8da50dbcf8
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies. > - Fresh self-hosted deployments need an operator path before any invite exists. > - Umbrel installs are private LAN deployments, so a one-time browser claim is appropriate only when the deployment is private and unclaimed. > - Public deployments and installs with active invites must keep the existing invite-only model so admin creation is not exposed broadly. > - GitHub PR #2927 established the useful direction, but it needed to be adapted onto current `master` rather than merged as-is. > - This pull request adds that adapted private-only claim flow across server, UI, docs, and regression coverage. > - The benefit is that a fresh private Umbrel-style install can be claimed from the browser without weakening public deployment access. ## What Changed - Added a first-admin claim service and access route support for one-time admin claim eligibility on private unclaimed deployments. - Updated the bootstrap/access UI so eligible private installs show a setup claim path, while public and invited deployments keep invite-first behavior. - Added a bootstrap-pending setup UX lab covering claim, invite, public, and signed-in access states. - Updated deployment and local development docs for authenticated private/public behavior and the Umbrel-style claim path. - Added server and UI regression tests for private claim, public no-claim, active invite fallback, existing board/no-access flows, and health exposure reporting. - Stabilized PR handoff verification by serializing the aggregate server Vitest workspace run, forcing `NODE_ENV=test`, and relaxing the heartbeat batching test around legitimate recovery follow-up runs. ## Verification - `pnpm -r typecheck` - `pnpm build` - `pnpm vitest --run server/src/__tests__/heartbeat-comment-wake-batching.test.ts` - `pnpm vitest --run server/src/__tests__/health-dev-server-token.test.ts` - `pnpm test:run` - QA validation: PAP-10115 passed browser validation with screenshots for private fresh install claim, active invite versus claim conflict, public invite-only/claim-absent behavior, existing invite fallback, and normal board/no-access flows. - GitHub closeout: issue #2579 and PR #2927 were updated with the accepted direction: adapt the implementation, do not direct-merge #2927 as-is. ## Risks - The claim endpoint must remain private-only and one-time; a regression here could expose admin creation on public deployments. - Existing invite behavior must remain intact for public deployments and installs that already have an active invite. - The stable Vitest harness now serializes the aggregate server workspace group; this is slower, but it avoids DB-backed suite collisions under root workspace mode. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected - check the roadmap first. See `CONTRIBUTING.md`. > > ROADMAP.md checked: this is a scoped deployment bootstrap/access fix and does not duplicate a listed roadmap project. ## Model Used - OpenAI GPT-5 Codex via Paperclip `codex_local` for product engineering, implementation, and verification, with tool-enabled local code execution. Paperclip QA browser validation was performed in PAP-10115 by the assigned QA agent; exact adapter model metadata for that QA run is not exposed in this PR context. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
129 lines
4.7 KiB
TypeScript
129 lines
4.7 KiB
TypeScript
import { Navigate, Outlet, useLocation } from "@/lib/router";
|
|
import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
|
|
import { accessApi } from "@/api/access";
|
|
import { ApiError } from "@/api/client";
|
|
import { authApi } from "@/api/auth";
|
|
import { healthApi } from "@/api/health";
|
|
import { queryKeys } from "@/lib/queryKeys";
|
|
import { BootstrapPendingPage } from "@/components/BootstrapPendingPage";
|
|
|
|
function NoBoardAccessPage() {
|
|
return (
|
|
<div className="mx-auto max-w-xl py-10">
|
|
<div className="rounded-lg border border-border bg-card p-6">
|
|
<h1 className="text-xl font-semibold">No company access</h1>
|
|
<p className="mt-2 text-sm text-muted-foreground">
|
|
This account is signed in, but it does not have an active company membership or instance-admin access on
|
|
this Paperclip instance.
