🌱 repo-gardener activity report

🌱 gardener:verdict: ALIGNED · severity: low · commit: 4e394218

Aligned with context tree. 1-line Dockerfile checksum update restores the supply-chain-verification build step after GitHub's signing-key rotation. Matches the [infrastructure/](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/NODE.md) node's Dockerfile base-image and apt-keyring concerns. No product/context conflict. (Note: #3212 appears to be a duplicate of this fix — maintainer picks one.)

_{Reviewed commit: <code>4e394218</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 8bb8e944

Aligned with context tree. 1-line Dockerfile checksum update for the rotated GitHub CLI keyring (root cause is cli/cli#13118). Matches the [infrastructure/](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/NODE.md) node's Dockerfile and supply-chain-verification concerns. No product/context conflict. (Note: #3234 is a near-identical duplicate posting the same checksum — maintainer picks one.)

_{Reviewed commit: <code>8bb8e944</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 5395100

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Hardens the OpenClaw gateway adapter so that agentParams.paperclip is always stripped before sending the gateway agent request, and moves wake context entirely into the message field. Removes the buildStandardPaperclipPayload function and the dead paperclipPayload root-level path. Updates tests to assert wake data is present in the message rather than in the now-removed paperclip root field. Adds a regression test that exercises the legacy payloadTemplate.paperclip strip path. Aligns with adapter architecture and docs-as-contract principles.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Adapter protocol boundary | Strip the paperclip root field that OpenClaw strictly rejects; wake context moves to message text | [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md): "Adapters do NOT define the transcript schema. They parse agent output INTO the shared TranscriptEntry types." Adapters should conform to what external gateways accept, not push internal structs outbound. | ✅ Aligned |
| Gateway adapter pattern | OpenClaw WS protocol requires strict param validation; removing an unknown root field is the correct fix | [adapters/openclaw-gateway/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/openclaw-gateway/NODE.md): "Transport: WebSocket only. Follows a structured protocol: challenge, connect, agent request, wait, event streaming." | ✅ Aligned |
| Surface problems, don't hide them | Rather than silently passing the paperclip field and hoping OpenClaw ignores it, the fix deletes the field unconditionally so failures surface at the message-contract level | Tree principle: "Surface problems, don't hide them. No silent auto-recovery." | ✅ Aligned |
| Docs sync | README updated to reflect actual outbound contract — wake context in message, no paperclip root field | Tree principle: docs should reflect actual contract, not intended-but-broken state. | ✅ Aligned |
| Regression test coverage | New test pins the strip behavior against persisted payloadTemplate.paperclip fixtures | The previous gardener recommendation was to add exactly this test. PR delivers it. | ✅ Aligned |
| Test update accuracy | heartbeat-comment-wake-batching.test.ts and openclaw-gateway-adapter.test.ts updated to match message-embedded wake data | Accurate test alignment — old assertions checked a field that now doesn't exist; new assertions check the same data in its correct location. | ✅ Aligned |
| Control plane, not execution plane | Removing the paperclipPayload that forwarded internal Paperclip IDs into the gateway request reinforces that Paperclip orchestrates; it doesn't serialize internal state into adapters | [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md): "Control plane, not execution plane. Paperclip never runs agent code directly." | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — adapter architecture, local vs gateway pattern, transcript schema ownership
- [adapters/openclaw-gateway/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/openclaw-gateway/NODE.md) — OpenClaw WS gateway adapter, protocol constraints
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — control plane identity, not execution plane

</details>

### Recommendation

Looks good to merge once code review clears. The previous recommendation to add a regression test for persisted payloadTemplate.paperclip fixtures has been addressed in this version. No new context concerns.

---

_{Reviewed commit: <code>5395100</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 12af7bea

Aligned with context tree. Small mapping fix restoring cronExpression + timezone in the routine list response (query already fetched them, explicit object-construction dropped them). Closes #3169. Matches the [engineering/backend/](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) route/service split and plugin job scheduler patterns. Shared-type update in @paperclipai/shared is the right place per the [engineering/shared/](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/shared/NODE.md) node. No product/context conflict.

_{Reviewed commit: <code>12af7bea</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 4d6a729

Aligned with context tree. No concerns.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 796d5795

Aligned with context tree. Skips the post-run summary comment when the agent already posted its own comment during the run, eliminating duplicate comment spam on issues. Matches [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) principle 3 ("tasks are the communication channel") by keeping the comment stream clean, and [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) route/service split (logic in heartbeat.ts service, not route). Reuses the existing findRunIssueComment helper so no new query surface. No product/context conflict.

_{Reviewed commit: <code>796d5795</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: cf0cfc34

Aligned with context tree. Small frontend state-sync fix that resyncs bundleDraft when the bundle refetches, replacing an unconditional guard with a dirty-check. Fixes #2068 (stale rootPath breaking file-content display). Purely frontend behavior in AgentDetail.tsx — matches [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md). No product/context conflict.

_{Reviewed commit: <code>cf0cfc34</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 4a8c8bae

Aligned with context tree. 2-line fix: adds includeRoutineExecutions: true to the inbox-lite query so agents actually see routine-execution issues they've been assigned. Closes #3090. Routine execution is part of the task system per [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) and the inbox is how agents discover work — this restores the intended visibility. Matches [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) route/service split. No product/context conflict.

_{Reviewed commit: <code>4a8c8bae</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: e4ec83d

Aligned with context tree. No concerns.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: ea5485fb

Aligned with context tree. Fixes a PATCH hang when {status, comment} are combined by removing a redundant UPDATE issues SET updatedAt inside addComment() via a new skipUpdatedAt option. Matches [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) route/service split and the "Drizzle queries live in services" decision. The sidecar tweak to the openclaw-gateway skill template (two-step close flow) is also consistent with [adapters/openclaw-gateway/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/openclaw-gateway/NODE.md) — it hardens the adapter against similar contention by splitting the close into POST-then-PATCH. No product/context conflict.

_{Reviewed commit: <code>ea5485fb</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: high · commit: 874fa42e

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Server-side tenant-guards the PAPERCLIP_TASK_ID / wake snapshot on heartbeat runs and process-loss retries. This is load-bearing for the company-scoped isolation invariant — exactly the kind of fix the tree wants prioritized.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Tenant isolation | Sanitize cross-tenant wake context before runs + retries | Root CLAUDE.md: "Company-scoped isolation — All entities... scoped to company_id. Never leak data across companies." | ✅ Aligned |
| Heartbeat contract | Guard happens server-side, not in the adapter | [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — route/service split, server is the enforcement layer | ✅ Aligned |
| Governance boundary | Matches product/governance/NODE.md "Governance enforced at server layer; agents cannot bypass" | [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- Root [CLAUDE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/CLAUDE.md) — "Company-scoped isolation" (decision #1)
- [product/company-model/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/company-model/NODE.md) — multi-company data model
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — "Governance enforced at server layer"
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — heartbeat path

### Recommendation

Merge as a high-priority isolation fix after Greptile/CodeRabbit sign off on code correctness. Two non-blocking observations:

1. Consider a targeted test fixture for cross-tenant retry replay — the failure mode is process-loss retry carrying stale PAPERCLIP_TASK_ID, which is hard to reproduce without a fixture that simulates interrupted runs.
2. The PR body references internal PAY-114/PAY-158 and paperclip.internal. Not a product/tree concern — just flagging that external contributors reading the PR won't have context. A one-line summary of the actual failure mode (vs the ticket link) would help downstream reviewers.

---

_{Reviewed commit: <code>874fa42e</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: medium · commit: ce5be85e

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Adds uniqueIndex on agent_api_keys.key_hash to match the existing board_api_keys pattern. Migration is rollback-safe with a pre-flight duplicate check. Closes #2925. This is a direct alignment win with governance — API key collisions break actor identity, which cascades into mis-routed heartbeats and wrong audit-log attribution.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Agent identity | DB-level guarantee that no two agents share a key hash | [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md): "Agent API keys are hashed (plaintext shown once at creation)" + "Auditable everything" | ✅ Aligned |
| Schema symmetry | Matches board_api_keys which already uses uniqueIndex on key_hash | [engineering/database/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/database/NODE.md) | ✅ Aligned |
| Migration safety | Pre-flight PL/pgSQL guard, transactional, diagnostic-on-failure | No tree guidance on migration patterns — worth adding | 🆕 New |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — API keys, audit trail
- [engineering/database/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/database/NODE.md) — schema conventions

### Recommendation

Merge after Greptile/CodeRabbit code review. Two tree-update suggestions:

1. Document the "hashed, unique, auditable" API key invariant in product/governance/NODE.md so future schema additions inherit the pattern automatically. The symmetry between agent_api_keys and board_api_keys should be a tree decision, not a convention discoverable only by reading the DB schema.
2. Consider documenting the "pre-flight PL/pgSQL guard + diagnostic query" migration pattern under engineering/database/NODE.md — this is a good defensive pattern that other risky migrations should follow.

---

_{Reviewed commit: <code>ce5be85e</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: d08476cc

Aligned with context tree. Wires countUnreadTouchedByUser() to the sidebar badge route so the inbox badge reflects actual unread touched issues instead of only failed/alerts/joinRequests/approvals. Matches [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) route/service split (query call added in the route; service fn unchanged) and the [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) principle 4 "Board-level abstraction wins" — badges are part of the board's default visibility surface. No product/context conflict.

_{Reviewed commit: <code>d08476cc</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: ae3c7e2e

Aligned with context tree. Adds auto-scroll to the embedded variant of IssueChatThread with a "user scrolled up" pause (60px threshold) and a "Jump to Latest" reset. Scope is strictly frontend, embedded variant only — standalone chat unchanged. Matches [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) and the [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) progressive-disclosure principle (top-layer summary → live stream). Respecting user scroll intent is a nice touch. No product/context conflict.

_{Reviewed commit: <code>ae3c7e2e</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: NEEDS_REVIEW · severity: low · commit: 14be2da1

> [!CAUTION]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Fixes the same bug as #3199: GET /api/agents/me/inbox-lite silently drops routine-execution issues. #3199 is a 2-line minimal fix; this PR is a 67-line version that adds a dedicated regression test. Both are functionally correct and aligned with the tree — the maintainer needs to pick one.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Inbox-lite contract | Include routine_execution issues | [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md): routines are first-class task origins | ✅ Aligned |
| Test coverage | Adds route-level regression test in agent-permissions-routes.test.ts | [infrastructure/testing/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/testing/NODE.md): route-level tests encouraged | ✅ Aligned |
| Dedup | Same intent as PR #3199 | N/A — coordination concern | ❓ Partial |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — routines as task origins
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — route/service split
- [infrastructure/testing/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/testing/NODE.md) — test patterns

### Recommendation

Pick this PR (#3217) over #3199 if the maintainer wants test coverage alongside the fix. Pick #3199 if the philosophy is "smallest possible fix, test comes later." Ideally: cherry-pick the test from this PR on top of #3199's minimal change. Either way, close the other.

