Resolve conflicts by keeping the issue-documents work alongside upstream heartbeat-context, worktree branding, and adapter runtime updates.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add PAPERCLIP_ALLOWED_ATTACHMENT_TYPES env var to configure allowed
MIME types for issue attachments and asset uploads. Supports exact
types (application/pdf) and wildcard patterns (image/*, text/*).
Falls back to the existing image-only defaults when the env var is
unset, preserving backward compatibility.
- Extract shared module `attachment-types.ts` with `isAllowedContentType()`
and `matchesContentType()` (pure, testable)
- Update `routes/issues.ts` and `routes/assets.ts` to use shared module
- Add unit tests for parsing and wildcard matching
Closes#487
The parentId parameter on GET /api/companies/:companyId/issues was
silently ignored — the filter was never extracted from the query string,
never passed to the service layer, and the IssueFilters type did not
include it. All other filters (status, assigneeAgentId, projectId, etc.)
worked correctly.
This caused subtask lookups to return every issue in the company instead
of only children of the specified parent.
Changes:
- Add parentId to IssueFilters interface
- Add eq(issues.parentId, filters.parentId) condition in list()
- Extract parentId from req.query in the route handler
Fixes: LAS-101
Previously, agents were only woken when the assignee changed. Now
also wakes the assigned agent when an issue transitions out of
backlog status (e.g. backlog -> todo).
Fixes#167
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
resolveAdapterConfigForRuntime now returns a secretKeys set tracking
which env vars came from secret_ref bindings. The onAdapterMeta
callback uses this to redact them regardless of key name.
Fixes#234
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 400 response for /issues without companyId, tag issue.updated
activity with source:comment when triggered by a comment, and mark
comment activities with updated:true when field changes accompany them.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a company has "require board approval for new agents" enabled,
hiring an agent creates a pending approval that requires the user
(as a board member) to approve before the agent can start working.
However, the sidebar inbox badge did not include pending approvals
in its count, so there was no visual indicator that action was needed.
Users had no way of knowing an approval was waiting unless they
happened to open the Inbox page manually.
The root cause: the sidebar-badges service correctly included
approvals in the inbox total, but the route handler overwrites
badges.inbox to add alertsCount and staleIssueCount — and in
doing so dropped badges.approvals from the sum.
Add badges.approvals to the inbox count recalculation so that
pending and revision-requested approvals surface in the sidebar
notification badge alongside failed runs, alerts, stale work,
and join requests.
Affected files:
- server/src/routes/sidebar-badges.ts
Accept x-openclaw-token as the preferred auth header for OpenClaw
invite/join flows, falling back to x-openclaw-auth for backwards
compatibility. Update diagnostics messages accordingly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Agents were being woken immediately when an issue was created or
reassigned with status "backlog", defeating the purpose of backlog
as "not ready to work on yet" (issue #96).
Added `&& issue.status !== "backlog"` guard to both the CREATE and
PATCH wakeup paths, mirroring the existing done/cancelled suppression
pattern already present in the file.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add skill URL note to onboarding text document and strengthen callback
reachability test language in company settings invite snippet.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When approving an agent join request with a shortname already in use,
append a numeric suffix (e.g. "openclaw-2") instead of returning an error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
