input.claimed.assigneeAgentId, + assigneeAdapterOverrides: recoveryAssigneeAdapterOverrides(), + originKind: RECOVERY_ORIGIN_KINDS.strandedIssueRecovery, + originId: input.claimed.id, + originFingerprint: `issue_monitor:${input.clearReason}`, + billingCode: input.claimed.billingCode, + }); + } + + if (recoveryIssue.assigneeAgentId) { + await enqueueWakeup(recoveryIssue.assigneeAgentId, { + source: "automation", + triggerDetail: "system", + reason: "issue_monitor_recovery_issue", + idempotencyKey: `issue-monitor-recovery-issue:${input.claimed.id}:${input.clearReason}:${input.scheduledAtIso}`, + payload: withRecoveryModelProfileHint({ issueId: recoveryIssue.id, sourceIssueId: input.claimed.id }), + requestedByActorType: input.actorType, + requestedByActorId: input.actorId, + contextSnapshot: withRecoveryModelProfileHint({ + issueId: recoveryIssue.id, + sourceIssueId: input.claimed.id, + source: "issue.monitor.recovery_issue", + wakeReason: "issue_monitor_recovery_issue", + }), + }); + } + + await logActivity(db, { + companyId: input.claimed.companyId, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + action: "issue.monitor_recovery_issue_created", + entityType: "issue", + entityId: input.claimed.id, + details: { + ...details, + recoveryIssueId: recoveryIssue.id, + recoveryIdentifier: recoveryIssue.identifier, + }, + }); + return; + } + + if (input.recoveryPolicy === "escalate_to_board") { + await db.insert(issueComments).values({ + companyId: input.claimed.companyId, + issueId: input.claimed.id, + body: monitorRecoveryComment({ + issue: input.claimed, + clearReason: input.clearReason, + recoveryPolicy: input.recoveryPolicy, + nextAttemptCount: input.nextAttemptCount, + }), + }); + + await logActivity(db, { + companyId: input.claimed.companyId, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + action: "issue.monitor_escalated_to_board", + entityType: "issue", + entityId: input.claimed.id, + details, + }); + return; + } + + await enqueueWakeup(input.claimed.assigneeAgentId!, { + source: "automation", + triggerDetail: "system", + reason: "issue_monitor_recovery", + idempotencyKey: `issue-monitor-recovery:${input.claimed.id}:${input.clearReason}:${input.scheduledAtIso}`, + payload: withRecoveryModelProfileHint({ + issueId: input.claimed.id, + monitorAttemptCount: input.nextAttemptCount, + monitorNotes: input.claimed.monitorNotes ?? null, + clearReason: input.clearReason, + serviceName: input.monitor?.serviceName ?? null, + timeoutAt: input.monitor?.timeoutAt ?? null, + maxAttempts: input.monitor?.maxAttempts ?? null, + }), + requestedByActorType: input.actorType, + requestedByActorId: input.actorId, + contextSnapshot: withRecoveryModelProfileHint({ + issueId: input.claimed.id, + source: "issue.monitor.recovery", + wakeReason: "issue_monitor_recovery", + monitorAttemptCount: input.nextAttemptCount, + monitorNotes: input.claimed.monitorNotes ?? null, + clearReason: input.clearReason, + serviceName: input.monitor?.serviceName ?? null, + timeoutAt: input.monitor?.timeoutAt ?? null, + maxAttempts: input.monitor?.maxAttempts ?? null, + }), + }); + + await logActivity(db, { + companyId: input.claimed.companyId, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + action: "issue.monitor_recovery_wake_queued", + entityType: "issue", + entityId: input.claimed.id, + details, + }); + } + + async function clearIssueMonitorAndRecover(input: { + claimed: IssueMonitorDispatchRow; + policy: ReturnType; + scheduledAtIso: string; + nextAttemptCount: number; + clearReason: IssueExecutionMonitorClearReason; + recoveryPolicy: IssueExecutionMonitorRecoveryPolicy; + monitor: IssueExecutionMonitorPolicy | null; + now: Date; + actorType: "user" | "agent" | "system"; + actorId: string; + agentId: string | null; + runId: string | null; + activitySource: "manual" | "scheduled"; + }) { + await db + .update(issues) + .set({ + ...buildIssueMonitorClearedPatch({ + issue: input.claimed, + policy: input.policy, + clearReason: input.clearReason, + clearedAt: input.now, + }), + updatedAt: input.now, + }) + .where(eq(issues.id, input.claimed.id)); + + await logActivity(db, { + companyId: input.claimed.companyId, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + action: "issue.monitor_exhausted", + entityType: "issue", + entityId: input.claimed.id, + details: monitorRecoveryDetails({ + claimed: input.claimed, + scheduledAtIso: input.scheduledAtIso, + nextAttemptCount: input.nextAttemptCount, + clearReason: input.clearReason, + recoveryPolicy: input.recoveryPolicy, + monitor: input.monitor, + source: input.activitySource, + }), + }); + + await performIssueMonitorRecovery({ + claimed: input.claimed, + scheduledAtIso: input.scheduledAtIso, + nextAttemptCount: input.nextAttemptCount, + clearReason: input.clearReason, + recoveryPolicy: input.recoveryPolicy, + monitor: input.monitor, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + activitySource: input.activitySource, + }); + + return { outcome: "skipped" as const, reason: input.clearReason }; + } + + async function dispatchClaimedIssueMonitor( + claimed: IssueMonitorDispatchRow, + input: { + now: Date; + source: "automation" | "on_demand"; + triggerDetail: "manual" | "system"; + wakeReason: string; + actorType: "user" | "agent" | "system"; + actorId: string; + agentId: string | null; + runId: string | null; + clearOnClientError: boolean; + activitySource: "manual" | "scheduled"; + }, + ) { + if (!claimed.assigneeAgentId || !claimed.monitorNextCheckAt) { + throw conflict("Issue monitor is not ready to dispatch"); + } + + const scheduledAtIso = claimed.monitorNextCheckAt.toISOString(); + const nextAttemptCount = (claimed.monitorAttemptCount ?? 0) + 1; + const policy = normalizeIssueExecutionPolicy(claimed.executionPolicy ?? null); + const monitor = policy?.monitor ?? null; + const clearReason = issueMonitorLimitClearReason({ monitor, nextAttemptCount, now: input.now }); + const recoveryPolicy = monitorRecoveryPolicy(monitor); + const monitorMetadata = { + serviceName: monitor?.serviceName ?? null, + timeoutAt: monitor?.timeoutAt ?? null, + maxAttempts: monitor?.maxAttempts ?? null, + recoveryPolicy: monitor?.recoveryPolicy ?? null, + }; + + if (clearReason) { + return clearIssueMonitorAndRecover({ + claimed, + policy, + scheduledAtIso, + nextAttemptCount, + clearReason, + recoveryPolicy, + monitor, + now: input.now, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + activitySource: input.activitySource, + }); + } + + try { + await enqueueWakeup(claimed.assigneeAgentId, { + source: input.source, + triggerDetail: input.triggerDetail, + reason: input.wakeReason, + idempotencyKey: `issue-monitor:${claimed.id}:${scheduledAtIso}`, + payload: { + issueId: claimed.id, + nextCheckAt: scheduledAtIso, + monitorAttemptCount: nextAttemptCount, + monitorNotes: claimed.monitorNotes ?? null, + ...monitorMetadata, + source: input.activitySource, + }, + requestedByActorType: input.actorType, + requestedByActorId: input.actorId, + contextSnapshot: { + issueId: claimed.id, + source: "issue.monitor", + wakeReason: input.wakeReason, + nextCheckAt: scheduledAtIso, + monitorAttemptCount: nextAttemptCount, + monitorNotes: claimed.monitorNotes ?? null, + ...monitorMetadata, + manualTrigger: input.activitySource === "manual", + }, + }); + + await db + .update(issues) + .set({ + ...buildIssueMonitorTriggeredPatch({ + issue: claimed, + policy, + triggeredAt: input.now, + }), + updatedAt: new Date(), + }) + .where(eq(issues.id, claimed.id)); + + await logActivity(db, { + companyId: claimed.companyId, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + action: "issue.monitor_triggered", + entityType: "issue", + entityId: claimed.id, + details: { + identifier: claimed.identifier, + nextCheckAt: scheduledAtIso, + lastTriggeredAt: input.now.toISOString(), + attemptCount: nextAttemptCount, + notes: claimed.monitorNotes ?? null, + ...monitorMetadata, + source: input.activitySource, + }, + }); + + return { outcome: "triggered" as const }; + } catch (err) { + if (err instanceof HttpError && err.status >= 400 && err.status < 500) { + if (input.clearOnClientError) { + await db + .update(issues) + .set({ + ...buildIssueMonitorClearedPatch({ + issue: claimed, + policy, + clearReason: "dispatch_skipped", + clearedAt: input.now, + }), + updatedAt: new Date(), + }) + .where(eq(issues.id, claimed.id)); + + await logActivity(db, { + companyId: claimed.companyId, + actorType: input.actorType, + actorId: input.actorId, + agentId: input.agentId, + runId: input.runId, + action: "issue.monitor_skipped", + entityType: "issue", + entityId: claimed.id, + details: { + identifier: claimed.identifier, + nextCheckAt: scheduledAtIso, + attemptCount: nextAttemptCount, + notes: claimed.monitorNotes ?? null, + reason: err.message, + source: input.activitySource, + }, + }); + + return { outcome: "skipped" as const, reason: err.message }; + } + + await db + .update(issues) + .set({ + monitorWakeRequestedAt: null, + updatedAt: new Date(), + }) + .where(eq(issues.id, claimed.id)); + } else { + await db + .update(issues) + .set({ + monitorWakeRequestedAt: null, + updatedAt: new Date(), + }) + .where(eq(issues.id, claimed.id)); + } + + throw err; + } + } + + async function triggerIssueMonitor(issueId: string, input?: { + now?: Date; + actorType?: "user" | "agent" | "system"; + actorId?: string | null; + agentId?: string | null; + runId?: string | null; + wakeReason?: string; + }) { + const now = input?.now ?? new Date(); + const actorType = input?.actorType ?? "system"; + const actorId = input?.actorId ?? (actorType === "system" ? "heartbeat_scheduler" : null); + if (!actorId) { + throw conflict("Issue monitor trigger requires an actor"); + } + + const issue = await db + .select(issueMonitorDispatchColumns) + .from(issues) + .where(eq(issues.id, issueId)) + .limit(1) + .then((rows) => rows[0] ?? null); + if (!issue) { + throw notFound("Issue not found"); + } + if (!issue.monitorNextCheckAt) { + throw conflict("Issue has no scheduled monitor"); + } + if (!issue.assigneeAgentId || issue.assigneeUserId) { + throw conflict("Issue monitor requires an agent assignee"); + } + if (!["in_progress", "in_review"].includes(issue.status)) { + throw conflict("Issue monitor can only run while the issue is in progress or in review"); + } + + const staleClaimThreshold = new Date(now.getTime() - 5 * 60 * 1000); + const claimed = await db.transaction(async (tx) => { + const [updated] = await tx + .update(issues) + .set({ + monitorWakeRequestedAt: now, + updatedAt: now, + }) + .where( + and( + eq(issues.id, issueId), + sql`${issues.monitorNextCheckAt} is not null`, + isNull(issues.assigneeUserId), + sql`${issues.assigneeAgentId} is not null`, + inArray(issues.status, ["in_progress", "in_review"]), + or( + isNull(issues.monitorWakeRequestedAt), + lt(issues.monitorWakeRequestedAt, staleClaimThreshold), + ), + ), + ) + .returning(); + return (updated ?? null) as IssueMonitorDispatchRow | null; + }); + + if (!claimed) { + throw conflict("Issue monitor check is already in progress"); + } + + return dispatchClaimedIssueMonitor(claimed, { + now, + source: "on_demand", + triggerDetail: "manual", + wakeReason: input?.wakeReason ?? "issue_monitor_due", + actorType, + actorId, + agentId: input?.agentId ?? null, + runId: input?.runId ?? null, + clearOnClientError: false, + activitySource: "manual", + }); + } + + async function tickDueIssueMonitors(now = new Date()) { + const staleClaimThreshold = new Date(now.getTime() - 5 * 60 * 1000); + const dueMonitors = await db + .select(issueMonitorDispatchColumns) + .from(issues) + .where( + and( + sql`${issues.monitorNextCheckAt} is not null`, + lte(issues.monitorNextCheckAt, now), + isNull(issues.assigneeUserId), + sql`${issues.assigneeAgentId} is not null`, + inArray(issues.status, ["in_progress", "in_review"]), + or( + isNull(issues.monitorWakeRequestedAt), + lt(issues.monitorWakeRequestedAt, staleClaimThreshold), + ), + ), + ) + .orderBy(asc(issues.monitorNextCheckAt), asc(issues.updatedAt)) + .limit(50); + + let triggered = 0; + let skipped = 0; + + for (const due of dueMonitors) { + const claimed = await db.transaction(async (tx) => { + const [updated] = await tx + .update(issues) + .set({ + monitorWakeRequestedAt: now, + updatedAt: now, + }) + .where( + and( + eq(issues.id, due.id), + sql`${issues.monitorNextCheckAt} is not null`, + lte(issues.monitorNextCheckAt, now), + isNull(issues.assigneeUserId), + sql`${issues.assigneeAgentId} is not null`, + inArray(issues.status, ["in_progress", "in_review"]), + or( + isNull(issues.monitorWakeRequestedAt), + lt(issues.monitorWakeRequestedAt, staleClaimThreshold), + ), + ), + ) + .returning(); + return (updated ?? null) as IssueMonitorDispatchRow | null; + }); + + if (!claimed) continue; + + try { + const result = await dispatchClaimedIssueMonitor(claimed, { + now, + source: "automation", + triggerDetail: "system", + wakeReason: "issue_monitor_due", + actorType: "system", + actorId: "heartbeat_scheduler", + agentId: null, + runId: null, + clearOnClientError: true, + activitySource: "scheduled", + }); + if (result.outcome === "triggered") triggered += 1; + if (result.outcome === "skipped") skipped += 1; + } catch (err) { + logger.error({ err, issueId: claimed.id }, "issue monitor tick failed"); + } + } + + return { + checked: dueMonitors.length, + triggered, + skipped, + }; + } + async function getOldestRunForSession(agentId: string, sessionId: string) { return db .select({ @@ -3102,6 +3947,287 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) } } + function issueUiLink(issue: Pick) { + const label = issue.identifier ?? issue.id; + const prefix = issue.identifier?.split("-")[0] || "PAP"; + return `[${label}](/${prefix}/issues/${label})`; + } + + async function buildDetectedSuccessfulRunProgressSummary(run: typeof heartbeatRuns.$inferSelect) { + const resultJson = parseObject(run.resultJson); + const candidates = [ + readNonEmptyString(run.nextAction) ? `Next action noted: ${readNonEmptyString(run.nextAction)}` : null, + readNonEmptyString(run.livenessReason), + readNonEmptyString(resultJson.summary), + readNonEmptyString(resultJson.result), + readNonEmptyString(resultJson.message), + ].filter((value): value is string => Boolean(value)); + const summary = candidates[0]; + if (!summary) return null; + return redactDetectedSuccessfulRunProgressSummaryForBoard( + summary, + await getCurrentUserRedactionOptions(), + ); + } + + async function addSuccessfulRunHandoffCommentOnce(input: { + issue: Pick; + run: typeof heartbeatRuns.$inferSelect; + agent: Pick; + detectedProgressSummary: string; + }) { + const existing = await db + .select({ id: issueComments.id }) + .from(issueComments) + .where( + and( + eq(issueComments.companyId, input.run.companyId), + eq(issueComments.issueId, input.issue.id), + eq(issueComments.createdByRunId, input.run.id), + sql`(${issueComments.body} = ${SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY} or ${issueComments.body} like '## This issue still needs a next step%' or ${issueComments.body} like '## Successful run missing issue disposition%')`, + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null); + if (existing) return null; + const notice = buildSuccessfulRunHandoffRequiredNotice(input); + return issuesSvc.addComment( + input.issue.id, + notice.body, + { runId: input.run.id }, + { + authorType: "system", + presentation: notice.presentation, + metadata: notice.metadata, + }, + ); + } + + async function handleSuccessfulRunHandoff(run: typeof heartbeatRuns.$inferSelect, agent: typeof agents.$inferSelect) { + if (run.status !== "succeeded") return; + const context = parseObject(run.contextSnapshot); + const issueId = readNonEmptyString(context.issueId) ?? readNonEmptyString(context.taskId); + if (!issueId) return; + + const issue = await db + .select({ + id: issues.id, + companyId: issues.companyId, + identifier: issues.identifier, + title: issues.title, + status: issues.status, + assigneeAgentId: issues.assigneeAgentId, + assigneeUserId: issues.assigneeUserId, + executionState: issues.executionState, + projectId: issues.projectId, + }) + .from(issues) + .where(and(eq(issues.id, issueId), eq(issues.companyId, run.companyId))) + .then((rows) => rows[0] ?? null); + const idempotencyKey = issue + ? buildFinishSuccessfulRunHandoffIdempotencyKey({ + issueId: issue.id, + sourceRunId: run.id, + }) + : null; + const taskKey = deriveTaskKeyWithHeartbeatFallback(context, null); + const detectedProgressSummary = await buildDetectedSuccessfulRunProgressSummary(run); + + const [ + activeExecutionPath, + queuedWake, + pendingInteraction, + pendingApproval, + explicitBlocker, + openRecoveryIssue, + existingWake, + budgetBlock, + pauseHold, + ] = await Promise.all([ + issue + ? db + .select({ id: heartbeatRuns.id }) + .from(heartbeatRuns) + .where( + and( + eq(heartbeatRuns.companyId, issue.companyId), + eq(heartbeatRuns.agentId, run.agentId), + inArray(heartbeatRuns.status, [...EXECUTION_PATH_HEARTBEAT_RUN_STATUSES]), + sql`( + ${heartbeatRuns.contextSnapshot} ->> 'issueId' = ${issue.id} + or ${heartbeatRuns.contextSnapshot} ->> 'taskId' = ${issue.id} + )`, + sql`${heartbeatRuns.id} <> ${run.id}`, + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null) + : Promise.resolve(null), + issue + ? db + .select({ id: agentWakeupRequests.id }) + .from(agentWakeupRequests) + .where( + and( + eq(agentWakeupRequests.companyId, issue.companyId), + eq(agentWakeupRequests.agentId, run.agentId), + inArray(agentWakeupRequests.status, ["queued", "deferred_issue_execution", "claimed"]), + sql`( + ${agentWakeupRequests.payload} ->> 'issueId' = ${issue.id} + or ${agentWakeupRequests.payload} ->> 'taskId' = ${issue.id} + or ${agentWakeupRequests.payload} -> '_paperclipWakeContext' ->> 'issueId' = ${issue.id} + or ${agentWakeupRequests.payload} -> '_paperclipWakeContext' ->> 'taskId' = ${issue.id} + )`, + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null) + : Promise.resolve(null), + issue + ? db + .select({ id: issueThreadInteractions.id }) + .from(issueThreadInteractions) + .where( + and( + eq(issueThreadInteractions.companyId, issue.companyId), + eq(issueThreadInteractions.issueId, issue.id), + eq(issueThreadInteractions.status, "pending"), + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null) + : Promise.resolve(null), + issue + ? db + .select({ id: issueApprovals.approvalId }) + .from(issueApprovals) + .innerJoin(approvals, eq(issueApprovals.approvalId, approvals.id)) + .where( + and( + eq(issueApprovals.companyId, issue.companyId), + eq(issueApprovals.issueId, issue.id), + inArray(approvals.status, ["pending", "revision_requested"]), + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null) + : Promise.resolve(null), + issue + ? db + .select({ id: issueRelations.issueId }) + .from(issueRelations) + .where( + and( + eq(issueRelations.companyId, issue.companyId), + eq(issueRelations.relatedIssueId, issue.id), + eq(issueRelations.type, "blocks"), + sql`exists ( + select 1 + from issues blocker + where blocker.id = ${issueRelations.issueId} + and blocker.company_id = ${issue.companyId} + and blocker.status not in ('done', 'cancelled') + and blocker.hidden_at is null + )`, + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null) + : Promise.resolve(null), + issue + ? db + .select({ id: issues.id }) + .from(issues) + .where( + and( + eq(issues.companyId, issue.companyId), + inArray(issues.originKind, [ + RECOVERY_ORIGIN_KINDS.strandedIssueRecovery, + RECOVERY_ORIGIN_KINDS.issueGraphLivenessEscalation, + ]), + eq(issues.originId, issue.id), + isNull(issues.hiddenAt), + notInArray(issues.status, ["done", "cancelled"]), + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null) + : Promise.resolve(null), + idempotencyKey + ? findExistingFinishSuccessfulRunHandoffWake(db, { + companyId: run.companyId, + idempotencyKey, + }) + : Promise.resolve(null), + issue + ? budgets.getInvocationBlock(issue.companyId, run.agentId, { + issueId: issue.id, + projectId: issue.projectId, + }) + : Promise.resolve(null), + issue + ? treeControlSvc.getActivePauseHoldGate(issue.companyId, issue.id) + : Promise.resolve(null), + ]); + + const decision = decideSuccessfulRunHandoff({ + run, + issue, + agent, + livenessState: run.livenessState as RunLivenessState | null, + detectedProgressSummary, + taskKey, + hasActiveExecutionPath: Boolean(activeExecutionPath), + hasQueuedWake: Boolean(queuedWake), + hasPendingInteractionOrApproval: Boolean(pendingInteraction || pendingApproval), + hasExplicitBlockerPath: Boolean(explicitBlocker), + hasOpenRecoveryIssue: Boolean(openRecoveryIssue), + hasPauseHold: Boolean(pauseHold), + budgetBlocked: Boolean(budgetBlock), + idempotentWakeExists: Boolean(existingWake), + }); + + if (decision.kind !== "enqueue" || !issue) return; + + const handoffRun = await enqueueWakeup(run.agentId, { + source: "automation", + triggerDetail: "system", + reason: FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + payload: decision.payload, + contextSnapshot: decision.contextSnapshot, + idempotencyKey: decision.idempotencyKey, + requestedByActorType: "system", + requestedByActorId: "heartbeat", + }); + if (!handoffRun) return; + + await addSuccessfulRunHandoffCommentOnce({ + issue, + run, + agent, + detectedProgressSummary: detectedProgressSummary ?? "The run reported progress, but did not choose a next step.", + }); + await logActivity(db, { + companyId: issue.companyId, + actorType: "system", + actorId: "heartbeat", + agentId: run.agentId, + runId: run.id, + action: "issue.successful_run_handoff_required", + entityType: "issue", + entityId: issue.id, + details: { + label: "Successful run missing issue disposition", + sourceRunId: run.id, + correctiveRunId: handoffRun.id, + handoffReason: SUCCESSFUL_RUN_MISSING_STATE_REASON, + missingDisposition: "clear_next_step", + detectedProgressSummary, + issue: issueUiLink(issue), + }, + }); + } + async function appendRunEvent( run: typeof heartbeatRuns.$inferSelect, seq: number, @@ -3283,13 +4409,13 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) const contextSnapshot = parseObject(run.contextSnapshot); const taskKey = deriveTaskKeyWithHeartbeatFallback(contextSnapshot, null); const sessionBefore = await resolveSessionBeforeForWakeup(agent, taskKey); - const retryContextSnapshot = { + const retryContextSnapshot = withRecoveryModelProfileHint({ ...contextSnapshot, retryOfRunId: run.id, wakeReason: "missing_issue_comment", retryReason: "missing_issue_comment", missingIssueCommentForRunId: run.id, - }; + }); const now = new Date(); const retryRun = await db.transaction(async (tx) => { @@ -3312,11 +4438,11 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) source: "automation", triggerDetail: "system", reason: "missing_issue_comment", - payload: { + payload: withRecoveryModelProfileHint({ issueId, retryOfRunId: run.id, retryReason: "missing_issue_comment", - }, + }), status: "queued", requestedByActorType: "system", requestedByActorId: null, @@ -3504,12 +4630,12 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) const issueId = readNonEmptyString(contextSnapshot.issueId); const taskKey = deriveTaskKeyWithHeartbeatFallback(contextSnapshot, null); const sessionBefore = await resolveSessionBeforeForWakeup(agent, taskKey); - const retryContextSnapshot = { + const retryContextSnapshot = withRecoveryModelProfileHint({ ...contextSnapshot, retryOfRunId: run.id, wakeReason: "process_lost_retry", retryReason: "process_lost", - }; + }); const queued = await db.transaction(async (tx) => { const wakeupRequest = await tx @@ -3520,10 +4646,10 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) source: "automation", triggerDetail: "system", reason: "process_lost_retry", - payload: { + payload: withRecoveryModelProfileHint({ ...(issueId ? { issueId } : {}), retryOfRunId: run.id, - }, + }), status: "queued", requestedByActorType: "system", requestedByActorId: null, @@ -3598,6 +4724,380 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) return queued; } + type ScheduledRetryGate = + | { allowed: true } + | { + allowed: false; + reason: string; + errorCode: + | "agent_not_invokable" + | "budget_blocked" + | "issue_not_found" + | "issue_reassigned" + | "issue_cancelled" + | "issue_terminal_status" + | "issue_not_in_progress" + | "issue_execution_lock_changed" + | "issue_review_participant_changed" + | "issue_paused" + | "issue_dependencies_blocked"; + issueId: string | null; + details: Record; + }; + type BlockedScheduledRetryGate = Extract; + + async function evaluateScheduledRetryGate(input: { + run: typeof heartbeatRuns.$inferSelect; + agent: typeof agents.$inferSelect; + contextSnapshot: Record; + retryReason?: string | null; + enforceIssueExecutionLock?: boolean; + }): Promise { + const { run, agent, contextSnapshot } = input; + const retryReason = + input.retryReason ?? readNonEmptyString(contextSnapshot.retryReason) ?? run.scheduledRetryReason ?? null; + const issueId = readNonEmptyString(contextSnapshot.issueId); + const projectId = readNonEmptyString(contextSnapshot.projectId); + + const budgetBlock = await budgets.getInvocationBlock(run.companyId, run.agentId, { + issueId, + projectId, + }); + if (budgetBlock) { + return { + allowed: false, + reason: budgetBlock.reason, + errorCode: "budget_blocked", + issueId, + details: { + scopeType: budgetBlock.scopeType, + scopeId: budgetBlock.scopeId, + }, + }; + } + + if (agent.status === "paused" || agent.status === "terminated" || agent.status === "pending_approval") { + return { + allowed: false, + reason: "Scheduled retry suppressed because the agent is not invokable", + errorCode: "agent_not_invokable", + issueId, + details: { + agentId: agent.id, + agentStatus: agent.status, + }, + }; + } + + if (!issueId) return { allowed: true }; + + const issue = await db + .select({ + id: issues.id, + status: issues.status, + assigneeAgentId: issues.assigneeAgentId, + executionRunId: issues.executionRunId, + executionState: issues.executionState, + }) + .from(issues) + .where(and(eq(issues.id, issueId), eq(issues.companyId, run.companyId))) + .then((rows) => rows[0] ?? null); + + if (!issue) { + return { + allowed: false, + reason: "Scheduled retry suppressed because the target issue no longer exists", + errorCode: "issue_not_found", + issueId, + details: { issueId }, + }; + } + + if (issue.assigneeAgentId !== run.agentId) { + return { + allowed: false, + reason: "Scheduled retry suppressed because issue ownership changed", + errorCode: "issue_reassigned", + issueId, + details: { + issueId, + previousAssigneeAgentId: run.agentId, + currentAssigneeAgentId: issue.assigneeAgentId, + }, + }; + } + + if (issue.status === "cancelled" || issue.status === "done") { + return { + allowed: false, + reason: `Scheduled retry suppressed because issue reached terminal status (${issue.status})`, + errorCode: issue.status === "cancelled" ? "issue_cancelled" : "issue_terminal_status", + issueId, + details: { issueId, currentStatus: issue.status }, + }; + } + + if (retryReason === MAX_TURN_CONTINUATION_RETRY_REASON && issue.status !== "in_progress") { + return { + allowed: false, + reason: `Scheduled max-turn continuation suppressed because issue is no longer in_progress (current status: ${issue.status})`, + errorCode: "issue_not_in_progress", + issueId, + details: { issueId, currentStatus: issue.status, requiredStatus: "in_progress" }, + }; + } + + if ( + retryReason === MAX_TURN_CONTINUATION_RETRY_REASON && + input.enforceIssueExecutionLock && + issue.executionRunId !== run.id + ) { + return { + allowed: false, + reason: "Scheduled max-turn continuation suppressed because the issue execution lock belongs to a different run", + errorCode: "issue_execution_lock_changed", + issueId, + details: { + issueId, + expectedExecutionRunId: run.id, + currentExecutionRunId: issue.executionRunId, + }, + }; + } + + if (issue.status === "in_review") { + const executionState = parseIssueExecutionState(issue.executionState); + const currentParticipant = executionState?.currentParticipant ?? null; + if (currentParticipant) { + const participantMatches = + currentParticipant.type === "agent" && currentParticipant.agentId === run.agentId; + if (!participantMatches) { + return { + allowed: false, + reason: "Scheduled retry suppressed because the issue is waiting on another review participant", + errorCode: "issue_review_participant_changed", + issueId, + details: { + issueId, + currentStageType: executionState?.currentStageType ?? null, + currentParticipant, + }, + }; + } + } + } + + const activePauseHold = await treeControlSvc.getActivePauseHoldGate(run.companyId, issueId); + if (activePauseHold) { + return { + allowed: false, + reason: "Scheduled retry suppressed because the issue is held by an active subtree pause hold", + errorCode: "issue_paused", + issueId, + details: { + issueId, + holdId: activePauseHold.holdId, + rootIssueId: activePauseHold.rootIssueId, + }, + }; + } + + const dependencyReadiness = await issuesSvc.listDependencyReadiness(run.companyId, [issueId]); + const readiness = dependencyReadiness.get(issueId); + if (readiness && !readiness.isDependencyReady) { + return { + allowed: false, + reason: "Scheduled retry suppressed because issue dependencies are still blocked", + errorCode: "issue_dependencies_blocked", + issueId, + details: { + issueId, + unresolvedBlockerIssueIds: readiness.unresolvedBlockerIssueIds, + unresolvedBlockerCount: readiness.unresolvedBlockerCount, + }, + }; + } + + return { allowed: true }; + } + + async function cancelScheduledRetryForGate( + run: typeof heartbeatRuns.$inferSelect, + gate: Extract, + now: Date, + ) { + const cancelled = await db + .update(heartbeatRuns) + .set({ + status: "cancelled", + finishedAt: now, + error: gate.reason, + errorCode: gate.errorCode, + updatedAt: now, + }) + .where( + and( + eq(heartbeatRuns.id, run.id), + eq(heartbeatRuns.status, "scheduled_retry"), + lte(heartbeatRuns.scheduledRetryAt, now), + ), + ) + .returning() + .then((rows) => rows[0] ?? null); + + if (!cancelled) return null; + + if (cancelled.wakeupRequestId) { + await db + .update(agentWakeupRequests) + .set({ + status: "cancelled", + finishedAt: now, + error: gate.reason, + updatedAt: now, + }) + .where(eq(agentWakeupRequests.id, cancelled.wakeupRequestId)); + } + + if (gate.issueId) { + await db + .update(issues) + .set({ + executionRunId: null, + executionAgentNameKey: null, + executionLockedAt: null, + updatedAt: now, + }) + .where( + and( + eq(issues.companyId, cancelled.companyId), + eq(issues.id, gate.issueId), + eq(issues.executionRunId, cancelled.id), + ), + ); + } + + await appendRunEvent(cancelled, await nextRunEventSeq(cancelled.id), { + eventType: "lifecycle", + stream: "system", + level: "warn", + message: gate.reason, + payload: { + ...gate.details, + scheduledRetryAttempt: cancelled.scheduledRetryAttempt, + scheduledRetryAt: cancelled.scheduledRetryAt ? new Date(cancelled.scheduledRetryAt).toISOString() : null, + scheduledRetryReason: cancelled.scheduledRetryReason, + }, + }); + + return cancelled; + } + + async function promoteScheduledRetryRun( + dueRun: typeof heartbeatRuns.$inferSelect, + now: Date, + ): Promise< + | { outcome: "promoted"; run: typeof heartbeatRuns.$inferSelect } + | { + outcome: "gate_suppressed"; + run: typeof heartbeatRuns.$inferSelect; + reason: string; + errorCode: BlockedScheduledRetryGate["errorCode"]; + } + | { outcome: "not_promoted"; run: typeof heartbeatRuns.$inferSelect | null } + > { + const agent = await getAgent(dueRun.agentId); + if (!agent) { + const gate = { + allowed: false as const, + reason: "Scheduled retry suppressed because the agent no longer exists", + errorCode: "agent_not_invokable" as const, + issueId: readNonEmptyString(parseObject(dueRun.contextSnapshot).issueId), + details: { agentId: dueRun.agentId }, + }; + const cancelled = await cancelScheduledRetryForGate(dueRun, gate, now); + return cancelled + ? { + outcome: "gate_suppressed", + run: cancelled, + reason: gate.reason, + errorCode: gate.errorCode, + } + : { outcome: "not_promoted", run: null }; + } + + const contextSnapshot = parseObject(dueRun.contextSnapshot); + const gate = await evaluateScheduledRetryGate({ + run: dueRun, + agent, + contextSnapshot, + retryReason: dueRun.scheduledRetryReason, + enforceIssueExecutionLock: dueRun.scheduledRetryReason === MAX_TURN_CONTINUATION_RETRY_REASON, + }); + if (!gate.allowed) { + if ( + gate.errorCode === "issue_not_found" && + dueRun.scheduledRetryReason !== MAX_TURN_CONTINUATION_RETRY_REASON + ) { + // Preserve legacy transient retry behavior for runs that only carry a + // loose task context rather than a persisted issue row. + } else { + const cancelled = await cancelScheduledRetryForGate(dueRun, gate, now); + return cancelled + ? { + outcome: "gate_suppressed", + run: cancelled, + reason: gate.reason, + errorCode: gate.errorCode, + } + : { outcome: "not_promoted", run: null }; + } + } + + const promoted = await db + .update(heartbeatRuns) + .set({ + status: "queued", + updatedAt: now, + }) + .where( + and( + eq(heartbeatRuns.id, dueRun.id), + eq(heartbeatRuns.status, "scheduled_retry"), + lte(heartbeatRuns.scheduledRetryAt, now), + ), + ) + .returning() + .then((rows) => rows[0] ?? null); + if (!promoted) return { outcome: "not_promoted", run: null }; + + await appendRunEvent(promoted, await nextRunEventSeq(promoted.id), { + eventType: "lifecycle", + stream: "system", + level: "info", + message: "Scheduled retry became due and was promoted to the queued run pool", + payload: { + scheduledRetryAttempt: promoted.scheduledRetryAttempt, + scheduledRetryAt: promoted.scheduledRetryAt ? new Date(promoted.scheduledRetryAt).toISOString() : null, + scheduledRetryReason: promoted.scheduledRetryReason, + }, + }); + + publishLiveEvent({ + companyId: promoted.companyId, + type: "heartbeat.run.queued", + payload: { + runId: promoted.id, + agentId: promoted.agentId, + invocationSource: promoted.invocationSource, + triggerDetail: promoted.triggerDetail, + wakeupRequestId: promoted.wakeupRequestId, + }, + }); + + return { outcome: "promoted", run: promoted }; + } + async function scheduleBoundedRetryForRun( run: typeof heartbeatRuns.$inferSelect, agent: typeof agents.$inferSelect, @@ -3606,13 +5106,28 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) random?: () => number; retryReason?: string; wakeReason?: string; + maxAttempts?: number; + delayMs?: number; }, ) { const now = opts?.now ?? new Date(); const retryReason = opts?.retryReason ?? BOUNDED_TRANSIENT_HEARTBEAT_RETRY_REASON; const wakeReason = opts?.wakeReason ?? BOUNDED_TRANSIENT_HEARTBEAT_RETRY_WAKE_REASON; + const maxAttempts = Math.max(0, Math.floor(opts?.maxAttempts ?? BOUNDED_TRANSIENT_HEARTBEAT_RETRY_MAX_ATTEMPTS)); const nextAttempt = (run.scheduledRetryAttempt ?? 0) + 1; - const baseSchedule = computeBoundedTransientHeartbeatRetrySchedule(nextAttempt, now, opts?.random); + const baseSchedule = opts?.delayMs != null + ? nextAttempt <= maxAttempts + ? { + attempt: nextAttempt, + baseDelayMs: Math.max(0, Math.floor(opts.delayMs)), + delayMs: Math.max(0, Math.floor(opts.delayMs)), + dueAt: new Date(now.getTime() + Math.max(0, Math.floor(opts.delayMs))), + maxAttempts, + } + : null + : nextAttempt <= maxAttempts + ? computeBoundedTransientHeartbeatRetrySchedule(nextAttempt, now, opts?.random) + : null; const transientRecovery = retryReason === BOUNDED_TRANSIENT_HEARTBEAT_RETRY_REASON ? readTransientRecoveryContractFromRun(run) @@ -3632,13 +5147,13 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) payload: { retryReason, scheduledRetryAttempt: run.scheduledRetryAttempt ?? 0, - maxAttempts: BOUNDED_TRANSIENT_HEARTBEAT_RETRY_MAX_ATTEMPTS, + maxAttempts, }, }); return { outcome: "retry_exhausted" as const, attempt: nextAttempt, - maxAttempts: BOUNDED_TRANSIENT_HEARTBEAT_RETRY_MAX_ATTEMPTS, + maxAttempts, }; } const schedule = @@ -3652,9 +5167,32 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) const contextSnapshot = parseObject(run.contextSnapshot); const issueId = readNonEmptyString(contextSnapshot.issueId); + if (retryReason === MAX_TURN_CONTINUATION_RETRY_REASON) { + const gate = await evaluateScheduledRetryGate({ run, agent, contextSnapshot, retryReason }); + if (!gate.allowed) { + await appendRunEvent(run, await nextRunEventSeq(run.id), { + eventType: "lifecycle", + stream: "system", + level: "warn", + message: gate.reason, + payload: { + retryReason, + scheduledRetryAttempt: nextAttempt, + maxAttempts, + ...gate.details, + }, + }); + return { + outcome: "not_scheduled" as const, + reason: gate.reason, + errorCode: gate.errorCode, + issueId: gate.issueId, + }; + } + } const taskKey = deriveTaskKeyWithHeartbeatFallback(contextSnapshot, null); const sessionBefore = await resolveSessionBeforeForWakeup(agent, taskKey); - const retryContextSnapshot: Record = { + const retryContextSnapshot: Record = withRecoveryModelProfileHint({ ...contextSnapshot, retryOfRunId: run.id, wakeReason, @@ -3664,9 +5202,159 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) scheduledRetryAt: schedule.dueAt.toISOString(), ...(transientRetryNotBefore ? { transientRetryNotBefore: transientRetryNotBefore.toISOString() } : {}), ...(codexTransientFallbackMode ? { codexTransientFallbackMode } : {}), - }; + }); + const maxTurnContinuationIdempotencyKey = retryReason === MAX_TURN_CONTINUATION_RETRY_REASON + ? `max-turn-continuation:${run.companyId}:${issueId ?? "no-issue"}:${run.id}:${schedule.attempt}` + : null; + + type ScheduledRetryTransactionResult = + | { + outcome: "scheduled"; + run: typeof heartbeatRuns.$inferSelect; + reusedExisting: boolean; + } + | { + outcome: "not_scheduled"; + reason: string; + errorCode: + | "issue_not_found" + | "issue_reassigned" + | "issue_cancelled" + | "issue_terminal_status" + | "issue_not_in_progress" + | "issue_execution_lock_changed"; + issueId: string | null; + details: Record; + }; + + const scheduleResult = await db.transaction(async (tx): Promise => { + if (retryReason === MAX_TURN_CONTINUATION_RETRY_REASON) { + if (issueId) { + await tx.execute( + sql`select id from issues where company_id = ${run.companyId} and id = ${issueId} for update`, + ); + } else { + await tx.execute( + sql`select id from heartbeat_runs where company_id = ${run.companyId} and id = ${run.id} for update`, + ); + } + + const existingContinuation = await tx + .select() + .from(heartbeatRuns) + .where( + and( + eq(heartbeatRuns.companyId, run.companyId), + eq(heartbeatRuns.retryOfRunId, run.id), + eq(heartbeatRuns.scheduledRetryReason, retryReason), + eq(heartbeatRuns.scheduledRetryAttempt, schedule.attempt), + inArray(heartbeatRuns.status, [...MAX_TURN_CONTINUATION_LIVE_RUN_STATUSES]), + issueId + ? sql`${heartbeatRuns.contextSnapshot} ->> 'issueId' = ${issueId}` + : sql`${heartbeatRuns.contextSnapshot} ->> 'issueId' is null`, + ), + ) + .orderBy(asc(heartbeatRuns.createdAt), asc(heartbeatRuns.id)) + .limit(1) + .then((rows) => rows[0] ?? null); + + if (existingContinuation) { + if (existingContinuation.wakeupRequestId) { + const existingWakeup = await tx + .select({ coalescedCount: agentWakeupRequests.coalescedCount }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, existingContinuation.wakeupRequestId)) + .then((rows) => rows[0] ?? null); + + await tx + .update(agentWakeupRequests) + .set({ + coalescedCount: (existingWakeup?.coalescedCount ?? 0) + 1, + updatedAt: now, + }) + .where(eq(agentWakeupRequests.id, existingContinuation.wakeupRequestId)); + } + + return { + outcome: "scheduled", + run: existingContinuation, + reusedExisting: true, + }; + } + + if (issueId) { + const lockedIssue = await tx + .select({ + id: issues.id, + status: issues.status, + assigneeAgentId: issues.assigneeAgentId, + executionRunId: issues.executionRunId, + }) + .from(issues) + .where(and(eq(issues.id, issueId), eq(issues.companyId, run.companyId))) + .then((rows) => rows[0] ?? null); + + if (!lockedIssue) { + return { + outcome: "not_scheduled", + reason: "Scheduled max-turn continuation suppressed because the target issue no longer exists", + errorCode: "issue_not_found", + issueId, + details: { issueId }, + }; + } + + if (lockedIssue.assigneeAgentId !== run.agentId) { + return { + outcome: "not_scheduled", + reason: "Scheduled max-turn continuation suppressed because issue ownership changed", + errorCode: "issue_reassigned", + issueId, + details: { + issueId, + previousAssigneeAgentId: run.agentId, + currentAssigneeAgentId: lockedIssue.assigneeAgentId, + }, + }; + } + + if (lockedIssue.status === "cancelled" || lockedIssue.status === "done") { + return { + outcome: "not_scheduled", + reason: `Scheduled max-turn continuation suppressed because issue reached terminal status (${lockedIssue.status})`, + errorCode: lockedIssue.status === "cancelled" ? "issue_cancelled" : "issue_terminal_status", + issueId, + details: { issueId, currentStatus: lockedIssue.status }, + }; + } + + if (lockedIssue.status !== "in_progress") { + return { + outcome: "not_scheduled", + reason: `Scheduled max-turn continuation suppressed because issue is no longer in_progress (current status: ${lockedIssue.status})`, + errorCode: "issue_not_in_progress", + issueId, + details: { issueId, currentStatus: lockedIssue.status, requiredStatus: "in_progress" }, + }; + } + + if (lockedIssue.executionRunId !== run.id) { + return { + outcome: "not_scheduled", + reason: + "Scheduled max-turn continuation suppressed because the issue execution lock belongs to a different run", + errorCode: "issue_execution_lock_changed", + issueId, + details: { + issueId, + expectedExecutionRunId: run.id, + currentExecutionRunId: lockedIssue.executionRunId, + }, + }; + } + } + } - const retryRun = await db.transaction(async (tx) => { const wakeupRequest = await tx .insert(agentWakeupRequests) .values({ @@ -3675,7 +5363,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) source: "automation", triggerDetail: "system", reason: wakeReason, - payload: { + payload: withRecoveryModelProfileHint({ ...(issueId ? { issueId } : {}), retryOfRunId: run.id, retryReason, @@ -3684,10 +5372,11 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) scheduledRetryAt: schedule.dueAt.toISOString(), ...(transientRetryNotBefore ? { transientRetryNotBefore: transientRetryNotBefore.toISOString() } : {}), ...(codexTransientFallbackMode ? { codexTransientFallbackMode } : {}), - }, + }), status: "queued", requestedByActorType: "system", requestedByActorId: null, + idempotencyKey: maxTurnContinuationIdempotencyKey, updatedAt: now, }) .returning() @@ -3734,9 +5423,62 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) .where(and(eq(issues.id, issueId), eq(issues.companyId, run.companyId), eq(issues.executionRunId, run.id))); } - return scheduledRun; + return { + outcome: "scheduled", + run: scheduledRun, + reusedExisting: false, + }; }); + if (scheduleResult.outcome === "not_scheduled") { + await appendRunEvent(run, await nextRunEventSeq(run.id), { + eventType: "lifecycle", + stream: "system", + level: "warn", + message: scheduleResult.reason, + payload: { + retryReason, + scheduledRetryAttempt: nextAttempt, + maxAttempts, + ...scheduleResult.details, + }, + }); + return { + outcome: "not_scheduled" as const, + reason: scheduleResult.reason, + errorCode: scheduleResult.errorCode, + issueId: scheduleResult.issueId, + }; + } + + const retryRun = scheduleResult.run; + const dueAt = retryRun.scheduledRetryAt ? new Date(retryRun.scheduledRetryAt) : schedule.dueAt; + + if (scheduleResult.reusedExisting) { + await appendRunEvent(run, await nextRunEventSeq(run.id), { + eventType: "lifecycle", + stream: "system", + level: "info", + message: `Reused existing max-turn continuation ${retryRun.scheduledRetryAttempt}/${schedule.maxAttempts}`, + payload: { + retryRunId: retryRun.id, + retryReason, + idempotencyKey: maxTurnContinuationIdempotencyKey, + scheduledRetryAttempt: retryRun.scheduledRetryAttempt, + scheduledRetryAt: dueAt.toISOString(), + }, + }); + + return { + outcome: "scheduled" as const, + run: retryRun, + dueAt, + attempt: retryRun.scheduledRetryAttempt, + maxAttempts: schedule.maxAttempts, + reusedExisting: true, + }; + } + await appendRunEvent(run, await nextRunEventSeq(run.id), { eventType: "lifecycle", stream: "system", @@ -3758,7 +5500,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) return { outcome: "scheduled" as const, run: retryRun, - dueAt: schedule.dueAt, + dueAt, attempt: schedule.attempt, maxAttempts: schedule.maxAttempts, }; @@ -3780,132 +5522,10 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) const promotedRunIds: string[] = []; for (const dueRun of dueRuns) { - const dueRunIssueId = readNonEmptyString(parseObject(dueRun.contextSnapshot).issueId); - if (dueRunIssueId) { - const issue = await db - .select({ - id: issues.id, - status: issues.status, - assigneeAgentId: issues.assigneeAgentId, - executionRunId: issues.executionRunId, - }) - .from(issues) - .where(and(eq(issues.id, dueRunIssueId), eq(issues.companyId, dueRun.companyId))) - .then((rows) => rows[0] ?? null); - - if (issue && (issue.assigneeAgentId !== dueRun.agentId || issue.status === "cancelled")) { - const issueCancelled = issue.status === "cancelled"; - const reason = issueCancelled - ? "Cancelled because the issue was cancelled before the scheduled retry became due" - : "Cancelled because the issue was reassigned before the scheduled retry became due"; - const cancelled = await db - .update(heartbeatRuns) - .set({ - status: "cancelled", - finishedAt: now, - error: reason, - errorCode: issueCancelled ? "issue_cancelled" : "issue_reassigned", - updatedAt: now, - }) - .where( - and( - eq(heartbeatRuns.id, dueRun.id), - eq(heartbeatRuns.status, "scheduled_retry"), - lte(heartbeatRuns.scheduledRetryAt, now), - ), - ) - .returning() - .then((rows) => rows[0] ?? null); - - if (!cancelled) continue; - - if (cancelled.wakeupRequestId) { - await db - .update(agentWakeupRequests) - .set({ - status: "cancelled", - finishedAt: now, - error: reason, - updatedAt: now, - }) - .where(eq(agentWakeupRequests.id, cancelled.wakeupRequestId)); - } - - if (issue.executionRunId === cancelled.id) { - await db - .update(issues) - .set({ - executionRunId: null, - executionAgentNameKey: null, - executionLockedAt: null, - updatedAt: now, - }) - .where(and(eq(issues.id, issue.id), eq(issues.executionRunId, cancelled.id))); - } - - await appendRunEvent(cancelled, await nextRunEventSeq(cancelled.id), { - eventType: "lifecycle", - stream: "system", - level: "warn", - message: issueCancelled - ? "Scheduled retry cancelled because issue was cancelled before it became due" - : "Scheduled retry cancelled because issue ownership changed before it became due", - payload: { - issueId: issue.id, - issueStatus: issue.status, - scheduledRetryAttempt: cancelled.scheduledRetryAttempt, - scheduledRetryAt: cancelled.scheduledRetryAt ? new Date(cancelled.scheduledRetryAt).toISOString() : null, - scheduledRetryReason: cancelled.scheduledRetryReason, - previousRetryAgentId: cancelled.agentId, - currentAssigneeAgentId: issue.assigneeAgentId, - }, - }); - continue; - } + const result = await promoteScheduledRetryRun(dueRun, now); + if (result.outcome === "promoted") { + promotedRunIds.push(result.run.id); } - - const promoted = await db - .update(heartbeatRuns) - .set({ - status: "queued", - updatedAt: now, - }) - .where( - and( - eq(heartbeatRuns.id, dueRun.id), - eq(heartbeatRuns.status, "scheduled_retry"), - lte(heartbeatRuns.scheduledRetryAt, now), - ), - ) - .returning() - .then((rows) => rows[0] ?? null); - if (!promoted) continue; - - promotedRunIds.push(promoted.id); - - await appendRunEvent(promoted, await nextRunEventSeq(promoted.id), { - eventType: "lifecycle", - stream: "system", - level: "info", - message: "Scheduled retry became due and was promoted to the queued run pool", - payload: { - scheduledRetryAttempt: promoted.scheduledRetryAttempt, - scheduledRetryAt: promoted.scheduledRetryAt ? new Date(promoted.scheduledRetryAt).toISOString() : null, - scheduledRetryReason: promoted.scheduledRetryReason, - }, - }); - - publishLiveEvent({ - companyId: promoted.companyId, - type: "heartbeat.run.queued", - payload: { - runId: promoted.id, - agentId: promoted.agentId, - invocationSource: promoted.invocationSource, - triggerDetail: promoted.triggerDetail, - wakeupRequestId: promoted.wakeupRequestId, - }, - }); } return { @@ -3914,6 +5534,182 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) }; } + async function getIssueRetryRun( + companyId: string, + issueId: string, + statuses: Array<"scheduled_retry" | "queued" | "running" | "cancelled">, + ) { + if (statuses.length === 0) return null; + return db + .select({ + run: heartbeatRuns, + agentName: agents.name, + }) + .from(heartbeatRuns) + .innerJoin(agents, eq(heartbeatRuns.agentId, agents.id)) + .where( + and( + eq(heartbeatRuns.companyId, companyId), + inArray(heartbeatRuns.status, statuses), + sql`${heartbeatRuns.contextSnapshot} ->> 'issueId' = ${issueId}`, + sql`${heartbeatRuns.retryOfRunId} is not null`, + ), + ) + .orderBy(desc(heartbeatRuns.updatedAt), desc(heartbeatRuns.createdAt), desc(heartbeatRuns.id)) + .limit(1) + .then((rows) => rows[0] ?? null); + } + + function summarizeIssueScheduledRetryRun( + row: { run: typeof heartbeatRuns.$inferSelect; agentName: string | null }, + ) { + return { + runId: row.run.id, + status: row.run.status as "scheduled_retry" | "queued" | "running" | "cancelled", + agentId: row.run.agentId, + agentName: row.agentName, + retryOfRunId: row.run.retryOfRunId, + scheduledRetryAt: row.run.scheduledRetryAt, + scheduledRetryAttempt: row.run.scheduledRetryAttempt, + scheduledRetryReason: row.run.scheduledRetryReason, + error: row.run.error, + errorCode: row.run.errorCode, + }; + } + + async function retryScheduledRetryNow(input: { + issueId: string; + actor?: { actorType?: "user" | "agent" | "system"; actorId?: string | null }; + now?: Date; + }) { + const now = input.now ?? new Date(); + const issue = await db + .select({ id: issues.id, companyId: issues.companyId }) + .from(issues) + .where(eq(issues.id, input.issueId)) + .then((rows) => rows[0] ?? null); + if (!issue) throw notFound("Issue not found"); + + const scheduled = await getIssueRetryRun(issue.companyId, issue.id, ["scheduled_retry"]); + if (!scheduled) { + const alreadyPromoted = await getIssueRetryRun(issue.companyId, issue.id, ["queued", "running"]); + if (alreadyPromoted) { + return { + outcome: "already_promoted" as const, + message: "Scheduled retry was already promoted", + scheduledRetry: summarizeIssueScheduledRetryRun(alreadyPromoted), + }; + } + return { + outcome: "no_scheduled_retry" as const, + message: "No live scheduled retry exists for this issue", + scheduledRetry: null, + }; + } + + const contextSnapshot = { + ...parseObject(scheduled.run.contextSnapshot), + scheduledRetryAt: now.toISOString(), + retryNowRequestedAt: now.toISOString(), + retryNowRequestedByActorType: input.actor?.actorType ?? null, + retryNowRequestedByActorId: input.actor?.actorId ?? null, + }; + + const updated = await db.transaction(async (tx) => { + const row = await tx + .update(heartbeatRuns) + .set({ + scheduledRetryAt: now, + contextSnapshot, + updatedAt: now, + }) + .where(and(eq(heartbeatRuns.id, scheduled.run.id), eq(heartbeatRuns.status, "scheduled_retry"))) + .returning() + .then((rows) => rows[0] ?? null); + if (!row) return null; + + if (row.wakeupRequestId) { + const wakeupPayload = { + ...(parseObject( + await tx + .select({ payload: agentWakeupRequests.payload }) + .from(agentWakeupRequests) + .where(eq(agentWakeupRequests.id, row.wakeupRequestId)) + .then((rows) => rows[0]?.payload ?? null), + )), + scheduledRetryAt: now.toISOString(), + retryNowRequestedAt: now.toISOString(), + }; + await tx + .update(agentWakeupRequests) + .set({ + payload: wakeupPayload, + updatedAt: now, + }) + .where(eq(agentWakeupRequests.id, row.wakeupRequestId)); + } + + return row; + }); + + if (!updated) { + const alreadyPromoted = await getIssueRetryRun(issue.companyId, issue.id, ["queued", "running"]); + if (alreadyPromoted) { + return { + outcome: "already_promoted" as const, + message: "Scheduled retry was already promoted", + scheduledRetry: summarizeIssueScheduledRetryRun(alreadyPromoted), + }; + } + return { + outcome: "no_scheduled_retry" as const, + message: "No live scheduled retry exists for this issue", + scheduledRetry: null, + }; + } + + await appendRunEvent(updated, await nextRunEventSeq(updated.id), { + eventType: "lifecycle", + stream: "system", + level: "info", + message: "Scheduled retry was requested to run now", + payload: { + issueId: issue.id, + scheduledRetryAttempt: updated.scheduledRetryAttempt, + scheduledRetryAt: updated.scheduledRetryAt ? new Date(updated.scheduledRetryAt).toISOString() : null, + scheduledRetryReason: updated.scheduledRetryReason, + requestedByActorType: input.actor?.actorType ?? null, + requestedByActorId: input.actor?.actorId ?? null, + }, + }); + + const promotion = await promoteScheduledRetryRun(updated, now); + const promotedRow = await getIssueRetryRun(issue.companyId, issue.id, ["queued", "running", "cancelled"]); + const scheduledRetry = promotedRow + ? summarizeIssueScheduledRetryRun(promotedRow) + : summarizeIssueScheduledRetryRun({ run: promotion.run ?? updated, agentName: scheduled.agentName }); + + if (promotion.outcome === "promoted") { + return { + outcome: "promoted" as const, + message: "Scheduled retry was promoted to the queued run pool", + scheduledRetry, + }; + } + if (promotion.outcome === "gate_suppressed") { + return { + outcome: "gate_suppressed" as const, + message: promotion.reason, + scheduledRetry, + }; + } + return { + outcome: "already_promoted" as const, + message: "Scheduled retry was already promoted", + scheduledRetry, + }; + } + function parseHeartbeatPolicy(agent: typeof agents.$inferSelect) { const runtimeConfig = parseObject(agent.runtimeConfig); const heartbeat = parseObject(runtimeConfig.heartbeat); @@ -3926,6 +5722,20 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) }; } + function parseMaxTurnContinuationPolicy(agent: typeof agents.$inferSelect): MaxTurnContinuationPolicy { + const runtimeConfig = parseObject(agent.runtimeConfig); + const heartbeat = parseObject(runtimeConfig.heartbeat); + const configured = parseObject(heartbeat.maxTurnContinuation); + const rawMaxAttempts = Math.floor(asNumber(configured.maxAttempts, MAX_TURN_CONTINUATION_DEFAULT_MAX_ATTEMPTS)); + const rawDelayMs = Math.floor(asNumber(configured.delayMs, MAX_TURN_CONTINUATION_DEFAULT_DELAY_MS)); + + return { + enabled: asBoolean(configured.enabled, true), + maxAttempts: Math.max(0, Math.min(MAX_TURN_CONTINUATION_MAX_ATTEMPTS_CAP, rawMaxAttempts)), + delayMs: Math.max(0, Math.min(MAX_TURN_CONTINUATION_MAX_DELAY_MS, rawDelayMs)), + }; + } + function issueRunPriorityRank(priority: string | null | undefined) { switch (priority) { case "critical": @@ -4166,7 +5976,10 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) | "issue_not_found" | "issue_assignee_changed" | "issue_terminal_status" - | "issue_review_participant_changed"; + | "issue_not_in_progress" + | "issue_execution_lock_changed" + | "issue_review_participant_changed" + | "issue_continuation_waiting_on_review"; details: Record; }; @@ -4180,6 +5993,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) id: issues.id, status: issues.status, assigneeAgentId: issues.assigneeAgentId, + executionRunId: issues.executionRunId, executionState: issues.executionState, }) .from(issues) @@ -4198,6 +6012,37 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) const wakeCommentId = deriveCommentId(context, null); const isInteractionWake = allowsIssueInteractionWake(context); const resumeIntent = context.resumeIntent === true || context.followUpRequested === true; + const wakeReason = readNonEmptyString(context.wakeReason); + const retryReason = readNonEmptyString(context.retryReason) ?? run.scheduledRetryReason ?? null; + + if ( + issue.status === "in_progress" && + !wakeCommentId && + (wakeReason === "issue_continuation_needed" || retryReason === "issue_continuation_needed") + ) { + const queuedWake = parseObject(context.paperclipWake); + const queuedContinuationSummary = + readNonEmptyString(parseObject(context.paperclipContinuationSummary).body) ?? + readNonEmptyString(parseObject(queuedWake.continuationSummary).body); + const currentContinuationSummary = queuedContinuationSummary + ? null + : await getIssueContinuationSummaryDocument(db, issueId); + const continuationSummaryBody = queuedContinuationSummary ?? currentContinuationSummary?.body ?? null; + if (continuationSummaryParksExecutor(continuationSummaryBody)) { + return { + stale: true, + errorCode: "issue_continuation_waiting_on_review", + reason: + "Cancelled because the continuation summary says the executor should wait for reviewer feedback or approval before more work starts", + details: { + issueId, + wakeReason, + retryReason, + nextAction: continuationSummaryBody, + }, + }; + } + } if (issue.assigneeAgentId !== run.agentId && !isInteractionWake) { return { @@ -4224,6 +6069,29 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) } } + if (retryReason === MAX_TURN_CONTINUATION_RETRY_REASON && issue.status !== "in_progress") { + return { + stale: true, + errorCode: "issue_not_in_progress", + reason: `Cancelled because max-turn continuation issue is no longer in_progress (current status: ${issue.status}) before the queued run could start`, + details: { issueId, currentStatus: issue.status, requiredStatus: "in_progress" }, + }; + } + + if (retryReason === MAX_TURN_CONTINUATION_RETRY_REASON && issue.executionRunId !== run.id) { + return { + stale: true, + errorCode: "issue_execution_lock_changed", + reason: + "Cancelled because max-turn continuation no longer owns the issue execution lock before the queued run could start", + details: { + issueId, + expectedExecutionRunId: run.id, + currentExecutionRunId: issue.executionRunId, + }, + }; + } + if (issue.status === "in_review") { const executionState = parseIssueExecutionState(issue.executionState); const currentParticipant = executionState?.currentParticipant ?? null; @@ -4956,6 +6824,11 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) .select({ id: issueComments.id, body: issueComments.body, + authorType: issueComments.authorType, + authorAgentId: issueComments.authorAgentId, + authorUserId: issueComments.authorUserId, + presentation: issueComments.presentation, + metadata: issueComments.metadata, }) .from(issueComments) .where(and( @@ -4980,6 +6853,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) const projectContext = executionProjectId ? await db .select({ + id: projects.id, executionWorkspacePolicy: projects.executionWorkspacePolicy, env: projects.env, }) @@ -5028,6 +6902,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) title: issueContext.title, status: issueContext.status, priority: issueContext.priority, + workMode: issueContext.workMode, description: issueContext.description, projectId: issueContext.projectId, projectWorkspaceId: issueContext.projectWorkspaceId, @@ -5060,6 +6935,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) title: issueRef.title, status: issueRef.status, priority: issueRef.priority, + workMode: issueRef.workMode, } : null, }); @@ -5074,10 +6950,15 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) id: issueRef.id, identifier: issueRef.identifier, title: issueRef.title, + workMode: issueRef.workMode, description: issueRef.description, } : null, wakeComment: wakeCommentContext, + interaction: { + kind: readNonEmptyString(context.interactionKind), + status: readNonEmptyString(context.interactionStatus), + }, }); if (issueRef) { context.paperclipIssue = { @@ -5085,6 +6966,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) identifier: issueRef.identifier, title: issueRef.title, description: issueRef.description, + workMode: issueRef.workMode, }; } else { delete context.paperclipIssue; @@ -5105,6 +6987,9 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) issueRef?.executionWorkspacePreference === "reuse_existing" && existingExecutionWorkspace !