---

_{Reviewed commit: <code>14be2da1</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 43394d89

Aligned with context tree. Wraps CommentCard and MarkdownBody in React.memo (with useMemo on the markdown components object) to skip re-renders during polling cycles. Strictly additive perf fix for long comment threads. Builds on PR #3163's TimelineList memoization. Matches [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) and the [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) progressive-disclosure principle (the comment thread is the live communication surface and needs to stay responsive). No product/context conflict.

_{Reviewed commit: <code>43394d89</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 44d94d0a

Aligned with context tree. Closes #3179. Extracts adapter-config save patch construction into a tested helper (agent-config-patch.ts) and switches edit-mode saves to full-replacement payloads with replaceAdapterConfig: true, stripping undefined keys so explicit clears actually delete persisted entries. Preserves adapter-agnostic keys on adapter-type changes. Matches [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) declarative-config-schema decision (server contract unchanged, client now sends the right shape) and [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) (extracting state-shape logic into pure helpers). Adds regression tests covering the bug + adapter-type-change preservation. No product/context conflict.

_{Reviewed commit: <code>44d94d0a</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 1f744f6

Aligned with context tree. No concerns.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: 25ac8ad3

> [!CAUTION]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Clears executionRunId lock metadata when an issue leaves in_progress or is reassigned. This is the second auto-cleanup PR in this batch (after #3200 which cancels orphaned heartbeat runs). Both sit in the same gray zone relative to the tree's "no silent auto-recovery" principle — same flag, same recommendation: confirm the boundary explicitly.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Lock cleanup | Clear executionRunId when status leaves in_progress or assignee changes | [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) principle 6: "Surface problems, don't hide them. No silent auto-recovery." | ❓ Partial |
| Trigger | Cleanup is gated on explicit human/agent state change (status leaving in_progress or reassignment), not on background reaper | Tree allows "good auditing → right entity decides what to do" | ✅ Aligned |
| Test coverage | Adds issues-service-update-execution-lock.test.ts | Tree values regression tests on state-machine transitions | ✅ Aligned |
| Pair with #3200 | Both fix orphaned-execution lock state with the same gating principle | No tree node yet for the auto-cleanup boundary | 🆕 New |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them"
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — issues-service patterns
- (Suggested new) product/task-system/NODE.md — auto-cleanup vs auto-recovery boundary

### Recommendation

Two suggestions before merging:

1. Coordinate with PR #3200. That PR cancels orphaned queued/running heartbeat runs on the same trigger (issue reassign/close). #3190 clears the lock metadata. The two are complementary halves of the same cleanup story — should they land together as one PR, or in a known order to avoid leaving the system in a half-cleaned state?
2. Add a tree node. I've now flagged this same boundary twice in the queue (#3200, #3190). The implicit rule appears to be: "Cleanup of dead state is allowed when explicit human/agent action triggers it; background auto-recovery is not." That's a real product-level decision worth codifying in product/task-system/NODE.md so future contributors don't have to re-derive it. If a tree owner can confirm the rule, gardener can stop flagging these.
3. PR body uses internal SUPAAAA-475/466 refs. External reviewers won't have context — a one-line summary of the failure mode would help downstream review.

Otherwise aligned. The change is well-scoped, tested, and the trigger gating is the right shape.

---

_{Reviewed commit: <code>25ac8ad3</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: ad6f2d68

Aligned with context tree. Closes #3191. Normalizes legacy $AGENT_HOME/... companion references to bundle-relative ./... form, but only for managed instruction bundles — external bundles untouched. Heals already-materialized managed bundles during recovery and writes the normalized form on materialization. Matches the [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) "skill injection via symlinks into a temporary .claude/skills/" pattern (managed = paperclip-owned, external = user-owned, so paperclip can rewrite the former but must leave the latter alone). The managed/external split is exactly the right boundary. Adds regression tests for healing, external no-op, idempotence, and route-level materialization. No product/context conflict.

_{Reviewed commit: <code>ad6f2d68</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: medium · commit: 50aa0fde

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

New copilot_local adapter that routes Paperclip agent runs through GitHub Copilot's API endpoint, reusing the Claude CLI binary for Anthropic models and an OpenAI-compat path for non-Claude models. Aligns with the adapter tree's "one package per adapter" + "control plane, not execution plane" decisions. Two non-blocking flags below.

> [!IMPORTANT]
> Duplicate alert: PR #3187 is titled "docs: add gh cli quickstart" but actually adds the same copilot_local adapter package (542+317+407+544 LOC across the same files), plus 367 LOC of test changes. The maintainer needs to pick one and close the other. See gardener comment on #3187.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Adapter package layout | New packages/adapters/copilot-local/ with server/, cli/, ui/, shared/ | [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md): three-layer package structure | ✅ Aligned |
| Control plane boundary | Adapter shells out to claude CLI; Paperclip never runs the LLM directly | [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) decision 1: "Control plane, not execution plane" | ✅ Aligned |
| Local-vs-gateway pattern | Local adapter spawns child process | [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) "Local vs Gateway Pattern" | ✅ Aligned |
| Model list | Hardcoded 7-model list | [adapters/opencode-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/opencode-local/NODE.md) prefers dynamic model discovery; static is acceptable but not ideal | ❓ Partial |
| Auth chain | GITHUB_COPILOT_TOKEN → GITHUB_TOKEN → gh auth token | No tree guidance on auth precedence — worth documenting | 🆕 New |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — package structure, local-vs-gateway, model discovery
- [adapters/claude-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/claude-local/NODE.md) — Claude CLI host
- [adapters/opencode-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/opencode-local/NODE.md) — dynamic model discovery pattern
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — control plane boundary

### Recommendation

Aligned in spirit. Three things before/after merge:

1. Resolve the dup with #3187 first. That PR adds the same adapter package under a misleading "docs" title. Whichever PR has cleaner code review wins; close the other.
2. Consider dynamic model discovery. The OpenCode and Pi adapters both ship discover*Models() patterns because their model lists are provider-driven. Copilot's available models are also subscription-driven (Pro/Business/Enterprise have different access). Hardcoding 7 models will drift; querying Copilot's /models endpoint at startup is more in line with the rest of the adapter family.
3. Document the auth-resolution chain. Add an adapters/copilot-local/NODE.md tree node once the package lands, including the auth precedence and the rationale (why GITHUB_COPILOT_TOKEN over GITHUB_TOKEN over gh auth token). This is exactly the kind of cross-adapter constraint that belongs on the tree.

---

_{Reviewed commit: <code>50aa0fde</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: medium · commit: 8934b3d4

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Separates tool_use errors from terminal adapter errors in the OpenCode JSONL parser. Closes #3193. Tool failures no longer get promoted into fatal errorMessage, so opencode_local run status reflects actual adapter/runtime failure instead of recoverable tool errors. Aligned in spirit with multiple tree decisions.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Per-adapter parsing | parsePiJsonl-style: each adapter parses its own stream into TranscriptEntry types | [adapters/opencode-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/opencode-local/NODE.md) + [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md): "Adapters parse agent output INTO the shared TranscriptEntry types" | ✅ Aligned |
| Surface vs hide | A tool error is a recoverable signal; promoting it to fatal is hiding the real success state behind a false failure | [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) principle 6: "Surface problems, don't hide them" — and the inverse: don't manufacture problems where there aren't any | ✅ Aligned |
| Test coverage | Parser-level + server-level regression tests | [infrastructure/testing/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/testing/NODE.md) | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/opencode-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/opencode-local/NODE.md) — JSONL parser, output classification
- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — adapter parses INTO shared transcript types
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — surface vs hide

### Recommendation

Looks good to merge after Greptile/CodeRabbit clears code correctness. Closes #3193 (which is also in the open queue). One thought: this same "tool error vs adapter error" distinction probably applies to other adapters (claude-local, gemini-local, codex-local). Worth considering whether the classification should be lifted into a shared adapter-utils helper so each adapter parser doesn't have to re-derive the rule. Otherwise the [adapters/NODE.md`](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) "compose utilities" decision risks drift across adapters.

---

_{Reviewed commit: <code>8934b3d4</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · type: issue

Aligned with context tree. This issue documents a regression of the OpenClaw paperclip root-property fix from PR #626. A candidate fix is already in flight: PR #3245 ("fix: strip paperclip payload from agent params") explicitly addresses this issue along with #3089 and #617. PR #3245 hardens the OpenClaw gateway adapter to always strip agentParams.paperclip before sending the gateway request, removes the dead paperclipPayload path, updates docs to state the actual contract, and adds regression coverage.

The fix matches the [adapters/openclaw-gateway/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/openclaw-gateway/NODE.md) protocol-boundary contract and the broader [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) "adapters parse agent output INTO shared transcript types" decision.

### Recommendation

- Track PR #3245 as the canonical fix.
- Once #3245 lands, this issue can be closed.
- The reproducer in this issue (with redacted payload) would be valuable as a fixture in the OpenClaw gateway adapter test suite — consider attaching to PR #3245 if not already covered.

_{Reviewed: <code>2026-04-10T00:25:18Z</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · type: issue

Aligned with context tree. This issue documents the well-defined timeoutSec=0 infinite-hang bug in codex_local (and other adapters that default timeoutSec to 0). A candidate fix is in flight: PR #3186 ("fix: apply 30-minute default timeout when timeoutSec is 0") closes this issue by treating timeoutSec <= 0 as "use default 30min" across codex-local, cursor-local, and process adapter execute functions.

The fix surfaces the hang as a timeout instead of an indefinite block, aligning with [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) principle 6 ("Surface problems, don't hide them"). Gardener flagged PR #3186 as NEEDS_REVIEW/low because the same guard is duplicated across 3 adapter packages — see the gardener comment on #3186 for the suggestion to lift the default into adapter-utils.

### Recommendation

- Track PR #3186 as the canonical fix.
- Once #3186 lands (ideally with the adapter-utils lift discussed there), this issue can be closed.
- Consider adding the "default adapter timeout" decision to [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) so future adapters inherit the rule automatically.

_{Reviewed: <code>2026-04-10T00:25:20Z</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: e733cee0

> [!CAUTION]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Closes #3215. Adds killOrphanedPid() (SIGTERM → SIGKILL after 5s grace), wires it as a fallback in cancelRunInternal and cancelActiveForAgentInternal when the in-memory ChildProcess handle is gone, and changes the stale-run reaper to actually kill orphaned processes and mark runs failed.

