cs_betty/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests 1 Activity

[codex] Bundle local branch fixes from PAP-10032 (#6604)

Browse Source 
## Thinking Path

> - Paperclip orchestrates AI agents for zero-human companies.
> - This branch accumulated multiple already-tested control-plane,
adapter runtime, invite, workspace, plugin, and UI quality fixes on the
primary Paperclip checkout.
> - `origin/master` advanced while those commits were still local, so
the branch needed to be preserved and reconciled before review.
> - Splitting the branch commit-by-commit against the new base produced
overlapping conflicts with recently merged upstream PRs.
> - This pull request keeps the remaining branch as one standalone PR
because the final diff is 38 files after removing screenshot artifacts,
under Greptile's 100-file cap, and can be merged independently after
review.
> - The benefit is that none of the local work is lost, the branch is
now based on current `origin/master`, and reviewers can evaluate the
reconciled changes in one place.

## What Changed

- Merged the local accumulated branch with current `origin/master` and
resolved the invite-flow overlaps from the newer upstream companies
query helper.
- Preserved the local fixes for invite existing-member behavior, invite
link copy fallback, reusable workspace selection, worktree auth, static
SPA fallback, markdown wrapping, plugin slot registration, cloud
upstream UX/server polish, project sorting, and related tests.
- Removed screenshot artifacts from the PR per review request.
- Kept the PR under the requested file limit: 38 files changed, with no
`pnpm-lock.yaml` or `.github/workflows/*` changes.

## Verification

- `NODE_ENV=test pnpm exec vitest run
ui/src/pages/CompanyInvites.test.tsx ui/src/pages/InviteLanding.test.tsx
ui/src/pages/Projects.test.tsx ui/src/plugins/slots.test.ts
ui/src/components/MarkdownBody.test.tsx
server/src/__tests__/invite-accept-existing-member.test.ts
server/src/__tests__/static-index-html.test.ts
server/src/__tests__/execution-workspaces-service.test.ts
server/src/__tests__/better-auth.test.ts
server/src/__tests__/worktree-config.test.ts`
- `NODE_ENV=test pnpm --filter @paperclipai/ui typecheck`
- `NODE_ENV=test pnpm --filter @paperclipai/server typecheck`
- Confirmed `git diff --name-only origin/master...HEAD | wc -l` is `38`.
- Confirmed no PR diff entries match `pnpm-lock.yaml`,
`.github/workflows/*`, or `screenshots/*`.

## Risks

- Medium review risk because this is a bundled rescue PR rather than
several narrow feature PRs.
- Invite flow and company cache behavior overlapped with newer upstream
changes; the merge resolution intentionally keeps the shared
`companiesListQueryOptions` helper while preserving local
existing-member invite behavior.
- Visual review evidence is no longer attached in-repo because
screenshots were removed from this PR per review request.

> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.

## Model Used

- OpenAI Codex, GPT-5-based coding agent, with repository tool access,
terminal execution, and git/GitHub CLI operations.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] UI screenshots were intentionally removed from this PR per review
request
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge

