paperclip-github-plugin 0.3.6 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -10
- package/dist/manifest.js +7 -4
- package/dist/ui/index.js +534 -32
- package/dist/ui/index.js.map +3 -3
- package/dist/worker.js +220 -65
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -19,6 +19,7 @@ With this plugin, you can:
|
|
|
19
19
|
- import open GitHub issues into Paperclip without adding title prefixes or duplicate issues
|
|
20
20
|
- keep descriptions, labels, and status aligned with GitHub over time
|
|
21
21
|
- configure mappings and import defaults per Paperclip company
|
|
22
|
+
- on authenticated Paperclip deployments, choose exactly which company agents should receive the saved GitHub token as `GITHUB_TOKEN`
|
|
22
23
|
- run sync manually or on a schedule
|
|
23
24
|
- triage open pull requests from mapped Paperclip projects in a hosted queue
|
|
24
25
|
- give Paperclip agents native GitHub tools for issues, pull requests, CI, review threads, and org-level projects
|
|
@@ -28,6 +29,7 @@ With this plugin, you can:
|
|
|
28
29
|
The plugin adds a full in-host workflow instead of a one-off import script:
|
|
29
30
|
|
|
30
31
|
- a hosted settings page for GitHub auth, repository mappings, company defaults, and sync controls
|
|
32
|
+
- setup controls for Paperclip board access and company-scoped agent token propagation on authenticated and `local_trusted` deployments
|
|
31
33
|
- a dashboard widget that shows readiness, sync status, and last-run results
|
|
32
34
|
- saved sync diagnostics that let operators inspect the latest per-issue failures, raw errors, and suggested next steps
|
|
33
35
|
- a project sidebar item that opens a live project-scoped Pull Requests page for the mapped repository and can show the open PR count through a lightweight badge read
|
|
@@ -37,7 +39,7 @@ The plugin adds a full in-host workflow instead of a one-off import script:
|
|
|
37
39
|
|
|
38
40
|
## How it works
|
|
39
41
|
|
|
40
|
-
1. Save a GitHub token in the plugin settings.
|
|
42
|
+
1. Save a GitHub token in the plugin settings for the current company.
|
|
41
43
|
2. Connect one or more GitHub repositories to Paperclip projects.
|
|
42
44
|
3. Run a sync manually or let the scheduled job keep things up to date.
|
|
43
45
|
|
|
@@ -51,7 +53,7 @@ Long-running syncs continue in the background, so quick actions do not have to w
|
|
|
51
53
|
|
|
52
54
|
### Company-aware configuration
|
|
53
55
|
|
|
54
|
-
GitHub tokens
|
|
56
|
+
GitHub tokens, repository mappings, advanced import defaults, and Paperclip board access are all managed per company, while sync cadence remains shared at the plugin instance level. When you open settings inside a specific company, you only edit that company's setup and defaults.
|
|
55
57
|
|
|
56
58
|
### Project binding that respects existing work
|
|
57
59
|
|
|
@@ -105,13 +107,15 @@ npx paperclipai plugin install --local "$PWD"
|
|
|
105
107
|
|
|
106
108
|
1. Open the plugin settings for **GitHub Sync** from inside the Paperclip company you want to configure.
|
|
107
109
|
2. Paste a GitHub token, validate it, and save it.
|
|
108
|
-
3. If the deployment
|
|
109
|
-
4.
|
|
110
|
-
5.
|
|
111
|
-
6.
|
|
112
|
-
7.
|
|
113
|
-
8.
|
|
114
|
-
9.
|
|
110
|
+
3. If the deployment is authenticated or `local_trusted`, the settings page shows Paperclip board access and GitHub token propagation controls so you can configure and test them locally.
|
|
111
|
+
4. If the deployment is authenticated, connect Paperclip board access from the same settings page and complete the approval flow before running sync.
|
|
112
|
+
5. If the deployment is authenticated or `local_trusted`, choose which agents in the current company should receive the saved GitHub token as `GITHUB_TOKEN`.
|
|
113
|
+
6. Add one or more repository mappings for the current company.
|
|
114
|
+
7. For each mapping, either choose an existing GitHub-linked Paperclip project or enter the project name that should receive synced issues.
|
|
115
|
+
8. Optionally configure company-wide defaults for imported issues, including the default assignee, the default Paperclip status, and ignored GitHub usernames. Bot aliases such as `renovate[bot]` are matched when you save `renovate`.
|
|
116
|
+
9. Choose the automatic sync interval in minutes.
|
|
117
|
+
10. Save the settings and run the first manual sync.
|
|
118
|
+
11. Repeat inside other companies if they need their own mappings, defaults, board access, or agent token propagation.
|
|
115
119
|
|
|
116
120
|
Repository input accepts either `owner/repo` or `https://github.com/owner/repo`.
|
|
117
121
|
When a token is saved, the settings page audits the mapped repositories for the permissions needed by pull request actions and warns when permissions are missing or GitHub cannot verify them yet.
