Document secret storage in DATABASE.md and DEVELOPING.md. Update
SPEC-implementation with company_secrets schema and indexes. Add
migrate-inline-env-secrets script for converting existing plain
env values to managed secrets (dry-run by default, --apply to commit).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace plain text env var editor with structured EnvVarEditor
supporting plain values and secret references with inline "Seal"
to convert a value to a managed secret. Add issue hide action via
popover menu on issue detail. Adapters now emit envBindings with
typed plain/secret_ref entries instead of raw KEY=VALUE strings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add secrets section to onboard, configure, and doctor commands. Doctor
validates local encrypted provider key file and can auto-repair missing
keys. Extract shared path resolution into path-resolver module used by
database and log checks. Show secrets env vars in `paperclip env`.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add AES-256-GCM local encrypted secrets provider with auto-generated
master key, stub providers for AWS/GCP/Vault, and a secrets service
that normalizes adapter configs (converting sensitive inline values to
secret refs in strict mode) and resolves secret refs back to plain
values at runtime. Extract redaction utilities from agent routes into
shared module. Redact sensitive values in activity logs, config
revisions, and approval payloads. Block rollback of revisions
containing redacted secrets. Filter hidden issues from list queries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduce company_secrets and company_secret_versions tables for
encrypted secret storage. Add EnvBinding discriminated union (plain vs
secret_ref) to replace raw string env values in adapter configs. Add
hiddenAt column to issues for soft-hiding. Improve migration system
with journal-ordered application and manual fallback when Drizzle
migrator can't reconcile history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch agents, issues, and approvals pages from query-param tabs to
URL-based routes (/agents/active, /issues/backlog, /approvals/pending).
Extract shared ActivityRow component used by both Dashboard and Activity
pages. Redesign agent detail overview with LatestRunCard showing live/
recent run status, move permissions toggle to Configuration tab, add
budget progress bar, and reorder tabs (Runs before Configuration).
Dashboard now counts idle agents as active and shows "Recent Tasks"
instead of "Stale Tasks". Remove unused MyIssues page and sidebar link.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive guide for building new Paperclip adapters covering the
module structure, registration points, session management, skills
injection patterns, security considerations, and testing conventions
derived from the claude-local and codex-local implementations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Codex adapter now auto-injects Paperclip skills into ~/.codex/skills,
pipes prompts via stdin instead of passing as CLI args, filters out noisy
rollout stderr warnings, and extracts error/turn.failed messages from
JSONL output. Also broadens stale session detection for rollout path
errors. Claude-local adapter gets the same template vars (agentId,
companyId, runId) that codex-local already had.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Show task sessions list in AgentDetail with per-session reset. Extract
ApprovalCard into standalone component from Approvals and Inbox pages,
reducing duplication. Add CompanySettings page with issuePrefix configuration.
Fix Sidebar active state for settings route. Display sessionDisplayId
in agent properties. Various cleanups to Approvals and Inbox pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Heartbeat service now resolves session state per-task using agentTaskSessions,
with resolveNextSessionState handling codec-based serialization and fallback
to legacy sessionId. Queued runs are chained — when a run finishes or is reaped,
the next queued run for the same agent starts automatically. Queued runs for
an agent with an already-running run wait instead of failing.
Add task-sessions list endpoint and extend reset-session to accept optional
taskKey for targeted session clearing. Block pending_approval agents from
API key auth. Update agent/company delete cascades to include task sessions.
Update spec docs with task-session architecture.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduce AdapterSessionCodec interface for structured session serialization,
deserialization, and display ID extraction. Implement codecs for claude_local
and codex_local adapters with cwd validation — sessions saved for a different
working directory are not resumed. Both adapters now return sessionParams and
sessionDisplayId alongside legacy sessionId.
Add isCodexUnknownSessionError detection and automatic retry with fresh session
for codex_local (matching existing claude_local behavior). Inject approval
context env vars (PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS,
PAPERCLIP_LINKED_ISSUE_IDS) into adapter environments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add agent_task_sessions table for per-task session state keyed by
(agent, adapter, taskKey). Add AgentTaskSession type, resetAgentSessionSchema
validator, and sessionDisplayId/sessionParamsJson to AgentRuntimeState.
Rework migration hash-resolution fallback ordering to prefer hash-based
matching over timestamp-based journal matching. Move backup-db.sh logic
into packages/db/src/backup.ts for programmatic use and simplify the shell
script to call the TypeScript implementation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add scripts/backup-db.sh for backing up the embedded PostgreSQL database
with support for custom (.dump) and plain SQL formats, auto-detection of
the configured port, and pruning of backups older than 30 days.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document remaining work for config revision UI, approval comment integration,
adapter reflection improvements, and end-to-end CEO hiring workflow testing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ApprovalDetail page with comment thread, revision request/resubmit flow,
and ApprovalPayload component for structured payload display. Extend AgentDetail
with permissions management, config revision history, and duplicate action.
