chore: promote dev to master — CLI agent management & permission bootstrap

[namastex888]

Summary

Promotes dev to master after merging PR #22: CLI-first agent management & permission bootstrap.

Included changes:

• paperclipai agent create — create agents from CLI
• paperclipai agent import <path> — import from local folder
• paperclipai agent local-cli --create — create-if-missing flow
• paperclipai member list / member set-role — permission management
• paperclipai auth login Origin header fix
• paperclipai auth bootstrap-ceo --claim — CLI bootstrap claim
• auth create-key membership warning
• SKILL.md + api-reference.md documentation updates

Source PR

• feat: CLI-first agent management & permission bootstrap #22 (merged to dev)

Test plan

• paperclipai agent create --name test --role engineer -C <cid> works
• paperclipai agent import <folder> -C <cid> works
• paperclipai member list -C <cid> shows members
• paperclipai auth login works in authenticated mode
• Existing CLI commands unchanged (no regressions)
• SKILL.md contains PAT Auth, Bootstrap Flow, CLI Quick Reference sections

Summary by CodeRabbit

Release Notes

• New Features

  • Added member management commands to list company members and assign roles with permission presets.
  • Introduced bootstrap invite claiming functionality for new user onboarding.
  • Enhanced agent creation with interactive setup, dry-run, and folder-based configuration import.
  • Added membership warnings during key creation for visibility into account status.

• Documentation

  • New Bootstrap Flow guide for initial CLI setup and session establishment.
  • Added CLI Quick Reference table with command examples for common operations.
  • API reference now includes CLI equivalent commands for key endpoints.

[greptile-apps]

namastex888 has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR introduces origin header validation in HTTP requests, adds a new bootstrap invite claiming command, expands agent creation and import workflows with frontmatter parsing, introduces member management commands, and enriches documentation with governance-aware CLI guidance and command references. Changes span HTTP client middleware, multiple new CLI command modules, and authentication enhancements.

Changes

Cohort / File(s)	Summary
HTTP Client Origin Header cli/src/client/http.ts, cli/src/__tests__/http.test.ts	Adds Origin header (set to apiBase) to POST and rawPost requests in HTTP client, with comprehensive test coverage for header formatting and trailing slash handling.
Bootstrap Invite Claiming cli/src/commands/auth-bootstrap-ceo.ts	New exported function claimBootstrapInvite() that validates claim tokens, resolves context/profile, authenticates, and posts to /api/invites/{token}/accept endpoint with human requestType, including error handling and JSON output support.
Agent Creation & Import Enhancement cli/src/commands/client/agent.ts	Adds frontmatter parsing, folder-based agent configuration reading, and hire API payload building; introduces AgentCreateOptions, AgentImportOptions, and AgentHireResponse interfaces; extends AgentLocalCliOptions with create, role, model, cwd fields; supports dry-run, interactive creation, and auto-create-if-missing workflows.
Auth Command Improvements cli/src/commands/client/auth.ts	Adds best-effort membership checks when creating API keys; includes membershipWarning in JSON output and logs warning messages when user has company but no membership.
Member Management Commands cli/src/commands/client/member.ts	New command module with list and set-role subcommands; includes ROLE_PRESETS mapping (owner, admin, contributor, viewer to permissions), MemberListOptions, MemberSetRoleOptions, and CompanyMember types; supports JSON output and permission patching via API.
CLI Integration & Routing cli/src/index.ts	Registers new claimBootstrapInvite and registerMemberCommands functions; enhances bootstrap-ceo command with --claim flag and conditional routing between bootstrap creation and claim flows; adds new CLI options for claim path (claim, api-key, api-base, context, profile, json).
Documentation & Guidance skills/paperclip/SKILL.md, skills/paperclip/references/api-reference.md	Expands documentation with PAT-based authentication guidance, new Bootstrap Flow section, CLI Quick Reference table with command examples, governance-aware hiring workflows, and CLI equivalent columns across API reference tables.

Sequence Diagram(s)

sequenceDiagram
    participant User as User (CLI)
    participant Validate as Token Validator
    participant Context as Context Resolver
    participant Auth as Auth Checker
    participant Client as HTTP Client
    participant API as Backend API

    User->>Validate: claimBootstrapInvite(claim token)
    Validate->>Validate: Validate token format
    alt Token Invalid
        Validate->>User: Exit with error
    end
    
    Validate->>Context: Resolve context/profile
    Context->>Context: Load apiBase, apiKey
    Context->>Auth: Check authentication
    
    alt No Auth Available
        Auth->>User: Exit - auth required
    end
    
    Auth->>Client: Instantiate PaperclipApiClient
    Client->>API: POST /api/invites/{token}/accept<br/>(requestType: human)
    API->>Client: Return userId, status
    
    alt json flag set
        Client->>User: Output JSON response
    else
        Client->>User: Print success message<br/>+ userId + verification hint
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• #19: Directly related through modifications to cli/src/client/http.ts—both PRs affect HTTP client auth flows and request middleware, with this PR adding Origin header validation and the referenced PR handling core auth client/request patterns.