== null && existingExecutionWorkspace.status !== "archived"; + const reusableExecutionWorkspaceConfig = shouldReuseExisting + ? existingExecutionWorkspace?.config ?? null + : null; const persistedExecutionWorkspaceMode = shouldReuseExisting && existingExecutionWorkspace ? issueExecutionWorkspaceModeForPersistedWorkspace(existingExecutionWorkspace.mode) : null; @@ -5118,7 +7003,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) const selectedEnvironmentId = resolveExecutionWorkspaceEnvironmentId({ projectPolicy: projectExecutionWorkspacePolicy, issueSettings: issueExecutionWorkspaceSettings, - workspaceConfig: existingExecutionWorkspace?.config ?? null, + workspaceConfig: reusableExecutionWorkspaceConfig, agentDefaultEnvironmentId: agent.defaultEnvironmentId, defaultEnvironmentId: defaultEnvironment.id, }); @@ -5133,7 +7018,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) }); const persistedWorkspaceManagedConfig = applyPersistedExecutionWorkspaceConfig({ config: workspaceManagedConfig, - workspaceConfig: existingExecutionWorkspace?.config ?? null, + workspaceConfig: reusableExecutionWorkspaceConfig, mode: effectiveExecutionWorkspaceMode, }); let adapterModelProfiles: AdapterModelProfileDefinition[] = []; @@ -5174,12 +7059,23 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) }); const configSnapshot = buildExecutionWorkspaceConfigSnapshot(mergedConfig, selectedEnvironmentId); const executionRunConfig = stripWorkspaceRuntimeFromExecutionRunConfig(mergedConfig); - const { resolvedConfig, secretKeys } = await resolveExecutionRunAdapterConfig({ + const { resolvedConfig, secretKeys, secretManifest } = await resolveExecutionRunAdapterConfig({ companyId: agent.companyId, + agentId: agent.id, + issueId, + heartbeatRunId: run.id, + projectId: projectContext?.id ?? null, executionRunConfig, projectEnv: projectContext?.env ?? null, secretsSvc, }); + if (secretManifest.length > 0) { + context.paperclipSecrets = { + manifest: secretManifest, + }; + } else { + delete context.paperclipSecrets; + } const runScopedMentionedSkillKeys = await resolveRunScopedMentionedSkillKeys({ db, companyId: agent.companyId, @@ -5766,6 +7662,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) runtime: runtimeForAdapter, config: runtimeConfig, context, + runtimeCommandSpec: adapter.getRuntimeCommandSpec?.(runtimeConfig) ?? null, executionTarget, executionTransport: remoteExecution ? { remoteExecution: remoteExecution as unknown as Record } @@ -5992,12 +7889,42 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) ); } } - if (outcome === "failed" && readTransientRecoveryContractFromRun(livenessRun)) { + if (outcome === "failed" && isMaxTurnExhaustionRun(livenessRun)) { + const policy = parseMaxTurnContinuationPolicy(agent); + if (policy.enabled && policy.maxAttempts > 0) { + await scheduleBoundedRetryForRun(livenessRun, agent, { + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + wakeReason: MAX_TURN_CONTINUATION_WAKE_REASON, + maxAttempts: policy.maxAttempts, + delayMs: policy.delayMs, + }); + } else { + await appendRunEvent(livenessRun, await nextRunEventSeq(livenessRun.id), { + eventType: "lifecycle", + stream: "system", + level: "warn", + message: "Max-turn continuation suppressed because the policy is disabled", + payload: { + retryReason: MAX_TURN_CONTINUATION_RETRY_REASON, + policy, + }, + }); + } + } else if (outcome === "failed" && readTransientRecoveryContractFromRun(livenessRun)) { await scheduleBoundedRetryForRun(livenessRun, agent); } - await finalizeIssueCommentPolicy(livenessRun, agent); + const issueCommentPolicyResult = await finalizeIssueCommentPolicy(livenessRun, agent); await releaseIssueExecutionAndPromote(livenessRun); await handleRunLivenessContinuation(livenessRun); + await handleSuccessfulRunHandoff( + issueCommentPolicyResult.outcome === "retry_queued" || issueCommentPolicyResult.outcome === "retry_exhausted" + ? { + ...livenessRun, + issueCommentStatus: issueCommentPolicyResult.outcome, + } + : livenessRun, + agent, + ); } if (finalizedRun) { @@ -6468,8 +8395,15 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) return { kind: "released" as const }; } + if (issue.originKind === RECOVERY_ORIGIN_KINDS.strandedIssueRecovery) { + return { + kind: "blocked_recovery_in_place" as const, + issue, + previousStatus: issue.status, + }; + } + const shouldBlockImmediately = - issue.originKind === RECOVERY_ORIGIN_KINDS.strandedIssueRecovery || !recoveryAgentInvokable || !recoveryAgent || didAutomaticRecoveryFail(run, issue.status === "todo" ? "assignment_recovery" : "issue_continuation_needed"); @@ -6499,10 +8433,10 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) source: "automation", triggerDetail: "system", reason: recoveryReason, - payload: { + payload: withRecoveryModelProfileHint({ issueId: issue.id, retryOfRunId: run.id, - }, + }), status: "queued", requestedByActorType: "system", requestedByActorId: null, @@ -6520,14 +8454,14 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) triggerDetail: "system", status: "queued", wakeupRequestId: wakeupRequest.id, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: issue.id, taskId: issue.id, wakeReason: recoveryReason, retryReason, source: recoverySource, retryOfRunId: run.id, - }, + }), sessionIdBefore: recoverySessionBefore, retryOfRunId: run.id, updatedAt: now, @@ -6569,6 +8503,15 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) return; } + if (promotionResult?.kind === "blocked_recovery_in_place") { + await recovery.escalateStrandedRecoveryIssueInPlace({ + issue: promotionResult.issue, + previousStatus: promotionResult.previousStatus as "todo" | "in_progress", + latestRun: run, + }); + return; + } + const promotedRun = promotionResult?.run ?? null; if (!promotedRun) return; @@ -7194,7 +9137,7 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) if (coalescedTargetRun) { const mergedContextSnapshot = mergeCoalescedContextSnapshot( coalescedTargetRun.contextSnapshot, - contextSnapshot, + enrichedContextSnapshot, ); const mergedRun = await db .update(heartbeatRuns) @@ -7735,12 +9678,14 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) }), wakeup: enqueueWakeup, + triggerIssueMonitor, reportRunActivity: clearDetachedRunWarning, reapOrphanedRuns, promoteDueScheduledRetries, + retryScheduledRetryNow, resumeQueuedRuns, @@ -7751,6 +9696,8 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) random?: () => number; retryReason?: string; wakeReason?: string; + maxAttempts?: number; + delayMs?: number; }, ) => { const run = await getRun(runId, { unsafeFullResultJson: true }); @@ -7804,7 +9751,13 @@ export function heartbeatService(db: Db, options: HeartbeatServiceOptions = {}) else skipped += 1; } - return { checked, enqueued, skipped }; + const issueMonitors = await tickDueIssueMonitors(now); + + return { + checked: checked + issueMonitors.checked, + enqueued: enqueued + issueMonitors.triggered, + skipped: skipped + issueMonitors.skipped, + }; }, cancelRun: (runId: string) => cancelRunInternal(runId), diff --git a/server/src/services/index.ts b/server/src/services/index.ts index 6d2d530f..5cdf0a1d 100644 --- a/server/src/services/index.ts +++ b/server/src/services/index.ts @@ -1,4 +1,5 @@ export { companyService } from "./companies.js"; +export { companySearchService } from "./company-search.js"; export { feedbackService } from "./feedback.js"; export { companySkillService } from "./company-skills.js"; export { agentService, deduplicateAgentName } from "./agents.js"; diff --git a/server/src/services/issue-continuation-summary.ts b/server/src/services/issue-continuation-summary.ts index 422e3a5b..433cfcd5 100644 --- a/server/src/services/issue-continuation-summary.ts +++ b/server/src/services/issue-continuation-summary.ts @@ -9,6 +9,8 @@ export const ISSUE_CONTINUATION_SUMMARY_TITLE = "Continuation Summary"; export const ISSUE_CONTINUATION_SUMMARY_MAX_BODY_CHARS = 8_000; const SUMMARY_SECTION_MAX_CHARS = 1_200; const PATH_CANDIDATE_RE = /(?:^|[\s`"'(])((?:server|ui|packages|doc|scripts|\.github)\/[A-Za-z0-9._/-]+)/g; +const WAITING_FOR_REVIEW_OR_APPROVAL_RE = + /\bwait(?:ing)? for\b.{0,160}\b(?:review(?:er)?(?: feedback)?|approval|board|human|user|operator)\b/i; type IssueSummaryInput = { id: string; @@ -120,6 +122,16 @@ function extractPreviousNextAction(previousBody: string | null | undefined) { .find(Boolean) ?? null; } +export function extractContinuationSummaryNextAction(body: string | null | undefined) { + return extractPreviousNextAction(body); +} + +export function continuationSummaryParksExecutor(body: string | null | undefined) { + const nextAction = extractContinuationSummaryNextAction(body); + if (!nextAction) return false; + return WAITING_FOR_REVIEW_OR_APPROVAL_RE.test(nextAction); +} + export function buildContinuationSummaryMarkdown(input: { issue: IssueSummaryInput; run: RunSummaryInput; diff --git a/server/src/services/issue-execution-policy.ts b/server/src/services/issue-execution-policy.ts index 9a78512d..37b75c84 100644 --- a/server/src/services/issue-execution-policy.ts +++ b/server/src/services/issue-execution-policy.ts @@ -1,5 +1,15 @@ import { randomUUID } from "node:crypto"; -import type { IssueExecutionDecision, IssueExecutionPolicy, IssueExecutionStage, IssueExecutionStagePrincipal, IssueExecutionState } from "@paperclipai/shared"; +import type { + IssueExecutionDecision, + IssueExecutionMonitorClearReason, + IssueExecutionMonitorPolicy, + IssueExecutionMonitorState, + IssueExecutionPolicy, + IssueExecutionStage, + IssueExecutionStagePrincipal, + IssueExecutionState, + IssueMonitorScheduledBy, +} from "@paperclipai/shared"; import { issueExecutionPolicySchema, issueExecutionStateSchema } from "@paperclipai/shared"; import { unprocessable } from "../errors.js"; @@ -12,6 +22,12 @@ type IssueLike = AssigneeLike & { status: string; executionPolicy?: IssueExecutionPolicy | Record | null; executionState?: IssueExecutionState | Record | null; + monitorNextCheckAt?: Date | null; + monitorWakeRequestedAt?: Date | null; + monitorLastTriggeredAt?: Date | null; + monitorAttemptCount?: number | null; + monitorNotes?: string | null; + monitorScheduledBy?: string | null; }; type ActorLike = { @@ -27,11 +43,13 @@ type RequestedAssigneePatch = { type TransitionInput = { issue: IssueLike; policy: IssueExecutionPolicy | null; + previousPolicy?: IssueExecutionPolicy | null; requestedStatus?: string; requestedAssigneePatch: RequestedAssigneePatch; actor: ActorLike; commentBody?: string | null; reviewRequest?: IssueExecutionState["reviewRequest"] | null; + monitorExplicitlyUpdated?: boolean; }; type TransitionResult = { @@ -43,6 +61,280 @@ type TransitionResult = { const COMPLETED_STATUS: IssueExecutionState["status"] = "completed"; const PENDING_STATUS: IssueExecutionState["status"] = "pending"; const CHANGES_REQUESTED_STATUS: IssueExecutionState["status"] = "changes_requested"; +const MONITOR_INVALID_MESSAGE = "Monitor can only be scheduled on issues assigned to an agent in in_progress or in_review"; +const MONITOR_BOUNDS_EXHAUSTED_MESSAGE = "Monitor bounds are already exhausted"; +export const REDACTED_ISSUE_MONITOR_EXTERNAL_REF = "[redacted]"; + +function normalizeMonitorNotes(notes: string | null | undefined) { + if (typeof notes !== "string") return null; + const trimmed = notes.trim(); + return trimmed.length > 0 ? trimmed : null; +} + +function normalizeMonitorText(value: string | null | undefined) { + if (typeof value !== "string") return null; + const trimmed = value.trim(); + return trimmed.length > 0 ? trimmed : null; +} + +export function redactIssueMonitorExternalRef(value: string | null | undefined) { + return normalizeMonitorText(value) ? REDACTED_ISSUE_MONITOR_EXTERNAL_REF : null; +} + +function monitorMetadataFromPolicy(monitor: IssueExecutionMonitorPolicy) { + return { + kind: monitor.kind ?? null, + serviceName: normalizeMonitorText(monitor.serviceName), + externalRef: redactIssueMonitorExternalRef(monitor.externalRef), + timeoutAt: monitor.timeoutAt ?? null, + maxAttempts: monitor.maxAttempts ?? null, + recoveryPolicy: monitor.recoveryPolicy ?? null, + }; +} + +function monitorMetadataFromState(state: IssueExecutionMonitorState | null | undefined) { + return { + kind: state?.kind ?? null, + serviceName: normalizeMonitorText(state?.serviceName), + externalRef: redactIssueMonitorExternalRef(state?.externalRef), + timeoutAt: state?.timeoutAt ?? null, + maxAttempts: state?.maxAttempts ?? null, + recoveryPolicy: state?.recoveryPolicy ?? null, + }; +} + +function blankExecutionState(): IssueExecutionState { + return { + status: "idle", + currentStageId: null, + currentStageIndex: null, + currentStageType: null, + currentParticipant: null, + returnAssignee: null, + reviewRequest: null, + completedStageIds: [], + lastDecisionId: null, + lastDecisionOutcome: null, + monitor: null, + }; +} + +function isoString(value: Date | string | null | undefined): string | null { + if (!value) return null; + if (value instanceof Date) return value.toISOString(); + return value; +} + +function monitorStatesEqual(left: IssueExecutionMonitorState | null, right: IssueExecutionMonitorState | null): boolean { + return JSON.stringify(left ?? null) === JSON.stringify(right ?? null); +} + +function executionStateWithMonitor( + stageState: IssueExecutionState | null, + monitorState: IssueExecutionMonitorState | null, +): IssueExecutionState | null { + if (!stageState && !monitorState) return null; + const base = stageState ? { ...stageState } : blankExecutionState(); + return { + ...base, + monitor: monitorState, + }; +} + +function derivePersistedMonitorState(input: { + issue: IssueLike; + state: IssueExecutionState | null; + policy: IssueExecutionPolicy | null; +}): IssueExecutionMonitorState | null { + const fromState = input.state?.monitor ?? null; + const scheduledMonitor = input.policy?.monitor ?? null; + const nextCheckAt = isoString(input.issue.monitorNextCheckAt) ?? scheduledMonitor?.nextCheckAt ?? fromState?.nextCheckAt ?? null; + const lastTriggeredAt = isoString(input.issue.monitorLastTriggeredAt) ?? fromState?.lastTriggeredAt ?? null; + const attemptCount = input.issue.monitorAttemptCount ?? fromState?.attemptCount ?? 0; + const notes = scheduledMonitor?.notes ?? normalizeMonitorNotes(input.issue.monitorNotes) ?? fromState?.notes ?? null; + const scheduledByRaw = input.issue.monitorScheduledBy ?? scheduledMonitor?.scheduledBy ?? fromState?.scheduledBy ?? null; + const scheduledBy = + scheduledByRaw === "assignee" || scheduledByRaw === "board" ? scheduledByRaw : null; + const metadata = scheduledMonitor ? monitorMetadataFromPolicy(scheduledMonitor) : monitorMetadataFromState(fromState); + + if (nextCheckAt) { + return { + status: "scheduled", + nextCheckAt, + lastTriggeredAt, + attemptCount, + notes, + scheduledBy, + ...metadata, + clearedAt: null, + clearReason: null, + }; + } + + if (fromState?.status === "cleared") { + return { + ...fromState, + notes, + scheduledBy, + attemptCount, + lastTriggeredAt, + ...metadata, + }; + } + + if (fromState?.status === "triggered" || lastTriggeredAt || attemptCount > 0) { + return { + status: "triggered", + nextCheckAt: null, + lastTriggeredAt, + attemptCount, + notes, + scheduledBy, + ...metadata, + clearedAt: null, + clearReason: null, + }; + } + + return null; +} + +function buildScheduledMonitorState( + previous: IssueExecutionMonitorState | null, + monitor: IssueExecutionMonitorPolicy, +): IssueExecutionMonitorState { + return { + status: "scheduled", + nextCheckAt: monitor.nextCheckAt, + lastTriggeredAt: previous?.lastTriggeredAt ?? null, + attemptCount: previous?.attemptCount ?? 0, + notes: monitor.notes ?? null, + scheduledBy: monitor.scheduledBy, + ...monitorMetadataFromPolicy(monitor), + clearedAt: null, + clearReason: null, + }; +} + +function buildTriggeredMonitorState(input: { + previous: IssueExecutionMonitorState | null; + triggeredAt: Date; +}): IssueExecutionMonitorState { + return { + status: "triggered", + nextCheckAt: null, + lastTriggeredAt: input.triggeredAt.toISOString(), + attemptCount: (input.previous?.attemptCount ?? 0) + 1, + notes: input.previous?.notes ?? null, + scheduledBy: input.previous?.scheduledBy ?? null, + ...monitorMetadataFromState(input.previous), + clearedAt: null, + clearReason: null, + }; +} + +function buildClearedMonitorState(input: { + previous: IssueExecutionMonitorState | null; + clearReason: IssueExecutionMonitorClearReason; + clearedAt: Date; +}): IssueExecutionMonitorState { + return { + status: "cleared", + nextCheckAt: null, + lastTriggeredAt: input.previous?.lastTriggeredAt ?? null, + attemptCount: input.previous?.attemptCount ?? 0, + notes: input.previous?.notes ?? null, + scheduledBy: input.previous?.scheduledBy ?? null, + ...monitorMetadataFromState(input.previous), + clearedAt: input.clearedAt.toISOString(), + clearReason: input.clearReason, + }; +} + +function issueAllowsMonitor(status: string, assigneeAgentId: string | null, assigneeUserId: string | null) { + return Boolean(assigneeAgentId) && !assigneeUserId && (status === "in_progress" || status === "in_review"); +} + +function monitorClearReasonForIssue( + status: string, + assigneeAgentId: string | null, + assigneeUserId: string | null, +): IssueExecutionMonitorClearReason | null { + if (status === "done") return "done"; + if (status === "cancelled") return "cancelled"; + if (!issueAllowsMonitor(status, assigneeAgentId, assigneeUserId)) { + if (assigneeUserId || !assigneeAgentId) return "invalid_assignee"; + return "invalid_status"; + } + return null; +} + +function parseMonitorDate(value: string | null | undefined) { + if (!value) return null; + const date = new Date(value); + return Number.isNaN(date.getTime()) ? null : date; +} + +function exhaustedMonitorClearReason(input: { + monitor: IssueExecutionMonitorPolicy; + attemptCount: number; + now: Date; +}): IssueExecutionMonitorClearReason | null { + const timeoutAt = parseMonitorDate(input.monitor.timeoutAt ?? null); + if (timeoutAt && input.now.getTime() >= timeoutAt.getTime()) { + return "timeout_exceeded"; + } + const maxAttempts = input.monitor.maxAttempts ?? null; + if (maxAttempts !== null && input.attemptCount >= maxAttempts) { + return "max_attempts_exhausted"; + } + return null; +} + +function nextAssigneeIds(input: { + issue: IssueLike; + requestedAssigneePatch: RequestedAssigneePatch; + stagePatch: Record; +}) { + const assigneeAgentId = + input.stagePatch.assigneeAgentId !== undefined + ? (input.stagePatch.assigneeAgentId as string | null) + : input.requestedAssigneePatch.assigneeAgentId !== undefined + ? input.requestedAssigneePatch.assigneeAgentId ?? null + : input.issue.assigneeAgentId ?? null; + const assigneeUserId = + input.stagePatch.assigneeUserId !== undefined + ? (input.stagePatch.assigneeUserId as string | null) + : input.requestedAssigneePatch.assigneeUserId !== undefined + ? input.requestedAssigneePatch.assigneeUserId ?? null + : input.issue.assigneeUserId ?? null; + return { assigneeAgentId, assigneeUserId }; +} + +export function stripMonitorFromExecutionPolicy(policy: IssueExecutionPolicy | null): IssueExecutionPolicy | null { + if (!policy) return null; + if (!policy.monitor) return policy; + if (policy.stages.length === 0) return null; + return { + mode: policy.mode, + commentRequired: policy.commentRequired, + stages: policy.stages, + }; +} + +export function setIssueExecutionPolicyMonitorScheduledBy( + policy: IssueExecutionPolicy | null, + scheduledBy: IssueMonitorScheduledBy, +): IssueExecutionPolicy | null { + if (!policy?.monitor) return policy; + return { + ...policy, + monitor: { + ...policy.monitor, + scheduledBy, + }, + }; +} export function normalizeIssueExecutionPolicy(input: unknown): IssueExecutionPolicy | null { if (input == null) return null; @@ -81,12 +373,27 @@ export function normalizeIssueExecutionPolicy(input: unknown): IssueExecutionPol }) .filter((stage): stage is NonNullable => stage !== null); - if (stages.length === 0) return null; + const monitor = parsed.data.monitor + ? { + nextCheckAt: parsed.data.monitor.nextCheckAt, + notes: normalizeMonitorNotes(parsed.data.monitor.notes), + scheduledBy: parsed.data.monitor.scheduledBy, + kind: parsed.data.monitor.kind ?? null, + serviceName: normalizeMonitorText(parsed.data.monitor.serviceName), + externalRef: redactIssueMonitorExternalRef(parsed.data.monitor.externalRef), + timeoutAt: parsed.data.monitor.timeoutAt ?? null, + maxAttempts: parsed.data.monitor.maxAttempts ?? null, + recoveryPolicy: parsed.data.monitor.recoveryPolicy ?? null, + } + : null; + + if (stages.length === 0 && !monitor) return null; return { mode: parsed.data.mode ?? "normal", commentRequired: true, stages, + ...(monitor ? { monitor } : {}), }; } @@ -173,6 +480,7 @@ function buildCompletedState(previous: IssueExecutionState | null, currentStage: completedStageIds, lastDecisionId: previous?.lastDecisionId ?? null, lastDecisionOutcome: "approved", + monitor: previous?.monitor ?? null, }; } @@ -192,6 +500,7 @@ function buildStateWithCompletedStages(input: { completedStageIds: input.completedStageIds, lastDecisionId: input.previous?.lastDecisionId ?? null, lastDecisionOutcome: input.previous?.lastDecisionOutcome ?? null, + monitor: input.previous?.monitor ?? null, }; } @@ -211,6 +520,7 @@ function buildSkippedStageCompletedState(input: { completedStageIds: input.completedStageIds, lastDecisionId: input.previous?.lastDecisionId ?? null, lastDecisionOutcome: input.previous?.lastDecisionOutcome ?? null, + monitor: input.previous?.monitor ?? null, }; } @@ -233,6 +543,7 @@ function buildPendingState(input: { completedStageIds: input.previous?.completedStageIds ?? [], lastDecisionId: input.previous?.lastDecisionId ?? null, lastDecisionOutcome: input.previous?.lastDecisionOutcome ?? null, + monitor: input.previous?.monitor ?? null, }; } @@ -293,7 +604,7 @@ function canAutoSkipPendingStage(input: { input.stage.participants.every((participant) => principalsEqual(participant, input.returnAssignee)); } -export function applyIssueExecutionPolicyTransition(input: TransitionInput): TransitionResult { +function applyIssueExecutionStageTransition(input: TransitionInput): TransitionResult { const patch: Record = {}; const existingState = parseIssueExecutionState(input.issue.executionState); const currentAssignee = assigneePrincipal(input.issue); @@ -560,3 +871,180 @@ export function applyIssueExecutionPolicyTransition(input: TransitionInput): Tra workflowControlledAssignment: true, }; } + +function applyMonitorTransition(input: TransitionInput, stagePatch: Record) { + const patch: Record = {}; + const previousPolicy = input.previousPolicy ?? normalizeIssueExecutionPolicy(input.issue.executionPolicy ?? null); + const existingState = parseIssueExecutionState(input.issue.executionState); + const currentMonitorState = derivePersistedMonitorState({ + issue: input.issue, + state: existingState, + policy: previousPolicy, + }); + const nextStatus = + typeof stagePatch.status === "string" + ? (stagePatch.status as string) + : input.requestedStatus ?? input.issue.status; + const { assigneeAgentId, assigneeUserId } = nextAssigneeIds({ + issue: input.issue, + requestedAssigneePatch: input.requestedAssigneePatch, + stagePatch, + }); + const stageState = + stagePatch.executionState !== undefined + ? parseIssueExecutionState(stagePatch.executionState) + : existingState; + const invalidReason = input.policy?.monitor + ? monitorClearReasonForIssue(nextStatus, assigneeAgentId, assigneeUserId) + : null; + + let targetMonitorState = currentMonitorState; + + if (input.policy?.monitor) { + if (invalidReason) { + if (input.monitorExplicitlyUpdated) { + throw unprocessable(MONITOR_INVALID_MESSAGE); + } + patch.executionPolicy = stripMonitorFromExecutionPolicy(input.policy); + patch.monitorNextCheckAt = null; + patch.monitorWakeRequestedAt = null; + targetMonitorState = buildClearedMonitorState({ + previous: currentMonitorState, + clearReason: invalidReason, + clearedAt: new Date(), + }); + } else { + const exhaustedReason = exhaustedMonitorClearReason({ + monitor: input.policy.monitor, + attemptCount: currentMonitorState?.attemptCount ?? 0, + now: new Date(), + }); + if (exhaustedReason) { + if (input.monitorExplicitlyUpdated) { + throw unprocessable(MONITOR_BOUNDS_EXHAUSTED_MESSAGE, { clearReason: exhaustedReason }); + } + patch.executionPolicy = stripMonitorFromExecutionPolicy(input.policy); + patch.monitorNextCheckAt = null; + patch.monitorWakeRequestedAt = null; + targetMonitorState = buildClearedMonitorState({ + previous: currentMonitorState, + clearReason: exhaustedReason, + clearedAt: new Date(), + }); + } else { + patch.monitorNextCheckAt = new Date(input.policy.monitor.nextCheckAt); + patch.monitorWakeRequestedAt = null; + patch.monitorNotes = input.policy.monitor.notes ?? null; + patch.monitorScheduledBy = input.policy.monitor.scheduledBy; + targetMonitorState = buildScheduledMonitorState(currentMonitorState, input.policy.monitor); + } + } + } else if (previousPolicy?.monitor) { + patch.monitorNextCheckAt = null; + patch.monitorWakeRequestedAt = null; + targetMonitorState = buildClearedMonitorState({ + previous: currentMonitorState, + clearReason: + input.monitorExplicitlyUpdated + ? "manual" + : monitorClearReasonForIssue(nextStatus, assigneeAgentId, assigneeUserId) ?? "manual", + clearedAt: new Date(), + }); + } + + if (stagePatch.executionState !== undefined || !monitorStatesEqual(currentMonitorState, targetMonitorState)) { + patch.executionState = executionStateWithMonitor(stageState, targetMonitorState); + } + + return patch; +} + +export function buildInitialIssueMonitorFields(input: { + policy: IssueExecutionPolicy | null; + status: string; + assigneeAgentId?: string | null; + assigneeUserId?: string | null; +}) { + if (!input.policy?.monitor) return {}; + if (!issueAllowsMonitor(input.status, input.assigneeAgentId ?? null, input.assigneeUserId ?? null)) { + throw unprocessable(MONITOR_INVALID_MESSAGE); + } + const exhaustedReason = exhaustedMonitorClearReason({ + monitor: input.policy.monitor, + attemptCount: 0, + now: new Date(), + }); + if (exhaustedReason) { + throw unprocessable(MONITOR_BOUNDS_EXHAUSTED_MESSAGE, { clearReason: exhaustedReason }); + } + + const monitorState = buildScheduledMonitorState(null, input.policy.monitor); + return { + monitorNextCheckAt: new Date(input.policy.monitor.nextCheckAt), + monitorWakeRequestedAt: null, + monitorNotes: input.policy.monitor.notes ?? null, + monitorScheduledBy: input.policy.monitor.scheduledBy, + executionState: executionStateWithMonitor(null, monitorState) as Record | null, + }; +} + +export function buildIssueMonitorTriggeredPatch(input: { + issue: IssueLike; + policy: IssueExecutionPolicy | null; + triggeredAt: Date; +}) { + const existingState = parseIssueExecutionState(input.issue.executionState); + const currentMonitorState = derivePersistedMonitorState({ + issue: input.issue, + state: existingState, + policy: input.policy, + }); + const nextMonitorState = buildTriggeredMonitorState({ + previous: currentMonitorState, + triggeredAt: input.triggeredAt, + }); + + return { + executionPolicy: stripMonitorFromExecutionPolicy(input.policy) as Record | null, + executionState: executionStateWithMonitor(existingState, nextMonitorState) as Record | null, + monitorNextCheckAt: null, + monitorWakeRequestedAt: null, + monitorLastTriggeredAt: input.triggeredAt, + monitorAttemptCount: nextMonitorState.attemptCount, + monitorNotes: nextMonitorState.notes, + monitorScheduledBy: nextMonitorState.scheduledBy, + }; +} + +export function buildIssueMonitorClearedPatch(input: { + issue: IssueLike; + policy: IssueExecutionPolicy | null; + clearReason: IssueExecutionMonitorClearReason; + clearedAt?: Date; +}) { + const existingState = parseIssueExecutionState(input.issue.executionState); + const currentMonitorState = derivePersistedMonitorState({ + issue: input.issue, + state: existingState, + policy: input.policy, + }); + const nextMonitorState = buildClearedMonitorState({ + previous: currentMonitorState, + clearReason: input.clearReason, + clearedAt: input.clearedAt ?? new Date(), + }); + + return { + executionPolicy: stripMonitorFromExecutionPolicy(input.policy) as Record | null, + executionState: executionStateWithMonitor(existingState, nextMonitorState) as Record | null, + monitorNextCheckAt: null, + monitorWakeRequestedAt: null, + }; +} + +export function applyIssueExecutionPolicyTransition(input: TransitionInput): TransitionResult { + const stageResult = applyIssueExecutionStageTransition(input); + const monitorPatch = applyMonitorTransition(input, stageResult.patch); + Object.assign(stageResult.patch, monitorPatch); + return stageResult; +} diff --git a/server/src/services/issue-thread-interactions.ts b/server/src/services/issue-thread-interactions.ts index de6e1654..80b31c11 100644 --- a/server/src/services/issue-thread-interactions.ts +++ b/server/src/services/issue-thread-interactions.ts @@ -839,6 +839,7 @@ export function issueThreadInteractionService(db: Db) { title: task.title, description: task.description ?? null, status: "todo", + workMode: task.workMode ?? "standard", priority: task.priority ?? "medium", assigneeAgentId: task.assigneeAgentId ?? null, assigneeUserId: task.assigneeUserId ?? null, diff --git a/server/src/services/issues.ts b/server/src/services/issues.ts index 8990a730..2d4ba3ff 100644 --- a/server/src/services/issues.ts +++ b/server/src/services/issues.ts @@ -1,5 +1,5 @@ import { Buffer } from "node:buffer"; -import { and, asc, desc, eq, gt, inArray, isNull, lt, ne, notInArray, or, sql } from "drizzle-orm"; +import { and, asc, desc, eq, gt, inArray, isNull, like, lt, ne, notInArray, or, sql } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; import { activityLog, @@ -28,13 +28,26 @@ import { projects, } from "@paperclipai/db"; import type { + IssueCommentAuthorType, + IssueCommentMetadata, + IssueCommentPresentation, IssueBlockerAttention, IssueProductivityReview, IssueProductivityReviewTrigger, IssueRelationIssueSummary, } from "@paperclipai/shared"; -import { clampIssueRequestDepth, extractAgentMentionIds, extractProjectMentionIds, isUuidLike } from "@paperclipai/shared"; +import { + clampIssueRequestDepth, + extractAgentMentionIds, + extractProjectMentionIds, + issueCommentAuthorTypeSchema, + issueCommentMetadataSchema, + issueCommentPresentationSchema, + isUuidLike, + normalizeIssueIdentifier as normalizeIssueReferenceIdentifier, +} from "@paperclipai/shared"; import { conflict, notFound, unprocessable } from "../errors.js"; +import { parseObject } from "../adapters/utils.js"; import { defaultIssueExecutionWorkspaceSettingsForProject, gateProjectExecutionWorkspacePolicy, @@ -43,6 +56,7 @@ import { parseProjectExecutionWorkspacePolicy, } from "./execution-workspace-policy.js"; import { mergeExecutionWorkspaceConfig } from "./execution-workspaces.js"; +import { buildInitialIssueMonitorFields, normalizeIssueExecutionPolicy } from "./issue-execution-policy.js"; import { instanceSettingsService } from "./instance-settings.js"; import { redactCurrentUserText } from "../log-redaction.js"; import { resolveIssueGoalId, resolveNextIssueGoalId } from "./issue-goal-fallback.js"; @@ -119,9 +133,11 @@ export interface IssueFilters { descendantOf?: string; labelId?: string; originKind?: string; + originKindPrefix?: string; originId?: string; includeRoutineExecutions?: boolean; excludeRoutineExecutions?: boolean; + includePluginOperations?: boolean; includeBlockedBy?: boolean; q?: string; limit?: number; @@ -140,6 +156,19 @@ type IssueActiveRunRow = { finishedAt: Date | null; createdAt: Date; }; +type IssueScheduledRetryRow = { + runId: string; + status: "scheduled_retry" | "queued" | "running" | "cancelled"; + agentId: string; + agentName: string | null; + retryOfRunId: string | null; + scheduledRetryAt: Date | null; + scheduledRetryAttempt: number; + scheduledRetryReason: string | null; + retryExhaustedReason?: string | null; + error?: string | null; + errorCode?: string | null; +}; type IssueWithLabels = IssueRow & { labels: IssueLabelRow[]; labelIds: string[] }; type IssueWithLabelsAndRun = IssueWithLabels & { activeRun: IssueActiveRunRow | null }; type IssueUserCommentStats = { @@ -555,6 +584,19 @@ function inboxVisibleForUserCondition(companyId: string, userId: string) { `; } +function nonPluginOperationIssueCondition() { + return sql`NOT (${issues.originKind} LIKE 'plugin:%:operation' OR ${issues.originKind} LIKE 'plugin:%:operation:%')`; +} + +function shouldIncludePluginOperationIssues(filters: IssueFilters | undefined) { + return Boolean( + filters?.includePluginOperations || + filters?.originKind || + filters?.originId || + filters?.projectId, + ); +} + /** Named entities commonly emitted in saved issue bodies; unknown `&name;` sequences are left unchanged. */ const WELL_KNOWN_NAMED_HTML_ENTITIES: Readonly> = { amp: "&", @@ -1267,6 +1309,9 @@ async function listIssueBlockerAttentionMap( if (explicitWaitingIssueIds.has(node.id)) { return { covered: true, stalled: false, sampleBlockerIdentifier: nodeSample, sampleStalledBlockerIdentifier: null }; } + if (node.assigneeUserId && node.status !== "cancelled") { + return { covered: true, stalled: false, sampleBlockerIdentifier: nodeSample, sampleStalledBlockerIdentifier: null }; + } if (node.status === "in_review") { const hasWaitingPath = activeIssueIds.has(node.id) || Boolean(node.assigneeUserId); if (hasWaitingPath) { @@ -1280,6 +1325,9 @@ async function listIssueBlockerAttentionMap( if (node.status === "cancelled") { return { covered: false, stalled: false, sampleBlockerIdentifier: nodeSample, sampleStalledBlockerIdentifier: null }; } + if (node.status === "backlog" && node.assigneeAgentId) { + return { covered: false, stalled: false, sampleBlockerIdentifier: nodeSample, sampleStalledBlockerIdentifier: null }; + } const downstream = (edgesByIssueId.get(node.id) ?? []).filter((edge) => nodesById.get(edge.blockerIssueId)?.status !== "done"); if (downstream.length > 0) { @@ -1401,6 +1449,7 @@ const issueListSelect = { END `, status: issues.status, + workMode: issues.workMode, priority: issues.priority, assigneeAgentId: issues.assigneeAgentId, assigneeUserId: issues.assigneeUserId, @@ -1421,6 +1470,12 @@ const issueListSelect = { assigneeAdapterOverrides: issues.assigneeAdapterOverrides, executionPolicy: sql`null`, executionState: sql`null`, + monitorNextCheckAt: issues.monitorNextCheckAt, + monitorWakeRequestedAt: issues.monitorWakeRequestedAt, + monitorLastTriggeredAt: issues.monitorLastTriggeredAt, + monitorAttemptCount: issues.monitorAttemptCount, + monitorNotes: issues.monitorNotes, + monitorScheduledBy: issues.monitorScheduledBy, executionWorkspaceId: issues.executionWorkspaceId, executionWorkspacePreference: issues.executionWorkspacePreference, executionWorkspaceSettings: sql`null`, @@ -1650,10 +1705,77 @@ export function issueService(db: Db) { return enriched; } - function redactIssueComment(comment: T, censorUsernameInLogs: boolean): T { + async function getCurrentScheduledRetryForIssue(issueId: string, companyId: string): Promise { + const row = await db + .select({ + runId: heartbeatRuns.id, + status: heartbeatRuns.status, + agentId: heartbeatRuns.agentId, + agentName: agents.name, + retryOfRunId: heartbeatRuns.retryOfRunId, + scheduledRetryAt: heartbeatRuns.scheduledRetryAt, + scheduledRetryAttempt: heartbeatRuns.scheduledRetryAttempt, + scheduledRetryReason: heartbeatRuns.scheduledRetryReason, + error: heartbeatRuns.error, + errorCode: heartbeatRuns.errorCode, + }) + .from(heartbeatRuns) + .innerJoin(agents, eq(heartbeatRuns.agentId, agents.id)) + .where( + and( + eq(heartbeatRuns.companyId, companyId), + eq(heartbeatRuns.status, "scheduled_retry"), + sql`${heartbeatRuns.contextSnapshot} ->> 'issueId' = ${issueId}`, + ), + ) + .orderBy(asc(heartbeatRuns.scheduledRetryAt), asc(heartbeatRuns.createdAt), asc(heartbeatRuns.id)) + .limit(1) + .then((rows) => rows[0] ?? null); + + return row ? { ...row, status: "scheduled_retry" } : null; + } + + function deriveIssueCommentAuthorType(comment: { + authorType?: string | null; + authorAgentId?: string | null; + authorUserId?: string | null; + }): IssueCommentAuthorType { + const explicit = issueCommentAuthorTypeSchema.safeParse(comment.authorType); + if (explicit.success) return explicit.data; + if (comment.authorAgentId) return "agent"; + if (comment.authorUserId) return "user"; + return "system"; + } + + function assertIssueCommentAuthorTypeAllowed( + actor: { agentId?: string | null; userId?: string | null }, + authorType: IssueCommentAuthorType, + ) { + if (actor.agentId && authorType !== "agent") { + throw unprocessable("Comment authorType must match authenticated actor"); + } + if (actor.userId && authorType !== "user") { + throw unprocessable("Comment authorType must match authenticated actor"); + } + if (!actor.agentId && !actor.userId && authorType !== "system") { + throw unprocessable("System comments cannot use user or agent authorType without an author id"); + } + } + + function redactIssueComment( + comment: T, + censorUsernameInLogs: boolean, + ): T & { + authorType: IssueCommentAuthorType; + presentation: IssueCommentPresentation | null; + metadata: IssueCommentMetadata | null; + } { return { ...comment, + authorType: deriveIssueCommentAuthorType(comment), body: redactCurrentUserText(comment.body, { enabled: censorUsernameInLogs }), + presentation: issueCommentPresentationSchema.nullable().catch(null).parse(comment.presentation ?? null), + metadata: issueCommentMetadataSchema.nullable().catch(null).parse(comment.metadata ?? null), }; } @@ -2187,7 +2309,11 @@ export function issueService(db: Db) { } if (filters?.parentId) conditions.push(eq(issues.parentId, filters.parentId)); if (filters?.originKind) conditions.push(eq(issues.originKind, filters.originKind)); + if (filters?.originKindPrefix) conditions.push(like(issues.originKind, `${filters.originKindPrefix}%`)); if (filters?.originId) conditions.push(eq(issues.originId, filters.originId)); + if (!shouldIncludePluginOperationIssues(filters)) { + conditions.push(nonPluginOperationIssueCondition()); + } if (filters?.labelId) { const labeledIssueIds = await db .select({ issueId: issueLabels.issueId }) @@ -2319,6 +2445,7 @@ export function issueService(db: Db) { const conditions = [ eq(issues.companyId, companyId), isNull(issues.hiddenAt), + nonPluginOperationIssueCondition(), unreadForUserCondition(companyId, userId), ]; if (status) { @@ -2410,8 +2537,9 @@ export function issueService(db: Db) { getById: async (raw: string) => { const id = raw.trim(); - if (/^[A-Z]+-\d+$/i.test(id)) { - return getIssueByIdentifier(id); + const identifier = normalizeIssueReferenceIdentifier(id); + if (identifier) { + return getIssueByIdentifier(identifier); } if (!isUuidLike(id)) { return null; @@ -2423,6 +2551,16 @@ export function issueService(db: Db) { return getIssueByIdentifier(identifier); }, + getCurrentScheduledRetry: async (issueId: string) => { + const issue = await db + .select({ id: issues.id, companyId: issues.companyId }) + .from(issues) + .where(eq(issues.id, issueId)) + .then((rows) => rows[0] ?? null); + if (!issue) throw notFound("Issue not found"); + return getCurrentScheduledRetryForIssue(issue.id, issue.companyId); + }, + getRelationSummaries: async (issueId: string) => { const issue = await db .select({ id: issues.id, companyId: issues.companyId }) @@ -2726,24 +2864,68 @@ export function issueService(db: Db) { } } } + // Cache the project policy lookup for this insert. Both the + // default-settings block and the assignee-environment-promotion block + // need the same row; without caching they'd issue two round-trips. + let projectPolicyCached: ReturnType | null = null; + let projectPolicyLoaded = false; + const loadProjectPolicyOnce = async () => { + if (projectPolicyLoaded) return projectPolicyCached; + projectPolicyLoaded = true; + if (!issueData.projectId) return null; + const projectRow = await tx + .select({ executionWorkspacePolicy: projects.executionWorkspacePolicy }) + .from(projects) + .where(and(eq(projects.id, issueData.projectId), eq(projects.companyId, companyId))) + .then((rows) => rows[0] ?? null); + projectPolicyCached = parseProjectExecutionWorkspacePolicy(projectRow?.executionWorkspacePolicy); + return projectPolicyCached; + }; + if ( executionWorkspaceSettings == null && executionWorkspaceId == null && issueData.projectId ) { - const project = await tx - .select({ executionWorkspacePolicy: projects.executionWorkspacePolicy }) - .from(projects) - .where(and(eq(projects.id, issueData.projectId), eq(projects.companyId, companyId))) - .then((rows) => rows[0] ?? null); executionWorkspaceSettings = defaultIssueExecutionWorkspaceSettingsForProject( gateProjectExecutionWorkspacePolicy( - parseProjectExecutionWorkspacePolicy(project?.executionWorkspacePolicy), + await loadProjectPolicyOnce(), isolatedWorkspacesEnabled, ), ) as Record | null; } + if (data.assigneeAgentId && isolatedWorkspacesEnabled) { + const currentWorkspaceSettings = executionWorkspaceSettings == null + ? {} + : parseObject(executionWorkspaceSettings); + const issueHasEnvironmentSelection = + Object.prototype.hasOwnProperty.call(currentWorkspaceSettings, "environmentId"); + // Don't promote the assignee agent's defaultEnvironmentId if either + // the issue or the project policy already specifies an environment. + // resolveExecutionWorkspaceEnvironmentId treats issue settings as + // higher priority than project policy, so promoting the agent's + // default to issue settings would invert the documented priority + // (project policy must win over agent default when explicitly set). + let projectHasEnvironmentSelection = false; + if (!issueHasEnvironmentSelection && issueData.projectId) { + const projectPolicy = await loadProjectPolicyOnce(); + projectHasEnvironmentSelection = projectPolicy?.environmentId !== undefined; + } + if (!issueHasEnvironmentSelection && !projectHasEnvironmentSelection) { + const assigneeAgent = await tx + .select({ defaultEnvironmentId: agents.defaultEnvironmentId }) + .from(agents) + .where(and(eq(agents.id, data.assigneeAgentId), eq(agents.companyId, companyId))) + .then((rows) => rows[0] ?? null); + if (typeof assigneeAgent?.defaultEnvironmentId === "string" && assigneeAgent.defaultEnvironmentId.length > 0) { + executionWorkspaceSettings = { + ...currentWorkspaceSettings, + environmentId: assigneeAgent.defaultEnvironmentId, + }; + } + } + } if (!projectWorkspaceId && issueData.projectId) { const project = await tx .select({ @@ -2815,6 +2997,15 @@ export function issueService(db: Db) { if (values.status === "cancelled") { values.cancelledAt = new Date(); } + Object.assign( + values, + buildInitialIssueMonitorFields({ + policy: normalizeIssueExecutionPolicy(issueData.executionPolicy ?? null), + status: values.status ?? "backlog", + assigneeAgentId: values.assigneeAgentId ?? null, + assigneeUserId: values.assigneeUserId ?? null, + }), + ); const [issue] = await tx.insert(issues).values(values).returning(); if (inputLabelIds) { @@ -2962,6 +3153,94 @@ export function issueService(db: Db) { issueData.projectId !== undefined ? issueData.projectId : existing.projectId, ), ]); + + // Mirror the create() path: when the assignee changes to a non-null + // agent, default the issue's executionWorkspaceSettings.environmentId + // to the new agent's defaultEnvironmentId. Skip when: + // - this update explicitly sets executionWorkspaceSettings.environmentId + // (caller is making a deliberate override; respect it), OR + // - the project policy already specifies an environmentId (project + // policy must win over agent default per the documented priority + // order in resolveExecutionWorkspaceEnvironmentId), OR + // - the issue already has an environmentId that was *not* the prior + // assignee's default (i.e., the operator set it explicitly in an + // earlier update; preserve their choice). When the existing + // environmentId matches the prior assignee's default, treat it as + // auto-promoted and refresh it to the new assignee's default. + const assigneeChanged = + issueData.assigneeAgentId !== undefined && + issueData.assigneeAgentId !== null && + issueData.assigneeAgentId !== existing.assigneeAgentId; + const explicitEnvInThisUpdate = + issueData.executionWorkspaceSettings !== undefined && + Object.prototype.hasOwnProperty.call( + parseObject(issueData.executionWorkspaceSettings), + "environmentId", + ); + if (assigneeChanged && isolatedWorkspacesEnabled && !explicitEnvInThisUpdate) { + let projectHasEnvironmentSelection = false; + if (nextProjectId) { + const projectRow = await tx + .select({ executionWorkspacePolicy: projects.executionWorkspacePolicy }) + .from(projects) + .where(and(eq(projects.id, nextProjectId), eq(projects.companyId, existing.companyId))) + .then((rows: Array<{ executionWorkspacePolicy: unknown }>) => rows[0] ?? null); + const projectPolicy = parseProjectExecutionWorkspacePolicy(projectRow?.executionWorkspacePolicy); + projectHasEnvironmentSelection = projectPolicy?.environmentId !== undefined; + } + if (!projectHasEnvironmentSelection) { + const baseSettings = nextExecutionWorkspaceSettings == null + ? {} + : parseObject(nextExecutionWorkspaceSettings); + const existingEnvId = typeof baseSettings.environmentId === "string" + ? baseSettings.environmentId + : null; + + // Look up both the prior assignee (to detect auto-promoted env) + // and the new assignee in a single query. + type AgentRow = { id: string; defaultEnvironmentId: string | null }; + const agentRows: AgentRow[] = await tx + .select({ id: agents.id, defaultEnvironmentId: agents.defaultEnvironmentId }) + .from(agents) + .where( + and( + eq(agents.companyId, existing.companyId), + inArray( + agents.id, + [issueData.assigneeAgentId!, existing.assigneeAgentId].filter( + (value): value is string => typeof value === "string", + ), + ), + ), + ); + + const newAssignee = agentRows.find((row: AgentRow) => row.id === issueData.assigneeAgentId); + const previousAssignee = existing.assigneeAgentId + ? agentRows.find((row: AgentRow) => row.id === existing.assigneeAgentId) + : null; + + const newDefaultEnvId = + typeof newAssignee?.defaultEnvironmentId === "string" && newAssignee.defaultEnvironmentId.length > 0 + ? newAssignee.defaultEnvironmentId + : null; + const previousDefaultEnvId = + typeof previousAssignee?.defaultEnvironmentId === "string" && previousAssignee.defaultEnvironmentId.length > 0 + ? previousAssignee.defaultEnvironmentId + : null; + + const existingEnvWasAutoPromoted = + existingEnvId === null || + (previousDefaultEnvId !== null && existingEnvId === previousDefaultEnvId); + + if (newDefaultEnvId && existingEnvWasAutoPromoted) { + patch.executionWorkspaceSettings = { + ...baseSettings, + environmentId: newDefaultEnvId, + }; + } + } + } + patch.goalId = resolveNextIssueGoalId({ currentProjectId: existing.projectId, currentGoalId: existing.goalId, @@ -3567,6 +3846,12 @@ export function issueService(db: Db) { issueId: string, body: string, actor: { agentId?: string; userId?: string; runId?: string | null }, + options?: { + authorType?: IssueCommentAuthorType | null; + presentation?: IssueCommentPresentation | null; + metadata?: IssueCommentMetadata | null; + createdAt?: Date | string | null; + }, ) => { const issue = await db .select({ companyId: issues.companyId }) @@ -3580,6 +3865,13 @@ export function issueService(db: Db) { enabled: (await instanceSettings.getGeneral()).censorUsernameInLogs, }; const redactedBody = redactCurrentUserText(body, currentUserRedactionOptions); + const authorType = issueCommentAuthorTypeSchema.parse( + options?.authorType ?? (actor.agentId ? "agent" : actor.userId ? "user" : "system"), + ); + assertIssueCommentAuthorTypeAllowed(actor, authorType); + const presentation = issueCommentPresentationSchema.nullable().parse(options?.presentation ?? null); + const metadata = issueCommentMetadataSchema.nullable().parse(options?.metadata ?? null); + const createdAt = options?.createdAt ? new Date(options.createdAt) : null; const [comment] = await db .insert(issueComments) .values({ @@ -3587,8 +3879,12 @@ export function issueService(db: Db) { issueId, authorAgentId: actor.agentId ?? null, authorUserId: actor.userId ?? null, + authorType, createdByRunId: actor.runId ?? null, body: redactedBody, + presentation, + metadata, + ...(createdAt && !Number.isNaN(createdAt.getTime()) ? { createdAt } : {}), }) .returning(); diff --git a/server/src/services/plugin-capability-validator.ts b/server/src/services/plugin-capability-validator.ts index e69332ca..ef54d61d 100644 --- a/server/src/services/plugin-capability-validator.ts +++ b/server/src/services/plugin-capability-validator.ts @@ -47,6 +47,12 @@ const OPERATION_CAPABILITIES: Record = { "companies.get": ["companies.read"], "projects.list": ["projects.read"], "projects.get": ["projects.read"], + "projects.managed.get": ["projects.managed"], + "projects.managed.reconcile": ["projects.managed"], + "projects.managed.reset": ["projects.managed"], + "routines.managed.get": ["routines.managed"], + "routines.managed.reconcile": ["routines.managed"], + "routines.managed.reset": ["routines.managed"], "project.workspaces.list": ["project.workspaces.read"], "project.workspaces.get": ["project.workspaces.read"], "issues.list": ["issues.read"], @@ -56,6 +62,9 @@ const OPERATION_CAPABILITIES: Record = { "issue.comments.get": ["issue.comments.read"], "agents.list": ["agents.read"], "agents.get": ["agents.read"], + "agents.managed.get": ["agents.managed"], + "agents.managed.reconcile": ["agents.managed"], + "agents.managed.reset": ["agents.managed"], "goals.list": ["goals.read"], "goals.get": ["goals.read"], "activity.list": ["activity.read"], @@ -65,6 +74,12 @@ const OPERATION_CAPABILITIES: Record = { "issues.summaries.getOrchestration": ["issues.orchestration.read"], "db.namespace": ["database.namespace.read"], "db.query": ["database.namespace.read"], + "localFolders.declarations": [], + "localFolders.configure": ["local.folders"], + "localFolders.status": ["local.folders"], + "localFolders.list": ["local.folders"], + "localFolders.readText": ["local.folders"], + "localFolders.writeTextAtomic": ["local.folders"], // Data write operations "issues.create": ["issues.create"], @@ -133,6 +148,7 @@ const UI_SLOT_CAPABILITIES: Record = { commentAnnotation: "ui.commentAnnotation.register", commentContextMenuItem: "ui.action.register", settingsPage: "instance.settings.register", + routeSidebar: "ui.sidebar.register", }; /** @@ -167,6 +183,9 @@ const FEATURE_CAPABILITIES: Record = { webhooks: "webhooks.receive", database: "database.namespace.migrate", environmentDrivers: "environment.drivers.register", + agents: "agents.managed", + projects: "projects.managed", + routines: "routines.managed", }; // --------------------------------------------------------------------------- diff --git a/server/src/services/plugin-database.ts b/server/src/services/plugin-database.ts index e1822e45..e6811702 100644 --- a/server/src/services/plugin-database.ts +++ b/server/src/services/plugin-database.ts @@ -303,7 +303,19 @@ function resolveMigrationsDir(packageRoot: string, migrationsDir: string): strin return resolvedDir; } -export function pluginDatabaseService(db: Db) { +type PluginDatabaseClient = Pick; +type PluginDatabaseRootClient = PluginDatabaseClient & Partial>; + +export interface ApplyPluginMigrationsOptions { + /** + * Persist failed migration ledger rows. Fresh install uses false because the + * caller owns a larger transaction and must roll back the plugin row and + * namespace together. + */ + persistFailure?: boolean; +} + +export function pluginDatabaseService(db: PluginDatabaseRootClient) { async function getPluginRecord(pluginId: string) { const rows = await db.select().from(plugins).where(eq(plugins.id, pluginId)).limit(1); const plugin = rows[0]; @@ -311,14 +323,18 @@ export function pluginDatabaseService(db: Db) { return plugin; } - async function ensureNamespace(pluginId: string, manifest: PaperclipPluginManifestV1) { + async function ensureNamespaceWithClient( + client: PluginDatabaseClient, + pluginId: string, + manifest: PaperclipPluginManifestV1, + ) { if (!manifest.database) return null; const namespaceName = derivePluginDatabaseNamespace( manifest.id, manifest.database.namespaceSlug, ); - await db.execute(sql.raw(`CREATE SCHEMA IF NOT EXISTS ${quoteIdentifier(namespaceName)}`)); - const rows = await db + await client.execute(sql.raw(`CREATE SCHEMA IF NOT EXISTS ${quoteIdentifier(namespaceName)}`)); + const rows = await client .insert(pluginDatabaseNamespaces) .values({ pluginId, @@ -341,6 +357,10 @@ export function pluginDatabaseService(db: Db) { return rows[0] ?? null; } + async function ensureNamespace(pluginId: string, manifest: PaperclipPluginManifestV1) { + return ensureNamespaceWithClient(db, pluginId, manifest); + } + async function getNamespace(pluginId: string) { const rows = await db .select() @@ -358,7 +378,7 @@ export function pluginDatabaseService(db: Db) { return namespace.namespaceName; } - async function recordMigrationFailure(input: { + async function recordMigrationFailure(client: PluginDatabaseClient, input: { pluginId: string; pluginKey: string; namespaceName: string; @@ -368,7 +388,7 @@ export function pluginDatabaseService(db: Db) { error: unknown; }): Promise { const message = input.error instanceof Error ? input.error.message : String(input.error); - await db + await client .insert(pluginMigrations) .values({ pluginId: input.pluginId, @@ -391,7 +411,7 @@ export function pluginDatabaseService(db: Db) { appliedAt: null, }, }); - await db + await client .update(pluginDatabaseNamespaces) .set({ status: "migration_failed", updatedAt: new Date() }) .where(eq(pluginDatabaseNamespaces.pluginId, input.pluginId)); @@ -400,7 +420,12 @@ export function pluginDatabaseService(db: Db) { return { ensureNamespace, - async applyMigrations(pluginId: string, manifest: PaperclipPluginManifestV1, packageRoot: string) { + async applyMigrations( + pluginId: string, + manifest: PaperclipPluginManifestV1, + packageRoot: string, + options: ApplyPluginMigrationsOptions = {}, + ) { if (!manifest.database) return null; const namespace = await ensureNamespace(pluginId, manifest); if (!namespace) return null; @@ -409,13 +434,14 @@ export function pluginDatabaseService(db: Db) { const migrationFiles = await listSqlMigrationFiles(migrationDir); const coreReadTables = manifest.database.coreReadTables ?? []; const lockKey = Number.parseInt(createHash("sha256").update(pluginId).digest("hex").slice(0, 12), 16); + const persistFailure = options.persistFailure ?? true; - await db.transaction(async (tx) => { - await tx.execute(sql`SELECT pg_advisory_xact_lock(${lockKey})`); + const applyWithClient = async (client: PluginDatabaseClient) => { + await client.execute(sql`SELECT pg_advisory_xact_lock(${lockKey})`); for (const migrationKey of migrationFiles) { const content = await readFile(path.join(migrationDir, migrationKey), "utf8"); const checksum = createHash("sha256").update(content).digest("hex"); - const existingRows = await tx + const existingRows = await client .select() .from(pluginMigrations) .where(and(eq(pluginMigrations.pluginId, pluginId), eq(pluginMigrations.migrationKey, migrationKey))) @@ -435,9 +461,9 @@ export function pluginDatabaseService(db: Db) { } for (const statement of statements) { validatePluginMigrationStatement(statement, namespace.namespaceName, coreReadTables); - await tx.execute(sql.raw(statement)); + await client.execute(sql.raw(statement)); } - await tx + await client .insert(pluginMigrations) .values({ pluginId, @@ -461,19 +487,27 @@ export function pluginDatabaseService(db: Db) { }, }); } catch (error) { - await recordMigrationFailure({ - pluginId, - pluginKey: manifest.id, - namespaceName: namespace.namespaceName, - migrationKey, - checksum, - pluginVersion: manifest.version, - error, - }); + if (persistFailure) { + await recordMigrationFailure(db, { + pluginId, + pluginKey: manifest.id, + namespaceName: namespace.namespaceName, + migrationKey, + checksum, + pluginVersion: manifest.version, + error, + }); + } throw error; } } - }); + }; + + if (typeof db.transaction === "function") { + await db.transaction(async (tx) => applyWithClient(tx as PluginDatabaseClient)); + } else { + await applyWithClient(db); + } return namespace; }, diff --git a/server/src/services/plugin-environment-driver.ts b/server/src/services/plugin-environment-driver.ts index d43c79b7..aa5d9278 100644 --- a/server/src/services/plugin-environment-driver.ts +++ b/server/src/services/plugin-environment-driver.ts @@ -247,6 +247,7 @@ export async function resumePluginEnvironmentLease(input: { workerManager: PluginWorkerManager; companyId: string; environmentId: string; + issueId?: string | null; config: PluginEnvironmentConfig; providerLeaseId: string; leaseMetadata?: Record; @@ -256,6 +257,7 @@ export async function resumePluginEnvironmentLease(input: { driverKey: input.config.driverKey, companyId: input.companyId, environmentId: input.environmentId, + issueId: input.issueId ?? null, config: input.config.driverConfig, providerLeaseId: input.providerLeaseId, leaseMetadata: input.leaseMetadata, @@ -267,6 +269,7 @@ export async function destroyPluginEnvironmentLease(input: { workerManager: PluginWorkerManager; companyId: string; environmentId: string; + issueId?: string | null; config: PluginEnvironmentConfig; providerLeaseId: string | null; leaseMetadata?: Record; @@ -276,6 +279,7 @@ export async function destroyPluginEnvironmentLease(input: { driverKey: input.config.driverKey, companyId: input.companyId, environmentId: input.environmentId, + issueId: input.issueId ?? null, config: input.config.driverConfig, providerLeaseId: input.providerLeaseId, leaseMetadata: input.leaseMetadata, diff --git a/server/src/services/plugin-host-services.ts b/server/src/services/plugin-host-services.ts index fbb2dc05..3d4c8947 100644 --- a/server/src/services/plugin-host-services.ts +++ b/server/src/services/plugin-host-services.ts @@ -22,6 +22,7 @@ import type { PluginIssueOrchestrationSummary, } from "@paperclipai/plugin-sdk"; import type { CreateIssueThreadInteraction, IssueDocumentSummary } from "@paperclipai/shared"; +import { pluginOperationIssueOriginKind } from "@paperclipai/shared"; import { companyService } from "./companies.js"; import { agentService } from "./agents.js"; import { projectService } from "./projects.js"; @@ -34,12 +35,29 @@ import { budgetService } from "./budgets.js"; import { issueApprovalService } from "./issue-approvals.js"; import { subscribeCompanyLiveEvents } from "./live-events.js"; import { randomUUID } from "node:crypto"; +import path from "node:path"; import { activityService } from "./activity.js"; import { costService } from "./costs.js"; import { assetService } from "./assets.js"; import { pluginRegistryService } from "./plugin-registry.js"; import { pluginStateStore } from "./plugin-state-store.js"; import { pluginDatabaseService } from "./plugin-database.js"; +import { pluginManagedAgentService } from "./plugin-managed-agents.js"; +import { pluginManagedRoutineService } from "./plugin-managed-routines.js"; +import { pluginManagedSkillService } from "./plugin-managed-skills.js"; +import { + assertConfiguredLocalFolder, + assertWritableConfiguredLocalFolder, + getStoredLocalFolders, + deletePluginLocalFolderFile, + inspectPluginLocalFolder, + listPluginLocalFolderEntries, + preparePluginLocalFolder, + readPluginLocalFolderText, + requireLocalFolderDeclaration, + setStoredLocalFolder, + writePluginLocalFolderTextAtomic, +} from "./plugin-local-folders.js"; import { createPluginSecretsHandler } from "./plugin-secrets-handler.js"; import { logActivity } from "./activity-log.js"; import type { PluginEventBus } from "./plugin-event-bus.js"; @@ -460,7 +478,7 @@ export function buildHostServices( pluginKey: string, eventBus: PluginEventBus, notifyWorker?: (method: string, params: unknown) => void, - options: { pluginWorkerManager?: PluginWorkerManager } = {}, + options: { pluginWorkerManager?: PluginWorkerManager; manifest?: import("@paperclipai/shared").PaperclipPluginManifestV1 } = {}, ): HostServices & { dispose(): void } { const registry = pluginRegistryService(db); const stateStore = pluginStateStore(db); @@ -468,6 +486,36 @@ export function buildHostServices( const secretsHandler = createPluginSecretsHandler({ db, pluginId }); const companies = companyService(db); const agents = agentService(db); + const managedAgents = pluginManagedAgentService(db, { + pluginId, + pluginKey, + manifest: options.manifest, + instructionTemplateVariables: async (companyId) => { + const variables: Record = {}; + for (const declaration of options.manifest?.localFolders ?? []) { + const status = await inspectPluginLocalFolder({ + folderKey: declaration.folderKey, + declaration, + storedConfig: await getStoredLocalFolderConfig(companyId, declaration.folderKey), + }); + const prefix = `localFolders.