Switch the production stage to the built-in node user from
node:lts-trixie-slim, fixing two runtime failures:
1. Claude CLI rejects --dangerously-skip-permissions when the
process UID is 0, making the claude-local adapter unusable.
2. The server crashed at startup (EACCES) because /paperclip was
root-owned and the process could not write logs or instance data.
Changes vs the naive fix:
- Use COPY --chown=node:node instead of a separate RUN chown -R,
avoiding a duplicate image layer that would double the size of
the /app tree in the final image.
- Consolidate mkdir /paperclip + chown into the same RUN layer as
the npm global install (already runs as root) to keep layer count
minimal.
- Add USER node before CMD so the process runs unprivileged.
The VOLUME declaration comes after chown so freshly-mounted
anonymous volumes inherit the correct node:node ownership.
Fixes#344
- Move status icon to left column on mobile across issues list, inbox, and dashboard
- Hide priority icon on mobile (only show on desktop)
- Move unread indicator dot to right side vertically centered on mobile inbox
- Stale work section: show status icon instead of clock on mobile
- Desktop layout unchanged
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The description text was being covered by the property chips bar when
typing long content on iOS with the virtual keyboard open.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Env var now properly overrides file config in both directions
- Follows established pattern for boolean config flags
- Removed redundant ?? false (field is typed boolean)
- PAPERCLIP_AUTH_DISABLE_SIGN_UP can now set to 'false' to
override file config's 'true'
Replace <button> with <span role="button"> for the unread dot to
eliminate browser UA button styles (min-height, padding) that caused
unread rows to be taller despite explicit h-4 constraint. Also
reduce dot from h-2.5/w-2.5 to h-2/w-2 for a more subtle indicator.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Removed the scroll-to-bottom button from IssuesList (wrong location)
and created a shared ScrollToBottom component. Added it to IssueDetail
and RunDetail pages. On mobile, the button sits above the bottom nav
to avoid overlap.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moves the unread dot from a separate left column into the metadata
line (alongside status/identifier), with an empty placeholder for
read items to keep spacing consistent. Reduces left padding on
mobile inbox rows to reclaim space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add PriorityIcon and timeAgo to IssuesList mobile rows to match the
pattern used in Inbox and Dashboard. Align Dashboard row padding to
match Inbox. All mobile issue rows now show: title (2-line clamp),
then priority + status + identifier + relative time.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On mobile, all issue rows now show title first (up to 2 lines),
with metadata (icons, identifier, timestamp) on a second line below.
Desktop layout is preserved as single-line rows.
Affected locations: Inbox recent issues, Inbox stale work,
Dashboard recent tasks, and IssuesList.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Give unread dot container fixed h-5 so rows are consistent height
regardless of badge presence
- Use flex-wrap on mobile so title gets its own line with line-clamp-2
- On sm+ screens, keep single-line truncated layout
- Move timestamp to ml-auto with sm:order-last for clean wrapping
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add min-w-0 and overflow-hidden to the stale work row flex containers
so the title truncates properly on narrow screens. Add shrink-0 to
identifier and assignee spans to prevent them from being compressed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added disableSignUp to authConfigSchema in config-schema.ts
- Added authDisableSignUp to Config interface
- Added parsing from PAPERCLIP_AUTH_DISABLE_SIGN_UP env or config file
- Passed to better-auth emailAndPassword.disableSignUp
When true, blocks new user registrations on public instances.
Defaults to false (backward compatible).
Fixes#241
Move duplicated roleLabels map from AgentProperties.tsx, Agents.tsx,
OrgChart.tsx, and agent-config-primitives.tsx into AGENT_ROLE_LABELS
in packages/shared/src/constants.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
resolveEnvBindings now returns { env, secretKeys } matching the pattern
already used by resolveAdapterConfigForRuntime, so any caller can redact
secret-sourced values by provenance rather than key-name heuristics alone.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The local migrationsFolder variable in migratePostgresIfEmpty duplicated
the module-level MIGRATIONS_FOLDER constant. Reuse the constant to keep
a single source of truth for the migration path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* public-gh/master:
Revert lockfile changes from OpenClaw gateway cleanup
Enhance plugin architecture by introducing agent tool contributions and plugin-to-plugin communication. Update workspace plugin definitions for direct OS access and refine UI extension surfaces. Document new capabilities for plugin settings UI and lifecycle management.
Remove legacy OpenClaw adapter and keep gateway-only flow
Fix CI typecheck and default OpenClaw sessions to issue scope
fix(server): serve cached index.html in SPA catch-all to prevent 500
Add CEO OpenClaw invite endpoint and update onboarding UX
openclaw gateway: auto-approve first pairing and retry
openclaw gateway: persist device keys on create/update and clarify pairing flow
plugin spec draft ideas v0
openclaw gateway: persist device keys and smoke pairing flow
openclaw-gateway: document and surface pairing-mode requirements
fix(smoke): disambiguate case C ack comment target
fix(openclaw-gateway): enforce join token validation and add smoke preflight gates
fix(openclaw): make invite snippet/onboarding gateway-first
res.sendFile can emit NotFoundError from the send module in certain
path resolution scenarios, causing 500s on company-scoped SPA routes.
Cache index.html at startup and serve it directly, which is both
more reliable and faster.
Fixes#233
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, agents were only woken when the assignee changed. Now
also wakes the assigned agent when an issue transitions out of
backlog status (e.g. backlog -> todo).
Fixes#167
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Run logs defaulted to process.cwd()/data/run-logs, placing logs in
unexpected locations when launched from non-home directories. Now
defaults to ~/.paperclip/instances/<id>/data/run-logs/.
Fixes#89
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
URL.pathname returns /C:/... on Windows, causing doubled drive letters
when Node prepends the current drive. fileURLToPath handles this
correctly across platforms.
Fixes#132
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace assertCompanyShortnameAvailable with deduplicateAgentName in
the create path so duplicate names get auto-suffixed (e.g. Engineer 2)
instead of throwing a conflict error.
Fixes#232
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use roleLabels lookup in list view subtitle and AgentProperties
panel instead of raw role strings.
Fixes#180
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Change onChange handler from v || undefined to v ?? "" so empty
strings don't become undefined and crash downstream .trim() calls.
Fixes#191
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
resolveAdapterConfigForRuntime now returns a secretKeys set tracking
which env vars came from secret_ref bindings. The onAdapterMeta
callback uses this to redact them regardless of key name.
Fixes#234
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