|
|
</p>
|
|
<p className="mt-2 text-sm text-muted-foreground">
|
|
Use a company invite or sign in with an account that already belongs to this org.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
);
|
|
}
|
|
|
|
export function CloudAccessGate() {
|
|
const location = useLocation();
|
|
const queryClient = useQueryClient();
|
|
const healthQuery = useQuery({
|
|
queryKey: queryKeys.health,
|
|
queryFn: () => healthApi.get(),
|
|
retry: false,
|
|
refetchInterval: (query) => {
|
|
const data = query.state.data as
|
|
| { deploymentMode?: "local_trusted" | "authenticated"; bootstrapStatus?: "ready" | "bootstrap_pending" }
|
|
| undefined;
|
|
return data?.deploymentMode === "authenticated" && data.bootstrapStatus === "bootstrap_pending"
|
|
? 2000
|
|
: false;
|
|
},
|
|
refetchIntervalInBackground: true,
|
|
});
|
|
|
|
const isAuthenticatedMode = healthQuery.data?.deploymentMode === "authenticated";
|
|
const isBootstrapPending = isAuthenticatedMode && healthQuery.data?.bootstrapStatus === "bootstrap_pending";
|
|
const sessionQuery = useQuery({
|
|
queryKey: queryKeys.auth.session,
|
|
queryFn: () => authApi.getSession(),
|
|
enabled: isAuthenticatedMode,
|
|
retry: false,
|
|
});
|
|
|
|
const boardAccessQuery = useQuery({
|
|
queryKey: queryKeys.access.currentBoardAccess,
|
|
queryFn: () => accessApi.getCurrentBoardAccess(),
|
|
enabled: isAuthenticatedMode && !isBootstrapPending && !!sessionQuery.data,
|
|
retry: false,
|
|
});
|
|
const claimMutation = useMutation({
|
|
mutationFn: () => accessApi.claimBootstrapAdmin(),
|
|
onSuccess: async () => {
|
|
await queryClient.invalidateQueries({ queryKey: queryKeys.auth.session });
|
|
await queryClient.invalidateQueries({ queryKey: queryKeys.health });
|
|
await queryClient.invalidateQueries({ queryKey: queryKeys.companies.all });
|
|
await queryClient.invalidateQueries({ queryKey: queryKeys.companies.stats });
|
|
await queryClient.invalidateQueries({ queryKey: queryKeys.access.currentBoardAccess });
|
|
},
|
|
});
|
|
|
|
if (
|
|
healthQuery.isLoading ||
|
|
(isAuthenticatedMode && sessionQuery.isLoading) ||
|
|
(isAuthenticatedMode && !isBootstrapPending && !!sessionQuery.data && boardAccessQuery.isLoading)
|
|
) {
|
|
return <div className="mx-auto max-w-xl py-10 text-sm text-muted-foreground">Loading...</div>;
|
|
}
|
|
|
|
if (healthQuery.error || boardAccessQuery.error) {
|
|
return (
|
|
<div className="mx-auto max-w-xl py-10 text-sm text-destructive">
|
|
{healthQuery.error instanceof Error
|
|
? healthQuery.error.message
|
|
: boardAccessQuery.error instanceof Error
|
|
? boardAccessQuery.error.message
|
|
: "Failed to load app state"}
|
|
</div>
|
|
);
|
|
}
|
|
|
|
if (isBootstrapPending) {
|
|
const health = healthQuery.data;
|
|
if (!health) {
|
|
return <div className="mx-auto max-w-xl py-10 text-sm text-muted-foreground">Loading...</div>;
|
|
}
|
|
const claimError = claimMutation.error instanceof ApiError
|
|
? { status: claimMutation.error.status, message: claimMutation.error.message }
|
|
: claimMutation.error instanceof Error
|
|
? { message: claimMutation.error.message }
|
|
: null;
|
|
return (
|
|
<BootstrapPendingPage
|
|
claimAvailable={health.deploymentExposure === "private"}
|
|
hasActiveInvite={health.bootstrapInviteActive}
|
|
session={sessionQuery.data}
|
|
claimState={claimMutation.isSuccess ? "success" : claimMutation.isPending ? "claiming" : "idle"}
|
|
claimError={claimError}
|
|
onClaim={() => claimMutation.mutate()}
|
|
/>
|
|
);
|
|
}
|
|
|
|
if (isAuthenticatedMode && !sessionQuery.data) {
|
|
const next = encodeURIComponent(`${location.pathname}${location.search}`);
|
|
return <Navigate to={`/auth?next=${next}`} replace />;
|
|
}
|
|
|
|
if (
|
|
isAuthenticatedMode &&
|
|
sessionQuery.data &&
|
|
!boardAccessQuery.data?.isInstanceAdmin &&
|
|
(boardAccessQuery.data?.companyIds.length ?? 0) === 0
|
|
) {
|
|
return <NoBoardAccessPage />;
|
|
}
|
|
|
|
return <Outlet />;
|
|
}
|