This is the third PR in the queue addressing the orphaned-execution-cleanup pattern (after #3200 cancels orphaned queued runs on reassign/close, and #3190 clears stale executionRunId lock metadata). The trio is internally consistent and complementary, but they should be coordinated.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Reaper kills, doesn't observe | Stale-run reaper now SIGKILLs orphans and marks runs failed | [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) principle 6: "Surface problems, don't hide them. No silent auto-recovery." — but a documented timeout-based reaper is closer to "surfacing a problem as a failure" than to "hiding it" | ❓ Partial |
| SIGTERM-then-SIGKILL grace | 5s grace period before hard kill | Standard process-management pattern | ✅ Aligned |
| Trigger | Reaper runs on a schedule (background); kill is unattended | Tree hasn't drawn the line on whether scheduled cleanup is "auto-recovery" | 🆕 New |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them"
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — heartbeat path
- (Suggested new) product/task-system/NODE.md — explicit auto-cleanup boundary

### Recommendation

This is the third PR I've flagged on the same auto-cleanup-vs-auto-recovery question (#3200, #3190, #3218). The boundary needs to be drawn explicitly in the tree before more PRs in this category arrive.

1. Coordinate with #3200 and #3190. All three PRs touch the orphaned-run cleanup path:
- #3200 — cancel queued runs when issue is reassigned/closed (event-triggered)
- #3190 — clear stale executionRunId metadata on issue state transitions (event-triggered)
- #3218 — SIGKILL orphaned PIDs in scheduled reaper (background-triggered)
The first two are gated on explicit human/agent state changes. #3218 is the first one that's purely background-driven — that's a meaningful difference for the "no silent auto-recovery" principle and worth a maintainer decision.
2. The stale-run reaper marking runs failed is a behavior change worth flagging in the changelog. Operators monitoring run status will see failed runs that previously appeared as running-with-warning-log.
3. Add a tree node. product/task-system/NODE.md should codify when scheduled cleanup is allowed vs. forbidden. This category of PR will keep arriving until the tree has an opinion.

Otherwise the implementation is well-scoped and tested.

---

_{Reviewed commit: <code>e733cee0</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: CONFLICT · severity: high · commit: b8b4b5fe

> [!WARNING]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The PR title is "Tighten social-agent cost discipline." The actual diff is 666 additions across 7 files, breaking down as:

1. 488 LOC of company-specific seed data and agent prompts (agents/instructions/brand-lead.md, chief-of-staff.md, lead-gen-agent.md, ops-agent.md, social-agent.md, and scripts/seed-truwitz.ts) — a complete agent roster + seed script for a specific company called "truwitz".
2. Two major undocumented core changes in server/src/services/heartbeat.ts:
- Global 15-minute heartbeat execution timeout (HEARTBEAT_EXECUTION_TIMEOUT_MS)
- Per-agent circuit breaker with exponential backoff (CB_FAILURE_THRESHOLD, CB_MAX_BACKOFF_MULTIPLIER, CircuitBreakerState stored in agentRuntimeState.stateJson)

Neither core change is mentioned in the PR title or summary, and both are policy decisions that affect every Paperclip deployment, not just the social agent.

Two distinct tree-conflict concerns below.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Company-specific seed data in core | seed-truwitz.ts + 5 truwitz agent instruction files in main repo | [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) Anti-requirements: "Paperclip is explicitly not: an agent runtime, a knowledge base, ... or a complete Jira/GitHub replacement" + "Paperclip is infrastructure, not the company itself" | ⚠️ Conflict |
| Hidden core policy: 15min heartbeat timeout | Adds a global execution timeout cap not mentioned in title/summary | [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) compaction thresholds reference suggests timeout policy is core behavior worth declaring on the tree | ⚠️ Conflict — undocumented policy change |
| Hidden core policy: per-agent circuit breaker | Exponential heartbeat backoff after 3 consecutive failures | [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) "Surface problems, don't hide them. No silent auto-recovery." — automatic backoff IS auto-recovery | ⚠️ Conflict |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — anti-requirements, control plane vs company
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — "Surface problems, don't hide them" / no silent auto-recovery
- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — adapter timeout pattern

### Recommendation

This PR should be split into three before merging, in this order:

1. A separate "core: per-agent circuit breaker for heartbeat failures" PR that explicitly proposes the auto-backoff policy. This is a governance-relevant decision (auto-recovery), needs a tree update before it lands, and absolutely should not ship hidden inside a "tighten social-agent" PR. The 15-minute global heartbeat timeout decision belongs in the same PR.
2. A separate "scripts: truwitz company seed" PR in a examples/ or seeds/ directory if the maintainer is OK with example seeds in the core repo at all. My read of [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) is that this content does not belong in paperclipai/paperclip at all — Paperclip is the control plane, not the company. Truwitz should be its own repo using Paperclip as a dependency, with seed data living there.
3. The actual social-agent calendar throttle (whatever code change the title describes) — but I don't see a corresponding code change in the diff. The 666 LOC are all seeds + instructions + heartbeat policy. Either the calendar throttle is missing or it's hidden inside one of the markdown instruction files. If it's in a .md instruction file, that's a documentation/prompt update, not a code change, and the PR title overstates what it does.

Pulling this apart will let the governance-affecting parts get the review they deserve and keep the core repo from accreting company-specific seeds.

---

_{Reviewed commit: <code>b8b4b5fe</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · type: issue

Aligned with context tree. This issue documents the well-known Docker build failure caused by GitHub's GPG signing key rotation. Two candidate fixes are in flight, both updating the same hardcoded SHA256 in the Dockerfile:

- PR #3234 ("fix: update GitHub CLI GPG keyring checksum") — preferred: cleaner body and verification steps
- PR #3212 ("Github signing key rotation") — duplicate fix from a different contributor

The fix matches the [infrastructure/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/NODE.md) Dockerfile + supply-chain-verification concerns.

### Recommendation

- Merge #3234 (or #3212), close the other.
- Once landed, this issue can be closed.
- Tree-update suggestion: infrastructure/NODE.md already mentions hardcoded checksums as a gotcha; consider documenting "rotate the checksum when GitHub rotates their signing key" as a recurring maintenance task, or switching to an unpinned-but-verified install pattern long-term so this doesn't recur quarterly.

_{Reviewed: <code>2026-04-10T00:29:29Z</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · type: issue

Aligned with context tree. This issue describes both halves of the orphaned-run problem: queued runs not cancelled when issues close, AND the orphan reaper skipping zombie processes. Three complementary fixes are in flight, and together they address the full failure mode you describe:

- PR #3200 — cancels orphaned queued/running runs when issue is reassigned or closed (event-triggered cleanup)
- PR #3190 — clears stale executionRunId lock metadata when issue leaves in_progress (event-triggered cleanup)
- PR #3218 — SIGTERM→SIGKILL orphaned PIDs in the stale-run reaper, marks them failed (background-triggered cleanup, addresses the "process alive but hung" half)

Gardener flagged all three as NEEDS_REVIEW because they sit close to the [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) "no silent auto-recovery" principle and the boundary between event-triggered cleanup (likely allowed) and background-driven recovery (likely not) is not yet codified in the tree.

### Recommendation

- The three PRs should be coordinated and ideally land together or in a known order to avoid leaving the system in a half-cleaned state.
- Once they land, this issue can be closed.
- Strongest tree-update suggestion in this iteration: product/task-system/NODE.md should add an explicit decision on auto-cleanup vs auto-recovery boundaries. Three orphan-cleanup PRs in one batch is a clear signal the tree is missing a load-bearing decision.

_{Reviewed: <code>2026-04-10T00:29:01Z</code> · Tree snapshot: <code>ffda000b</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 39e3607

> [!NOTE]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Pure adapter bug fix in gemini-local plus a subprocess hardening utility added to the shared adapter-utils package. Both placements match the architectural decisions in the context tree — no concerns from a product/context-fit perspective.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Per-adapter package isolation | Gemini-specific normalization stays in packages/adapters/gemini-local/ | "One package per adapter… keeps dependencies isolated" (adapters/NODE.md) | ✅ Aligned |
| Shared subprocess utilities | EPIPE hardening lands in packages/adapter-utils/server-utils.ts (runChildProcess) | "adapter-utils as shared library… adapters compose utilities (runChildProcess, buildPaperclipEnv…)" (adapters/NODE.md) | ✅ Aligned |
| Gemini failure detection | Improved quota-exhausted regex in parse.ts | "Auth-required detection is explicit because Gemini CLI can fail silently… Turn-limit result detection enables the server to distinguish 'Gemini hit its turn cap' from other error exits" (adapters/gemini-local/NODE.md) | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — adapter architecture, shared adapter-utils pattern, "one package per adapter" decision
- [adapters/gemini-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/gemini-local/NODE.md) — Gemini-specific decisions (auth detection, turn-limit detection)

</details>

### Recommendation

Merge after code review. The change respects every relevant architectural boundary the tree captures. One small bonus opportunity: if runChildProcess EPIPE hardening becomes load-bearing for other local adapters, a sentence in adapters/NODE.md under "Local vs Gateway Pattern" noting which subprocess failure modes adapter-utils now handles centrally would help future contributors avoid duplicating similar fixes per adapter.

---

_{Reviewed commit: <code>39e3607</code> · Tree snapshot: <code>3ff67a1</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot. Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: edd4d872

Aligned with context tree. No concerns.

This bugfix prevents rapid-fire cascading runs by adding a per-agent cooldown and respecting wakeOnAutomation. It aligns with the governance-first principle (budget hard-stops, preventing runaway resource consumption) and the agent model's per-agent configuration pattern.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 2d8f872

Aligned with context tree. No concerns.

Gemini-local already owns companion file loading as an adapter-layer concern (adapters handle lifecycle and workspace management), and stitching HEARTBEAT.md, SOUL.md, and TOOLS.md alongside AGENTS.md is the correct place to close the instruction gap for Eve-style bundles. The supportsInstructionsBundles extraction is a clean refactor that removes a brittle inline adapter-type checklist from the UI.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 1eec6da

Aligned with context tree. No concerns.

The adapter abstraction principle explicitly includes gemini_local as a first-class local adapter. This PR correctly extends the instructions-bundle UI gate to match — extracting the eligibility list into a shared helper (supportsInstructionsBundles) so the frontend remains consistent with the adapter-side capability model. The gemini_local adapter type key matches what the tree documents (adapters/gemini-local/NODE.md), and the refactor follows the frontend pattern of centralising shared logic in ui/src/lib/.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 1053204

Both issues from the original review remain resolved at this HEAD:

1. Lockfile policy — pnpm-lock.yaml is not in the diff. No manual lockfile edit.
2. Silent auth rejection — The databaseHooks.user.create.before hook throws new APIError("FORBIDDEN", { message: "Email domain is not allowed" }), and the UI authPost error handler surfaces p?.message as a fallback. Rejections are visible to users.

New changes since the prior review (Terraform ECS module, CLI allowedEmailDomains propagation, Dockerfile healthcheck) are clean:
- Terraform module is additive, gated behind explicit terraform apply, with well-documented limitations (single NAT Gateway tradeoff).
- allowedEmailDomains is correctly threaded through all CLI config paths (configure, onboard, worktree-lib, server prompt).
- Healthcheck aligns the container lifecycle with ECS health gates (governance-first principle).

