farhoodlabs/paperclip
8
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
paperclip/tests/e2e/multi-user.spec.ts
T
Dotta b9a80dcf22 feat: implement multi-user access and invite flows (#3784) 
## Thinking Path

> - Paperclip is the control plane for autonomous AI companies.
> - V1 needs to stay local-first while also supporting shared,
authenticated deployments.
> - Human operators need real identities, company membership, invite
flows, profile surfaces, and company-scoped access controls.
> - Agents and operators also need the existing issue, inbox, workspace,
approval, and plugin flows to keep working under those authenticated
boundaries.
> - This branch accumulated the multi-user implementation, follow-up QA
fixes, workspace/runtime refinements, invite UX improvements,
release-branch conflict resolution, and review hardening.
> - This pull request consolidates that branch onto the current `master`
branch as a single reviewable PR.
> - The benefit is a complete multi-user implementation path with tests
and docs carried forward without dropping existing branch work.

## What Changed

- Added authenticated human-user access surfaces: auth/session routes,
company user directory, profile settings, company access/member
management, join requests, and invite management.
- Added invite creation, invite landing, onboarding, logo/branding,
invite grants, deduped join requests, and authenticated multi-user E2E
coverage.
- Tightened company-scoped and instance-admin authorization across
board, plugin, adapter, access, issue, and workspace routes.
- Added profile-image URL validation hardening, avatar preservation on
name-only profile updates, and join-request uniqueness migration cleanup
for pending human requests.
- Added an atomic member role/status/grants update path so Company
Access saves no longer leave partially updated permissions.
- Improved issue chat, inbox, assignee identity rendering,
sidebar/account/company navigation, workspace routing, and execution
workspace reuse behavior for multi-user operation.
- Added and updated server/UI tests covering auth, invites, membership,
issue workspace inheritance, plugin authz, inbox/chat behavior, and
multi-user flows.
- Merged current `public-gh/master` into this branch, resolved all
conflicts, and verified no `pnpm-lock.yaml` change is included in this
PR diff.

## Verification

- `pnpm exec vitest run server/src/__tests__/issues-service.test.ts
ui/src/components/IssueChatThread.test.tsx ui/src/pages/Inbox.test.tsx`
- `pnpm run preflight:workspace-links && pnpm exec vitest run
server/src/__tests__/plugin-routes-authz.test.ts`
- `pnpm exec vitest run server/src/__tests__/plugin-routes-authz.test.ts
server/src/__tests__/workspace-runtime-service-authz.test.ts
server/src/__tests__/access-validators.test.ts`
- `pnpm exec vitest run
server/src/__tests__/authz-company-access.test.ts
server/src/__tests__/routines-routes.test.ts
server/src/__tests__/sidebar-preferences-routes.test.ts
server/src/__tests__/approval-routes-idempotency.test.ts
server/src/__tests__/openclaw-invite-prompt-route.test.ts
server/src/__tests__/agent-cross-tenant-authz-routes.test.ts
server/src/__tests__/routines-e2e.test.ts`
- `pnpm exec vitest run server/src/__tests__/auth-routes.test.ts
ui/src/pages/CompanyAccess.test.tsx`
- `pnpm --filter @paperclipai/shared typecheck && pnpm --filter
@paperclipai/db typecheck && pnpm --filter @paperclipai/server
typecheck`
- `pnpm --filter @paperclipai/shared typecheck && pnpm --filter
@paperclipai/server typecheck`
- `pnpm --filter @paperclipai/ui typecheck`
- `pnpm db:generate`
- `npx playwright test --config tests/e2e/playwright.config.ts --list`
- Confirmed branch has no uncommitted changes and is `0` commits behind
`public-gh/master` before PR creation.
- Confirmed no `pnpm-lock.yaml` change is staged or present in the PR
diff.

