Scaffolds end-to-end testing with Playwright for the onboarding wizard.
Runs in skip_llm mode by default (UI-only, no LLM costs). Set
PAPERCLIP_E2E_SKIP_LLM=false for full heartbeat verification.
- tests/e2e/playwright.config.ts: Playwright config with webServer
- tests/e2e/onboarding.spec.ts: 4-step wizard flow test
- .github/workflows/e2e.yml: manual workflow_dispatch CI workflow
- package.json: test:e2e and test:e2e:headed scripts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All auth config literals in the CLI were missing the required
disableSignUp field after it was added to authConfigSchema.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify the PR-based flow: force push to update the branch if it
already exists, and only create a new PR when one doesn't exist yet.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use lockfile-bot name/email instead of github-actions[bot]
- Remove force push: close any stale PR and delete branch first,
then create a fresh branch and PR each time
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* public-gh/master:
fix: disable secure cookies for HTTP deployments
feat(adapters): add claude-sonnet-4-6 and claude-haiku-4-6 models
Add opencode-ai to global npm install in Dockerfile
fix: correct env var priority for authDisableSignUp
Add pi-local package.json to Dockerfile
feat: add auth.disableSignUp config option
refactor: extract roleLabels to shared constants
fix(secrets): add secretKeys tracking to resolveEnvBindings for consistent redaction
fix(db): reuse MIGRATIONS_FOLDER constant instead of recomputing
fix(server): wake agent when issue status changes from backlog
fix(server): use home-based path for run logs instead of cwd
fix(db): use fileURLToPath for Windows-safe migration paths
fix(server): auto-deduplicate agent names on creation instead of rejecting
feat(ui): show human-readable role labels in agent list and properties
fix(ui): prevent blank screen when prompt template is emptied
fix(server): redact secret-sourced env vars in run logs by provenance
fix(cli): split path and query in buildUrl to prevent %3F encoding
fix(scripts): use shell on Windows to fix spawn EINVAL in dev-runner
Replace peter-evans/create-pull-request with plain gh CLI commands to
avoid third-party supply chain risk. Uses only GitHub's own tooling
(GITHUB_TOKEN + gh CLI) to create the lockfile refresh PR.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The refresh-lockfile workflow was pushing directly to master, which fails
with branch protection rules. Convert to use peter-evans/create-pull-request
to create a PR instead. Exempt the bot's branch from the lockfile policy check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Agents run unattended and cannot respond to interactive permission
prompts from Claude Code. When dangerouslySkipPermissions is false
(the previous default), Claude Code blocks file operations with
"Claude requested permissions to write to /path, but you haven't
granted it yet" — making agents unable to edit files.
The OnboardingWizard already sets this to true for claude_local
agents (OnboardingWizard.tsx:277), but agents created or edited
outside the wizard inherit the default of false, breaking them.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Heartbeat runs recorded costs via direct SQL inserts into costEvents and
agents.spentMonthlyCents, bypassing costService.createEvent(). This skipped:
- companies.spentMonthlyCents update (company budget never incremented)
- Agent auto-pause when budget exceeded (enforcement gap)
Now calls costService(db).createEvent() which handles all three:
insert cost event, update agent spend, update company spend, and
auto-pause agent when budgetMonthlyCents is exceeded.
Fixes login failing silently on authenticated + private deployments
served over plain HTTP (e.g. Tailscale, LAN). Users can sign up and
sign in, but the session cookie is rejected by the browser so they
are immediately redirected back to the login page.
Better Auth defaults to __Secure- prefixed cookies with the Secure
flag when NODE_ENV=production. Browsers silently reject Secure cookies
on non-HTTPS origins. This detects when PAPERCLIP_PUBLIC_URL uses
http:// and sets useSecureCookies: false so session cookies work
without HTTPS.
Switch the production stage to the built-in node user from
node:lts-trixie-slim, fixing two runtime failures:
1. Claude CLI rejects --dangerously-skip-permissions when the
process UID is 0, making the claude-local adapter unusable.
2. The server crashed at startup (EACCES) because /paperclip was
root-owned and the process could not write logs or instance data.
Changes vs the naive fix:
- Use COPY --chown=node:node instead of a separate RUN chown -R,
avoiding a duplicate image layer that would double the size of
the /app tree in the final image.
- Consolidate mkdir /paperclip + chown into the same RUN layer as
the npm global install (already runs as root) to keep layer count
minimal.
- Add USER node before CMD so the process runs unprivileged.
The VOLUME declaration comes after chown so freshly-mounted
anonymous volumes inherit the correct node:node ownership.
Fixes#344
- Move status icon to left column on mobile across issues list, inbox, and dashboard
- Hide priority icon on mobile (only show on desktop)
- Move unread indicator dot to right side vertically centered on mobile inbox
- Stale work section: show status icon instead of clock on mobile
- Desktop layout unchanged
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The description text was being covered by the property chips bar when
typing long content on iOS with the virtual keyboard open.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Env var now properly overrides file config in both directions
- Follows established pattern for boolean config flags
- Removed redundant ?? false (field is typed boolean)
- PAPERCLIP_AUTH_DISABLE_SIGN_UP can now set to 'false' to
override file config's 'true'
Replace <button> with <span role="button"> for the unread dot to
eliminate browser UA button styles (min-height, padding) that caused
unread rows to be taller despite explicit h-4 constraint. Also
reduce dot from h-2.5/w-2.5 to h-2/w-2 for a more subtle indicator.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Removed the scroll-to-bottom button from IssuesList (wrong location)
and created a shared ScrollToBottom component. Added it to IssueDetail
and RunDetail pages. On mobile, the button sits above the bottom nav
to avoid overlap.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moves the unread dot from a separate left column into the metadata
line (alongside status/identifier), with an empty placeholder for
read items to keep spacing consistent. Reduces left padding on
mobile inbox rows to reclaim space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