${declaration.folderKey}`; + variables[`${prefix}.path`] = status.realPath ?? status.path ?? null; + variables[`${prefix}.agentsPath`] = status.realPath ? path.join(status.realPath, "AGENTS.md") : null; + } + return variables; + }, + }); + const managedRoutines = pluginManagedRoutineService(db, { + pluginId, + pluginKey, + manifest: options.manifest, + pluginWorkerManager: options.pluginWorkerManager, + }); + const managedSkills = pluginManagedSkillService(db, { + pluginId, + pluginKey, + manifest: options.manifest, + }); const heartbeat = heartbeatService(db, { pluginWorkerManager: options.pluginWorkerManager, }); @@ -518,6 +566,23 @@ export function buildHostServices( */ const ensurePluginAvailableForCompany = async (_companyId: string) => {}; + const getLocalFolderDeclaration = (folderKey: string) => + requireLocalFolderDeclaration(options.manifest?.localFolders, folderKey); + + const getStoredLocalFolderConfig = async (companyId: string, folderKey: string) => { + ensureCompanyId(companyId); + await ensurePluginAvailableForCompany(companyId); + const settings = await registry.getCompanySettings(pluginId, companyId); + return getStoredLocalFolders(settings?.settingsJson)[folderKey] ?? null; + }; + + const inspectStoredLocalFolder = async (companyId: string, folderKey: string) => + inspectPluginLocalFolder({ + folderKey, + declaration: getLocalFolderDeclaration(folderKey), + storedConfig: await getStoredLocalFolderConfig(companyId, folderKey), + }); + const inCompany = ( record: T | null | undefined, companyId: string, @@ -752,6 +817,91 @@ export function buildHostServices( }, }, + localFolders: { + async declarations() { + return options.manifest?.localFolders ?? []; + }, + + async configure(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + const declaration = getLocalFolderDeclaration(params.folderKey); + const existing = await registry.getCompanySettings(pluginId, companyId); + const existingConfig = getStoredLocalFolders(existing?.settingsJson)[params.folderKey] ?? null; + await preparePluginLocalFolder({ + folderKey: params.folderKey, + declaration, + storedConfig: existingConfig, + overrideConfig: { + path: params.path, + }, + }); + const status = await inspectPluginLocalFolder({ + folderKey: params.folderKey, + declaration, + storedConfig: existingConfig, + overrideConfig: { + path: params.path, + }, + }); + + const nextSettings = setStoredLocalFolder(existing?.settingsJson, params.folderKey, { + path: params.path, + access: status.access, + requiredDirectories: status.requiredDirectories, + requiredFiles: status.requiredFiles, + }); + await registry.upsertCompanySettings(pluginId, companyId, { + enabled: existing?.enabled ?? true, + settingsJson: nextSettings, + lastError: status.healthy ? null : status.problems.map((item: { message: string }) => item.message).join("; "), + }); + return status; + }, + + async status(params) { + return inspectStoredLocalFolder(params.companyId, params.folderKey); + }, + + async list(params) { + const status = await inspectStoredLocalFolder(params.companyId, params.folderKey); + assertConfiguredLocalFolder(status); + const listing = await listPluginLocalFolderEntries(status.realPath!, { + relativePath: params.relativePath, + recursive: params.recursive, + maxEntries: params.maxEntries, + }); + return { ...listing, folderKey: params.folderKey }; + }, + + async readText(params) { + const status = await inspectStoredLocalFolder(params.companyId, params.folderKey); + assertConfiguredLocalFolder(status); + return readPluginLocalFolderText(status.realPath!, params.relativePath); + }, + + async writeTextAtomic(params) { + const companyId = ensureCompanyId(params.companyId); + await preparePluginLocalFolder({ + folderKey: params.folderKey, + declaration: getLocalFolderDeclaration(params.folderKey), + storedConfig: await getStoredLocalFolderConfig(companyId, params.folderKey), + }); + const status = await inspectStoredLocalFolder(companyId, params.folderKey); + assertWritableConfiguredLocalFolder(status); + await writePluginLocalFolderTextAtomic(status.realPath!, params.relativePath, params.contents); + return inspectStoredLocalFolder(companyId, params.folderKey); + }, + + async deleteFile(params) { + const companyId = ensureCompanyId(params.companyId); + const status = await inspectStoredLocalFolder(companyId, params.folderKey); + assertWritableConfiguredLocalFolder(status); + await deletePluginLocalFolderFile(status.realPath!, params.relativePath, params.folderKey); + return inspectStoredLocalFolder(companyId, params.folderKey); + }, + }, + state: { async get(params) { return stateStore.get(pluginId, params.scopeKind as any, params.stateKey, { @@ -1013,6 +1163,95 @@ export function buildHostServices( updatedAt: (row?.updatedAt ?? project.updatedAt).toISOString(), }; }, + async getManaged(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return projects.resolveManagedProject({ + companyId, + pluginId, + pluginKey, + projectKey: params.projectKey, + createIfMissing: false, + }); + }, + async reconcileManaged(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return projects.resolveManagedProject({ + companyId, + pluginId, + pluginKey, + projectKey: params.projectKey, + }); + }, + async resetManaged(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return projects.resolveManagedProject({ + companyId, + pluginId, + pluginKey, + projectKey: params.projectKey, + reset: true, + }); + }, + }, + + routines: { + async managedGet(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedRoutines.get(params.routineKey, companyId); + }, + async managedReconcile(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedRoutines.reconcile(params.routineKey, companyId, { + assigneeAgentId: params.assigneeAgentId, + projectId: params.projectId, + }); + }, + async managedReset(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedRoutines.reset(params.routineKey, companyId, { + assigneeAgentId: params.assigneeAgentId, + projectId: params.projectId, + }); + }, + async managedUpdate(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedRoutines.update(params.routineKey, companyId, { + status: params.status, + }); + }, + async managedRun(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedRoutines.run(params.routineKey, companyId, { + assigneeAgentId: params.assigneeAgentId, + projectId: params.projectId, + }); + }, + }, + + skills: { + async managedGet(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedSkills.get(params.skillKey, companyId); + }, + async managedReconcile(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedSkills.reconcile(params.skillKey, companyId); + }, + async managedReset(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedSkills.reset(params.skillKey, companyId); + }, }, issues: { @@ -1031,8 +1270,12 @@ export function buildHostServices( async create(params) { const companyId = ensureCompanyId(params.companyId); await ensurePluginAvailableForCompany(companyId); - const { actorAgentId, actorUserId, actorRunId, originKind, ...issueInput } = params; - const normalizedOriginKind = normalizePluginOriginKind(originKind); + const { actorAgentId, actorUserId, actorRunId, originKind, surfaceVisibility, ...issueInput } = params; + const normalizedOriginKind = normalizePluginOriginKind( + surfaceVisibility === "plugin_operation" && !originKind + ? pluginOperationIssueOriginKind(pluginKey) + : originKind, + ); const issue = (await issues.create(companyId, { ...(issueInput as any), originKind: normalizedOriginKind, @@ -1641,6 +1884,21 @@ export function buildHostServices( if (!run) throw new Error("Agent wakeup was skipped by heartbeat policy"); return { runId: run.id }; }, + async managedGet(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedAgents.get(params.agentKey, companyId); + }, + async managedReconcile(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedAgents.reconcile(params.agentKey, companyId); + }, + async managedReset(params) { + const companyId = ensureCompanyId(params.companyId); + await ensurePluginAvailableForCompany(companyId); + return managedAgents.reset(params.agentKey, companyId); + }, }, goals: { diff --git a/server/src/services/plugin-loader.ts b/server/src/services/plugin-loader.ts index 95801180..073620b4 100644 --- a/server/src/services/plugin-loader.ts +++ b/server/src/services/plugin-loader.ts @@ -29,7 +29,7 @@ import { readdir, readFile, rm, stat } from "node:fs/promises"; import { execFile } from "node:child_process"; import os from "node:os"; import path from "node:path"; -import { fileURLToPath } from "node:url"; +import { fileURLToPath, pathToFileURL } from "node:url"; import { promisify } from "node:util"; import type { Db } from "@paperclipai/db"; import type { @@ -248,6 +248,8 @@ export interface PluginRuntimeServices { instanceInfo: { instanceId: string; hostVersion: string; + deploymentMode?: "local_trusted" | "authenticated"; + deploymentExposure?: "private" | "public"; }; } @@ -932,7 +934,10 @@ export function pluginLoader( try { // Dynamic import works for both .js (ESM) and .cjs (CJS) manifests - const mod = await import(manifestPath) as Record; + const manifestUrl = pathToFileURL(manifestPath); + const manifestStat = await stat(manifestPath); + manifestUrl.searchParams.set("mtime", String(Math.trunc(manifestStat.mtimeMs))); + const mod = await import(manifestUrl.href) as Record; // The manifest may be the default export or the module itself raw = mod["default"] ?? mod; } catch (err) { @@ -944,6 +949,51 @@ export function pluginLoader( return manifestValidator.parseOrThrow(raw); } + async function loadManifestFromPackageRoot( + packageRoot: string, + ): Promise { + const pkgJson = await readPackageJson(packageRoot); + if (!pkgJson) return null; + + const manifestPath = resolveManifestPath(packageRoot, pkgJson); + if (!manifestPath || !existsSync(manifestPath)) return null; + + return loadManifestFromPath(manifestPath); + } + + async function refreshPluginManifestFromPackage( + plugin: PluginRecord, + packageRoot: string, + ): Promise { + const manifest = await loadManifestFromPackageRoot(packageRoot); + if (!manifest) { + throw new Error(`Plugin package ${plugin.packageName} no longer exposes a Paperclip manifest`); + } + if (manifest.id !== plugin.pluginKey) { + throw new Error( + `Plugin manifest ID '${manifest.id}' does not match installed plugin '${plugin.pluginKey}'`, + ); + } + + if (JSON.stringify(manifest) === JSON.stringify(plugin.manifestJson)) { + return plugin; + } + + await registry.update(plugin.id, { + packageName: plugin.packageName, + version: manifest.version, + manifest, + }); + + return { + ...plugin, + version: manifest.version, + apiVersion: manifest.apiVersion, + categories: manifest.categories, + manifestJson: manifest, + }; + } + /** * Build a DiscoveredPlugin from a resolved package directory, or null * if the package is not a Paperclip plugin. @@ -1256,22 +1306,43 @@ export function pluginLoader( async installPlugin(installOptions: PluginInstallOptions): Promise { const discovered = await fetchAndValidate(installOptions); + const manifest = discovered.manifest!; - // Step 6: Persist install record in Postgres (include packagePath for local installs so the worker can be resolved) - await registry.install( - { - packageName: discovered.packageName, - packagePath: discovered.source === "local-filesystem" ? discovered.packagePath : undefined, - }, - discovered.manifest!, - ); + // Step 6: Persist install record and apply plugin-owned schema migrations + // in one database transaction. If migration validation fails, the plugin + // row, namespace record, migration ledger, and created schema all roll back. + const installDb = manifest.database ? migrationDb : db; + await installDb.transaction(async (tx) => { + const txDb = tx as unknown as Db; + const txRegistry = pluginRegistryService(txDb); + const installed = await txRegistry.install( + { + packageName: discovered.packageName, + packagePath: discovered.source === "local-filesystem" ? discovered.packagePath : undefined, + }, + manifest, + ); + + if (!installed) { + throw new Error(`Plugin install did not return a registry row: ${manifest.id}`); + } + + if (manifest.database) { + await pluginDatabaseService(txDb).applyMigrations( + installed.id, + manifest, + discovered.packagePath, + { persistFailure: false }, + ); + } + }); log.info( { - pluginId: discovered.manifest!.id, + pluginId: manifest.id, packageName: discovered.packageName, version: discovered.version, - capabilities: discovered.manifest!.capabilities, + capabilities: manifest.capabilities, }, "plugin-loader: plugin installed successfully", ); @@ -1663,9 +1734,10 @@ export function pluginLoader( * `error` in the database when activation fails. */ async function activatePlugin(plugin: PluginRecord): Promise { - const manifest = plugin.manifestJson; const pluginId = plugin.id; const pluginKey = plugin.pluginKey; + let activePlugin = plugin; + let manifest = activePlugin.manifestJson; const registered: PluginLoadResult["registered"] = { worker: false, @@ -1705,8 +1777,10 @@ export function pluginLoader( // ------------------------------------------------------------------ // 1. Resolve worker entrypoint // ------------------------------------------------------------------ - const workerEntrypoint = resolveWorkerEntrypoint(plugin, localPluginDir); - const packageRoot = resolvePluginPackageRoot(plugin, localPluginDir); + const packageRoot = resolvePluginPackageRoot(activePlugin, localPluginDir); + activePlugin = await refreshPluginManifestFromPackage(activePlugin, packageRoot); + manifest = activePlugin.manifestJson; + const workerEntrypoint = resolveWorkerEntrypoint(activePlugin, localPluginDir); // ------------------------------------------------------------------ // 2. Apply restricted database migrations before worker startup @@ -1746,12 +1820,16 @@ export function pluginLoader( databaseNamespace, hostHandlers, autoRestart: true, + env: { + PAPERCLIP_DEPLOYMENT_MODE: instanceInfo.deploymentMode ?? "", + PAPERCLIP_DEPLOYMENT_EXPOSURE: instanceInfo.deploymentExposure ?? "", + }, }; // Repo-local plugin installs can resolve workspace TS sources at runtime // (for example @paperclipai/shared exports). Run those workers through // the tsx loader so first-party example plugins work in development. - if (plugin.packagePath && existsSync(DEV_TSX_LOADER_PATH)) { + if (activePlugin.packagePath && existsSync(DEV_TSX_LOADER_PATH)) { workerOptions.execArgv = ["--import", DEV_TSX_LOADER_PATH]; } @@ -1842,13 +1920,13 @@ export function pluginLoader( { pluginId, pluginKey, - version: plugin.version, + version: activePlugin.version, registered, }, "plugin-loader: plugin activated successfully", ); - return { plugin, success: true, registered }; + return { plugin: activePlugin, success: true, registered }; } catch (err) { const errorMessage = err instanceof Error ? err.message : String(err); @@ -1872,7 +1950,7 @@ export function pluginLoader( } return { - plugin, + plugin: activePlugin, success: false, error: errorMessage, registered, diff --git a/server/src/services/plugin-local-folders.ts b/server/src/services/plugin-local-folders.ts new file mode 100644 index 00000000..049b6e66 --- /dev/null +++ b/server/src/services/plugin-local-folders.ts @@ -0,0 +1,613 @@ +import { constants as fsConstants, promises as fs } from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import { randomUUID } from "node:crypto"; +import type { + PluginLocalFolderDeclaration, + PluginLocalFolderEntry, + PluginLocalFolderListing, + PluginLocalFolderProblem, + PluginLocalFolderStatus, +} from "@paperclipai/plugin-sdk"; +import { badRequest, forbidden, notFound } from "../errors.js"; + +export interface StoredPluginLocalFolderConfig { + path: string; + access?: "read" | "readWrite"; + requiredDirectories?: string[]; + requiredFiles?: string[]; + updatedAt?: string; +} + +export interface PluginLocalFolderSettingsJson { + localFolders?: Record; + [key: string]: unknown; +} + +const LOCAL_FOLDER_KEY_PATTERN = /^[a-z0-9][a-z0-9._:-]*$/; + +function problem( + code: PluginLocalFolderProblem["code"], + message: string, + problemPath?: string, +): PluginLocalFolderProblem { + return { code, message, path: problemPath }; +} + +export function assertPluginLocalFolderKey(folderKey: string) { + if (!LOCAL_FOLDER_KEY_PATTERN.test(folderKey)) { + throw badRequest("folderKey must start with a lowercase alphanumeric and contain only lowercase letters, digits, dots, colons, underscores, or hyphens"); + } +} + +export function findLocalFolderDeclaration( + declarations: PluginLocalFolderDeclaration[] | undefined, + folderKey: string, +) { + return declarations?.find((declaration) => declaration.folderKey === folderKey) ?? null; +} + +export function requireLocalFolderDeclaration( + declarations: PluginLocalFolderDeclaration[] | undefined, + folderKey: string, +) { + assertPluginLocalFolderKey(folderKey); + const declaration = findLocalFolderDeclaration(declarations, folderKey); + if (!declaration) { + throw badRequest("Local folder key is not declared by this plugin manifest"); + } + return declaration; +} + +function normalizeRelativePath(relativePath: string): string { + if ( + !relativePath || + path.isAbsolute(relativePath) || + relativePath.includes("\\") || + relativePath.split("/").some((segment) => segment === "" || segment === "." || segment === "..") + ) { + throw forbidden("Local folder relative paths must stay inside the configured root"); + } + return relativePath; +} + +function validateRequiredPath(pathValue: string, label: string): string { + try { + return normalizeRelativePath(pathValue); + } catch { + throw badRequest(`${label} must contain only relative paths without traversal, empty segments, or backslashes`); + } +} + +function normalizeListRelativePath(relativePath: string | null | undefined): string | null { + const trimmed = relativePath?.trim(); + if (!trimmed) return null; + return normalizeRelativePath(trimmed); +} + +function normalizeMaxEntries(value: number | undefined): number { + if (typeof value !== "number" || !Number.isFinite(value)) return 1000; + return Math.max(1, Math.min(5000, Math.floor(value))); +} + +function mergeFolderConfig( + declaration: PluginLocalFolderDeclaration | null, + stored: StoredPluginLocalFolderConfig | null, + override?: Partial, +): StoredPluginLocalFolderConfig | null { + const pathValue = override?.path ?? stored?.path; + if (!pathValue) return null; + return { + path: pathValue, + access: declaration?.access ?? override?.access ?? stored?.access ?? "readWrite", + requiredDirectories: + declaration?.requiredDirectories ?? override?.requiredDirectories ?? stored?.requiredDirectories ?? [], + requiredFiles: + declaration?.requiredFiles ?? override?.requiredFiles ?? stored?.requiredFiles ?? [], + updatedAt: stored?.updatedAt, + }; +} + +export function getStoredLocalFolders(settingsJson: Record | null | undefined) { + const folders = (settingsJson as PluginLocalFolderSettingsJson | undefined)?.localFolders; + if (!folders || typeof folders !== "object") return {}; + return folders; +} + +export function setStoredLocalFolder( + settingsJson: Record | null | undefined, + folderKey: string, + config: StoredPluginLocalFolderConfig, +): PluginLocalFolderSettingsJson { + return { + ...(settingsJson ?? {}), + localFolders: { + ...getStoredLocalFolders(settingsJson), + [folderKey]: { + ...config, + updatedAt: new Date().toISOString(), + }, + }, + }; +} + +export async function inspectPluginLocalFolder(input: { + folderKey: string; + declaration?: PluginLocalFolderDeclaration | null; + storedConfig?: StoredPluginLocalFolderConfig | null; + overrideConfig?: Partial; +}): Promise { + assertPluginLocalFolderKey(input.folderKey); + const config = mergeFolderConfig( + input.declaration ?? null, + input.storedConfig ?? null, + input.overrideConfig, + ); + const access = config?.access ?? input.declaration?.access ?? "readWrite"; + const requiredDirectories = (config?.requiredDirectories ?? []).map((item) => + validateRequiredPath(item, "requiredDirectories"), + ); + const requiredFiles = (config?.requiredFiles ?? []).map((item) => + validateRequiredPath(item, "requiredFiles"), + ); + const checkedAt = new Date().toISOString(); + + if (!config?.path) { + return { + folderKey: input.folderKey, + configured: false, + path: null, + realPath: null, + access, + readable: false, + writable: false, + requiredDirectories, + requiredFiles, + missingDirectories: requiredDirectories, + missingFiles: requiredFiles, + healthy: false, + problems: [problem("not_configured", "No local folder path is configured.")], + checkedAt, + }; + } + + const configuredPath = path.resolve(config.path); + const problems: PluginLocalFolderProblem[] = []; + const missingDirectories: string[] = []; + const missingFiles: string[] = []; + const markRequiredPathsMissing = () => { + missingDirectories.push(...requiredDirectories); + missingFiles.push(...requiredFiles); + }; + let realPath: string | null = null; + let readable = false; + let writable = false; + + if (!path.isAbsolute(config.path)) { + problems.push(problem("not_absolute", "Local folder path must be absolute.", config.path)); + } + + try { + const stat = await fs.stat(configuredPath); + if (!stat.isDirectory()) { + problems.push(problem("not_directory", "Configured local folder path is not a directory.", configuredPath)); + markRequiredPathsMissing(); + } else { + realPath = await fs.realpath(configuredPath); + try { + await fs.access(realPath, fsConstants.R_OK); + readable = true; + } catch { + problems.push(problem("not_readable", "Configured local folder is not readable.", configuredPath)); + } + + if (access === "readWrite") { + try { + await fs.access(realPath, fsConstants.W_OK); + const probePath = path.join(realPath, `.paperclip-local-folder-probe-${process.pid}-${Date.now()}`); + await fs.writeFile(probePath, ""); + await fs.rm(probePath, { force: true }); + writable = true; + } catch { + problems.push(problem("not_writable", "Configured local folder is not writable.", configuredPath)); + } + } + + for (const requiredDir of requiredDirectories) { + const requiredStatus = await inspectChildPath(realPath, requiredDir, "directory"); + if (!requiredStatus.exists) { + missingDirectories.push(requiredDir); + problems.push(problem("missing_directory", "Required directory is missing.", requiredDir)); + } else if (!requiredStatus.contained) { + problems.push(problem("symlink_escape", "Required directory escapes the configured root.", requiredDir)); + } else if (!requiredStatus.matchesKind) { + missingDirectories.push(requiredDir); + problems.push(problem("missing_directory", "Required path is not a directory.", requiredDir)); + } + } + + for (const requiredFile of requiredFiles) { + const requiredStatus = await inspectChildPath(realPath, requiredFile, "file"); + if (!requiredStatus.exists) { + missingFiles.push(requiredFile); + problems.push(problem("missing_file", "Required file is missing.", requiredFile)); + } else if (!requiredStatus.contained) { + problems.push(problem("symlink_escape", "Required file escapes the configured root.", requiredFile)); + } else if (!requiredStatus.matchesKind) { + missingFiles.push(requiredFile); + problems.push(problem("missing_file", "Required path is not a file.", requiredFile)); + } + } + } + } catch (error) { + const code = typeof error === "object" && error && "code" in error ? String((error as { code?: unknown }).code) : ""; + problems.push(problem(code === "ENOENT" ? "missing" : "not_readable", "Configured local folder cannot be inspected.", configuredPath)); + if (code === "ENOENT") { + markRequiredPathsMissing(); + } + } + + return { + folderKey: input.folderKey, + configured: true, + path: configuredPath, + realPath, + access, + readable, + writable: access === "read" ? false : writable, + requiredDirectories, + requiredFiles, + missingDirectories, + missingFiles, + healthy: + problems.length === 0 && + readable && + (access === "read" || writable), + problems, + checkedAt, + }; +} + +function isInsideRoot(rootRealPath: string, candidateRealPath: string) { + const relative = path.relative(rootRealPath, candidateRealPath); + return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative)); +} + +async function assertPathInsideRoot(rootRealPath: string, candidatePath: string) { + const candidateRealPath = await fs.realpath(candidatePath); + if (!isInsideRoot(rootRealPath, candidateRealPath)) { + throw forbidden("Local folder symlink escape is not allowed"); + } + return candidateRealPath; +} + +async function ensureDirectoryInsideRoot(rootRealPath: string, relativePath: string) { + const normalized = normalizeRelativePath(relativePath); + const segments = normalized.split("/"); + let currentRealPath = rootRealPath; + + for (const segment of segments) { + const nextPath = path.join(currentRealPath, segment); + try { + const stat = await fs.stat(nextPath); + if (!stat.isDirectory()) { + throw badRequest("Required directory path exists but is not a directory"); + } + } catch (error) { + const code = typeof error === "object" && error && "code" in error ? String((error as { code?: unknown }).code) : ""; + if (code !== "ENOENT") throw error; + await fs.mkdir(nextPath); + } + + const nextRealPath = await fs.realpath(nextPath); + if (!isInsideRoot(rootRealPath, nextRealPath)) { + throw forbidden("Local folder symlink escape is not allowed"); + } + currentRealPath = nextRealPath; + } +} + +export async function preparePluginLocalFolder(input: { + folderKey: string; + declaration?: PluginLocalFolderDeclaration | null; + storedConfig?: StoredPluginLocalFolderConfig | null; + overrideConfig?: Partial; +}) { + assertPluginLocalFolderKey(input.folderKey); + const config = mergeFolderConfig( + input.declaration ?? null, + input.storedConfig ?? null, + input.overrideConfig, + ); + const access = config?.access ?? input.declaration?.access ?? "readWrite"; + if (!config?.path || access !== "readWrite" || !path.isAbsolute(config.path)) return; + + const configuredPath = path.resolve(config.path); + try { + const stat = await fs.stat(configuredPath); + if (!stat.isDirectory()) return; + } catch (error) { + const code = typeof error === "object" && error && "code" in error ? String((error as { code?: unknown }).code) : ""; + if (code !== "ENOENT") return; + try { + await fs.mkdir(configuredPath, { recursive: true }); + } catch { + return; + } + } + const rootRealPath = await fs.realpath(configuredPath); + + for (const requiredDir of config.requiredDirectories ?? []) { + await ensureDirectoryInsideRoot(rootRealPath, validateRequiredPath(requiredDir, "requiredDirectories")); + } +} + +async function inspectChildPath( + rootRealPath: string, + relativePath: string, + kind: "directory" | "file", +) { + let resolvedPath: Awaited>; + try { + resolvedPath = await resolvePluginLocalFolderPath(rootRealPath, relativePath, { + mustExist: true, + allowMissingLeaf: true, + }); + } catch { + return { exists: true, contained: false, matchesKind: false }; + } + if (!resolvedPath.exists) { + return { exists: false, contained: true, matchesKind: false }; + } + const stat = await fs.stat(resolvedPath.realPath); + return { + exists: true, + contained: true, + matchesKind: kind === "directory" ? stat.isDirectory() : stat.isFile(), + }; +} + +export async function resolvePluginLocalFolderPath( + rootPath: string, + relativePath: string, + options?: { mustExist?: boolean; allowMissingLeaf?: boolean }, +) { + const normalized = normalizeRelativePath(relativePath); + const rootRealPath = await fs.realpath(rootPath); + const absolutePath = path.resolve(rootRealPath, normalized); + const relativeFromRoot = path.relative(rootRealPath, absolutePath); + if (relativeFromRoot.startsWith("..") || path.isAbsolute(relativeFromRoot)) { + throw forbidden("Local folder path traversal is not allowed"); + } + + try { + const realPath = await fs.realpath(absolutePath); + const realRelative = path.relative(rootRealPath, realPath); + if (realRelative.startsWith("..") || path.isAbsolute(realRelative)) { + throw forbidden("Local folder symlink escape is not allowed"); + } + return { absolutePath, realPath, exists: true }; + } catch (error) { + const code = typeof error === "object" && error && "code" in error ? String((error as { code?: unknown }).code) : ""; + if (code !== "ENOENT" || options?.mustExist) { + if (options?.allowMissingLeaf && code === "ENOENT") { + return { absolutePath, realPath: absolutePath, exists: false }; + } + throw error; + } + + const parentRealPath = await fs.realpath(path.dirname(absolutePath)); + const parentRelative = path.relative(rootRealPath, parentRealPath); + if (parentRelative.startsWith("..") || path.isAbsolute(parentRelative)) { + throw forbidden("Local folder symlink escape is not allowed"); + } + return { absolutePath, realPath: absolutePath, exists: false }; + } +} + +export async function readPluginLocalFolderText(rootPath: string, relativePath: string) { + const resolved = await resolvePluginLocalFolderPath(rootPath, relativePath, { mustExist: true }); + const stat = await fs.stat(resolved.realPath); + if (!stat.isFile()) { + throw badRequest("Local folder read target must be a file"); + } + return fs.readFile(resolved.realPath, "utf8"); +} + +export async function listPluginLocalFolderEntries( + rootPath: string, + options: { relativePath?: string | null; recursive?: boolean; maxEntries?: number } = {}, +): Promise { + const rootRealPath = await fs.realpath(rootPath); + const relativePath = normalizeListRelativePath(options.relativePath); + const target = relativePath + ? await resolvePluginLocalFolderPath(rootRealPath, relativePath, { mustExist: true }) + : { absolutePath: rootRealPath, realPath: rootRealPath, exists: true }; + const targetStat = await fs.stat(target.realPath); + if (!targetStat.isDirectory()) { + throw badRequest("Local folder list target must be a directory"); + } + + const maxEntries = normalizeMaxEntries(options.maxEntries); + const entries: PluginLocalFolderEntry[] = []; + let truncated = false; + + const visit = async (directoryRealPath: string, directoryRelativePath: string | null) => { + if (truncated) return; + const dirents = await fs.readdir(directoryRealPath, { withFileTypes: true }); + dirents.sort((a, b) => a.name.localeCompare(b.name)); + + for (const dirent of dirents) { + if (entries.length >= maxEntries) { + truncated = true; + return; + } + + const childRelativePath = directoryRelativePath ? `${directoryRelativePath}/${dirent.name}` : dirent.name; + let resolvedChild: Awaited>; + try { + resolvedChild = await resolvePluginLocalFolderPath(rootRealPath, childRelativePath, { mustExist: true }); + } catch { + continue; + } + + const stat = await fs.stat(resolvedChild.realPath).catch(() => null); + if (!stat) continue; + const kind = stat.isDirectory() ? "directory" : stat.isFile() ? "file" : null; + if (!kind) continue; + + entries.push({ + path: childRelativePath, + name: dirent.name, + kind, + size: kind === "file" ? stat.size : null, + modifiedAt: stat.mtime.toISOString(), + }); + + if (options.recursive && kind === "directory") { + await visit(resolvedChild.realPath, childRelativePath); + if (truncated) return; + } + } + }; + + await visit(target.realPath, relativePath); + return { + folderKey: "list-result", + relativePath, + entries, + truncated, + }; +} + +export async function writePluginLocalFolderTextAtomic( + rootPath: string, + relativePath: string, + contents: string, +) { + const rootRealPath = await fs.realpath(rootPath); + const resolved = await resolvePluginLocalFolderPath(rootPath, relativePath); + await fs.mkdir(path.dirname(resolved.absolutePath), { recursive: true }); + await assertPathInsideRoot(rootRealPath, path.dirname(resolved.absolutePath)); + const tempPath = path.join( + path.dirname(resolved.absolutePath), + `.paperclip-${path.basename(resolved.absolutePath)}-${process.pid}-${randomUUID()}.tmp`, + ); + let tempCreated = false; + try { + const handle = await fs.open(tempPath, "wx"); + tempCreated = true; + try { + await assertPathInsideRoot(rootRealPath, tempPath); + await handle.writeFile(contents, "utf8"); + await handle.sync(); + } finally { + await handle.close(); + } + } catch (error) { + if (tempCreated) { + await fs.rm(tempPath, { force: true }); + } + throw error; + } + + try { + await resolvePluginLocalFolderPath(rootRealPath, relativePath); + await fs.rename(tempPath, resolved.absolutePath); + await resolvePluginLocalFolderPath(rootRealPath, relativePath, { mustExist: true }); + } catch (error) { + await fs.rm(tempPath, { force: true }); + throw error; + } + + if (process.platform !== "win32") { + const dirHandle = await fs.open(path.dirname(resolved.absolutePath), "r"); + try { + await dirHandle.sync(); + } finally { + await dirHandle.close(); + } + } + + return inspectPluginLocalFolder({ + folderKey: "write-result", + storedConfig: { + path: rootPath, + access: "readWrite", + }, + }); +} + +export async function deletePluginLocalFolderFile( + rootPath: string, + relativePath: string, + folderKey: string, +) { + const rootRealPath = await fs.realpath(rootPath); + let resolved: Awaited>; + try { + resolved = await resolvePluginLocalFolderPath(rootRealPath, relativePath, { + mustExist: true, + allowMissingLeaf: true, + }); + } catch (error) { + const code = typeof error === "object" && error && "code" in error ? String((error as { code?: unknown }).code) : ""; + if (code !== "ENOENT") throw error; + return inspectPluginLocalFolder({ + folderKey, + storedConfig: { + path: rootPath, + access: "readWrite", + }, + }); + } + + if (resolved.exists) { + const stat = await fs.lstat(resolved.absolutePath); + if (stat.isDirectory()) { + throw badRequest("Local folder delete target must be a file"); + } + await fs.rm(resolved.absolutePath, { force: true }); + if (process.platform !== "win32") { + const dirHandle = await fs.open(path.dirname(resolved.absolutePath), "r"); + try { + await dirHandle.sync(); + } finally { + await dirHandle.close(); + } + } + } + + return inspectPluginLocalFolder({ + folderKey, + storedConfig: { + path: rootPath, + access: "readWrite", + }, + }); +} + +export function defaultLocalFolderBasePath(pluginKey: string, companyId: string) { + return path.join(os.homedir(), ".paperclip", "plugin-data", companyId, pluginKey); +} + +export function assertConfiguredLocalFolder(status: PluginLocalFolderStatus) { + if (!status.configured || !status.realPath || !status.readable) { + throw notFound("Local folder is not configured or readable"); + } + if (!status.healthy) { + throw badRequest("Local folder is not healthy"); + } +} + +export function assertWritableConfiguredLocalFolder(status: PluginLocalFolderStatus) { + if (!status.configured || !status.realPath || !status.readable) { + throw notFound("Local folder is not configured or readable"); + } + const onlyMissingRequiredPaths = status.problems.every((item) => + item.code === "missing_directory" || item.code === "missing_file" + ); + if (!status.healthy && !onlyMissingRequiredPaths) { + throw badRequest("Local folder is not healthy"); + } +} diff --git a/server/src/services/plugin-managed-agents.ts b/server/src/services/plugin-managed-agents.ts new file mode 100644 index 00000000..ea95b59c --- /dev/null +++ b/server/src/services/plugin-managed-agents.ts @@ -0,0 +1,562 @@ +import { and, eq, ne } from "drizzle-orm"; +import type { Db } from "@paperclipai/db"; +import { + agents, + companies, + pluginEntities, + pluginManagedResources, +} from "@paperclipai/db"; +import type { + Agent, + PaperclipPluginManifestV1, + PluginManagedAgentDeclaration, + PluginManagedAgentResolution, +} from "@paperclipai/shared"; +import { notFound } from "../errors.js"; +import { agentService } from "./agents.js"; +import { approvalService } from "./approvals.js"; +import { logActivity } from "./activity-log.js"; +import { agentInstructionsService } from "./agent-instructions.js"; + +const MANAGED_AGENT_ENTITY_TYPE = "managed_agent"; +const DEFAULT_MANAGED_AGENT_ADAPTER_TYPE = "process"; + +interface PluginManagedAgentServiceOptions { + pluginId: string; + pluginKey: string; + manifest?: PaperclipPluginManifestV1 | null; + instructionTemplateVariables?: (companyId: string) => Promise>; +} + +function bindingExternalId(companyId: string, agentKey: string) { + return `managed:agent:${companyId}:${agentKey}`; +} + +function managedMetadata( + pluginId: string, + pluginKey: string, + declaration: PluginManagedAgentDeclaration, + existing?: Record | null, +) { + return { + ...(existing ?? {}), + paperclipManagedResource: { + pluginId, + pluginKey, + resourceKind: "agent", + resourceKey: declaration.agentKey, + }, + pluginManagedAgent: { + pluginId, + pluginKey, + agentKey: declaration.agentKey, + displayName: declaration.displayName, + instructions: declaration.instructions ?? null, + }, + }; +} + +function normalizeAdapterType(value: unknown) { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function fallbackAdapterType(declaration: PluginManagedAgentDeclaration) { + return normalizeAdapterType(declaration.adapterType) ?? DEFAULT_MANAGED_AGENT_ADAPTER_TYPE; +} + +function adapterPreference(declaration: PluginManagedAgentDeclaration) { + const seen = new Set(); + const preference: string[] = []; + for (const value of declaration.adapterPreference ?? []) { + const adapterType = normalizeAdapterType(value); + if (!adapterType || seen.has(adapterType)) continue; + seen.add(adapterType); + preference.push(adapterType); + } + return preference; +} + +function selectPreferredAdapterType( + declaration: PluginManagedAgentDeclaration, + usage: Array<{ adapterType: string; count: number }>, +) { + const fallback = fallbackAdapterType(declaration); + const preference = adapterPreference(declaration); + if (preference.length === 0) return fallback; + + const rank = new Map(preference.map((adapterType, index) => [adapterType, index])); + let selected: { adapterType: string; count: number; rank: number } | null = null; + for (const entry of usage) { + const adapterRank = rank.get(entry.adapterType); + if (adapterRank === undefined) continue; + if ( + !selected || + entry.count > selected.count || + (entry.count === selected.count && adapterRank < selected.rank) + ) { + selected = { ...entry, rank: adapterRank }; + } + } + return selected?.adapterType ?? fallback; +} + +function declarationPatch(declaration: PluginManagedAgentDeclaration, input: { adapterType?: string } = {}) { + return { + name: declaration.displayName, + role: declaration.role ?? "general", + title: declaration.title ?? null, + icon: declaration.icon ?? null, + capabilities: declaration.capabilities ?? null, + adapterType: input.adapterType ?? fallbackAdapterType(declaration), + adapterConfig: declaration.adapterConfig ?? {}, + runtimeConfig: declaration.runtimeConfig ?? {}, + permissions: declaration.permissions ?? {}, + budgetMonthlyCents: declaration.budgetMonthlyCents ?? 0, + }; +} + +function applyInstructionTemplateVariables( + content: string, + variables: Record, +) { + let next = content; + for (const [key, value] of Object.entries(variables)) { + next = next.replaceAll(`{{${key}}}`, value?.trim() || "(not configured)"); + } + return next; +} + +function declaredInstructionFiles( + declaration: PluginManagedAgentDeclaration, + variables: Record, +) { + const instructionDeclaration = declaration.instructions; + if (!instructionDeclaration?.content && !instructionDeclaration?.files) return null; + + const entryFile = instructionDeclaration.entryFile ?? "AGENTS.md"; + const files = { ...(instructionDeclaration.files ?? {}) }; + if (instructionDeclaration.content !== undefined) { + files[entryFile] = instructionDeclaration.content; + } + if (files[entryFile] === undefined) { + files[entryFile] = ""; + } + + return { + entryFile, + files: Object.fromEntries( + Object.entries(files).map(([filePath, content]) => [ + filePath, + applyInstructionTemplateVariables(content, variables), + ]), + ), + }; +} + +function rowIsManagedAgent( + row: typeof agents.$inferSelect, + pluginKey: string, + agentKey: string, +) { + const metadata = row.metadata; + if (!metadata || typeof metadata !== "object" || Array.isArray(metadata)) return false; + const marker = (metadata as Record).paperclipManagedResource; + if (!marker || typeof marker !== "object" || Array.isArray(marker)) return false; + const record = marker as Record; + return ( + record.pluginKey === pluginKey + && record.resourceKind === "agent" + && record.resourceKey === agentKey + ); +} + +export function pluginManagedAgentService( + db: Db, + options: PluginManagedAgentServiceOptions, +) { + const agentSvc = agentService(db); + const approvalSvc = approvalService(db); + const instructions = agentInstructionsService(); + + function declarationFor(agentKey: string) { + const declaration = options.manifest?.agents?.find((agent) => agent.agentKey === agentKey); + if (!declaration) { + throw notFound(`Managed agent declaration not found: ${agentKey}`); + } + return declaration; + } + + async function getBinding(companyId: string, agentKey: string) { + return db + .select() + .from(pluginEntities) + .where( + and( + eq(pluginEntities.pluginId, options.pluginId), + eq(pluginEntities.entityType, MANAGED_AGENT_ENTITY_TYPE), + eq(pluginEntities.externalId, bindingExternalId(companyId, agentKey)), + ), + ) + .then((rows) => rows[0] ?? null); + } + + async function upsertBinding( + companyId: string, + declaration: PluginManagedAgentDeclaration, + agentId: string, + extraData: Record = {}, + effectiveAdapterType?: string, + ) { + const adapterType = effectiveAdapterType ?? (await resolveManagedAdapterType(companyId, declaration)); + const defaultsJson = { + agentKey: declaration.agentKey, + displayName: declaration.displayName, + role: declaration.role ?? "general", + title: declaration.title ?? null, + icon: declaration.icon ?? null, + capabilities: declaration.capabilities ?? null, + adapterType, + adapterPreference: declaration.adapterPreference ?? null, + adapterConfig: declaration.adapterConfig ?? {}, + runtimeConfig: declaration.runtimeConfig ?? {}, + permissions: declaration.permissions ?? {}, + budgetMonthlyCents: declaration.budgetMonthlyCents ?? 0, + instructions: declaration.instructions ?? null, + }; + const managedResource = await db + .select({ id: pluginManagedResources.id }) + .from(pluginManagedResources) + .where(and( + eq(pluginManagedResources.companyId, companyId), + eq(pluginManagedResources.pluginId, options.pluginId), + eq(pluginManagedResources.resourceKind, "agent"), + eq(pluginManagedResources.resourceKey, declaration.agentKey), + )) + .then((rows) => rows[0] ?? null); + if (managedResource) { + await db + .update(pluginManagedResources) + .set({ resourceId: agentId, defaultsJson, updatedAt: new Date() }) + .where(eq(pluginManagedResources.id, managedResource.id)); + } else { + await db.insert(pluginManagedResources).values({ + companyId, + pluginId: options.pluginId, + pluginKey: options.pluginKey, + resourceKind: "agent", + resourceKey: declaration.agentKey, + resourceId: agentId, + defaultsJson, + }); + } + + const externalId = bindingExternalId(companyId, declaration.agentKey); + const data = { + pluginKey: options.pluginKey, + resourceKind: "agent", + resourceKey: declaration.agentKey, + agentId, + adapterType, + declarationSnapshot: declaration, + lastReconciledAt: new Date().toISOString(), + ...extraData, + }; + const existing = await getBinding(companyId, declaration.agentKey); + if (existing) { + return db + .update(pluginEntities) + .set({ + scopeKind: "company", + scopeId: companyId, + title: declaration.displayName, + status: "resolved", + data, + updatedAt: new Date(), + }) + .where(eq(pluginEntities.id, existing.id)) + .returning() + .then((rows) => rows[0]); + } + return db + .insert(pluginEntities) + .values({ + pluginId: options.pluginId, + entityType: MANAGED_AGENT_ENTITY_TYPE, + scopeKind: "company", + scopeId: companyId, + externalId, + title: declaration.displayName, + status: "resolved", + data, + }) + .returning() + .then((rows) => rows[0]); + } + + async function findRelinkCandidate(companyId: string, declaration: PluginManagedAgentDeclaration) { + const rows = await db + .select() + .from(agents) + .where(and(eq(agents.companyId, companyId), ne(agents.status, "terminated"))); + return rows.find((row) => rowIsManagedAgent(row, options.pluginKey, declaration.agentKey)) ?? null; + } + + async function companyAdapterUsage(companyId: string) { + const rows = await db + .select({ adapterType: agents.adapterType }) + .from(agents) + .where(and(eq(agents.companyId, companyId), ne(agents.status, "terminated"))); + const counts = new Map(); + for (const row of rows) { + const adapterType = normalizeAdapterType(row.adapterType); + if (!adapterType) continue; + counts.set(adapterType, (counts.get(adapterType) ?? 0) + 1); + } + return [...counts.entries()] + .map(([adapterType, count]) => ({ adapterType, count })) + .sort((a, b) => b.count - a.count || a.adapterType.localeCompare(b.adapterType)) + .slice(0, 10); + } + + async function resolveManagedAdapterType(companyId: string, declaration: PluginManagedAgentDeclaration) { + return selectPreferredAdapterType(declaration, await companyAdapterUsage(companyId)); + } + + async function materializeDeclaredInstructions( + companyId: string, + agent: Agent, + declaration: PluginManagedAgentDeclaration, + materializeOptions: { replaceExisting: boolean }, + ): Promise { + const variables = await optionsForInstructionVariables(companyId); + const declared = declaredInstructionFiles(declaration, variables); + if (!declared) return agent; + + const materialized = await instructions.materializeManagedBundle( + agent, + declared.files, + { + entryFile: declared.entryFile, + replaceExisting: materializeOptions.replaceExisting, + clearLegacyPromptTemplate: true, + }, + ); + const updated = await agentSvc.update(agent.id, { + adapterConfig: materialized.adapterConfig, + }, { + recordRevision: { + source: `plugin:${optionsForRevisionSource()}:managed-agent-instructions`, + }, + }); + return (updated as Agent | null) ?? { ...agent, adapterConfig: materialized.adapterConfig }; + } + + async function managedInstructionDefaultDrift( + companyId: string, + agent: Agent | null, + declaration: PluginManagedAgentDeclaration, + ): Promise { + if (!agent) return null; + const variables = await optionsForInstructionVariables(companyId); + const declared = declaredInstructionFiles(declaration, variables); + if (!declared) return null; + + let exported: Awaited>; + try { + exported = await instructions.exportFiles(agent); + } catch { + return { entryFile: declared.entryFile, changedFiles: [declared.entryFile] }; + } + + const paths = new Set([...Object.keys(declared.files), ...Object.keys(exported.files)]); + const changedFiles = [...paths] + .filter((filePath) => (exported.files[filePath] ?? null) !== (declared.files[filePath] ?? null)) + .sort((left, right) => left.localeCompare(right)); + if (exported.entryFile !== declared.entryFile && !changedFiles.includes(declared.entryFile)) { + changedFiles.unshift(declared.entryFile); + } + return changedFiles.length > 0 ? { entryFile: declared.entryFile, changedFiles } : null; + } + + async function optionsForInstructionVariables(companyId: string) { + return options.instructionTemplateVariables ? options.instructionTemplateVariables(companyId) : {}; + } + + function optionsForRevisionSource() { + return options.pluginKey; + } + + async function resolution( + companyId: string, + declaration: PluginManagedAgentDeclaration, + agent: Agent | null, + status: PluginManagedAgentResolution["status"], + approvalId?: string | null, + ): Promise { + return { + pluginKey: options.pluginKey, + resourceKind: "agent", + resourceKey: declaration.agentKey, + companyId, + agentId: agent?.id ?? null, + agent, + status, + approvalId: approvalId ?? null, + defaultDrift: await managedInstructionDefaultDrift(companyId, agent, declaration), + }; + } + + async function createManagedAgent(companyId: string, declaration: PluginManagedAgentDeclaration) { + const company = await db + .select() + .from(companies) + .where(eq(companies.id, companyId)) + .then((rows) => rows[0] ?? null); + if (!company) throw notFound("Company not found"); + + const requiresApproval = company.requireBoardApprovalForNewAgents; + const adapterType = await resolveManagedAdapterType(companyId, declaration); + let created = await agentSvc.create(companyId, { + ...declarationPatch(declaration, { adapterType }), + status: requiresApproval ? "pending_approval" : declaration.status ?? "idle", + metadata: managedMetadata(options.pluginId, options.pluginKey, declaration), + spentMonthlyCents: 0, + lastHeartbeatAt: null, + }) as Agent; + created = await materializeDeclaredInstructions(companyId, created, declaration, { replaceExisting: true }); + + let approvalId: string | null = null; + if (requiresApproval) { + const approval = await approvalSvc.create(companyId, { + type: "hire_agent", + requestedByAgentId: null, + requestedByUserId: null, + status: "pending", + payload: { + name: created.name, + role: created.role, + title: created.title, + icon: created.icon, + reportsTo: created.reportsTo, + capabilities: created.capabilities, + adapterType: created.adapterType, + adapterConfig: created.adapterConfig, + runtimeConfig: created.runtimeConfig, + budgetMonthlyCents: created.budgetMonthlyCents, + metadata: created.metadata, + agentId: created.id, + sourcePluginId: options.pluginId, + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.agentKey, + }, + decisionNote: null, + decidedByUserId: null, + decidedAt: null, + updatedAt: new Date(), + }); + approvalId = approval.id; + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "approval.created", + entityType: "approval", + entityId: approval.id, + details: { + type: "hire_agent", + linkedAgentId: created.id, + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.agentKey, + }, + }); + } + + await upsertBinding(companyId, declaration, created.id, { approvalId }, adapterType); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_agent.created", + entityType: "agent", + entityId: created.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.agentKey, + adapterType, + requiresApproval, + approvalId, + }, + }); + return resolution(companyId, declaration, created as Agent, "created", approvalId); + } + + async function get(agentKey: string, companyId: string) { + const declaration = declarationFor(agentKey); + const binding = await getBinding(companyId, agentKey); + const boundAgentId = typeof binding?.data?.agentId === "string" ? binding.data.agentId : null; + if (!boundAgentId) return resolution(companyId, declaration, null, "missing"); + const agent = await agentSvc.getById(boundAgentId); + if (!agent || agent.companyId !== companyId || agent.status === "terminated") { + return resolution(companyId, declaration, null, "missing"); + } + return resolution(companyId, declaration, agent as Agent, "resolved"); + } + + async function reconcile(agentKey: string, companyId: string) { + const declaration = declarationFor(agentKey); + const current = await get(agentKey, companyId); + if (current.agent) { + await upsertBinding(companyId, declaration, current.agent.id); + return current; + } + + const relinkCandidate = await findRelinkCandidate(companyId, declaration); + if (relinkCandidate) { + await upsertBinding(companyId, declaration, relinkCandidate.id); + const agent = await agentSvc.getById(relinkCandidate.id); + return resolution(companyId, declaration, agent as Agent, "relinked"); + } + + return createManagedAgent(companyId, declaration); + } + + async function reset(agentKey: string, companyId: string) { + const declaration = declarationFor(agentKey); + const reconciled = await reconcile(agentKey, companyId); + if (!reconciled.agent) return reconciled; + const currentMetadata = reconciled.agent.metadata && typeof reconciled.agent.metadata === "object" + ? reconciled.agent.metadata + : {}; + const adapterType = await resolveManagedAdapterType(companyId, declaration); + const updated = await agentSvc.update(reconciled.agent.id, { + ...declarationPatch(declaration, { adapterType }), + metadata: managedMetadata(options.pluginId, options.pluginKey, declaration, currentMetadata), + }, { + recordRevision: { + source: `plugin:${options.pluginKey}:managed-agent-reset`, + }, + }); + if (!updated) throw notFound("Managed agent not found"); + const updatedAgent = await materializeDeclaredInstructions(companyId, updated as Agent, declaration, { replaceExisting: true }); + await upsertBinding(companyId, declaration, updatedAgent.id, {}, adapterType); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_agent.reset", + entityType: "agent", + entityId: updatedAgent.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.agentKey, + }, + }); + return resolution(companyId, declaration, updatedAgent, "reset"); + } + + return { + get, + reconcile, + reset, + }; +} diff --git a/server/src/services/plugin-managed-routines.ts b/server/src/services/plugin-managed-routines.ts new file mode 100644 index 00000000..94027dd3 --- /dev/null +++ b/server/src/services/plugin-managed-routines.ts @@ -0,0 +1,523 @@ +import { and, eq } from "drizzle-orm"; +import type { Db } from "@paperclipai/db"; +import { + agents, + pluginManagedResources, + plugins, + projects, + routines, + routineTriggers, +} from "@paperclipai/db"; +import type { + CreateRoutineTrigger, + PluginManagedResourceRef, + PluginManagedRoutineDeclaration, + PluginManagedRoutineResolution, + Routine, + RoutineManagedByPlugin, + RoutineStatus, +} from "@paperclipai/shared"; +import { ROUTINE_STATUSES } from "@paperclipai/shared"; +import { notFound, unprocessable } from "../errors.js"; +import { logActivity } from "./activity-log.js"; +import { routineService } from "./routines.js"; +import type { PluginWorkerManager } from "./plugin-worker-manager.js"; + +const MANAGED_ROUTINE_RESOURCE_KIND = "routine"; + +interface PluginManagedRoutineServiceOptions { + pluginId: string; + pluginKey: string; + manifest?: import("@paperclipai/shared").PaperclipPluginManifestV1 | null; + pluginWorkerManager?: PluginWorkerManager; +} + +interface RoutineOverrides { + assigneeAgentId?: string | null; + projectId?: string | null; +} + +function buildRoutineDefaults(declaration: PluginManagedRoutineDeclaration) { + return { + routineKey: declaration.routineKey, + title: declaration.title, + description: declaration.description ?? null, + assigneeRef: declaration.assigneeRef ?? null, + projectRef: declaration.projectRef ?? null, + goalId: declaration.goalId ?? null, + status: declaration.status ?? null, + priority: declaration.priority ?? "medium", + concurrencyPolicy: declaration.concurrencyPolicy ?? "coalesce_if_active", + catchUpPolicy: declaration.catchUpPolicy ?? "skip_missed", + variables: declaration.variables ?? [], + triggers: declaration.triggers ?? [], + issueTemplate: declaration.issueTemplate ?? null, + }; +} + +function normalizeRef( + pluginKey: string, + ref: PluginManagedResourceRef | null | undefined, + resourceKind: "agent" | "project", +) { + if (!ref) return null; + if (ref.resourceKind !== resourceKind) { + throw unprocessable(`Managed routine ${resourceKind} ref must target ${resourceKind}`); + } + if (ref.pluginKey && ref.pluginKey !== pluginKey) { + throw unprocessable("Managed routine refs must target the declaring plugin"); + } + return { ...ref, pluginKey }; +} + +function managedByPlugin(row: { + id: string; + pluginId: string; + pluginKey: string; + manifestJson: { displayName?: string } | null; + resourceKey: string; + defaultsJson: Record; + createdAt: Date; + updatedAt: Date; +}): RoutineManagedByPlugin { + return { + id: row.id, + pluginId: row.pluginId, + pluginKey: row.pluginKey, + pluginDisplayName: row.manifestJson?.displayName ?? row.pluginKey, + resourceKind: "routine", + resourceKey: row.resourceKey, + defaultsJson: row.defaultsJson, + createdAt: row.createdAt, + updatedAt: row.updatedAt, + }; +} + +function triggerInput(trigger: NonNullable[number]): CreateRoutineTrigger { + if (trigger.kind === "schedule") { + if (!trigger.cronExpression) { + throw unprocessable("Managed schedule routine triggers require cronExpression"); + } + return { + kind: "schedule", + label: trigger.label ?? null, + enabled: trigger.enabled ?? true, + cronExpression: trigger.cronExpression, + timezone: trigger.timezone ?? "UTC", + }; + } + if (trigger.kind === "webhook") { + return { + kind: "webhook", + label: trigger.label ?? null, + enabled: trigger.enabled ?? true, + signingMode: (trigger.signingMode ?? "bearer") as Extract["signingMode"], + replayWindowSec: trigger.replayWindowSec ?? 300, + }; + } + return { + kind: "api", + label: trigger.label ?? null, + enabled: trigger.enabled ?? true, + }; +} + +export function pluginManagedRoutineService( + db: Db, + options: PluginManagedRoutineServiceOptions, +) { + const routinesSvc = routineService(db, { + pluginWorkerManager: options.pluginWorkerManager, + }); + + function declarationFor(routineKey: string) { + const declaration = options.manifest?.routines?.find((routine) => routine.routineKey === routineKey); + if (!declaration) { + throw notFound(`Managed routine declaration not found: ${routineKey}`); + } + return declaration; + } + + async function getBinding(companyId: string, routineKey: string) { + return db + .select({ + id: pluginManagedResources.id, + companyId: pluginManagedResources.companyId, + pluginId: pluginManagedResources.pluginId, + pluginKey: pluginManagedResources.pluginKey, + resourceKind: pluginManagedResources.resourceKind, + resourceKey: pluginManagedResources.resourceKey, + resourceId: pluginManagedResources.resourceId, + defaultsJson: pluginManagedResources.defaultsJson, + manifestJson: plugins.manifestJson, + createdAt: pluginManagedResources.createdAt, + updatedAt: pluginManagedResources.updatedAt, + }) + .from(pluginManagedResources) + .innerJoin(plugins, eq(pluginManagedResources.pluginId, plugins.id)) + .where( + and( + eq(pluginManagedResources.companyId, companyId), + eq(pluginManagedResources.pluginId, options.pluginId), + eq(pluginManagedResources.resourceKind, MANAGED_ROUTINE_RESOURCE_KIND), + eq(pluginManagedResources.resourceKey, routineKey), + ), + ) + .then((rows) => rows[0] ?? null); + } + + async function upsertBinding( + companyId: string, + declaration: PluginManagedRoutineDeclaration, + routineId: string, + ) { + const defaultsJson = buildRoutineDefaults(declaration); + const existing = await getBinding(companyId, declaration.routineKey); + if (existing) { + return db + .update(pluginManagedResources) + .set({ + resourceId: routineId, + defaultsJson, + updatedAt: new Date(), + }) + .where(eq(pluginManagedResources.id, existing.id)) + .returning() + .then((rows) => rows[0]); + } + return db + .insert(pluginManagedResources) + .values({ + companyId, + pluginId: options.pluginId, + pluginKey: options.pluginKey, + resourceKind: MANAGED_ROUTINE_RESOURCE_KIND, + resourceKey: declaration.routineKey, + resourceId: routineId, + defaultsJson, + }) + .returning() + .then((rows) => rows[0]); + } + + async function getRoutineWithManagedBy(companyId: string, declaration: PluginManagedRoutineDeclaration) { + const binding = await getBinding(companyId, declaration.routineKey); + if (!binding) return null; + const routine = await db + .select() + .from(routines) + .where(and(eq(routines.companyId, companyId), eq(routines.id, binding.resourceId))) + .then((rows) => rows[0] ?? null); + if (!routine) return null; + return { + ...routine, + managedByPlugin: managedByPlugin(binding), + } as Routine; + } + + async function resolveAgentId( + companyId: string, + declaration: PluginManagedRoutineDeclaration, + overrides?: RoutineOverrides, + ) { + if (overrides?.assigneeAgentId !