Add routines automation workflows

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-19 08:39:24 -05:00
parent 7a652b8998
commit 8f5196f7d6
35 changed files with 25977 additions and 5 deletions
--- a/server/src/routes/index.ts
+++ b/server/src/routes/index.ts
@@ -4,6 +4,7 @@ export { companySkillRoutes } from "./company-skills.js";
 export { agentRoutes } from "./agents.js";
 export { projectRoutes } from "./projects.js";
 export { issueRoutes } from "./issues.js";
+export { routineRoutes } from "./routines.js";
 export { goalRoutes } from "./goals.js";
 export { approvalRoutes } from "./approvals.js";
 export { secretRoutes } from "./secrets.js";
--- a/server/src/routes/issues.ts
+++ b/server/src/routes/issues.ts
@@ -27,6 +27,7 @@ import {
  documentService,
  logActivity,
  projectService,
+  routineService,
  workProductService,
 } from "../services/index.js";
 import { logger } from "../middleware/logger.js";
@@ -49,6 +50,7 @@ export function issueRoutes(db: Db, storage: StorageService) {
  const executionWorkspacesSvc = executionWorkspaceService(db);
  const workProductsSvc = workProductService(db);
  const documentsSvc = documentService(db);
+  const routinesSvc = routineService(db);
  const upload = multer({
    storage: multer.memoryStorage(),
    limits: { fileSize: MAX_ATTACHMENT_BYTES, files: 1 },
@@ -236,6 +238,10 @@ export function issueRoutes(db: Db, storage: StorageService) {
      projectId: req.query.projectId as string | undefined,
      parentId: req.query.parentId as string | undefined,
      labelId: req.query.labelId as string | undefined,
+      originKind: req.query.originKind as string | undefined,
+      originId: req.query.originId as string | undefined,
+      includeRoutineExecutions:
+        req.query.includeRoutineExecutions === "true" || req.query.includeRoutineExecutions === "1",
      q: req.query.q as string | undefined,
    });
    res.json(result);
@@ -855,6 +861,7 @@ export function issueRoutes(db: Db, storage: StorageService) {
      res.status(404).json({ error: "Issue not found" });
      return;
    }
+    await routinesSvc.syncRunStatusForIssue(issue.id);

    // Build activity details with previous values for changed fields
    const previous: Record<string, unknown> = {};
--- a/server/src/routes/routines.ts
+++ b/server/src/routes/routines.ts
@@ -0,0 +1,244 @@
+import { Router, type Request } from "express";
+import type { Db } from "@paperclipai/db";
+import {
+  createRoutineSchema,
+  createRoutineTriggerSchema,
+  rotateRoutineTriggerSecretSchema,
+  runRoutineSchema,
+  updateRoutineSchema,
+  updateRoutineTriggerSchema,
+} from "@paperclipai/shared";
+import { validate } from "../middleware/validate.js";
+import { logActivity, routineService } from "../services/index.js";
+import { assertCompanyAccess, getActorInfo } from "./authz.js";
+import { forbidden, unauthorized } from "../errors.js";
+
+export function routineRoutes(db: Db) {
+  const router = Router();
+  const svc = routineService(db);
+
+  async function assertCanManageCompanyRoutine(req: Request, companyId: string, assigneeAgentId?: string | null) {
+    assertCompanyAccess(req, companyId);
+    if (req.actor.type === "board") return;
+    if (req.actor.type !== "agent" || !req.actor.agentId) throw unauthorized();
+    if (assigneeAgentId && assigneeAgentId !== req.actor.agentId) {
+      throw forbidden("Agents can only manage routines assigned to themselves");
+    }
+  }
+
+  async function assertCanManageExistingRoutine(req: Request, routineId: string) {
+    const routine = await svc.get(routineId);
+    if (!routine) return null;
+    assertCompanyAccess(req, routine.companyId);
+    if (req.actor.type === "board") return routine;
+    if (req.actor.type !== "agent" || !req.actor.agentId) throw unauthorized();
+    if (routine.assigneeAgentId !== req.actor.agentId) {
+      throw forbidden("Agents can only manage routines assigned to themselves");
