Agents run unattended and cannot respond to interactive permission
prompts from Claude Code. When dangerouslySkipPermissions is false
(the previous default), Claude Code blocks file operations with
"Claude requested permissions to write to /path, but you haven't
granted it yet" — making agents unable to edit files.
The OnboardingWizard already sets this to true for claude_local
agents (OnboardingWizard.tsx:277), but agents created or edited
outside the wizard inherit the default of false, breaking them.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes login failing silently on authenticated + private deployments
served over plain HTTP (e.g. Tailscale, LAN). Users can sign up and
sign in, but the session cookie is rejected by the browser so they
are immediately redirected back to the login page.
Better Auth defaults to __Secure- prefixed cookies with the Secure
flag when NODE_ENV=production. Browsers silently reject Secure cookies
on non-HTTPS origins. This detects when PAPERCLIP_PUBLIC_URL uses
http:// and sets useSecureCookies: false so session cookies work
without HTTPS.
- Env var now properly overrides file config in both directions
- Follows established pattern for boolean config flags
- Removed redundant ?? false (field is typed boolean)
- PAPERCLIP_AUTH_DISABLE_SIGN_UP can now set to 'false' to
override file config's 'true'
- Added disableSignUp to authConfigSchema in config-schema.ts
- Added authDisableSignUp to Config interface
- Added parsing from PAPERCLIP_AUTH_DISABLE_SIGN_UP env or config file
- Passed to better-auth emailAndPassword.disableSignUp
When true, blocks new user registrations on public instances.
Defaults to false (backward compatible).
Fixes#241
Move duplicated roleLabels map from AgentProperties.tsx, Agents.tsx,
OrgChart.tsx, and agent-config-primitives.tsx into AGENT_ROLE_LABELS
in packages/shared/src/constants.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
resolveEnvBindings now returns { env, secretKeys } matching the pattern
already used by resolveAdapterConfigForRuntime, so any caller can redact
secret-sourced values by provenance rather than key-name heuristics alone.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The local migrationsFolder variable in migratePostgresIfEmpty duplicated
the module-level MIGRATIONS_FOLDER constant. Reuse the constant to keep
a single source of truth for the migration path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
res.sendFile can emit NotFoundError from the send module in certain
path resolution scenarios, causing 500s on company-scoped SPA routes.
Cache index.html at startup and serve it directly, which is both
more reliable and faster.
Fixes#233
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, agents were only woken when the assignee changed. Now
also wakes the assigned agent when an issue transitions out of
backlog status (e.g. backlog -> todo).
Fixes#167
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Run logs defaulted to process.cwd()/data/run-logs, placing logs in
unexpected locations when launched from non-home directories. Now
defaults to ~/.paperclip/instances/<id>/data/run-logs/.
Fixes#89
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
URL.pathname returns /C:/... on Windows, causing doubled drive letters
when Node prepends the current drive. fileURLToPath handles this
correctly across platforms.
Fixes#132
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace assertCompanyShortnameAvailable with deduplicateAgentName in
the create path so duplicate names get auto-suffixed (e.g. Engineer 2)
instead of throwing a conflict error.
Fixes#232
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use roleLabels lookup in list view subtitle and AgentProperties
panel instead of raw role strings.
Fixes#180
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Change onChange handler from v || undefined to v ?? "" so empty
strings don't become undefined and crash downstream .trim() calls.
Fixes#191
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
resolveAdapterConfigForRuntime now returns a secretKeys set tracking
which env vars came from secret_ref bindings. The onAdapterMeta
callback uses this to redact them regardless of key name.
Fixes#234
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The URL constructor's pathname setter encodes ? as %3F, breaking
heartbeat event polling. Split query params before assignment.
Fixes#204
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
