farhoodlabs/paperclip
8
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[codex] Add issue document locking (#6009)

Browse Source 
## Thinking Path

> - Paperclip orchestrates AI-agent companies through company-scoped
issues, comments, and issue documents.
> - Issue documents are the durable place where plans, handoffs, and
other work artifacts are revised over time.
> - Some documents need to be preserved as operator-approved snapshots
while agents continue working on the same issue.
> - Without document locking, a later board or agent write can overwrite
the document key that reviewers expected to remain stable.
> - This pull request adds board-managed issue document locks and makes
agent writes to locked keys create a derived document instead of
mutating the locked document.
> - The benefit is safer document handoffs: approved or frozen issue
documents stay immutable until the board explicitly unlocks them.

## What Changed

- Added `locked_at`, `locked_by_agent_id`, and `locked_by_user_id`
document fields plus migration `0085_tranquil_the_executioner.sql`.
- Added document lock/unlock service behavior, route endpoints, activity
events, and locked-document write protections.
- Made agent document writes to locked keys create a new derived key
such as `plan-2` rather than overwriting the locked document.
- Surfaced lock state through shared issue document types, UI API
methods, document header lock controls, and activity formatting.
- Added server and UI tests for lock/unlock behavior, locked document
immutability, and UI action visibility.
- Updated `doc/SPEC-implementation.md` with the V1 document lock
contract and endpoints.

## Verification

- `git rebase public-gh/master` completed cleanly after committing the
branch changes.
- `git diff --check` passed before commit.
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/documents-service.test.ts
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
ui/src/components/IssueDocumentsSection.test.tsx
ui/src/components/IssueContinuationHandoff.test.tsx
ui/src/lib/document-revisions.test.ts` passed: 5 files, 32 tests.

## Risks

- Medium risk because this changes the document persistence contract and
adds a migration.
- The migration uses `ADD COLUMN IF NOT EXISTS` and guarded foreign-key
creation so it remains safe for users who may have already applied an
earlier copy of the migration.
- Locked documents intentionally reject board edits/deletes/restores
until unlocked; any existing workflows that expected direct overwrite
need to unlock first.
- Agent writes to locked keys now create derived documents, which may
create extra issue documents when agents retry locked writes.

## Model Used

- OpenAI Codex coding agent based on GPT-5, with tool use and local code
execution in the Paperclip worktree.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge

---------

Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Dotta
2026-05-15 08:54:55 -05:00
committed by GitHub
parent 901c088e14
commit 03ad5c5bea
18 changed files with 684 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/__tests__/documents-service.test.ts
+81
View File
@@ -112,4 +112,85 @@ describeEmbeddedPostgres("documentService system issue documents", () => {
body: "# Handoff",
}));
});
it("locks and unlocks issue documents", async () => {
const { issueId } = await createIssueWithDocuments();
const locked = await svc.lockIssueDocument({
issueId,
key: "plan",
lockedByUserId: "board-user",
});
expect(locked.changed).toBe(true);
expect(locked.document.lockedAt).toBeInstanceOf(Date);
expect(locked.document.lockedByUserId).toBe("board-user");
await expect(svc.upsertIssueDocument({
issueId,
key: "plan",
title: "Plan",
format: "markdown",
body: "# Updated plan",
baseRevisionId: locked.document.latestRevisionId,
createdByUserId: "board-user",
})).rejects.toMatchObject({
status: 409,
message: "Document is locked",
});
const unlocked = await svc.unlockIssueDocument(issueId, "plan");
expect(unlocked.changed).toBe(true);
expect(unlocked.document.lockedAt).toBeNull();
const updated = await svc.upsertIssueDocument({
issueId,
key: "plan",
title: "Plan",
format: "markdown",
body: "# Updated plan",
baseRevisionId: unlocked.document.latestRevisionId,
createdByUserId: "board-user",
});
expect(updated.created).toBe(false);
expect(updated.document.body).toBe("# Updated plan");
});
it("creates a new document instead of updating a locked document when requested", async () => {
const { issueId } = await createIssueWithDocuments();
const locked = await svc.lockIssueDocument({
issueId,
key: "plan",
lockedByUserId: "board-user",
});
const fallback = await svc.upsertIssueDocument({
issueId,
key: "plan",
title: "Plan",
format: "markdown",
body: "# Agent replacement plan",
baseRevisionId: locked.document.latestRevisionId,
lockedDocumentStrategy: "create_new_document",
});
expect(fallback.created).toBe(true);
expect(fallback.document.key).toBe("plan-2");
expect(fallback.document.body).toBe("# Agent replacement plan");
expect("redirectedFromLockedDocument" in fallback ? fallback.redirectedFromLockedDocument : null)
.toEqual({ id: locked.document.id, key: "plan" });
const originalPlan = await svc.getIssueDocumentByKey(issueId, "plan");
expect(originalPlan).toEqual(expect.objectContaining({
body: "# Plan",
lockedAt: expect.any(Date),
}));
const newPlan = await svc.getIssueDocumentByKey(issueId, "plan-2");
expect(newPlan).toEqual(expect.objectContaining({
body: "# Agent replacement plan",
lockedAt: null,
}));
});
});
server/src/__tests__/issue-agent-mutation-ownership-routes.test.ts
+1
View File
@@ -410,6 +410,7 @@ describe("agent issue mutation checkout ownership", () => {
key: "plan",
createdByAgentId: ownerAgentId,
createdByRunId: ownerRunId,
lockedDocumentStrategy: "create_new_document",
}),
);
});
server/src/routes/issues.ts
+94
View File
@@ -2032,8 +2032,11 @@ export function issueRoutes(
createdByAgentId: actor.agentId ?? null,
createdByUserId: actor.actorType === "user" ? actor.actorId : null,
createdByRunId: actor.runId ?? null,
lockedDocumentStrategy: req.actor.type === "agent" ? "create_new_document" : "conflict",
});
const doc = result.document;
const redirectedFromLockedDocument =
"redirectedFromLockedDocument" in result ? result.redirectedFromLockedDocument : null;
await issueReferencesSvc.syncDocument(doc.id);
const referenceSummaryAfter = await issueReferencesSvc.listIssueReferenceSummary(issue.id);
const referenceDiff = issueReferencesSvc.diffIssueReferenceSummary(referenceSummaryBefore, referenceSummaryAfter);
@@ -2053,6 +2056,7 @@ export function issueRoutes(
title: doc.title,
format: doc.format,
revisionNumber: doc.latestRevisionNumber,
redirectedFromLockedDocument,
...summarizeIssueReferenceActivityDetails({
addedReferencedIssues: referenceDiff.addedReferencedIssues.map(summarizeIssueRelationForActivity),
removedReferencedIssues: referenceDiff.removedReferencedIssues.map(summarizeIssueRelationForActivity),
@@ -2086,6 +2090,96 @@ export function issueRoutes(
res.status(result.created ? 201 : 200).json(doc);
});
router.post("/issues/:id/documents/:key/lock", async (req, res) => {