+    }
+    return routine;
+  }
+
+  router.get("/companies/:companyId/routines", async (req, res) => {
+    const companyId = req.params.companyId as string;
+    assertCompanyAccess(req, companyId);
+    const result = await svc.list(companyId);
+    res.json(result);
+  });
+
+  router.post("/companies/:companyId/routines", validate(createRoutineSchema), async (req, res) => {
+    const companyId = req.params.companyId as string;
+    await assertCanManageCompanyRoutine(req, companyId, req.body.assigneeAgentId);
+    const created = await svc.create(companyId, req.body, {
+      agentId: req.actor.type === "agent" ? req.actor.agentId : null,
+      userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null,
+    });
+    const actor = getActorInfo(req);
+    await logActivity(db, {
+      companyId,
+      actorType: actor.actorType,
+      actorId: actor.actorId,
+      agentId: actor.agentId,
+      runId: actor.runId,
+      action: "routine.created",
+      entityType: "routine",
+      entityId: created.id,
+      details: { title: created.title, assigneeAgentId: created.assigneeAgentId },
+    });
+    res.status(201).json(created);
+  });
+
+  router.get("/routines/:id", async (req, res) => {
+    const detail = await svc.getDetail(req.params.id as string);
+    if (!detail) {
+      res.status(404).json({ error: "Routine not found" });
+      return;
+    }
+    assertCompanyAccess(req, detail.companyId);
+    res.json(detail);
+  });
+
+  router.patch("/routines/:id", validate(updateRoutineSchema), async (req, res) => {
+    const routine = await assertCanManageExistingRoutine(req, req.params.id as string);
+    if (!routine) {
+      res.status(404).json({ error: "Routine not found" });
+      return;
+    }
+    if (req.actor.type === "agent" && req.body.assigneeAgentId && req.body.assigneeAgentId !== req.actor.agentId) {
+      throw forbidden("Agents can only assign routines to themselves");
+    }
+    const updated = await svc.update(routine.id, req.body, {
+      agentId: req.actor.type === "agent" ? req.actor.agentId : null,
+      userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null,
+    });
+    const actor = getActorInfo(req);
+    await logActivity(db, {
+      companyId: routine.companyId,
+      actorType: actor.actorType,
+      actorId: actor.actorId,
+      agentId: actor.agentId,
+      runId: actor.runId,
+      action: "routine.updated",
+      entityType: "routine",
+      entityId: routine.id,
+      details: { title: updated?.title ?? routine.title },
+    });
+    res.json(updated);
+  });
+
+  router.get("/routines/:id/runs", async (req, res) => {
+    const routine = await svc.get(req.params.id as string);
+    if (!routine) {
+      res.status(404).json({ error: "Routine not found" });
+      return;
+    }
+    assertCompanyAccess(req, routine.companyId);
+    const limit = Number(req.query.limit ?? 50);
+    const result = await svc.listRuns(routine.id, Number.isFinite(limit) ? limit : 50);
+    res.json(result);
+  });
+
+  router.post("/routines/:id/triggers", validate(createRoutineTriggerSchema), async (req, res) => {
+    const routine = await assertCanManageExistingRoutine(req, req.params.id as string);
+    if (!routine) {
+      res.status(404).json({ error: "Routine not found" });
+      return;
+    }
+    const created = await svc.createTrigger(routine.id, req.body, {
+      agentId: req.actor.type === "agent" ? req.actor.agentId : null,
+      userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null,
+    });
+    const actor = getActorInfo(req);
+    await logActivity(db, {
+      companyId: routine.companyId,
+      actorType: actor.actorType,
+      actorId: actor.actorId,
+      agentId: actor.agentId,
+      runId: actor.runId,
+      action: "routine.trigger_created",
+      entityType: "routine_trigger",
+      entityId: created.trigger.id,