Poem

🐰 A rabbit's quest through headers new,
Bootstrap tokens, memberships too,
Agents that parse, commands that claim,
The origin knows from whence they came! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 9.09% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the primary changes: CLI agent management features and permission/bootstrap-related functionality, though slightly generic with 'chore' classification.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the CLI's capabilities, shifting towards a CLI-first approach for managing agents and company permissions. It introduces commands for creating and importing agents, streamlines the local agent setup, and provides robust tools for member role assignment. Additionally, it refines the initial instance bootstrap process and enhances API key creation with clearer permission feedback, making the CLI a more powerful and self-sufficient tool for system administration.

Highlights

• Enhanced CLI Agent Management: Introduced new CLI commands for creating agents (paperclipai agent create) and importing agents from local folders (paperclipai agent import ).
• Improved local-cli Workflow: The paperclipai agent local-cli command now supports a --create option to automatically create an agent if it doesn't exist, streamlining the setup process.
• Comprehensive Permission Management: Added CLI commands (paperclipai member list and paperclipai member set-role) for listing company members and managing their roles and permissions.
• CLI Bootstrap Claim: Enabled claiming bootstrap invite tokens directly from the CLI using paperclipai auth bootstrap-ceo --claim, facilitating a CLI-first instance setup.
• Origin Header Fix for auth login: Implemented a fix to ensure the Origin header correctly matches apiBase on POST requests, particularly for paperclipai auth login.
• API Key Membership Warning: The paperclipai auth create-key command now provides a warning if the user creating a PAT has no company membership, clarifying potential permission limitations.
• Documentation Updates: Updated SKILL.md and api-reference.md to reflect the new CLI commands, PAT authentication, and bootstrap flow.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully promotes the dev branch to master, incorporating significant new CLI functionalities for agent management and permission bootstrapping. The changes introduce paperclipai agent create, paperclipai agent import, and enhancements to paperclipai agent local-cli, alongside new paperclipai member list and member set-role commands. The auth bootstrap-ceo command is also extended to allow claiming invites directly from the CLI. Additionally, the PaperclipApiClient now correctly sends the Origin header, and the documentation (SKILL.md and api-reference.md) has been updated to reflect these new features. Overall, the new commands provide a more comprehensive CLI-first experience for managing agents and permissions. My primary feedback is a high-severity correctness issue regarding the adapterType when creating agents via local-cli --create.

[gemini-code-assist]

The agent local-cli --create command currently hardcodes the adapterType to "process" when creating a new agent. This is inconsistent with the agent create command, which allows specifying the adapter type. If a user provides --model without explicitly setting --adapter-type, the agent might be created with an adapterType that doesn't correctly utilize the provided model (e.g., a process adapter typically doesn't handle LLM models directly). To ensure consistency and correct agent configuration, the --adapter-type option should be available for local-cli --create.

Suggested change

	.option("--model <model>", "Adapter model when creating (e.g. opus, sonnet)")
	.option("--cwd <path>", "Adapter working directory when creating")
	.option("--adapter-type <type>", "Adapter type when creating (claude_local, codex_local, process, etc.)", "process")
	.option("--model <model>", "Adapter model when creating (e.g. opus, sonnet)")

[gemini-code-assist]

Following the previous comment, the adapterType should be derived from the provided options, defaulting to "process" if not specified, to align with the agent create command's behavior and allow for more flexible agent creation.

Suggested change

	adapterType: "process",
	adapterType: opts.adapterType ?? "process",

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: df76fddbe9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Resolve local-cli agent refs before auto-creating

This local-cli lookup treats any 404 from GET /api/agents/:id as “missing” and immediately enters the create-if-missing path, but the server endpoint resolves by exact agents.id (not url-key/shortname). As a result, passing a documented shortname/url-key will always 404, and the command will prompt to create (or auto-create with --create) even when the agent already exists, leading to spurious hire attempts and shortname-collision failures.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Support email identifiers in member set-role

Role assignment only matches identifier against membership id and principalId; it never resolves human emails. In this same change set, user-facing docs/examples direct operators to run paperclipai member set-role <email> ..., so following the documented flow sends the raw email as memberId and results in Member not found. This breaks the advertised bootstrap/permission workflow unless users already know internal UUIDs.

Useful? React with 👍 / 👎.