== undefined) { + if (!overrides.assigneeAgentId) return { agentId: null, missingRef: null }; + const row = await db + .select({ id: agents.id }) + .from(agents) + .where(and(eq(agents.companyId, companyId), eq(agents.id, overrides.assigneeAgentId))) + .then((rows) => rows[0] ?? null); + if (!row) throw notFound("Assignee agent not found"); + return { agentId: row.id, missingRef: null }; + } + + const ref = normalizeRef(options.pluginKey, declaration.assigneeRef, "agent"); + if (!ref) return { agentId: null, missingRef: null }; + const binding = await db + .select({ resourceId: pluginManagedResources.resourceId }) + .from(pluginManagedResources) + .where( + and( + eq(pluginManagedResources.companyId, companyId), + eq(pluginManagedResources.pluginId, options.pluginId), + eq(pluginManagedResources.resourceKind, "agent"), + eq(pluginManagedResources.resourceKey, ref.resourceKey), + ), + ) + .then((rows) => rows[0] ?? null); + if (!binding) return { agentId: null, missingRef: ref }; + const row = await db + .select({ id: agents.id }) + .from(agents) + .where(and(eq(agents.companyId, companyId), eq(agents.id, binding.resourceId))) + .then((rows) => rows[0] ?? null); + return row ? { agentId: row.id, missingRef: null } : { agentId: null, missingRef: ref }; + } + + async function resolveProjectId( + companyId: string, + declaration: PluginManagedRoutineDeclaration, + overrides?: RoutineOverrides, + ) { + if (overrides?.projectId !== undefined) { + if (!overrides.projectId) return { projectId: null, missingRef: null }; + const row = await db + .select({ id: projects.id }) + .from(projects) + .where(and(eq(projects.companyId, companyId), eq(projects.id, overrides.projectId))) + .then((rows) => rows[0] ?? null); + if (!row) throw notFound("Project not found"); + return { projectId: row.id, missingRef: null }; + } + + const ref = normalizeRef(options.pluginKey, declaration.projectRef, "project"); + if (!ref) return { projectId: null, missingRef: null }; + const binding = await db + .select({ resourceId: pluginManagedResources.resourceId }) + .from(pluginManagedResources) + .where( + and( + eq(pluginManagedResources.companyId, companyId), + eq(pluginManagedResources.pluginId, options.pluginId), + eq(pluginManagedResources.resourceKind, "project"), + eq(pluginManagedResources.resourceKey, ref.resourceKey), + ), + ) + .then((rows) => rows[0] ?? null); + if (!binding) return { projectId: null, missingRef: ref }; + const row = await db + .select({ id: projects.id }) + .from(projects) + .where(and(eq(projects.companyId, companyId), eq(projects.id, binding.resourceId))) + .then((rows) => rows[0] ?? null); + return row ? { projectId: row.id, missingRef: null } : { projectId: null, missingRef: ref }; + } + + async function resolveRefs( + companyId: string, + declaration: PluginManagedRoutineDeclaration, + overrides?: RoutineOverrides, + ) { + const [agent, project] = await Promise.all([ + resolveAgentId(companyId, declaration, overrides), + resolveProjectId(companyId, declaration, overrides), + ]); + const missingRefs: PluginManagedResourceRef[] = []; + if (agent.missingRef) missingRefs.push(agent.missingRef); + if (project.missingRef) missingRefs.push(project.missingRef); + return { + assigneeAgentId: agent.agentId, + projectId: project.projectId, + missingRefs, + }; + } + + function resolution( + companyId: string, + declaration: PluginManagedRoutineDeclaration, + routine: Routine | null, + status: PluginManagedRoutineResolution["status"], + missingRefs: PluginManagedResourceRef[] = [], + ): PluginManagedRoutineResolution { + return { + pluginKey: options.pluginKey, + resourceKind: "routine", + resourceKey: declaration.routineKey, + companyId, + routineId: routine?.id ?? null, + routine, + status, + missingRefs, + }; + } + + async function ensureDefaultTriggers( + routineId: string, + declaration: PluginManagedRoutineDeclaration, + ) { + const triggers = declaration.triggers ?? []; + if (triggers.length === 0) return; + const existingCount = await db + .select({ id: routineTriggers.id }) + .from(routineTriggers) + .where(eq(routineTriggers.routineId, routineId)) + .limit(1) + .then((rows) => rows.length); + if (existingCount > 0) return; + + for (const trigger of triggers) { + await routinesSvc.createTrigger(routineId, triggerInput(trigger), { agentId: null, userId: null }); + } + } + + async function createManagedRoutine( + companyId: string, + declaration: PluginManagedRoutineDeclaration, + overrides?: RoutineOverrides, + ) { + const refs = await resolveRefs(companyId, declaration, overrides); + if (refs.missingRefs.length > 0) { + return resolution(companyId, declaration, null, "missing_refs", refs.missingRefs); + } + + const created = await routinesSvc.create(companyId, { + projectId: refs.projectId, + goalId: declaration.goalId ?? null, + title: declaration.title, + description: declaration.description ?? null, + assigneeAgentId: refs.assigneeAgentId, + priority: declaration.priority ?? "medium", + status: declaration.status ?? (refs.assigneeAgentId ? "active" : "paused"), + concurrencyPolicy: declaration.concurrencyPolicy ?? "coalesce_if_active", + catchUpPolicy: declaration.catchUpPolicy ?? "skip_missed", + variables: declaration.variables ?? [], + }, { agentId: null, userId: null }); + await upsertBinding(companyId, declaration, created.id); + await ensureDefaultTriggers(created.id, declaration); + const routine = await getRoutineWithManagedBy(companyId, declaration); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_routine.created", + entityType: "routine", + entityId: created.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.routineKey, + assigneeAgentId: refs.assigneeAgentId, + projectId: refs.projectId, + }, + }); + return resolution(companyId, declaration, routine, "created"); + } + + async function get(routineKey: string, companyId: string) { + const declaration = declarationFor(routineKey); + const routine = await getRoutineWithManagedBy(companyId, declaration); + return resolution(companyId, declaration, routine, routine ? "resolved" : "missing"); + } + + async function reconcile(routineKey: string, companyId: string, overrides?: RoutineOverrides) { + const declaration = declarationFor(routineKey); + const current = await get(routineKey, companyId); + if (current.routine) { + await upsertBinding(companyId, declaration, current.routine.id); + await ensureDefaultTriggers(current.routine.id, declaration); + return current; + } + return createManagedRoutine(companyId, declaration, overrides); + } + + async function reset(routineKey: string, companyId: string, overrides?: RoutineOverrides) { + const declaration = declarationFor(routineKey); + const current = await get(routineKey, companyId); + if (!current.routine) { + return createManagedRoutine(companyId, declaration, overrides); + } + + const refs = await resolveRefs(companyId, declaration, overrides); + if (refs.missingRefs.length > 0) { + return resolution(companyId, declaration, current.routine, "missing_refs", refs.missingRefs); + } + const updated = await routinesSvc.update(current.routine.id, { + projectId: refs.projectId, + goalId: declaration.goalId ?? null, + title: declaration.title, + description: declaration.description ?? null, + assigneeAgentId: refs.assigneeAgentId, + priority: declaration.priority ?? "medium", + status: declaration.status ?? (refs.assigneeAgentId ? "active" : "paused"), + concurrencyPolicy: declaration.concurrencyPolicy ?? "coalesce_if_active", + catchUpPolicy: declaration.catchUpPolicy ?? "skip_missed", + variables: declaration.variables ?? [], + }, { agentId: null, userId: null }); + if (!updated) throw notFound("Managed routine not found"); + await upsertBinding(companyId, declaration, updated.id); + await ensureDefaultTriggers(updated.id, declaration); + const routine = await getRoutineWithManagedBy(companyId, declaration); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_routine.reset", + entityType: "routine", + entityId: updated.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.routineKey, + assigneeAgentId: refs.assigneeAgentId, + projectId: refs.projectId, + }, + }); + return resolution(companyId, declaration, routine, "reset"); + } + + async function update( + routineKey: string, + companyId: string, + patch: { status?: string }, + ) { + const declaration = declarationFor(routineKey); + const current = await get(routineKey, companyId); + if (!current.routine) throw notFound("Managed routine not found"); + const updatePatch: { status?: RoutineStatus } = {}; + if (patch.status !== undefined) { + if (!ROUTINE_STATUSES.includes(patch.status as RoutineStatus)) { + throw unprocessable("Invalid routine status"); + } + updatePatch.status = patch.status as RoutineStatus; + } + const updated = await routinesSvc.update(current.routine.id, updatePatch, { agentId: null, userId: null }); + if (!updated) throw notFound("Managed routine not found"); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_routine.updated", + entityType: "routine", + entityId: updated.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.routineKey, + status: updated.status, + }, + }); + const routine = await getRoutineWithManagedBy(companyId, declaration); + return routine ?? updated; + } + + async function run(routineKey: string, companyId: string, overrides?: RoutineOverrides) { + const declaration = declarationFor(routineKey); + const current = await get(routineKey, companyId); + if (!current.routine) throw notFound("Managed routine not found"); + const run = await routinesSvc.runRoutine(current.routine.id, { + source: "manual", + assigneeAgentId: overrides?.assigneeAgentId, + projectId: overrides?.projectId, + }, { agentId: null, userId: null }); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_routine.run_triggered", + entityType: "routine_run", + entityId: run.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.routineKey, + routineId: current.routine.id, + status: run.status, + }, + }); + return run; + } + + return { + get, + reconcile, + reset, + update, + run, + }; +} diff --git a/server/src/services/plugin-managed-skills.ts b/server/src/services/plugin-managed-skills.ts new file mode 100644 index 00000000..0d6ca9c3 --- /dev/null +++ b/server/src/services/plugin-managed-skills.ts @@ -0,0 +1,359 @@ +import { and, eq } from "drizzle-orm"; +import type { Db } from "@paperclipai/db"; +import { + pluginManagedResources, +} from "@paperclipai/db"; +import { normalizeAgentUrlKey } from "@paperclipai/shared"; +import type { + CompanySkill, + PaperclipPluginManifestV1, + PluginManagedSkillDeclaration, + PluginManagedSkillResolution, +} from "@paperclipai/shared"; +import { notFound } from "../errors.js"; +import { logActivity } from "./activity-log.js"; +import { companySkillService } from "./company-skills.js"; + +const MANAGED_SKILL_RESOURCE_KIND = "skill"; + +interface PluginManagedSkillServiceOptions { + pluginId: string; + pluginKey: string; + manifest?: PaperclipPluginManifestV1 | null; +} + +function pluginKeySlug(pluginKey: string) { + return normalizeAgentUrlKey(pluginKey) ?? "plugin"; +} + +function canonicalSkillKey(pluginKey: string, skillKey: string) { + return `plugin/${pluginKeySlug(pluginKey)}/${skillKey}`; +} + +function yamlString(value: string) { + return JSON.stringify(value); +} + +function buildDefaultMarkdown( + pluginKey: string, + declaration: PluginManagedSkillDeclaration, +) { + const description = declaration.description?.trim() || `${declaration.displayName} plugin skill.`; + return [ + "---", + `name: ${yamlString(declaration.displayName)}`, + `description: ${yamlString(description)}`, + `key: ${yamlString(canonicalSkillKey(pluginKey, declaration.skillKey))}`, + "---", + "", + `# ${declaration.displayName}`, + "", + description, + "", + ].join("\n"); +} + +function withManagedSkillKey(markdown: string, canonicalKey: string) { + const keyLine = `key: ${yamlString(canonicalKey)}`; + const normalized = markdown.replace(/\r\n/g, "\n"); + const frontmatter = /^---\n([\s\S]*?)\n---(\n?)/.exec(normalized); + if (!frontmatter) { + return [ + "---", + keyLine, + "---", + "", + normalized, + ].join("\n"); + } + + const currentBody = frontmatter[1] ?? ""; + const nextBody = /^key\s*:/m.test(currentBody) + ? currentBody.replace(/^key\s*:.*$/m, keyLine) + : [currentBody, keyLine].filter(Boolean).join("\n"); + return `---\n${nextBody}\n---${frontmatter[2] ?? ""}${normalized.slice(frontmatter[0].length)}`; +} + +function buildPackageFiles( + pluginKey: string, + declaration: PluginManagedSkillDeclaration, +) { + const root = declaration.skillKey; + const canonicalKey = canonicalSkillKey(pluginKey, declaration.skillKey); + const files: Record = { + [`${root}/SKILL.md`]: declaration.markdown?.trim() + ? withManagedSkillKey(declaration.markdown, canonicalKey) + : buildDefaultMarkdown(pluginKey, declaration), + }; + for (const file of declaration.files ?? []) { + files[`${root}/${file.path}`] = file.content; + } + return files; +} + +function buildDeclaredSkillFiles( + pluginKey: string, + declaration: PluginManagedSkillDeclaration, +) { + const packageFiles = buildPackageFiles(pluginKey, declaration); + const root = declaration.skillKey; + const prefix = `${root}/`; + const files: Record = {}; + for (const [filePath, content] of Object.entries(packageFiles)) { + files[filePath.startsWith(prefix) ? filePath.slice(prefix.length) : filePath] = content; + } + return files; +} + +function buildSkillDefaults( + pluginKey: string, + declaration: PluginManagedSkillDeclaration, +) { + return { + skillKey: declaration.skillKey, + displayName: declaration.displayName, + slug: declaration.slug ?? declaration.skillKey, + description: declaration.description ?? null, + canonicalKey: canonicalSkillKey(pluginKey, declaration.skillKey), + files: [ + "SKILL.md", + ...(declaration.files ?? []).map((file) => file.path), + ], + }; +} + +function stableJson(value: unknown): string { + if (Array.isArray(value)) return `[${value.map(stableJson).join(",")}]`; + if (value && typeof value === "object") { + return `{${Object.entries(value as Record) + .sort(([left], [right]) => left.localeCompare(right)) + .map(([key, entry]) => `${JSON.stringify(key)}:${stableJson(entry)}`) + .join(",")}}`; + } + return JSON.stringify(value); +} + +function resolution( + pluginKey: string, + companyId: string, + declaration: PluginManagedSkillDeclaration, + skill: CompanySkill | null, + status: PluginManagedSkillResolution["status"], + defaultDrift: PluginManagedSkillResolution["defaultDrift"] = null, +): PluginManagedSkillResolution { + return { + pluginKey, + resourceKind: "skill", + resourceKey: declaration.skillKey, + companyId, + skillId: skill?.id ?? null, + skill, + status, + defaultDrift, + }; +} + +export function pluginManagedSkillService( + db: Db, + options: PluginManagedSkillServiceOptions, +) { + const skills = companySkillService(db); + + function declarationFor(skillKey: string) { + const declaration = options.manifest?.skills?.find((skill) => skill.skillKey === skillKey); + if (!declaration) { + throw notFound(`Managed skill declaration not found: ${skillKey}`); + } + return declaration; + } + + async function getBinding(companyId: string, skillKey: string) { + return db + .select() + .from(pluginManagedResources) + .where(and( + eq(pluginManagedResources.companyId, companyId), + eq(pluginManagedResources.pluginId, options.pluginId), + eq(pluginManagedResources.resourceKind, MANAGED_SKILL_RESOURCE_KIND), + eq(pluginManagedResources.resourceKey, skillKey), + )) + .then((rows) => rows[0] ?? null); + } + + async function upsertBinding( + companyId: string, + declaration: PluginManagedSkillDeclaration, + skillId: string, + ) { + const defaultsJson = buildSkillDefaults(options.pluginKey, declaration); + const existing = await getBinding(companyId, declaration.skillKey); + if (existing) { + if ( + existing.resourceId === skillId && + stableJson(existing.defaultsJson) === stableJson(defaultsJson) + ) { + return existing; + } + return db + .update(pluginManagedResources) + .set({ + resourceId: skillId, + defaultsJson, + updatedAt: new Date(), + }) + .where(eq(pluginManagedResources.id, existing.id)) + .returning() + .then((rows) => rows[0]); + } + return db + .insert(pluginManagedResources) + .values({ + companyId, + pluginId: options.pluginId, + pluginKey: options.pluginKey, + resourceKind: MANAGED_SKILL_RESOURCE_KIND, + resourceKey: declaration.skillKey, + resourceId: skillId, + defaultsJson, + }) + .returning() + .then((rows) => rows[0]); + } + + async function getSkill(companyId: string, skillId: string) { + return skills.getById(companyId, skillId); + } + + async function managedSkillDefaultDrift( + companyId: string, + skill: CompanySkill | null, + declaration: PluginManagedSkillDeclaration, + ): Promise { + if (!skill) return null; + const declaredFiles = buildDeclaredSkillFiles(options.pluginKey, declaration); + const currentFiles: Record = {}; + const paths = new Set([ + ...Object.keys(declaredFiles), + ...skill.fileInventory.map((entry) => entry.path), + ]); + + for (const filePath of paths) { + if (filePath === "SKILL.md") { + currentFiles[filePath] = skill.markdown; + continue; + } + try { + currentFiles[filePath] = (await skills.readFile(companyId, skill.id, filePath))?.content ?? null; + } catch { + currentFiles[filePath] = null; + } + } + + const changedFiles = [...paths] + .filter((filePath) => (currentFiles[filePath] ?? null) !== (declaredFiles[filePath] ?? null)) + .sort((left, right) => left.localeCompare(right)); + return changedFiles.length > 0 ? { changedFiles } : null; + } + + async function resolvedSkill( + companyId: string, + declaration: PluginManagedSkillDeclaration, + skill: CompanySkill | null, + status: PluginManagedSkillResolution["status"], + ) { + return resolution( + options.pluginKey, + companyId, + declaration, + skill, + status, + await managedSkillDefaultDrift(companyId, skill, declaration), + ); + } + + async function importDeclaredSkill( + companyId: string, + declaration: PluginManagedSkillDeclaration, + mode: "reconcile" | "reset", + ) { + const beforeByKey = mode === "reconcile" + ? await skills.getByKey(companyId, canonicalSkillKey(options.pluginKey, declaration.skillKey)) + : null; + if (beforeByKey) { + await upsertBinding(companyId, declaration, beforeByKey.id); + return { skill: beforeByKey, status: "relinked" as const }; + } + const results = await skills.importPackageFiles( + companyId, + buildPackageFiles(options.pluginKey, declaration), + { onConflict: "replace" }, + ); + const imported = results.find((result) => + result.skill.key === canonicalSkillKey(options.pluginKey, declaration.skillKey) + || result.originalSlug === (declaration.slug ?? declaration.skillKey) + || result.originalSlug === declaration.skillKey + )?.skill ?? results[0]?.skill ?? null; + if (!imported) { + throw notFound(`Managed skill was not imported: ${declaration.skillKey}`); + } + await upsertBinding(companyId, declaration, imported.id); + const status: PluginManagedSkillResolution["status"] = mode === "reset" ? "reset" : "created"; + return { skill: imported, status }; + } + + async function get(skillKey: string, companyId: string) { + const declaration = declarationFor(skillKey); + const binding = await getBinding(companyId, skillKey); + if (!binding) return resolvedSkill(companyId, declaration, null, "missing"); + const skill = await getSkill(companyId, binding.resourceId); + return resolvedSkill(companyId, declaration, skill, skill ? "resolved" : "missing"); + } + + async function reconcile(skillKey: string, companyId: string) { + const declaration = declarationFor(skillKey); + const current = await get(skillKey, companyId); + if (current.skill) { + await upsertBinding(companyId, declaration, current.skill.id); + return current; + } + const imported = await importDeclaredSkill(companyId, declaration, "reconcile"); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_skill.reconciled", + entityType: "company_skill", + entityId: imported.skill.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.skillKey, + status: imported.status, + }, + }); + return resolvedSkill(companyId, declaration, imported.skill, imported.status); + } + + async function reset(skillKey: string, companyId: string) { + const declaration = declarationFor(skillKey); + const imported = await importDeclaredSkill(companyId, declaration, "reset"); + await logActivity(db, { + companyId, + actorType: "plugin", + actorId: options.pluginId, + action: "plugin.managed_skill.reset", + entityType: "company_skill", + entityId: imported.skill.id, + details: { + sourcePluginKey: options.pluginKey, + managedResourceKey: declaration.skillKey, + }, + }); + return resolvedSkill(companyId, declaration, imported.skill, "reset"); + } + + return { + get, + reconcile, + reset, + }; +} diff --git a/server/src/services/plugin-registry.ts b/server/src/services/plugin-registry.ts index 79859a4e..ce544a9c 100644 --- a/server/src/services/plugin-registry.ts +++ b/server/src/services/plugin-registry.ts @@ -3,6 +3,7 @@ import type { Db } from "@paperclipai/db"; import { plugins, pluginConfig, + pluginCompanySettings, pluginEntities, pluginJobs, pluginJobRuns, @@ -15,6 +16,7 @@ import type { UpdatePluginStatus, UpsertPluginConfig, PatchPluginConfig, + PluginCompanySettings, PluginEntityRecord, PluginEntityQuery, PluginJobRecord, @@ -387,6 +389,64 @@ export function pluginRegistryService(db: Db) { return rows[0] ?? null; }, + // ----- Company settings ---------------------------------------------- + + /** Retrieve company-scoped plugin settings. */ + getCompanySettings: (pluginId: string, companyId: string): Promise => + db + .select() + .from(pluginCompanySettings) + .where(and( + eq(pluginCompanySettings.pluginId, pluginId), + eq(pluginCompanySettings.companyId, companyId), + )) + .then((rows) => rows[0] ?? null) as Promise, + + /** Create or replace company-scoped plugin settings. */ + upsertCompanySettings: async ( + pluginId: string, + companyId: string, + input: { enabled?: boolean; settingsJson: Record; lastError?: string | null }, + ): Promise => { + const plugin = await getById(pluginId); + if (!plugin) throw notFound("Plugin not found"); + + const existing = await db + .select() + .from(pluginCompanySettings) + .where(and( + eq(pluginCompanySettings.pluginId, pluginId), + eq(pluginCompanySettings.companyId, companyId), + )) + .then((rows) => rows[0] ?? null); + + if (existing) { + return db + .update(pluginCompanySettings) + .set({ + enabled: input.enabled ?? existing.enabled, + settingsJson: input.settingsJson, + lastError: input.lastError ?? null, + updatedAt: new Date(), + }) + .where(eq(pluginCompanySettings.id, existing.id)) + .returning() + .then((rows) => rows[0]) as Promise; + } + + return db + .insert(pluginCompanySettings) + .values({ + pluginId, + companyId, + enabled: input.enabled ?? true, + settingsJson: input.settingsJson, + lastError: input.lastError ?? null, + }) + .returning() + .then((rows) => rows[0]) as Promise; + }, + // ----- Entities ------------------------------------------------------- /** diff --git a/server/src/services/plugin-secrets-handler.ts b/server/src/services/plugin-secrets-handler.ts index b80ae187..ccc5878a 100644 --- a/server/src/services/plugin-secrets-handler.ts +++ b/server/src/services/plugin-secrets-handler.ts @@ -33,38 +33,20 @@ * @see services/secrets.ts — secretService used by agent env bindings */ -import { eq, and, desc } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; -import { companySecrets, companySecretVersions, pluginConfig } from "@paperclipai/db"; -import type { SecretProvider } from "@paperclipai/shared"; -import { getSecretProvider } from "../secrets/provider-registry.js"; -import { pluginRegistryService } from "./plugin-registry.js"; import { collectSecretRefPaths, isUuidSecretRef, readConfigValueAtPath, } from "./json-schema-secret-refs.js"; +export const PLUGIN_SECRET_REFS_DISABLED_MESSAGE = + "Plugin secret references are disabled until company-scoped plugin config lands"; + // --------------------------------------------------------------------------- // Error helpers // --------------------------------------------------------------------------- -/** - * Create a sanitised error that never leaks secret material. - * Only the ref identifier is included; never the resolved value. - */ -function secretNotFound(secretRef: string): Error { - const err = new Error(`Secret not found: ${secretRef}`); - err.name = "SecretNotFoundError"; - return err; -} - -function secretVersionNotFound(secretRef: string): Error { - const err = new Error(`No version found for secret: ${secretRef}`); - err.name = "SecretVersionNotFoundError"; - return err; -} - function invalidSecretRef(secretRef: string): Error { const err = new Error(`Invalid secret reference: ${secretRef}`); err.name = "InvalidSecretRefError"; @@ -86,8 +68,20 @@ export function extractSecretRefsFromConfig( configJson: unknown, schema?: Record | null, ): Set { - const refs = new Set(); - if (configJson == null || typeof configJson !== "object") return refs; + return new Set(extractSecretRefPathsFromConfig(configJson, schema).keys()); +} + +export function extractSecretRefPathsFromConfig( + configJson: unknown, + schema?: Record | null, +): Map> { + const refs = new Map>(); + const addRef = (secretRef: string, path: string) => { + const existing = refs.get(secretRef) ?? new Set(); + existing.add(path); + refs.set(secretRef, existing); + }; + if (configJson == null || typeof configJson !== "object") return new Map(); const secretPaths = collectSecretRefPaths(schema); @@ -96,7 +90,7 @@ export function extractSecretRefsFromConfig( for (const dotPath of secretPaths) { const current = readConfigValueAtPath(configJson as Record, dotPath); if (typeof current === "string" && isUuidSecretRef(current)) { - refs.add(current); + addRef(current, dotPath); } } return refs; @@ -107,7 +101,7 @@ export function extractSecretRefsFromConfig( // instanceConfigSchema. function walkAll(value: unknown): void { if (typeof value === "string") { - if (isUuidSecretRef(value)) refs.add(value); + if (isUuidSecretRef(value)) addRef(value, "$"); } else if (Array.isArray(value)) { for (const item of value) walkAll(item); } else if (value !== null && typeof value === "object") { @@ -205,16 +199,11 @@ function createRateLimiter(maxAttempts: number, windowMs: number) { export function createPluginSecretsHandler( options: PluginSecretsHandlerOptions, ): PluginSecretsService { - const { db, pluginId } = options; - const registry = pluginRegistryService(db); + const { pluginId } = options; // Rate limit: max 30 resolution attempts per plugin per minute const rateLimiter = createRateLimiter(30, 60_000); - let cachedAllowedRefs: Set | null = null; - let cachedAllowedRefsExpiry = 0; - const CONFIG_CACHE_TTL_MS = 30_000; // 30 seconds, matches event bus TTL - return { async resolve(params: PluginSecretsResolveParams): Promise { const { secretRef } = params; @@ -241,72 +230,9 @@ export function createPluginSecretsHandler( throw invalidSecretRef(trimmedRef); } - // --------------------------------------------------------------- - // 1b. Scope check — only allow secrets referenced in this plugin's config - // --------------------------------------------------------------- - const now = Date.now(); - if (!cachedAllowedRefs || now > cachedAllowedRefsExpiry) { - const [configRow, plugin] = await Promise.all([ - db - .select() - .from(pluginConfig) - .where(eq(pluginConfig.pluginId, pluginId)) - .then((rows) => rows[0] ?? null), - registry.getById(pluginId), - ]); - - const schema = (plugin?.manifestJson as unknown as Record | null) - ?.instanceConfigSchema as Record | undefined; - cachedAllowedRefs = extractSecretRefsFromConfig(configRow?.configJson, schema); - cachedAllowedRefsExpiry = now + CONFIG_CACHE_TTL_MS; - } - - if (!cachedAllowedRefs.has(trimmedRef)) { - // Return "not found" to avoid leaking whether the secret exists - throw secretNotFound(trimmedRef); - } - - // --------------------------------------------------------------- - // 2. Look up the secret record by UUID - // --------------------------------------------------------------- - const secret = await db - .select() - .from(companySecrets) - .where(eq(companySecrets.id, trimmedRef)) - .then((rows) => rows[0] ?? null); - - if (!secret) { - throw secretNotFound(trimmedRef); - } - - // --------------------------------------------------------------- - // 3. Fetch the latest version's material - // --------------------------------------------------------------- - const versionRow = await db - .select() - .from(companySecretVersions) - .where( - and( - eq(companySecretVersions.secretId, secret.id), - eq(companySecretVersions.version, secret.latestVersion), - ), - ) - .then((rows) => rows[0] ?? null); - - if (!versionRow) { - throw secretVersionNotFound(trimmedRef); - } - - // --------------------------------------------------------------- - // 4. Resolve through the appropriate secret provider - // --------------------------------------------------------------- - const provider = getSecretProvider(secret.provider as SecretProvider); - const resolved = await provider.resolveVersion({ - material: versionRow.material as Record, - externalRef: secret.externalRef, - }); - - return resolved; + // Fail closed until plugin config and worker runtime both carry an + // explicit company scope for secret bindings and resolution. + throw new Error(PLUGIN_SECRET_REFS_DISABLED_MESSAGE); }, }; } diff --git a/server/src/services/plugin-worker-manager.ts b/server/src/services/plugin-worker-manager.ts index 993a64e5..facae176 100644 --- a/server/src/services/plugin-worker-manager.ts +++ b/server/src/services/plugin-worker-manager.ts @@ -1006,7 +1006,7 @@ export function createPluginWorkerHandle( params: HostToWorkerMethods[M][0], timeoutMs?: number, ): Promise { - return new Promise((resolve, reject) => { + const rpcPromise = new Promise((resolve, reject) => { if (!childProcess?.stdin?.writable) { reject( new Error( @@ -1076,6 +1076,14 @@ export function createPluginWorkerHandle( ); } }); + + // Some call sites hand these promises across async boundaries before + // attaching their own handlers. Mark the promise as handled here so a + // worker-side JSON-RPC error can fail the caller without killing the host + // process via an unhandled rejection. + void rpcPromise.catch(() => undefined); + + return rpcPromise; } // ----------------------------------------------------------------------- diff --git a/server/src/services/productivity-review.ts b/server/src/services/productivity-review.ts index 1b14a1cb..c9cd0dcd 100644 --- a/server/src/services/productivity-review.ts +++ b/server/src/services/productivity-review.ts @@ -14,6 +14,10 @@ import { logger } from "../middleware/logger.js"; import { logActivity } from "./activity-log.js"; import { budgetService } from "./budgets.js"; import { issueService } from "./issues.js"; +import { + recoveryAssigneeAdapterOverrides, + withRecoveryModelProfileHint, +} from "./recovery/model-profile-hint.js"; import { RECOVERY_ORIGIN_KINDS } from "./recovery/origins.js"; export const PRODUCTIVITY_REVIEW_ORIGIN_KIND = RECOVERY_ORIGIN_KINDS.issueProductivityReview; @@ -687,6 +691,7 @@ export function productivityReviewService(db: Db, deps?: { enqueueWakeup?: Enque goalId: evidence.sourceIssue.goalId, billingCode: evidence.sourceIssue.billingCode, assigneeAgentId: ownerAgentId, + assigneeAdapterOverrides: recoveryAssigneeAdapterOverrides(), originKind: PRODUCTIVITY_REVIEW_ORIGIN_KIND, originId: evidence.sourceIssue.id, originFingerprint: productivityReviewFingerprint(evidence.sourceIssue.id), @@ -732,21 +737,21 @@ export function productivityReviewService(db: Db, deps?: { enqueueWakeup?: Enque source: "assignment", triggerDetail: "system", reason: "issue_assigned", - payload: { + payload: withRecoveryModelProfileHint({ issueId: review.id, sourceIssueId: evidence.sourceIssue.id, trigger: evidence.trigger, - }, + }), requestedByActorType: "system", requestedByActorId: "productivity_review", - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: review.id, taskId: review.id, wakeReason: "issue_assigned", source: PRODUCTIVITY_REVIEW_ORIGIN_KIND, sourceIssueId: evidence.sourceIssue.id, productivityReviewTrigger: evidence.trigger, - }, + }), }); } diff --git a/server/src/services/projects.ts b/server/src/services/projects.ts index 2bcf7aff..4d568c68 100644 --- a/server/src/services/projects.ts +++ b/server/src/services/projects.ts @@ -1,6 +1,14 @@ import { and, asc, desc, eq, inArray } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; -import { projects, projectGoals, goals, projectWorkspaces, workspaceRuntimeServices } from "@paperclipai/db"; +import { + projects, + projectGoals, + goals, + pluginManagedResources, + plugins, + projectWorkspaces, + workspaceRuntimeServices, +} from "@paperclipai/db"; import { PROJECT_COLORS, deriveProjectUrlKey, @@ -10,9 +18,12 @@ import { type ProjectCodebase, type ProjectExecutionWorkspacePolicy, type ProjectGoalRef, + type ProjectManagedByPlugin, type ProjectWorkspaceRuntimeConfig, type ProjectWorkspace, type WorkspaceRuntimeService, + type PluginManagedProjectDeclaration, + type PluginManagedProjectResolution, } from "@paperclipai/shared"; import { listCurrentRuntimeServicesForProjectWorkspaces } from "./workspace-runtime-read-model.js"; import { parseProjectExecutionWorkspacePolicy } from "./execution-workspace-policy.js"; @@ -50,6 +61,7 @@ interface ProjectWithGoals extends Omit codebase: ProjectCodebase; workspaces: ProjectWorkspace[]; primaryWorkspace: ProjectWorkspace | null; + managedByPlugin: ProjectManagedByPlugin | null; } interface ProjectShortnameRow { @@ -245,6 +257,40 @@ async function attachWorkspaces(db: Db, rows: ProjectWithGoals[]): Promise(); + for (const row of managedRows) { + managedByProjectId.set(row.resourceId, { + id: row.id, + pluginId: row.pluginId, + pluginKey: row.pluginKey, + pluginDisplayName: row.manifestJson.displayName ?? row.pluginKey, + resourceKind: "project", + resourceKey: row.resourceKey, + defaultsJson: row.defaultsJson, + createdAt: row.createdAt, + updatedAt: row.updatedAt, + }); + } + return rows.map((row) => { const projectWorkspaceRows = map.get(row.id) ?? []; const workspaces = projectWorkspaceRows.map((workspace) => @@ -264,6 +310,7 @@ async function attachWorkspaces(db: Db, rows: ProjectWithGoals[]): Promise & { goalIds?: string[] }, + ): Promise => { + const { goalIds: inputGoalIds, ...projectData } = data; + const ids = resolveGoalIds({ goalIds: inputGoalIds, goalId: projectData.goalId }); + + // Auto-assign a color from the palette if none provided + if (!projectData.color) { + const existing = await db.select({ color: projects.color }).from(projects).where(eq(projects.companyId, companyId)); + const usedColors = new Set(existing.map((r) => r.color).filter(Boolean)); + const nextColor = PROJECT_COLORS.find((c) => !usedColors.has(c)) ?? PROJECT_COLORS[existing.length % PROJECT_COLORS.length]; + projectData.color = nextColor; + } + + const existingProjects = await db + .select({ id: projects.id, name: projects.name }) + .from(projects) + .where(eq(projects.companyId, companyId)); + projectData.name = resolveProjectNameForUniqueShortname(projectData.name, existingProjects); + + // Also write goalId to the legacy column (first goal or null) + const legacyGoalId = ids && ids.length > 0 ? ids[0] : projectData.goalId ?? null; + + const row = await db + .insert(projects) + .values({ ...projectData, goalId: legacyGoalId, companyId }) + .returning() + .then((rows) => rows[0]); + + if (ids && ids.length > 0) { + await syncGoalLinks(db, row.id, companyId, ids); + } + + const [withGoals] = await attachGoals(db, [row]); + const [enriched] = withGoals ? await attachWorkspaces(db, [withGoals]) : []; + return enriched!; + }; + + const getProjectById = async (id: string): Promise => { + const row = await db + .select() + .from(projects) + .where(eq(projects.id, id)) + .then((rows) => rows[0] ?? null); + if (!row) return null; + const [withGoals] = await attachGoals(db, [row]); + if (!withGoals) return null; + const [enriched] = await attachWorkspaces(db, [withGoals]); + return enriched ?? null; + }; + return { list: async (companyId: string): Promise => { const rows = await db.select().from(projects).where(eq(projects.companyId, companyId)); @@ -418,58 +528,170 @@ export function projectService(db: Db) { return dedupedIds.map((id) => byId.get(id)).filter((project): project is ProjectWithGoals => Boolean(project)); }, - getById: async (id: string): Promise => { - const row = await db - .select() - .from(projects) - .where(eq(projects.id, id)) + getById: getProjectById, + + resolveManagedProject: async (input: { + companyId: string; + pluginId: string; + pluginKey: string; + projectKey: string; + reset?: boolean; + createIfMissing?: boolean; + }): Promise => { + const plugin = await db + .select({ id: plugins.id, pluginKey: plugins.pluginKey, manifestJson: plugins.manifestJson }) + .from(plugins) + .where(eq(plugins.id, input.pluginId)) .then((rows) => rows[0] ?? null); - if (!row) return null; - const [withGoals] = await attachGoals(db, [row]); - if (!withGoals) return null; - const [enriched] = await attachWorkspaces(db, [withGoals]); - return enriched ?? null; - }, - - create: async ( - companyId: string, - data: Omit & { goalIds?: string[] }, - ): Promise => { - const { goalIds: inputGoalIds, ...projectData } = data; - const ids = resolveGoalIds({ goalIds: inputGoalIds, goalId: projectData.goalId }); - - // Auto-assign a color from the palette if none provided - if (!projectData.color) { - const existing = await db.select({ color: projects.color }).from(projects).where(eq(projects.companyId, companyId)); - const usedColors = new Set(existing.map((r) => r.color).filter(Boolean)); - const nextColor = PROJECT_COLORS.find((c) => !usedColors.has(c)) ?? PROJECT_COLORS[existing.length % PROJECT_COLORS.length]; - projectData.color = nextColor; + if (!plugin || plugin.pluginKey !== input.pluginKey) { + return { + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + companyId: input.companyId, + projectId: null, + project: null, + status: "missing", + }; } - const existingProjects = await db - .select({ id: projects.id, name: projects.name }) - .from(projects) - .where(eq(projects.companyId, companyId)); - projectData.name = resolveProjectNameForUniqueShortname(projectData.name, existingProjects); - - // Also write goalId to the legacy column (first goal or null) - const legacyGoalId = ids && ids.length > 0 ? ids[0] : projectData.goalId ?? null; - - const row = await db - .insert(projects) - .values({ ...projectData, goalId: legacyGoalId, companyId }) - .returning() - .then((rows) => rows[0]); - - if (ids && ids.length > 0) { - await syncGoalLinks(db, row.id, companyId, ids); + const declaration = plugin.manifestJson.projects?.find((project) => project.projectKey === input.projectKey); + if (!declaration) { + return { + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + companyId: input.companyId, + projectId: null, + project: null, + status: "missing", + }; } - const [withGoals] = await attachGoals(db, [row]); - const [enriched] = withGoals ? await attachWorkspaces(db, [withGoals]) : []; - return enriched!; + const defaults = buildManagedProjectDefaults(declaration); + const existingBinding = await db + .select() + .from(pluginManagedResources) + .where(and( + eq(pluginManagedResources.companyId, input.companyId), + eq(pluginManagedResources.pluginId, input.pluginId), + eq(pluginManagedResources.resourceKind, "project"), + eq(pluginManagedResources.resourceKey, input.projectKey), + )) + .then((rows) => rows[0] ?? null); + + if (existingBinding) { + const existingProject = await db + .select({ id: projects.id }) + .from(projects) + .where(and(eq(projects.companyId, input.companyId), eq(projects.id, existingBinding.resourceId))) + .then((rows) => rows[0] ?? null); + if (existingProject) { + if (input.reset) { + await db + .update(projects) + .set({ + name: declaration.displayName, + description: declaration.description ?? null, + status: declaration.status ?? "in_progress", + color: declaration.color ?? null, + updatedAt: new Date(), + }) + .where(and(eq(projects.companyId, input.companyId), eq(projects.id, existingBinding.resourceId))); + } + if (input.createIfMissing !== false) { + await db + .update(pluginManagedResources) + .set({ defaultsJson: defaults, updatedAt: new Date() }) + .where(eq(pluginManagedResources.id, existingBinding.id)); + } + const project = await getProjectById(existingBinding.resourceId); + return { + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + companyId: input.companyId, + projectId: project?.id ?? existingBinding.resourceId, + project: project as import("@paperclipai/shared").Project | null, + status: input.reset ? "reset" : "resolved", + }; + } + + if (input.createIfMissing === false) { + return { + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + companyId: input.companyId, + projectId: null, + project: null, + status: "missing", + }; + } + + const project = await createProject(input.companyId, { + name: declaration.displayName, + description: declaration.description ?? null, + status: declaration.status ?? "in_progress", + color: declaration.color ?? undefined, + }); + await db + .update(pluginManagedResources) + .set({ resourceId: project.id, defaultsJson: defaults, updatedAt: new Date() }) + .where(eq(pluginManagedResources.id, existingBinding.id)); + const hydrated = await getProjectById(project.id); + return { + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + companyId: input.companyId, + projectId: hydrated?.id ?? project.id, + project: hydrated as import("@paperclipai/shared").Project | null, + status: "relinked", + }; + } + + if (input.createIfMissing === false) { + return { + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + companyId: input.companyId, + projectId: null, + project: null, + status: "missing", + }; + } + + const project = await createProject(input.companyId, { + name: declaration.displayName, + description: declaration.description ?? null, + status: declaration.status ?? "in_progress", + color: declaration.color ?? undefined, + }); + await db.insert(pluginManagedResources).values({ + companyId: input.companyId, + pluginId: input.pluginId, + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + resourceId: project.id, + defaultsJson: defaults, + }); + const hydrated = await getProjectById(project.id); + return { + pluginKey: input.pluginKey, + resourceKind: "project", + resourceKey: input.projectKey, + companyId: input.companyId, + projectId: hydrated?.id ?? project.id, + project: hydrated as import("@paperclipai/shared").Project | null, + status: "created", + }; }, + create: createProject, + update: async ( id: string, data: Partial & { goalIds?: string[] }, diff --git a/server/src/services/recovery/index.ts b/server/src/services/recovery/index.ts index 6844a238..3262b9e7 100644 --- a/server/src/services/recovery/index.ts +++ b/server/src/services/recovery/index.ts @@ -42,3 +42,23 @@ export { export type { RunContinuationDecision, } from "./run-liveness-continuations.js"; +export { + DEFAULT_MAX_SUCCESSFUL_RUN_HANDOFF_ATTEMPTS, + FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + LEGACY_SUCCESSFUL_RUN_HANDOFF_NOTICE_PREFIXES, + SUCCESSFUL_RUN_HANDOFF_EXHAUSTED_NOTICE_BODY, + SUCCESSFUL_RUN_HANDOFF_OPTIONS, + SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY, + SUCCESSFUL_RUN_MISSING_STATE_REASON, + buildFinishSuccessfulRunHandoffIdempotencyKey, + buildSuccessfulRunHandoffExhaustedNotice, + buildSuccessfulRunHandoffInstruction, + buildSuccessfulRunHandoffRequiredNotice, + decideSuccessfulRunHandoff, + findExistingFinishSuccessfulRunHandoffWake, + isSuccessfulRunHandoffRequiredNoticeBody, +} from "./successful-run-handoff.js"; +export type { + SuccessfulRunHandoffNotice, + SuccessfulRunHandoffDecision, +} from "./successful-run-handoff.js"; diff --git a/server/src/services/recovery/issue-graph-liveness.ts b/server/src/services/recovery/issue-graph-liveness.ts index 68c64183..090480dc 100644 --- a/server/src/services/recovery/issue-graph-liveness.ts +++ b/server/src/services/recovery/issue-graph-liveness.ts @@ -4,6 +4,7 @@ export type IssueLivenessSeverity = "warning" | "critical"; export type IssueLivenessState = | "blocked_by_unassigned_issue" + | "blocked_by_assigned_backlog_issue" | "blocked_by_uninvokable_assignee" | "blocked_by_cancelled_issue" | "invalid_review_participant" @@ -22,7 +23,10 @@ export interface IssueLivenessIssueInput { assigneeUserId?: string | null; createdByAgentId?: string | null; createdByUserId?: string | null; + executionPolicy?: Record | null; executionState?: Record | null; + monitorNextCheckAt?: Date | string | null; + monitorAttemptCount?: number | null; } export interface IssueLivenessRelationInput { @@ -99,6 +103,7 @@ export interface IssueGraphLivenessInput { pendingInteractions?: IssueLivenessWaitingPathInput[]; pendingApprovals?: IssueLivenessWaitingPathInput[]; openRecoveryIssues?: IssueLivenessWaitingPathInput[]; + now?: Date | string; } const INVOKABLE_AGENT_STATUSES = new Set(["active", "idle", "running", "error"]); @@ -140,6 +145,45 @@ function hasWaitingPath( return waitingPaths.some((entry) => entry.companyId === companyId && entry.issueId === issueId); } +function readRecord(value: unknown): Record | null { + return value && typeof value === "object" && !Array.isArray(value) + ? value as Record + : null; +} + +function readPositiveInteger(value: unknown): number | null { + return typeof value === "number" && Number.isInteger(value) && value > 0 ? value : null; +} + +function readDateMs(value: unknown): number | null { + if (!(typeof value === "string" || value instanceof Date)) return null; + const date = value instanceof Date ? value : new Date(value); + const time = date.getTime(); + return Number.isNaN(time) ? null : time; +} + +function monitorFromIssue(issue: IssueLivenessIssueInput) { + const policyMonitor = readRecord(readRecord(issue.executionPolicy)?.monitor); + const stateMonitor = readRecord(readRecord(issue.executionState)?.monitor); + return { policyMonitor, stateMonitor }; +} + +function hasScheduledMonitor(issue: IssueLivenessIssueInput, nowMs: number) { + const nextCheckAtMs = readDateMs(issue.monitorNextCheckAt); + if (nextCheckAtMs === null || nextCheckAtMs <= nowMs) return false; + + const { policyMonitor, stateMonitor } = monitorFromIssue(issue); + const timeoutAtMs = readDateMs(policyMonitor?.timeoutAt ?? stateMonitor?.timeoutAt); + if (timeoutAtMs !== null && timeoutAtMs <= nowMs) return false; + + const maxAttempts = readPositiveInteger(policyMonitor?.maxAttempts ?? stateMonitor?.maxAttempts); + const stateAttemptCount = readPositiveInteger(stateMonitor?.attemptCount) ?? 0; + const attemptCount = issue.monitorAttemptCount ?? stateAttemptCount; + if (maxAttempts !== null && attemptCount >= maxAttempts) return false; + + return true; +} + function readPrincipalAgentId(principal: unknown): string | null { if (!principal || typeof principal !== "object") return null; const value = principal as Record; @@ -308,6 +352,7 @@ function finding(input: { } export function classifyIssueGraphLiveness(input: IssueGraphLivenessInput): IssueLivenessFinding[] { + const nowMs = readDateMs(input.now ?? new Date()) ?? Date.now(); const issuesById = new Map(input.issues.map((issue) => [issue.id, issue])); const agentsById = new Map(input.agents.map((agent) => [agent.id, agent])); const blockersByBlockedIssueId = new Map(); @@ -351,6 +396,7 @@ export function classifyIssueGraphLiveness(input: IssueGraphLivenessInput): Issu function hasExplicitWaitingPath(issue: IssueLivenessIssueInput) { return Boolean(issue.assigneeUserId) || + hasScheduledMonitor(issue, nowMs) || hasActiveExecutionPath(issue.companyId, issue.id, activeRuns, queuedWakeRequests) || hasWaitingPath(issue.companyId, issue.id, pendingInteractions) || hasWaitingPath(issue.companyId, issue.id, pendingApprovals) || @@ -453,6 +499,21 @@ export function classifyIssueGraphLiveness(input: IssueGraphLivenessInput): Issu return reviewFinding(source, blocker, dependencyPath); } + if (blocker.status === "backlog" && blocker.assigneeAgentId) { + return finding({ + issue: source, + state: "blocked_by_assigned_backlog_issue", + reason: `${issueLabel(source)} is blocked by assigned backlog issue ${issueLabel(blocker)} with no wake, active run, human owner, interaction, approval, monitor, or recovery issue owning the next action.`, + dependencyPath, + recoveryIssue: blocker, + recommendedOwnerCandidateAgentIds: ownerCandidates.map((candidate) => candidate.agentId), + recommendedOwnerCandidates: ownerCandidates, + recommendedAction: + `Review ${issueLabel(blocker)} and either move it to todo so the assignee wakes, assign a human owner or interaction if it is intentionally parked, or remove it from ${issueLabel(source)}'s blockers if it is no longer required.`, + blockerIssueId: blocker.id, + }); + } + if (!blocker.assigneeAgentId && !blocker.assigneeUserId) { return finding({ issue: source, diff --git a/server/src/services/recovery/model-profile-hint.ts b/server/src/services/recovery/model-profile-hint.ts new file mode 100644 index 00000000..51e75e44 --- /dev/null +++ b/server/src/services/recovery/model-profile-hint.ts @@ -0,0 +1,14 @@ +export const RECOVERY_MODEL_PROFILE_KEY = "cheap" as const; + +export function withRecoveryModelProfileHint>( + input: T, +): T & { modelProfile: typeof RECOVERY_MODEL_PROFILE_KEY } { + return { + ...input, + modelProfile: RECOVERY_MODEL_PROFILE_KEY, + }; +} + +export function recoveryAssigneeAdapterOverrides() { + return { modelProfile: RECOVERY_MODEL_PROFILE_KEY }; +} diff --git a/server/src/services/recovery/run-liveness-continuations.ts b/server/src/services/recovery/run-liveness-continuations.ts index b23625c1..ecc93e0b 100644 --- a/server/src/services/recovery/run-liveness-continuations.ts +++ b/server/src/services/recovery/run-liveness-continuations.ts @@ -2,6 +2,7 @@ import { and, eq, inArray } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; import { agentWakeupRequests, agents, heartbeatRuns, issues } from "@paperclipai/db"; import type { RunLivenessState } from "@paperclipai/shared"; +import { withRecoveryModelProfileHint } from "./model-profile-hint.js"; import { RECOVERY_REASON_KINDS } from "./origins.js"; export const RUN_LIVENESS_CONTINUATION_REASON = RECOVERY_REASON_KINDS.runLivenessContinuation; @@ -155,7 +156,7 @@ export function decideRunLivenessContinuation(input: { return { kind: "skip", reason: "continuation wake already exists for this source run and attempt" }; } - const payload = { + const payload = withRecoveryModelProfileHint({ issueId: issue.id, sourceRunId: run.id, livenessState, @@ -165,14 +166,14 @@ export function decideRunLivenessContinuation(input: { instruction: nextAction ?? "The previous run ended without concrete progress. Take the first concrete action now or mark the issue blocked with a specific unblock request.", - }; + }); return { kind: "enqueue", nextAttempt, idempotencyKey, payload, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: issue.id, taskId: issue.id, taskKey: issue.id, @@ -183,6 +184,6 @@ export function decideRunLivenessContinuation(input: { livenessContinuationState: livenessState, livenessContinuationReason: livenessReason, livenessContinuationInstruction: payload.instruction, - }, + }), }; } diff --git a/server/src/services/recovery/service.ts b/server/src/services/recovery/service.ts index 87192d7a..d69e57dc 100644 --- a/server/src/services/recovery/service.ts +++ b/server/src/services/recovery/service.ts @@ -32,6 +32,13 @@ import { instanceSettingsService } from "../instance-settings.js"; import { issueTreeControlService } from "../issue-tree-control.js"; import { issueService } from "../issues.js"; import { getRunLogStore } from "../run-log-store.js"; +import { + DEFAULT_MAX_SUCCESSFUL_RUN_HANDOFF_ATTEMPTS, + FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + SUCCESSFUL_RUN_MISSING_STATE_REASON, + buildSuccessfulRunHandoffExhaustedNotice, + type SuccessfulRunHandoffNotice, +} from "./successful-run-handoff.js"; import { RECOVERY_ORIGIN_KINDS, buildIssueGraphLivenessLeafKey, @@ -42,6 +49,10 @@ import { classifyIssueGraphLiveness, type IssueLivenessFinding, } from "./issue-graph-liveness.js"; +import { + recoveryAssigneeAdapterOverrides, + withRecoveryModelProfileHint, +} from "./model-profile-hint.js"; import { isAutomaticRecoverySuppressedByPauseHold } from "./pause-hold-guard.js"; const EXECUTION_PATH_HEARTBEAT_RUN_STATUSES = ["queued", "running", "scheduled_retry"] as const; @@ -76,6 +87,16 @@ type LatestIssueRun = Pick< > | null; type SuccessfulLatestIssueRun = NonNullable & { status: "succeeded" }; +type StrandedRecoveryCause = "stranded_assigned_issue" | typeof SUCCESSFUL_RUN_MISSING_STATE_REASON; + +type SuccessfulRunHandoffRecoveryEvidence = { + sourceRunId: string | null; + correctiveRunId: string; + missingDisposition: string; + handoffAttempt: number; + maxHandoffAttempts: number; +}; + type WatchdogDecisionActor = | { type: "board"; userId?: string | null; runId?: string | null } | { type: "agent"; agentId?: string | null; runId?: string | null } @@ -123,6 +144,39 @@ function didAutomaticRecoveryFail( ); } +function successfulRunHandoffRecoveryEvidence(latestRun: LatestIssueRun): SuccessfulRunHandoffRecoveryEvidence | null { + if (!latestRun) return null; + + const context = parseObject(latestRun.contextSnapshot); + const wakeReason = readNonEmptyString(context.wakeReason); + const handoffReason = readNonEmptyString(context.handoffReason); + const isSuccessfulRunHandoff = + wakeReason === FINISH_SUCCESSFUL_RUN_HANDOFF_REASON || + handoffReason === SUCCESSFUL_RUN_MISSING_STATE_REASON || + asBoolean(context.handoffRequired, false) === true; + if (!isSuccessfulRunHandoff) return null; + + const handoffAttempt = asNumber(context.handoffAttempt, 1); + const maxHandoffAttempts = asNumber( + context.maxHandoffAttempts, + DEFAULT_MAX_SUCCESSFUL_RUN_HANDOFF_ATTEMPTS, + ); + return { + sourceRunId: readNonEmptyString(context.sourceRunId) ?? readNonEmptyString(context.resumeFromRunId), + correctiveRunId: latestRun.id, + missingDisposition: readNonEmptyString(context.missingDisposition) ?? "clear_next_step", + handoffAttempt, + maxHandoffAttempts, + }; +} + +function isExhaustedSuccessfulRunHandoff(latestRun: LatestIssueRun) { + const evidence = successfulRunHandoffRecoveryEvidence(latestRun); + if (!evidence) return null; + if (evidence.handoffAttempt < evidence.maxHandoffAttempts) return { ...evidence, exhausted: false }; + return { ...evidence, exhausted: true }; +} + function issueIdFromRunContext(contextSnapshot: unknown) { const context = parseObject(contextSnapshot); return readNonEmptyString(context.issueId) ?? readNonEmptyString(context.taskId); @@ -145,6 +199,11 @@ function runUiLink(run: { id: string; agentId: string }, prefix: string) { return `[${run.id}](/${prefix}/agents/${run.agentId}/runs/${run.id})`; } +function agentUiLink(agent: { id: string; name: string | null } | null, prefix: string) { + if (!agent) return "unknown"; + return `[${agent.name ?? agent.id}](/${prefix}/agents/${agent.id})`; +} + function formatDuration(ms: number | null) { if (ms === null) return "unknown"; const minutes = Math.floor(ms / 60_000); @@ -172,6 +231,36 @@ function formatIssueLinksForComment(relations: Array<{ identifier?: string | nul .join(", "); } +function unwrapDatabaseConflictError(error: unknown) { + if (!error || typeof error !== "object") return null; + + const candidate = error as { + code?: string; + constraint?: string; + constraint_name?: string; + message?: string; + cause?: unknown; + }; + + if ( + typeof candidate.code === "string" || + typeof candidate.constraint === "string" || + typeof candidate.constraint_name === "string" + ) { + return candidate; + } + + const cause = candidate.cause; + if (!cause || typeof cause !== "object") return candidate; + + return cause as { + code?: string; + constraint?: string; + constraint_name?: string; + message?: string; + }; +} + function isAgentInvokable(agent: typeof agents.$inferSelect | null | undefined) { return Boolean(agent && !["paused", "terminated", "pending_approval"].includes(agent.status)); } @@ -391,20 +480,20 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) source: "automation", triggerDetail: "system", reason: input.reason, - payload: { + payload: withRecoveryModelProfileHint({ issueId: input.issueId, ...(input.retryOfRunId ? { retryOfRunId: input.retryOfRunId } : {}), - }, + }), requestedByActorType: "system", requestedByActorId: null, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: input.issueId, taskId: input.issueId, wakeReason: input.reason, retryReason: input.retryReason, source: input.source, ...(input.retryOfRunId ? { retryOfRunId: input.retryOfRunId } : {}), - }, + }), }); if (queued && input.retryOfRunId) { @@ -427,18 +516,18 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) source: "assignment", triggerDetail: "system", reason: "issue_assigned", - payload: { + payload: withRecoveryModelProfileHint({ issueId: issue.id, mutation: "assigned_todo_liveness_dispatch", - }, + }), requestedByActorType: "system", requestedByActorId: null, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: issue.id, taskId: issue.id, wakeReason: "issue_assigned", source: "issue.assigned_todo_liveness_dispatch", - }, + }), }); } @@ -542,18 +631,18 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) source: "automation", triggerDetail: "system", reason: "issue_assigned", - payload: { + payload: withRecoveryModelProfileHint({ issueId: candidate.id, mutation: "unassigned_blocker_recovery", - }, + }), requestedByActorType: "system", requestedByActorId: null, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: candidate.id, taskId: candidate.id, wakeReason: "issue_assigned", source: "issue.unassigned_blocker_recovery", - }, + }), }); if (queued) { @@ -869,21 +958,23 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) } function isUniqueStaleRunEvaluationConflict(error: unknown) { - if (!error || typeof error !