const id = req.params.id as string;
const issue = await svc.getById(id);
if (!issue) {
res.status(404).json({ error: "Issue not found" });
return;
}
assertCompanyAccess(req, issue.companyId);
if (req.actor.type !== "board") {
res.status(403).json({ error: "Board authentication required" });
return;
}
const keyParsed = issueDocumentKeySchema.safeParse(String(req.params.key ?? "").trim().toLowerCase());
if (!keyParsed.success) {
res.status(400).json({ error: "Invalid document key", details: keyParsed.error.issues });
return;
}
const actor = getActorInfo(req);
const result = await documentsSvc.lockIssueDocument({
issueId: issue.id,
key: keyParsed.data,
lockedByAgentId: actor.agentId ?? null,
lockedByUserId: actor.actorType === "user" ? actor.actorId : null,
});
if (result.changed) {
await logActivity(db, {
companyId: issue.companyId,
actorType: actor.actorType,
actorId: actor.actorId,
agentId: actor.agentId,
runId: actor.runId,
action: "issue.document_locked",
entityType: "issue",
entityId: issue.id,
details: {
key: result.document.key,
documentId: result.document.id,
title: result.document.title,
lockedAt: result.document.lockedAt,
},
});
}
res.json(result.document);
});
router.post("/issues/:id/documents/:key/unlock", async (req, res) => {
const id = req.params.id as string;
const issue = await svc.getById(id);
if (!issue) {
res.status(404).json({ error: "Issue not found" });
return;
}
assertCompanyAccess(req, issue.companyId);
if (req.actor.type !== "board") {
res.status(403).json({ error: "Board authentication required" });
return;
}
const keyParsed = issueDocumentKeySchema.safeParse(String(req.params.key ?? "").trim().toLowerCase());
if (!keyParsed.success) {
res.status(400).json({ error: "Invalid document key", details: keyParsed.error.issues });
return;
}
const actor = getActorInfo(req);
const result = await documentsSvc.unlockIssueDocument(issue.id, keyParsed.data);
if (result.changed) {
await logActivity(db, {
companyId: issue.companyId,
actorType: actor.actorType,
actorId: actor.actorId,
agentId: actor.agentId,
runId: actor.runId,
action: "issue.document_unlocked",
entityType: "issue",
entityId: issue.id,
details: {
key: result.document.key,
documentId: result.document.id,
title: result.document.title,
},
});
}
res.json(result.document);
});
router.get("/issues/:id/documents/:key/revisions", async (req, res) => {
const id = req.params.id as string;
const issue = await svc.getById(id);
server/src/services/documents.ts
+260 -7
View File
@@ -17,6 +17,20 @@ function isUniqueViolation(error: unknown): boolean {
return !!error && typeof error === "object" && "code" in error && (error as { code?: string }).code === "23505";
}
function nextAvailableDocumentKey(sourceKey: string, existingKeys: string[]) {
const usedKeys = new Set(existingKeys);
for (let index = 2; index < 1000; index += 1) {
const suffix = `-${index}`;
const baseMaxLength = 64 - suffix.length;
const base = sourceKey.slice(0, baseMaxLength).replace(/[-_]+$/g, "") || "document";
const candidate = `${base}${suffix}`;
if (!usedKeys.has(candidate) && issueDocumentKeySchema.safeParse(candidate).success) {
return candidate;
}
}
throw conflict("Unable to choose a new document key for locked document", { key: sourceKey });
}
export function extractLegacyPlanBody(description: string | null | undefined) {
if (!description) return null;
const match = /<plan>\s*([\s\S]*?)\s*<\/plan>/i.exec(description);
@@ -40,6 +54,9 @@ function mapIssueDocumentRow(
createdByUserId: string | null;
updatedByAgentId: string | null;
updatedByUserId: string | null;
lockedAt: Date | null;
lockedByAgentId: string | null;
lockedByUserId: string | null;
createdAt: Date;
updatedAt: Date;
},
@@ -59,6 +76,9 @@ function mapIssueDocumentRow(
createdByUserId: row.createdByUserId,
updatedByAgentId: row.updatedByAgentId,
updatedByUserId: row.updatedByUserId,
lockedAt: row.lockedAt,
lockedByAgentId: row.lockedByAgentId,
lockedByUserId: row.lockedByUserId,
createdAt: row.createdAt,
updatedAt: row.updatedAt,
};
@@ -78,6 +98,9 @@ const issueDocumentSelect = {
createdByUserId: documents.createdByUserId,
updatedByAgentId: documents.updatedByAgentId,
updatedByUserId: documents.updatedByUserId,
lockedAt: documents.lockedAt,
lockedByAgentId: documents.lockedByAgentId,
