After onboarding, the wizard navigated to the newly created issue
(e.g. /JAR/issues/JAR-1). useCompanyPageMemory then saved this path,
causing every subsequent company switch to land on that stale issue
instead of the dashboard.
Remove the issue-specific navigation branch so handleLaunch always
falls through to the dashboard route.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Scaffolds end-to-end testing with Playwright for the onboarding wizard.
Runs in skip_llm mode by default (UI-only, no LLM costs). Set
PAPERCLIP_E2E_SKIP_LLM=false for full heartbeat verification.
- tests/e2e/playwright.config.ts: Playwright config with webServer
- tests/e2e/onboarding.spec.ts: 4-step wizard flow test
- .github/workflows/e2e.yml: manual workflow_dispatch CI workflow
- package.json: test:e2e and test:e2e:headed scripts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All auth config literals in the CLI were missing the required
disableSignUp field after it was added to authConfigSchema.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify the PR-based flow: force push to update the branch if it
already exists, and only create a new PR when one doesn't exist yet.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use lockfile-bot name/email instead of github-actions[bot]
- Remove force push: close any stale PR and delete branch first,
then create a fresh branch and PR each time
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* public-gh/master:
fix: disable secure cookies for HTTP deployments
feat(adapters): add claude-sonnet-4-6 and claude-haiku-4-6 models
Add opencode-ai to global npm install in Dockerfile
fix: correct env var priority for authDisableSignUp
Add pi-local package.json to Dockerfile
feat: add auth.disableSignUp config option
refactor: extract roleLabels to shared constants
fix(secrets): add secretKeys tracking to resolveEnvBindings for consistent redaction
fix(db): reuse MIGRATIONS_FOLDER constant instead of recomputing
fix(server): wake agent when issue status changes from backlog
fix(server): use home-based path for run logs instead of cwd
fix(db): use fileURLToPath for Windows-safe migration paths
fix(server): auto-deduplicate agent names on creation instead of rejecting
feat(ui): show human-readable role labels in agent list and properties
fix(ui): prevent blank screen when prompt template is emptied
fix(server): redact secret-sourced env vars in run logs by provenance
fix(cli): split path and query in buildUrl to prevent %3F encoding
fix(scripts): use shell on Windows to fix spawn EINVAL in dev-runner
Replace peter-evans/create-pull-request with plain gh CLI commands to
avoid third-party supply chain risk. Uses only GitHub's own tooling
(GITHUB_TOKEN + gh CLI) to create the lockfile refresh PR.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The refresh-lockfile workflow was pushing directly to master, which fails
with branch protection rules. Convert to use peter-evans/create-pull-request
to create a PR instead. Exempt the bot's branch from the lockfile policy check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