== "object") return false; - const maybe = error as { code?: string; constraint?: string; message?: string }; + const maybe = unwrapDatabaseConflictError(error); + if (!maybe) return false; return maybe.code === "23505" && ( maybe.constraint === "issues_active_stale_run_evaluation_uq" || + maybe.constraint_name === "issues_active_stale_run_evaluation_uq" || typeof maybe.message === "string" && maybe.message.includes("issues_active_stale_run_evaluation_uq") ); } function isUniqueStrandedIssueRecoveryConflict(error: unknown) { - if (!error || typeof error !== "object") return false; - const maybe = error as { code?: string; constraint?: string; message?: string }; + const maybe = unwrapDatabaseConflictError(error); + if (!maybe) return false; return maybe.code === "23505" && ( maybe.constraint === "issues_active_stranded_issue_recovery_uq" || + maybe.constraint_name === "issues_active_stranded_issue_recovery_uq" || typeof maybe.message === "string" && maybe.message.includes("issues_active_stranded_issue_recovery_uq") ); } @@ -995,6 +1086,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) goalId: sourceIssue?.goalId ?? null, billingCode: sourceIssue?.billingCode ?? null, assigneeAgentId: ownerAgentId, + assigneeAdapterOverrides: recoveryAssigneeAdapterOverrides(), originKind: STALE_ACTIVE_RUN_EVALUATION_ORIGIN_KIND, originId: input.run.id, originRunId: input.run.id, @@ -1036,21 +1128,21 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) source: "assignment", triggerDetail: "system", reason: "issue_assigned", - payload: { + payload: withRecoveryModelProfileHint({ issueId: evaluation.id, staleRunId: input.run.id, sourceIssueId: sourceIssue?.id ?? null, - }, + }), requestedByActorType: "system", requestedByActorId: null, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: evaluation.id, taskId: evaluation.id, wakeReason: "issue_assigned", source: STALE_ACTIVE_RUN_EVALUATION_ORIGIN_KIND, staleRunId: input.run.id, sourceIssueId: sourceIssue?.id ?? null, - }, + }), }); } return { kind: "created" as const, evaluationIssueId: evaluation.id }; @@ -1253,6 +1345,33 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) .then((rows) => rows[0] ?? null); } + function isStrandedIssueRecoveryIssue(issue: typeof issues.$inferSelect) { + return issue.originKind === STRANDED_ISSUE_RECOVERY_ORIGIN_KIND; + } + + async function buildNestedStrandedRecoveryLine(issue: typeof issues.$inferSelect, prefix: string) { + const sourceIssueId = readNonEmptyString(issue.originId); + const sourceIssue = sourceIssueId + ? await db + .select({ id: issues.id, identifier: issues.identifier }) + .from(issues) + .where(and(eq(issues.companyId, issue.companyId), eq(issues.id, sourceIssueId))) + .then((rows) => rows[0] ?? null) + : null; + const sourceLine = sourceIssue + ? `- Original source issue: ${issueUiLink(sourceIssue, prefix)}` + : sourceIssueId + ? `- Original source issue: \`${sourceIssueId}\`` + : "- Original source issue: unknown"; + + return [ + "", + "- Nested recovery: suppressed because this issue is already a `stranded_issue_recovery` issue.", + sourceLine, + "- Next action: the assigned recovery owner or board operator should fix the runtime/adapter problem, resolve or reassign the original source issue, then mark this recovery issue done or cancelled.", + ].join("\n"); + } + async function resolveStrandedIssueRecoveryOwnerAgentId(issue: typeof issues.$inferSelect) { const candidateIds: string[] = []; if (issue.assigneeAgentId) { @@ -1294,11 +1413,45 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) latestRun: LatestIssueRun; previousStatus: "todo" | "in_progress"; prefix: string; + recoveryCause?: StrandedRecoveryCause; + successfulRunHandoffEvidence?: SuccessfulRunHandoffRecoveryEvidence | null; + sourceAssignee?: Pick | null; }) { const sourceIssue = issueUiLink({ identifier: input.issue.identifier, id: input.issue.id }, input.prefix); const runLink = input.latestRun ? `[\`${input.latestRun.id}\`](/${input.prefix}/agents/${input.latestRun.agentId}/runs/${input.latestRun.id})` : "none"; + if (input.recoveryCause === SUCCESSFUL_RUN_MISSING_STATE_REASON) { + const sourceRunId = input.successfulRunHandoffEvidence?.sourceRunId; + const sourceRunLink = sourceRunId && input.latestRun + ? `[\`${sourceRunId}\`](/${input.prefix}/agents/${input.latestRun.agentId}/runs/${sourceRunId})` + : "unknown"; + const missingDisposition = input.successfulRunHandoffEvidence?.missingDisposition ?? "clear_next_step"; + return [ + "Paperclip exhausted the bounded corrective handoff for a successful run that still has no valid issue disposition.", + "", + "This is not a runtime/adapter crash report. The source run succeeded; the remaining problem is the missing `done`, `in_review`, `blocked`, delegated follow-up, or explicit continuation path.", + "", + "## Safe Evidence", + "", + `- Source issue: ${sourceIssue}`, + `- Source run: ${sourceRunLink}`, + `- Corrective handoff run: ${runLink}`, + `- Source assignee: ${agentUiLink(input.sourceAssignee ?? null, input.prefix)}`, + `- Latest issue status: \`${input.issue.status}\``, + `- Latest handoff run status: \`${input.latestRun?.status ?? "unknown"}\``, + `- Normalized cause: \`${SUCCESSFUL_RUN_MISSING_STATE_REASON}\``, + `- Missing disposition: \`${missingDisposition}\``, + "- Suggested manager action: choose and record a valid issue disposition without copying transcript content.", + "", + "## Required Action", + "", + "- Inspect the source issue and run metadata, not raw transcript excerpts.", + "- Choose a valid issue disposition: `done`/`cancelled`, `in_review` with an owner, `blocked` with first-class blockers, delegated follow-up work, or an explicit continuation path.", + "- When the source issue has a clear owner and disposition, mark this recovery issue done.", + ].join("\n"); + } + const retryReason = readNonEmptyString(parseObject(input.latestRun?.contextSnapshot)?.retryReason) ?? "unknown"; const failureSummary = summarizeRunFailureForIssueComment(input.latestRun); @@ -1331,6 +1484,8 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) issue: typeof issues.$inferSelect; latestRun: LatestIssueRun; previousStatus: "todo" | "in_progress"; + recoveryCause?: StrandedRecoveryCause; + successfulRunHandoffEvidence?: SuccessfulRunHandoffRecoveryEvidence | null; }) { if (isStrandedIssueRecoveryIssue(input.issue)) return null; @@ -1341,15 +1496,22 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) if (!ownerAgentId) return null; const prefix = await getCompanyIssuePrefix(input.issue.companyId); + const sourceAssignee = input.issue.assigneeAgentId ? await getAgent(input.issue.assigneeAgentId) : null; + const recoveryCause = input.recoveryCause ?? "stranded_assigned_issue"; let recovery: Awaited>; try { recovery = await issuesSvc.create(input.issue.companyId, { - title: `Recover stalled issue ${input.issue.identifier ?? input.issue.title}`, + title: recoveryCause === SUCCESSFUL_RUN_MISSING_STATE_REASON + ? `Recover missing next step ${input.issue.identifier ?? input.issue.title}` + : `Recover stalled issue ${input.issue.identifier ?? input.issue.title}`, description: buildStrandedIssueRecoveryDescription({ issue: input.issue, latestRun: input.latestRun, previousStatus: input.previousStatus, prefix, + recoveryCause, + successfulRunHandoffEvidence: input.successfulRunHandoffEvidence, + sourceAssignee, }), status: "todo", priority: input.issue.priority, @@ -1357,6 +1519,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) projectId: input.issue.projectId, goalId: input.issue.goalId, assigneeAgentId: ownerAgentId, + assigneeAdapterOverrides: recoveryAssigneeAdapterOverrides(), originKind: STRANDED_ISSUE_RECOVERY_ORIGIN_KIND, originId: input.issue.id, originRunId: input.latestRun?.id ?? null, @@ -1364,6 +1527,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) STRANDED_ISSUE_RECOVERY_ORIGIN_KIND, input.issue.companyId, input.issue.id, + recoveryCause, input.latestRun?.id ?? "no-run", ].join(":"), billingCode: input.issue.billingCode, @@ -1380,21 +1544,23 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) source: "assignment", triggerDetail: "system", reason: "issue_assigned", - payload: { + payload: withRecoveryModelProfileHint({ issueId: recovery.id, sourceIssueId: input.issue.id, strandedRunId: input.latestRun?.id ?? null, - }, + recoveryCause, + }), requestedByActorType: "system", requestedByActorId: null, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: recovery.id, taskId: recovery.id, wakeReason: "issue_assigned", source: STRANDED_ISSUE_RECOVERY_ORIGIN_KIND, sourceIssueId: input.issue.id, strandedRunId: input.latestRun?.id ?? null, - }, + recoveryCause, + }), }); return recovery; @@ -1512,21 +1678,21 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) issue: typeof issues.$inferSelect; previousStatus: "todo" | "in_progress"; latestRun: LatestIssueRun; - comment: string; + comment?: string; + recoveryCause?: StrandedRecoveryCause; + successfulRunHandoffEvidence?: SuccessfulRunHandoffRecoveryEvidence | null; }) { - if (isStrandedIssueRecoveryIssue(input.issue)) { - return escalateStrandedRecoveryIssueInPlace({ + const nestedRecoverySuppressed = isStrandedIssueRecoveryIssue(input.issue); + let recoveryIssue: typeof issues.$inferSelect | null = null; + if (!nestedRecoverySuppressed) { + recoveryIssue = await ensureStrandedIssueRecoveryIssue({ issue: input.issue, previousStatus: input.previousStatus, latestRun: input.latestRun, + recoveryCause: input.recoveryCause, + successfulRunHandoffEvidence: input.successfulRunHandoffEvidence, }); } - - const recoveryIssue = await ensureStrandedIssueRecoveryIssue({ - issue: input.issue, - previousStatus: input.previousStatus, - latestRun: input.latestRun, - }); const blockerIds = await existingUnresolvedBlockerIssueIds(input.issue.companyId, input.issue.id); const nextBlockerIds = recoveryIssue ? [...new Set([...blockerIds, recoveryIssue.id])] @@ -1538,19 +1704,51 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) if (!updated) return null; const prefix = await getCompanyIssuePrefix(input.issue.companyId); - const recoveryLine = recoveryIssue - ? [ + const recoveryOwner = recoveryIssue?.assigneeAgentId ? await getAgent(recoveryIssue.assigneeAgentId) : null; + const sourceAssignee = input.issue.assigneeAgentId ? await getAgent(input.issue.assigneeAgentId) : null; + let notice: SuccessfulRunHandoffNotice | null = null; + if (input.recoveryCause === SUCCESSFUL_RUN_MISSING_STATE_REASON && input.successfulRunHandoffEvidence) { + notice = buildSuccessfulRunHandoffExhaustedNotice({ + issue: input.issue, + sourceRun: input.successfulRunHandoffEvidence.sourceRunId + ? { id: input.successfulRunHandoffEvidence.sourceRunId, status: "succeeded" } + : null, + correctiveRun: input.latestRun ? { id: input.latestRun.id, status: input.latestRun.status } : null, + sourceAssignee, + recoveryIssue, + recoveryOwner, + latestIssueStatus: input.issue.status, + latestHandoffRunStatus: input.latestRun?.status ?? "unknown", + missingDisposition: input.successfulRunHandoffEvidence.missingDisposition, + }); + } + let recoveryLine: string; + if (nestedRecoverySuppressed) { + recoveryLine = await buildNestedStrandedRecoveryLine(input.issue, prefix); + } else if (recoveryIssue) { + recoveryLine = [ "", `- Recovery issue: ${issueUiLink({ identifier: recoveryIssue.identifier, id: recoveryIssue.id }, prefix)}`, + `- Recovery owner: ${agentUiLink(recoveryOwner, prefix)}`, "- Next action: the recovery owner should either restore a live execution path or record the manual resolution, then mark the recovery issue done.", - ].join("\n") - : [ + ].join("\n"); + } else { + recoveryLine = [ "", "- Recovery issue: none created because Paperclip could not find an invokable manager, creator, or executive owner with budget available.", "- Next action: a board operator should assign an invokable recovery owner, fix the agent/runtime state, or record an intentional manual resolution.", ].join("\n"); + } - await issuesSvc.addComment(input.issue.id, `${input.comment}${recoveryLine}`, {}); + if (notice) { + await issuesSvc.addComment(input.issue.id, notice.body, {}, { + authorType: "system", + presentation: notice.presentation, + metadata: notice.metadata, + }); + } else { + await issuesSvc.addComment(input.issue.id, `${input.comment ?? ""}${recoveryLine}`, {}); + } await logActivity(db, { companyId: input.issue.companyId, @@ -1558,18 +1756,24 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) actorId: "system", agentId: null, runId: null, - action: "issue.updated", + action: input.recoveryCause === SUCCESSFUL_RUN_MISSING_STATE_REASON + ? "issue.successful_run_handoff_escalated" + : "issue.updated", entityType: "issue", entityId: input.issue.id, details: { identifier: input.issue.identifier, status: "blocked", previousStatus: input.previousStatus, - source: "recovery.reconcile_stranded_assigned_issue", + source: input.recoveryCause === SUCCESSFUL_RUN_MISSING_STATE_REASON + ? "recovery.reconcile_successful_run_handoff_missing_state" + : "recovery.reconcile_stranded_assigned_issue", + recoveryCause: input.recoveryCause ?? "stranded_assigned_issue", latestRunId: input.latestRun?.id ?? null, latestRunStatus: input.latestRun?.status ?? null, latestRunErrorCode: input.latestRun?.errorCode ?? null, recoveryIssueId: recoveryIssue?.id ?? null, + nestedRecoverySuppressed, blockerIssueIds: nextBlockerIds, }, }); @@ -1596,6 +1800,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) productiveContinuationObserved: 0, successfulContinuationObserved: 0, orphanBlockersAssigned: 0, + successfulRunHandoffEscalated: 0, escalated: 0, skipped: 0, issueIds: [] as string[], @@ -1713,6 +1918,28 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) result.skipped += 1; continue; } + const handoffEvidence = isExhaustedSuccessfulRunHandoff(latestRun); + if (handoffEvidence) { + if (!handoffEvidence.exhausted) { + result.skipped += 1; + continue; + } + + const updated = await escalateStrandedAssignedIssue({ + issue, + previousStatus: "in_progress", + latestRun, + recoveryCause: SUCCESSFUL_RUN_MISSING_STATE_REASON, + successfulRunHandoffEvidence: handoffEvidence, + }); + if (updated) { + result.successfulRunHandoffEscalated += 1; + result.issueIds.push(issue.id); + } else { + result.skipped += 1; + } + continue; + } if (isSuccessfulInProgressContinuationRun(latestRun)) { const successfulRun = latestRun; @@ -1836,7 +2063,10 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) assigneeUserId: issues.assigneeUserId, createdByAgentId: issues.createdByAgentId, createdByUserId: issues.createdByUserId, + executionPolicy: issues.executionPolicy, executionState: issues.executionState, + monitorNextCheckAt: issues.monitorNextCheckAt, + monitorAttemptCount: issues.monitorAttemptCount, }) .from(issues) .where( @@ -1920,19 +2150,41 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) companyId: issues.companyId, id: issues.id, status: issues.status, + originKind: issues.originKind, originId: issues.originId, }) .from(issues) .where( and( isNull(issues.hiddenAt), - eq(issues.originKind, STRANDED_ISSUE_RECOVERY_ORIGIN_KIND), + inArray(issues.originKind, [ + STRANDED_ISSUE_RECOVERY_ORIGIN_KIND, + RECOVERY_ORIGIN_KINDS.issueGraphLivenessEscalation, + ]), notInArray(issues.status, ["done", "cancelled"]), ), ), ]); const openRecoveryIssues = recoveryIssueRows.flatMap((row) => { + if (row.originKind === RECOVERY_ORIGIN_KINDS.issueGraphLivenessEscalation) { + const parsed = parseIssueGraphLivenessIncidentKey(row.originId); + if (!parsed || parsed.companyId !== row.companyId) return []; + if (parsed.state !== "blocked_by_assigned_backlog_issue") return []; + return [ + { + companyId: row.companyId, + issueId: parsed.issueId, + status: row.status, + }, + { + companyId: row.companyId, + issueId: parsed.leafIssueId, + status: row.status, + }, + ]; + } + const issueId = readNonEmptyString(row.originId); if (!issueId) return []; return [{ @@ -1966,6 +2218,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) pendingInteractions: interactionRows, pendingApprovals: approvalRows, openRecoveryIssues, + now: new Date(), }); } @@ -2389,6 +2642,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) projectId: recoveryIssue.projectId, goalId: recoveryIssue.goalId, assigneeAgentId: ownerSelection.agentId, + assigneeAdapterOverrides: recoveryAssigneeAdapterOverrides(), originKind: RECOVERY_ORIGIN_KINDS.issueGraphLivenessEscalation, originId: input.finding.incidentKey, originFingerprint: livenessRecoveryLeafFingerprint(input.finding), @@ -2469,15 +2723,15 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) source: "assignment", triggerDetail: "system", reason: "issue_assigned", - payload: { + payload: withRecoveryModelProfileHint({ issueId: escalation.id, sourceIssueId: issue.id, recoveryIssueId: recoveryIssue.id, incidentKey: input.finding.incidentKey, - }, + }), requestedByActorType: "system", requestedByActorId: null, - contextSnapshot: { + contextSnapshot: withRecoveryModelProfileHint({ issueId: escalation.id, taskId: escalation.id, wakeReason: "issue_assigned", @@ -2485,7 +2739,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) sourceIssueId: issue.id, recoveryIssueId: recoveryIssue.id, incidentKey: input.finding.incidentKey, - }, + }), }); logger.warn({ @@ -2575,6 +2829,7 @@ export function recoveryService(db: Db, deps: { enqueueWakeup: RecoveryWakeup }) return { buildRunOutputSilence, + escalateStrandedRecoveryIssueInPlace, escalateStrandedAssignedIssue, recordWatchdogDecision, scanSilentActiveRuns, diff --git a/server/src/services/recovery/successful-run-handoff.test.ts b/server/src/services/recovery/successful-run-handoff.test.ts new file mode 100644 index 00000000..727512f4 --- /dev/null +++ b/server/src/services/recovery/successful-run-handoff.test.ts @@ -0,0 +1,297 @@ +import { describe, expect, it } from "vitest"; +import { + FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + SUCCESSFUL_RUN_HANDOFF_EXHAUSTED_NOTICE_BODY, + SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY, + SUCCESSFUL_RUN_MISSING_STATE_REASON, + buildFinishSuccessfulRunHandoffIdempotencyKey, + buildSuccessfulRunHandoffExhaustedNotice, + buildSuccessfulRunHandoffRequiredNotice, + decideSuccessfulRunHandoff, + isIdempotentFinishSuccessfulRunHandoffWakeStatus, + isSuccessfulRunHandoffRequiredNoticeBody, +} from "./successful-run-handoff.js"; + +const run = { + id: "run-1", + companyId: "company-1", + agentId: "agent-1", + status: "succeeded", + contextSnapshot: { issueId: "issue-1" }, +} as any; + +const issue = { + id: "issue-1", + companyId: "company-1", + identifier: "PAP-1", + title: "Finish backend handoff", + status: "in_progress", + assigneeAgentId: "agent-1", + assigneeUserId: null, + executionState: null, +} as any; + +const agent = { + id: "agent-1", + companyId: "company-1", + status: "idle", +} as any; + +function decide(overrides: Partial[0]> = {}) { + return decideSuccessfulRunHandoff({ + run, + issue, + agent, + livenessState: "advanced", + detectedProgressSummary: "Run produced concrete action evidence: 1 issue comment(s)", + taskKey: "issue-1", + hasActiveExecutionPath: false, + hasQueuedWake: false, + hasPendingInteractionOrApproval: false, + hasExplicitBlockerPath: false, + hasOpenRecoveryIssue: false, + hasPauseHold: false, + budgetBlocked: false, + idempotentWakeExists: false, + ...overrides, + }); +} + +describe("successful run handoff decision", () => { + it("queues one corrective handoff wake for a successful progress run without a visible next action", () => { + const decision = decide(); + + expect(decision.kind).toBe("enqueue"); + if (decision.kind !== "enqueue") return; + expect(decision.idempotencyKey).toBe("finish_successful_run_handoff:issue-1:run-1:1"); + expect(decision.payload).toMatchObject({ + issueId: "issue-1", + sourceRunId: "run-1", + handoffRequired: true, + handoffReason: SUCCESSFUL_RUN_MISSING_STATE_REASON, + missingDisposition: "clear_next_step", + handoffAttempt: 1, + maxHandoffAttempts: 1, + resumeIntent: true, + resumeFromRunId: "run-1", + modelProfile: "cheap", + }); + expect(decision.contextSnapshot).toMatchObject({ + wakeReason: FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + handoffRequired: true, + modelProfile: "cheap", + }); + expect(decision.instruction).toContain("Resolve the missing disposition before creating or revising any new artifacts"); + expect(decision.instruction).toContain("Choose **exactly one** outcome"); + expect(decision.instruction).toContain("record an explicit continuation path"); + }); + + it("does not queue when the issue already has a valid disposition", () => { + expect(decide({ issue: { ...issue, status: "done" } as any })).toEqual({ + kind: "skip", + reason: "issue status done is a valid disposition", + }); + }); + + it("does not queue when a successful run records an accepted next-action path", () => { + expect(decide({ issue: { ...issue, status: "in_review" } as any })).toEqual({ + kind: "skip", + reason: "issue status in_review is a valid disposition", + }); + expect(decide({ issue: { ...issue, status: "blocked" } as any })).toEqual({ + kind: "skip", + reason: "issue status blocked is a valid disposition", + }); + expect(decide({ hasPendingInteractionOrApproval: true })).toEqual({ + kind: "skip", + reason: "pending interaction or approval owns the next action", + }); + expect(decide({ hasActiveExecutionPath: true })).toEqual({ + kind: "skip", + reason: "issue already has an active execution path", + }); + }); + + it("does not queue when another wake or dependency path already owns the next action", () => { + expect(decide({ hasQueuedWake: true })).toEqual({ + kind: "skip", + reason: "issue already has a queued or deferred wake", + }); + expect(decide({ hasExplicitBlockerPath: true })).toEqual({ + kind: "skip", + reason: "explicit blocker path owns the next action", + }); + }); + + it("does not queue when a successful run has no progress signal", () => { + expect(decide({ livenessState: null, detectedProgressSummary: null })).toEqual({ + kind: "skip", + reason: "successful run did not produce handoff-relevant progress", + }); + }); + + it("does not treat adapter or runtime failures as missing-disposition handoffs", () => { + expect(decide({ run: { ...run, status: "failed", errorCode: "adapter_failed" } as any })).toEqual({ + kind: "skip", + reason: "source run did not succeed", + }); + }); + + it("does not queue on missing-comment retry bookkeeping runs", () => { + expect(decide({ run: { ...run, issueCommentStatus: "retry_exhausted" } as any })).toEqual({ + kind: "skip", + reason: "missing issue comment retry owns the next action", + }); + }); + + it("does not loop from a corrective handoff run", () => { + expect(decide({ + run: { + ...run, + id: "run-2", + contextSnapshot: { + issueId: "issue-1", + wakeReason: FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + handoffRequired: true, + }, + } as any, + })).toEqual({ + kind: "skip", + reason: "source run is already a corrective handoff run", + }); + }); + + it("does not queue for issue monitor maintenance runs", () => { + expect(decide({ + run: { + ...run, + contextSnapshot: { + issueId: "issue-1", + source: "issue.monitor", + wakeReason: "issue_monitor_due", + }, + } as any, + })).toEqual({ + kind: "skip", + reason: "issue monitor run owns its own recovery path", + }); + }); + + it("uses a stable one-attempt idempotency key", () => { + expect(buildFinishSuccessfulRunHandoffIdempotencyKey({ + issueId: "issue-1", + sourceRunId: "run-1", + })).toBe("finish_successful_run_handoff:issue-1:run-1:1"); + }); + + it("allows failed or cancelled corrective wakes to be retried", () => { + expect(isIdempotentFinishSuccessfulRunHandoffWakeStatus("queued")).toBe(true); + expect(isIdempotentFinishSuccessfulRunHandoffWakeStatus("claimed")).toBe(true); + expect(isIdempotentFinishSuccessfulRunHandoffWakeStatus("completed")).toBe(true); + expect(isIdempotentFinishSuccessfulRunHandoffWakeStatus("failed")).toBe(false); + expect(isIdempotentFinishSuccessfulRunHandoffWakeStatus("cancelled")).toBe(false); + }); + + it("builds the required system notice with hidden structured metadata", () => { + const notice = buildSuccessfulRunHandoffRequiredNotice({ + issue: { + id: "11111111-1111-4111-8111-111111111111", + identifier: "PAP-1", + title: "Finish backend handoff", + status: "in_progress", + } as any, + run: { + id: "22222222-2222-4222-8222-222222222222", + status: "succeeded", + } as any, + agent: { + id: "33333333-3333-4333-8333-333333333333", + name: "CodexCoder", + } as any, + detectedProgressSummary: "Run produced concrete action evidence: 1 issue comment(s)", + }); + + expect(notice.body).toBe(SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY); + expect(notice.presentation).toEqual({ + kind: "system_notice", + tone: "warning", + title: "Missing issue disposition", + detailsDefaultOpen: false, + }); + expect(notice.metadata.sourceRunId).toBe("22222222-2222-4222-8222-222222222222"); + expect(notice.metadata.sections).toEqual(expect.arrayContaining([ + expect.objectContaining({ + title: "Required action", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "issue_link", identifier: "PAP-1" }), + expect.objectContaining({ type: "agent_link", name: "CodexCoder" }), + expect.objectContaining({ type: "key_value", label: "Missing disposition", value: "clear_next_step" }), + ]), + }), + expect.objectContaining({ + title: "Run evidence", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "run_link", runId: "22222222-2222-4222-8222-222222222222" }), + expect.objectContaining({ type: "key_value", label: "Normalized cause", value: SUCCESSFUL_RUN_MISSING_STATE_REASON }), + expect.objectContaining({ type: "key_value", label: "Detected progress" }), + ]), + }), + ])); + }); + + it("builds the exhausted system notice with recovery metadata", () => { + const notice = buildSuccessfulRunHandoffExhaustedNotice({ + issue: { + id: "11111111-1111-4111-8111-111111111111", + identifier: "PAP-1", + title: "Finish backend handoff", + status: "in_progress", + } as any, + sourceRun: { id: "22222222-2222-4222-8222-222222222222", status: "succeeded" } as any, + correctiveRun: { id: "44444444-4444-4444-8444-444444444444", status: "failed" } as any, + sourceAssignee: { id: "33333333-3333-4333-8333-333333333333", name: "CodexCoder" } as any, + recoveryIssue: { + id: "55555555-5555-4555-8555-555555555555", + identifier: "PAP-2", + title: "Recover missing next step PAP-1", + status: "todo", + } as any, + recoveryOwner: { id: "66666666-6666-4666-8666-666666666666", name: "CTO" } as any, + latestIssueStatus: "in_progress", + latestHandoffRunStatus: "failed", + missingDisposition: "clear_next_step", + }); + + expect(notice.body).toBe(SUCCESSFUL_RUN_HANDOFF_EXHAUSTED_NOTICE_BODY); + expect(notice.presentation).toMatchObject({ + kind: "system_notice", + tone: "danger", + detailsDefaultOpen: false, + }); + expect(notice.metadata.sourceRunId).toBe("22222222-2222-4222-8222-222222222222"); + expect(notice.metadata.sections).toEqual(expect.arrayContaining([ + expect.objectContaining({ + title: "Recovery owner", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "issue_link", identifier: "PAP-2" }), + expect.objectContaining({ type: "agent_link", label: "Recovery owner", name: "CTO" }), + ]), + }), + expect.objectContaining({ + title: "Run evidence", + rows: expect.arrayContaining([ + expect.objectContaining({ type: "run_link", label: "Source run" }), + expect.objectContaining({ type: "run_link", label: "Corrective handoff run" }), + expect.objectContaining({ type: "key_value", label: "Missing disposition", value: "clear_next_step" }), + ]), + }), + ])); + }); + + it("recognizes new notices and legacy markdown headings for fallback deduplication", () => { + expect(isSuccessfulRunHandoffRequiredNoticeBody(SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY)).toBe(true); + expect(isSuccessfulRunHandoffRequiredNoticeBody("## Successful run missing issue disposition\n\nold body")).toBe(true); + expect(isSuccessfulRunHandoffRequiredNoticeBody("## This issue still needs a next step\n\nold body")).toBe(true); + expect(isSuccessfulRunHandoffRequiredNoticeBody("Unrelated comment")).toBe(false); + }); +}); diff --git a/server/src/services/recovery/successful-run-handoff.ts b/server/src/services/recovery/successful-run-handoff.ts new file mode 100644 index 00000000..1b9bbe18 --- /dev/null +++ b/server/src/services/recovery/successful-run-handoff.ts @@ -0,0 +1,407 @@ +import { and, eq, inArray } from "drizzle-orm"; +import type { Db } from "@paperclipai/db"; +import { agentWakeupRequests, agents, heartbeatRuns, issues } from "@paperclipai/db"; +import type { IssueCommentMetadata, IssueCommentPresentation, RunLivenessState } from "@paperclipai/shared"; +import { withRecoveryModelProfileHint } from "./model-profile-hint.js"; + +export const FINISH_SUCCESSFUL_RUN_HANDOFF_REASON = "finish_successful_run_handoff"; +export const SUCCESSFUL_RUN_MISSING_STATE_REASON = "successful_run_missing_state"; +export const DEFAULT_MAX_SUCCESSFUL_RUN_HANDOFF_ATTEMPTS = 1; +export const SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY = + "Paperclip needs a disposition before this issue can continue."; +export const SUCCESSFUL_RUN_HANDOFF_EXHAUSTED_NOTICE_BODY = + "Paperclip could not resolve this issue's missing disposition automatically. The issue is blocked on a recovery owner."; +export const LEGACY_SUCCESSFUL_RUN_HANDOFF_NOTICE_PREFIXES = [ + "## This issue still needs a next step", + "## Successful run missing issue disposition", +] as const; + +export const SUCCESSFUL_RUN_HANDOFF_OPTIONS = [ + "mark_done_or_cancelled", + "send_for_review_or_ask_for_input", + "mark_blocked", + "delegate_or_continue_from_checkpoint", +] as const; + +const PRODUCTIVE_SUCCESS_LIVENESS_STATES = new Set([ + "advanced", + "completed", + "blocked", + "needs_followup", +]); + +const IDEMPOTENT_HANDOFF_WAKE_STATUSES = [ + "queued", + "deferred_issue_execution", + "claimed", + "completed", +]; +const IDEMPOTENT_HANDOFF_WAKE_STATUS_SET = new Set(IDEMPOTENT_HANDOFF_WAKE_STATUSES); + +export function isIdempotentFinishSuccessfulRunHandoffWakeStatus(status: string) { + return IDEMPOTENT_HANDOFF_WAKE_STATUS_SET.has(status); +} + +type HeartbeatRunRow = typeof heartbeatRuns.$inferSelect; +type IssueRow = Pick< + typeof issues.$inferSelect, + "id" | "companyId" | "identifier" | "title" | "status" | "assigneeAgentId" | "assigneeUserId" | "executionState" +>; +type AgentRow = Pick; +type NoticeIssue = Pick; +type NoticeRun = Pick; +type NoticeAgent = Pick; +type NullableNoticeAgent = NoticeAgent | null | undefined; +type NullableNoticeIssue = NoticeIssue | null | undefined; +type NullableNoticeRun = NoticeRun | null | undefined; + +export type SuccessfulRunHandoffNotice = { + body: string; + presentation: IssueCommentPresentation; + metadata: IssueCommentMetadata; +}; + +export type SuccessfulRunHandoffDecision = + | { + kind: "enqueue"; + idempotencyKey: string; + payload: Record; + contextSnapshot: Record; + instruction: string; + } + | { + kind: "skip"; + reason: string; + }; + +function metadataText(value: unknown, fallback = "unknown") { + const text = typeof value === "string" ? value.trim() : value == null ? "" : String(value).trim(); + const resolved = text.length > 0 ? text : fallback; + return resolved.length > 2000 ? `${resolved.slice(0, 1997)}...` : resolved; +} + +function keyValueRow(label: string, value: unknown): IssueCommentMetadata["sections"][number]["rows"][number] { + return { type: "key_value", label, value: metadataText(value) }; +} + +function issueLinkRow( + label: string, + issue: NullableNoticeIssue, +): IssueCommentMetadata["sections"][number]["rows"][number] { + if (!issue) return keyValueRow(label, "unknown"); + return { + type: "issue_link", + label, + issueId: issue.id, + identifier: issue.identifier, + title: issue.title, + }; +} + +function runLinkRow( + label: string, + run: NullableNoticeRun, +): IssueCommentMetadata["sections"][number]["rows"][number] { + if (!run) return keyValueRow(label, "unknown"); + return { type: "run_link", label, runId: run.id, title: run.status }; +} + +function agentLinkRow( + label: string, + agent: NullableNoticeAgent, +): IssueCommentMetadata["sections"][number]["rows"][number] { + if (!agent) return keyValueRow(label, "unknown"); + return { type: "agent_link", label, agentId: agent.id, name: agent.name }; +} + +function systemNoticePresentation(input: { + tone: IssueCommentPresentation["tone"]; + title: string; +}): IssueCommentPresentation { + return { + kind: "system_notice", + tone: input.tone, + title: input.title, + detailsDefaultOpen: false, + }; +} + +export function isSuccessfulRunHandoffRequiredNoticeBody(body: string) { + const trimmed = body.trim(); + return trimmed === SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY || + LEGACY_SUCCESSFUL_RUN_HANDOFF_NOTICE_PREFIXES.some((prefix) => trimmed.startsWith(prefix)); +} + +export function buildSuccessfulRunHandoffRequiredNotice(input: { + issue: NoticeIssue; + run: NoticeRun; + agent: NoticeAgent; + detectedProgressSummary: string; +}): SuccessfulRunHandoffNotice { + return { + body: SUCCESSFUL_RUN_HANDOFF_REQUIRED_NOTICE_BODY, + presentation: systemNoticePresentation({ + tone: "warning", + title: "Missing issue disposition", + }), + metadata: { + version: 1, + sourceRunId: input.run.id, + sections: [ + { + title: "Required action", + rows: [ + issueLinkRow("Source issue", input.issue), + agentLinkRow("Assignee", input.agent), + keyValueRow("Missing disposition", "clear_next_step"), + keyValueRow( + "Valid dispositions", + "done, cancelled, in_review with an owner, blocked with blockers, delegated follow-up, or explicit continuation", + ), + ], + }, + { + title: "Run evidence", + rows: [ + runLinkRow("Successful run", input.run), + keyValueRow("Run status", input.run.status), + keyValueRow("Normalized cause", SUCCESSFUL_RUN_MISSING_STATE_REASON), + keyValueRow("Detected progress", input.detectedProgressSummary), + keyValueRow("Automatic retry", "one corrective handoff wake queued"), + ], + }, + ], + }, + }; +} + +export function buildSuccessfulRunHandoffExhaustedNotice(input: { + issue: NoticeIssue; + sourceRun: NullableNoticeRun; + correctiveRun: NullableNoticeRun; + sourceAssignee: NullableNoticeAgent; + recoveryIssue: NullableNoticeIssue; + recoveryOwner: NullableNoticeAgent; + latestIssueStatus: string; + latestHandoffRunStatus: string; + missingDisposition: string; +}): SuccessfulRunHandoffNotice { + return { + body: SUCCESSFUL_RUN_HANDOFF_EXHAUSTED_NOTICE_BODY, + presentation: systemNoticePresentation({ + tone: "danger", + title: "Missing disposition recovery blocked", + }), + metadata: { + version: 1, + sourceRunId: input.sourceRun?.id ?? null, + sections: [ + { + title: "Recovery owner", + rows: [ + issueLinkRow("Source issue", input.issue), + issueLinkRow("Recovery issue", input.recoveryIssue), + agentLinkRow("Recovery owner", input.recoveryOwner), + agentLinkRow("Source assignee", input.sourceAssignee), + keyValueRow("Suggested action", "choose and record a valid issue disposition without copying transcript content"), + ], + }, + { + title: "Run evidence", + rows: [ + runLinkRow("Source run", input.sourceRun), + runLinkRow("Corrective handoff run", input.correctiveRun), + keyValueRow("Latest issue status", input.latestIssueStatus), + keyValueRow("Latest handoff run status", input.latestHandoffRunStatus), + keyValueRow("Normalized cause", SUCCESSFUL_RUN_MISSING_STATE_REASON), + keyValueRow("Missing disposition", input.missingDisposition), + ], + }, + ], + }, + }; +} + +export function buildFinishSuccessfulRunHandoffIdempotencyKey(input: { + issueId: string; + sourceRunId: string; + attempt?: number; +}) { + return [ + FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + input.issueId, + input.sourceRunId, + String(input.attempt ?? 1), + ].join(":"); +} + +export async function findExistingFinishSuccessfulRunHandoffWake( + db: Db, + input: { + companyId: string; + idempotencyKey: string; + }, +) { + return db + .select({ id: agentWakeupRequests.id, status: agentWakeupRequests.status }) + .from(agentWakeupRequests) + .where( + and( + eq(agentWakeupRequests.companyId, input.companyId), + eq(agentWakeupRequests.idempotencyKey, input.idempotencyKey), + inArray(agentWakeupRequests.status, IDEMPOTENT_HANDOFF_WAKE_STATUSES), + ), + ) + .limit(1) + .then((rows) => rows[0] ?? null); +} + +function readRecord(value: unknown): Record { + return value && typeof value === "object" && !Array.isArray(value) + ? value as Record + : {}; +} + +function readString(value: unknown) { + return typeof value === "string" && value.trim().length > 0 ? value.trim() : null; +} + +function isCorrectiveHandoffRun(run: HeartbeatRunRow) { + const context = readRecord(run.contextSnapshot); + return context.handoffRequired === true || + readString(context.wakeReason) === FINISH_SUCCESSFUL_RUN_HANDOFF_REASON; +} + +function isIssueMonitorMaintenanceRun(run: HeartbeatRunRow) { + const context = readRecord(run.contextSnapshot); + const wakeReason = readString(context.wakeReason); + const source = readString(context.source); + return Boolean(wakeReason?.startsWith("issue_monitor") || source?.startsWith("issue.monitor")); +} + +function isProductiveSuccessfulRun(input: { + livenessState: RunLivenessState | null; + detectedProgressSummary: string | null; +}) { + if (input.livenessState && PRODUCTIVE_SUCCESS_LIVENESS_STATES.has(input.livenessState)) return true; + return Boolean(input.detectedProgressSummary); +} + +export function buildSuccessfulRunHandoffInstruction(input: { + issueIdentifier: string | null; + sourceRunId: string; +}) { + const issueLabel = input.issueIdentifier ?? "this issue"; + return [ + `Your previous run on ${issueLabel} succeeded, but the issue is still in \`in_progress\` and Paperclip cannot identify a valid issue disposition.`, + "", + "Resolve the missing disposition before creating or revising any new artifacts. Choose **exactly one** outcome and perform the matching Paperclip action:", + "", + "**Is the issue finished?**", + "1. Mark it `done` (scope complete) or `cancelled` (intentionally stopped).", + "", + "**Does someone else need to look at it?**", + "2. Move it to `in_review` with a real reviewer path — `executionState.currentParticipant`, a human owner via `assigneeUserId`, a pending issue-thread interaction, or a linked pending approval.", + "", + "**Can it not continue right now?**", + "3. Mark it `blocked` with first-class blockers (`blockedByIssueIds`) or a clearly named unblock owner/action.", + "", + "**Is there more work to do?**", + `4. Either delegate follow-up work (create/link a follow-up issue and block this one on it, or close this issue if its scope is independently complete) or record an explicit continuation path with \`resumeIntent: true\`, \`resumeFromRunId: ${input.sourceRunId}\`, and a concrete next action.`, + "", + "Comments, document revisions, work-product writes, and continuation summaries are supporting evidence only — they do not satisfy this handoff unless the issue state/path also records one valid disposition.", + ].join("\n"); +} + +export function decideSuccessfulRunHandoff(input: { + run: HeartbeatRunRow; + issue: IssueRow | null; + agent: AgentRow | null; + livenessState: RunLivenessState | null; + detectedProgressSummary: string | null; + taskKey: string | null; + hasActiveExecutionPath: boolean; + hasQueuedWake: boolean; + hasPendingInteractionOrApproval: boolean; + hasExplicitBlockerPath: boolean; + hasOpenRecoveryIssue: boolean; + hasPauseHold: boolean; + budgetBlocked: boolean; + idempotentWakeExists: boolean; +}): SuccessfulRunHandoffDecision { + const { run, issue, agent } = input; + + if (run.status !== "succeeded") return { kind: "skip", reason: "source run did not succeed" }; + if (isCorrectiveHandoffRun(run)) return { kind: "skip", reason: "source run is already a corrective handoff run" }; + if (isIssueMonitorMaintenanceRun(run)) return { kind: "skip", reason: "issue monitor run owns its own recovery path" }; + if (run.issueCommentStatus === "retry_queued" || run.issueCommentStatus === "retry_exhausted") { + return { kind: "skip", reason: "missing issue comment retry owns the next action" }; + } + if (!issue) return { kind: "skip", reason: "issue not found" }; + if (!agent) return { kind: "skip", reason: "agent not found" }; + if (issue.companyId !== run.companyId || agent.companyId !== run.companyId) { + return { kind: "skip", reason: "company scope mismatch" }; + } + if (issue.assigneeAgentId !== run.agentId) { + return { kind: "skip", reason: "issue is no longer assigned to the source run agent" }; + } + if (issue.assigneeUserId) return { kind: "skip", reason: "issue is human-owned" }; + if (issue.status !== "in_progress") return { kind: "skip", reason: `issue status ${issue.status} is a valid disposition` }; + if (issue.executionState) return { kind: "skip", reason: "issue has execution policy state" }; + if (agent.status === "paused" || agent.status === "terminated" || agent.status === "pending_approval") { + return { kind: "skip", reason: `agent status ${agent.status} is not invokable` }; + } + if (!isProductiveSuccessfulRun(input)) { + return { kind: "skip", reason: "successful run did not produce handoff-relevant progress" }; + } + if (input.hasActiveExecutionPath) return { kind: "skip", reason: "issue already has an active execution path" }; + if (input.hasQueuedWake) return { kind: "skip", reason: "issue already has a queued or deferred wake" }; + if (input.hasPendingInteractionOrApproval) { + return { kind: "skip", reason: "pending interaction or approval owns the next action" }; + } + if (input.hasExplicitBlockerPath) return { kind: "skip", reason: "explicit blocker path owns the next action" }; + if (input.hasOpenRecoveryIssue) return { kind: "skip", reason: "open recovery issue owns the ambiguity" }; + if (input.hasPauseHold) return { kind: "skip", reason: "issue is under an active pause hold" }; + if (input.budgetBlocked) return { kind: "skip", reason: "budget hard stop blocks corrective wake" }; + if (input.idempotentWakeExists) { + return { kind: "skip", reason: "corrective handoff wake already exists for this source run" }; + } + + const instruction = buildSuccessfulRunHandoffInstruction({ + issueIdentifier: issue.identifier, + sourceRunId: run.id, + }); + const payload = withRecoveryModelProfileHint({ + issueId: issue.id, + taskId: issue.id, + sourceIssueId: issue.id, + sourceRunId: run.id, + handoffRequired: true, + handoffReason: SUCCESSFUL_RUN_MISSING_STATE_REASON, + missingDisposition: "clear_next_step", + validDispositionOptions: [...SUCCESSFUL_RUN_HANDOFF_OPTIONS], + detectedProgressSummary: input.detectedProgressSummary, + handoffAttempt: 1, + maxHandoffAttempts: DEFAULT_MAX_SUCCESSFUL_RUN_HANDOFF_ATTEMPTS, + resumeIntent: true, + followUpRequested: true, + resumeFromRunId: run.id, + ...(input.taskKey ? { taskKey: input.taskKey } : {}), + instruction, + }); + + return { + kind: "enqueue", + idempotencyKey: buildFinishSuccessfulRunHandoffIdempotencyKey({ + issueId: issue.id, + sourceRunId: run.id, + }), + payload, + instruction, + contextSnapshot: withRecoveryModelProfileHint({ + ...payload, + wakeReason: FINISH_SUCCESSFUL_RUN_HANDOFF_REASON, + livenessState: input.livenessState, + }), + }; +} diff --git a/server/src/services/routines.ts b/server/src/services/routines.ts index a632f776..b280119a 100644 --- a/server/src/services/routines.ts +++ b/server/src/services/routines.ts @@ -1,8 +1,10 @@ import crypto from "node:crypto"; -import { and, asc, desc, eq, inArray, isNotNull, isNull, lte, ne, or, sql } from "drizzle-orm"; +import { and, asc, desc, eq, inArray, isNotNull, isNull, lte, ne, not, or, sql } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; import { agents, + companySecretBindings, + companySecretVersions, companySecrets, executionWorkspaces, goals, @@ -10,7 +12,10 @@ import { issueInboxArchives, issueReadStates, issues, + pluginManagedResources, + plugins, projects, + routineRevisions, routineRuns, routines, routineTriggers, @@ -21,6 +26,9 @@ import type { Routine, RoutineDetail, RoutineListItem, + RoutineManagedByPlugin, + RoutineRevision, + RoutineRevisionSnapshotV1, RoutineRunSummary, RoutineTrigger, RoutineTriggerSecretMaterial, @@ -34,6 +42,7 @@ import { getBuiltinRoutineVariableValues, extractRoutineVariableNames, interpolateRoutineTemplate, + pluginOperationIssueOriginKind, stringifyRoutineVariableValue, syncRoutineVariablesWithTemplate, } from "@paperclipai/shared"; @@ -41,8 +50,10 @@ import { trackRoutineRun } from "@paperclipai/shared/telemetry"; import { conflict, forbidden, notFound, unauthorized, unprocessable } from "../errors.js"; import { logger } from "../middleware/logger.js"; import { getTelemetryClient } from "../telemetry.js"; +import { getConfiguredSecretProvider } from "../secrets/configured-provider.js"; import { issueService } from "./issues.js"; import { secretService } from "./secrets.js"; +import { getSecretProvider } from "../secrets/provider-registry.js"; import { parseCron, validateCron } from "./cron.js"; import { heartbeatService } from "./heartbeat.js"; import { queueIssueAssignmentWakeup, type IssueAssignmentWakeupDeps } from "./issue-assignment-wakeup.js"; @@ -53,6 +64,7 @@ const OPEN_ISSUE_STATUSES = ["backlog", "todo", "in_progress", "in_review", "blo const LIVE_HEARTBEAT_RUN_STATUSES = ["queued", "running", "scheduled_retry"]; const TERMINAL_ISSUE_STATUSES = new Set(["done", "cancelled"]); const MAX_CATCH_UP_RUNS = 25; +const MAX_ROUTINE_REVISIONS = 100; const WEEKDAY_INDEX: Record = { Sun: 0, Mon: 1, @@ -63,7 +75,17 @@ const WEEKDAY_INDEX: Record = { Sat: 6, }; -type Actor = { agentId?: string | null; userId?: string | null }; +type Actor = { agentId?: string | null; userId?: string | null; runId?: string | null }; +type RoutineRow = typeof routines.$inferSelect; +type RoutineTriggerRow = typeof routineTriggers.$inferSelect; + +interface RoutineTriggerSecretRestoreMaterial extends RoutineTriggerSecretMaterial { + triggerId: string; +} + +function routineWebhookSecretConfigPath(secretId: string) { + return `webhookSecret:${secretId}`; +} function assertTimeZone(timeZone: string) { try { @@ -354,11 +376,92 @@ function createRoutineDispatchFingerprint(input: { return crypto.createHash("sha256").update(canonical).digest("hex"); } +function readManagedRoutineIssueTemplate(defaultsJson: Record | null | undefined) { + const value = defaultsJson?.issueTemplate; + if (!isPlainRecord(value)) return null; + return { + surfaceVisibility: typeof value.surfaceVisibility === "string" ? value.surfaceVisibility : null, + originId: typeof value.originId === "string" && value.originId.trim() ? value.originId.trim() : null, + billingCode: typeof value.billingCode === "string" && value.billingCode.trim() ? value.billingCode.trim() : null, + }; +} + function routineUsesWorkspaceBranch(routine: typeof routines.$inferSelect) { return (routine.variables ?? []).some((variable) => variable.name === WORKSPACE_BRANCH_ROUTINE_VARIABLE) || extractRoutineVariableNames([routine.title, routine.description]).includes(WORKSPACE_BRANCH_ROUTINE_VARIABLE); } +function routineRevisionSnapshotRoutine(routine: RoutineRow): RoutineRevisionSnapshotV1["routine"] { + return { + id: routine.id, + companyId: routine.companyId, + projectId: routine.projectId, + goalId: routine.goalId, + parentIssueId: routine.parentIssueId, + title: routine.title, + description: routine.description, + assigneeAgentId: routine.assigneeAgentId, + priority: routine.priority as RoutineRevisionSnapshotV1["routine"]["priority"], + status: routine.status as RoutineRevisionSnapshotV1["routine"]["status"], + concurrencyPolicy: routine.concurrencyPolicy as RoutineRevisionSnapshotV1["routine"]["concurrencyPolicy"], + catchUpPolicy: routine.catchUpPolicy as RoutineRevisionSnapshotV1["routine"]["catchUpPolicy"], + variables: routine.variables ?? [], + }; +} + +function routineRevisionSnapshotTrigger(trigger: RoutineTriggerRow): RoutineRevisionSnapshotV1["triggers"][number] { + return { + id: trigger.id, + kind: trigger.kind as RoutineRevisionSnapshotV1["triggers"][number]["kind"], + label: trigger.label, + enabled: trigger.enabled, + cronExpression: trigger.cronExpression, + timezone: trigger.timezone, + publicId: trigger.publicId, + signingMode: trigger.signingMode as RoutineRevisionSnapshotV1["triggers"][number]["signingMode"], + replayWindowSec: trigger.replayWindowSec, + }; +} + +async function buildRoutineRevisionSnapshot( + executor: Db, + routine: RoutineRow, +): Promise { + const triggers = await executor + .select() + .from(routineTriggers) + .where(and(eq(routineTriggers.companyId, routine.companyId), eq(routineTriggers.routineId, routine.id))) + .orderBy(asc(routineTriggers.createdAt), asc(routineTriggers.id)); + + return { + version: 1, + routine: routineRevisionSnapshotRoutine(routine), + triggers: triggers.map(routineRevisionSnapshotTrigger), + }; +} + +function canonicalSnapshot(value: RoutineRevisionSnapshotV1) { + return JSON.stringify(value); +} + +function snapshotsMatch(left: RoutineRevisionSnapshotV1, right: RoutineRevisionSnapshotV1) { + return canonicalSnapshot(left) === canonicalSnapshot(right); +} + +function routineCurrentFieldsMatch(left: RoutineRow, right: RoutineRow) { + return snapshotsMatch( + { version: 1, routine: routineRevisionSnapshotRoutine(left), triggers: [] }, + { version: 1, routine: routineRevisionSnapshotRoutine(right), triggers: [] }, + ); +} + +function mapRoutineRevision(row: typeof routineRevisions.$inferSelect): RoutineRevision { + return { + ...row, + snapshot: row.snapshot as RoutineRevisionSnapshotV1, + }; +} + export function routineService( db: Db, deps: { @@ -380,6 +483,63 @@ export function routineService( .then((rows) => rows[0] ?? null); } + async function getManagedRoutineBinding(routine: typeof routines.$inferSelect) { + return db + .select({ + pluginKey: pluginManagedResources.pluginKey, + defaultsJson: pluginManagedResources.defaultsJson, + manifestJson: plugins.manifestJson, + }) + .from(pluginManagedResources) + .innerJoin(plugins, eq(pluginManagedResources.pluginId, plugins.id)) + .where( + and( + eq(pluginManagedResources.companyId, routine.companyId), + eq(pluginManagedResources.resourceKind, "routine"), + eq(pluginManagedResources.resourceId, routine.id), + ), + ) + .then((rows) => rows[0] ?? null); + } + + async function listManagedRoutineMetadata(routineIds: string[]) { + if (routineIds.length === 0) return new Map(); + const rows = await db + .select({ + id: pluginManagedResources.id, + pluginId: pluginManagedResources.pluginId, + pluginKey: pluginManagedResources.pluginKey, + manifestJson: plugins.manifestJson, + resourceKey: pluginManagedResources.resourceKey, + resourceId: pluginManagedResources.resourceId, + defaultsJson: pluginManagedResources.defaultsJson, + createdAt: pluginManagedResources.createdAt, + updatedAt: pluginManagedResources.updatedAt, + }) + .from(pluginManagedResources) + .innerJoin(plugins, eq(pluginManagedResources.pluginId, plugins.id)) + .where( + and( + eq(pluginManagedResources.resourceKind, "routine"), + inArray(pluginManagedResources.resourceId, routineIds), + ), + ); + return new Map(rows.map((row) => [ + row.resourceId, + { + id: row.id, + pluginId: row.pluginId, + pluginKey: row.pluginKey, + pluginDisplayName: row.manifestJson.displayName ?? row.pluginKey, + resourceKind: "routine", + resourceKey: row.resourceKey, + defaultsJson: row.defaultsJson, + createdAt: row.createdAt, + updatedAt: row.updatedAt, + } satisfies RoutineManagedByPlugin, + ])); + } + async function getTriggerById(id: string) { return db .select() @@ -388,6 +548,52 @@ export function routineService( .then((rows) => rows[0] ?? null); } + async function appendRoutineRevision( + executor: Db, + routine: RoutineRow, + actor: Actor, + options: { + changeSummary?: string | null; + restoredFromRevisionId?: string | null; + } = {}, + ) { + const snapshot = await buildRoutineRevisionSnapshot(executor, routine); + const nextRevisionNumber = routine.latestRevisionId ? routine.latestRevisionNumber + 1 : 1; + const now = new Date(); + const [revision] = await executor + .insert(routineRevisions) + .values({ + companyId: routine.companyId, + routineId: routine.id, + revisionNumber: nextRevisionNumber, + title: snapshot.routine.title, + description: snapshot.routine.description, + snapshot, + changeSummary: options.changeSummary ?? null, + restoredFromRevisionId: options.restoredFromRevisionId ?? null, + createdByAgentId: actor.agentId ?? null, + createdByUserId: actor.userId ?? null, + createdByRunId: actor.runId ?? null, + createdAt: now, + }) + .returning(); + + const [updatedRoutine] = await executor + .update(routines) + .set({ + latestRevisionId: revision.id, + latestRevisionNumber: nextRevisionNumber, + updatedAt: now, + }) + .where(eq(routines.id, routine.id)) + .returning(); + + return { + routine: updatedRoutine ?? { ...routine, latestRevisionId: revision.id, latestRevisionNumber: nextRevisionNumber, updatedAt: now }, + revision: mapRoutineRevision(revision), + }; + } + async function assertRoutineAccess(companyId: string, routineId: string) { const routine = await getRoutineById(routineId); if (!routine) throw notFound("Routine not found"); @@ -408,6 +614,17 @@ export function routineService( if (agent.status === "terminated") throw conflict("Cannot assign routines to terminated agents"); } + async function assertRestorableAssignee( + companyId: string, + assigneeAgentId: string | null | undefined, + actor: Actor, + ) { + await assertAssignableAgent(companyId, assigneeAgentId); + if (actor.agentId && assigneeAgentId !== actor.agentId) { + throw forbidden("Agents can only restore routine revisions assigned to themselves"); + } + } + async function assertProject(companyId: string, projectId: string | null | undefined) { if (!projectId) return; const project = await db @@ -664,8 +881,11 @@ export function routineService( routine: typeof routines.$inferSelect, executor: Db = db, dispatchFingerprint?: string | null, + origin?: { kind: string; id: string | null }, ) { const fingerprintCondition = routineExecutionFingerprintCondition(dispatchFingerprint); + const originKind = origin?.kind ?? "routine_execution"; + const originId = origin?.id ?? routine.id; const executionBoundIssue = await executor .select() .from(issues) @@ -679,8 +899,8 @@ export function routineService( .where( and( eq(issues.companyId, routine.companyId), - eq(issues.originKind, "routine_execution"), - eq(issues.originId, routine.id), + eq(issues.originKind, originKind), + eq(issues.originId, originId), inArray(issues.status, OPEN_ISSUE_STATUSES), isNull(issues.hiddenAt), ...(fingerprintCondition ? [fingerprintCondition] : []), @@ -705,8 +925,8 @@ export function routineService( .where( and( eq(issues.companyId, routine.companyId), - eq(issues.originKind, "routine_execution"), - eq(issues.originId, routine.id), + eq(issues.originKind, originKind), + eq(issues.originId, originId), inArray(issues.status, OPEN_ISSUE_STATUSES), isNull(issues.hiddenAt), ...(fingerprintCondition ? [fingerprintCondition] : []), @@ -733,18 +953,75 @@ export function routineService( companyId: string, routineId: string, actor: Actor, + executor?: Db, ) { const secretValue = crypto.randomBytes(24).toString("hex"); - const secret = await secretsSvc.create( - companyId, - { - name: `routine-${routineId}-${crypto.randomBytes(6).toString("hex")}`, - provider: "local_encrypted", - value: secretValue, - description: `Webhook auth for routine ${routineId}`, + const providerId = getConfiguredSecretProvider(); + const input = { + name: `routine-${routineId}-${crypto.randomBytes(6).toString("hex")}`, + provider: providerId, + value: secretValue, + description: `Webhook auth for routine ${routineId}`, + }; + const provider = getSecretProvider(input.provider); + const prepared = await provider.createSecret({ + value: input.value, + externalRef: null, + context: { + companyId, + secretKey: input.name, + secretName: input.name, + version: 1, }, - actor, - ); + }); + + const insertSecret = async (secretDb: Db) => { + const secret = await secretDb + .insert(companySecrets) + .values({ + companyId, + key: input.name, + name: input.name, + provider: input.provider, + status: "active", + managedMode: "paperclip_managed", + externalRef: prepared.externalRef, + providerMetadata: null, + latestVersion: 1, + description: input.description, + lastRotatedAt: new Date(), + createdByAgentId: actor.agentId ?? null, + createdByUserId: actor.userId ?? null, + }) + .returning() + .then((rows) => rows[0]); + + await secretDb.insert(companySecretVersions).values({ + secretId: secret.id, + version: 1, + material: prepared.material, + valueSha256: prepared.valueSha256, + fingerprintSha256: prepared.fingerprintSha256 ?? prepared.valueSha256, + providerVersionRef: prepared.providerVersionRef ?? null, + status: "current", + createdByAgentId: actor.agentId ?? null, + createdByUserId: actor.userId ?? null, + }); + + await secretDb.insert(companySecretBindings).values({ + companyId, + secretId: secret.id, + targetType: "routine", + targetId: routineId, + configPath: routineWebhookSecretConfigPath(secret.id), + }); + + return secret; + }; + + const secret = executor + ? await insertSecret(executor) + : await db.transaction(async (tx) => insertSecret(tx as unknown as Db)); return { secret, secretValue }; } @@ -756,7 +1033,13 @@ export function routineService( .where(eq(companySecrets.id, trigger.secretId)) .then((rows) => rows[0] ?? null); if (!secret || secret.companyId !== companyId) throw notFound("Routine trigger secret not found"); - const value = await secretsSvc.resolveSecretValue(companyId, trigger.secretId, "latest"); + const value = await secretsSvc.resolveSecretValue(companyId, trigger.secretId, "latest", { + consumerType: "routine", + consumerId: trigger.routineId, + actorType: "system", + actorId: null, + configPath: routineWebhookSecretConfigPath(trigger.secretId), + }); return value; } @@ -844,6 +1127,13 @@ export function routineService( const title = interpolateRoutineTemplate(input.routine.title, allVariables) ?? input.routine.title; const description = interpolateRoutineTemplate(input.routine.description, allVariables); const triggerPayload = mergeRoutineRunPayload(input.payload, { ...automaticVariables, ...resolvedVariables }); + const managedRoutineBinding = await getManagedRoutineBinding(input.routine); + const managedIssueTemplate = readManagedRoutineIssueTemplate(managedRoutineBinding?.defaultsJson); + const issueOriginKind = managedIssueTemplate?.surfaceVisibility === "plugin_operation" && managedRoutineBinding + ? pluginOperationIssueOriginKind(managedRoutineBinding.pluginKey) + : "routine_execution"; + const issueOriginId = managedIssueTemplate?.originId ?? input.routine.id; + const issueBillingCode = managedIssueTemplate?.billingCode ?? null; const dispatchFingerprint = createRoutineDispatchFingerprint({ payload: triggerPayload, projectId, @@ -902,7 +1192,10 @@ export function routineService( let createdIssue: Awaited> | null = null; try { - const activeIssue = await findLiveExecutionIssue(input.routine, txDb, dispatchFingerprint); + const activeIssue = await findLiveExecutionIssue(input.routine, txDb, dispatchFingerprint, { + kind: issueOriginKind, + id: issueOriginId, + }); if (activeIssue && input.routine.concurrencyPolicy !