---------

Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: CodexCoder <codexcoder@paperclip.local>
This commit is contained in:
Dotta
2026-05-25 07:25:26 -05:00
committed by GitHub
parent 96f0279e08
commit ece8a51e22
38 changed files with 1715 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/__tests__/invite-accept-existing-member.test.ts
+332 -19
View File
@@ -4,12 +4,17 @@ import { beforeEach, describe, expect, it, vi } from "vitest";
import { accessRoutes } from "../routes/access.js";
import { errorHandler } from "../middleware/index.js";
const accessServiceMock = vi.hoisted(() => ({
isInstanceAdmin: vi.fn(),
canUser: vi.fn(),
hasPermission: vi.fn(),
ensureMembership: vi.fn(),
setPrincipalGrants: vi.fn(),
}));
const logActivityMock = vi.hoisted(() => vi.fn());
vi.mock("../services/index.js", () => ({
accessService: () => ({
isInstanceAdmin: vi.fn(),
canUser: vi.fn(),
hasPermission: vi.fn(),
}),
accessService: () => accessServiceMock,
agentService: () => ({
getById: vi.fn(),
}),
@@ -20,10 +25,36 @@ vi.mock("../services/index.js", () => ({
revokeBoardApiKey: vi.fn(),
}),
deduplicateAgentName: vi.fn(),
logActivity: vi.fn(),
logActivity: logActivityMock,
notifyHireApproved: vi.fn(),
}));
type QueryHooks = {
onSet?: (value: unknown) => void;
onValues?: (value: unknown) => void;
};
function createQuery(rows: unknown[], hooks: QueryHooks = {}) {
const query = {
from: vi.fn(() => query),
where: vi.fn(() => query),
orderBy: vi.fn(() => query),
set: vi.fn((value: unknown) => {
hooks.onSet?.(value);
return query;
}),
values: vi.fn((value: unknown) => {
hooks.onValues?.(value);
return query;
}),
returning: vi.fn(() => query),
then(resolve: (value: unknown[]) => unknown, reject?: (reason: unknown) => unknown) {
return Promise.resolve(rows).then(resolve, reject);
},
};
return query;
}
function createDbStub() {
const updateMock = vi.fn();
const invite = {
@@ -75,22 +106,26 @@ function createDbStub() {
}
function createApp(db: Record<string, unknown>) {
return createAppWithActor(db, {
type: "board",
source: "session",
userId: "user-1",
companyIds: ["company-1"],
memberships: [
{
companyId: "company-1",
membershipRole: "owner",
status: "active",
},
],
});
}
function createAppWithActor(db: Record<string, unknown>, actor: Record<string, unknown>) {
const app = express();
app.use(express.json());
app.use((req, _res, next) => {
(req as any).actor = {
type: "board",
source: "session",
userId: "user-1",
companyIds: ["company-1"],
memberships: [
{
companyId: "company-1",
membershipRole: "owner",
status: "active",
},
],
};
(req as any).actor = actor;
next();
});
app.use(
@@ -106,6 +141,162 @@ function createApp(db: Record<string, unknown>) {
return app;
}
function createDirectHumanInviteDbStub() {
const insertedValues: unknown[] = [];
const updateValues: unknown[] = [];
const invite = {
id: "invite-1",
companyId: "company-1",
inviteType: "company_join",
allowedJoinTypes: "human",
tokenHash: "hash",
defaultsPayload: { human: { role: "owner" } },
expiresAt: new Date("2027-03-10T00:00:00.000Z"),
invitedByUserId: "inviter-user",
revokedAt: null,
acceptedAt: null,
createdAt: new Date("2026-03-07T00:00:00.000Z"),
updatedAt: new Date("2026-03-07T00:00:00.000Z"),
};
const createdJoinRequest = {
id: "join-1",
inviteId: "invite-1",
companyId: "company-1",
requestType: "human",
status: "pending_approval",
requestIp: "::ffff:127.0.0.1",
requestingUserId: "invitee-user",
requestEmailSnapshot: "invitee@example.com",
agentName: null,
adapterType: null,
capabilities: null,
agentDefaultsPayload: null,
claimSecretHash: null,
claimSecretExpiresAt: null,
claimSecretConsumedAt: null,
createdAgentId: null,
approvedByUserId: null,
approvedAt: null,
rejectedByUserId: null,
rejectedAt: null,
createdAt: new Date("2026-03-07T00:01:00.000Z"),
updatedAt: new Date("2026-03-07T00:01:00.000Z"),
};
const approvedJoinRequest = {
...createdJoinRequest,
status: "approved",
approvedByUserId: "inviter-user",
approvedAt: new Date("2026-03-07T00:02:00.000Z"),
updatedAt: new Date("2026-03-07T00:02:00.000Z"),
};
const selectResponses = [
[invite],
[{ email: "invitee@example.com" }],
[],
];
const updateResponses = [[], [approvedJoinRequest]];
const insertResponses = [[createdJoinRequest]];
const db = {
select() {
return createQuery(selectResponses.shift() ?? []);
},
update() {
return createQuery(updateResponses.shift() ?? [], {
onSet: (value) => updateValues.push(value),
});
},
insert() {
return createQuery(insertResponses.shift() ?? [], {
onValues: (value) => insertedValues.push(value),
});
},
transaction(callback: (tx: unknown) => unknown) {
return callback(db);
},
};
return { db, insertedValues, updateValues };
}
function createAcceptedHumanInviteReplayDbStub() {
const updateValues: unknown[] = [];
const invite = {
id: "invite-1",
companyId: "company-1",
inviteType: "company_join",
allowedJoinTypes: "human",
tokenHash: "hash",
defaultsPayload: { human: { role: "operator" } },
expiresAt: new Date("2027-03-10T00:00:00.000Z"),