Add agent hire dialog with permission-gated access. Rework Costs page with
per-agent breakdown table and period filtering. Add sidebar badge counts for
pending approvals and inbox items. Enhance Dashboard with live metrics and
sparkline trends. Extend Agents list with pending_approval status and bulk
actions. Update IssueDetail with approval linking. Various component improvements
to MetricCard, InlineEditor, CommentThread, and StatusBadge.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Export agentConfigurationDoc from all adapters for LLM reflection. Inject
PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS, and PAPERCLIP_LINKED_ISSUE_IDS
into local adapter environments. Update SKILL.md with approval handling procedure,
issue-approval linking, and config revision documentation. Add new
paperclip-create-agent skill for CEO-driven agent hiring workflows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Agent management: hire endpoint with permission gates and pending_approval status,
config revision tracking with rollback, agent duplicate route, permission CRUD.
Block pending_approval agents from auth, heartbeat, and assignments.
Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval
linking, auto-wake agents on approval decisions with context snapshot.
Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent
list endpoint.
Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt
reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS,
PAPERCLIP_LINKED_ISSUE_IDS into adapter environments.
Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company
settings extensions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add AgentConfigRevision, CostByAgent, SidebarBadges types. Add createAgentHireSchema
with source issue linking and linkIssueApprovalSchema. Extend approval validator with
issueIds. Update cost summary to generic period naming. Add sidebar badges API path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add agent_config_revisions table for tracking agent configuration changes with
rollback support. Add issue_approvals junction table linking issues to approvals.
New migrations (0005, 0006) for permissions column and new tables. Rework migration
client with statement-level idempotency checks (table/column/index/constraint
existence) so migrations can be safely retried against partially-migrated databases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add pending_approval agent status, permissions jsonb column, and AgentPermissions
type with canCreateAgents flag. Add approval_comments table and ApprovalComment
type. Extend approval statuses with revision_requested. Add validators for
permission updates, approval revision requests, resubmission, and approval
comments. Add requireBoardApprovalForNewAgents to company update schema.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document the design for enabling CEO agents to hire new agents with
board approval governance, including permission model, limbo status,
approval workflows with comments/revisions, adapter config reflection,
and a phased implementation plan.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Identity component (avatar + name) used across agent/issue displays. Add
LiveRunWidget for real-time streaming of active heartbeat runs on issue detail
pages via WebSocket. Display issue identifiers (PAP-42) instead of UUID
fragments throughout Issues, Inbox, CommandPalette, and detail pages.
Enhance CommentThread with re-open checkbox, Cmd+Enter submit, sorted display,
and run linking. Improve Activity page with richer formatting and filtering.
Update Dashboard with live metrics. Add reports-to agent link in AgentProperties.
Various small fixes: StatusIcon centering, CopyText ref init, agent detail
run-issue cross-links.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Inject PAPERCLIP_RUN_ID, PAPERCLIP_TASK_ID, and PAPERCLIP_WAKE_REASON into
local adapter environments so agents know their run context and wake trigger.
Update SKILL.md to document new env vars and require X-Paperclip-Run-Id header
on all mutating API requests for audit trail linkage.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace auto-migrate-if-empty with interactive migration flow that inspects
pending migrations and prompts before applying. Add pino-pretty for structured
console + file logging. Add reapOrphanedRuns to clean up stuck heartbeat runs
on startup and periodically. Track runId through auth middleware, activity logs,
and all mutation routes. Add issue-run cross-reference queries, live-run and
active-run endpoints for issues, issue identifier lookup, reopen-via-comment
flow, and done/cancelled -> todo status transitions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add issuePrefix/issueCounter to companies and issueNumber/identifier to issues
for human-readable issue IDs (e.g. PAP-42). Add runId to activity_log for
linking activity to heartbeat runs. Rework DB client to support migration
state inspection and interactive pending migration prompts at startup.
Add reopen option to issue comments validator.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolve relative paths in database and log checks against the config file
directory with fallback candidates. Make the AgentDetail tab bar sticky
with backdrop blur for better navigation on long pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add inline editing for goal title/description with mutation support. Enhance
GoalProperties with clickable status/level pickers and linked owner/parent
navigation. Improve InlineEditor with auto-sizing textarea for multiline mode.