## Risks

- High review surface area: this PR contains the accumulated multi-user
branch plus follow-up fixes, so reviewers should focus especially on
company-boundary enforcement and authenticated-vs-local deployment
behavior.
- UI behavior changed across invites, inbox, issue chat, access
settings, and sidebar navigation; no browser screenshots are included in
this branch-consolidation PR.
- Plugin install, upgrade, and lifecycle/config mutations now require
instance-admin access, which is intentional but may change expectations
for non-admin board users.
- A join-request dedupe migration rejects duplicate pending human
requests before creating unique indexes; deployments with unusual
historical duplicates should review the migration behavior.
- Company member role/status/grant saves now use a new combined
endpoint; older separate endpoints remain for compatibility.
- Full production build was not run locally in this heartbeat; CI should
cover the full matrix.

## Model Used

- OpenAI Codex coding agent, GPT-5-based model, CLI/tool-use
environment. Exact deployed model identifier and context window were not
exposed by the runtime.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge

Note on screenshots: this is a branch-consolidation PR for an
already-developed multi-user branch, and no browser screenshots were
captured during this heartbeat.

---------

Co-authored-by: dotta <dotta@example.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-17 09:44:19 -05:00

519 lines
16 KiB
TypeScript
Raw Permalink Blame History

import { test, expect, type Page, type APIRequestContext } from "@playwright/test";
/**
* E2E: Multi-user implementation tests (local_trusted mode).
*
* Covers:
* 1. Company member management API (list, update role, suspend)
* 2. Human invite creation and acceptance API
* 3. Company Settings UI — member list, role editing, invite creation
* 4. Invite landing page UI
* 5. Role-based access control (viewer read-only)
* 6. Last-owner protection
*/
const BASE = process.env.PAPERCLIP_E2E_BASE_URL ?? "http://127.0.0.1:3104";
// ---------------------------------------------------------------------------
// Helpers
// ---------------------------------------------------------------------------
/** Ensure the server is bootstrapped (claimed) before running tests. */
async function ensureBootstrapped(request: APIRequestContext): Promise<void> {
const healthRes = await request.get(`${BASE}/api/health`);
const health = await healthRes.json();
if (health.bootstrapStatus === "ready") return;
// If bootstrap_pending, we need to use the claim token from the bootstrap invite.
// In local_trusted mode, just try hitting companies — that should auto-bootstrap.
if (health.deploymentMode === "local_trusted") {
// local_trusted should work without explicit bootstrap
return;
}
}
/** Create a company via the onboarding wizard API shortcut. */
async function createCompanyViaWizard(
request: APIRequestContext,
name: string
): Promise<{ companyId: string; agentId: string; prefix: string }> {
await ensureBootstrapped(request);
const createRes = await request.post(`${BASE}/api/companies`, {
data: { name },
});
if (!createRes.ok()) {
const errText = await createRes.text();
throw new Error(
`Failed to create company (${createRes.status()}): ${errText}`
);
}
const company = await createRes.json();
// Create a CEO agent
const agentRes = await request.post(
`${BASE}/api/companies/${company.id}/agents`,
{
data: {
name: "CEO",
role: "ceo",
title: "CEO",
adapterType: "claude_local",
},
}
);
expect(agentRes.ok()).toBe(true);
const agent = await agentRes.json();
return {
companyId: company.id,
agentId: agent.id,
prefix: company.issuePrefix ?? company.id,
};
}
/** Create a human invite and return token + invite URL. */
async function createHumanInvite(
request: APIRequestContext,
companyId: string,
role: string = "operator"
): Promise<{ token: string; inviteUrl: string; inviteId: string }> {
const res = await request.post(