No blocking concerns.

---

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

> [!WARNING]
> gardener:verdict: NEEDS_REVIEW · severity: medium · commit: ccd7776

---

## Summary

This PR is titled as a bug fix for plugin page route prefix-doubling, and that fix is correct and aligned. However, the PR bundles four substantial and largely unrelated changes under a misleading title: a new BastionClaw adapter (filesystem IPC + SQLite polling), a company-level kill switch (pause/resume), a heartbeat model override feature, and the actual bug fix. The BastionClaw adapter introduces a new architectural pattern not recorded in the context tree, and there is a SQL injection risk in the adapter's polling loop.

---

## Context Match

| Area | Tree | PR | Match |
|---|---|---|---|
| Plugin page route fix (company-routes.ts) | Plugin extensibility is core; routing correctness required | Correctly strips company prefix for any non-global segment | ✅ Aligned |
| Company pause/resume (kill switch) | Governance: "Board can pause/resume any Agent immediately"; company lifecycle has paused status | Board-only POST /:companyId/pause + POST /:companyId/resume, cancels active runs | ✅ Aligned |
| Heartbeat skips paused companies | Company lifecycle: "Paused companies stop all heartbeats" | tickTimers now queries paused companies and skips their agents | ✅ Aligned |
| BastionClaw adapter pattern | Tree lists gateway adapters as WebSocket-based (openclaw-gateway); "gateway adapters connect to a remote agent over WebSocket" | BastionClaw uses filesystem IPC + SQLite polling — not WebSocket | ⚠️ New Territory |
| Heartbeat model override | No tree node records adapter-level model override at heartbeat invocation | heartbeat.model added to heartbeat policy, injected into runtimeConfig on timer runs only | ⚠️ New Territory |

---

## Issues

### 1. SQL injection risk in BastionClaw adapter (medium severity)

In packages/adapters/bastionclaw/src/server/execute.ts, the task poll query interpolates taskId directly into an SQL string with only single-quote escaping:

```ts
SELECT status, result, error, duration_ms FROM task_run_logs WHERE task_id = '${taskId.replace(/'/g, "''")}' ORDER BY run_at DESC LIMIT 1
```

taskId is constructed as paperclip-${ctx.runId} where ctx.runId comes from the server. While the server controls runId today, this pattern bypasses parameterized queries and creates a brittle trust assumption. The sqlite3 CLI used here supports parameterized queries via -cmd. This should use a parameterized form or at minimum assert that taskId contains only safe characters before interpolation.

### 2. PR bundles four unrelated changes under a misleading title (low-medium)

The title "Fix plugin page routes doubling company prefix on company switch" covers only ~10 lines of the 3,800-line diff. The rest introduces: a new adapter, a company kill switch feature, a heartbeat model override, GitHub issue templates, and a SECURITY.md. Bundling makes review harder and commit history less useful. These should be separate PRs.

### 3. BastionClaw adapter pattern is not in the tree (new territory)

The adapters tree node defines two patterns: local (spawns a child process) and gateway (WebSocket). BastionClaw uses a third pattern: filesystem IPC + SQLite polling. The adapter writes a JSON task file to a shared directory and polls a SQLite DB for completion. This is a novel integration pattern with meaningful tradeoffs (local-only, polling latency, SQLite lock sensitivity) that should be captured in the tree before the adapter ships, so future adapters don't re-litigate this design.

### 4. models: [] in BastionClaw index.ts

packages/adapters/bastionclaw/src/index.ts exports models: []. The tree notes that adapters report model info via detectModel. If BastionClaw can detect the model from the Claude instance it dispatches to, this should be wired up rather than left empty.

---

## Tree Nodes Referenced

- adapters/NODE.md — local vs gateway pattern, ServerAdapterModule interface
- adapters/openclaw-gateway/NODE.md — gateway adapter precedent
- product/governance/NODE.md — board powers, pause/resume, budget hard-stops
- product/company-model/NODE.md — company lifecycle (active/paused/archived)
- product/NODE.md — control plane principles

---

## Recommendation

The routing fix and the governance/heartbeat changes are aligned and look correct. The BastionClaw adapter is new territory worth flagging:

1. Fix the SQL injection before merge — use parameterized queries or character-validation on taskId.
2. Confirm the IPC+SQLite pattern is intentional and draft a adapters/bastionclaw/NODE.md tree node capturing the design rationale and constraints (local-only, SQLite polling, requires BastionClaw to be co-located).
3. Consider splitting the PR — the bug fix and the BastionClaw adapter are independent and the bundling makes each harder to review.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: ba179a6e

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The inbox badge was showing stale counts by including already-read issues. The one-line fix in computeInboxBadgeData correctly filters mineIssues to only those where isUnreadForMe === true, and a targeted unit test locks in the expected behavior. This directly serves the tree's "surface problems, don't hide them" principle — badge numbers are the top-layer signal and must be accurate.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Accuracy of signals | Badge shows only unread issue count, not total touched | "Surface problems, don't hide them" — misleading badge counts obscure real signal for the board operator; fixing this restores fidelity | ✅ Aligned |
| Progressive disclosure | Inbox badge is the top-layer summary; must match reality | Tree defines progressive disclosure: top layer = human-readable summary. Badge is the entry point — stale numbers undermine the whole disclosure stack | ✅ Aligned |
| Scope | One-line change in ui/src/lib/inbox.ts + test in inbox.test.ts | Frontend changes correctly scoped to /ui; no backend, adapter, or governance impact | ✅ Aligned |
| Test coverage | New test excludes read issues from the badge mineIssues count | Tree has no explicit test strategy rule here, but adding a regression test for a count-bug fix is sound practice | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Key decision 6: "Surface problems, don't hide them"; Key decision 7: Progressive disclosure — badge is the top-layer signal
- [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) — Issues page includes inbox; /ui/src/lib/ is the correct location for shared inbox helpers

</details>

### Recommendation

No concerns. Minimal, well-targeted fix with a matching test. The change restores the correctness of a first-class UI signal and is consistent with tree principles. Ready to merge pending code review.

---

_{Reviewed commit: <code>ba179a6e</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 14386b0b

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Filtering archived projects from the Routines dialog project selector is consistent with the Company Model's lifecycle decisions — archived entities are read-only historical records and should not appear in active creation flows.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Company lifecycle | Hide archived projects from New Routine dialog's project selector | Company Model defines archived status as "read-only historical records"; routines are forward-looking automation — active projects only is the correct scope | ✅ Aligned |
| UI consistency | Matches filter pattern in Projects.tsx and CompanyExport.tsx | Tree establishes no global UI pattern rule here, but consistency with existing filtering in sibling views is sound practice | ✅ Aligned |
| Scope | Single-line change in ui/src/pages/Routines.tsx | Frontend changes are scoped to /ui — correct per monorepo conventions | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/company-model/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/company-model/NODE.md) — Company lifecycle: active, paused, archived; archived = read-only historical record
- [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) — Frontend page structure; Routines page listed as scheduled automation management

</details>

### Recommendation

No concerns. The change is small, well-reasoned, and consistent with existing patterns and tree decisions. Ready to merge pending code review.

---

_{Reviewed commit: <code>14386b0b</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: \CONFLICT\ · severity: \high\ · commit: \a4690b3\

> [!WARNING]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This PR adds a knowledge base as a first-class core feature (DB table, 10 REST endpoints, heartbeat injection across all 6 adapters, UI page), which directly contradicts three explicit tree decisions: knowledge bases belong in plugins not the core control plane, Paperclip is explicitly "not a knowledge base", and knowledge base was deferred from V1 scope.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Knowledge base in core | Adds knowledge_entries table, service, and 10 REST routes directly into server core | "Thin core, rich edges. Knowledge bases… go into plugins — not the core control plane." (product/NODE.md) | ⚠️ Conflict |
| Paperclip identity | Positions knowledge base as a first-class Paperclip feature | "Paperclip is explicitly not: …a knowledge base…" (product/NODE.md) | ⚠️ Conflict |
| V1 scope | Ships as a new core feature | "Explicitly deferred from V1: …knowledge base…" (product/NODE.md) | ⚠️ Conflict |
| Adapter integration | Injects knowledge manifest into all 6 adapter heartbeat prompts | Adapter abstraction is aligned; the question is whether the data source should be core vs plugin | ❓ Partial |
| Company-scoped isolation | All queries are scoped to company_id; auth follows existing assertCompanyAccess pattern | Company-scoped isolation (engineering/NODE.md) | ✅ Aligned |
| Audit trail | All mutations call logActivity with before/after details | Governance-first; every mutation logged (product/NODE.md) | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Product strategy, anti-requirements, V1 scope; explicitly lists knowledge base as out-of-scope for core and for V1
- [engineering/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/NODE.md) — Backend architecture; service-oriented pattern; company-scoped isolation

</details>

### Recommendation

This work is solid in implementation quality — the scoping, audit trail, and adapter integration are all well-executed. The conflict is with where it lives, not whether it should exist.

Two paths forward:

1. Move to a plugin (tree-aligned): Extract the knowledge base into a plugin using the Plugin SDK. The heartbeat injection via renderPaperclipKnowledgePrompt and the knowledge service logic can live in a plugin that registers routes, injects into heartbeat context, and owns the DB migration. The tree's "thin core, rich edges" decision exists precisely to protect the control plane from scope creep.

2. Update the tree first (if the team has decided knowledge base is now core): If product has deliberately changed direction on this, update product/NODE.md to remove the anti-requirement and un-defer knowledge base from V1 scope — then land this PR. That PR should be discussed and merged before this code lands.

Either way, this PR should not merge until the conflict is resolved. The tree is the decision record; the code should follow from it.

---

_{Reviewed commit: <code>a4690b3</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · commit: b3f660b

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This PR adds a boardAttentionAt escalation primitive that lets agents signal "I need a human" without side-effecting issue status or assignee, and cleans up Board inbox noise by adding focused filter categories (Escalated, In Review, Assigned to me), hiding terminal-status issues from the Board default view, and moving the "Hide agent failures" toggle into an Options popover. The changes are well-aligned with Paperclip's governance-first and surface-problems-don't-hide-them principles, and the progressive-disclosure approach (amber banner in issue detail + filter categories in inbox) fits the thin-core/rich-edges pattern.

