forked from farhoodlabs/paperclip
Dotta
e43b392a79
## Thinking Path > - Paperclip is the control plane for AI-agent companies. > - Operators need a path to move local company state toward Paperclip Cloud without losing local-first control. > - The Cloud Upstream flow needs API, persistence, CLI, and board UI surfaces that agree on the same manifest/run model. > - The existing branch had the feature work plus UX and error-handling follow-ups. > - This pull request packages the remaining Cloud Upstream sync work into one standalone branch. > - The benefit is an inspectable local-to-cloud sync workflow with preview, conflicts, activation, and captured UX review states. ## What Changed - Added Cloud Upstream shared types, server routes/services, and persisted run schema/migration. - Added Paperclip Cloud CLI sync helpers and local connection storage. - Added the Cloud Upstream board UI, settings entry points, query keys, and UX lab page. - Added preview/activation checklist behavior, redirect handling, manifest-only preview support, friendly errors, in-flight hints, and entity count summaries. ## Verification - `pnpm --filter @paperclipai/plugin-sdk build` - `NODE_ENV=test pnpm exec vitest run cli/src/__tests__/cloud.test.ts server/src/__tests__/instance-settings-routes.test.ts server/src/__tests__/instance-settings-service.test.ts ui/src/pages/CloudUpstream.test.tsx ui/src/components/CompanySettingsSidebar.test.tsx` - `NODE_ENV=test pnpm exec vitest run server/src/__tests__/cloud-upstreams.test.ts` Worktree setup note: the isolated worktree install skipped native sqlite build scripts, so I copied the already-built local sqlite binding from the main checkout before running `server/src/__tests__/cloud-upstreams.test.ts`. The test then passed. ## Risks - Medium: this adds a database migration and a broad feature path across CLI/server/UI. - Merge order: this is the only PR in this split with a DB migration; merge it before any future Cloud Upstream migration follow-up. - Mitigation: the PR is based directly on current `origin/master`, has targeted route/service/UI tests, and keeps the feature behind existing experimental Cloud Sync settings. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI GPT-5 Codex via `codex_local`, tool-enabled coding session; exact context window not exposed by this runtime. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, screenshot artifacts are intentionally omitted per reviewer request - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge
178 lines
5.8 KiB
TypeScript
178 lines
5.8 KiB
TypeScript
import fs from "node:fs";
|
|
import path from "node:path";
|
|
import { resolvePaperclipInstanceRoot } from "../../config/home.js";
|
|
|
|
export interface CloudConnectionTokenRecord {
|
|
id: string;
|
|
companyStackId: string;
|
|
targetOrigin: string;
|
|
sourceInstanceId: string;
|
|
sourceInstanceFingerprint: string;
|
|
scopes: string[];
|
|
expiresAt: string;
|
|
[key: string]: unknown;
|
|
}
|
|
|
|
export interface CloudConnection {
|
|
id: string;
|
|
remoteUrl: string;
|
|
targetOrigin: string;
|
|
targetHost: string;
|
|
stackId: string;
|
|
stackSlug?: string | null;
|
|
stackDisplayName?: string | null;
|
|
targetCompanyId: string;
|
|
accessToken: string;
|
|
token: CloudConnectionTokenRecord;
|
|
privateKeyPem: string;
|
|
sourcePublicKey: string;
|
|
sourceInstanceId: string;
|
|
sourceInstanceFingerprint: string;
|
|
scopes: string[];
|
|
createdAt: string;
|
|
updatedAt: string;
|
|
}
|
|
|
|
interface CloudConnectionStore {
|
|
version: 1;
|
|
connections: Record<string, CloudConnection>;
|
|
currentConnectionId?: string;
|
|
}
|
|
|
|
function defaultStore(): CloudConnectionStore {
|
|
return {
|
|
version: 1,
|
|
connections: {},
|
|
};
|
|
}
|
|
|
|
export function resolveCloudConnectionStorePath(): string {
|
|
return path.resolve(resolvePaperclipInstanceRoot(), "secrets", "cloud-upstream-connections.json");
|
|
}
|
|
|
|
export function readCloudConnectionStore(storePath = resolveCloudConnectionStorePath()): CloudConnectionStore {
|
|
if (!fs.existsSync(storePath)) return defaultStore();
|
|
const raw = JSON.parse(fs.readFileSync(storePath, "utf8")) as Partial<CloudConnectionStore> | null;
|
|
const connections: Record<string, CloudConnection> = {};
|
|
if (raw?.connections && typeof raw.connections === "object") {
|
|
for (const [id, value] of Object.entries(raw.connections)) {
