* public-gh/master:
Default Gemini adapter to yolo mode and add API access prompt note
fix: remove Cmd+1..9 company-switch shortcut
fix(ui): prevent IME composition Enter from moving focus in new issue title
fix(cli): add restart hint after allowed-hostname change
docs: remove obsolete TODO for CONTRIBUTING.md
fix: default dangerouslySkipPermissions to true for unattended agents
fix: route heartbeat cost recording through costService
Show issue creator in properties sidebar
Gemini CLI only registers run_shell_command in --approval-mode yolo.
Non-yolo modes don't expose it at all, making Paperclip API calls
impossible. Always pass --approval-mode yolo and remove the now-unused
policy engine code, approval mode config, and UI toggles.
Add a "Paperclip API access note" to the prompt with curl examples
via run_shell_command, since the universal SKILL.md is tool-agnostic.
Also extract structured question events from Gemini assistant messages
to support interactive approval flows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* 'master' of github.com-dotta:paperclipai/paperclip:
Tighten transcript label styling
Fix env-sensitive worktree and runtime config tests
Refine executed command row centering
Tighten live run transcript streaming and stdout
Center collapsed command group rows
Refine collapsed command failure styling
Tighten command transcript rows and dashboard card
Polish transcript event widgets
Refine transcript chrome and labels
fix: remove paperclip property from OpenClaw Gateway agent params
Add a run transcript UX fixture lab
Humanize run transcripts across run detail and live surfaces
fix(adapters/gemini-local): address PR review feedback
fix(adapters/gemini-local): inject skills into ~/.gemini/ instead of tmpdir
fix(adapters/gemini-local): downgrade missing API key to info level
feat(adapters/gemini-local): add auth detection, turn-limit handling, sandbox, and approval modes
fix(adapters/gemini-local): address PR review feedback for skills and formatting
feat(adapters): add Gemini CLI local adapter support
# Conflicts:
# cli/src/__tests__/worktree.test.ts
Ensure worktree init writes PAPERCLIP_AGENT_JWT_SECRET into the new .paperclip/.env when the source instance already has a usable secret loaded or configured. Also harden the affected integration tests against shell env leakage and full-suite timeout pressure.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The OpenClaw Gateway's agent method has strict parameter validation
that rejects unknown properties. The paperclip property was being
sent at the root level of agentParams, causing validation failures
with error: "invalid agent params: at root: unexpected property 'paperclip'"
The paperclip metadata is already included in the message field
via wakeText, so removing the separate paperclip property resolves
the validation error while preserving the necessary information.
Fixes#606
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* public-gh/master:
Rebind seeded project workspaces to the current worktree
Copy seeded secrets key into worktree instances
server: make approval retries idempotent (#499)
fix: address review feedback — stale error message and * wildcard
Update server/src/routes/assets.ts
feat: make attachment content types configurable via env var
fix: wire parentId query filter into issues list endpoint
Add PAPERCLIP_ALLOWED_ATTACHMENT_TYPES env var to configure allowed
MIME types for issue attachments and asset uploads. Supports exact
types (application/pdf) and wildcard patterns (image/*, text/*).
Falls back to the existing image-only defaults when the env var is
unset, preserving backward compatibility.
- Extract shared module `attachment-types.ts` with `isAllowedContentType()`
and `matchesContentType()` (pure, testable)
- Update `routes/issues.ts` and `routes/assets.ts` to use shared module
- Add unit tests for parsing and wildcard matching
Closes#487
The parentId parameter on GET /api/companies/:companyId/issues was
silently ignored — the filter was never extracted from the query string,
never passed to the service layer, and the IssueFilters type did not
include it. All other filters (status, assigneeAgentId, projectId, etc.)
worked correctly.
This caused subtask lookups to return every issue in the company instead
of only children of the specified parent.
Changes:
- Add parentId to IssueFilters interface
- Add eq(issues.parentId, filters.parentId) condition in list()
- Extract parentId from req.query in the route handler
Fixes: LAS-101
* public-gh/master:
fix: disable secure cookies for HTTP deployments
feat(adapters): add claude-sonnet-4-6 and claude-haiku-4-6 models
Add opencode-ai to global npm install in Dockerfile
fix: correct env var priority for authDisableSignUp
Add pi-local package.json to Dockerfile
feat: add auth.disableSignUp config option
refactor: extract roleLabels to shared constants
fix(secrets): add secretKeys tracking to resolveEnvBindings for consistent redaction
fix(db): reuse MIGRATIONS_FOLDER constant instead of recomputing
fix(server): wake agent when issue status changes from backlog
fix(server): use home-based path for run logs instead of cwd
fix(db): use fileURLToPath for Windows-safe migration paths
fix(server): auto-deduplicate agent names on creation instead of rejecting
feat(ui): show human-readable role labels in agent list and properties
fix(ui): prevent blank screen when prompt template is emptied
fix(server): redact secret-sourced env vars in run logs by provenance
fix(cli): split path and query in buildUrl to prevent %3F encoding
fix(scripts): use shell on Windows to fix spawn EINVAL in dev-runner
Heartbeat runs recorded costs via direct SQL inserts into costEvents and
agents.spentMonthlyCents, bypassing costService.createEvent(). This skipped:
- companies.spentMonthlyCents update (company budget never incremented)
- Agent auto-pause when budget exceeded (enforcement gap)
Now calls costService(db).createEvent() which handles all three:
insert cost event, update agent spend, update company spend, and
auto-pause agent when budgetMonthlyCents is exceeded.
Fixes login failing silently on authenticated + private deployments
served over plain HTTP (e.g. Tailscale, LAN). Users can sign up and
sign in, but the session cookie is rejected by the browser so they
are immediately redirected back to the login page.
Better Auth defaults to __Secure- prefixed cookies with the Secure
flag when NODE_ENV=production. Browsers silently reject Secure cookies
on non-HTTPS origins. This detects when PAPERCLIP_PUBLIC_URL uses
http:// and sets useSecureCookies: false so session cookies work
without HTTPS.