Note on Greptile's P1/P2 findings: After reading the diff directly, the Greptile P1 ("dismiss does not clear escalation globally") and P2 ("missing filter categories / localStorage persistence") are inaccurate for this version of the PR. The archiveIssueMutation.mutationFn correctly calls issuesApi.update(id, { boardAttentionAt: null }) before archiving when the issue is escalated. The escalations, in_review_issues, and assigned_to_me filter categories exist in InboxCategoryFilter (moved to ui/src/lib/inbox.ts), and saveInboxCategoryFilter is called on every filter change. The escalation badge test is also present in inbox.test.ts. Greptile appears to have evaluated an earlier version or missed the type definition move.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Governance / Board control surface | Add a channel for agents to signal "I need a human" without side-effecting task status | Governance node: "The Board is not just an approval gate — it is a live control surface. The human can intervene at any level at any time." Board powers always available. | ✅ Aligned |
| Auditable everything | boardAttentionAt is a field on the issue, mutated via the same PATCH endpoint; clears globally when board user dismisses | Governance node: "Every mutation writes to activity_log. The system is designed so that nothing happens silently." | ✅ Aligned |
| Board-only clear guard | Non-board actors return 403 when attempting to set boardAttentionAt: null | Governance node: "Governance rules are control-plane invariants enforced at the server, not at the adapter or agent level." | ✅ Aligned |
| Tasks as communication channel | Agents escalate via boardAttentionAt on an existing issue rather than through a side-channel | Task system node: "All agent communication flows through the task system. There is no separate messaging or chat system." | ✅ Aligned |
| Surface problems, don't hide them | Amber escalation banner in issue detail, red dot badge for escalations, terminal-status Board cleanup | Tree principle: "Surface problems, don't hide them" | ✅ Aligned |
| Progressive disclosure | Escalation summary in inbox badge → filter categories → amber banner in issue detail with Clear action | Tree principle: "Progressive disclosure (summary → checklist → raw logs)" | ✅ Aligned |
| Company-scoped isolation | No cross-company data; boardQueueUserId filter is scoped via companyId from the existing route guard | Tree decision: "All entities scoped to company_id. Never leak data across companies." | ✅ Aligned |
| Dismiss side-effect risk | If issuesApi.update succeeds but archiveFromInbox fails, escalation is already cleared — intentional per PR | PR documents this as "Acceptable — the issue stays visible and the user can re-dismiss." This is a reasonable UX tradeoff; not a governance concern. | ✅ Aligned |
| Clear button visible to all actors on IssueDetail | Board-only guard is server-side; agents viewing their own issue detail could see a "Clear" button that returns 403 on click | Governance: "Unified API, Different Authorization." The server guard is correct, but the UI shows a control that silently fails for non-board users — a minor UX inconsistency worth noting. | ❓ Partial |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — Board powers, approval gates, budget controls, audit trail requirements
- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — Tasks as the communication channel; no side-channel messaging

</details>

### Recommendation

Ship with one minor follow-up to consider: the "Clear" button in IssueDetail.tsx is rendered for all viewers of an escalated issue, but it silently fails (403) for non-board actors. Since agents can view their own issues, they'll see a button they can't use. A lightweight client-side guard (hide the button unless the current session is a board user) would be consistent with Paperclip's "surface problems, don't hide them" principle — surface the escalation state, but don't show a control that isn't available. This is low-severity and can be done as a follow-up.

---

_{Reviewed commit: <code>b3f660b</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 2ae0149d

Aligned with context tree. No concerns.

The new HEAD refactors the inline bundleDraft guard into a pure resolveBundleDraft() helper in ui/src/lib/bundle-draft.ts with 7 unit tests. This is a quality improvement over the prior in-place fix — behavior is unchanged but the logic is now testable in isolation, consistent with the frontend's pattern of keeping shared pure logic in ui/src/lib/. Still fixes the stale rootPath bug and still aligns with "surface problems, don't hide them" (the bug was showing a placeholder instead of actual file content).

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 7c941fe

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This PR fixes a production thundering-herd / timeout issue in the opencode-local adapter's model discovery and in the heartbeat scheduler. Both changes are squarely within the adapter abstraction and server service layers, consistent with all tree decisions.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Adapter isolation | Model discovery caching + retry lives inside opencode-local package only | One package per adapter; adapters compose adapter-utils, don't modify core | ✅ Aligned |
| Heartbeat jitter + shuffle | Deterministic per-agent jitter and eligible-agent shuffle in heartbeat.ts | Server services own orchestration scheduling; adapters own execution | ✅ Aligned |
| Governance / audit | Retry backoff and jitter are timing concerns, not state mutations; no audit trail impact | Governance-first means mutations are logged — timing helpers are not mutations | ✅ Aligned |
| Company-scoped isolation | Changes are adapter-level and scheduler-level; no cross-company data flow introduced | All entities scoped to company_id; no scope changes here | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — Adapter architecture: one package per adapter, adapter-utils as shared library, adapters do not own scheduling
- [engineering/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/NODE.md) — Service-oriented backend; services accept db and config as function arguments
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Surface problems, don't hide them; control plane, not execution plane

</details>

### Recommendation

Safe to merge. The jitter formula adds up to 10% delay on top of the configured interval (not before it), so heartbeats will never fire earlier than scheduled — reviewers should confirm that is the intended semantics, but it has no context-tree-level conflict.

---

_{Reviewed commit: <code>7c941fe</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · commit: 1956ccd

> [!WARNING]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This PR adds GitHub PAT support for private skill repos and a bulk delete-by-source endpoint. Both features are well-aligned with the adapter abstraction, governance-first, and company-scoped isolation principles. Severity is medium because PAT handling at the boundary between client and secrets vault is a sensitive pattern — the implementation looks correct but warrants a human eye on the credential lifecycle.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Secrets / PAT storage | PAT accepted at import time, stored as encrypted company secret via secretService, referenced by ID in skill metadata | Governance-first: audit trails on all mutations — PATCH /:skillId/auth logs skill_auth_updated/skill_auth_removed, import logs via existing activity system. Secrets vault already established. | ✅ Aligned |
| Company-scoped isolation | deleteBySource and updateSkillAuth both scope to companyId; route-level assertCanMutateCompanySkills guard present | All entities must be scoped to company_id — enforced at both route and DB query layers | ✅ Aligned |
| Adapter abstraction | Auth token threaded through ghFetch → all GitHub resolution helpers; retrieved from vault on subsequent calls | Agent runtimes connect through common adapter interface; auth wiring is internal to the adapter layer | ✅ Aligned |
| PAT not logged in audit details | logActivity for skill_auth_updated records only slug, not the token value | Governance: full audit trails required, but logging secrets would be a security anti-pattern — the current approach (log action + skill id, not credential) is correct | ✅ Aligned |
| Secret not deleted on PAT clear | updateSkillAuth(null) clears sourceAuthSecretId from metadata but leaves the underlying secret row | Minor lifecycle gap: orphaned secret rows accumulate. No tree decision violated, but worth a follow-up cleanup task | ⚠️ Minor gap |
| Bulk delete by source (UI) | Trash icon on source label triggers DELETE /by-source — removes all skills from a source without per-skill confirmation of agent usage | Pre-check atomicity is correct (service checks all skills before deleting any). Dialog warns user. No tree conflict. | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — governance-first, audit trails on every mutation, hard-stops as core (not optional)
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — route/service split, secrets vault, authentication patterns

</details>

### Recommendation

Approve with one follow-up: the orphaned secret on PAT clear is a minor hygiene issue (not a blocker). Consider opening a follow-up issue to delete the underlying secret when updateSkillAuth(null) is called and no other skill references it.

---

_{Reviewed commit: <code>1956ccd</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: 6896dfb6

> [!CAUTION]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Re-reviewed after HEAD update (7f5f43a2 → 6896dfb6). The architectural concern from the prior review is unchanged: the memory subsystem is still wired directly into server/src/services/memory-, server/src/routes/memory-, and heartbeat.ts — it has NOT been moved to the plugin system. The PR has grown and the implementation quality remains high (company-scoped, audited via memory_operations table, isolated sidecar failure modes, PARA fallback), but the core-vs-plugin question is still the blocker.

### What's new and what's unchanged

Unchanged between the two HEADs: architectural placement. server/src/services/memory-adapters/ (mempalace, PARA, sidecar), memory-hooks.ts, memory-operations.ts, memory-bindings.ts, routes/memory-bindings.ts, routes/memory-operations.ts, and heartbeat integration all still live in core.

Helpful new concrete comparison point: [PR #3285 (feat(plugins): add aws-file-store plugin with MinIO compose)](https://github.com/paperclipai/paperclip/pull/3285) just landed and demonstrates exactly the architectural pattern the tree calls for — it re-scoped a similar "storage-backed agent capability" feature from the CONFLICT version in #3230 into a proper first-party plugin at packages/plugins/examples/aws-file-store, using the standard plugin SDK (9 tools, lifecycle hooks, capability manifest, host-owned audit logging). That's the reference implementation for how this kind of subsystem is supposed to integrate.

### Recommendation

The two recommendations from the prior review still apply:

1. Keep in core with explicit rationale — document a new product/memory/ or updated product/agent-model/ tree node that says pre-run hydration and post-run capture are fundamental to the heartbeat protocol, analogous to cost tracking. This is a deliberate scope expansion and needs tree PR first.

2. Move to a first-party plugin — use PR #3285 as the template. The MemoryAdapter interface in packages/plugins/sdk/src/types.ts is already the right abstraction. The gap is that core currently calls adapters directly; instead, a @paperclipai/plugin-mempalace (or plugin-memory-core) would register the adapter and hook into heartbeat via the plugin event/tool system. The UI pages could live in the plugin's UI slots.

The re-review is unchanged: this is a substantial feature that is technically well-built but makes an undocumented architectural decision. Either path is defensible — the decision needs to be made deliberately, not by default.

---

_{Reviewed commit: <code>6896dfb6</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: CONFLICT · severity: high · commit: d1815b0

> [!WARNING]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This PR adds a MinIO-backed shared knowledge base as infrastructure (docker-compose service + injected skill) and wires AWS S3 env vars directly into the server. The context tree explicitly classifies knowledge bases as out-of-scope for the core control plane and deferred from V1. Adding it as a core docker-compose service and an alwaysApply: true agent skill bypasses the plugin system that the tree designates as the correct extension boundary.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Knowledge base | Add shared S3-backed file store accessible to all agents | product/NODE.md Anti-Requirements: "Paperclip is explicitly not: … a knowledge base." Knowledge bases belong in plugins, not the core. | ⚠️ Conflict |
| V1 scope | Ship knowledge base capability now | product/NODE.md V1 Scope: "Explicitly deferred from V1: plugin framework/SDK, knowledge base" | ⚠️ Conflict |
| Core vs plugin boundary | New MinIO service wired directly into docker-compose server block | product/NODE.md "Thin core, rich edges — knowledge bases… go into plugins, not the core control plane." plugins/NODE.md defines the correct extension point. | ⚠️ Conflict |
| alwaysApply: true skill | Skill injected into every agent session regardless of company config | Tree governance principle: company-scoped isolation; capabilities should be opt-in per company | ❓ Partial |
| Dockerfile SHA update | Update GitHub CLI keyring hash | Routine maintenance, no tree impact | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Anti-requirements ("not a knowledge base"), thin-core principle, V1 scope defers knowledge base, "knowledge bases go into plugins"
- [plugins/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/NODE.md) — Plugin SDK + runtime as the correct extension boundary for capabilities like a knowledge base
- [infrastructure/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/NODE.md) — docker-compose is core deployment config; adding MinIO here embeds the knowledge base into every deployment

</details>

### Recommendation

Do not merge as-is. Two paths forward:

1. Defer until after V1 ships and the plugin SDK is stable, then build this as a first-party plugin (e.g. @paperclipai/plugin-file-store) using the plugin SDK's process isolation and capability gates — exactly what the tree says knowledge-base features should use.
2. Discuss with the team whether this decision should be revisited in the tree. If the project's stance on knowledge-base-in-core has changed, update product/NODE.md first, then re-open this PR with the tree as backing.