lockedByUserId: documents.lockedByUserId,
createdAt: documents.createdAt,
updatedAt: documents.updatedAt,
};
@@ -179,6 +202,7 @@ export function documentService(db: Db) {
createdByAgentId?: string | null;
createdByUserId?: string | null;
createdByRunId?: string | null;
lockedDocumentStrategy?: "conflict" | "create_new_document";
}) => {
const key = normalizeDocumentKey(input.key);
const issue = await db
@@ -188,8 +212,10 @@ export function documentService(db: Db) {
.then((rows) => rows[0] ?? null);
if (!issue) throw notFound("Issue not found");
try {
return await db.transaction(async (tx) => {
const maxAttempts = input.lockedDocumentStrategy === "create_new_document" ? 3 : 1;
for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
try {
return await db.transaction(async (tx) => {
const now = new Date();
const existing = await tx
.select({
@@ -206,6 +232,9 @@ export function documentService(db: Db) {
createdByUserId: documents.createdByUserId,
updatedByAgentId: documents.updatedByAgentId,
updatedByUserId: documents.updatedByUserId,
lockedAt: documents.lockedAt,
lockedByAgentId: documents.lockedByAgentId,
lockedByUserId: documents.lockedByUserId,
createdAt: documents.createdAt,
updatedAt: documents.updatedAt,
})
@@ -215,6 +244,102 @@ export function documentService(db: Db) {
.then((rows) => rows[0] ?? null);
if (existing) {
if (existing.lockedAt) {
if (input.lockedDocumentStrategy === "create_new_document") {
const issueDocumentKeys = await tx
.select({ key: issueDocuments.key })
.from(issueDocuments)
.where(eq(issueDocuments.issueId, issue.id));
const fallbackKey = nextAvailableDocumentKey(key, issueDocumentKeys.map((row) => row.key));
const [document] = await tx
.insert(documents)
.values({
companyId: issue.companyId,
title: input.title ?? null,
format: input.format,
latestBody: input.body,
latestRevisionId: null,
latestRevisionNumber: 1,
createdByAgentId: input.createdByAgentId ?? null,
createdByUserId: input.createdByUserId ?? null,
updatedByAgentId: input.createdByAgentId ?? null,
updatedByUserId: input.createdByUserId ?? null,
lockedAt: null,
lockedByAgentId: null,
lockedByUserId: null,
createdAt: now,
updatedAt: now,
})
.returning();
const [revision] = await tx
.insert(documentRevisions)
.values({
companyId: issue.companyId,
documentId: document.id,
revisionNumber: 1,
title: input.title ?? null,
format: input.format,
body: input.body,
changeSummary: input.changeSummary ?? null,
createdByAgentId: input.createdByAgentId ?? null,
createdByUserId: input.createdByUserId ?? null,
createdByRunId: input.createdByRunId ?? null,
createdAt: now,
})
.returning();
await tx
.update(documents)
.set({ latestRevisionId: revision.id })
.where(eq(documents.id, document.id));
await tx.insert(issueDocuments).values({
companyId: issue.companyId,
issueId: issue.id,
documentId: document.id,
key: fallbackKey,
createdAt: now,
updatedAt: now,
});
return {
created: true as const,
redirectedFromLockedDocument: {
id: existing.id,
key: existing.key,
},
document: {
id: document.id,
companyId: issue.companyId,
issueId: issue.id,
key: fallbackKey,
title: document.title,
format: document.format,
body: document.latestBody,
latestRevisionId: revision.id,
latestRevisionNumber: 1,
createdByAgentId: document.createdByAgentId,
createdByUserId: document.createdByUserId,
updatedByAgentId: document.updatedByAgentId,
updatedByUserId: document.updatedByUserId,
lockedAt: null,
lockedByAgentId: null,
lockedByUserId: null,
createdAt: document.createdAt,
updatedAt: document.updatedAt,
},
};
}
throw conflict("Document is locked", {
key: existing.key,
documentId: existing.id,
lockedAt: existing.lockedAt,
});
}
if (!input.baseRevisionId) {
throw conflict("Document update requires baseRevisionId", {
currentRevisionId: existing.latestRevisionId,
@@ -274,6 +399,9 @@ export function documentService(db: Db) {
latestRevisionNumber: nextRevisionNumber,
updatedByAgentId: input.createdByAgentId ?? null,
updatedByUserId: input.createdByUserId ?? null,
lockedAt: existing.lockedAt,
lockedByAgentId: existing.lockedByAgentId,
lockedByUserId: existing.lockedByUserId,
updatedAt: now,
},
};
@@ -296,6 +424,9 @@ export function documentService(db: Db) {
createdByUserId: input.createdByUserId ?? null,