== "always_enqueue") { const status = input.routine.concurrencyPolicy === "skip_if_active" ? "skipped" : "coalesced"; if (manualRunnerUserId) { @@ -942,10 +1235,11 @@ export function routineService( assigneeAgentId, createdByAgentId: input.source === "manual" ? input.actor?.agentId ?? null : null, createdByUserId: manualRunnerUserId, - originKind: "routine_execution", - originId: input.routine.id, + originKind: issueOriginKind, + originId: issueOriginId, originRunId: createdRun.id, originFingerprint: dispatchFingerprint, + billingCode: issueBillingCode, executionWorkspaceId: input.executionWorkspaceId ?? null, executionWorkspacePreference: input.executionWorkspacePreference ?? null, executionWorkspaceSettings: input.executionWorkspaceSettings ?? null, @@ -962,7 +1256,10 @@ export function routineService( throw error; } - const existingIssue = await findLiveExecutionIssue(input.routine, txDb, dispatchFingerprint); + const existingIssue = await findLiveExecutionIssue(input.routine, txDb, dispatchFingerprint, { + kind: issueOriginKind, + id: issueOriginId, + }); if (!existingIssue) throw error; const status = input.routine.concurrencyPolicy === "skip_if_active" ? "skipped" : "coalesced"; if (manualRunnerUserId) { @@ -1084,13 +1381,15 @@ export function routineService( .where(and(...conditions)) .orderBy(desc(routines.updatedAt), asc(routines.title)); const routineIds = rows.map((row) => row.id); - const [triggersByRoutine, latestRunByRoutine, activeIssueByRoutine] = await Promise.all([ + const [triggersByRoutine, latestRunByRoutine, activeIssueByRoutine, managedByRoutine] = await Promise.all([ listTriggersForRoutineIds(companyId, routineIds), listLatestRunByRoutineIds(companyId, routineIds), listLiveIssueByRoutineIds(companyId, routineIds), + listManagedRoutineMetadata(routineIds), ]); return rows.map((row) => ({ ...row, + managedByPlugin: managedByRoutine.get(row.id) ?? null, triggers: (triggersByRoutine.get(row.id) ?? []).map((trigger) => ({ id: trigger.id, kind: trigger.kind as RoutineListItem["triggers"][number]["kind"], @@ -1110,7 +1409,7 @@ export function routineService( getDetail: async (id: string): Promise => { const row = await getRoutineById(id); if (!row) return null; - const [project, assignee, parentIssue, triggers, recentRuns, activeIssue] = await Promise.all([ + const [project, assignee, parentIssue, triggers, recentRuns, activeIssue, managedByRoutine] = await Promise.all([ row.projectId ? db.select().from(projects).where(eq(projects.id, row.projectId)).then((rows) => rows[0] ?? null) : null, @@ -1189,10 +1488,12 @@ export function routineService( })), ), findLiveExecutionIssue(row), + listManagedRoutineMetadata([row.id]), ]); return { ...row, + managedByPlugin: managedByRoutine.get(row.id) ?? null, project, assignee, parentIssue, @@ -1213,28 +1514,34 @@ export function routineService( ); assertRoutineVariableDefinitions(variables); const status = normalizeDraftRoutineStatus(input.status, input.assigneeAgentId); - const [created] = await db - .insert(routines) - .values({ - companyId, - projectId: input.projectId ?? null, - goalId: input.goalId ?? null, - parentIssueId: input.parentIssueId ?? null, - title: input.title, - description: input.description ?? null, - assigneeAgentId: input.assigneeAgentId ?? null, - priority: input.priority, - status, - concurrencyPolicy: input.concurrencyPolicy, - catchUpPolicy: input.catchUpPolicy, - variables, - createdByAgentId: actor.agentId ?? null, - createdByUserId: actor.userId ?? null, - updatedByAgentId: actor.agentId ?? null, - updatedByUserId: actor.userId ?? null, - }) - .returning(); - return created; + return db.transaction(async (tx) => { + const txDb = tx as unknown as Db; + const [created] = await txDb + .insert(routines) + .values({ + companyId, + projectId: input.projectId ?? null, + goalId: input.goalId ?? null, + parentIssueId: input.parentIssueId ?? null, + title: input.title, + description: input.description ?? null, + assigneeAgentId: input.assigneeAgentId ?? null, + priority: input.priority, + status, + concurrencyPolicy: input.concurrencyPolicy, + catchUpPolicy: input.catchUpPolicy, + variables, + createdByAgentId: actor.agentId ?? null, + createdByUserId: actor.userId ?? null, + updatedByAgentId: actor.agentId ?? null, + updatedByUserId: actor.userId ?? null, + }) + .returning(); + const { routine } = await appendRoutineRevision(txDb, created, actor, { + changeSummary: "Created routine", + }); + return routine; + }); }, update: async (id: string, patch: UpdateRoutine, actor: Actor): Promise => { @@ -1275,34 +1582,94 @@ export function routineService( if (enabledScheduleTriggers) { assertScheduleCompatibleVariables(nextVariables); } - const [updated] = await db - .update(routines) - .set({ + return db.transaction(async (tx) => { + const txDb = tx as unknown as Db; + await tx.execute(sql`select id from ${routines} where ${routines.id} = ${id} for update`); + const locked = await txDb + .select() + .from(routines) + .where(eq(routines.id, id)) + .then((rows) => rows[0] ?? null); + if (!locked) return null; + + if (patch.baseRevisionId && patch.baseRevisionId !== locked.latestRevisionId) { + throw conflict("Routine was updated by someone else", { + currentRevisionId: locked.latestRevisionId, + }); + } + + const candidate: RoutineRow = { + ...locked, projectId: nextProjectId, - goalId: patch.goalId === undefined ? existing.goalId : patch.goalId, - parentIssueId: patch.parentIssueId === undefined ? existing.parentIssueId : patch.parentIssueId, + goalId: patch.goalId === undefined ? locked.goalId : patch.goalId, + parentIssueId: patch.parentIssueId === undefined ? locked.parentIssueId : patch.parentIssueId, title: nextTitle, description: nextDescription, assigneeAgentId: nextAssigneeAgentId, - priority: patch.priority ?? existing.priority, + priority: patch.priority ?? locked.priority, status: nextStatus, - concurrencyPolicy: patch.concurrencyPolicy ?? existing.concurrencyPolicy, - catchUpPolicy: patch.catchUpPolicy ?? existing.catchUpPolicy, + concurrencyPolicy: patch.concurrencyPolicy ?? locked.concurrencyPolicy, + catchUpPolicy: patch.catchUpPolicy ?? locked.catchUpPolicy, variables: nextVariables, updatedByAgentId: actor.agentId ?? null, updatedByUserId: actor.userId ?? null, - updatedAt: new Date(), - }) - .where(eq(routines.id, id)) - .returning(); - return updated ?? null; + }; + + if (locked.latestRevisionId && routineCurrentFieldsMatch(locked, candidate)) { + return locked; + } + + const nextSnapshot = await buildRoutineRevisionSnapshot(txDb, candidate); + if (locked.latestRevisionId) { + const latestRevision = await txDb + .select({ snapshot: routineRevisions.snapshot }) + .from(routineRevisions) + .where( + and( + eq(routineRevisions.companyId, locked.companyId), + eq(routineRevisions.routineId, locked.id), + eq(routineRevisions.id, locked.latestRevisionId), + ), + ) + .then((rows) => rows[0] ?? null); + if (latestRevision && snapshotsMatch(nextSnapshot, latestRevision.snapshot as RoutineRevisionSnapshotV1)) { + return locked; + } + } + + const [updated] = await txDb + .update(routines) + .set({ + projectId: candidate.projectId, + goalId: candidate.goalId, + parentIssueId: candidate.parentIssueId, + title: candidate.title, + description: candidate.description, + assigneeAgentId: candidate.assigneeAgentId, + priority: candidate.priority, + status: candidate.status, + concurrencyPolicy: candidate.concurrencyPolicy, + catchUpPolicy: candidate.catchUpPolicy, + variables: candidate.variables, + updatedByAgentId: actor.agentId ?? null, + updatedByUserId: actor.userId ?? null, + updatedAt: new Date(), + }) + .where(eq(routines.id, id)) + .returning(); + if (!updated) return null; + const { routine } = await appendRoutineRevision(txDb, updated, actor, { + changeSummary: "Updated routine", + }); + return routine; + }); }, createTrigger: async ( routineId: string, input: CreateRoutineTrigger, actor: Actor, - ): Promise<{ trigger: RoutineTrigger; secretMaterial: RoutineTriggerSecretMaterial | null }> => { + ): Promise<{ trigger: RoutineTrigger; secretMaterial: RoutineTriggerSecretMaterial | null; revision: RoutineRevision }> => { const routine = await getRoutineById(routineId); if (!routine) throw notFound("Routine not found"); @@ -1330,36 +1697,50 @@ export function routineService( }; } - const [trigger] = await db - .insert(routineTriggers) - .values({ - companyId: routine.companyId, - routineId: routine.id, - kind: input.kind, - label: input.label ?? null, - enabled: input.enabled ?? true, - cronExpression: input.kind === "schedule" ? input.cronExpression : null, - timezone: input.kind === "schedule" ? (input.timezone || "UTC") : null, - nextRunAt, - publicId, - secretId, - signingMode: input.kind === "webhook" ? input.signingMode : null, - replayWindowSec: input.kind === "webhook" ? input.replayWindowSec : null, - lastRotatedAt: input.kind === "webhook" ? new Date() : null, - createdByAgentId: actor.agentId ?? null, - createdByUserId: actor.userId ?? null, - updatedByAgentId: actor.agentId ?? null, - updatedByUserId: actor.userId ?? null, - }) - .returning(); + const { trigger, revision } = await db.transaction(async (tx) => { + const txDb = tx as unknown as Db; + await tx.execute(sql`select id from ${routines} where ${routines.id} = ${routine.id} for update`); + const [createdTrigger] = await txDb + .insert(routineTriggers) + .values({ + companyId: routine.companyId, + routineId: routine.id, + kind: input.kind, + label: input.label ?? null, + enabled: input.enabled ?? true, + cronExpression: input.kind === "schedule" ? input.cronExpression : null, + timezone: input.kind === "schedule" ? (input.timezone || "UTC") : null, + nextRunAt, + publicId, + secretId, + signingMode: input.kind === "webhook" ? input.signingMode : null, + replayWindowSec: input.kind === "webhook" ? input.replayWindowSec : null, + lastRotatedAt: input.kind === "webhook" ? new Date() : null, + createdByAgentId: actor.agentId ?? null, + createdByUserId: actor.userId ?? null, + updatedByAgentId: actor.agentId ?? null, + updatedByUserId: actor.userId ?? null, + }) + .returning(); + const latestRoutine = await txDb.select().from(routines).where(eq(routines.id, routine.id)).then((rows) => rows[0] ?? routine); + const appended = await appendRoutineRevision(txDb, latestRoutine, actor, { + changeSummary: `Created ${input.kind} trigger`, + }); + return { trigger: createdTrigger, revision: appended.revision }; + }); return { trigger: trigger as RoutineTrigger, secretMaterial, + revision, }; }, - updateTrigger: async (id: string, patch: UpdateRoutineTrigger, actor: Actor): Promise => { + updateTrigger: async ( + id: string, + patch: UpdateRoutineTrigger, + actor: Actor, + ): Promise<{ trigger: RoutineTrigger; revision: RoutineRevision } | null> => { const existing = await getTriggerById(id); if (!existing) return null; @@ -1389,37 +1770,63 @@ export function routineService( } } - const [updated] = await db - .update(routineTriggers) - .set({ - label: patch.label === undefined ? existing.label : patch.label, - enabled: patch.enabled ?? existing.enabled, - cronExpression, - timezone, - nextRunAt, - signingMode: patch.signingMode === undefined ? existing.signingMode : patch.signingMode, - replayWindowSec: patch.replayWindowSec === undefined ? existing.replayWindowSec : patch.replayWindowSec, - updatedByAgentId: actor.agentId ?? null, - updatedByUserId: actor.userId ?? null, - updatedAt: new Date(), - }) - .where(eq(routineTriggers.id, id)) - .returning(); - - return (updated as RoutineTrigger | undefined) ?? null; + return db.transaction(async (tx) => { + const txDb = tx as unknown as Db; + await tx.execute(sql`select id from ${routines} where ${routines.id} = ${existing.routineId} for update`); + const [updated] = await txDb + .update(routineTriggers) + .set({ + label: patch.label === undefined ? existing.label : patch.label, + enabled: patch.enabled ?? existing.enabled, + cronExpression, + timezone, + nextRunAt, + signingMode: patch.signingMode === undefined ? existing.signingMode : patch.signingMode, + replayWindowSec: patch.replayWindowSec === undefined ? existing.replayWindowSec : patch.replayWindowSec, + updatedByAgentId: actor.agentId ?? null, + updatedByUserId: actor.userId ?? null, + updatedAt: new Date(), + }) + .where(eq(routineTriggers.id, id)) + .returning(); + if (!updated) return null; + const routine = await txDb + .select() + .from(routines) + .where(eq(routines.id, existing.routineId)) + .then((rows) => rows[0] ?? null); + if (!routine) throw notFound("Routine not found"); + const appended = await appendRoutineRevision(txDb, routine, actor, { + changeSummary: `Updated ${existing.kind} trigger`, + }); + return { trigger: updated as RoutineTrigger, revision: appended.revision }; + }); }, - deleteTrigger: async (id: string): Promise => { + deleteTrigger: async (id: string, actor: Actor = {}): Promise<{ deleted: boolean; revision: RoutineRevision | null }> => { const existing = await getTriggerById(id); - if (!existing) return false; - await db.delete(routineTriggers).where(eq(routineTriggers.id, id)); - return true; + if (!existing) return { deleted: false, revision: null }; + return db.transaction(async (tx) => { + const txDb = tx as unknown as Db; + await tx.execute(sql`select id from ${routines} where ${routines.id} = ${existing.routineId} for update`); + await txDb.delete(routineTriggers).where(eq(routineTriggers.id, id)); + const routine = await txDb + .select() + .from(routines) + .where(eq(routines.id, existing.routineId)) + .then((rows) => rows[0] ?? null); + if (!routine) throw notFound("Routine not found"); + const appended = await appendRoutineRevision(txDb, routine, actor, { + changeSummary: `Deleted ${existing.kind} trigger`, + }); + return { deleted: true, revision: appended.revision }; + }); }, rotateTriggerSecret: async ( id: string, actor: Actor, - ): Promise<{ trigger: RoutineTrigger; secretMaterial: RoutineTriggerSecretMaterial }> => { + ): Promise<{ trigger: RoutineTrigger; secretMaterial: RoutineTriggerSecretMaterial; revision: RoutineRevision }> => { const existing = await getTriggerById(id); if (!existing) throw notFound("Routine trigger not found"); if (existing.kind !== "webhook" || !existing.publicId || !existing.secretId) { @@ -1428,26 +1835,214 @@ export function routineService( const secretValue = crypto.randomBytes(24).toString("hex"); await secretsSvc.rotate(existing.secretId, { value: secretValue }, actor); - const [updated] = await db - .update(routineTriggers) - .set({ - lastRotatedAt: new Date(), - updatedByAgentId: actor.agentId ?? null, - updatedByUserId: actor.userId ?? null, - updatedAt: new Date(), - }) - .where(eq(routineTriggers.id, id)) - .returning(); + const { trigger, revision } = await db.transaction(async (tx) => { + const txDb = tx as unknown as Db; + await tx.execute(sql`select id from ${routines} where ${routines.id} = ${existing.routineId} for update`); + const [updated] = await txDb + .update(routineTriggers) + .set({ + lastRotatedAt: new Date(), + updatedByAgentId: actor.agentId ?? null, + updatedByUserId: actor.userId ?? null, + updatedAt: new Date(), + }) + .where(eq(routineTriggers.id, id)) + .returning(); + const routine = await txDb + .select() + .from(routines) + .where(eq(routines.id, existing.routineId)) + .then((rows) => rows[0] ?? null); + if (!routine) throw notFound("Routine not found"); + const appended = await appendRoutineRevision(txDb, routine, actor, { + changeSummary: "Rotated webhook trigger secret", + }); + return { trigger: updated, revision: appended.revision }; + }); return { - trigger: updated as RoutineTrigger, + trigger: trigger as RoutineTrigger, secretMaterial: { webhookUrl: `${process.env.PAPERCLIP_API_URL}/api/routine-triggers/public/${existing.publicId}/fire`, webhookSecret: secretValue, }, + revision, }; }, + listRevisions: async (routineId: string): Promise => { + const routine = await getRoutineById(routineId); + if (!routine) throw notFound("Routine not found"); + const rows = await db + .select() + .from(routineRevisions) + .where(and(eq(routineRevisions.companyId, routine.companyId), eq(routineRevisions.routineId, routine.id))) + .orderBy(desc(routineRevisions.revisionNumber), desc(routineRevisions.createdAt)) + .limit(MAX_ROUTINE_REVISIONS); + return rows.map(mapRoutineRevision); + }, + + restoreRevision: async ( + routineId: string, + revisionId: string, + actor: Actor, + ): Promise<{ + routine: Routine; + revision: RoutineRevision; + restoredFromRevisionId: string; + restoredFromRevisionNumber: number; + secretMaterials: RoutineTriggerSecretRestoreMaterial[]; + }> => { + const existingRoutine = await getRoutineById(routineId); + if (!existingRoutine) throw notFound("Routine not found"); + const targetRevision = await db + .select() + .from(routineRevisions) + .where( + and( + eq(routineRevisions.companyId, existingRoutine.companyId), + eq(routineRevisions.routineId, existingRoutine.id), + eq(routineRevisions.id, revisionId), + ), + ) + .then((rows) => rows[0] ?? null); + if (!targetRevision) throw notFound("Routine revision not found"); + + const snapshot = targetRevision.snapshot as RoutineRevisionSnapshotV1; + const routineSnapshot = snapshot.routine; + await assertRestorableAssignee(existingRoutine.companyId, routineSnapshot.assigneeAgentId, actor); + + return db.transaction(async (tx) => { + const txDb = tx as unknown as Db; + await tx.execute(sql`select id from ${routines} where ${routines.id} = ${existingRoutine.id} for update`); + const locked = await txDb + .select() + .from(routines) + .where(eq(routines.id, existingRoutine.id)) + .then((rows) => rows[0] ?? null); + if (!locked) throw notFound("Routine not found"); + if (locked.latestRevisionId === targetRevision.id) { + throw conflict("Selected revision is already the latest revision", { + currentRevisionId: locked.latestRevisionId, + }); + } + + const currentTriggers = await txDb + .select({ id: routineTriggers.id }) + .from(routineTriggers) + .where(and(eq(routineTriggers.companyId, locked.companyId), eq(routineTriggers.routineId, locked.id))); + const currentTriggerIds = new Set(currentTriggers.map((trigger) => trigger.id)); + const missingWebhookTriggers = snapshot.triggers + .filter((trigger) => trigger.kind === "webhook" && !currentTriggerIds.has(trigger.id)); + const recreatedWebhookSecrets = new Map(); + for (const trigger of missingWebhookTriggers) { + const publicId = crypto.randomBytes(12).toString("hex"); + const created = await createWebhookSecret(locked.companyId, locked.id, actor, txDb); + recreatedWebhookSecrets.set(trigger.id, { + publicId, + secretId: created.secret.id, + secretMaterial: { + triggerId: trigger.id, + webhookUrl: `${process.env.PAPERCLIP_API_URL}/api/routine-triggers/public/${publicId}/fire`, + webhookSecret: created.secretValue, + }, + }); + } + + const now = new Date(); + const [restoredRoutine] = await txDb + .update(routines) + .set({ + projectId: routineSnapshot.projectId, + goalId: routineSnapshot.goalId, + parentIssueId: routineSnapshot.parentIssueId, + title: routineSnapshot.title, + description: routineSnapshot.description, + assigneeAgentId: routineSnapshot.assigneeAgentId, + priority: routineSnapshot.priority, + status: routineSnapshot.status, + concurrencyPolicy: routineSnapshot.concurrencyPolicy, + catchUpPolicy: routineSnapshot.catchUpPolicy, + variables: routineSnapshot.variables, + updatedByAgentId: actor.agentId ?? null, + updatedByUserId: actor.userId ?? null, + updatedAt: now, + }) + .where(eq(routines.id, locked.id)) + .returning(); + + const snapshotTriggerIds = new Set(snapshot.triggers.map((trigger) => trigger.id)); + if (snapshotTriggerIds.size === 0) { + await txDb + .delete(routineTriggers) + .where(and(eq(routineTriggers.companyId, locked.companyId), eq(routineTriggers.routineId, locked.id))); + } else { + await txDb + .delete(routineTriggers) + .where( + and( + eq(routineTriggers.companyId, locked.companyId), + eq(routineTriggers.routineId, locked.id), + not(inArray(routineTriggers.id, snapshot.triggers.map((trigger) => trigger.id))), + ), + ); + } + + for (const triggerSnapshot of snapshot.triggers) { + const current = await txDb + .select() + .from(routineTriggers) + .where(and(eq(routineTriggers.companyId, locked.companyId), eq(routineTriggers.id, triggerSnapshot.id))) + .then((rows) => rows[0] ?? null); + const webhookSecret = recreatedWebhookSecrets.get(triggerSnapshot.id); + const restoredNextRunAt = triggerSnapshot.kind === "schedule" && triggerSnapshot.enabled + && triggerSnapshot.cronExpression && triggerSnapshot.timezone + ? nextCronTickInTimeZone(triggerSnapshot.cronExpression, triggerSnapshot.timezone, now) + : null; + const baseValues = { + companyId: locked.companyId, + routineId: locked.id, + kind: triggerSnapshot.kind, + label: triggerSnapshot.label, + enabled: triggerSnapshot.enabled, + cronExpression: triggerSnapshot.kind === "schedule" ? triggerSnapshot.cronExpression : null, + timezone: triggerSnapshot.kind === "schedule" ? triggerSnapshot.timezone : null, + publicId: triggerSnapshot.kind === "webhook" ? (current?.publicId ?? webhookSecret?.publicId ?? triggerSnapshot.publicId) : null, + secretId: triggerSnapshot.kind === "webhook" ? (current?.secretId ?? webhookSecret?.secretId ?? null) : null, + signingMode: triggerSnapshot.kind === "webhook" ? triggerSnapshot.signingMode : null, + replayWindowSec: triggerSnapshot.kind === "webhook" ? triggerSnapshot.replayWindowSec : null, + nextRunAt: restoredNextRunAt, + updatedByAgentId: actor.agentId ?? null, + updatedByUserId: actor.userId ?? null, + updatedAt: now, + }; + if (current) { + await txDb.update(routineTriggers).set(baseValues).where(eq(routineTriggers.id, triggerSnapshot.id)); + } else { + await txDb.insert(routineTriggers).values({ + id: triggerSnapshot.id, + ...baseValues, + createdByAgentId: actor.agentId ?? null, + createdByUserId: actor.userId ?? null, + createdAt: now, + }); + } + } + + const appended = await appendRoutineRevision(txDb, restoredRoutine ?? locked, actor, { + changeSummary: `Restored from revision ${targetRevision.revisionNumber}`, + restoredFromRevisionId: targetRevision.id, + }); + return { + routine: appended.routine, + revision: appended.revision, + restoredFromRevisionId: targetRevision.id, + restoredFromRevisionNumber: targetRevision.revisionNumber, + secretMaterials: [...recreatedWebhookSecrets.values()].map((entry) => entry.secretMaterial), + }; + }); + }, + runRoutine: async (id: string, input: RunRoutine, actor?: Actor) => { const routine = await getRoutineById(id); if (!routine) throw notFound("Routine not found"); diff --git a/server/src/services/secrets.ts b/server/src/services/secrets.ts index 0b69b262..1f6629a3 100644 --- a/server/src/services/secrets.ts +++ b/server/src/services/secrets.ts @@ -1,21 +1,202 @@ -import { and, desc, eq, sql } from "drizzle-orm"; +import { and, desc, eq, inArray, like, ne, notInArray, sql } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; -import { companySecrets, companySecretVersions, companySkills } from "@paperclipai/db"; -import type { AgentEnvConfig, EnvBinding, SecretProvider } from "@paperclipai/shared"; -import { envBindingSchema } from "@paperclipai/shared"; -import { conflict, notFound, unprocessable } from "../errors.js"; -import { getSecretProvider, listSecretProviders } from "../secrets/provider-registry.js"; +import { + agents, + companySecretBindings, + companySecretProviderConfigs, + companySecrets, + companySecretVersions, + companySkills, + environments, + heartbeatRuns, + issues, + projects, + routines, + secretAccessEvents, +} from "@paperclipai/db"; +import type { + AgentEnvConfig, + CompanySecretBindingTarget, + EnvBinding, + RemoteSecretImportCandidate, + RemoteSecretImportConflict, + RemoteSecretImportRowResult, + SecretBindingTargetType, + SecretProvider, + SecretProviderConfigHealthResponse, + SecretProviderConfigHealthStatus, + SecretProviderConfigStatus, + SecretVersionSelector, +} from "@paperclipai/shared"; +import { + createSecretProviderConfigSchema, + deriveProjectUrlKey, + envBindingSchema, + isUuidLike, + normalizeAgentUrlKey, + secretProviderConfigPayloadSchema, + updateSecretProviderConfigSchema, +} from "@paperclipai/shared"; +import { conflict, HttpError, notFound, unprocessable } from "../errors.js"; +import { logger } from "../middleware/logger.js"; +import { + checkSecretProviders, + getSecretProvider, + listSecretProviders, +} from "../secrets/provider-registry.js"; +import type { + PreparedSecretVersion, + RemoteSecretListResult, + SecretProviderHealthCheck, + SecretProviderModule, + SecretProviderVaultRuntimeConfig, + SecretProviderWriteContext, +} from "../secrets/types.js"; +import { isSecretProviderClientError } from "../secrets/types.js"; import { agentService } from "./agents.js"; const ENV_KEY_RE = /^[A-Za-z_][A-Za-z0-9_]*$/; const SENSITIVE_ENV_KEY_RE = /(api[-_]?key|access[-_]?token|auth(?:_?token)?|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)/i; const REDACTED_SENTINEL = "***REDACTED***"; +const COMING_SOON_SECRET_PROVIDERS: ReadonlySet = new Set([ + "gcp_secret_manager", + "vault", +]); + +function remoteProviderHttpError(error: unknown, context: { + companyId: string; + provider: SecretProvider; + providerConfigId: string; + operation: string; +}): HttpError { + if (isSecretProviderClientError(error)) { + logger.warn( + { + err: error, + companyId: context.companyId, + provider: context.provider, + providerConfigId: context.providerConfigId, + operation: context.operation, + providerErrorCode: error.code, + }, + "remote secret provider request failed", + ); + return new HttpError(error.status, error.message, { code: error.code }); + } + if (error instanceof HttpError) return error; + logger.warn( + { + err: error, + companyId: context.companyId, + provider: context.provider, + providerConfigId: context.providerConfigId, + operation: context.operation, + providerErrorCode: "provider_error", + }, + "remote secret provider request failed", + ); + return new HttpError(502, "Remote secret provider request failed.", { code: "provider_error" }); +} + +function remoteImportRowFailureReason(error: unknown, fallback: string, context: { + companyId: string; + provider: SecretProvider; + providerConfigId: string; + operation: string; +}): string { + if (isSecretProviderClientError(error)) { + logger.warn( + { + err: error, + companyId: context.companyId, + provider: context.provider, + providerConfigId: context.providerConfigId, + operation: context.operation, + providerErrorCode: error.code, + }, + "remote secret import row provider failure", + ); + return error.message; + } + if (error instanceof HttpError && error.status < 500) return error.message; + logger.warn( + { + err: error, + companyId: context.companyId, + provider: context.provider, + providerConfigId: context.providerConfigId, + operation: context.operation, + providerErrorCode: "provider_error", + }, + "remote secret import row failed", + ); + return fallback; +} + +async function cleanupPreparedProviderWrite(input: { + provider: SecretProviderModule; + prepared: PreparedSecretVersion; + providerConfig: SecretProviderVaultRuntimeConfig | null; + context: SecretProviderWriteContext; + mode: "archive" | "delete"; + operation: string; +}): Promise { + try { + await input.provider.deleteOrArchive({ + material: input.prepared.material, + externalRef: input.prepared.externalRef, + providerConfig: input.providerConfig, + context: input.context, + mode: input.mode, + }); + return true; + } catch (cleanupError) { + logger.warn( + { + err: cleanupError, + companyId: input.context.companyId, + provider: input.provider.id, + providerConfigId: input.providerConfig?.id ?? null, + operation: input.operation, + }, + "remote secret provider cleanup failed after db write failure", + ); + return false; + } +} type CanonicalEnvBinding = | { type: "plain"; value: string } | { type: "secret_ref"; secretId: string; version: number | "latest" }; +type SecretConsumerContext = { + consumerType: SecretBindingTargetType; + consumerId: string; + configPath?: string | null; + actorType?: "agent" | "user" | "system" | "plugin"; + actorId?: string | null; + issueId?: string | null; + heartbeatRunId?: string | null; + pluginId?: string | null; +}; + +export type RuntimeSecretManifestEntry = { + configPath: string; + envKey: string | null; + secretId: string; + secretKey: string; + version: number; + provider: SecretProvider; + outcome: "success" | "failure"; + errorCode?: string | null; +}; + +type RuntimeSecretResolution = { + value: string; + manifestEntry: RuntimeSecretManifestEntry; +}; + function asRecord(value: unknown): Record | null { if (typeof value !== "object" || value === null || Array.isArray(value)) return null; return value as Record; @@ -25,6 +206,22 @@ function isSensitiveEnvKey(key: string) { return SENSITIVE_ENV_KEY_RE.test(key); } +function normalizeSecretKey(input: string) { + return input + .trim() + .toLowerCase() + .replace(/[^a-z0-9_.-]+/g, "-") + .replace(/^-+|-+$/g, "") + .slice(0, 120); +} + +function deriveSecretNameFromExternalRef(externalRef: string) { + const trimmed = externalRef.trim(); + const arnMatch = /^arn:[^:]+:secretsmanager:[^:]*:[^:]*:secret:(.+)$/i.exec(trimmed); + const name = arnMatch?.[1] ?? trimmed; + return name.split("/").filter(Boolean).at(-1) ?? name; +} + function canonicalizeBinding(binding: EnvBinding): CanonicalEnvBinding { if (typeof binding === "string") { return { type: "plain", value: binding }; @@ -39,6 +236,25 @@ function canonicalizeBinding(binding: EnvBinding): CanonicalEnvBinding { }; } +function defaultProviderConfigStatus(provider: SecretProvider): SecretProviderConfigStatus { + return COMING_SOON_SECRET_PROVIDERS.has(provider) ? "coming_soon" : "ready"; +} + +function assertSelectableProviderConfig(config: { + provider: string; + status: string; + companyId: string; +}, companyId: string, provider: SecretProvider) { + if (config.companyId !== companyId) throw unprocessable("Provider vault must belong to same company"); + if (config.provider !== provider) throw unprocessable("Provider vault must match the secret provider"); + if (config.status === "coming_soon") { + throw unprocessable("Provider vault is locked while coming soon"); + } + if (config.status === "disabled") { + throw unprocessable("Provider vault is disabled"); + } +} + export function secretService(db: Db) { type NormalizeEnvOptions = { strictMode?: boolean; @@ -103,7 +319,11 @@ export function secretService(db: Db) { return db .select() .from(companySecrets) - .where(and(eq(companySecrets.companyId, companyId), eq(companySecrets.name, name))) + .where(and( + eq(companySecrets.companyId, companyId), + eq(companySecrets.name, name), + ne(companySecrets.status, "deleted"), + )) .then((rows) => rows[0] ?? null); } @@ -120,27 +340,290 @@ export function secretService(db: Db) { .then((rows) => rows[0] ?? null); } + async function getBinding(input: { + companyId: string; + secretId: string; + consumerType: SecretBindingTargetType; + consumerId: string; + configPath: string; + }) { + return db + .select() + .from(companySecretBindings) + .where( + and( + eq(companySecretBindings.companyId, input.companyId), + eq(companySecretBindings.secretId, input.secretId), + eq(companySecretBindings.targetType, input.consumerType), + eq(companySecretBindings.targetId, input.consumerId), + eq(companySecretBindings.configPath, input.configPath), + ), + ) + .then((rows) => rows[0] ?? null); + } + + async function assertBindingContext( + companyId: string, + secretId: string, + context: SecretConsumerContext | undefined, + ) { + if (!context) return; + if (!context.configPath) { + throw unprocessable("Secret resolution requires a binding config path"); + } + const binding = await getBinding({ + companyId, + secretId, + consumerType: context.consumerType, + consumerId: context.consumerId, + configPath: context.configPath, + }); + if (!binding) { + throw unprocessable( + `Secret is not bound to ${context.consumerType}:${context.consumerId} at ${context.configPath}`, + ); + } + } + + async function recordAccessEvent(input: { + companyId: string; + secretId: string; + version: number | null; + provider: SecretProvider; + context: SecretConsumerContext | undefined; + outcome: "success" | "failure"; + errorCode?: string | null; + }) { + if (!input.context) return; + await db.insert(secretAccessEvents).values({ + companyId: input.companyId, + secretId: input.secretId, + version: input.version, + provider: input.provider, + actorType: input.context.actorType ?? "system", + actorId: input.context.actorId ?? null, + consumerType: input.context.consumerType, + consumerId: input.context.consumerId, + configPath: input.context.configPath ?? null, + issueId: input.context.issueId ?? null, + heartbeatRunId: input.context.heartbeatRunId ?? null, + pluginId: input.context.pluginId ?? null, + outcome: input.outcome, + errorCode: input.errorCode ?? null, + }); + } + async function assertSecretInCompany(companyId: string, secretId: string) { const secret = await getById(secretId); if (!secret) throw notFound("Secret not found"); + if (secret.status === "deleted") throw notFound("Secret not found"); if (secret.companyId !== companyId) throw unprocessable("Secret must belong to same company"); return secret; } + async function getProviderConfigById(id: string) { + return db + .select() + .from(companySecretProviderConfigs) + .where(eq(companySecretProviderConfigs.id, id)) + .then((rows) => rows[0] ?? null); + } + + async function assertProviderConfigForSecret( + companyId: string, + provider: SecretProvider, + providerConfigId: string | null | undefined, + ) { + if (!providerConfigId) return null; + const providerConfig = await getProviderConfigById(providerConfigId); + if (!providerConfig) throw notFound("Provider vault not found"); + assertSelectableProviderConfig(providerConfig, companyId, provider); + return providerConfig; + } + + function toProviderVaultRuntimeConfig( + providerConfig: Awaited> | null, + ): SecretProviderVaultRuntimeConfig | null { + if (!providerConfig) return null; + return { + id: providerConfig.id, + provider: providerConfig.provider as SecretProvider, + status: providerConfig.status, + config: providerConfig.config ?? {}, + }; + } + + async function getSelectableRuntimeProviderConfig(input: { + companyId: string; + provider: SecretProvider; + providerConfigId: string | null | undefined; + }) { + const providerConfig = await assertProviderConfigForSecret( + input.companyId, + input.provider, + input.providerConfigId, + ); + return toProviderVaultRuntimeConfig(providerConfig); + } + + function validateProviderConfigPayload( + provider: SecretProvider, + config: Record, + ): Record { + const parsed = secretProviderConfigPayloadSchema.safeParse({ provider, config }); + if (!parsed.success) { + throw unprocessable("Invalid provider vault config", parsed.error.flatten()); + } + return parsed.data.config; + } + + function providerConfigHealth(input: { + id: string; + provider: SecretProvider; + status: SecretProviderConfigStatus; + config: Record; + }): Omit | null { + if (input.status === "disabled") { + return { + configId: input.id, + provider: input.provider, + status: "disabled", + message: "Provider vault is disabled.", + details: { code: "disabled", message: "Provider vault is disabled." }, + }; + } + if (input.status === "coming_soon" || COMING_SOON_SECRET_PROVIDERS.has(input.provider)) { + return { + configId: input.id, + provider: input.provider, + status: "coming_soon", + message: "Provider vault runtime is locked while coming soon.", + details: { + code: "runtime_locked", + message: "Provider vault runtime is locked while coming soon.", + guidance: ["Draft metadata may be saved, but create, rotate, and resolve stay unavailable."], + }, + }; + } + return null; + } + + function mapProviderModuleHealth(input: { + configId: string; + provider: SecretProvider; + providerStatus: SecretProviderConfigStatus; + health: SecretProviderHealthCheck; + }): Omit { + const status: SecretProviderConfigHealthStatus = + input.health.status === "ok" + ? input.providerStatus === "warning" ? "warning" : "ready" + : input.health.status === "error" + ? "error" + : "warning"; + const guidance = [ + ...(input.health.warnings ?? []), + ...(input.health.backupGuidance ?? []), + ]; + return { + configId: input.configId, + provider: input.provider, + status, + message: input.health.message, + details: { + code: input.health.status === "ok" ? "provider_ready" : "provider_needs_attention", + message: input.health.message, + guidance: guidance.length > 0 ? guidance : undefined, + }, + }; + } + + async function resolveSecretValueInternal( + companyId: string, + secretId: string, + version: number | "latest", + context?: SecretConsumerContext, + ): Promise { + const secret = await assertSecretInCompany(companyId, secretId); + const resolvedVersion = version === "latest" ? secret.latestVersion : version; + const providerId = secret.provider as SecretProvider; + const configPath = context?.configPath ?? null; + try { + if (secret.status !== "active") { + throw unprocessable("Secret is not active"); + } + await assertBindingContext(companyId, secret.id, context); + const versionRow = await getSecretVersion(secret.id, resolvedVersion); + if (!versionRow) throw notFound("Secret version not found"); + if (versionRow.status === "disabled" || versionRow.status === "destroyed" || versionRow.revokedAt) { + throw unprocessable("Secret version is not active"); + } + const provider = getSecretProvider(providerId); + const providerConfig = await getSelectableRuntimeProviderConfig({ + companyId, + provider: providerId, + providerConfigId: secret.providerConfigId, + }); + const value = await provider.resolveVersion({ + material: versionRow.material as Record, + externalRef: secret.externalRef, + providerVersionRef: versionRow.providerVersionRef, + providerConfig, + context: { + companyId, + secretId: secret.id, + secretKey: secret.key, + version: resolvedVersion, + }, + }); + await Promise.all([ + db + .update(companySecrets) + .set({ lastResolvedAt: new Date(), updatedAt: new Date() }) + .where(eq(companySecrets.id, secret.id)) + .catch(() => undefined), + recordAccessEvent({ + companyId, + secretId: secret.id, + version: resolvedVersion, + provider: providerId, + context, + outcome: "success", + }).catch(() => undefined), + ]); + return { + value, + manifestEntry: { + configPath: configPath ?? "", + envKey: configPath?.startsWith("env.") ? configPath.slice("env.".length) : null, + secretId: secret.id, + secretKey: secret.key, + version: resolvedVersion, + provider: providerId, + outcome: "success", + }, + }; + } catch (err) { + const errorCode = err instanceof Error ? err.message.slice(0, 120) : "resolution_failed"; + await recordAccessEvent({ + companyId, + secretId: secret.id, + version: resolvedVersion, + provider: providerId, + context, + outcome: "failure", + errorCode, + }).catch(() => undefined); + throw err; + } + } + async function resolveSecretValue( companyId: string, secretId: string, version: number | "latest", + context?: SecretConsumerContext, ): Promise { - const secret = await assertSecretInCompany(companyId, secretId); - const resolvedVersion = version === "latest" ? secret.latestVersion : version; - const versionRow = await getSecretVersion(secret.id, resolvedVersion); - if (!versionRow) throw notFound("Secret version not found"); - const provider = getSecretProvider(secret.provider as SecretProvider); - return provider.resolveVersion({ - material: versionRow.material as Record, - externalRef: secret.externalRef, - }); + return (await resolveSecretValueInternal(companyId, secretId, version, context)).value; } async function normalizeEnvConfig( @@ -199,15 +682,817 @@ export function secretService(db: Db) { return normalized; } + function collectTargetIds( + bindings: Array, + targetType: SecretBindingTargetType, + opts?: { uuidOnly?: boolean }, + ) { + return [ + ...new Set( + bindings + .filter((binding) => binding.targetType === targetType) + .map((binding) => binding.targetId) + .filter((id) => !opts?.uuidOnly || isUuidLike(id)), + ), + ]; + } + + function fallbackBindingTarget(binding: typeof companySecretBindings.$inferSelect): CompanySecretBindingTarget { + return { + type: binding.targetType as SecretBindingTargetType, + id: binding.targetId, + label: binding.targetId, + href: null, + status: null, + }; + } + + async function buildBindingTargetMap( + companyId: string, + bindings: Array, + ) { + const targetMap = new Map(); + const setTarget = (target: CompanySecretBindingTarget) => { + targetMap.set(`${target.type}:${target.id}`, target); + }; + + const agentIds = collectTargetIds(bindings, "agent", { uuidOnly: true }); + if (agentIds.length > 0) { + const rows = await db + .select({ + id: agents.id, + name: agents.name, + title: agents.title, + status: agents.status, + }) + .from(agents) + .where(and(eq(agents.companyId, companyId), inArray(agents.id, agentIds))); + for (const row of rows) { + setTarget({ + type: "agent", + id: row.id, + label: row.title ? `${row.name} (${row.title})` : row.name, + href: `/agents/${normalizeAgentUrlKey(row.name) ?? row.id}`, + status: row.status, + }); + } + } + + const projectIds = collectTargetIds(bindings, "project", { uuidOnly: true }); + if (projectIds.length > 0) { + const rows = await db + .select({ + id: projects.id, + name: projects.name, + status: projects.status, + }) + .from(projects) + .where(and(eq(projects.companyId, companyId), inArray(projects.id, projectIds))); + for (const row of rows) { + setTarget({ + type: "project", + id: row.id, + label: row.name, + href: `/projects/${deriveProjectUrlKey(row.name, row.id)}`, + status: row.status, + }); + } + } + + const environmentIds = collectTargetIds(bindings, "environment", { uuidOnly: true }); + if (environmentIds.length > 0) { + const rows = await db + .select({ + id: environments.id, + name: environments.name, + status: environments.status, + }) + .from(environments) + .where(and(eq(environments.companyId, companyId), inArray(environments.id, environmentIds))); + for (const row of rows) { + setTarget({ + type: "environment", + id: row.id, + label: row.name, + href: "/company/settings/environments", + status: row.status, + }); + } + } + + const routineIds = collectTargetIds(bindings, "routine", { uuidOnly: true }); + if (routineIds.length > 0) { + const rows = await db + .select({ + id: routines.id, + title: routines.title, + status: routines.status, + }) + .from(routines) + .where(and(eq(routines.companyId, companyId), inArray(routines.id, routineIds))); + for (const row of rows) { + setTarget({ + type: "routine", + id: row.id, + label: row.title, + href: `/routines/${row.id}`, + status: row.status, + }); + } + } + + const issueIds = collectTargetIds(bindings, "issue", { uuidOnly: true }); + if (issueIds.length > 0) { + const rows = await db + .select({ + id: issues.id, + identifier: issues.identifier, + title: issues.title, + status: issues.status, + }) + .from(issues) + .where(and(eq(issues.companyId, companyId), inArray(issues.id, issueIds))); + for (const row of rows) { + setTarget({ + type: "issue", + id: row.id, + label: row.identifier ? `${row.identifier} ${row.title}` : row.title, + href: `/issues/${row.identifier ?? row.id}`, + status: row.status, + }); + } + } + + const runIds = collectTargetIds(bindings, "run", { uuidOnly: true }); + if (runIds.length > 0) { + const rows = await db + .select({ + id: heartbeatRuns.id, + agentId: heartbeatRuns.agentId, + status: heartbeatRuns.status, + }) + .from(heartbeatRuns) + .where(and(eq(heartbeatRuns.companyId, companyId), inArray(heartbeatRuns.id, runIds))); + for (const row of rows) { + setTarget({ + type: "run", + id: row.id, + label: `Run ${row.id.slice(0, 8)}`, + href: `/agents/${row.agentId}/runs/${row.id}`, + status: row.status, + }); + } + } + + return targetMap; + } + + async function buildRemoteImportConflictMaps(companyId: string, provider: SecretProvider) { + const activeSecrets = await db + .select({ + id: companySecrets.id, + name: companySecrets.name, + key: companySecrets.key, + provider: companySecrets.provider, + providerConfigId: companySecrets.providerConfigId, + externalRef: companySecrets.externalRef, + status: companySecrets.status, + }) + .from(companySecrets) + .where(and(eq(companySecrets.companyId, companyId), ne(companySecrets.status, "deleted"))); + return { + byProviderConfigExternalRef: new Map( + activeSecrets + .filter((secret) => + secret.provider === provider && + typeof secret.externalRef === "string" && + secret.externalRef.trim() + ) + .map((secret) => [ + remoteImportExternalRefKey(secret.providerConfigId, secret.externalRef!), + secret, + ]), + ), + byName: new Map(activeSecrets.map((secret) => [secret.name, secret])), + byKey: new Map(activeSecrets.map((secret) => [secret.key, secret])), + }; + } + + function remoteImportExternalRefKey(providerConfigId: string | null | undefined, externalRef: string) { + return `${providerConfigId ?? "default"}\0${externalRef.trim()}`; + } + + function sanitizeRemoteProviderMetadata( + provider: SecretProvider, + metadata: Record | null | undefined, + ): Record | null { + if (!metadata || provider !== "aws_secrets_manager") return null; + const safe: Record = {}; + for (const key of ["createdDate", "lastAccessedDate", "lastChangedDate", "deletedDate"]) { + const value = metadata[key]; + if (typeof value === "string" || value === null) safe[key] = value; + } + for (const key of ["hasDescription", "hasKmsKey", "tagCount"]) { + const value = metadata[key]; + if (typeof value === "boolean" || typeof value === "number") safe[key] = value; + } + return Object.keys(safe).length > 0 ? safe : null; + } + + function remoteImportConflictsFor(input: { + providerConfigId: string | null; + externalRef: string; + name: string; + key: string; + maps: Awaited>; + }): RemoteSecretImportConflict[] { + const conflicts: RemoteSecretImportConflict[] = []; + const duplicate = input.maps.byProviderConfigExternalRef.get( + remoteImportExternalRefKey(input.providerConfigId, input.externalRef), + ); + if (duplicate) { + conflicts.push({ + type: "exact_reference", + existingSecretId: duplicate.id, + message: "An existing secret already links this exact provider reference.", + }); + return conflicts; + } + const nameConflict = input.maps.byName.get(input.name); + if (nameConflict) { + conflicts.push({ + type: "name", + existingSecretId: nameConflict.id, + message: `Secret name already exists: ${input.name}`, + }); + } + const keyConflict = input.maps.byKey.get(input.key); + if (keyConflict) { + conflicts.push({ + type: "key", + existingSecretId: keyConflict.id, + message: `Secret key already exists: ${input.key}`, + }); + } + return conflicts; + } + + async function getRemoteImportProviderConfig(companyId: string, providerConfigId: string) { + const providerConfig = await getProviderConfigById(providerConfigId); + if (!providerConfig) throw notFound("Provider vault not found"); + const provider = providerConfig.provider as SecretProvider; + assertSelectableProviderConfig(providerConfig, companyId, provider); + return { providerConfig, provider, runtimeConfig: toProviderVaultRuntimeConfig(providerConfig) }; + } + return { listProviders: () => listSecretProviders(), - list: (companyId: string) => + checkProviders: () => checkSecretProviders(), + + listProviderConfigs: (companyId: string) => db .select() - .from(companySecrets) - .where(eq(companySecrets.companyId, companyId)) - .orderBy(desc(companySecrets.createdAt)), + .from(companySecretProviderConfigs) + .where(eq(companySecretProviderConfigs.companyId, companyId)) + .orderBy(desc(companySecretProviderConfigs.createdAt)), + + getProviderConfigById, + + createProviderConfig: async ( + companyId: string, + input: { + provider: SecretProvider; + displayName: string; + status?: SecretProviderConfigStatus; + isDefault?: boolean; + config?: Record; + }, + actor?: { userId?: string | null; agentId?: string | null }, + ) => { + const parsed = createSecretProviderConfigSchema.safeParse(input); + if (!parsed.success) throw unprocessable("Invalid provider vault config", parsed.error.flatten()); + const status = input.status ?? defaultProviderConfigStatus(input.provider); + if ((status === "coming_soon" || status === "disabled") && input.isDefault) { + throw unprocessable("Only ready or warning provider vaults can be default"); + } + const normalizedConfig = validateProviderConfigPayload(input.provider, input.config ?? {}); + return db.transaction(async (tx) => { + if (input.isDefault) { + await tx + .update(companySecretProviderConfigs) + .set({ isDefault: false, updatedAt: new Date() }) + .where(and( + eq(companySecretProviderConfigs.companyId, companyId), + eq(companySecretProviderConfigs.provider, input.provider), + )); + } + return tx + .insert(companySecretProviderConfigs) + .values({ + companyId, + provider: input.provider, + displayName: input.displayName.trim(), + status, + isDefault: input.isDefault ?? false, + config: normalizedConfig, + disabledAt: status === "disabled" ? new Date() : null, + createdByAgentId: actor?.agentId ?? null, + createdByUserId: actor?.userId ?? null, + }) + .returning() + .then((rows) => rows[0]); + }); + }, + + updateProviderConfig: async ( + id: string, + patch: { + displayName?: string; + status?: SecretProviderConfigStatus; + isDefault?: boolean; + config?: Record; + }, + ) => { + const existing = await getProviderConfigById(id); + if (!existing) return null; + const parsed = updateSecretProviderConfigSchema.safeParse(patch); + if (!parsed.success) throw unprocessable("Invalid provider vault config", parsed.error.flatten()); + const provider = existing.provider as SecretProvider; + const status = patch.status ?? (existing.status as SecretProviderConfigStatus); + if (COMING_SOON_SECRET_PROVIDERS.has(provider) && status !== "coming_soon" && status !== "disabled") { + throw unprocessable(`${provider} provider vaults are locked while coming soon`); + } + if ((status === "coming_soon" || status === "disabled") && patch.isDefault) { + throw unprocessable("Only ready or warning provider vaults can be default"); + } + const normalizedConfig = + patch.config === undefined + ? existing.config + : validateProviderConfigPayload(provider, patch.config); + return db.transaction(async (tx) => { + if (patch.isDefault) { + await tx + .update(companySecretProviderConfigs) + .set({ isDefault: false, updatedAt: new Date() }) + .where(and( + eq(companySecretProviderConfigs.companyId, existing.companyId), + eq(companySecretProviderConfigs.provider, existing.provider), + )); + } + return tx + .update(companySecretProviderConfigs) + .set({ + displayName: patch.displayName?.trim() ?? existing.displayName, + status, + isDefault: status === "disabled" || status === "coming_soon" ? false : patch.isDefault ?? existing.isDefault, + config: normalizedConfig, + disabledAt: status === "disabled" ? existing.disabledAt ?? new Date() : null, + updatedAt: new Date(), + }) + .where(eq(companySecretProviderConfigs.id, id)) + .returning() + .then((rows) => rows[0] ?? null); + }); + }, + + disableProviderConfig: async (id: string) => { + const existing = await getProviderConfigById(id); + if (!existing) return null; + return db + .update(companySecretProviderConfigs) + .set({ + status: "disabled", + isDefault: false, + disabledAt: existing.disabledAt ?? new Date(), + updatedAt: new Date(), + }) + .where(eq(companySecretProviderConfigs.id, id)) + .returning() + .then((rows) => rows[0] ?? null); + }, + + setDefaultProviderConfig: async (id: string) => { + const existing = await getProviderConfigById(id); + if (!existing) return null; + if (existing.status === "coming_soon" || existing.status === "disabled") { + throw unprocessable("Only ready or warning provider vaults can be default"); + } + return db.transaction(async (tx) => { + const current = await tx + .select() + .from(companySecretProviderConfigs) + .where(eq(companySecretProviderConfigs.id, id)) + .then((rows) => rows[0] ?? null); + if (!current) return null; + if (current.status === "coming_soon" || current.status === "disabled") { + throw unprocessable("Only ready or warning provider vaults can be default"); + } + await tx + .update(companySecretProviderConfigs) + .set({ isDefault: false, updatedAt: new Date() }) + .where(and( + eq(companySecretProviderConfigs.companyId, current.companyId), + eq(companySecretProviderConfigs.provider, current.provider), + )); + const updated = await tx + .update(companySecretProviderConfigs) + .set({ isDefault: true, updatedAt: new Date() }) + .where(and( + eq(companySecretProviderConfigs.id, id), + notInArray(companySecretProviderConfigs.status, ["coming_soon", "disabled"]), + )) + .returning() + .then((rows) => rows[0] ?? null); + if (!updated) throw unprocessable("Only ready or warning provider vaults can be default"); + return updated; + }); + }, + + checkProviderConfigHealth: async (id: string) => { + const existing = await getProviderConfigById(id); + if (!existing) return null; + const checkedAt = new Date(); + const staticHealth = providerConfigHealth({ + id: existing.id, + provider: existing.provider as SecretProvider, + status: existing.status as SecretProviderConfigStatus, + config: existing.config ?? {}, + }); + const provider = getSecretProvider(existing.provider as SecretProvider); + const health = staticHealth ?? mapProviderModuleHealth({ + configId: existing.id, + provider: existing.provider as SecretProvider, + providerStatus: existing.status as SecretProviderConfigStatus, + health: await provider.healthCheck({ + providerConfig: toProviderVaultRuntimeConfig(existing), + }), + }); + await db + .update(companySecretProviderConfigs) + .set({ + healthStatus: health.status, + healthCheckedAt: checkedAt, + healthMessage: health.message, + healthDetails: health.details as unknown as Record, + updatedAt: new Date(), + }) + .where(eq(companySecretProviderConfigs.id, id)); + return { ...health, checkedAt }; + }, + + list: async (companyId: string) => { + const [secrets, referenceCounts] = await Promise.all([ + db + .select() + .from(companySecrets) + .where(and(eq(companySecrets.companyId, companyId), ne(companySecrets.status, "deleted"))) + .orderBy(desc(companySecrets.createdAt)), + db + .select({ + secretId: companySecretBindings.secretId, + count: sql`count(*)::int`, + }) + .from(companySecretBindings) + .where(eq(companySecretBindings.companyId, companyId)) + .groupBy(companySecretBindings.secretId), + ]); + const countsBySecretId = new Map(referenceCounts.map((row) => [row.secretId, row.count])); + return secrets.map((secret) => ({ + ...secret, + referenceCount: countsBySecretId.get(secret.id) ?? 