`${BASE}/api/companies/${companyId}/invites`,
{
data: {
allowedJoinTypes: "human",
humanRole: role,
},
}
);
expect(res.ok()).toBe(true);
const body = await res.json();
return {
token: body.token,
inviteUrl: body.inviteUrl,
inviteId: body.id,
};
}
// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------
test.describe("Multi-user: API", () => {
let companyId: string;
test.beforeAll(async ({ request }) => {
const result = await createCompanyViaWizard(
request,
`MU-API-${Date.now()}`
);
companyId = result.companyId;
});
test("GET /companies/:id/members returns member list with access info", async ({
request,
}) => {
const res = await request.get(
`${BASE}/api/companies/${companyId}/members`
);
expect(res.ok()).toBe(true);
const body = await res.json();
expect(body).toHaveProperty("members");
expect(body).toHaveProperty("access");
expect(Array.isArray(body.members)).toBe(true);
expect(body.access).toHaveProperty("currentUserRole");
expect(body.access).toHaveProperty("canManageMembers");
expect(body.access).toHaveProperty("canInviteUsers");
});
test("POST /companies/:id/invites creates a human invite with role", async ({
request,
}) => {
const res = await request.post(
`${BASE}/api/companies/${companyId}/invites`,
{
data: {
allowedJoinTypes: "human",
humanRole: "operator",
},
}
);
expect(res.ok()).toBe(true);
const body = await res.json();
expect(body).toHaveProperty("token");
expect(body).toHaveProperty("inviteUrl");
expect(body.allowedJoinTypes).toBe("human");
expect(body.inviteUrl).toContain("/invite/");
});
test("GET /invites/:token returns invite summary", async ({ request }) => {
const invite = await createHumanInvite(request, companyId, "viewer");
const res = await request.get(`${BASE}/api/invites/${invite.token}`);
expect(res.ok()).toBe(true);
const body = await res.json();
expect(body).toHaveProperty("companyId");
expect(body).toHaveProperty("allowedJoinTypes");
expect(body.allowedJoinTypes).toBe("human");
expect(body).toHaveProperty("inviteType");
expect(body.inviteType).toBe("company_join");
});
test("POST /invites/:token/accept (human) creates membership", async ({
request,
}) => {
const invite = await createHumanInvite(request, companyId, "operator");
const acceptRes = await request.post(
`${BASE}/api/invites/${invite.token}/accept`,
{
data: { requestType: "human" },
}
);
expect(acceptRes.ok()).toBe(true);
const body = await acceptRes.json();
// In local_trusted, human accept should succeed
expect(body).toHaveProperty("id");
});
test("POST /invites/:token/accept rejects agent on human-only invite", async ({
request,
}) => {
const invite = await createHumanInvite(request, companyId, "operator");
const acceptRes = await request.post(
`${BASE}/api/invites/${invite.token}/accept`,
{
data: { requestType: "agent", agentName: "Rogue" },
}
);
expect(acceptRes.ok()).toBe(false);
expect(acceptRes.status()).toBe(400);
});
test("POST /companies/:id/invites supports all four roles", async ({
request,
}) => {
for (const role of ["owner", "admin", "operator", "viewer"]) {
const res = await request.post(
`${BASE}/api/companies/${companyId}/invites`,
{
data: { allowedJoinTypes: "human", humanRole: role },
}
);
expect(res.ok()).toBe(true);
const body = await res.json();
expect(body.token).toBeTruthy();
}
});
test("PATCH /companies/:id/members/:memberId cannot remove last owner", async ({
request,
}) => {
// Create a fresh company for this test
const fresh = await createCompanyViaWizard(
request,
`MU-LastOwner-${Date.now()}`
);
// First promote the local-board member to owner
const membersRes = await request.get(
`${BASE}/api/companies/${fresh.companyId}/members`
);
const { members } = await membersRes.json();
// Find the board member (should be the only one)
const boardMember = members.find(
(m: { principalId: string }) => m.principalId === "local-board"
);
if (!boardMember) {
test.skip();
return;
}
// Promote to owner first
const promoteRes = await request.patch(
`${BASE}/api/companies/${fresh.companyId}/members/${boardMember.id}`,