updatedByAgentId: input.createdByAgentId ?? null,
updatedByUserId: input.createdByUserId ?? null,
lockedAt: null,
lockedByAgentId: null,
lockedByUserId: null,
createdAt: now,
updatedAt: now,
})
@@ -348,17 +479,26 @@ export function documentService(db: Db) {
createdByUserId: document.createdByUserId,
updatedByAgentId: document.updatedByAgentId,
updatedByUserId: document.updatedByUserId,
lockedAt: document.lockedAt,
lockedByAgentId: document.lockedByAgentId,
lockedByUserId: document.lockedByUserId,
createdAt: document.createdAt,
updatedAt: document.updatedAt,
},
};
});
} catch (error) {
if (isUniqueViolation(error)) {
throw conflict("Document key already exists on this issue", { key });
});
} catch (error) {
if (isUniqueViolation(error)) {
if (input.lockedDocumentStrategy === "create_new_document" && attempt < maxAttempts - 1) {
continue;
}
throw conflict("Document key already exists on this issue", { key });
}
throw error;
}
throw error;
}
throw conflict("Unable to choose a new document key for locked document", { key });
},
restoreIssueDocumentRevision: async (input: {
@@ -378,6 +518,13 @@ export function documentService(db: Db) {
.then((rows) => rows[0] ?? null);
if (!existing) throw notFound("Document not found");
if (existing.lockedAt) {
throw conflict("Document is locked", {
key: existing.key,
documentId: existing.id,
lockedAt: existing.lockedAt,
});
}
const revision = await tx
.select({
@@ -455,6 +602,105 @@ export function documentService(db: Db) {
});
},
lockIssueDocument: async (input: {
issueId: string;
key: string;
lockedByAgentId?: string | null;
lockedByUserId?: string | null;
}) => {
const key = normalizeDocumentKey(input.key);
return db.transaction(async (tx) => {
const existing = await tx
.select(issueDocumentSelect)
.from(issueDocuments)
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
.where(and(eq(issueDocuments.issueId, input.issueId), eq(issueDocuments.key, key)))
.then((rows) => rows[0] ?? null);
if (!existing) throw notFound("Document not found");
if (existing.lockedAt) {
return {
changed: false as const,
document: mapIssueDocumentRow(existing, true),
};
}
const now = new Date();
await tx
.update(documents)
.set({
lockedAt: now,
lockedByAgentId: input.lockedByAgentId ?? null,
lockedByUserId: input.lockedByUserId ?? null,
updatedAt: now,
})
.where(eq(documents.id, existing.id));
await tx
.update(issueDocuments)
.set({ updatedAt: now })
.where(eq(issueDocuments.documentId, existing.id));
return {
changed: true as const,
document: {
...mapIssueDocumentRow(existing, true),
lockedAt: now,
lockedByAgentId: input.lockedByAgentId ?? null,
lockedByUserId: input.lockedByUserId ?? null,
updatedAt: now,
},
};
});
},
unlockIssueDocument: async (issueId: string, rawKey: string) => {
const key = normalizeDocumentKey(rawKey);
return db.transaction(async (tx) => {
const existing = await tx
.select(issueDocumentSelect)
.from(issueDocuments)
.innerJoin(documents, eq(issueDocuments.documentId, documents.id))
.where(and(eq(issueDocuments.issueId, issueId), eq(issueDocuments.key, key)))
.then((rows) => rows[0] ?? null);
if (!existing) throw notFound("Document not found");
if (!existing.lockedAt) {
return {
changed: false as const,
document: mapIssueDocumentRow(existing, true),
};
}
const now = new Date();
await tx
.update(documents)
.set({
lockedAt: null,
lockedByAgentId: null,
lockedByUserId: null,
updatedAt: now,
})
.where(eq(documents.id, existing.id));
await tx
.update(issueDocuments)
.set({ updatedAt: now })
.where(eq(issueDocuments.documentId, existing.id));
return {
changed: true as const,
document: {
...mapIssueDocumentRow(existing, true),
lockedAt: null,
lockedByAgentId: null,
lockedByUserId: null,
updatedAt: now,
},
};
});
},
deleteIssueDocument: async (issueId: string, rawKey: string) => {
const key = normalizeDocumentKey(rawKey);
return db.transaction(async (tx) => {
@@ -466,6 +712,13 @@ export function documentService(db: Db) {
.then((rows) => rows[0] ?? null);
if (!existing) return null;
if (existing.lockedAt) {
throw conflict("Document is locked", {
key: existing.key,
documentId: existing.id,
lockedAt: existing.lockedAt,
});
}
await tx.delete(issueDocuments).where(eq(issueDocuments.documentId, existing.id));
await tx.delete(documents).where(eq(documents.id, existing.id));