Update AgentDetail to redact secrets in env display, render thinking/user
transcript entries, and pretty-print tool results.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add HS256 JWT-based authentication for local adapters (claude_local, codex_local)
so agents authenticate automatically without manual API key configuration. The
server mints short-lived JWTs per heartbeat run and injects them as PAPERCLIP_API_KEY.
The auth middleware verifies JWTs alongside existing static API keys.
Includes: CLI onboard/doctor JWT secret management, env command for deployment,
config path resolution from ancestor directories, dotenv loading on server startup,
event payload secret redaction, multi-status issue filtering, and adapter transcript
parsing for thinking/user message kinds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite the project goal from a single sentence to a full vision document
articulating Paperclip as infrastructure for autonomous AI companies at scale.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drop the unused contextMode field from the agent schema, shared types, validators,
and all UI references. Merge wakeOnOnDemand and wakeOnAutomation into a single
wakeOnDemand toggle. Default serveUi to true and remove the onboarding prompt for it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure AgentDetail page layout with cleaner tab organization
and run display. Add reusable CopyText component for copy-to-clipboard
functionality.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enhance claude-local server executor with better process management
and output handling. Improve stdout parser for UI transcript display.
Update adapter-utils types and server utilities.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify SKILL.md to focus on core agent behavior and remove redundant
detail. Add skills/paperclip/references/api-reference.md with full API
endpoint documentation. Add doc/plans/agent-authentication.md design
plan.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extract claude-local and codex-local adapter code from cli/server/ui
into packages/adapters/ and packages/adapter-utils/. CLI, server, and
UI now import shared adapter logic instead of duplicating it. Removes
~1100 lines of duplicated code across packages. Register new packages
in pnpm workspace.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Refactor monolithic heartbeat service, AgentConfigForm, and CLI
heartbeat-run into a proper adapter registry pattern. Each adapter
type (process, claude-local, codex-local, http) gets its own module
with server-side execution logic, CLI invocation, and UI config form.
Significantly reduces file sizes and enables adding new adapters
without touching core code.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enhance heartbeat service with better process adapter error recovery
and run state management. Expand heartbeat-run CLI with additional
output and diagnostics. Improve AgentDetail page run history and
status display.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add favicon and web manifest branding assets. Major AgentDetail page
rework with tabbed sections, run history, and live status. Add
PageTabBar component for consistent page-level tabs. Expand
AgentConfigForm with more adapter fields. Improve NewAgentDialog,
OnboardingWizard, and Issues page layouts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add richer process lifecycle management, output capture, and error
handling to the heartbeat service. Improve run event recording and
adapter state persistence.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rework config store with better file handling. Expand heartbeat-run
command with richer output and error reporting. Improve configure
and onboard commands. Update doctor checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch from PGlite (WebAssembly) to embedded-postgres for zero-config
local development — provides a real PostgreSQL server with full
compatibility. Add startup banner with config summary on server boot.
Improve server bootstrap with auto port detection, database creation,
and migration on startup. Update DATABASE.md, DEVELOPING.md, and
SPEC-implementation.md to reflect the change. Update CLI database
check and prompts. Simplify OnboardingWizard database options.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Major AgentConfigForm rework with improved adapter configuration
fields and layout. Refine sidebar, breadcrumbs, and card/tab
components for visual consistency. Clean up page layouts across
Activity, Agents, Approvals, Costs, Dashboard, Goals, Inbox,
Issues, Org, and Projects pages. Minor heartbeat-run CLI fix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ignore check-*.mjs, new-agent*.json, newcompany.json, and seed-*.mjs
files across repo root, server/, and packages/db/.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Provides design system conventions, component index, typography scale,
status/priority systems, composition patterns, and rules for maintaining
the /design-guide showcase page. References frontend-design and
web-design-guidelines skills.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rework heartbeat-run command with better error handling and output
formatting. Improve AgentConfigForm field layout. Add CSS for agent
run timeline. Enhance AgentDetail page with runtime status section.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ignore compiled JS/sourcemap/declaration files in server/src,
tmp-* scratch scripts, and cli/tmp/.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Expand AgentDetail with heartbeat history and manual trigger controls.
Enhance NewIssueDialog with richer field options. Add agent connection
string retrieval API. Improve issue routes with parent chain resolution.
Clean up Approvals page layout. Update query keys and validators.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add heartbeat-run command that triggers a single agent heartbeat from
the CLI. Register it in the CLI entrypoint alongside existing commands.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Define the Paperclip skill that teaches agents how to interact with
the control plane API. Covers heartbeat protocol, task management,
coordination rules, and governance compliance.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
