# v0.3.0 > Released: 2026-03-09 ## Highlights - **New adapters: Cursor, OpenCode, and Pi** — Paperclip now supports three additional local coding agents. Cursor and OpenCode integrate as first-class adapters with model discovery, run-log streaming, and skill injection. Pi adds a local RPC mode with cost tracking. All three appear in the onboarding wizard alongside Claude Code and Codex. - **OpenClaw gateway adapter** — A new gateway-only OpenClaw flow replaces the legacy adapter. It uses strict SSE streaming, supports device-key pairing, and handles invite-based onboarding with join-token validation. - **Inbox and unread semantics** — Issues now track per-user read state. Unread indicators appear in the inbox, dashboard, and browser tab (blue dot). The inbox badge includes join requests and approvals, and inbox ordering is alert-focused. - **PWA support** — The UI ships as an installable Progressive Web App with a service worker and enhanced manifest. The service worker uses a network-first strategy to prevent stale content. - **Agent creation wizard** — A new choice modal and full-page configuration flow make it easier to add agents. The sidebar AGENTS header now has a quick-add button. ## Improvements - **Mermaid diagrams in markdown** — Fenced `mermaid` blocks render as diagrams in issue comments and descriptions. - **Live run output** — Run detail pages stream output over WebSocket in real time, with coalesced deltas and deduplicated feed items. - **Copy comment as Markdown** — Each comment header has a one-click copy-as-markdown button. - **Retry failed runs** — Failed and timed-out runs now show a Retry button on the run detail page. - **Project status clickable** — The status chip in the project properties pane is now clickable for quick updates. - **Scroll-to-bottom button** — Issue detail and run pages show a floating scroll-to-bottom button when you scroll up. - **Database backup CLI** — `paperclipai db:backup` lets you snapshot the database on demand, with optional automatic scheduling. - **Disable sign-up** — A new `auth.disableSignUp` config option (and `AUTH_DISABLE_SIGNUP` env var) lets operators lock registration. - **Deduplicated shortnames** — Agent and project shortnames are now auto-deduplicated on create and update instead of rejecting duplicates. - **Human-readable role labels** — The agent list and properties pane show friendly role names. - **Assignee picker sorting** — Recent selections appear first, then alphabetical. - **Mobile layout polish** — Unified GitHub-style issue rows across issues, inbox, and dashboard. Improved popover scrolling, command palette centering, and property toggles on mobile. - **Invite UX improvements** — Invite links auto-copy to clipboard, snippet-only flow in settings, 10-minute invite TTL, and clearer network-host guidance. - **Permalink anchors on comments** — Each comment has a stable anchor link and a GET-by-ID API endpoint. - **Docker deployment hardening** — Authenticated deployment mode by default, named data volume, `PAPERCLIP_PUBLIC_URL` and `PAPERCLIP_ALLOWED_HOSTNAMES` exposed in compose files, health-check DB wait, and Node 24 base image. - **Updated model lists** — Added `claude-sonnet-4-6`, `claude-haiku-4-6`, and `gpt-5.4` to adapter model constants. - **Playwright e2e tests** — New end-to-end test suite covering the onboarding wizard flow. ## Fixes - **Secret redaction in run logs** — Env vars sourced from secrets are now redacted by provenance, with consistent `secretKeys` tracking. - **SPA catch-all 500s** — The server serves cached `index.html` in the catch-all route and uses `root` in `sendFile`, preventing 500 errors on dotfile paths and SPA refreshes. - **Unmatched API routes return 404 JSON** — Previously fell through to the SPA handler. - **Agent wake logic** — Agents wake when issues move out of backlog, skip self-wake on own comments, and skip wakeup for backlog-status changes. Pending-approval agents are excluded from heartbeat timers. - **Run log fd leak** — Fixed a file-descriptor leak in log append that caused `spawn EBADF` errors. - **500 error logging** — Error logs now include the actual error message and request context instead of generic pino-http output. - **Boolean env parsing** — `parseBooleanFromEnv` no longer silently treats common truthy values as false. - **Onboarding env defaults** — `onboard` now correctly derives secrets from env vars and reports ignored exposure settings in `local_trusted` mode. - **Windows path compatibility** — Migration paths use `fileURLToPath` for Windows-safe resolution. - **Secure cookies on HTTP** — Disabled secure cookie flag for plain HTTP deployments to prevent auth failures. - **URL encoding** — `buildUrl` splits path and query to prevent `%3F` encoding issues. - **Auth trusted origins** — Effective trusted origins and allowed hostnames are now applied correctly in public mode. - **UI stability** — Fixed blank screen when prompt templates are emptied, search URL sync causing re-renders, issue title overflow in inbox, and sidebar badge counts including approvals.