0, + })); + }, + + listBindings: (companyId: string, secretId?: string) => + db + .select() + .from(companySecretBindings) + .where( + secretId + ? and(eq(companySecretBindings.companyId, companyId), eq(companySecretBindings.secretId, secretId)) + : eq(companySecretBindings.companyId, companyId), + ) + .orderBy(desc(companySecretBindings.createdAt)), + + listBindingReferences: async (companyId: string, secretId: string) => { + const bindings = await db + .select() + .from(companySecretBindings) + .where(and(eq(companySecretBindings.companyId, companyId), eq(companySecretBindings.secretId, secretId))) + .orderBy(desc(companySecretBindings.createdAt)); + const targetMap = await buildBindingTargetMap(companyId, bindings); + return bindings.map((binding) => ({ + ...binding, + target: + targetMap.get(`${binding.targetType}:${binding.targetId}`) ?? + fallbackBindingTarget(binding), + })); + }, + + listAccessEvents: (companyId: string, secretId: string) => + db + .select() + .from(secretAccessEvents) + .where(and(eq(secretAccessEvents.companyId, companyId), eq(secretAccessEvents.secretId, secretId))) + .orderBy(desc(secretAccessEvents.createdAt)), + + previewRemoteImport: async ( + companyId: string, + input: { + providerConfigId: string; + query?: string | null; + nextToken?: string | null; + pageSize?: number; + }, + ) => { + const { providerConfig, provider: providerId, runtimeConfig } = await getRemoteImportProviderConfig( + companyId, + input.providerConfigId, + ); + const provider = getSecretProvider(providerId); + if (!provider.listRemoteSecrets) { + throw unprocessable(`${providerId} provider does not support remote import listing`); + } + let listed: RemoteSecretListResult; + try { + listed = await provider.listRemoteSecrets({ + providerConfig: runtimeConfig, + query: input.query, + nextToken: input.nextToken, + pageSize: input.pageSize, + }); + } catch (error) { + throw remoteProviderHttpError(error, { + companyId, + provider: providerId, + providerConfigId: providerConfig.id, + operation: "remote_import.preview", + }); + } + const maps = await buildRemoteImportConflictMaps(companyId, providerId); + const candidates: RemoteSecretImportCandidate[] = []; + for (const remote of listed.secrets) { + const externalRef = remote.externalRef.trim(); + const remoteName = remote.name.trim() || deriveSecretNameFromExternalRef(externalRef); + const name = remoteName || deriveSecretNameFromExternalRef(externalRef); + const key = normalizeSecretKey(name); + let canonicalExternalRef = externalRef; + const conflicts: RemoteSecretImportConflict[] = []; + try { + const prepared = await provider.linkExternalSecret({ + externalRef, + providerVersionRef: remote.providerVersionRef ?? null, + providerConfig: runtimeConfig, + context: { + companyId, + secretKey: key || "remote-import-preview", + secretName: name, + version: 1, + }, + }); + canonicalExternalRef = prepared.externalRef ?? externalRef; + } catch (error) { + conflicts.push({ + type: "provider_guardrail", + message: remoteImportRowFailureReason(error, "Provider rejected this external reference", { + companyId, + provider: providerId, + providerConfigId: providerConfig.id, + operation: "remote_import.preview.link_external_reference", + }), + }); + } + conflicts.push(...remoteImportConflictsFor({ + providerConfigId: providerConfig.id, + externalRef: canonicalExternalRef, + name, + key, + maps, + })); + const hasDuplicate = conflicts.some((conflict) => conflict.type === "exact_reference"); + const hasConflict = conflicts.length > 0; + candidates.push({ + externalRef, + remoteName, + name, + key, + providerVersionRef: remote.providerVersionRef ?? null, + providerMetadata: sanitizeRemoteProviderMetadata(providerId, remote.metadata), + status: hasDuplicate ? "duplicate" : hasConflict ? "conflict" : "ready", + importable: !hasConflict, + conflicts, + }); + } + return { + providerConfigId: providerConfig.id, + provider: providerId, + nextToken: listed.nextToken ?? null, + candidates, + }; + }, + + importRemoteSecrets: async ( + companyId: string, + input: { + providerConfigId: string; + secrets: Array<{ + externalRef: string; + name?: string | null; + key?: string | null; + description?: string | null; + providerVersionRef?: string | null; + providerMetadata?: Record | null; + }>; + }, + actor?: { userId?: string | null; agentId?: string | null }, + ) => { + const { providerConfig, provider: providerId, runtimeConfig } = await getRemoteImportProviderConfig( + companyId, + input.providerConfigId, + ); + const provider = getSecretProvider(providerId); + if (provider.descriptor().supportsExternalReferences === false) { + throw unprocessable(`${providerId} provider does not support linked external references`); + } + const maps = await buildRemoteImportConflictMaps(companyId, providerId); + const results: RemoteSecretImportRowResult[] = []; + + for (const selection of input.secrets) { + const externalRef = selection.externalRef.trim(); + const name = selection.name?.trim() || deriveSecretNameFromExternalRef(externalRef); + const key = normalizeSecretKey(selection.key?.trim() || name); + const description = selection.description?.trim() || null; + let prepared: PreparedSecretVersion | undefined; + const conflicts = remoteImportConflictsFor({ + providerConfigId: providerConfig.id, + externalRef, + name, + key, + maps, + }); + if (!key) { + results.push({ + externalRef, + name, + key, + status: "error", + reason: "Secret key is required", + secretId: null, + conflicts, + }); + continue; + } + if (conflicts.length === 0) { + try { + prepared = await provider.linkExternalSecret({ + externalRef, + providerVersionRef: selection.providerVersionRef ?? null, + providerConfig: runtimeConfig, + context: { + companyId, + secretKey: key, + secretName: name, + version: 1, + }, + }); + const canonicalDuplicate = maps.byProviderConfigExternalRef.get( + remoteImportExternalRefKey(providerConfig.id, prepared.externalRef ?? externalRef), + ); + if (canonicalDuplicate) { + conflicts.push({ + type: "exact_reference", + existingSecretId: canonicalDuplicate.id, + message: "An existing secret already links this exact provider reference.", + }); + } + } catch (error) { + results.push({ + externalRef, + name, + key, + status: "error", + reason: remoteImportRowFailureReason(error, "Provider rejected this external reference", { + companyId, + provider: providerId, + providerConfigId: providerConfig.id, + operation: "remote_import.prepare_external_reference", + }), + secretId: null, + conflicts: [], + }); + continue; + } + } + if (conflicts.length > 0) { + results.push({ + externalRef, + name, + key, + status: "skipped", + reason: conflicts.some((conflict) => conflict.type === "exact_reference") + ? "exact_reference_duplicate" + : "name_or_key_conflict", + secretId: null, + conflicts, + }); + continue; + } + + try { + if (!prepared) { + prepared = await provider.linkExternalSecret({ + externalRef, + providerVersionRef: selection.providerVersionRef ?? null, + providerConfig: runtimeConfig, + context: { + companyId, + secretKey: key, + secretName: name, + version: 1, + }, + }); + } + if (!prepared) { + throw unprocessable("Provider rejected this external reference"); + } + const preparedSecret = prepared; + const secret = await db.transaction(async (tx) => { + const inserted = await tx + .insert(companySecrets) + .values({ + companyId, + key, + name, + provider: providerId, + providerConfigId: providerConfig.id, + status: "active", + managedMode: "external_reference", + externalRef: preparedSecret.externalRef, + providerMetadata: null, + latestVersion: 1, + description, + lastRotatedAt: new Date(), + createdByAgentId: actor?.agentId ?? null, + createdByUserId: actor?.userId ?? null, + }) + .returning() + .then((rows) => rows[0]); + await tx.insert(companySecretVersions).values({ + secretId: inserted.id, + version: 1, + material: preparedSecret.material, + valueSha256: preparedSecret.valueSha256, + fingerprintSha256: preparedSecret.fingerprintSha256 ?? preparedSecret.valueSha256, + providerVersionRef: preparedSecret.providerVersionRef ?? null, + status: "current", + createdByAgentId: actor?.agentId ?? null, + createdByUserId: actor?.userId ?? null, + }); + return inserted; + }); + maps.byProviderConfigExternalRef.set( + remoteImportExternalRefKey(providerConfig.id, preparedSecret.externalRef ?? externalRef), + secret, + ); + maps.byName.set(name, secret); + maps.byKey.set(key, secret); + results.push({ + externalRef, + name, + key, + status: "imported", + reason: null, + secretId: secret.id, + conflicts: [], + }); + } catch (error) { + results.push({ + externalRef, + name, + key, + status: "error", + reason: remoteImportRowFailureReason(error, "Import failed", { + companyId, + provider: providerId, + providerConfigId: providerConfig.id, + operation: "remote_import.commit", + }), + secretId: null, + conflicts: [], + }); + } + } + + return { + providerConfigId: providerConfig.id, + provider: providerId, + importedCount: results.filter((result) => result.status === "imported").length, + skippedCount: results.filter((result) => result.status === "skipped").length, + errorCount: results.filter((result) => result.status === "error").length, + results, + }; + }, getById, getByName, @@ -218,96 +1503,331 @@ export function secretService(db: Db) { input: { name: string; provider: SecretProvider; - value: string; + providerConfigId?: string | null; + value?: string | null; + key?: string | null; + managedMode?: "paperclip_managed" | "external_reference"; description?: string | null; externalRef?: string | null; + providerVersionRef?: string | null; + providerMetadata?: Record | null; }, actor?: { userId?: string | null; agentId?: string | null }, ) => { const existing = await getByName(companyId, input.name); if (existing) throw conflict(`Secret already exists: ${input.name}`); + const key = normalizeSecretKey(input.key ?? input.name); + if (!key) throw unprocessable("Secret key is required"); + const duplicateKey = await db + .select() + .from(companySecrets) + .where(and( + eq(companySecrets.companyId, companyId), + eq(companySecrets.key, key), + ne(companySecrets.status, "deleted"), + )) + .then((rows) => rows[0] ?? null); + if (duplicateKey) throw conflict(`Secret key already exists: ${key}`); + const managedMode = input.managedMode ?? "paperclip_managed"; const provider = getSecretProvider(input.provider); - const prepared = await provider.createVersion({ - value: input.value, - externalRef: input.externalRef ?? null, + const providerConfig = await getSelectableRuntimeProviderConfig({ + companyId, + provider: input.provider, + providerConfigId: input.providerConfigId, }); + if (managedMode === "external_reference" && !input.externalRef?.trim()) { + throw unprocessable("External reference secrets require externalRef"); + } + if (managedMode === "paperclip_managed" && input.externalRef?.trim()) { + throw unprocessable("Managed secrets cannot override externalRef"); + } + if (managedMode === "paperclip_managed" && !input.value?.trim()) { + throw unprocessable("Managed secrets require value"); + } + const providerWriteContext = { + companyId, + secretKey: key, + secretName: input.name, + version: 1, + }; + const reservedSecret = await db + .insert(companySecrets) + .values({ + companyId, + key, + name: input.name, + provider: input.provider, + providerConfigId: input.providerConfigId ?? null, + status: "archived", + managedMode, + externalRef: null, + providerMetadata: input.providerMetadata ?? null, + latestVersion: 0, + description: input.description ?? null, + createdByAgentId: actor?.agentId ?? null, + createdByUserId: actor?.userId ?? null, + }) + .returning() + .then((rows) => rows[0]); - return db.transaction(async (tx) => { - const secret = await tx - .insert(companySecrets) - .values({ - companyId, - name: input.name, - provider: input.provider, + let prepared: PreparedSecretVersion; + try { + prepared = + managedMode === "external_reference" + ? await provider.linkExternalSecret({ + externalRef: input.externalRef ?? "", + providerVersionRef: input.providerVersionRef ?? null, + providerConfig, + context: providerWriteContext, + }) + : await provider.createSecret({ + value: input.value ?? "", + externalRef: null, + providerConfig, + context: providerWriteContext, + }); + } catch (error) { + await db.delete(companySecrets).where(eq(companySecrets.id, reservedSecret.id)).catch(() => undefined); + throw error; + } + + try { + await db + .update(companySecrets) + .set({ externalRef: prepared.externalRef, latestVersion: 1, - description: input.description ?? null, - createdByAgentId: actor?.agentId ?? null, - createdByUserId: actor?.userId ?? null, + updatedAt: new Date(), }) - .returning() - .then((rows) => rows[0]); - - await tx.insert(companySecretVersions).values({ - secretId: secret.id, + .where(eq(companySecrets.id, reservedSecret.id)); + await db.insert(companySecretVersions).values({ + secretId: reservedSecret.id, version: 1, material: prepared.material, valueSha256: prepared.valueSha256, + fingerprintSha256: prepared.fingerprintSha256 ?? prepared.valueSha256, + providerVersionRef: prepared.providerVersionRef ?? null, + status: "disabled", createdByAgentId: actor?.agentId ?? null, createdByUserId: actor?.userId ?? null, }); + } catch (error) { + if (managedMode === "paperclip_managed") { + const cleaned = await cleanupPreparedProviderWrite({ + provider, + prepared, + providerConfig, + context: providerWriteContext, + mode: "delete", + operation: "create.prepare_rollback", + }); + if (cleaned) { + await db.delete(companySecrets).where(eq(companySecrets.id, reservedSecret.id)).catch(() => undefined); + } + } else { + await db.delete(companySecrets).where(eq(companySecrets.id, reservedSecret.id)).catch(() => undefined); + } + throw error; + } - return secret; - }); + try { + return await db.transaction(async (tx) => { + await tx + .update(companySecretVersions) + .set({ status: "current" }) + .where(and( + eq(companySecretVersions.secretId, reservedSecret.id), + eq(companySecretVersions.version, 1), + )); + + const secret = await tx + .update(companySecrets) + .set({ + status: "active", + externalRef: prepared.externalRef, + latestVersion: 1, + lastRotatedAt: new Date(), + updatedAt: new Date(), + }) + .where(eq(companySecrets.id, reservedSecret.id)) + .returning() + .then((rows) => rows[0]); + + if (!secret) throw notFound("Secret not found"); + return secret; + }); + } catch (error) { + if (managedMode === "paperclip_managed") { + const cleaned = await cleanupPreparedProviderWrite({ + provider, + prepared, + providerConfig, + context: providerWriteContext, + mode: "delete", + operation: "create.rollback", + }); + if (cleaned) { + await db.delete(companySecrets).where(eq(companySecrets.id, reservedSecret.id)).catch(() => undefined); + } + } else { + await db.delete(companySecrets).where(eq(companySecrets.id, reservedSecret.id)).catch(() => undefined); + } + throw error; + } }, rotate: async ( secretId: string, - input: { value: string; externalRef?: string | null }, + input: { + value?: string | null; + externalRef?: string | null; + providerVersionRef?: string | null; + providerConfigId?: string | null; + }, actor?: { userId?: string | null; agentId?: string | null }, ) => { const secret = await getById(secretId); if (!secret) throw notFound("Secret not found"); - const provider = getSecretProvider(secret.provider as SecretProvider); - const nextVersion = secret.latestVersion + 1; - const prepared = await provider.createVersion({ - value: input.value, - externalRef: input.externalRef ?? secret.externalRef ?? null, + if (secret.status !== "active") throw unprocessable("Cannot rotate a non-active secret"); + const providerId = secret.provider as SecretProvider; + const provider = getSecretProvider(providerId); + const providerConfigId = + input.providerConfigId === undefined ? secret.providerConfigId : input.providerConfigId; + const providerConfig = await getSelectableRuntimeProviderConfig({ + companyId: secret.companyId, + provider: providerId, + providerConfigId, }); + const nextVersion = secret.latestVersion + 1; + if (secret.managedMode === "external_reference" && !(input.externalRef ?? secret.externalRef)?.trim()) { + throw unprocessable("External reference secrets require externalRef"); + } + if (secret.managedMode !== "external_reference" && input.externalRef?.trim()) { + throw unprocessable("Managed secrets cannot override externalRef"); + } + if (secret.managedMode !== "external_reference" && !input.value?.trim()) { + throw unprocessable("Managed secrets require value"); + } + const providerWriteContext = { + companyId: secret.companyId, + secretKey: secret.key, + secretName: secret.name, + version: nextVersion, + }; + const prepared = + secret.managedMode === "external_reference" + ? await provider.linkExternalSecret({ + externalRef: input.externalRef ?? secret.externalRef ?? "", + providerVersionRef: input.providerVersionRef ?? null, + providerConfig, + context: providerWriteContext, + }) + : await provider.createVersion({ + value: input.value ?? "", + externalRef: secret.externalRef ?? null, + providerConfig, + context: providerWriteContext, + }); - return db.transaction(async (tx) => { - await tx.insert(companySecretVersions).values({ + try { + await db.insert(companySecretVersions).values({ secretId: secret.id, version: nextVersion, material: prepared.material, valueSha256: prepared.valueSha256, + fingerprintSha256: prepared.fingerprintSha256 ?? prepared.valueSha256, + providerVersionRef: prepared.providerVersionRef ?? null, + status: "disabled", createdByAgentId: actor?.agentId ?? null, createdByUserId: actor?.userId ?? null, }); + } catch (error) { + if (secret.managedMode !== "external_reference") { + await cleanupPreparedProviderWrite({ + provider, + prepared, + providerConfig, + context: providerWriteContext, + mode: "archive", + operation: "rotate.prepare_rollback", + }); + } + throw error; + } - const updated = await tx - .update(companySecrets) - .set({ - latestVersion: nextVersion, - externalRef: prepared.externalRef, - updatedAt: new Date(), - }) - .where(eq(companySecrets.id, secret.id)) - .returning() - .then((rows) => rows[0] ?? null); + try { + return await db.transaction(async (tx) => { + await tx + .update(companySecretVersions) + .set({ status: "previous" }) + .where(and( + eq(companySecretVersions.secretId, secret.id), + ne(companySecretVersions.version, nextVersion), + )); + await tx + .update(companySecretVersions) + .set({ status: "current" }) + .where(and( + eq(companySecretVersions.secretId, secret.id), + eq(companySecretVersions.version, nextVersion), + )); - if (!updated) throw notFound("Secret not found"); - return updated; - }); + const updated = await tx + .update(companySecrets) + .set({ + latestVersion: nextVersion, + externalRef: prepared.externalRef, + providerConfigId, + lastRotatedAt: new Date(), + updatedAt: new Date(), + }) + .where(eq(companySecrets.id, secret.id)) + .returning() + .then((rows) => rows[0] ?? null); + + if (!updated) throw notFound("Secret not found"); + return updated; + }); + } catch (error) { + if (secret.managedMode !== "external_reference") { + const cleaned = await cleanupPreparedProviderWrite({ + provider, + prepared, + providerConfig, + context: providerWriteContext, + mode: "archive", + operation: "rotate.rollback", + }); + if (cleaned) { + await db + .delete(companySecretVersions) + .where(and( + eq(companySecretVersions.secretId, secret.id), + eq(companySecretVersions.version, nextVersion), + )) + .catch(() => undefined); + } + } + throw error; + } }, update: async ( secretId: string, - patch: { name?: string; description?: string | null; externalRef?: string | null }, + patch: { + name?: string; + key?: string; + status?: "active" | "disabled" | "archived" | "deleted"; + providerConfigId?: string | null; + description?: string | null; + externalRef?: string | null; + providerMetadata?: Record | null; + }, ) => { const secret = await getById(secretId); if (!secret) throw notFound("Secret not found"); + if (secret.status === "deleted") throw notFound("Secret not found"); if (patch.name && patch.name !== secret.name) { const duplicate = await getByName(secret.companyId, patch.name); @@ -315,15 +1835,79 @@ export function secretService(db: Db) { throw conflict(`Secret already exists: ${patch.name}`); } } + const nextKey = patch.key ? normalizeSecretKey(patch.key) : secret.key; + if (!nextKey) throw unprocessable("Secret key is required"); + if (nextKey !== secret.key) { + const duplicateKey = await db + .select() + .from(companySecrets) + .where(and( + eq(companySecrets.companyId, secret.companyId), + eq(companySecrets.key, nextKey), + ne(companySecrets.status, "deleted"), + )) + .then((rows) => rows[0] ?? null); + if (duplicateKey && duplicateKey.id !== secret.id) { + throw conflict(`Secret key already exists: ${nextKey}`); + } + } + const deleting = patch.status === "deleted"; + if (deleting && secret.managedMode === "paperclip_managed") { + throw unprocessable("Managed secrets must be deleted through DELETE /secrets/:id"); + } + if (secret.managedMode !== "external_reference" && patch.externalRef !== undefined) { + throw unprocessable("Managed secrets cannot override externalRef"); + } + if ( + secret.managedMode === "external_reference" && + patch.externalRef !== undefined && + patch.externalRef !== secret.externalRef + ) { + throw unprocessable( + "External reference secrets cannot be retargeted through generic update", + ); + } + if ( + secret.managedMode === "external_reference" && + patch.providerConfigId !== undefined && + patch.providerConfigId !== secret.providerConfigId + ) { + throw unprocessable( + "External reference secrets cannot change provider vault through generic update", + ); + } + if ( + secret.managedMode === "paperclip_managed" && + patch.providerConfigId !== undefined && + patch.providerConfigId !== secret.providerConfigId + ) { + throw unprocessable( + "Managed secrets cannot change provider vault through PATCH; use rotate() to migrate to a new vault", + ); + } + if (patch.providerConfigId !== undefined) { + await assertProviderConfigForSecret( + secret.companyId, + secret.provider as SecretProvider, + patch.providerConfigId, + ); + } return db .update(companySecrets) .set({ - name: patch.name ?? secret.name, + key: deleting ? `${secret.key}__deleted__${secret.id}` : nextKey, + name: deleting ? `${secret.name}__deleted__${secret.id}` : patch.name ?? secret.name, + status: patch.status ?? secret.status, + providerConfigId: + patch.providerConfigId === undefined ? secret.providerConfigId : patch.providerConfigId, description: patch.description === undefined ? secret.description : patch.description, externalRef: patch.externalRef === undefined ? secret.externalRef : patch.externalRef, + providerMetadata: + patch.providerMetadata === undefined ? secret.providerMetadata : patch.providerMetadata, + deletedAt: deleting ? new Date() : secret.deletedAt, updatedAt: new Date(), }) .where(eq(companySecrets.id, secret.id)) @@ -331,6 +1915,171 @@ export function secretService(db: Db) { .then((rows) => rows[0] ?? null); }, + createBinding: async (input: { + companyId: string; + secretId: string; + targetType: SecretBindingTargetType; + targetId: string; + configPath: string; + versionSelector?: SecretVersionSelector; + required?: boolean; + label?: string | null; + }) => { + await assertSecretInCompany(input.companyId, input.secretId); + const existing = await db + .select() + .from(companySecretBindings) + .where( + and( + eq(companySecretBindings.companyId, input.companyId), + eq(companySecretBindings.targetType, input.targetType), + eq(companySecretBindings.targetId, input.targetId), + eq(companySecretBindings.configPath, input.configPath), + ), + ) + .then((rows) => rows[0] ?? null); + if (existing) throw conflict(`Secret binding already exists at ${input.configPath}`); + return db + .insert(companySecretBindings) + .values({ + companyId: input.companyId, + secretId: input.secretId, + targetType: input.targetType, + targetId: input.targetId, + configPath: input.configPath, + versionSelector: String(input.versionSelector ?? "latest"), + required: input.required ?? true, + label: input.label ?? null, + }) + .returning() + .then((rows) => rows[0]); + }, + + syncSecretRefsForTarget: async ( + companyId: string, + target: { targetType: SecretBindingTargetType; targetId: string }, + refs: Array<{ + secretId: string; + configPath: string; + versionSelector?: SecretVersionSelector; + required?: boolean; + label?: string | null; + }>, + ) => { + const normalizedRefs: Array<{ + secretId: string; + configPath: string; + versionSelector: SecretVersionSelector; + required: boolean; + label: string | null; + }> = []; + for (const ref of refs) { + await assertSecretInCompany(companyId, ref.secretId); + normalizedRefs.push({ + secretId: ref.secretId, + configPath: ref.configPath, + versionSelector: ref.versionSelector ?? "latest", + required: ref.required ?? true, + label: ref.label ?? null, + }); + } + + const pathPrefixes = [...new Set(normalizedRefs.map((ref) => ref.configPath.split(".")[0]))]; + + await db.transaction(async (tx) => { + if (pathPrefixes.length > 0) { + for (const pathPrefix of pathPrefixes) { + await tx + .delete(companySecretBindings) + .where( + and( + eq(companySecretBindings.companyId, companyId), + eq(companySecretBindings.targetType, target.targetType), + eq(companySecretBindings.targetId, target.targetId), + like(companySecretBindings.configPath, `${pathPrefix}.%`), + ), + ); + } + } else { + await tx + .delete(companySecretBindings) + .where( + and( + eq(companySecretBindings.companyId, companyId), + eq(companySecretBindings.targetType, target.targetType), + eq(companySecretBindings.targetId, target.targetId), + ), + ); + } + if (normalizedRefs.length === 0) return; + await tx.insert(companySecretBindings).values( + normalizedRefs.map((ref) => ({ + companyId, + secretId: ref.secretId, + targetType: target.targetType, + targetId: target.targetId, + configPath: ref.configPath, + versionSelector: String(ref.versionSelector), + required: ref.required, + label: ref.label, + })), + ); + }); + return normalizedRefs; + }, + + syncEnvBindingsForTarget: async ( + companyId: string, + target: { targetType: SecretBindingTargetType; targetId: string; pathPrefix?: string }, + envValue: unknown, + ) => { + const record = asRecord(envValue) ?? {}; + const refs: Array<{ + secretId: string; + configPath: string; + versionSelector: SecretVersionSelector; + }> = []; + const pathPrefix = target.pathPrefix ?? "env"; + for (const [key, rawBinding] of Object.entries(record)) { + const parsed = envBindingSchema.safeParse(rawBinding); + if (!parsed.success) continue; + const binding = canonicalizeBinding(parsed.data as EnvBinding); + if (binding.type !== "secret_ref") continue; + await assertSecretInCompany(companyId, binding.secretId); + refs.push({ + secretId: binding.secretId, + configPath: `${pathPrefix}.${key}`, + versionSelector: binding.version, + }); + } + + await db.transaction(async (tx) => { + await tx + .delete(companySecretBindings) + .where( + and( + eq(companySecretBindings.companyId, companyId), + eq(companySecretBindings.targetType, target.targetType), + eq(companySecretBindings.targetId, target.targetId), + like(companySecretBindings.configPath, `${pathPrefix}.%`), + ), + ); + if (refs.length === 0) return; + await tx.insert(companySecretBindings).values( + refs.map((ref) => ({ + companyId, + secretId: ref.secretId, + targetType: target.targetType, + targetId: target.targetId, + configPath: ref.configPath, + versionSelector: String(ref.versionSelector), + required: true, + })), + ); + }); + return refs; + }, + remove: async (secretId: string) => { const secret = await getById(secretId); if (!secret) return null; @@ -344,6 +2093,48 @@ export function secretService(db: Db) { { secretId, usedByAgents: used.agents, usedBySkills: used.skills }, ); } + const versionRow = await getSecretVersion(secret.id, secret.latestVersion); + const providerId = secret.provider as SecretProvider; + const provider = getSecretProvider(providerId); + if (secret.status !== "deleted") { + await db + .update(companySecrets) + .set({ + key: `${secret.key}__deleted__${secret.id}`, + name: `${secret.name}__deleted__${secret.id}`, + status: "deleted", + deletedAt: secret.deletedAt ?? new Date(), + updatedAt: new Date(), + }) + .where(eq(companySecrets.id, secretId)); + } + const providerConfig = secret.providerConfigId + ? await getProviderConfigById(secret.providerConfigId) + : null; + const providerRuntimeConfig = + providerConfig && providerConfig.status !== "disabled" && providerConfig.status !== "coming_soon" + ? toProviderVaultRuntimeConfig(providerConfig) + : null; + if (!secret.providerConfigId || providerRuntimeConfig) { + try { + await provider.deleteOrArchive({ + material: versionRow?.material as Record | undefined, + externalRef: secret.externalRef, + providerConfig: providerRuntimeConfig, + context: { + companyId: secret.companyId, + secretKey: secret.key, + secretName: secret.name, + version: secret.latestVersion, + }, + mode: "delete", + }); + } catch (error) { + if (!isSecretProviderClientError(error) || error.code !== "not_found") { + throw error; + } + } + } await db.delete(companySecrets).where(eq(companySecrets.id, secretId)); return secret; }, @@ -379,11 +2170,16 @@ export function secretService(db: Db) { return normalized; }, - resolveEnvBindings: async (companyId: string, envValue: unknown): Promise<{ env: Record; secretKeys: Set }> => { + resolveEnvBindings: async ( + companyId: string, + envValue: unknown, + context?: Omit, + ): Promise<{ env: Record; secretKeys: Set; manifest: RuntimeSecretManifestEntry[] }> => { const record = asRecord(envValue); - if (!record) return { env: {} as Record, secretKeys: new Set() }; + if (!record) return { env: {} as Record, secretKeys: new Set(), manifest: [] }; const resolved: Record = {}; const secretKeys = new Set(); + const manifest: RuntimeSecretManifestEntry[] = []; for (const [key, rawBinding] of Object.entries(record)) { if (!ENV_KEY_RE.test(key)) { @@ -397,23 +2193,35 @@ export function secretService(db: Db) { if (binding.type === "plain") { resolved[key] = binding.value; } else { - resolved[key] = await resolveSecretValue(companyId, binding.secretId, binding.version); + const secretResolution = await resolveSecretValueInternal( + companyId, + binding.secretId, + binding.version, + context ? { ...context, configPath: `env.${key}` } : undefined, + ); + resolved[key] = secretResolution.value; + manifest.push(secretResolution.manifestEntry); secretKeys.add(key); } } - return { env: resolved, secretKeys }; + return { env: resolved, secretKeys, manifest }; }, - resolveAdapterConfigForRuntime: async (companyId: string, adapterConfig: Record): Promise<{ config: Record; secretKeys: Set }> => { + resolveAdapterConfigForRuntime: async ( + companyId: string, + adapterConfig: Record, + context?: Omit, + ): Promise<{ config: Record; secretKeys: Set; manifest: RuntimeSecretManifestEntry[] }> => { const resolved = { ...adapterConfig }; const secretKeys = new Set(); + const manifest: RuntimeSecretManifestEntry[] = []; if (!Object.prototype.hasOwnProperty.call(adapterConfig, "env")) { - return { config: resolved, secretKeys }; + return { config: resolved, secretKeys, manifest }; } const record = asRecord(adapterConfig.env); if (!record) { resolved.env = {}; - return { config: resolved, secretKeys }; + return { config: resolved, secretKeys, manifest }; } const env: Record = {}; for (const [key, rawBinding] of Object.entries(record)) { @@ -428,12 +2236,19 @@ export function secretService(db: Db) { if (binding.type === "plain") { env[key] = binding.value; } else { - env[key] = await resolveSecretValue(companyId, binding.secretId, binding.version); + const secretResolution = await resolveSecretValueInternal( + companyId, + binding.secretId, + binding.version, + context ? { ...context, configPath: `env.${key}` } : undefined, + ); + env[key] = secretResolution.value; + manifest.push(secretResolution.manifestEntry); secretKeys.add(key); } } resolved.env = env; - return { config: resolved, secretKeys }; + return { config: resolved, secretKeys, manifest }; }, }; } diff --git a/server/src/services/workspace-runtime.ts b/server/src/services/workspace-runtime.ts index 7ff44f7a..b601f495 100644 --- a/server/src/services/workspace-runtime.ts +++ b/server/src/services/workspace-runtime.ts @@ -51,6 +51,7 @@ export interface ExecutionWorkspaceIssueRef { id: string; identifier: string | null; title: string | null; + workMode?: string | null; } export interface ExecutionWorkspaceAgentRef { @@ -108,6 +109,11 @@ interface RuntimeServiceRecord extends RuntimeServiceRef { processGroupId: number | null; } +type StoppedRuntimeServiceReuseCandidate = { + id: string; + port: number | null; +}; + const runtimeServicesById = new Map(); const runtimeServicesByReuseKey = new Map(); const runtimeServiceLeasesByRun = new Map(); @@ -707,6 +713,7 @@ function buildWorkspaceCommandEnv(input: { env.PAPERCLIP_ISSUE_ID = input.issue?.id ?? ""; env.PAPERCLIP_ISSUE_IDENTIFIER = input.issue?.identifier ?? ""; env.PAPERCLIP_ISSUE_TITLE = input.issue?.title ?? ""; + env.PAPERCLIP_ISSUE_WORK_MODE = input.issue?.workMode ?? ""; return env; } @@ -1815,6 +1822,33 @@ async function persistRuntimeServiceRecord(db: Db | undefined, record: RuntimeSe }); } +async function findStoppedRuntimeServiceReuseCandidate(input: { + db?: Db; + companyId: string; + reuseKey: string | null; +}): Promise { + if (!input.db || !input.reuseKey) return null; + const row = await input.db + .select({ + id: workspaceRuntimeServices.id, + port: workspaceRuntimeServices.port, + }) + .from(workspaceRuntimeServices) + .where( + and( + eq(workspaceRuntimeServices.companyId, input.companyId), + eq(workspaceRuntimeServices.reuseKey, input.reuseKey), + eq(workspaceRuntimeServices.provider, "local_process"), + eq(workspaceRuntimeServices.status, "stopped"), + ), + ) + .orderBy(desc(workspaceRuntimeServices.updatedAt)) + .limit(1) + .then((rows) => rows[0] ?? null); + + return row ?? null; +} + function clearIdleTimer(record: RuntimeServiceRecord) { if (!record.idleTimer) return; clearTimeout(record.idleTimer); @@ -1927,9 +1961,20 @@ async function startLocalRuntimeService(input: { const serviceIdentityFingerprint = input.reuseKey ?? envFingerprint; const explicitPort = identity.explicitPort; const identityPort = identity.identityPort; + const stoppedReuseCandidate = await findStoppedRuntimeServiceReuseCandidate({ + db: input.db, + companyId: input.agent.companyId, + reuseKey: input.reuseKey, + }); + const reusableStoppedPort = + asString(portConfig.type, "") === "auto" && stoppedReuseCandidate?.port + ? (await readLocalServicePortOwner(stoppedReuseCandidate.port)) + ? null + : stoppedReuseCandidate.port + : null; const port = asString(portConfig.type, "") === "auto" - ? await allocatePort() + ? (reusableStoppedPort ?? await allocatePort()) : explicitPort > 0 ? explicitPort : null; @@ -2073,7 +2118,7 @@ async function startLocalRuntimeService(input: { } const record: RuntimeServiceRecord = { - id: randomUUID(), + id: stoppedReuseCandidate?.id ?? randomUUID(), companyId: input.agent.companyId, projectId: input.workspace.projectId, projectWorkspaceId: input.workspace.workspaceId, diff --git a/server/src/types/express.d.ts b/server/src/types/express.d.ts index 1915e2ff..17f94e75 100644 --- a/server/src/types/express.d.ts +++ b/server/src/types/express.d.ts @@ -19,7 +19,7 @@ declare global { isInstanceAdmin?: boolean; keyId?: string; runId?: string; - source?: "local_implicit" | "session" | "board_key" | "agent_key" | "agent_jwt" | "none"; + source?: "local_implicit" | "session" | "board_key" | "agent_key" | "agent_jwt" | "cloud_tenant" | "none"; }; } } diff --git a/skills/paperclip/SKILL.md b/skills/paperclip/SKILL.md index 241e237b..dc57aeed 100644 --- a/skills/paperclip/SKILL.md +++ b/skills/paperclip/SKILL.md @@ -87,7 +87,8 @@ If `currentParticipant` does not match you, do not try to advance the stage — **Step 7 — Do the work.** Use your tools and capabilities. Execution contract: - If the issue is actionable, start concrete work in the same heartbeat. Do not stop at a plan unless the issue specifically asks for planning. -- Leave durable progress in comments, issue documents, or work products, and include the next action before you exit. +- Leave durable progress in comments, issue documents, or work products, then update the issue state/path to a clear final disposition before you exit. +- Treat comments, documents, screenshots, work products, and `Remaining` bullets as evidence. They are not valid liveness paths by themselves. - Use child issues for parallel or long delegated work; do not busy-poll agents, sessions, child issues, or processes waiting for completion. - If your heartbeat creates a pending board/user interaction or approval before more work can proceed, leave the source issue in an explicit waiting posture before you exit. Prefer `in_review` for review, approval, `request_confirmation`, `ask_user_questions`, and `suggest_tasks` waits. Use `blocked` with `blockedByIssueIds` when another issue is the blocker. - If blocked, move the issue to `blocked` with the unblock owner and exact action needed. @@ -96,6 +97,14 @@ If `currentParticipant` does not match you, do not try to advance the stage — **Step 8 — Update status and communicate.** Always include the run ID header. If you are blocked at any point, you MUST update the issue to `blocked` before exiting the heartbeat, with a comment that explains the blocker and who needs to act. +Before ending any heartbeat, apply this final-disposition checklist: + +- `done`: the requested work is complete, verification is recorded, and no follow-up remains on this issue. +- `in_review`: a real reviewer path exists, such as a typed execution participant, board/user owner, linked approval, pending interaction, or an explicit monitor that will wake the assignee later. Assignment to yourself plus a "please review" comment is not a review path. +- `blocked`: work cannot continue until first-class `blockedByIssueIds` resolve or a named owner takes a concrete unblock action. +- Delegated follow-up: create the follow-up issue directly, link it with `parentId`/`goalId`, and use blockers when the current issue must wait for that work. +- Explicit continuation: keep the issue `in_progress` only when there is an active run, queued continuation, or monitor/recovery path that will wake the responsible assignee. Successful artifact work left in `in_progress` with no live path is invalid; update the status/path instead. + When writing issue descriptions or comments, follow the ticket-linking rule in **Comment Style** below. ```json diff --git a/tests/e2e/planning-mode-visual-verification.spec.ts b/tests/e2e/planning-mode-visual-verification.spec.ts new file mode 100644 index 00000000..3e6e2444 --- /dev/null +++ b/tests/e2e/planning-mode-visual-verification.spec.ts @@ -0,0 +1,157 @@ +import { expect, test } from "@playwright/test"; + +const SKIP_LLM = process.env.PAPERCLIP_E2E_SKIP_LLM !== "false"; + +const AGENT_NAME = "CEO"; +const TASK_TITLE = "PAP-3413 planning mode evidence"; + +test("captures planning mode UI for desktop and mobile", async ({ page }) => { + const timestamp = Date.now(); + const companyName = `PAP-3413-${timestamp}`; + const screenshotDir = "test-results/planning-mode"; + + await page.goto("/onboarding"); + await expect(page.locator("h3", { hasText: "Name your company" })).toBeVisible({ timeout: 5_000 }); + + await page.locator('input[placeholder="Acme Corp"]').fill(companyName); + await page.getByRole("button", { name: "Next" }).click(); + + await expect(page.locator("h3", { hasText: "Create your first agent" })).toBeVisible({ timeout: 30_000 }); + await expect(page.locator('input[placeholder="CEO"]')).toHaveValue(AGENT_NAME); + await page.getByRole("button", { name: "Next" }).click(); + + await expect(page.locator("h3", { hasText: "Give it something to do" })).toBeVisible({ timeout: 30_000 }); + const baseUrl = page.url().split("/").slice(0, 3).join("/"); + + if (SKIP_LLM) { + const companiesAfterAgentRes = await page.request.get(`${baseUrl}/api/companies`); + expect(companiesAfterAgentRes.ok()).toBe(true); + const companiesAfterAgent = await companiesAfterAgentRes.json(); + const companyAfterAgent = companiesAfterAgent.find((c: { name: string }) => c.name === companyName); + expect(companyAfterAgent).toBeTruthy(); + + const agentsAfterCreateRes = await page.request.get(`${baseUrl}/api/companies/${companyAfterAgent.id}/agents`); + expect(agentsAfterCreateRes.ok()).toBe(true); + const agentsAfterCreate = await agentsAfterCreateRes.json(); + const ceoAgentAfterCreate = agentsAfterCreate.find((a: { name: string }) => a.name === AGENT_NAME); + expect(ceoAgentAfterCreate).toBeTruthy(); + + const disableWakeRes = await page.request.patch( + `${baseUrl}/api/agents/${ceoAgentAfterCreate.id}?companyId=${encodeURIComponent(companyAfterAgent.id)}`, + { + data: { + runtimeConfig: { + heartbeat: { + enabled: false, + intervalSec: 300, + wakeOnDemand: false, + cooldownSec: 10, + maxConcurrentRuns: 5, + }, + }, + }, + }, + ); + expect(disableWakeRes.ok()).toBe(true); + } + + const taskTitleInput = page.locator('input[placeholder="e.g. Research competitor pricing"]'); + await taskTitleInput.clear(); + await taskTitleInput.fill(TASK_TITLE); + await page.getByRole("button", { name: "Next" }).click(); + + await expect(page.locator("h3", { hasText: "Ready to launch" })).toBeVisible({ timeout: 30_000 }); + await page.getByRole("button", { name: "Create & Open Issue" }).click(); + await expect(page).toHaveURL(/\/issues\//, { timeout: 30_000 }); + + const openedIssueUrl = page.url(); + const openedIssueIdentifier = openedIssueUrl.split("/").filter(Boolean).pop(); + const baseOrigin = new URL(openedIssueUrl).origin; + const companyRes = await page.request.get(`${baseOrigin}/api/companies`); + expect(companyRes.ok()).toBe(true); + const companies = await companyRes.json(); + const company = companies.find((c: { name: string }) => c.name === companyName); + expect(company).toBeTruthy(); + const issueRes = await page.request.get(`${baseOrigin}/api/companies/${company.id}/issues`); + expect(issueRes.ok()).toBe(true); + const issues = await issueRes.json(); + const planningSeedIssue = issues.find( + (candidate: { id: string; identifier?: string; title: string }) => + candidate.identifier === openedIssueIdentifier || candidate.id === openedIssueIdentifier || candidate.title === TASK_TITLE, + ); + expect(planningSeedIssue).toBeTruthy(); + + const issue = planningSeedIssue; + const issueIdentifier = issue.identifier ?? issue.id; + const issuePath = `/${company.issuePrefix ?? company.id}/issues/${issueIdentifier}`; + const companyPrefix = company.issuePrefix ?? company.id; + const issueLinkSelector = `a[href$="/issues/${issueIdentifier}"]`; + + const setMode = async (mode: "standard" | "planning") => { + const patchRes = await page.request.patch(`${baseOrigin}/api/issues/${issue.id}`, { + data: { workMode: mode }, + }); + expect(patchRes.ok()).toBe(true); + await expect + .poll(async () => { + const currentRes = await page.request.get(`${baseOrigin}/api/issues/${issue.id}`); + expect(currentRes.ok()).toBe(true); + const current = await currentRes.json(); + return current.workMode; + }, { timeout: 10_000 }) + .toBe(mode); + }; + + await setMode("planning"); + + await page.goto(issuePath); + await expect(page.getByText("Planning").first()).toBeVisible(); + await expect(page.getByTestId("issue-chat-composer")).toHaveAttribute("data-pending-work-mode", "planning"); + const desktopPlanningToggle = page.getByTestId("issue-chat-composer-work-mode-toggle"); + await expect(desktopPlanningToggle).toBeVisible(); + await expect(desktopPlanningToggle).toHaveAttribute("data-pending-work-mode", "planning"); + await expect(desktopPlanningToggle).toHaveAttribute("aria-pressed", "true"); + + await page.screenshot({ + path: `${screenshotDir}/desktop-planning-detail-${timestamp}.png`, + fullPage: true, + }); + + await page.goto(`/${companyPrefix}/issues`); + await expect(page.locator(issueLinkSelector)).toBeVisible(); + await expect(page.locator(issueLinkSelector)).toContainText("Planning"); + await page.screenshot({ + path: `${screenshotDir}/desktop-planning-row-${timestamp}.png`, + fullPage: true, + }); + + await page.goto(issuePath); + await page.getByTestId("issue-chat-composer-work-mode-toggle").click(); + await expect(page.getByTestId("issue-chat-composer")).toHaveAttribute("data-pending-work-mode", "standard"); + await expect(page.getByTestId("issue-chat-composer-work-mode-toggle")).toBeHidden(); + await page.screenshot({ + path: `${screenshotDir}/desktop-standard-toggle-${timestamp}.png`, + fullPage: true, + }); + + await setMode("planning"); + await page.setViewportSize({ width: 390, height: 844 }); + await page.goto(issuePath); + await expect(page.getByText("Planning").first()).toBeVisible(); + const mobilePlanningToggle = page.getByTestId("issue-chat-composer-work-mode-toggle"); + await expect(mobilePlanningToggle).toBeVisible(); + await expect(mobilePlanningToggle).toHaveAttribute("data-pending-work-mode", "planning"); + await expect(mobilePlanningToggle).toHaveAttribute("aria-pressed", "true"); + await page.screenshot({ + path: `${screenshotDir}/mobile-planning-detail-${timestamp}.png`, + fullPage: true, + }); + + await page.goto(`/${companyPrefix}/issues`); + await expect(page.locator(issueLinkSelector)).toBeVisible(); + await expect(page.locator(issueLinkSelector)).toContainText("Planning"); + await page.screenshot({ + path: `${screenshotDir}/mobile-planning-row-${timestamp}.png`, + fullPage: true, + }); +}); diff --git a/ui/package.json b/ui/package.json index 6160df07..65caa25e 100644 --- a/ui/package.json +++ b/ui/package.json @@ -37,6 +37,7 @@ "@paperclipai/adapter-acpx-local": "workspace:*", "@paperclipai/adapter-claude-local": "workspace:*", "@paperclipai/adapter-codex-local": "workspace:*", + "@paperclipai/adapter-cursor-cloud": "workspace:*", "@paperclipai/adapter-cursor-local": "workspace:*", "@paperclipai/adapter-gemini-local": "workspace:*", "@paperclipai/adapter-openclaw-gateway": "workspace:*", diff --git a/ui/src/App.tsx b/ui/src/App.tsx index 9b720075..119a2f1c 100644 --- a/ui/src/App.tsx +++ b/ui/src/App.tsx @@ -13,6 +13,7 @@ import { ProjectDetail } from "./pages/ProjectDetail"; import { ProjectWorkspaceDetail } from "./pages/ProjectWorkspaceDetail"; import { Workspaces } from "./pages/Workspaces"; import { Issues } from "./pages/Issues"; +import { Search } from "./pages/Search"; import { IssueDetail } from "./pages/IssueDetail"; import { IssueChatLongThreadPerf } from "./pages/IssueChatLongThreadPerf"; import { Routines } from "./pages/Routines"; @@ -32,6 +33,7 @@ import { CompanyAccess } from "./pages/CompanyAccess"; import { CompanyInvites } from "./pages/CompanyInvites"; import { CompanySecrets } from "./pages/CompanySecrets"; import { CompanySkills } from "./pages/CompanySkills"; +import { Secrets } from "./pages/Secrets"; import { CompanyExport } from "./pages/CompanyExport"; import { CompanyImport } from "./pages/CompanyImport"; import { DesignGuide } from "./pages/DesignGuide"; @@ -72,6 +74,7 @@ function boardRoutes() { } /> } /> } /> + } /> } /> } /> } /> @@ -97,6 +100,7 @@ function boardRoutes() { } /> } /> } /> + } /> } /> } /> } /> @@ -109,6 +113,7 @@ function boardRoutes() { } /> } /> } /> + } /> } /> } /> } /> @@ -131,7 +136,7 @@ function boardRoutes() { } /> } /> } /> - } /> + } /> } /> ); @@ -306,6 +311,7 @@ export function App() { } /> } /> } /> + } /> } /> } /> } /> diff --git a/ui/src/adapters/adapter-display-registry.ts b/ui/src/adapters/adapter-display-registry.ts index d75da557..948a3c8d 100644 --- a/ui/src/adapters/adapter-display-registry.ts +++ b/ui/src/adapters/adapter-display-registry.ts @@ -98,6 +98,11 @@ const adapterDisplayMap: Record = { description: "Local Cursor agent", icon: MousePointer2, }, + cursor_cloud: { + label: "Cursor Cloud", + description: "Managed remote Cursor agent", + icon: MousePointer2, + }, openclaw_gateway: { label: "OpenClaw Gateway", description: "Invoke OpenClaw via gateway protocol", diff --git a/ui/src/adapters/cursor-cloud/index.ts b/ui/src/adapters/cursor-cloud/index.ts new file mode 100644 index 00000000..12b26365 --- /dev/null +++ b/ui/src/adapters/cursor-cloud/index.ts @@ -0,0 +1,14 @@ +import type { UIAdapterModule } from "../types"; +import { SchemaConfigFields } from "../schema-config-fields"; +import { + buildCursorCloudConfig, + parseCursorCloudStdoutLine, +} from "@paperclipai/adapter-cursor-cloud/ui"; + +export const cursorCloudUIAdapter: UIAdapterModule = { + type: "cursor_cloud", + label: "Cursor Cloud", + parseStdoutLine: parseCursorCloudStdoutLine, + ConfigFields: SchemaConfigFields, + buildAdapterConfig: buildCursorCloudConfig, +}; diff --git a/ui/src/adapters/registry.ts b/ui/src/adapters/registry.ts index d53eaaae..0e2f27a3 100644 --- a/ui/src/adapters/registry.ts +++ b/ui/src/adapters/registry.ts @@ -2,6 +2,7 @@ import type { UIAdapterModule } from "./types"; import { acpxLocalUIAdapter } from "./acpx-local"; import { claudeLocalUIAdapter } from "./claude-local"; import { codexLocalUIAdapter } from "./codex-local"; +import { cursorCloudUIAdapter } from "./cursor-cloud"; import { cursorLocalUIAdapter } from "./cursor"; import { geminiLocalUIAdapter } from "./gemini-local"; import { openCodeLocalUIAdapter } from "./opencode-local"; @@ -53,6 +54,7 @@ function registerBuiltInUIAdapters() { acpxLocalUIAdapter, claudeLocalUIAdapter, codexLocalUIAdapter, + cursorCloudUIAdapter, geminiLocalUIAdapter, hermesLocalUIAdapter, openCodeLocalUIAdapter, diff --git a/ui/src/adapters/schema-config-fields.test.ts b/ui/src/adapters/schema-config-fields.test.ts new file mode 100644 index 00000000..e77d675e --- /dev/null +++ b/ui/src/adapters/schema-config-fields.test.ts @@ -0,0 +1,47 @@ +import { describe, expect, it } from "vitest"; +import type { AdapterConfigSchema, ConfigFieldSchema } from "@paperclipai/adapter-utils"; +import { fieldMatchesVisibleWhen } from "./schema-config-fields"; + +const sourceField: ConfigFieldSchema = { + key: "provider", + label: "Provider", + type: "select", + options: [ + { label: "Claude", value: "claude" }, + { label: "Codex", value: "codex" }, + ], +}; + +const schema: AdapterConfigSchema = { + fields: [sourceField], +}; + +function targetWithVisibleWhen(visibleWhen: Record): ConfigFieldSchema { + return { + key: "model", + label: "Model", + type: "text", + meta: { visibleWhen }, + }; +} + +describe("fieldMatchesVisibleWhen", () => { + it("treats an empty values array as no match", () => { + const field = targetWithVisibleWhen({ key: "provider", values: [] }); + + expect(fieldMatchesVisibleWhen(field, () => "claude", schema)).toBe(false); + }); + + it("treats all non-string values as no match", () => { + const field = targetWithVisibleWhen({ key: "provider", values: [null, 42] }); + + expect(fieldMatchesVisibleWhen(field, () => "claude", schema)).toBe(false); + }); + + it("matches non-empty string values", () => { + const field = targetWithVisibleWhen({ key: "provider", values: ["claude"] }); + + expect(fieldMatchesVisibleWhen(field, () => "claude", schema)).toBe(true); + expect(fieldMatchesVisibleWhen(field, () => "codex", schema)).toBe(false); + }); +}); diff --git a/ui/src/adapters/schema-config-fields.tsx b/ui/src/adapters/schema-config-fields.tsx index 7161f9e0..08a3e524 100644 --- a/ui/src/adapters/schema-config-fields.tsx +++ b/ui/src/adapters/schema-config-fields.tsx @@ -283,6 +283,38 @@ function getDefaultValue(field: ConfigFieldSchema): unknown { } } +export function fieldMatchesVisibleWhen( + field: ConfigFieldSchema, + readValue: (field: ConfigFieldSchema) => unknown, + schema: AdapterConfigSchema, +): boolean { + const visibleWhen = field.meta?.visibleWhen; + if (!visibleWhen || typeof visibleWhen !== "object" || Array.isArray(visibleWhen)) return true; + + const condition = visibleWhen as { + key?: unknown; + value?: unknown; + values?: unknown; + notValues?: unknown; + }; + if (typeof condition.key !== "string" || condition.key.length === 0) return true; + + const sourceField = schema.fields.find((candidate) => candidate.key === condition.key); + if (!sourceField) return true; + + const actual = String(readValue(sourceField) ?? ""); + if (typeof condition.value === "string") return actual === condition.value; + if (Array.isArray(condition.values)) { + const values = condition.values.filter((value): value is string => typeof value === "string"); + return values.length > 0 && values.includes(actual); + } + if (Array.isArray(condition.notValues)) { + const values = condition.notValues.filter((value): value is string => typeof value === "string"); + return !values.includes(actual); + } + return true; +} + // --------------------------------------------------------------------------- // Component // --------------------------------------------------------------------------- @@ -369,111 +401,113 @@ export function SchemaConfigFields({ return ( <> - {schema.fields.map((field) => { - switch (field.type) { - case "select": { - const currentVal = String(readValue(field) ?? ""); - return ( - - fieldMatchesVisibleWhen(field, readValue, schema)) + .map((field) => { + switch (field.type) { + case "select": { + const currentVal = String(readValue(field) ?? ""); + return ( + + writeValue(field, v)} + /> + + ); + } + + case "toggle": + return ( + writeValue(field, v)} /> - - ); - } + ); - case "toggle": - return ( - writeValue(field, v)} - /> - ); + case "number": + return ( + + writeValue(field, v)} + immediate + className={inputClass} + /> + + ); - case "number": - return ( - - writeValue(field, v)} - immediate - className={inputClass} - /> - - ); + case "textarea": + return ( + + writeValue(field, v || undefined)} + immediate + /> + + ); - case "textarea": - return ( - - writeValue(field, v || undefined)} - immediate - /> - - ); - - case "combobox": { - const currentVal = String(readValue(field) ?? ""); - // Dynamic options: if meta.providerModels exists, compute options - // based on the current provider value - let comboboxOptions = field.options ?? []; - if (field.meta?.providerModels) { - const providerVal = String(readValue(schema.fields.find((f) => f.key === "provider")!) ?? "auto"); - const modelsByProvider = field.meta.providerModels as Record; - if (providerVal === "auto") { - // Auto: show all models from all providers, grouped by provider - const providerLabel = schema.fields.find((f) => f.key === "provider"); - const providerOptions = providerLabel?.options ?? []; - comboboxOptions = Object.entries(modelsByProvider).flatMap(([prov, models]) => - models.map((m) => ({ + case "combobox": { + const currentVal = String(readValue(field) ?? ""); + // Dynamic options: if meta.providerModels exists, compute options + // based on the current provider value + let comboboxOptions = field.options ?? []; + if (field.meta?.providerModels) { + const providerVal = String(readValue(schema.fields.find((f) => f.key === "provider")!) ?? "auto"); + const modelsByProvider = field.meta.providerModels as Record; + if (providerVal === "auto") { + // Auto: show all models from all providers, grouped by provider + const providerLabel = schema.fields.find((f) => f.key === "provider"); + const providerOptions = providerLabel?.options ?? []; + comboboxOptions = Object.entries(modelsByProvider).flatMap(([prov, models]) => + models.map((m) => ({ + label: m, + value: m, + group: providerOptions.find((p) => p.value === prov)?.label ?? prov, + })), + ); + } else { + const providerModels = modelsByProvider[providerVal] ?? []; + const providerLabel = schema.fields.find((f) => f.key === "provider"); + const provName = providerLabel?.options?.find((p) => p.value === providerVal)?.label ?? providerVal; + comboboxOptions = providerModels.map((m) => ({ label: m, value: m, - group: providerOptions.find((p) => p.value === prov)?.label ?? prov, - })), - ); - } else { - const providerModels = modelsByProvider[providerVal] ?? []; - const providerLabel = schema.fields.find((f) => f.key === "provider"); - const provName = providerLabel?.options?.find((p) => p.value === providerVal)?.label ?? providerVal; - comboboxOptions = providerModels.map((m) => ({ - label: m, - value: m, - group: provName, - })); + group: provName, + })); + } } + return ( + + writeValue(field, v || undefined)} + placeholder={field.hint} + /> + + ); } - return ( - - writeValue(field, v || undefined)} - placeholder={field.hint} - /> - - ); - } - case "text": - default: - return ( - - writeValue(field, v || undefined)} - immediate - className={inputClass} - /> - - ); - } - })} + case "text": + default: + return ( + + writeValue(field, v || undefined)} + immediate + className={inputClass} + /> + + ); + } + })} ); } diff --git a/ui/src/api/agents.ts b/ui/src/api/agents.ts index d3e79fc0..6478ec75 100644 --- a/ui/src/api/agents.ts +++ b/ui/src/api/agents.ts @@ -69,6 +69,15 @@ export interface AgentPermissionUpdate { canAssignTasks: boolean; } +export interface AgentWakeRequest { + source?: "timer" | "assignment" | "on_demand" | "automation"; + triggerDetail?: "manual" | "ping" | "callback" | "system"; + reason?: string | null; + payload?: Record | null; + idempotencyKey?: string | null; + forceFreshSession?: boolean; +} + function withCompanyScope(path: string, companyId?: string) { if (!companyId) return path; const separator = path.includes("?") ? "&" : "?"; @@ -171,10 +180,19 @@ export const agentsApi = { api.get(agentPath(id, companyId, "/task-sessions")), resetSession: (id: string, taskKey?: string | null, companyId?: string) => api.post(agentPath(id, companyId, "/runtime-state/reset-session"), { taskKey: taskKey ?? null }), - adapterModels: (companyId: string, type: string, options?: { refresh?: boolean }) => - api.get( - `/companies/${encodeURIComponent(companyId)}/adapters/${encodeURIComponent(type)}/models${options?.refresh ? "?refresh=1" : ""}`, - ), + adapterModels: ( + companyId: string, + type: string, + options?: { refresh?: boolean; environmentId?: string | null }, + ) => { + const params = new URLSearchParams(); + if (options?.refresh) params.set("refresh", "1"); + if (options?.environmentId) params.set("environmentId", options.environmentId); + const query = params.size > 0 ? `?${params.toString()}` : ""; + return api.get( + `/companies/${encodeURIComponent(companyId)}/adapters/${encodeURIComponent(type)}/models${query}`, + ); + }, detectModel: (companyId: string, type: string) => api.get( `/companies/${encodeURIComponent(companyId)}/adapters/${encodeURIComponent(type)}/detect-model`, @@ -195,16 +213,11 @@ export const agentsApi = { `/companies/${companyId}/adapters/${type}/test-environment`, data, ), - invoke: (id: string, companyId?: string) => api.post(agentPath(id, companyId, "/heartbeat/invoke"), {}), + invoke: (id: string, companyId?: string, data: AgentWakeRequest = {}) => + api.post(agentPath(id, companyId, "/heartbeat/invoke"), data), wakeup: ( id: string, - data: { - source?: "timer" | "assignment" | "on_demand" | "automation"; - triggerDetail?: "manual" | "ping" | "callback" | "system"; - reason?: string | null; - payload?: Record | null; - idempotencyKey?: string | null; - }, + data: AgentWakeRequest, companyId?: string, ) => api.post(agentPath(id, companyId, "/wakeup"), data), loginWithClaude: (id: string, companyId?: string) => diff --git a/ui/src/api/issues.ts b/ui/src/api/issues.ts index 027222a0..10427c50 100644 --- a/ui/src/api/issues.ts +++ b/ui/src/api/issues.ts @@ -12,6 +12,7 @@ import type { IssueComment, IssueDocument, IssueLabel, + IssueRetryNowResponse, IssueThreadInteraction, IssueTreeControlPreview, IssueTreeHold, @@ -43,6 +44,7 @@ export const issuesApi = { workspaceId?: string; executionWorkspaceId?: string; originKind?: string; + originKindPrefix?: string; originId?: string; descendantOf?: string; includeRoutineExecutions?: boolean; @@ -66,6 +68,7 @@ export const issuesApi = { if (filters?.workspaceId) params.set("workspaceId", filters.workspaceId); if (filters?.executionWorkspaceId) params.set("executionWorkspaceId", filters.executionWorkspaceId); if (filters?.originKind) params.set("originKind", filters.originKind); + if (filters?.originKindPrefix) params.set("originKindPrefix", filters.originKindPrefix); if (filters?.originId) params.set("originId", filters.originId); if (filters?.descendantOf) params.set("descendantOf", filters.descendantOf); if (filters?.includeRoutineExecutions) params.set("includeRoutineExecutions", "true"); @@ -126,6 +129,9 @@ export const issuesApi = { }>(`/issues/${id}/tree-control/state`), releaseTreeHold: (id: string, holdId: string, data: ReleaseIssueTreeHold) => api.post(`/issues/${id}/tree-holds/${holdId}/release`, data), + checkMonitorNow: (id: string) => api.post<{ ok: true }>(`/issues/${id}/monitor/check-now`, {}), + retryScheduledRetryNow: (id: string) => + api.post(`/issues/${id}/scheduled-retry/retry-now`, {}), remove: (id: string) => api.delete(`/issues/${id}`), checkout: (id: string, agentId: string) => api.post(`/issues/${id}/checkout`, { @@ -171,7 +177,10 @@ export const issuesApi = { getComment: (id: string, commentId: string) => api.get(`/issues/${id}/comments/${commentId}`), listFeedbackVotes: (id: string) => api.get(`/issues/${id}/feedback-votes`), - getCostSummary: (id: string) => api.get(`/issues/${id}/cost-summary`), + getCostSummary: (id: string, options: { excludeRoot?: boolean } = {}) => { + const qs = options.excludeRoot ? "?excludeRoot=true" : ""; + return api.get(`/issues/${id}/cost-summary${qs}`); + }, listFeedbackTraces: (id: string, filters?: Record) => { const params = new URLSearchParams(); for (const [key, value] of Object.entries(filters ?? {})) { diff --git a/ui/src/api/plugins.test.ts b/ui/src/api/plugins.test.ts new file mode 100644 index 00000000..20d1153b --- /dev/null +++ b/ui/src/api/plugins.test.ts @@ -0,0 +1,64 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; + +const mockApi = vi.hoisted(() => ({ + get: vi.fn(), + post: vi.fn(), + put: vi.fn(), +})); + +vi.mock("./client", () => ({ + api: mockApi, +})); + +import { pluginsApi } from "./plugins"; + +describe("pluginsApi local folders", () => { + beforeEach(() => { + mockApi.get.mockReset(); + mockApi.post.mockReset(); + mockApi.put.mockReset(); + mockApi.get.mockResolvedValue({}); + mockApi.post.mockResolvedValue({}); + mockApi.put.mockResolvedValue({}); + }); + + it("lists company-scoped local folders for a plugin", async () => { + await pluginsApi.listLocalFolders("plugin-1", "company-1"); + + expect(mockApi.get).toHaveBeenCalledWith( + "/plugins/plugin-1/companies/company-1/local-folders", + ); + }); + + it("validates a candidate folder path without saving", async () => { + await pluginsApi.validateLocalFolder("plugin-1", "company-1", "wiki-root", { + path: "/tmp/wiki", + access: "readWrite", + requiredFiles: ["WIKI.md"], + }); + + expect(mockApi.post).toHaveBeenCalledWith( + "/plugins/plugin-1/companies/company-1/local-folders/wiki-root/validate", + { + path: "/tmp/wiki", + access: "readWrite", + requiredFiles: ["WIKI.md"], + }, + ); + }); + + it("saves through the local-folder PUT endpoint", async () => { + await pluginsApi.configureLocalFolder("plugin-1", "company-1", "wiki-root", { + path: "/tmp/wiki", + requiredDirectories: ["wiki"], + }); + + expect(mockApi.put).toHaveBeenCalledWith( + "/plugins/plugin-1/companies/company-1/local-folders/wiki-root", + { + path: "/tmp/wiki", + requiredDirectories: ["wiki"], + }, + ); + }); +}); diff --git a/ui/src/api/plugins.ts b/ui/src/api/plugins.ts index 0edc580f..2e4c981a 100644 --- a/ui/src/api/plugins.ts +++ b/ui/src/api/plugins.ts @@ -14,6 +14,7 @@ import type { PluginLauncherDeclaration, PluginLauncherRenderContextSnapshot, PluginUiSlotDeclaration, + PluginLocalFolderDeclaration, PluginRecord, PluginConfig, PluginStatus, @@ -140,6 +141,54 @@ export interface AvailablePluginExample { tag: "example"; } +export interface PluginLocalFolderProblem { + code: + | "not_configured" + | "not_absolute" + | "missing" + | "not_directory" + | "not_readable" + | "not_writable" + | "missing_directory" + | "missing_file" + | "path_traversal" + | "symlink_escape" + | "atomic_write_failed"; + message: string; + path?: string; +} + +export interface PluginLocalFolderStatus { + folderKey: string; + configured: boolean; + path: string | null; + realPath: string | null; + access: "read" | "readWrite"; + readable: boolean; + writable: boolean; + requiredDirectories: string[]; + requiredFiles: string[]; + missingDirectories: string[]; + missingFiles: string[]; + healthy: boolean; + problems: PluginLocalFolderProblem[]; + checkedAt: string; +} + +export interface PluginLocalFoldersResponse { + pluginId: string; + companyId: string; + declarations: PluginLocalFolderDeclaration[]; + folders: PluginLocalFolderStatus[]; +} + +export interface PluginLocalFolderSaveInput { + path: string; + access?: "read" | "readWrite"; + requiredDirectories?: string[]; + requiredFiles?: string[]; +} + /** * Plugin management API client. * @@ -337,6 +386,48 @@ export const pluginsApi = { testConfig: (pluginId: string, configJson: Record) => api.post<{ valid: boolean; message?: string }>(`/plugins/${pluginId}/config/test`, { configJson }), + /** + * List manifest-declared and stored company-scoped local folders for a plugin. + */ + listLocalFolders: (pluginId: string, companyId: string) => + api.get(`/plugins/${pluginId}/companies/${companyId}/local-folders`), + + /** + * Inspect a configured local folder without changing persisted settings. + */ + localFolderStatus: (pluginId: string, companyId: string, folderKey: string) => + api.get( + `/plugins/${pluginId}/companies/${companyId}/local-folders/${encodeURIComponent(folderKey)}/status`, + ), + + /** + * Validate a candidate local folder path without saving it. + */ + validateLocalFolder: ( + pluginId: string, + companyId: string, + folderKey: string, + input: PluginLocalFolderSaveInput, + ) => + api.post( + `/plugins/${pluginId}/companies/${companyId}/local-folders/${encodeURIComponent(folderKey)}/validate`, + input, + ), + + /** + * Persist a company-scoped local folder path and return its inspected status. + */ + configureLocalFolder: ( + pluginId: string, + companyId: string, + folderKey: string, + input: PluginLocalFolderSaveInput, + ) => + api.put( + `/plugins/${pluginId}/companies/${companyId}/local-folders/${encodeURIComponent(folderKey)}`, + input, + ), + // =========================================================================== // Bridge proxy endpoints — used by the plugin UI bridge runtime // =========================================================================== diff --git a/ui/src/api/routines.ts b/ui/src/api/routines.ts index 0c6c0681..9bc1a25a 100644 --- a/ui/src/api/routines.ts +++ b/ui/src/api/routines.ts @@ -3,6 +3,7 @@ import type { Routine, RoutineDetail, RoutineListItem, + RoutineRevision, RoutineRun, RoutineRunSummary, RoutineTrigger, @@ -21,6 +22,18 @@ export interface RotateRoutineTriggerResponse { secretMaterial: RoutineTriggerSecretMaterial; } +export interface RestoreRoutineRevisionSecretMaterial extends RoutineTriggerSecretMaterial { + triggerId: string; +} + +export interface RestoreRoutineRevisionResponse { + routine: Routine; + revision: RoutineRevision; + restoredFromRevisionId: string; + restoredFromRevisionNumber: number; + secretMaterials: RestoreRoutineRevisionSecretMaterial[]; +} + export const routinesApi = { list: (companyId: string, filters?: { projectId?: string | null }) => { const params = new URLSearchParams(); @@ -32,6 +45,16 @@ export const routinesApi = { api.post(`/companies/${companyId}/routines`, data), get: (id: string) => api.get(`/routines/${id}`), update: (id: string, data: Record) => api.patch(`/routines/${id}`, data), + listRevisions: (id: string) => api.get(`/routines/${id}/revisions`), + restoreRevision: ( + id: string, + revisionId: string, + body: { changeSummary?: string | null } = {}, + ) => + api.post( + `/routines/${id}/revisions/${revisionId}/restore`, + body, + ), listRuns: (id: string, limit: number = 50) => api.get(`/routines/${id}/runs?limit=${limit}`), createTrigger: (id: string, data: Record) => api.post(`/routines/${id}/triggers`, data), diff --git a/ui/src/api/search.ts b/ui/src/api/search.ts new file mode 100644 index 00000000..a660dd33 --- /dev/null +++ b/ui/src/api/search.ts @@ -0,0 +1,23 @@ +import type { CompanySearchResponse, CompanySearchScope } from "@paperclipai/shared"; +import { api } from "./client"; + +export interface CompanySearchParams { + q: string; + scope?: CompanySearchScope; + limit?: number; + offset?: number; +} + +export const searchApi = { + search: (companyId: string, params: CompanySearchParams) => { + const search = new URLSearchParams(); + search.set("q", params.q); + if (params.scope) search.set("scope", params.scope); + if (params.limit !