The Dockerfile SHA bump in this PR is safe; it can be cherry-picked to a separate PR if the team wants that fix now without the knowledge-base feature.

---

_{Reviewed commit: <code>d1815b0</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: bfeb1e4

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This PR adds an "Execution Thread" tab to Issue Detail — a cross-issue chronological timeline for parent-child issue trees. It deepens existing task-system visibility without adding new primitives or crossing domain boundaries.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Task system / communication channel | Aggregate events across parent-child issue tree into a unified timeline | product/task-system/NODE.md: "all work traces to the company goal through a parent task chain"; tasks are the communication channel; no separate messaging | ✅ Aligned |
| Progressive disclosure | Thread tab adds a mid-level cross-issue view; existing Activity tab is untouched | product/NODE.md: "Progressive disclosure — top layer: summary, middle: steps/artifacts, bottom: raw logs" | ✅ Aligned |
| Governance / audit trail | Every comment, status change, assignment, and blocker across an execution wave is surfaced | product/NODE.md: "Surface problems, don't hide them"; governance-first with full audit trails | ✅ Aligned |
| Frontend architecture | New route, React Query hook, API layer method, shared types — follows established patterns | engineering/frontend/NODE.md: API layer centralizes HTTP calls; hooks encapsulate React Query; no global state | ✅ Aligned |
| Company-scoped isolation | Execution thread walks parent-child issue tree; no indication of cross-company data leakage | engineering/NODE.md: multi-company isolation at query level | ✅ Aligned |
| @assistant-ui/react in lockfile | PR adds @assistant-ui/react to pnpm-lock.yaml | engineering/frontend/NODE.md already lists @assistant-ui/react as a stack dependency — consistent | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — tasks as communication channel, all work traces to goal, human-readable identifiers
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — progressive disclosure, surface problems, board-level abstraction
- [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) — React 19, React Query, API layer, page structure patterns

</details>

### Recommendation

Safe to merge from a context-fit perspective. One note for code reviewers: the recursive CTE is capped at 200 issues — confirm the truncation behavior (truncated: true in the response) is visible in the UI so board-level users can tell when they're seeing a partial view. That aligns with "surface problems, don't hide them."

---

_{Reviewed commit: <code>bfeb1e4</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · issue: #3254

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This is a well-scoped bug fix for the Claude local adapter's session error detection. The proposed change is consistent with the adapter's session-resume pattern and the tree's guidance on how adapters should handle session failures.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Adapter session handling | Extend isClaudeUnknownSessionError regex to catch invalid signature in thinking block and trigger fresh-session retry | Adapters manage session resume via --session-id; the adapter boundary is responsible for detecting session errors and signaling the retry path | ✅ Aligned |
| Error classification | Treat thinking-block signature errors the same as unknown session errors | Claude adapter uses isClaudeUnknownSessionError specifically to distinguish recoverable session errors from hard failures; adding new patterns here is the correct extension point | ✅ Aligned |
| Surface problems, don't hide them | Current behavior crashes instead of retrying — the proposed behavior logs a warning then retries | Tree says no silent auto-recovery; this fix adds a logged retry (warn + retry), not silent swallowing | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/claude-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/claude-local/NODE.md) — Claude local adapter capabilities and session-resume design
- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — Session management and ServerAdapterModule contract

</details>

### Recommendation

This is a legitimate bug with a clear, minimal fix. The regex extension is in the right file and follows the existing pattern. Recommend accepting. Would be worth confirming whether the thinking-block signature error can surface in contexts other than session resume (e.g., if the upstream API returns it for fresh sessions too), and whether a separate error class would be more precise — but those are code-review-level concerns.

---

_{Reviewed issue: #3254 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · issue updated: 2026-04-10T03:07:09Z

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This is a well-scoped bug report against the UI routing layer that surfaces precisely when plugin page routes interact with multi-company navigation. The root cause analysis and proposed fix are both consistent with how Paperclip models companies and plugins.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Plugin page routing | Fix doubled company prefix when switching companies on plugin page routes | Plugin UI bundles load into host-designated slots and must operate correctly within company-scoped routing | ✅ Aligned |
| Company-scoped isolation | Bug occurs because toCompanyRelativePath() doesn't recognize plugin routes as company-relative | All entities are company-scoped; plugin UI slots receive company_id via PluginHostContext | ✅ Aligned |
| Frontend architecture | Fix is a targeted change to ui/src/lib/company-routes.ts | Frontend uses React Router v7 with context providers for current company | ✅ Aligned |
| Plugin extensibility | Fix unblocks plugins with page UI slots from working correctly across company switches | Plugin slots include page as a first-class UI slot type | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [plugins/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/NODE.md) — UI extension via sandboxed slots; plugin pages are a first-class slot type
- [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) — React Router v7 routing, company context provider
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Company as unit of organization; company-scoped isolation

</details>

### Recommendation

Confirmed bug with clear root cause and a safe, minimal fix. The proposed logic change (strip prefix when first segment is not global or board route) is the right generalization — it handles arbitrary plugin routes without requiring an enumerated allowlist. This is ready for a PR.

---

_{Reviewed issue updated: <code>2026-04-10T03:07:09Z</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: high · issue: #3247

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

UTF-8 encoding corruption in agent output is a high-severity bug that directly conflicts with Paperclip's goal of supporting non-English agent companies. It also violates the "surface problems, don't hide them" principle — agents are producing incorrect output that is silently rendered as mojibake.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Agent output fidelity | Fix UTF-8 corruption between agent API output and UI display | Tasks are the communication channel — all agent communication flows through task comments. Corrupted output breaks this core channel | ✅ Aligned |
| Internationalization | Restore French (and all non-ASCII) character rendering in agent-written content | Tree says Paperclip is a control plane for autonomous AI companies; no language restriction is stated — blocking non-English companies is an unintended constraint | ✅ Aligned |
| Progressive disclosure | Fix impacts task comments, deliverable summaries, status updates | These are the task-system layers agents use to communicate; corruption at these layers undermines the entire communication model | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — Tasks are the communication channel; agent output integrity is load-bearing
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them" — bugs shouldn't silently corrupt output

</details>

### Recommendation

High-severity bug. The issue has clear reproduction steps and solid examples. The encoding break is somewhere in the agent → API → storage → UI pipeline. Recommend triaging urgently — this blocks an entire class of non-English deployments. Assign to the backend or adapter team to trace whether the corruption is at storage (DB encoding), API response serialization, or the frontend render layer.

---

_{Reviewed issue: #3247 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · issue updated: 2026-04-10T02:09:04Z

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

A missing CLI command for plugin lifecycle management. The proposed plugin upgrade path correctly targets the server-side plugin lifecycle state machine and preserves plugin_config — consistent with how the tree describes graceful lifecycle transitions and database-backed plugin state.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Plugin lifecycle | Add upgrade command that re-validates manifest, cycles the worker, and preserves config | Runtime defines installed -> ready -> disabled/error -> uninstalled with validated transitions; "Graceful lifecycle state machine" is a first-class runtime concern | ✅ Aligned |
| Plugin config preservation | Preserve plugin_config row across upgrades unless schema is incompatible | Plugin state, entities, job runs persisted in PostgreSQL with pluginId scoping; lifecycle manager coordinates worker stop/start | ✅ Aligned |
| CLI tooling | New paperclipai plugin upgrade subcommand | CLI is a monorepo workspace package; plugin management already has install/uninstall commands | ✅ Aligned |
| Developer experience | Reduces friction for local plugin iteration | Plugin SDK includes PluginDevWatcher for hot-reload; upgrade path is the production-safe complement | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [plugins/runtime/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/runtime/NODE.md) — PluginLifecycleManager, graceful shutdown with deadline, database-backed state
- [plugins/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/NODE.md) — Graceful lifecycle state machine; manifest-driven contract

</details>

### Recommendation

Well-specified request aligned with the plugin runtime's existing lifecycle model. The proposed five-step upgrade sequence (validate manifest → stop worker → update DB → preserve config → restart) maps directly onto existing runtime services. Worth prioritizing as it reduces the cost of iterating on plugins significantly during development. Ready for a PR.

---

_{Reviewed issue updated: <code>2026-04-10T02:09:04Z</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · issue: #3236

> [!CAUTION]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The board inbox filtering request is partially aligned with Paperclip's board-level UX goals and progressive disclosure principle, but one key ask — hiding agent run failures from the board inbox — sits in tension with the "surface problems, don't hide them" core principle. The exact filtering design requires a maintainer judgment call.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Board UX / actionable inbox | Separate actionable items (approvals, escalations, in_review) from operational noise | Tree says the board experience should answer "what needs my approval" — filtering towards board-relevant actions is directionally sound | ✅ Aligned |
| Progressive disclosure | Move agent operational noise to a separate tab/view | Tree principle: top layer = human-readable summary, bottom layer = raw logs. Separating board-action items from agent run logs aligns with this layering | ✅ Aligned |
| Surface problems, don't hide them | Request asks to hide agent run failures and heartbeat errors from the board inbox entirely | Tree is explicit: no silent auto-recovery, no hiding of failures. Board must be able to see what's broken. Hiding failures in a separate tab is one thing; disabling them entirely risks obscuring real problems | ❓ Partial |
| Governance board powers | Board retains unrestricted access to pause, terminate, and override any agent | Filtering the inbox is fine as long as the board can still discover and act on failures when needed | ❓ Partial |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them" and "Progressive disclosure" principles
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — Board powers and the expectation of full visibility at all times

</details>

### Recommendation

The filtering direction is reasonable for a 40-agent org at scale. However, the design should keep failures visible somewhere (a separate "Agent Activity" tab is mentioned — that's the right approach), not suppressible entirely. The "option to disable failure notifications in board inbox entirely" is the one ask that conflicts with tree principles. Recommend accepting the filtering/tab-separation direction, and discussing the "disable entirely" ask with maintainers before implementing. A "mark all as read" button is low risk and clearly aligned.