|
|
@@ -150,8 +154,11 @@ Additional behavior:
|
|
|
150
154
|
|
|
151
155
|
The plugin is designed to avoid persisting raw credentials in plugin state.
|
|
152
156
|
|
|
153
|
-
- GitHub tokens saved through the UI are stored as Paperclip secret references.
|
|
157
|
+
- GitHub tokens saved through the UI are stored as per-company Paperclip secret references.
|
|
154
158
|
- Paperclip board access tokens are also stored as per-company secret references.
|
|
159
|
+
- The settings UI also keeps lightweight non-secret identity labels for those saved connections, so later visits can still show who that company’s GitHub token and board access are connected as.
|
|
160
|
+
- On authenticated and `local_trusted` deployments, any selected propagation agents receive `GITHUB_TOKEN` as an agent env secret-ref binding that points at the same saved GitHub token secret instead of a copied raw token.
|
|
161
|
+
- If an older save left the company token secret only in plugin state, the settings UI repairs the config mirror and retries selected-agent propagation from that same company secret.
|
|
155
162
|
- The worker resolves those secret references at runtime instead of storing raw tokens in plugin state.
|
|
156
163
|
- On authenticated Paperclip deployments, sync is blocked until the relevant company has connected Paperclip board access.
|
|
157
164
|
|
|
@@ -183,10 +190,13 @@ The plugin exposes GitHub workflow tools to Paperclip agents, including:
|
|
|
183
190
|
|
|
184
191
|
When an agent posts a GitHub comment or review-thread reply through the plugin, the message includes a footer disclosing that it was created by a Paperclip AI agent and which model was used.
|
|
185
192
|
|
|
193
|
+
Current host caveat: on authenticated Paperclip deployments, the Paperclip host currently guards `GET /api/plugins/tools` and `POST /api/plugins/tools/execute` with board authentication before dispatching to any plugin worker. If an agent run does not have board access for the target company, GitHub Sync tool discovery and execution fail with `403 {"error":"Board access required"}` before this plugin's worker code runs.
|
|
194
|
+
|
|
186
195
|
## Troubleshooting
|
|
187
196
|
|
|
188
197
|
- If setup is reported as incomplete, confirm that a GitHub token has been saved or that `${PAPERCLIP_HOME:-~/.paperclip}/plugins/github-sync/config.json` contains `githubToken`, and make sure at least one mapping has a created Paperclip project.
|
|
189
198
|
- If Paperclip says board access is required, open plugin settings inside the affected company and complete the Paperclip board access flow before retrying sync.
|
|
199
|
+
- If GitHub Sync agent tools fail with `403 {"error":"Board access required"}` on `/api/plugins/tools` or `/api/plugins/tools/execute`, the current Paperclip host rejected the request before the plugin worker ran. Re-run from a board-authenticated session or agent run that has board access to the target company.
|
|
190
200
|
- If the worker reaches an authenticated HTML page instead of the Paperclip API JSON responses it expects, connect Paperclip board access for that company or set `PAPERCLIP_API_URL` to a worker-accessible Paperclip API origin.
|
|
191
201
|
- If a sync run finishes with partial failures, open the saved troubleshooting panel in GitHub Sync to inspect the repository, issue number, raw error, and suggested fix for each recorded failure.
|
|
192
202
|
- If sync says the Paperclip API URL is not trusted, reopen the plugin from the current Paperclip host so the settings UI can refresh the saved origin, or set `PAPERCLIP_API_URL` for the worker.
|
package/dist/manifest.js
CHANGED
|
@@ -503,7 +503,7 @@ var require2 = createRequire(import.meta.url);
|
|
|
503
503
|
var packageJson = require2("../package.json");
|
|
504
504
|
var DASHBOARD_WIDGET_CAPABILITY = "ui.dashboardWidget.register";
|
|
505
505
|
var SCHEDULE_TICK_CRON = "* * * * *";
|
|
506
|
-
var MANIFEST_VERSION = "0.
|
|
506
|
+
var MANIFEST_VERSION = "0.4.1"?.trim() || typeof packageJson.version === "string" && packageJson.version.trim() || process.env.npm_package_version?.trim() || "0.0.0-dev";
|
|
507
507
|
var manifest = {
|
|
508
508
|
id: "paperclip-github-plugin",
|
|
509
509
|
apiVersion: 1,
|
|
@@ -537,9 +537,12 @@ var manifest = {
|
|
|
537
537
|
instanceConfigSchema: {
|
|
538
538
|
type: "object",
|
|
539
539
|
properties: {
|
|
540
|
-
|
|
541
|
-
type: "
|
|
542
|
-
title: "GitHub Token
|
|
540
|
+
githubTokenRefs: {
|
|
541
|
+
type: "object",
|
|
542
|
+
title: "GitHub Token Secrets",
|
|
543
|
+
additionalProperties: {
|
|
544
|
+
type: "string"
|
|
545
|
+
}
|
|
543
546
|
},
|
|
544
547
|
paperclipBoardApiTokenRefs: {
|
|
545
548
|
type: "object",
|