+      details: { routineId: routine.id, kind: created.trigger.kind },
+    });
+    res.status(201).json(created);
+  });
+
+  router.patch("/routine-triggers/:id", validate(updateRoutineTriggerSchema), async (req, res) => {
+    const trigger = await svc.getTrigger(req.params.id as string);
+    if (!trigger) {
+      res.status(404).json({ error: "Routine trigger not found" });
+      return;
+    }
+    const routine = await assertCanManageExistingRoutine(req, trigger.routineId);
+    if (!routine) {
+      res.status(404).json({ error: "Routine not found" });
+      return;
+    }
+    const updated = await svc.updateTrigger(trigger.id, req.body, {
+      agentId: req.actor.type === "agent" ? req.actor.agentId : null,
+      userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null,
+    });
+    const actor = getActorInfo(req);
+    await logActivity(db, {
+      companyId: routine.companyId,
+      actorType: actor.actorType,
+      actorId: actor.actorId,
+      agentId: actor.agentId,
+      runId: actor.runId,
+      action: "routine.trigger_updated",
+      entityType: "routine_trigger",
+      entityId: trigger.id,
+      details: { routineId: routine.id, kind: updated?.kind ?? trigger.kind },
+    });
+    res.json(updated);
+  });
+
+  router.post(
+    "/routine-triggers/:id/rotate-secret",
+    validate(rotateRoutineTriggerSecretSchema),
+    async (req, res) => {
+      const trigger = await svc.getTrigger(req.params.id as string);
+      if (!trigger) {
+        res.status(404).json({ error: "Routine trigger not found" });
+        return;
+      }
+      const routine = await assertCanManageExistingRoutine(req, trigger.routineId);
+      if (!routine) {
+        res.status(404).json({ error: "Routine not found" });
+        return;
+      }
+      const rotated = await svc.rotateTriggerSecret(trigger.id, {
+        agentId: req.actor.type === "agent" ? req.actor.agentId : null,
+        userId: req.actor.type === "board" ? req.actor.userId ?? "board" : null,
+      });
+      const actor = getActorInfo(req);
+      await logActivity(db, {
+        companyId: routine.companyId,
+        actorType: actor.actorType,
+        actorId: actor.actorId,
+        agentId: actor.agentId,
+        runId: actor.runId,
+        action: "routine.trigger_secret_rotated",
+        entityType: "routine_trigger",
+        entityId: trigger.id,
+        details: { routineId: routine.id },
+      });
+      res.json(rotated);
+    },
+  );
+
+  router.post("/routines/:id/run", validate(runRoutineSchema), async (req, res) => {
+    const routine = await assertCanManageExistingRoutine(req, req.params.id as string);
+    if (!routine) {
+      res.status(404).json({ error: "Routine not found" });
+      return;
+    }
+    const run = await svc.runRoutine(routine.id, req.body);
+    const actor = getActorInfo(req);
+    await logActivity(db, {
+      companyId: routine.companyId,
+      actorType: actor.actorType,
+      actorId: actor.actorId,
+      agentId: actor.agentId,
+      runId: actor.runId,
+      action: "routine.run_triggered",
+      entityType: "routine_run",
+      entityId: run.id,
+      details: { routineId: routine.id, source: run.source, status: run.status },
+    });
+    res.status(202).json(run);
+  });
+
+  router.post("/routine-triggers/public/:publicId/fire", async (req, res) => {
+    const result = await svc.firePublicTrigger(req.params.publicId as string, {
+      authorizationHeader: req.header("authorization"),
+      signatureHeader: req.header("x-paperclip-signature"),
+      timestampHeader: req.header("x-paperclip-timestamp"),
+      idempotencyKey: req.header("idempotency-key"),
+      rawBody: (req as { rawBody?: Buffer }).rawBody ?? null,
+      payload: typeof req.body === "object" && req.body !== null ? req.body as Record<string, unknown> : null,
+    });
+    res.status(202).json(result);
+  });
+
+  return router;
+}