---

_{Reviewed issue: #3236 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · issue updated: 2026-04-10T02:08:24Z

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The CEO onboarding AGENTS.md is missing an explicit section on board escalation mechanics. This causes a real governance failure mode: agents produce comments on their own tasks instead of creating board-assigned subtasks, which means board users miss critical blockers. The fix is squarely within Paperclip's governance-first design.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Board escalation mechanism | Teach CEO to create subtasks with assigneeUserId pointing at the board user | Tasks are the communication channel — all agent communication flows through tasks and comments; delegation = creating a task and assigning it | ✅ Aligned |
| Governance-first design | Ensure board blockers surface immediately rather than silently stalling | "Surface problems, don't hide them" is a core product principle; board must always be reachable | ✅ Aligned |
| Approval gates and oversight | Board-dependent blockers (approvals, secrets, business decisions) must reach the human operator | Board has unrestricted access and must be notified of blockers; approval workflow is synchronous | ✅ Aligned |
| CEO strategy scaffolding | Onboarding assets should encode correct CEO behavior from the start | V1 approval gate: CEO strategy approval must precede execution; board governance is non-negotiable | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — Tasks are the communication channel; delegation = creating an assigned task
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — Board powers; approval gates; "surface problems, don't hide them"
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Board-level abstraction wins; governance-first

</details>

### Recommendation

This is a correctness fix for the onboarding experience, not a feature request. The gap directly undermines board governance — the safety foundation the entire product is built on. The proposed section (create a board-assigned subtask with assigneeUserId, use Board: title prefix, set blockedByIssueIds) matches how the task system is designed to work. Ship it.

---

_{Reviewed issue updated: <code>2026-04-10T02:08:24Z</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: INSUFFICIENT_CONTEXT · severity: low · issue: #3235

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This is a user support question about running cross-platform desktop builds across a Windows Paperclip instance and a Mac machine. It's unclear whether the request is asking for a Paperclip feature (remote agent dispatch to a second machine) or just setup documentation. The tree has context on Paperclip's deployment model and local-first principle, but not enough detail about multi-machine agent dispatch to give a definitive verdict.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Multi-machine agent coordination | Run a "slave" Paperclip on Mac so agents can build Mac targets | Tree describes Paperclip as a control plane that agents phone home to; multi-instance federation or remote agent dispatch is not addressed | ❔ Insufficient |
| Local-first, cloud-ready | User has a local Windows instance and wants to extend to Mac | Tree principle supports local deployment; cross-machine orchestration would require network-connected instances but no design exists for this | ❔ Insufficient |
| Adapter abstraction | Agents run wherever they run and report back via adapters | An agent running on a Mac machine could theoretically connect back to the Windows Paperclip via the OpenClaw gateway pattern, but this isn't documented as a supported deployment | ❔ Insufficient |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Local-first, cloud-ready; control plane not execution plane
- [adapters/openclaw-gateway/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/openclaw-gateway/NODE.md) — Gateway adapter for remote agent connections (closest potential fit)
- [infrastructure/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/NODE.md) — Deployment modes (local_trusted vs authenticated)

</details>

### Recommendation

This looks primarily like a user support question rather than a feature request. Maintainers should clarify:
1. Is the user asking whether Paperclip supports multi-machine deployments where agents on a remote Mac phone home to a Windows control plane? (If so, the OpenClaw gateway is potentially the right path.)
2. Or is this purely a build tooling question outside Paperclip's scope?

If it is a feature gap (remote agent dispatch to a different machine), a tree node on multi-machine deployment topology would be worth creating. Either way, some triage and a response pointing the user to the right deployment path is needed.

---

_{Reviewed issue: #3235 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · issue updated: 2026-04-10T02:08:15Z

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

A backward-compatible enhancement to the issue.created activity event payload to include core issue fields. This enables plugin event handlers to act on creation without an extra round-trip API call — consistent with plugin extensibility goals and the event-driven plugin architecture.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Plugin event bus | Richer issue.created payload to reduce follow-up API calls for plugin consumers | PluginEventBus routes domain events to subscribed plugins; event-driven pattern is first-class | ✅ Aligned |
| Plugin extensibility | Enable plugins to act on issue creation with complete context | "Thin core, rich edges" — plugins need enough event data to do useful work without coupling to internals | ✅ Aligned |
| Backward compatibility | Additive payload change — existing consumers unaffected | Manifest-driven SDK contract; additive changes are safe for plugins already consuming this event | ✅ Aligned |
| Governance / audit trail | assigneeUserId, assigneeAgentId in payload aids plugins implementing board notification/triage | Governance enforced at server layer; activity log records every mutation | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [plugins/runtime/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/runtime/NODE.md) — PluginEventBus routes domain events to subscribed plugins
- [plugins/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/NODE.md) — Capability-gated access; event-driven plugin architecture
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — Auditable everything; activity log drives plugin event delivery

</details>

### Recommendation

Straightforward, low-risk enhancement. The proposed field set (status, priority, assigneeAgentId, assigneeUserId, projectId, goalId, parentId, description truncated at 500 chars) is reasonable and avoids unbounded payload growth. The truncated description is a good call. One note: confirm description?.slice(0, 500) is applied to the plain-text/markdown value, not raw rich-text markup, to keep the payload useful for event consumers.

---

_{Reviewed issue updated: <code>2026-04-10T02:08:15Z</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEW_TERRITORY · severity: medium · issue: #3228

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This proposal (written in Chinese) requests a Trae adapter integration — connecting ByteDance's Trae AI coding agent to Paperclip's orchestration layer. The adapter abstraction pattern in the tree directly supports this class of integration, but the tree has no specific guidance on Trae. This is new territory that fits the architecture, not a conflict with it.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| New adapter (Trae) | Add a trae-local or trae-gateway adapter so Paperclip can orchestrate Trae agents | Tree explicitly says Paperclip is unopinionated about agent implementation; adapters are the extension point for new runtimes | 🆕 New |
| Agent registration via API/config | Trae agents auto-register to Paperclip via metadata format | Adapters expose getConfigSchema for declarative UI; agent hiring flows through approval gates — this is consistent | ✅ Aligned |
| Skill sharing between Trae and Paperclip | Trae agents call Paperclip skills; Trae agents contribute skills back | Tree has a skill injection model (listSkills/syncSkills per adapter); cross-adapter skill exchange is not covered | 🆕 New |
| Knowledge base integration | Trae agents read/write Paperclip wiki | Tree defers knowledge base to plugins, not core — this conflicts with adding wiki read/write as a first-class Trae integration | ❓ Partial |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — One package per adapter; ServerAdapterModule interface; skill injection pattern
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Unopinionated about agent implementation"; "Thin core, rich edges" — knowledge base is plugin territory
- [adapters/codex-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/codex-local/NODE.md) — Reference for how a similar CLI-based agent is wrapped

</details>

### Recommendation

The core adapter integration request is architecturally sound — Trae would follow the same -local or -gateway pattern as existing adapters. The proposal is detailed and well-intentioned but mixes in several features (knowledge base read/write, cross-adapter skill contribution) that go beyond what an adapter owns per the tree's design.

A Trae adapter is worth pursuing as a community contribution. The scope should be narrowed to: implement ServerAdapterModule for Trae, support task execution, and follow the existing skill injection contract. Knowledge base and cross-adapter skill exchange should be tracked as separate proposals. The tree does not have a Trae-specific node yet — if the adapter moves forward, adapters/trae-local/NODE.md should be created.

---

_{Reviewed issue: #3228 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · issue updated: 2026-04-10T02:08:04Z

> [!CAUTION]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The feature request is valid and the underlying need is real — board users can't reliably receive out-of-band alerts when agents need intervention. However, there is a direct tension between two tree decisions that requires a deliberate maintainer call: the governance-first principle argues this belongs in core, while the "thin core, rich edges" principle says notification delivery (email/webhook) belongs in plugins.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Board governance reachability | Board users must receive alerts when agents need intervention, even if the UI is closed | Board has unrestricted oversight; "surface problems, don't hide them"; budget hard-stops notify the board | ❓ Partial |
| Core vs. plugin boundary | Requesting email/webhook notification as core infrastructure | "Thin core, rich edges" — knowledge bases, external integrations, and special surfaces go into plugins, not core | ⚠️ Conflict |
| Triggering events | assigneeUserId change, blocked status, approval created, budget threshold | Budget hard-stops already emit high-priority activity events; board notification on budget threshold is already in the governance model | ❓ Partial |
| Plugin as workaround | Reporter built a board-notify plugin using Resend | Plugin SDK supports ctx.events.on() subscriptions and ctx.http.fetch() for outbound calls — the plugin pattern works | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Thin core, rich edges": external integrations go into plugins; governance-first
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — Board hard-stops and budget threshold events already defined; board oversight is non-negotiable
- [plugins/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/NODE.md) — Plugin event subscriptions and outbound HTTP via ctx.http.fetch; plugin extensibility is the designed escape hatch

</details>

### Recommendation

The maintainers need to decide: is notification delivery infrastructure (email/webhook routing) a governance primitive that belongs in core, or an integration concern that belongs in a first-party plugin? Both positions are defensible:

- Core argument: Board reachability is a safety property, not a feature. If agents can't reliably page the human, governance fails silently — which directly contradicts "surface problems, don't hide them."
- Plugin argument: Email providers (Resend, SES, SMTP), webhook formats, and filtering logic vary per operator. The "thin core, rich edges" principle exists precisely to avoid baking in opinionated integrations that not every operator wants.

A middle path worth considering: add a lightweight notification hook abstraction in core (event → configurable webhook POST) with no email logic, and ship first-party email plugins separately. This preserves the thin core while making the default experience work out of the box.

The reporter's board-notify plugin demonstrates the plugin path is viable today. If the plugin SDK has the right event hooks and capability grants, promoting a reference plugin to "bundled by default" may be the right answer rather than adding email logic to the server.

---

_{Reviewed issue updated: <code>2026-04-10T02:08:04Z</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · issue: #3224

> [!CAUTION]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This request has two parts with different alignment profiles. Adding Gemini 3.5 to the model list is a straightforward adapter maintenance task. The "Auto" model fallback — automatically switching models when one hits a rate limit — touches the adapter boundary design and the "surface problems, don't hide them" principle, and warrants more discussion.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Gemini 3.5 model support | Add Gemini 3.5 to the model selection dropdown | Adapters expose detectModel and model listing; updating the Gemini model list when new versions ship is routine adapter maintenance | ✅ Aligned |
| Auto model fallback on rate limit | When "Auto" is selected and the current model hits quota, silently switch to another model | Tree says no quota reporting exists for the Gemini adapter ("Google's Gemini API does not expose rate-limit windows in the same way"). Also, "Surface problems, don't hide them" — silent model switching without user awareness conflicts with the visibility principle | ❓ Partial |
| Adapter boundary | Rate-limit detection and fallback logic within the Gemini adapter | Adapters own execution behavior; adding quota detection is in scope. However, automatic fallback without board visibility is a governance concern | ❓ Partial |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/gemini-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/gemini-local/NODE.md) — No quota reporting; model detection not currently supported; auth-required detection pattern
- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — getQuotaWindows interface exists per adapter; adapter owns billing inference
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them" — silent switching without audit log entry would violate this

</details>

### Recommendation

Gemini 3.5 support: Accept. It's a routine model list update with no architectural implications.