{ data: { membershipRole: "owner" } }
);
expect(promoteRes.ok()).toBe(true);
// Now try to demote the last (and only) owner to operator — should fail
const demoteRes = await request.patch(
`${BASE}/api/companies/${fresh.companyId}/members/${boardMember.id}`,
{ data: { membershipRole: "operator" } }
);
expect(demoteRes.status()).toBe(409);
const errBody = await demoteRes.json();
expect(JSON.stringify(errBody)).toContain("last active owner");
});
test("POST /companies/:id/openclaw/invite-prompt creates agent invite", async ({
request,
}) => {
const res = await request.post(
`${BASE}/api/companies/${companyId}/openclaw/invite-prompt`,
{
data: { agentMessage: "E2E test agent invite" },
}
);
expect(res.ok()).toBe(true);
const body = await res.json();
expect(body).toHaveProperty("token");
expect(body).toHaveProperty("inviteUrl");
expect(body.allowedJoinTypes).toBe("agent");
});
});
test.describe("Multi-user: Company Settings UI", () => {
let companyId: string;
let companyPrefix: string;
test.beforeAll(async ({ request }) => {
const result = await createCompanyViaWizard(
request,
`MU-UI-${Date.now()}`
);
companyId = result.companyId;
companyPrefix = result.prefix;
});
test("shows Team and Invites sections on settings page", async ({ page }) => {
await page.goto(`${BASE}/${companyPrefix}/company/settings`);
await page.waitForLoadState("networkidle");
await expect(page.getByTestId("company-settings-invites-section")).toBeVisible({
timeout: 10_000,
});
await expect(page.getByTestId("company-settings-team-section")).toBeVisible({
timeout: 10_000,
});
});
test("shows human invite creation controls", async ({ page }) => {
await page.goto(`${BASE}/${companyPrefix}/company/settings`);
await page.waitForLoadState("networkidle");
const inviteButton = page.getByTestId("company-settings-create-human-invite");
await expect(inviteButton).toBeVisible({ timeout: 10_000 });
const roleSelect = page.getByTestId("company-settings-human-invite-role");
await expect(roleSelect).toBeVisible();
});
test("can create human invite and shows URL", async ({ page }) => {
await page.goto(`${BASE}/${companyPrefix}/company/settings`);
await page.waitForLoadState("networkidle");
const inviteButton = page.getByTestId("company-settings-create-human-invite");
await expect(inviteButton).toBeVisible({ timeout: 10_000 });
await inviteButton.click();
await expect(page.getByTestId("company-settings-human-invite-url")).toBeVisible({
timeout: 10_000,
});
});
});
test.describe("Multi-user: Invite Landing UI", () => {
let companyId: string;
let inviteToken: string;
test.beforeAll(async ({ request }) => {
const result = await createCompanyViaWizard(
request,
`MU-Invite-${Date.now()}`
);
companyId = result.companyId;
const invite = await createHumanInvite(request, companyId, "operator");
inviteToken = invite.token;
});
test("invite landing page loads with join options", async ({ page }) => {
await page.goto(`${BASE}/invite/${inviteToken}`);
await page.waitForLoadState("networkidle");
// Should show the invite landing page heading
await expect(
page.getByRole("heading", { name: /join/i })
).toBeVisible({ timeout: 10_000 });
});
test("invite landing shows human join type", async ({ page }) => {
await page.goto(`${BASE}/invite/${inviteToken}`);
await page.waitForLoadState("networkidle");
// For a human-only invite, should show human join option
const humanOption = page.locator("text=/human/i");
await expect(humanOption).toBeVisible({ timeout: 10_000 });
});
test("expired/invalid invite token returns error", async ({ page }) => {
await page.goto(`${BASE}/invite/invalid-token-e2e-test`);
await page.waitForLoadState("networkidle");
await expect(page.getByTestId("invite-error")).toBeVisible({ timeout: 10_000 });
});
});
test.describe("Multi-user: Member role management API", () => {
let companyId: string;
test.beforeAll(async ({ request }) => {
const result = await createCompanyViaWizard(
request,
`MU-Roles-${Date.now()}`
);
companyId = result.companyId;
});
test("invite + accept creates member with correct role", async ({
