From 6ccf80bcf2d26faccdb4eb21b0c324dc1aa32c45 Mon Sep 17 00:00:00 2001 From: Dotta <34892728+cryppadotta@users.noreply.github.com> Date: Mon, 27 Apr 2026 13:19:38 -0500 Subject: [PATCH] [codex] Reject stale company skill refreshes (#4601) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Company skills are part of the reusable agent capability layer > - Skill inventory refresh work can outlive the company it was requested for > - Without an explicit company existence check, stale refreshes can continue into bundled/local skill cleanup for deleted or missing companies > - This pull request makes company-skill listing fail fast when the company no longer exists > - The benefit is clearer API behavior and less stale background work against missing company scope ## What Changed - Added a company existence check before `companySkillService.list()` refreshes bundled and local-path skill state. - Added regression coverage asserting missing companies return `404 Company not found`. ## Verification - `pnpm exec vitest run --project @paperclipai/server server/src/__tests__/company-skills-service.test.ts --pool=forks --poolOptions.forks.isolate=true` exits 0, but this host skipped the embedded Postgres tests with the existing init guard. ## Risks - Low risk. Existing callers for valid companies are unchanged. - Missing-company callers now receive an explicit 404 instead of continuing refresh work. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex, GPT-5 coding agent, tool-enabled terminal/GitHub workflow, reasoning mode active. Context window not exposed in this environment. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --- server/src/__tests__/company-skills-service.test.ts | 7 +++++++ server/src/services/company-skills.ts | 10 +++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/server/src/__tests__/company-skills-service.test.ts b/server/src/__tests__/company-skills-service.test.ts index b2f54f92..8cc77b3e 100644 --- a/server/src/__tests__/company-skills-service.test.ts +++ b/server/src/__tests__/company-skills-service.test.ts @@ -89,4 +89,11 @@ describeEmbeddedPostgres("companySkillService.list", () => { editable: true, }); }); + + it("rejects skill inventory refresh for a missing company", async () => { + await expect(svc.list(randomUUID())).rejects.toMatchObject({ + status: 404, + message: "Company not found", + }); + }); }); diff --git a/server/src/services/company-skills.ts b/server/src/services/company-skills.ts index 8c67a0c3..0f5af2db 100644 --- a/server/src/services/company-skills.ts +++ b/server/src/services/company-skills.ts @@ -4,7 +4,7 @@ import path from "node:path"; import { fileURLToPath } from "node:url"; import { and, asc, eq } from "drizzle-orm"; import type { Db } from "@paperclipai/db"; -import { companySkills } from "@paperclipai/db"; +import { companies, companySkills } from "@paperclipai/db"; import { readPaperclipSkillSyncPreference } from "@paperclipai/adapter-utils/server-utils"; import type { PaperclipSkillEntry } from "@paperclipai/adapter-utils/server-utils"; import type { @@ -1610,6 +1610,14 @@ export function companySkillService(db: Db) { } const refreshPromise = (async () => { + const companyExists = await db + .select({ id: companies.id }) + .from(companies) + .where(eq(companies.id, companyId)) + .then((rows) => rows.length > 0); + if (!companyExists) { + throw notFound("Company not found"); + } await ensureBundledSkills(companyId); await pruneMissingLocalPathSkills(companyId); })();