invitedByUserId: "inviter-user",
revokedAt: null,
acceptedAt: new Date("2026-03-07T00:05:00.000Z"),
createdAt: new Date("2026-03-07T00:00:00.000Z"),
updatedAt: new Date("2026-03-07T00:05:00.000Z"),
};
const pendingJoinRequest = {
id: "join-1",
inviteId: "invite-1",
companyId: "company-1",
requestType: "human",
status: "pending_approval",
requestIp: "::ffff:127.0.0.1",
requestingUserId: "invitee-user",
requestEmailSnapshot: "invitee@example.com",
agentName: null,
adapterType: null,
capabilities: null,
agentDefaultsPayload: null,
claimSecretHash: null,
claimSecretExpiresAt: null,
claimSecretConsumedAt: null,
createdAgentId: null,
approvedByUserId: null,
approvedAt: null,
rejectedByUserId: null,
rejectedAt: null,
createdAt: new Date("2026-03-07T00:01:00.000Z"),
updatedAt: new Date("2026-03-07T00:01:00.000Z"),
};
const replayedJoinRequest = {
...pendingJoinRequest,
requestIp: "::ffff:127.0.0.1",
updatedAt: new Date("2026-03-07T00:06:00.000Z"),
};
const approvedJoinRequest = {
...replayedJoinRequest,
status: "approved",
approvedByUserId: "inviter-user",
approvedAt: new Date("2026-03-07T00:07:00.000Z"),
updatedAt: new Date("2026-03-07T00:07:00.000Z"),
};
const selectResponses = [
[invite],
[pendingJoinRequest],
[{ email: "invitee@example.com" }],
[pendingJoinRequest],
];
const updateResponses = [[replayedJoinRequest], [approvedJoinRequest]];
const db = {
select() {
return createQuery(selectResponses.shift() ?? []);
},
update() {
return createQuery(updateResponses.shift() ?? [], {
onSet: (value) => updateValues.push(value),
});
},
insert: vi.fn(),
transaction(callback: (tx: unknown) => unknown) {
return callback(db);
},
};
return { db, updateValues };
}
describe("POST /invites/:token/accept", () => {
beforeEach(() => {
vi.clearAllMocks();
@@ -123,4 +314,126 @@ describe("POST /invites/:token/accept", () => {
expect(res.body.error).toBe("You already belong to this company");
expect(updateMock).not.toHaveBeenCalled();
});
it("grants company access immediately for a human invite", async () => {
const { db, insertedValues, updateValues } = createDirectHumanInviteDbStub();
const app = createAppWithActor(db, {
type: "board",
source: "session",
userId: "invitee-user",
companyIds: [],
memberships: [],
});
const res = await request(app)
.post("/api/invites/pcp_invite_test/accept")
.send({ requestType: "human" });
expect(res.status).toBe(202);
expect(res.body.status).toBe("approved");
expect(insertedValues).toEqual([
expect.objectContaining({
inviteId: "invite-1",
companyId: "company-1",
requestType: "human",
status: "pending_approval",
requestingUserId: "invitee-user",
requestEmailSnapshot: "invitee@example.com",
}),
]);
expect(updateValues).toEqual(
expect.arrayContaining([
expect.objectContaining({
acceptedAt: expect.any(Date),
}),
expect.objectContaining({
status: "approved",
approvedByUserId: "inviter-user",
approvedAt: expect.any(Date),
}),
]),
);
expect(accessServiceMock.ensureMembership).toHaveBeenCalledWith(
"company-1",
"user",
"invitee-user",
"owner",
"active",
);
expect(accessServiceMock.setPrincipalGrants).toHaveBeenCalledWith(
"company-1",
"user",
"invitee-user",
expect.arrayContaining([
expect.objectContaining({ permissionKey: "users:invite" }),
expect.objectContaining({ permissionKey: "users:manage_permissions" }),
]),
"inviter-user",
);
expect(logActivityMock).toHaveBeenCalledWith(
expect.anything(),
expect.objectContaining({
action: "join.approved",
entityId: "join-1",
details: expect.objectContaining({ source: "human_invite_accept" }),
}),
);
});
it("replays a consumed human invite for the same user and repairs company access", async () => {
const { db, updateValues } = createAcceptedHumanInviteReplayDbStub();
const app = createAppWithActor(db, {
type: "board",
source: "session",
userId: "invitee-user",
companyIds: [],
memberships: [],
});
const res = await request(app)
.post("/api/invites/pcp_invite_test/accept")
.send({ requestType: "human" });
expect(res.status).toBe(202);
expect(res.body.status).toBe("approved");
expect(updateValues).toEqual(
expect.arrayContaining([
expect.objectContaining({
requestIp: expect.any(String),
updatedAt: expect.any(Date),
}),
expect.objectContaining({
status: "approved",
approvedByUserId: "inviter-user",
approvedAt: expect.any(Date),
}),
]),
);
expect(updateValues).not.toEqual(
expect.arrayContaining([expect.objectContaining({ acceptedAt: expect.any(Date) })]),
);
expect(accessServiceMock.ensureMembership).toHaveBeenCalledWith(
"company-1",
"user",
"invitee-user",
"operator",
"active",
);
expect(logActivityMock).toHaveBeenCalledWith(
expect.anything(),
expect.objectContaining({
action: "join.request_replayed",
entityId: "join-1",
details: expect.objectContaining({ inviteReplay: true }),
}),
);
expect(logActivityMock).toHaveBeenCalledWith(
expect.anything(),
expect.objectContaining({
action: "join.approved",
entityId: "join-1",
details: expect.objectContaining({ source: "human_invite_accept" }),
}),
);
});
});