request,
}) => {
// Create invite for 'viewer' role
const invite = await createHumanInvite(request, companyId, "viewer");
// Accept the invite
const acceptRes = await request.post(
`${BASE}/api/invites/${invite.token}/accept`,
{ data: { requestType: "human" } }
);
expect(acceptRes.ok()).toBe(true);
// Check members list
const membersRes = await request.get(
`${BASE}/api/companies/${companyId}/members`
);
const { members } = await membersRes.json();
// Should have at least one member (the creator/local-board)
expect(members.length).toBeGreaterThanOrEqual(1);
});
test("PATCH member role updates correctly", async ({ request }) => {
// First create an invite and accept it to get a second member
const invite = await createHumanInvite(request, companyId, "operator");
const acceptRes = await request.post(
`${BASE}/api/invites/${invite.token}/accept`,
{ data: { requestType: "human" } }
);
expect(acceptRes.ok()).toBe(true);
// List members
const membersRes = await request.get(
`${BASE}/api/companies/${companyId}/members`
);
const { members } = await membersRes.json();
// Find a non-owner member to modify
const nonOwner = members.find(
(m: { membershipRole: string }) => m.membershipRole !== "owner"
);
if (!nonOwner) {
test.skip();
return;
}
// Update role to admin
const patchRes = await request.patch(
`${BASE}/api/companies/${companyId}/members/${nonOwner.id}`,
{ data: { membershipRole: "admin" } }
);
expect(patchRes.ok()).toBe(true);
const updated = await patchRes.json();
expect(updated.membershipRole).toBe("admin");
});
test("PATCH member status to suspended works", async ({ request }) => {
// Create another member
const invite = await createHumanInvite(request, companyId, "operator");
await request.post(`${BASE}/api/invites/${invite.token}/accept`, {
data: { requestType: "human" },
});
const membersRes = await request.get(
`${BASE}/api/companies/${companyId}/members`
);
const { members } = await membersRes.json();
const nonOwner = members.find(
(m: { membershipRole: string; status: string }) =>
m.membershipRole !== "owner" && m.status === "active"
);
if (!nonOwner) {
test.skip();
return;
}
const patchRes = await request.patch(
`${BASE}/api/companies/${companyId}/members/${nonOwner.id}`,
{ data: { status: "suspended" } }
);
expect(patchRes.ok()).toBe(true);
const updated = await patchRes.json();
expect(updated.status).toBe("suspended");
});
});
test.describe("Multi-user: Agent invite flow", () => {
let companyId: string;
test.beforeAll(async ({ request }) => {
const result = await createCompanyViaWizard(
request,
`MU-Agent-${Date.now()}`
);
companyId = result.companyId;
});
test("agent invite accept creates pending join request", async ({
request,
}) => {
// Create agent invite
const res = await request.post(
`${BASE}/api/companies/${companyId}/openclaw/invite-prompt`,
{ data: {} }
);
expect(res.ok()).toBe(true);
const { token } = await res.json();
// Accept as agent
const acceptRes = await request.post(
`${BASE}/api/invites/${token}/accept`,
{
data: {
requestType: "agent",
agentName: "TestAgent",
adapterType: "claude_local",
},
}
);
expect(acceptRes.ok()).toBe(true);
const body = await acceptRes.json();
expect(body).toHaveProperty("id");
expect(body.status).toBe("pending_approval");
});
test("join requests list shows pending agent request", async ({
request,
}) => {
const res = await request.get(
`${BASE}/api/companies/${companyId}/join-requests?status=pending_approval`
);
expect(res.ok()).toBe(true);
const requests = await res.json();
expect(Array.isArray(requests)).toBe(true);
});
});
test.describe("Multi-user: Health check integration", () => {
test("health endpoint reports deployment mode", async ({ request }) => {
const res = await request.get(`${BASE}/api/health`);
expect(res.ok()).toBe(true);
const body = await res.json();
expect(body).toHaveProperty("deploymentMode");
expect(body).toHaveProperty("authReady");
expect(body.authReady).toBe(true);
});
});
Reference in New Issue View Git Blame Copy Permalink