== undefined) search.set("limit", String(params.limit)); + if (params.offset !== undefined) search.set("offset", String(params.offset)); + const qs = search.toString(); + return api.get( + `/companies/${companyId}/search${qs ? `?${qs}` : ""}`, + ); + }, +}; diff --git a/ui/src/api/secrets.ts b/ui/src/api/secrets.ts index ba30328e..f2fea34d 100644 --- a/ui/src/api/secrets.ts +++ b/ui/src/api/secrets.ts @@ -1,30 +1,143 @@ -import type { CompanySecret, SecretProviderDescriptor, SecretProvider } from "@paperclipai/shared"; +import type { + CompanySecret, + CompanySecretUsageBinding, + CompanySecretProviderConfig, + RemoteSecretImportPreviewResult, + RemoteSecretImportResult, + SecretAccessEvent, + SecretManagedMode, + SecretProvider, + SecretProviderConfigStatus, + SecretProviderConfigHealthResponse, + SecretProviderDescriptor, + SecretStatus, +} from "@paperclipai/shared"; import { api } from "./client"; +export interface SecretUsageResponse { + secretId: string; + bindings: CompanySecretUsageBinding[]; +} + +export interface CreateSecretInput { + name: string; + key?: string; + provider?: SecretProvider; + managedMode?: SecretManagedMode; + value?: string | null; + description?: string | null; + externalRef?: string | null; + providerVersionRef?: string | null; + providerConfigId?: string | null; + providerMetadata?: Record | null; +} + +export interface SecretProviderHealthResponse { + providers: Array<{ + provider: SecretProvider; + status: "ok" | "warn" | "error"; + message: string; + warnings?: string[]; + backupGuidance?: string[]; + details?: Record; + }>; +} + +export interface UpdateSecretInput { + name?: string; + key?: string; + status?: SecretStatus; + description?: string | null; + externalRef?: string | null; + providerMetadata?: Record | null; +} + +export interface RotateSecretInput { + value?: string | null; + externalRef?: string | null; + providerVersionRef?: string | null; + providerConfigId?: string | null; +} + +export interface CreateSecretProviderConfigInput { + provider: SecretProvider; + displayName: string; + status?: SecretProviderConfigStatus; + isDefault?: boolean; + config?: Record; +} + +export interface UpdateSecretProviderConfigInput { + displayName?: string; + status?: SecretProviderConfigStatus; + isDefault?: boolean; + config?: Record; +} + +export interface RemoteImportPreviewInput { + providerConfigId: string; + query?: string | null; + nextToken?: string | null; + pageSize?: number; +} + +export interface RemoteImportSelectionInput { + externalRef: string; + name?: string | null; + key?: string | null; + description?: string | null; + providerVersionRef?: string | null; + providerMetadata?: Record | null; +} + +export interface RemoteImportInput { + providerConfigId: string; + secrets: RemoteImportSelectionInput[]; +} + export const secretsApi = { list: (companyId: string) => api.get(`/companies/${companyId}/secrets`), providers: (companyId: string) => api.get(`/companies/${companyId}/secret-providers`), - create: ( - companyId: string, - data: { - name: string; - value: string; - provider?: SecretProvider; - description?: string | null; - externalRef?: string | null; - }, - ) => api.post(`/companies/${companyId}/secrets`, data), - rotate: (id: string, data: { value: string; externalRef?: string | null }) => + providerHealth: (companyId: string) => + api.get(`/companies/${companyId}/secret-providers/health`), + providerConfigs: (companyId: string) => + api.get(`/companies/${companyId}/secret-provider-configs`), + createProviderConfig: (companyId: string, data: CreateSecretProviderConfigInput) => + api.post(`/companies/${companyId}/secret-provider-configs`, data), + updateProviderConfig: (id: string, data: UpdateSecretProviderConfigInput) => + api.patch(`/secret-provider-configs/${id}`, data), + disableProviderConfig: (id: string) => + api.delete(`/secret-provider-configs/${id}`), + setDefaultProviderConfig: (id: string) => + api.post(`/secret-provider-configs/${id}/default`, {}), + checkProviderConfigHealth: (id: string) => + api.post(`/secret-provider-configs/${id}/health`, {}), + create: (companyId: string, data: CreateSecretInput) => + api.post(`/companies/${companyId}/secrets`, data), + update: (id: string, data: UpdateSecretInput) => + api.patch(`/secrets/${id}`, data), + rotate: (id: string, data: RotateSecretInput) => api.post(`/secrets/${id}/rotate`, data), - update: ( - id: string, - data: { name?: string; description?: string | null; externalRef?: string | null }, - ) => api.patch(`/secrets/${id}`, data), + disable: (id: string) => + api.patch(`/secrets/${id}`, { status: "disabled" satisfies SecretStatus }), + enable: (id: string) => + api.patch(`/secrets/${id}`, { status: "active" satisfies SecretStatus }), + archive: (id: string) => + api.patch(`/secrets/${id}`, { status: "archived" satisfies SecretStatus }), remove: (id: string) => api.delete<{ ok: true }>(`/secrets/${id}`), usages: (id: string) => api.get<{ agents: { id: string; name: string; envKeys: string[] }[]; skills: { id: string; name: string; slug: string }[]; }>(`/secrets/${id}/usages`), + usage: (id: string) => api.get(`/secrets/${id}/usage`), + accessEvents: (id: string) => api.get(`/secrets/${id}/access-events`), + remoteImportPreview: (companyId: string, data: RemoteImportPreviewInput) => + api.post( + `/companies/${companyId}/secrets/remote-import/preview`, + data, + ), + remoteImport: (companyId: string, data: RemoteImportInput) => + api.post(`/companies/${companyId}/secrets/remote-import`, data), }; diff --git a/ui/src/components/ActiveAgentsPanel.test.tsx b/ui/src/components/ActiveAgentsPanel.test.tsx index 5a528976..8918ae15 100644 --- a/ui/src/components/ActiveAgentsPanel.test.tsx +++ b/ui/src/components/ActiveAgentsPanel.test.tsx @@ -11,7 +11,7 @@ const mockHeartbeatsApi = vi.hoisted(() => ({ })); const mockIssuesApi = vi.hoisted(() => ({ - list: vi.fn(), + get: vi.fn(), })); vi.mock("@/lib/router", () => ({ @@ -55,6 +55,20 @@ async function flushReact() { }); } +async function waitForMicrotaskAssertion(assertion: () => void, attempts = 20) { + let lastError: unknown; + for (let index = 0; index < attempts; index += 1) { + await flushReact(); + try { + assertion(); + return; + } catch (error) { + lastError = error; + } + } + throw lastError; +} + function createRun(index: number) { return { id: `run-${index}`, @@ -71,6 +85,37 @@ function createRun(index: number) { }; } +function createIssueRun(index: number, issueId: string) { + return { + ...createRun(index), + issueId, + }; +} + +function createIssue(id: string, identifier: string, title: string) { + return { + id, + companyId: "company-1", + identifier, + title, + description: null, + status: "in_progress", + priority: "medium", + assigneeAgentId: null, + assigneeUserId: null, + parentId: null, + projectId: null, + projectWorkspaceId: null, + executionWorkspaceId: null, + goalId: null, + labels: [], + blockedByIssueIds: [], + blocksIssueIds: [], + createdAt: "2026-04-24T12:00:00.000Z", + updatedAt: "2026-04-24T12:00:00.000Z", + }; +} + describe("ActiveAgentsPanel", () => { let container: HTMLDivElement; @@ -78,7 +123,7 @@ describe("ActiveAgentsPanel", () => { container = document.createElement("div"); document.body.appendChild(container); mockHeartbeatsApi.liveRunsForCompany.mockResolvedValue([1, 2, 3, 4, 5].map(createRun)); - mockIssuesApi.list.mockResolvedValue([]); + mockIssuesApi.get.mockRejectedValue(new Error("Issue not found")); }); afterEach(() => { @@ -149,4 +194,42 @@ describe("ActiveAgentsPanel", () => { root.unmount(); }); }); + + it("loads exact visible run issues so task names render even when the issue list page would miss them", async () => { + mockHeartbeatsApi.liveRunsForCompany.mockResolvedValue([ + createIssueRun(1, "65274215-0000-4000-8000-000000000000"), + ]); + mockIssuesApi.get.mockResolvedValue(createIssue( + "65274215-0000-4000-8000-000000000000", + "PAP-3562", + "Phase 4B: Implement LLM Wiki distillation UI", + )); + + const root = createRoot(container); + const queryClient = new QueryClient({ + defaultOptions: { queries: { retry: false } }, + }); + + await act(async () => { + root.render( + + + , + ); + }); + await flushReact(); + + await waitForMicrotaskAssertion(() => { + expect(mockIssuesApi.get).toHaveBeenCalledWith("65274215-0000-4000-8000-000000000000"); + const issueLink = [...container.querySelectorAll("a")].find((anchor) => + anchor.textContent?.includes("Phase 4B"), + ); + expect(issueLink?.textContent).toBe("PAP-3562 - Phase 4B: Implement LLM Wiki distillation UI"); + expect(issueLink?.getAttribute("href")).toBe("/issues/PAP-3562"); + }); + + await act(async () => { + root.unmount(); + }); + }); }); diff --git a/ui/src/components/ActiveAgentsPanel.tsx b/ui/src/components/ActiveAgentsPanel.tsx index 1b49624a..905c2147 100644 --- a/ui/src/components/ActiveAgentsPanel.tsx +++ b/ui/src/components/ActiveAgentsPanel.tsx @@ -1,6 +1,6 @@ import { memo, useMemo } from "react"; import { Link } from "@/lib/router"; -import { useQuery } from "@tanstack/react-query"; +import { useQueries, useQuery } from "@tanstack/react-query"; import type { Issue } from "@paperclipai/shared"; import { heartbeatsApi, type LiveRunForIssue } from "../api/heartbeats"; import type { TranscriptEntry } from "../adapters"; @@ -56,19 +56,28 @@ export function ActiveAgentsPanel({ const runs = liveRuns ?? []; const visibleRuns = useMemo(() => runs.slice(0, cardLimit), [cardLimit, runs]); const hiddenRunCount = Math.max(0, runs.length - visibleRuns.length); - const { data: issues } = useQuery({ - queryKey: [...queryKeys.issues.list(companyId), "with-routine-executions"], - queryFn: () => issuesApi.list(companyId, { includeRoutineExecutions: true }), - enabled: visibleRuns.length > 0, + const visibleIssueIds = useMemo( + () => [...new Set(visibleRuns.map((run) => run.issueId).filter((issueId): issueId is string => Boolean(issueId)))], + [visibleRuns], + ); + + const issueQueries = useQueries({ + queries: visibleIssueIds.map((issueId) => ({ + queryKey: queryKeys.issues.detail(issueId), + queryFn: () => issuesApi.get(issueId), + staleTime: 30_000, + retry: false, + })), }); const issueById = useMemo(() => { const map = new Map(); - for (const issue of issues ?? []) { - map.set(issue.id, issue); + for (const query of issueQueries) { + const issue = query.data; + if (issue) map.set(issue.id, issue); } return map; - }, [issues]); + }, [issueQueries]); const { transcriptByRun, hasOutputForRun } = useLiveRunTranscripts({ runs: visibleRuns, diff --git a/ui/src/components/ActivityRow.tsx b/ui/src/components/ActivityRow.tsx index 83a502cb..13d335e8 100644 --- a/ui/src/components/ActivityRow.tsx +++ b/ui/src/components/ActivityRow.tsx @@ -1,5 +1,6 @@ import { Link } from "@/lib/router"; -import { Identity } from "./Identity"; +import { Avatar, AvatarFallback, AvatarImage } from "@/components/ui/avatar"; +import { deriveInitials } from "./Identity"; import { IssueReferenceActivitySummary } from "./IssueReferenceActivitySummary"; import { timeAgo } from "../lib/timeAgo"; import { cn } from "../lib/utils"; @@ -52,19 +53,20 @@ export function ActivityRow({ event, agentMap, userProfileMap, entityNameMap, en const inner = (
    -
    -

    - - {verb} - {name && {name}} - {entityTitle && — {entityTitle}} -

    - {timeAgo(event.createdAt)} +
    +
    + + {actorAvatarUrl && } + {deriveInitials(actorName)} + +

    + {actorName} + {verb} + {name && {name}} + {entityTitle && — {entityTitle}} +

    +
    + {timeAgo(event.createdAt)}
    diff --git a/ui/src/components/AgentConfigForm.tsx b/ui/src/components/AgentConfigForm.tsx index c36463ab..59c967c8 100644 --- a/ui/src/components/AgentConfigForm.tsx +++ b/ui/src/components/AgentConfigForm.tsx @@ -20,6 +20,7 @@ import { } from "@paperclipai/adapter-codex-local"; import { DEFAULT_CURSOR_LOCAL_MODEL } from "@paperclipai/adapter-cursor-local"; import { DEFAULT_GEMINI_LOCAL_MODEL } from "@paperclipai/adapter-gemini-local"; +import { DEFAULT_OPENCODE_LOCAL_MODEL } from "@paperclipai/adapter-opencode-local"; import { Popover, PopoverContent, @@ -27,7 +28,7 @@ import { } from "@/components/ui/popover"; import { Button } from "@/components/ui/button"; import { FolderOpen, Heart, ChevronDown, X } from "lucide-react"; -import { cn } from "../lib/utils"; +import { asBoolean, asFiniteNumber, asObject, cn } from "../lib/utils"; import { extractModelName, extractProviderId } from "../lib/model-utils"; import { queryKeys } from "../lib/queryKeys"; import { useCompany } from "../context/CompanyContext"; @@ -56,6 +57,7 @@ import { getAdapterDisplay, getAdapterLabel } from "../adapters/adapter-display- import { useDisabledAdaptersSync } from "../adapters/use-disabled-adapters"; import { buildAgentUpdatePatch, type AgentConfigOverlay } from "../lib/agent-config-patch"; import { useAdapterCapabilities } from "../adapters/use-adapter-capabilities"; +import { filterAcpxModelsByAgent } from "../lib/acpx-model-filter"; /* ---- Create mode values ---- */ @@ -175,6 +177,19 @@ const claudeThinkingEffortOptions = [ { id: "high", label: "High" }, ] as const; +const MAX_TURN_CONTINUATION_DEFAULT_MAX_ATTEMPTS = 2; +const MAX_TURN_CONTINUATION_MAX_ATTEMPTS_CAP = 10; +const MAX_TURN_CONTINUATION_DEFAULT_DELAY_SEC = 1; +const MAX_TURN_CONTINUATION_MAX_DELAY_SEC = 300; + +function clampInteger(value: number, min: number, max: number) { + return Math.max(min, Math.min(max, Math.floor(value))); +} + +function clampDelayMsFromSeconds(value: number) { + return clampInteger(value, 0, MAX_TURN_CONTINUATION_MAX_DELAY_SEC) * 1000; +} + /* ---- Form ---- */ @@ -309,6 +324,17 @@ export function AgentConfigForm(props: AgentConfigFormProps) { () => new Set(supportedEnvironmentDriversForAdapter(adapterType)), [adapterType], ); + const val = isCreate ? props.values : null; + const set = isCreate + ? (patch: Partial) => props.onChange(patch) + : null; + const currentDefaultEnvironmentId = isCreate + ? val!.defaultEnvironmentId ?? "" + : eff("identity", "defaultEnvironmentId", props.agent.defaultEnvironmentId ?? ""); + const currentDefaultEnvironment = useMemo( + () => environments.find((environment) => environment.id === currentDefaultEnvironmentId) ?? null, + [currentDefaultEnvironmentId, environments], + ); const runnableEnvironments = useMemo( () => environments.filter((environment) => { if (!supportedEnvironmentDrivers.has(environment.driver)) return false; @@ -321,21 +347,35 @@ export function AgentConfigForm(props: AgentConfigFormProps) { // Fetch adapter models for the effective adapter type const modelQueryKey = selectedCompanyId - ? queryKeys.agents.adapterModels(selectedCompanyId, adapterType) + ? queryKeys.agents.adapterModels(selectedCompanyId, adapterType, currentDefaultEnvironmentId || null) : ["agents", "none", "adapter-models", adapterType]; const { data: fetchedModels, error: fetchedModelsError, } = useQuery({ queryKey: modelQueryKey, - queryFn: () => agentsApi.adapterModels(selectedCompanyId!, adapterType), + queryFn: () => agentsApi.adapterModels(selectedCompanyId!, adapterType, { + environmentId: currentDefaultEnvironmentId || null, + }), enabled: Boolean(selectedCompanyId), }); const [refreshModelsError, setRefreshModelsError] = useState(null); const [refreshingModels, setRefreshingModels] = useState(false); - const models = fetchedModels ?? externalModels ?? []; + const rawModels = fetchedModels ?? externalModels ?? []; const adapterCommandField = adapterType === "hermes_local" ? "hermesCommand" : "command"; + const acpxAgent = + adapterType === "acpx_local" + ? isCreate + ? String(val!.adapterSchemaValues?.agent ?? "claude") + : eff("adapterConfig", "agent", String(config.agent ?? "claude")) + : ""; + const models = useMemo( + () => adapterType === "acpx_local" + ? filterAcpxModelsByAgent(rawModels, acpxAgent) + : rawModels, + [adapterType, rawModels, acpxAgent], + ); const { data: detectedModelData, refetch: refetchDetectedModel, @@ -349,7 +389,7 @@ export function AgentConfigForm(props: AgentConfigFormProps) { } return agentsApi.detectModel(selectedCompanyId, adapterType); }, - enabled: Boolean(selectedCompanyId && isLocal), + enabled: Boolean(selectedCompanyId && isLocal && adapterType !== "opencode_local"), }); const detectedModel = detectedModelData?.model ?? null; const detectedModelCandidates = detectedModelData?.candidates ?? []; @@ -402,12 +442,6 @@ export function AgentConfigForm(props: AgentConfigFormProps) { return typeof value === "string" ? value : ""; }, [adapterCheapDefault]); - // Create mode helpers - const val = isCreate ? props.values : null; - const set = isCreate - ? (patch: Partial) => props.onChange(patch) - : null; - function buildAdapterConfigForTest(): Record { if (isCreate) { return uiAdapter.buildAdapterConfig(val!); @@ -433,15 +467,9 @@ export function AgentConfigForm(props: AgentConfigFormProps) { if (!selectedCompanyId) { throw new Error("Select a company to test adapter environment"); } - const selectedEnvironmentId = isCreate - ? val!.defaultEnvironmentId ?? null - : eff("identity", "defaultEnvironmentId", props.agent.defaultEnvironmentId ?? null); return agentsApi.testEnvironment(selectedCompanyId, adapterType, { adapterConfig: buildAdapterConfigForTest(), - environmentId: - typeof selectedEnvironmentId === "string" && selectedEnvironmentId.length > 0 - ? selectedEnvironmentId - : null, + environmentId: currentDefaultEnvironmentId || null, }); }, }); @@ -512,19 +540,23 @@ export function AgentConfigForm(props: AgentConfigFormProps) { const thinkingEffortKey = adapterType === "codex_local" ? "modelReasoningEffort" - : adapterType === "cursor" - ? "mode" - : adapterType === "opencode_local" - ? "variant" - : "effort"; + : adapterType === "acpx_local" && acpxAgent === "codex" + ? "modelReasoningEffort" + : adapterType === "cursor" + ? "mode" + : adapterType === "opencode_local" + ? "variant" + : "effort"; const thinkingEffortOptions = adapterType === "codex_local" ? codexThinkingEffortOptions - : adapterType === "cursor" - ? cursorModeOptions - : adapterType === "opencode_local" - ? openCodeThinkingEffortOptions - : claudeThinkingEffortOptions; + : adapterType === "acpx_local" && acpxAgent === "codex" + ? codexThinkingEffortOptions + : adapterType === "cursor" + ? cursorModeOptions + : adapterType === "opencode_local" + ? openCodeThinkingEffortOptions + : claudeThinkingEffortOptions; const currentThinkingEffort = isCreate ? val!.thinkingEffort : adapterType === "codex_local" @@ -533,12 +565,18 @@ export function AgentConfigForm(props: AgentConfigFormProps) { "modelReasoningEffort", String(config.modelReasoningEffort ?? config.reasoningEffort ?? ""), ) - : adapterType === "cursor" - ? eff("adapterConfig", "mode", String(config.mode ?? "")) - : adapterType === "opencode_local" - ? eff("adapterConfig", "variant", String(config.variant ?? "")) - : eff("adapterConfig", "effort", String(config.effort ?? "")); - const showThinkingEffort = adapterType !== "gemini_local"; + : adapterType === "acpx_local" && acpxAgent === "codex" + ? eff( + "adapterConfig", + "modelReasoningEffort", + String(config.modelReasoningEffort ?? config.reasoningEffort ?? config.effort ?? ""), + ) + : adapterType === "cursor" + ? eff("adapterConfig", "mode", String(config.mode ?? "")) + : adapterType === "opencode_local" + ? eff("adapterConfig", "variant", String(config.variant ?? "")) + : eff("adapterConfig", "effort", String(config.effort ?? "")); + const showThinkingEffort = adapterType !== "gemini_local" && adapterType !== "cursor_cloud"; const codexSearchEnabled = adapterType === "codex_local" ? (isCreate ? Boolean(val!.search) : eff("adapterConfig", "search", Boolean(config.search))) : false; @@ -625,9 +663,27 @@ export function AgentConfigForm(props: AgentConfigFormProps) { heartbeat: mergedHeartbeat, }; }, [isCreate, overlay.heartbeat, runtimeConfig, val]); - const currentDefaultEnvironmentId = isCreate - ? val!.defaultEnvironmentId ?? "" - : eff("identity", "defaultEnvironmentId", props.agent.defaultEnvironmentId ?? ""); + const effectiveHeartbeat = asObject(effectiveRuntimeConfig.heartbeat); + const maxTurnContinuation = asObject(effectiveHeartbeat.maxTurnContinuation); + const maxTurnContinuationEnabled = asBoolean(maxTurnContinuation.enabled, true); + const maxTurnContinuationMaxAttempts = clampInteger( + asFiniteNumber(maxTurnContinuation.maxAttempts, MAX_TURN_CONTINUATION_DEFAULT_MAX_ATTEMPTS), + 0, + MAX_TURN_CONTINUATION_MAX_ATTEMPTS_CAP, + ); + const maxTurnContinuationDelaySec = clampInteger( + asFiniteNumber(maxTurnContinuation.delayMs, MAX_TURN_CONTINUATION_DEFAULT_DELAY_SEC * 1000) / 1000, + 0, + MAX_TURN_CONTINUATION_MAX_DELAY_SEC, + ); + + function updateMaxTurnContinuation(patch: Record) { + mark("heartbeat", "maxTurnContinuation", { + ...maxTurnContinuation, + ...patch, + }); + } + return (
    {/* ---- Floating Save button (edit mode, when dirty) ---- */} @@ -800,7 +856,7 @@ export function AgentConfigForm(props: AgentConfigFormProps) { } else if (t === "cursor") { nextValues.model = DEFAULT_CURSOR_LOCAL_MODEL; } else if (t === "opencode_local") { - nextValues.model = ""; + nextValues.model = DEFAULT_OPENCODE_LOCAL_MODEL; } set!(nextValues); } else { @@ -816,9 +872,11 @@ export function AgentConfigForm(props: AgentConfigFormProps) { ? DEFAULT_CODEX_LOCAL_MODEL : t === "gemini_local" ? DEFAULT_GEMINI_LOCAL_MODEL + : t === "opencode_local" + ? DEFAULT_OPENCODE_LOCAL_MODEL : t === "cursor" ? DEFAULT_CURSOR_LOCAL_MODEL - : "", + : "", effort: "", modelReasoningEffort: "", variant: "", @@ -941,11 +999,17 @@ export function AgentConfigForm(props: AgentConfigFormProps) { creatable detectedModel={detectedModel} detectedModelCandidates={[]} - onDetectModel={async () => { - const result = await refetchDetectedModel(); - return result.data?.model ?? null; - }} - onRefreshModels={adapterType === "codex_local" ? handleRefreshModels : undefined} + onDetectModel={adapterType === "opencode_local" + ? undefined + : async () => { + const result = await refetchDetectedModel(); + return result.data?.model ?? null; + }} + onRefreshModels={ + adapterType === "codex_local" || adapterType === "acpx_local" + ? handleRefreshModels + : undefined + } refreshingModels={refreshingModels} detectModelLabel="Detect model" emptyDetectHint="No model detected. Select or enter one manually." @@ -958,6 +1022,13 @@ export function AgentConfigForm(props: AgentConfigFormProps) { : "Failed to load adapter models.")}

    )} + {adapterType === "opencode_local" + && currentDefaultEnvironment + && currentDefaultEnvironment.driver !== "local" && ( +

    + Live OpenCode model discovery only runs for Local environments. Using the curated list and manual entry for {currentDefaultEnvironment.name}. +

    + )} {supportsModelProfiles && ( +
    + updateMaxTurnContinuation({ enabled: v })} + /> + {maxTurnContinuationEnabled ? ( +
    + + + updateMaxTurnContinuation({ + maxAttempts: clampInteger(v, 0, MAX_TURN_CONTINUATION_MAX_ATTEMPTS_CAP), + })} + immediate + className={inputClass} + /> + + + + updateMaxTurnContinuation({ + delayMs: clampDelayMsFromSeconds(v), + })} + immediate + className={inputClass} + /> + +
    + ) : null} +
    diff --git a/ui/src/components/CommandPalette.test.tsx b/ui/src/components/CommandPalette.test.tsx index 165f1390..11303f29 100644 --- a/ui/src/components/CommandPalette.test.tsx +++ b/ui/src/components/CommandPalette.test.tsx @@ -1,7 +1,7 @@ // @vitest-environment jsdom import { act } from "react"; -import type { ReactNode } from "react"; +import type { KeyboardEventHandler, ReactNode } from "react"; import { createRoot } from "react-dom/client"; import { QueryClient, QueryClientProvider } from "@tanstack/react-query"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; @@ -46,8 +46,12 @@ vi.mock("../context/SidebarContext", () => ({ useSidebar: () => sidebarState, })); +const navigateState = vi.hoisted(() => ({ + navigate: vi.fn(), +})); + vi.mock("@/lib/router", () => ({ - useNavigate: () => vi.fn(), + useNavigate: () => navigateState.navigate, })); vi.mock("../api/issues", () => ({ @@ -73,15 +77,18 @@ vi.mock("@/components/ui/command", () => ({ CommandInput: ({ value, onValueChange, + onKeyDown, }: { value: string; onValueChange: (value: string) => void; + onKeyDown?: KeyboardEventHandler; }) => (
    onValueChange(event.currentTarget.value)} + onKeyDown={onKeyDown} />
    @@ -89,10 +96,16 @@ vi.mock("@/components/ui/command", () => ({ CommandItem: ({ children, onSelect, + "data-testid": testId, }: { children: ReactNode; onSelect?: () => void; - }) => , + "data-testid"?: string; + }) => ( + + ), CommandList: ({ children }: { children: ReactNode }) =>
    {children}
    , CommandSeparator: () =>
    , })); @@ -153,6 +166,7 @@ describe("CommandPalette", () => { mockIssuesApi.list.mockReset(); mockAgentsApi.list.mockReset(); mockProjectsApi.list.mockReset(); + navigateState.navigate.mockReset(); mockIssuesApi.list.mockResolvedValue([]); mockAgentsApi.list.mockResolvedValue([]); mockProjectsApi.list.mockResolvedValue([]); @@ -188,4 +202,78 @@ describe("CommandPalette", () => { root.unmount(); }); }); + + it("offers a Search-all command when the query is non-empty and routes Enter to /search when no issues match", async () => { + mockIssuesApi.list.mockResolvedValue([]); + const { root } = renderWithQueryClient(, container); + + act(() => { + document.dispatchEvent(new KeyboardEvent("keydown", { key: "k", metaKey: true, bubbles: true })); + }); + + const input = container.querySelector('input[aria-label="Command search"]') as HTMLInputElement; + expect(input).not.toBeNull(); + + act(() => { + const nativeSetter = Object.getOwnPropertyDescriptor(HTMLInputElement.prototype, "value")!.set!; + nativeSetter.call(input, "auth flake"); + input.dispatchEvent(new Event("input", { bubbles: true })); + }); + + await waitForAssertion(() => { + const searchAllButton = container.querySelector( + 'button[data-testid="command-search-all"]', + ) as HTMLButtonElement | null; + expect(searchAllButton).not.toBeNull(); + expect(searchAllButton!.textContent).toContain("auth flake"); + }); + + act(() => { + input.dispatchEvent(new KeyboardEvent("keydown", { key: "Enter", bubbles: true })); + }); + + await waitForAssertion(() => { + expect(navigateState.navigate).toHaveBeenCalledWith("/search?q=auth%20flake"); + }); + + act(() => { + root.unmount(); + }); + }); + + it("navigates to /search when the user clicks the Search-all command", async () => { + mockIssuesApi.list.mockResolvedValue([]); + const { root } = renderWithQueryClient(, container); + + act(() => { + document.dispatchEvent(new KeyboardEvent("keydown", { key: "k", metaKey: true, bubbles: true })); + }); + + const input = container.querySelector('input[aria-label="Command search"]') as HTMLInputElement; + act(() => { + const nativeSetter = Object.getOwnPropertyDescriptor(HTMLInputElement.prototype, "value")!.set!; + nativeSetter.call(input, "deflake"); + input.dispatchEvent(new Event("input", { bubbles: true })); + }); + + let searchAllButton: HTMLButtonElement | null = null; + await waitForAssertion(() => { + searchAllButton = container.querySelector( + 'button[data-testid="command-search-all"]', + ) as HTMLButtonElement | null; + expect(searchAllButton).not.toBeNull(); + }); + + act(() => { + searchAllButton!.dispatchEvent(new MouseEvent("click", { bubbles: true })); + }); + + await waitForAssertion(() => { + expect(navigateState.navigate).toHaveBeenCalledWith("/search?q=deflake"); + }); + + act(() => { + root.unmount(); + }); + }); }); diff --git a/ui/src/components/CommandPalette.tsx b/ui/src/components/CommandPalette.tsx index 28530042..f5f2fa5f 100644 --- a/ui/src/components/CommandPalette.tsx +++ b/ui/src/components/CommandPalette.tsx @@ -28,10 +28,18 @@ import { History, SquarePen, Plus, + Search, } from "lucide-react"; import { Identity } from "./Identity"; import { agentUrl, projectUrl } from "../lib/utils"; +const SEARCH_ALL_VALUE = "__paperclip-search-all__"; + +export function buildFullSearchPath(query: string) { + const trimmed = query.trim(); + return trimmed.length === 0 ? "/search" : `/search?q=${encodeURIComponent(trimmed)}`; +} + export function CommandPalette() { const [open, setOpen] = useState(false); const [query, setQuery] = useState(""); @@ -90,6 +98,10 @@ export function CommandPalette() { navigate(path); } + function goFullSearch() { + go(buildFullSearchPath(searchQuery)); + } + const agentName = (id: string | null) => { if (!id) return null; return agents.find((a) => a.id === id)?.name ?? null; @@ -100,6 +112,9 @@ export function CommandPalette() { [issues, searchedIssues, searchQuery], ); + const showSearchAll = searchQuery.length > 0; + const showEmptyHint = showSearchAll && visibleIssues.length === 0; + return ( { setOpen(v); @@ -109,9 +124,47 @@ export function CommandPalette() { placeholder="Search issues, agents, projects..." value={query} onValueChange={setQuery} + onKeyDown={(event) => { + if (event.key === "Enter" && showEmptyHint) { + event.preventDefault(); + goFullSearch(); + } + }} /> - No results found. + + {showSearchAll ? ( + + No quick issue matches. Press{" "} + {" "} + to search all or keep typing to refine. + + ) : ( + "No results found." + )} + + + {showSearchAll ? ( + + + + + Search all for “{searchQuery}” + + + open full search + + + + + ) : null} + + {showSearchAll ? : null} { authorAgentId: null, authorUserId: "local-board", body: "Please continue validation.", + authorType: "user", + presentation: null, + metadata: null, followUpRequested: true, createdAt: new Date("2026-03-11T10:00:00.000Z"), updatedAt: new Date("2026-03-11T10:00:00.000Z"), @@ -349,6 +352,9 @@ describe("CommentThread", () => { authorAgentId: null, authorUserId: "user-1", body: "Hello from the comment body", + authorType: "user", + presentation: null, + metadata: null, createdAt: new Date("2026-03-11T11:00:00.000Z"), updatedAt: new Date("2026-03-11T11:00:00.000Z"), }]} diff --git a/ui/src/components/CommentThread.tsx b/ui/src/components/CommentThread.tsx index 080b3e97..e80abea7 100644 --- a/ui/src/components/CommentThread.tsx +++ b/ui/src/components/CommentThread.tsx @@ -20,7 +20,7 @@ import { OutputFeedbackButtons } from "./OutputFeedbackButtons"; import { ApprovalCard } from "./ApprovalCard"; import { AgentIcon } from "./AgentIconPicker"; import { formatAssigneeUserLabel } from "../lib/assignees"; -import type { IssueTimelineAssignee, IssueTimelineEvent } from "../lib/issue-timeline-events"; +import { formatTimelineWorkspaceLabel, type IssueTimelineAssignee, type IssueTimelineEvent } from "../lib/issue-timeline-events"; import { timeAgo } from "../lib/timeAgo"; import { cn, formatDateTime } from "../lib/utils"; import { restoreSubmittedCommentDraft } from "../lib/comment-submit-draft"; @@ -535,6 +535,21 @@ function TimelineEventCard({
    ) : null} + + {event.workspaceChange ? ( +
    + + Workspace + + + {formatTimelineWorkspaceLabel(event.workspaceChange.from)} + + + + {formatTimelineWorkspaceLabel(event.workspaceChange.to)} + +
    + ) : null}
    ); diff --git a/ui/src/components/CompanyRail.tsx b/ui/src/components/CompanyRail.tsx deleted file mode 100644 index 2766a16b..00000000 --- a/ui/src/components/CompanyRail.tsx +++ /dev/null @@ -1,260 +0,0 @@ -import { useCallback, useMemo } from "react"; -import { Paperclip, Plus } from "lucide-react"; -import { useQueries, useQuery } from "@tanstack/react-query"; -import { - DndContext, - closestCenter, - MouseSensor, - useSensor, - useSensors, - type DragEndEvent, -} from "@dnd-kit/core"; -import { - SortableContext, - useSortable, - verticalListSortingStrategy, - arrayMove, -} from "@dnd-kit/sortable"; -import { CSS } from "@dnd-kit/utilities"; -import { useCompany } from "../context/CompanyContext"; -import { useDialogActions } from "../context/DialogContext"; -import { cn } from "../lib/utils"; -import { queryKeys } from "../lib/queryKeys"; -import { sidebarBadgesApi } from "../api/sidebarBadges"; -import { heartbeatsApi } from "../api/heartbeats"; -import { authApi } from "../api/auth"; -import { useCompanyOrder } from "../hooks/useCompanyOrder"; -import { useLocation, useNavigate } from "@/lib/router"; -import { - Tooltip, - TooltipContent, - TooltipTrigger, -} from "@/components/ui/tooltip"; -import type { Company } from "@paperclipai/shared"; -import { CompanyPatternIcon } from "./CompanyPatternIcon"; - -function SortableCompanyItem({ - company, - isSelected, - hasLiveAgents, - hasUnreadInbox, - onSelect, -}: { - company: Company; - isSelected: boolean; - hasLiveAgents: boolean; - hasUnreadInbox: boolean; - onSelect: () => void; -}) { - const { - attributes, - listeners, - setNodeRef, - transform, - transition, - isDragging, - } = useSortable({ id: company.id }); - - const style = { - transform: CSS.Transform.toString(transform), - transition, - zIndex: isDragging ? 10 : undefined, - opacity: isDragging ? 0.8 : 1, - }; - - return ( -
    - - - { - if (isDragging) { - e.preventDefault(); - return; - } - e.preventDefault(); - onSelect(); - }} - className="relative flex items-center justify-center group overflow-visible" - > - {/* Selection indicator pill */} - - ); -} - -export function CompanyRail() { - const { companies, selectedCompanyId, setSelectedCompanyId } = useCompany(); - const { openOnboarding } = useDialogActions(); - const navigate = useNavigate(); - const location = useLocation(); - const isInstanceRoute = location.pathname.startsWith("/instance/"); - const highlightedCompanyId = isInstanceRoute ? null : selectedCompanyId; - const sidebarCompanies = useMemo( - () => companies.filter((company) => company.status !== "archived"), - [companies], - ); - const { data: session } = useQuery({ - queryKey: queryKeys.auth.session, - queryFn: () => authApi.getSession(), - }); - const currentUserId = session?.user?.id ?? session?.session?.userId ?? null; - const companyIds = useMemo(() => sidebarCompanies.map((company) => company.id), [sidebarCompanies]); - - const liveRunsQueries = useQueries({ - queries: companyIds.map((companyId) => ({ - queryKey: queryKeys.liveRuns(companyId), - queryFn: () => heartbeatsApi.liveRunsForCompany(companyId), - refetchInterval: 10_000, - })), - }); - const sidebarBadgeQueries = useQueries({ - queries: companyIds.map((companyId) => ({ - queryKey: queryKeys.sidebarBadges(companyId), - queryFn: () => sidebarBadgesApi.get(companyId), - refetchInterval: 15_000, - })), - }); - const hasLiveAgentsByCompanyId = useMemo(() => { - const result = new Map(); - companyIds.forEach((companyId, index) => { - result.set(companyId, (liveRunsQueries[index]?.data?.length ?? 0) > 0); - }); - return result; - }, [companyIds, liveRunsQueries]); - const hasUnreadInboxByCompanyId = useMemo(() => { - const result = new Map(); - companyIds.forEach((companyId, index) => { - result.set(companyId, (sidebarBadgeQueries[index]?.data?.inbox ?? 0) > 0); - }); - return result; - }, [companyIds, sidebarBadgeQueries]); - - const { orderedCompanies, persistOrder } = useCompanyOrder({ - companies: sidebarCompanies, - userId: currentUserId, - }); - - // Require 8px of movement before starting a drag to avoid interfering with clicks - const sensors = useSensors( - // Keep sidebar reordering mouse-only so touch input can scroll/tap without drag affordances. - useSensor(MouseSensor, { - activationConstraint: { distance: 8 }, - }) - ); - - const handleDragEnd = useCallback( - (event: DragEndEvent) => { - const { active, over } = event; - if (!over || active.id === over.id) return; - - const ids = orderedCompanies.map((c) => c.id); - const oldIndex = ids.indexOf(active.id as string); - const newIndex = ids.indexOf(over.id as string); - if (oldIndex === -1 || newIndex === -1) return; - - persistOrder(arrayMove(ids, oldIndex, newIndex)); - }, - [orderedCompanies, persistOrder] - ); - - return ( -
    - {/* Paperclip icon - aligned with top sections (implied line, no visible border) */} -
    - -
    - - {/* Company list */} -
    - - c.id)} - strategy={verticalListSortingStrategy} - > - {orderedCompanies.map((company) => ( - { - setSelectedCompanyId(company.id); - if (isInstanceRoute) { - navigate(`/${company.issuePrefix}/dashboard`); - } - }} - /> - ))} - - -
    - - {/* Separator before add button */} -
    - - {/* Add company button */} -
    - - - - - -

    Add company

    -     -     -
    -
    - ); -} diff --git a/ui/src/components/CompanySettingsSidebar.test.tsx b/ui/src/components/CompanySettingsSidebar.test.tsx index 452219b3..429d0812 100644 --- a/ui/src/components/CompanySettingsSidebar.test.tsx +++ b/ui/src/components/CompanySettingsSidebar.test.tsx @@ -53,6 +53,10 @@ vi.mock("./SidebarNavItem", () => ({ }, })); +vi.mock("./SidebarCompanyMenu", () => ({ + SidebarCompanyMenu: () =>
    Workspace switcher
    , +})); + vi.mock("@/api/sidebarBadges", () => ({ sidebarBadgesApi: mockSidebarBadgesApi, })); @@ -108,6 +112,7 @@ describe("CompanySettingsSidebar", () => { expect(container.textContent).toContain("Environments"); expect(container.textContent).toContain("Access"); expect(container.textContent).toContain("Invites"); + expect(container.textContent).toContain("Secrets"); expect(sidebarNavItemMock).toHaveBeenCalledWith( expect.objectContaining({ to: "/company/settings", @@ -137,6 +142,13 @@ describe("CompanySettingsSidebar", () => { end: true, }), ); + expect(sidebarNavItemMock).toHaveBeenCalledWith( + expect.objectContaining({ + to: "/company/settings/secrets", + label: "Secrets", + end: true, + }), + ); await act(async () => { root.unmount(); diff --git a/ui/src/components/CompanySettingsSidebar.tsx b/ui/src/components/CompanySettingsSidebar.tsx index 57ddcf06..4adeb24d 100644 --- a/ui/src/components/CompanySettingsSidebar.tsx +++ b/ui/src/components/CompanySettingsSidebar.tsx @@ -31,7 +31,7 @@ export function CompanySettingsSidebar() { }); return ( -
    ); diff --git a/ui/src/components/FileTree.test.tsx b/ui/src/components/FileTree.test.tsx new file mode 100644 index 00000000..2c07ec53 --- /dev/null +++ b/ui/src/components/FileTree.test.tsx @@ -0,0 +1,190 @@ +// @vitest-environment jsdom + +import { act } from "react"; +import { createRoot, type Root } from "react-dom/client"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import { FileTree, buildFileTree } from "./FileTree"; + +// eslint-disable-next-line @typescript-eslint/no-explicit-any +(globalThis as any).IS_REACT_ACT_ENVIRONMENT = true; + +describe("FileTree", () => { + let container: HTMLDivElement; + let root: Root; + + beforeEach(() => { + container = document.createElement("div"); + document.body.appendChild(container); + root = createRoot(container); + }); + + afterEach(() => { + act(() => { + root.unmount(); + }); + container.remove(); + }); + + function row(path: string) { + return container.querySelector(`[data-file-tree-path="${path}"]`) as HTMLDivElement | null; + } + + it("selects file rows and expands directory rows", () => { + const onSelectFile = vi.fn(); + const onToggleDir = vi.fn(); + const nodes = buildFileTree({ + "README.md": "", + "docs/guide.md": "", + }); + + act(() => { + root.render( + , + ); + }); + + expect(row("README.md")?.getAttribute("aria-selected")).toBe("true"); + + act(() => { + row("docs/guide.md")?.click(); + }); + expect(onSelectFile).toHaveBeenCalledWith("docs/guide.md"); + + act(() => { + row("docs")?.click(); + }); + expect(onToggleDir).toHaveBeenCalledWith("docs"); + }); + + it("marks partially selected directories as indeterminate", () => { + const nodes = buildFileTree({ + "docs/a.md": "", + "docs/b.md": "", + }); + + act(() => { + root.render( + {}} + onToggleDir={() => {}} + onToggleCheck={() => {}} + />, + ); + }); + + const input = row("docs")?.querySelector("input[type='checkbox']") as HTMLInputElement | null; + expect(input?.checked).toBe(false); + expect(input?.indeterminate).toBe(true); + expect(row("docs")?.getAttribute("aria-checked")).toBe("mixed"); + }); + + it("renders file badges and host-only file extras", () => { + const nodes = buildFileTree({ + "wiki/very-long-page-slug.md": "", + }); + + act(() => { + root.render( + {}} + onToggleDir={() => {}} + fileBadges={{ + "wiki/very-long-page-slug.md": { + label: "fresh", + status: "ok", + tooltip: "Synced", + }, + }} + renderFileExtra={(node) => ( + node.kind === "file" ? {node.name.length} chars : null + )} + />, + ); + }); + + expect(container.textContent).toContain("fresh"); + expect(container.querySelector("[title='Synced']")).not.toBeNull(); + expect(container.querySelector("[data-testid='file-extra']")?.textContent).toBe("22 chars"); + }); + + it("wraps long labels by default and can opt back into truncation", () => { + const nodes = buildFileTree({ + "wiki/extremely-long-page-slug-that-wraps-on-mobile.md": "", + }); + + act(() => { + root.render( + {}} + onToggleDir={() => {}} + />, + ); + }); + + expect(row("wiki/extremely-long-page-slug-that-wraps-on-mobile.md")?.innerHTML).toContain("break-all"); + + act(() => { + root.render( + {}} + onToggleDir={() => {}} + wrapLabels={false} + />, + ); + }); + + expect(row("wiki/extremely-long-page-slug-that-wraps-on-mobile.md")?.innerHTML).toContain("truncate"); + }); + + it("supports tree keyboard expansion and checkbox toggling", () => { + const onToggleDir = vi.fn(); + const onToggleCheck = vi.fn(); + const nodes = buildFileTree({ + "docs/a.md": "", + }); + + act(() => { + root.render( + {}} + onToggleDir={onToggleDir} + onToggleCheck={onToggleCheck} + />, + ); + }); + + const docsRow = row("docs"); + act(() => { + docsRow?.focus(); + docsRow?.dispatchEvent(new KeyboardEvent("keydown", { key: "ArrowRight", bubbles: true })); + }); + expect(onToggleDir).toHaveBeenCalledWith("docs"); + + act(() => { + docsRow?.dispatchEvent(new KeyboardEvent("keydown", { key: " ", bubbles: true })); + }); + expect(onToggleCheck).toHaveBeenCalledWith("docs", "dir"); + }); +}); diff --git a/ui/src/components/FileTree.tsx b/ui/src/components/FileTree.tsx new file mode 100644 index 00000000..201c7903 --- /dev/null +++ b/ui/src/components/FileTree.tsx @@ -0,0 +1,500 @@ +import type { KeyboardEvent, ReactNode } from "react"; +import { useMemo, useRef, useState } from "react"; +import { cn } from "../lib/utils"; +import { + ChevronDown, + ChevronRight, + FileCode2, + FileText, + Folder, + FolderOpen, +} from "lucide-react"; +import { statusBadge, statusBadgeDefault } from "../lib/status-colors"; +import { Button } from "./ui/button"; +import { Skeleton } from "./ui/skeleton"; + +// -- Tree types -------------------------------------------------------------- + +export type FileTreeNode = { + name: string; + path: string; + kind: "dir" | "file"; + children: FileTreeNode[]; + /** Optional per-node metadata (e.g. import action) */ + action?: string | null; +}; + +export type FileTreeBadgeVariant = "ok" | "warning" | "error" | "info" | "pending"; + +export type FileTreeBadge = { + label: string; + status: FileTreeBadgeVariant; + tooltip?: string; +}; + +export type FileTreeTone = "default" | "warning" | "error" | "muted"; + +export type FileTreeEmptyState = { + title?: string; + description?: string; +}; + +export type FileTreeErrorState = { + message: string; + retry?: () => void; +}; + +type VisibleFileTreeNode = { + node: FileTreeNode; + depth: number; +}; + +const TREE_BASE_INDENT = 16; +const TREE_STEP_INDENT = 24; +const TREE_ROW_HEIGHT_CLASS = "min-h-9"; + +const fileTreeToneClass: Record = { + default: undefined, + warning: "bg-amber-500/5 text-amber-700 dark:text-amber-300", + error: "bg-destructive/5 text-destructive", + muted: "opacity-50", +}; + +// -- Helpers ----------------------------------------------------------------- + +export function buildFileTree( + files: Record, + actionMap?: Map, +): FileTreeNode[] { + const root: FileTreeNode = { name: "", path: "", kind: "dir", children: [] }; + + for (const filePath of Object.keys(files)) { + const segments = filePath.split("/").filter(Boolean); + let current = root; + let currentPath = ""; + for (let i = 0; i < segments.length; i++) { + const segment = segments[i]; + currentPath = currentPath ? `${currentPath}/${segment}` : segment; + const isLeaf = i === segments.length - 1; + let next = current.children.find((c) => c.name === segment); + if (!next) { + next = { + name: segment, + path: currentPath, + kind: isLeaf ? "file" : "dir", + children: [], + action: isLeaf ? (actionMap?.get(filePath) ?? null) : null, + }; + current.children.push(next); + } + current = next; + } + } + + function sortNode(node: FileTreeNode) { + node.children.sort((a, b) => { + // Files before directories so PROJECT.md appears above tasks/ + if (a.kind !== b.kind) return a.kind === "file" ? -1 : 1; + return a.name.localeCompare(b.name); + }); + node.children.forEach(sortNode); + } + + sortNode(root); + return root.children; +} + +export function countFiles(nodes: FileTreeNode[]): number { + let count = 0; + for (const node of nodes) { + if (node.kind === "file") count++; + else count += countFiles(node.children); + } + return count; +} + +export function collectAllPaths( + nodes: FileTreeNode[], + type: "file" | "dir" | "all" = "all", +): Set { + const paths = new Set(); + for (const node of nodes) { + if (type === "all" || node.kind === type) paths.add(node.path); + for (const p of collectAllPaths(node.children, type)) paths.add(p); + } + return paths; +} + +function fileIcon(name: string) { + if (name.endsWith(".yaml") || name.endsWith(".yml")) return FileCode2; + return FileText; +} + +function flattenVisibleNodes( + nodes: FileTreeNode[], + expandedDirs: Set, + depth = 0, +): VisibleFileTreeNode[] { + const flattened: VisibleFileTreeNode[] = []; + for (const node of nodes) { + flattened.push({ node, depth }); + if (node.kind === "dir" && expandedDirs.has(node.path)) { + flattened.push(...flattenVisibleNodes(node.children, expandedDirs, depth + 1)); + } + } + return flattened; +} + +function checkboxState(node: FileTreeNode, checkedFiles: Set) { + if (node.kind === "file") { + return { + allChecked: checkedFiles.has(node.path), + someChecked: false, + }; + } + + const childFiles = collectAllPaths(node.children, "file"); + const childFilePaths = [...childFiles]; + const allChecked = childFilePaths.length > 0 && childFilePaths.every((p) => checkedFiles.has(p)); + const someChecked = childFilePaths.some((p) => checkedFiles.has(p)); + return { allChecked, someChecked: someChecked && !allChecked }; +} + +// -- Frontmatter helpers ----------------------------------------------------- + +export type FrontmatterData = Record; + +export function parseFrontmatter(content: string): { data: FrontmatterData; body: string } | null { + const match = content.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/); + if (!match) return null; + + const data: FrontmatterData = {}; + const rawYaml = match[1]; + const body = match[2]; + + let currentKey: string | null = null; + let currentList: string[] | null = null; + + for (const line of rawYaml.split("\n")) { + const trimmed = line.trim(); + if (!trimmed || trimmed.startsWith("#")) continue; + + if (trimmed.startsWith("- ") && currentKey) { + if (!currentList) currentList = []; + currentList.push(trimmed.slice(2).trim().replace(/^["']|["']$/g, "")); + continue; + } + + if (currentKey && currentList) { + data[currentKey] = currentList; + currentList = null; + currentKey = null; + } + + const kvMatch = trimmed.match(/^([a-zA-Z_][\w-]*)\s*:\s*(.*)$/); + if (kvMatch) { + const key = kvMatch[1]; + const val = kvMatch[2].trim().replace(/^["']|["']$/g, ""); + if (val === "null") { + currentKey = null; + continue; + } + if (val) { + data[key] = val; + currentKey = null; + } else { + currentKey = key; + } + } + } + + if (currentKey && currentList) { + data[currentKey] = currentList; + } + + return Object.keys(data).length > 0 ? { data, body } : null; +} + +export const FRONTMATTER_FIELD_LABELS: Record = { + name: "Name", + title: "Title", + kind: "Kind", + reportsTo: "Reports to", + skills: "Skills", + status: "Status", + description: "Description", + priority: "Priority", + assignee: "Assignee", + project: "Project", + recurring: "Recurring", + targetDate: "Target date", +}; + +// -- File tree component ----------------------------------------------------- + +export type FileTreeProps = { + nodes: FileTreeNode[]; + selectedFile: string | null; + expandedDirs: Set; + checkedFiles?: Set; + onToggleDir: (path: string) => void; + onSelectFile: (path: string) => void; + onToggleCheck?: (path: string, kind: "file" | "dir") => void; + /** Serializable badge metadata keyed by path. This is safe to expose through plugin UI contracts. */ + fileBadges?: Record; + /** Closed row tone metadata keyed by path. This avoids raw host class names in public contracts. */ + fileTones?: Record; + /** Internal-only escape hatch for current host call sites that need richer row content. */ + renderFileExtra?: (node: FileTreeNode, checked: boolean) => ReactNode; + /** @deprecated Use fileTones for public surfaces. Kept for compatibility with host-only callers. */ + fileRowClassName?: (node: FileTreeNode, checked: boolean) => string | undefined; + showCheckboxes?: boolean; + /** Allow long file and directory names to wrap instead of forcing horizontal overflow. */ + wrapLabels?: boolean; + loading?: boolean; + error?: FileTreeErrorState | null; + empty?: FileTreeEmptyState; + ariaLabel?: string; +}; + +export function FileTree({ + nodes, + selectedFile, + expandedDirs, + checkedFiles, + onToggleDir, + onSelectFile, + onToggleCheck, + fileBadges, + fileTones, + renderFileExtra, + fileRowClassName, + showCheckboxes = true, + wrapLabels = true, + loading = false, + error, + empty, + ariaLabel = "Files", +}: FileTreeProps) { + const effectiveCheckedFiles = checkedFiles ?? new Set(); + const visibleNodes = useMemo( + () => flattenVisibleNodes(nodes, expandedDirs), + [expandedDirs, nodes], + ); + const [focusedPath, setFocusedPath] = useState(null); + const rowRefs = useRef(new Map()); + + function focusPath(path: string) { + setFocusedPath(path); + window.requestAnimationFrame(() => { + rowRefs.current.get(path)?.focus(); + }); + } + + function toggleNode(node: FileTreeNode) { + if (node.kind === "dir") onToggleDir(node.path); + else onSelectFile(node.path); + } + + function handleRowKeyDown(event: KeyboardEvent, index: number, node: FileTreeNode) { + switch (event.key) { + case "ArrowDown": { + event.preventDefault(); + const next = visibleNodes[Math.min(index + 1, visibleNodes.length - 1)]; + if (next) focusPath(next.node.path); + break; + } + case "ArrowUp": { + event.preventDefault(); + const previous = visibleNodes[Math.max(index - 1, 0)]; + if (previous) focusPath(previous.node.path); + break; + } + case "ArrowRight": + if (node.kind === "dir" && !expandedDirs.has(node.path)) { + event.preventDefault(); + onToggleDir(node.path); + } + break; + case "ArrowLeft": + if (node.kind === "dir" && expandedDirs.has(node.path)) { + event.preventDefault(); + onToggleDir(node.path); + } + break; + case "Enter": + event.preventDefault(); + toggleNode(node); + break; + case " ": + if (showCheckboxes && onToggleCheck) { + event.preventDefault(); + onToggleCheck(node.path, node.kind); + } + break; + } + } + + if (loading) { + return ( +
    + {[0, 1, 2, 3].map((row) => ( +
    + + +
    + ))} +
    + ); + } + + if (error) { + return ( +
    +
    +
    + + error + + {error.message} +
    + {error.retry && ( + + )} +
    +
    + ); + } + + if (nodes.length === 0) { + return ( +
    +
    +
    {empty?.title ?? "No files"}
    +
    + {empty?.description ?? "Files will appear here when they are available."} +
    +
    +
    + ); + } + + return ( +
    + {visibleNodes.map(({ node, depth }, index) => { + const expanded = node.kind === "dir" && expandedDirs.has(node.path); + const { allChecked, someChecked } = checkboxState(node, effectiveCheckedFiles); + const badge = fileBadges?.[node.path]; + const tone = fileTones?.[node.path] ?? "default"; + const extraClassName = node.kind === "file" ? fileRowClassName?.(node, allChecked) : undefined; + const FileIcon = node.kind === "file" ? fileIcon(node.name) : null; + const isSelected = node.kind === "file" && node.path === selectedFile; + + return ( +
    { + if (element) rowRefs.current.set(node.path, element); + else rowRefs.current.delete(node.path); + }} + role="treeitem" + aria-level={depth + 1} + aria-expanded={node.kind === "dir" ? expanded : undefined} + aria-selected={node.kind === "file" ? isSelected : undefined} + aria-checked={showCheckboxes ? (someChecked ? "mixed" : allChecked) : undefined} + tabIndex={(focusedPath ?? visibleNodes[0]?.node.path) === node.path ? 0 : -1} + className={cn( + node.kind === "dir" + ? showCheckboxes + ? "group grid w-full grid-cols-[auto_minmax(0,1fr)_2.25rem] items-center gap-x-1 pr-3 text-left text-sm text-muted-foreground hover:bg-accent/30 hover:text-foreground" + : "group grid w-full grid-cols-[minmax(0,1fr)_2.25rem] items-center gap-x-1 pr-3 text-left text-sm text-muted-foreground hover:bg-accent/30 hover:text-foreground max-[480px]:grid-cols-[minmax(0,1fr)]" + : "group flex w-full items-center gap-1 pr-3 text-left text-sm text-muted-foreground hover:bg-accent/30 hover:text-foreground cursor-pointer", + TREE_ROW_HEIGHT_CLASS, + isSelected && "text-foreground bg-accent/20", + fileTreeToneClass[tone], + extraClassName, + "outline-none focus-visible:ring-2 focus-visible:ring-ring/50 focus-visible:ring-inset", + )} + style={{ + paddingInlineStart: `${TREE_BASE_INDENT + depth * TREE_STEP_INDENT - 8}px`, + }} + onFocus={() => setFocusedPath(node.path)} + onClick={() => toggleNode(node)} + onKeyDown={(event) => handleRowKeyDown(event, index, node)} + data-file-tree-path={node.path} + > + {showCheckboxes && ( + + )} + + + {node.kind === "dir" ? ( + expanded ? ( + + ) : ( + + ) + ) : FileIcon ? ( + + ) : null} + + + {node.name} + + + {badge && ( + + {badge.label} + + )} + {node.kind === "file" && renderFileExtra?.(node, allChecked)} + {node.kind === "dir" && ( + + )} +
    + ); + })} +
    + ); +} diff --git a/ui/src/components/Identity.tsx b/ui/src/components/Identity.tsx index b57c59ae..dd5e8fb4 100644 --- a/ui/src/components/Identity.tsx +++ b/ui/src/components/Identity.tsx @@ -11,7 +11,7 @@ export interface IdentityProps { className?: string; } -function deriveInitials(name: string): string { +export function deriveInitials(name: string): string { const parts = name.trim().split(/\s+/); if (parts.length >= 2) return (parts[0][0] + parts[parts.length - 1][0]).toUpperCase(); return name.slice(0, 2).toUpperCase(); diff --git a/ui/src/components/InstanceSidebar.tsx b/ui/src/components/InstanceSidebar.tsx index 6a1d0add..e54edceb 100644 --- a/ui/src/components/InstanceSidebar.tsx +++ b/ui/src/components/InstanceSidebar.tsx @@ -13,7 +13,7 @@ export function InstanceSidebar() { }); return ( -
    ) : null} diff --git a/ui/src/components/IssueChatThreadSystemNotice.test.tsx b/ui/src/components/IssueChatThreadSystemNotice.test.tsx new file mode 100644 index 00000000..a1173df4 --- /dev/null +++ b/ui/src/components/IssueChatThreadSystemNotice.test.tsx @@ -0,0 +1,483 @@ +// @vitest-environment jsdom + +import { act } from "react"; +import type { ReactNode } from "react"; +import { createRoot } from "react-dom/client"; +import { MemoryRouter } from "react-router-dom"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import { IssueChatThread } from "./IssueChatThread"; +import type { IssueChatComment } from "../lib/issue-chat-messages"; +import type { Agent, SuccessfulRunHandoffState } from "@paperclipai/shared"; + +vi.mock("@assistant-ui/react", () => ({ + AssistantRuntimeProvider: ({ children }: { children: ReactNode }) =>
    {children}
    , + useAui: () => ({ thread: () => ({ append: async () => undefined }) }), +})); + +vi.mock("./transcript/useLiveRunTranscripts", () => ({ + useLiveRunTranscripts: () => ({ + transcriptByRun: new Map(), + hasOutputForRun: () => false, + }), +})); + +vi.mock("./MarkdownBody", () => ({ + MarkdownBody: ({ children }: { children: ReactNode }) =>
    {children}
    , +})); + +vi.mock("./MarkdownEditor", () => ({ + MarkdownEditor: () =>