farhoodlabs/paperclip
8
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
838480faef2ab341e97690ba0d2c995ebfcee729
paperclip/server/src/startup-banner.ts
T
Forgotten fe6a8687c1 Implement local agent JWT authentication for adapters 
Add HS256 JWT-based authentication for local adapters (claude_local, codex_local)
so agents authenticate automatically without manual API key configuration. The
server mints short-lived JWTs per heartbeat run and injects them as PAPERCLIP_API_KEY.
The auth middleware verifies JWTs alongside existing static API keys.

Includes: CLI onboard/doctor JWT secret management, env command for deployment,
config path resolution from ancestor directories, dotenv loading on server startup,
event payload secret redaction, multi-status issue filtering, and adapter transcript
parsing for thinking/user message kinds.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 16:46:45 -06:00

159 lines
5.7 KiB
TypeScript
Raw Blame History

import { existsSync, readFileSync } from "node:fs";
import { resolvePaperclipConfigPath, resolvePaperclipEnvPath } from "./paths.js";
import { parse as parseEnvFileContents } from "dotenv";
type UiMode = "none" | "static" | "vite-dev";
type ExternalPostgresInfo = {
mode: "external-postgres";
connectionString: string;
};
type EmbeddedPostgresInfo = {
mode: "embedded-postgres";
dataDir: string;
port: number;
};
type StartupBannerOptions = {
requestedPort: number;
listenPort: number;
uiMode: UiMode;
db: ExternalPostgresInfo | EmbeddedPostgresInfo;
migrationSummary: string;
heartbeatSchedulerEnabled: boolean;
heartbeatSchedulerIntervalMs: number;
};
const ansi = {
reset: "\x1b[0m",
bold: "\x1b[1m",
dim: "\x1b[2m",
cyan: "\x1b[36m",
green: "\x1b[32m",
yellow: "\x1b[33m",
magenta: "\x1b[35m",
blue: "\x1b[34m",
};
function color(text: string, c: keyof typeof ansi): string {
return `${ansi[c]}${text}${ansi.reset}`;
}
function row(label: string, value: string): string {
return `${color(label.padEnd(16), "dim")} ${value}`;
}
function redactConnectionString(raw: string): string {
try {
const u = new URL(raw);
const user = u.username || "user";
const auth = `${user}:***@`;
return `${u.protocol}//${auth}${u.host}${u.pathname}`;
} catch {
return "<invalid DATABASE_URL>";
}
}
function resolveAgentJwtSecretStatus(
envFilePath: string,
): {
status: "pass" | "warn";
message: string;
} {
const envValue = process.env.PAPERCLIP_AGENT_JWT_SECRET?.trim();
if (envValue) {
return {
status: "pass",
message: "set",
};
}
if (existsSync(envFilePath)) {
const parsed = parseEnvFileContents(readFileSync(envFilePath, "utf-8"));
const fileValue = typeof parsed.PAPERCLIP_AGENT_JWT_SECRET === "string" ? parsed.PAPERCLIP_AGENT_JWT_SECRET.trim() : "";
if (fileValue) {
return {
status: "warn",
message: `found in ${envFilePath} but not loaded`,
};
}
}
return {
status: "warn",
message: "missing (run `pnpm paperclip onboard`)",
};
}
export function printStartupBanner(opts: StartupBannerOptions): void {
const baseUrl = `http://localhost:${opts.listenPort}`;
const apiUrl = `${baseUrl}/api`;
const uiUrl = opts.uiMode === "none" ? "disabled" : baseUrl;
const configPath = resolvePaperclipConfigPath();
const envFilePath = resolvePaperclipEnvPath();
const agentJwtSecret = resolveAgentJwtSecretStatus(envFilePath);
const dbMode =
opts.db.mode === "embedded-postgres"
? color("embedded-postgres", "green")
: color("external-postgres", "yellow");
const uiMode =
opts.uiMode === "vite-dev"
? color("vite-dev-middleware", "cyan")
: opts.uiMode === "static"
? color("static-ui", "magenta")
: color("headless-api", "yellow");
const portValue =
opts.requestedPort === opts.listenPort
? `${opts.listenPort}`
: `${opts.listenPort} ${color(`(requested ${opts.requestedPort})`, "dim")}`;
const dbDetails =
opts.db.mode === "embedded-postgres"
? `${opts.db.dataDir} ${color(`(pg:${opts.db.port})`, "dim")}`
: redactConnectionString(opts.db.connectionString);
const heartbeat = opts.heartbeatSchedulerEnabled
? `enabled ${color(`(${opts.heartbeatSchedulerIntervalMs}ms)`, "dim")}`
: color("disabled", "yellow");
const art = [
color("██████╗ █████╗ ██████╗ ███████╗██████╗ ██████╗██╗ ██╗██████╗ ", "cyan"),
color("██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔══██╗██╔════╝██║ ██║██╔══██╗", "cyan"),
color("██████╔╝███████║██████╔╝█████╗ ██████╔╝██║ ██║ ██║██████╔╝", "cyan"),
color("██╔═══╝ ██╔══██║██╔═══╝ ██╔══╝ ██╔══██╗██║ ██║ ██║██╔═══╝ ", "cyan"),
color("██║ ██║ ██║██║ ███████╗██║ ██║╚██████╗███████╗██║██║ ", "cyan"),
color("╚═╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝╚══════╝╚═╝╚═╝ ", "cyan"),
];
const lines = [
"",
...art,
color(" ───────────────────────────────────────────────────────", "blue"),
row("Mode", `${dbMode} | ${uiMode}`),
row("Server", portValue),
row("API", `${apiUrl} ${color(`(health: ${apiUrl}/health)`, "dim")}`),
row("UI", uiUrl),
row("Database", dbDetails),
row("Migrations", opts.migrationSummary),
row(
"Agent JWT",
agentJwtSecret.status === "pass"
? color(agentJwtSecret.message, "green")
: color(agentJwtSecret.message, "yellow"),
),
row("Heartbeat", heartbeat),
row("Config", configPath),
agentJwtSecret.status === "warn"
? color(" ───────────────────────────────────────────────────────", "yellow")
: null,
color(" ───────────────────────────────────────────────────────", "blue"),
"",
];
console.log(lines.filter((line): line is string => line !== null).join("\n"));
}
Reference in New Issue View Git Blame Copy Permalink