|
|
const normalized = normalizeConnection(value);
|
|
if (normalized) connections[id] = normalized;
|
|
}
|
|
}
|
|
const currentConnectionId =
|
|
typeof raw?.currentConnectionId === "string" && connections[raw.currentConnectionId]
|
|
? raw.currentConnectionId
|
|
: Object.values(connections).sort((left, right) => right.updatedAt.localeCompare(left.updatedAt))[0]?.id;
|
|
return {
|
|
version: 1,
|
|
connections,
|
|
currentConnectionId,
|
|
};
|
|
}
|
|
|
|
export function writeCloudConnectionStore(
|
|
store: CloudConnectionStore,
|
|
storePath = resolveCloudConnectionStorePath(),
|
|
): void {
|
|
fs.mkdirSync(path.dirname(storePath), { recursive: true });
|
|
fs.writeFileSync(storePath, `${JSON.stringify(store, null, 2)}\n`, { mode: 0o600 });
|
|
}
|
|
|
|
export function upsertCloudConnection(
|
|
connection: CloudConnection,
|
|
storePath = resolveCloudConnectionStorePath(),
|
|
): CloudConnection {
|
|
const store = readCloudConnectionStore(storePath);
|
|
const existing = store.connections[connection.id];
|
|
const now = new Date().toISOString();
|
|
const next = {
|
|
...connection,
|
|
createdAt: existing?.createdAt ?? connection.createdAt ?? now,
|
|
updatedAt: now,
|
|
};
|
|
store.connections[next.id] = next;
|
|
store.currentConnectionId = next.id;
|
|
writeCloudConnectionStore(store, storePath);
|
|
return next;
|
|
}
|
|
|
|
export function getCloudConnection(
|
|
remoteUrlOrOrigin?: string,
|
|
storePath = resolveCloudConnectionStorePath(),
|
|
): CloudConnection | null {
|
|
const store = readCloudConnectionStore(storePath);
|
|
if (remoteUrlOrOrigin?.trim()) {
|
|
const needle = normalizeRemoteLookup(remoteUrlOrOrigin);
|
|
return Object.values(store.connections).find((connection) =>
|
|
normalizeRemoteLookup(connection.remoteUrl) === needle ||
|
|
normalizeRemoteLookup(connection.targetOrigin) === needle
|
|
) ?? null;
|
|
}
|
|
return store.currentConnectionId ? store.connections[store.currentConnectionId] ?? null : null;
|
|
}
|
|
|
|
function normalizeRemoteLookup(value: string): string {
|
|
try {
|
|
const url = new URL(value);
|
|
return url.origin.replace(/\/+$/u, "");
|
|
} catch {
|
|
return value.trim().replace(/\/+$/u, "");
|
|
}
|
|
}
|
|
|
|
function normalizeConnection(value: unknown): CloudConnection | null {
|
|
if (typeof value !== "object" || value === null || Array.isArray(value)) return null;
|
|
const record = value as Record<string, unknown>;
|
|
const id = stringValue(record.id);
|
|
const remoteUrl = stringValue(record.remoteUrl);
|
|
const targetOrigin = stringValue(record.targetOrigin);
|
|
const targetHost = stringValue(record.targetHost);
|
|
const stackId = stringValue(record.stackId);
|
|
const targetCompanyId = stringValue(record.targetCompanyId);
|
|
const accessToken = stringValue(record.accessToken);
|
|
const token = typeof record.token === "object" && record.token !== null && !Array.isArray(record.token)
|
|
? record.token as CloudConnectionTokenRecord
|
|
: null;
|
|
const privateKeyPem = stringValue(record.privateKeyPem);
|
|
const sourcePublicKey = stringValue(record.sourcePublicKey);
|
|
const sourceInstanceId = stringValue(record.sourceInstanceId);
|
|
const sourceInstanceFingerprint = stringValue(record.sourceInstanceFingerprint);
|
|
const createdAt = stringValue(record.createdAt);
|
|
const updatedAt = stringValue(record.updatedAt);
|
|
if (
|
|
!id || !remoteUrl || !targetOrigin || !targetHost || !stackId || !targetCompanyId ||
|
|
!accessToken || !token || !privateKeyPem || !sourcePublicKey || !sourceInstanceId ||
|
|
!sourceInstanceFingerprint || !createdAt || !updatedAt
|
|
) {
|
|
return null;
|
|
}
|
|
return {
|
|
id,
|
|
remoteUrl,
|
|
targetOrigin,
|
|
targetHost,
|
|
stackId,
|
|
stackSlug: stringValue(record.stackSlug),
|
|
stackDisplayName: stringValue(record.stackDisplayName),
|
|
targetCompanyId,
|
|
accessToken,
|
|
token,
|
|
privateKeyPem,
|
|
sourcePublicKey,
|
|
sourceInstanceId,
|
|
sourceInstanceFingerprint,
|
|
scopes: stringArray(record.scopes),
|
|
createdAt,
|
|
updatedAt,
|
|
};
|
|
}
|
|
|
|
function stringValue(value: unknown): string | null {
|
|
return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
|
|
}
|
|
|
|
function stringArray(value: unknown): string[] {
|
|
return Array.isArray(value) ? value.filter((entry): entry is string => typeof entry === "string") : [];
|
|
}
|