Auto fallback: Needs design discussion. The tree currently documents that Gemini has no quota reporting, so detecting rate limits is itself a new capability. If fallback is implemented, it should: (1) be logged as an activity event visible in the board's audit trail, not silent; (2) not be the default behavior unless the user explicitly opts in. Silent model switching without board awareness conflicts with the governance-first and visibility principles. Recommend tracking the fallback as a separate issue with a design proposal.

---

_{Reviewed issue: #3224 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · issue updated: 2026-04-10T02:09:03Z

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

A targeted UI improvement that gives board users a clear "action required" queue by filtering inbox issues to assigneeUserId=me. This directly supports Paperclip's board governance model and "surface problems, don't hide them" principle — the current Mine tab is too broad to serve as an action queue.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Board governance visibility | Dedicated filtered view showing only issues assigned to the board user | Board is the live control surface; board must be able to see what needs their action at a glance | ✅ Aligned |
| Surface problems, don't hide them | Replace the overly-broad Mine tab with a clear "needs my action" queue | "Surface problems, don't hide them" is a core product principle; good visibility lets the right entity decide what to do | ✅ Aligned |
| Progressive disclosure | New tab/filter within existing Inbox — doesn't restructure the UI | "Progressive disclosure" — the board sees what needs attention without reorganizing the top-level navigation | ✅ Aligned |
| API support | ?assigneeUserId=<id> filtering already exists on the issues endpoint | Unified REST API serves both board UI and agents; API already supports this query | ✅ Aligned |
| Task-based communication | Agents escalate by assigning issues to the board user — the view surfaces those | Tasks are the communication channel; agents escalate by creating and assigning tasks | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — Board as live control surface; board must be able to intervene at any level
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them"; "Board-level abstraction wins"; progressive disclosure
- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — assigneeUserId as the delegation mechanism; single-assignee model
- [engineering/frontend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/frontend/NODE.md) — Inbox page exists; React Query for server state management

</details>

### Recommendation

This is a well-scoped UI addition with clear product rationale and no API changes required. The feature directly closes a gap in the board governance experience — right now agents can't effectively page the human because the board user has no dedicated action queue. Excluding terminal statuses (done, cancelled) is correct. Ready for a PR.

---

_{Reviewed issue updated: <code>2026-04-10T02:09:03Z</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 6669e71

Aligned with context tree. No concerns.

This fix follows the established adapter pattern (matching claude-local) by injecting ctx.authToken as PAPERCLIP_API_KEY into the Hermes child process environment and surfacing it as {{authHeader}} in prompt template curl commands — exactly how the adapter abstraction is designed to handle auth across runtimes.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: INSUFFICIENT_CONTEXT · severity: low

> [!NOTE]
> This issue is a support question with no design proposal, feature request, or architectural change — there is nothing for the gardener to align or flag against the context tree.

What the tree says about Claude auth:
The claude-local adapter does not manage API keys or subscription state directly. Auth is fully delegated to the Claude CLI's own credential store (see adapters/claude-local). Whether a given Claude credential is subscription-based or API-credit-based is determined by the CLI — Paperclip passes through whatever auth the CLI holds.

Context match:

| Topic | Tree node | Status |
|---|---|---|
| Claude adapter auth model | adapters/claude-local | Delegation to CLI — no Paperclip-level opinion |
| Billing/quota reporting | adapters/claude-local | Adapter reports usage from Claude stream-json output |
| API key ownership | adapters/claude-local | Out of scope for Paperclip |

Recommendation: This is a support question best answered by a maintainer or in the project's documentation/FAQ. If the answer reveals a documentation gap (e.g., subscription vs. API-credit auth modes are undocumented), consider opening a docs issue.

No tree update needed — auth delegation to the Claude CLI is already captured in adapters/claude-local.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: c212896c

Aligned with context tree. No concerns.

Re-reviewed after HEAD update (b79fe517 → c212896c). The new commit is chore: nudge Greptile re-review (all 3 findings addressed in b79fe517) — an empty nudge commit with no code changes. Verdict and tree alignment unchanged: extending goals with acceptance_criteria + target_date rather than a parallel outcomes table, progressive disclosure (new tab inside goal detail), non-locking migration, defense-in-depth company scoping in getProgress.

Meta note: empty nudge commits trigger SHA-tracking bots including gardener — if the goal is specifically to re-ping Greptile without re-triggering others, @greptileai re-review as a comment works the same way without changing HEAD. For gardener, @gardener re-review as a comment will also work.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: c7368b57

Correct fix. companyId is the primary isolation boundary in Paperclip's architecture — all entities are company-scoped — so requiring projectId as a mandatory field for plugin tool execution was overly strict. Dropping it from the validation guard while leaving agentId, runId, and companyId required is consistent with the design. assertCompanyAccess(req, runContext.companyId) remains in place, so company-scoping enforcement is unaffected.

Minor note for reviewers: the PR test plan covers the HTTP layer, but it's worth a quick scan of PluginToolDispatcher.dispatchTool() to confirm it handles projectId: undefined safely. Low risk — the field is already typed as optional in ToolRunContext.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: medium · issue: #3275

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

This bug report proposes extending the claude-local adapter's session-resume error handling to cover image processing failures — a direct, consistent extension of the existing isClaudeUnknownSessionError pattern already established in the adapter. It aligns with the adapter model's responsibility for lifecycle management and the principle of surfacing problems rather than hiding them.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Adapter resilience | Add isClaudeImageProcessingError() detection and retry-as-fresh-session logic in execute.ts | Adapters handle lifecycle; isClaudeUnknownSessionError already exists as the established pattern for resume failures; "surface problems, don't hide them" | ✅ Aligned |
| Session resume capability | Claude-local adapter supports --session-id (aka --resume) for session continuity | Tree confirms session resume via --session-id is a documented adapter capability | ✅ Aligned |
| Adapter scope | Fix lives in parse.ts + execute.ts within packages/adapters/claude-local/ | Adapters own their own lifecycle and output parsing; server does not reach into adapter internals | ✅ Aligned |
| Agent error state | Agent gets stuck in error state with no recovery | Agent statuses include error; tree notes open question around "health monitoring — distinguishing stuck from working on a long task," which this directly impacts | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/claude-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/claude-local/NODE.md) — Session resume capability, isClaudeMaxTurnsResult precedent for distinguishing error conditions
- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — Adapter responsibility boundaries: lifecycle, output parsing, session management
- [product/agent-model/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/agent-model/NODE.md) — Agent statuses (error), open question on stuck vs. long-running detection

</details>

### Recommendation

This is a straightforward, well-scoped bug fix that extends an existing error detection pattern. The proposed fix location (parse.ts + execute.ts) and approach (retry without --resume) are exactly right per the adapter architecture. Recommend accepting the fix. Consider also updating the claude-local tree node to document image error recovery alongside the existing max-turns and unknown-session recovery patterns.

---

_{Reviewed issue: #3275 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: 69913807

> [!CAUTION]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The execute route (POST /plugins/tools/execute) is safe — agent company scoping is preserved via assertCompanyAccess(req, runContext.companyId). But the discovery route (GET /plugins/tools) has no company filtering, and opening it to agent JWTs creates a cross-company data leak that violates Paperclip's core isolation principle.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Auth on execute route | Allow agent JWT to execute plugin tools | "Unified API, Different Authorization" — one API, scoped by auth | ✅ Aligned |
| Auth on discovery route | Allow agent JWT to list all plugin tools | "Multi-company isolation. Data is scoped by companyId at the query level" | ⚠️ Conflict |
| Cross-company data | Not addressed in PR | Company-scoped isolation is a load-bearing invariant | ⚠️ Conflict |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — "Unified API, Different Authorization" and company-scoped isolation
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — "Multi-company isolation ... scoped by companyId at the query level"
- [plugins/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/NODE.md) — Capability-gated plugin access

</details>

### Recommendation

Before merging: add a companyId filter to listToolsForAgent() and apply it when the caller is an agent (board callers can keep the unfiltered view). Add a cross-company isolation test for GET /plugins/tools that proves Agent A cannot see Company B's tools. Related: issue #3271 correctly identifies the same root cause and the assertBoardOrAgent pattern is the right direction — just scope the list endpoint correctly.

---

_{Reviewed commit: <code>69913807</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: 228d1c6

> [!CAUTION]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The auto-reassign behaviour sits in tension with two load-bearing product principles: "Surface problems, don't hide them" and the explicit decision that automatic recovery is not a Paperclip responsibility. Whether the delegation handoff pattern is a special case worth carving out, or a slippery slope toward hidden orchestration logic, needs a deliberate call from the maintainers.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| No automatic recovery | Auto-reassign to creator when in_review is set — implicit side effect on a status transition | Task system: "When an agent crashes mid-task, Paperclip does not auto-reassign or auto-release the task… Recovery is manual/explicit." | ❓ Partial |
| Surface problems, don't hide them | A status change silently mutates the assignee field without any actor explicitly requesting it | Product decision 6: "No silent auto-recovery, no automatic reassignment. Good auditing and visibility let the right entity decide what to do." | ⚠️ Conflict |
| Tasks are the communication channel | Delegation handoff via in_review is a real, common pattern agents rely on | Task system: all agent communication flows through tasks; completing a sub-task and handing back is expected workflow | ✅ Aligned |
| Auditable everything | No audit-log entry for the auto-reassignment is visible in the diff | Governance: every mutation writes to activity_log; nothing should happen silently | ❓ Partial |
| Single-assignee model | Reassign to creator clears the previous assignee — no multi-assignee conflict | Task system: single-assignee is deliberate | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — "No Automatic Recovery"; all work must be explicit
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — Product decision 6: surface problems, don't hide them
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — "Auditable everything"; every mutation writes to activity_log
- [product/agent-model/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/agent-model/NODE.md) — Cross-team coordination via tasks; delegation pattern context

</details>

### Recommendation

Two questions for the maintainers before merging:

1. Is the in_review handoff exempt from the "no automatic reassignment" principle? The tree's rationale for that principle is about crash recovery hiding failures. A deliberate in_review transition is different in intent — but the implementation is still invisible to the task's audit trail. If this is a carve-out, document the distinction in the tree (task-system node) so future contributors don't erode it further.

2. Is the auto-reassignment logged in the activity_log? The diff shows the side-effect fires inside applyStatusSideEffects before the DB write, but it's not clear whether the resulting assignee change generates an activity_log entry. The governance principle is that every mutation is auditable. A silent assignee change — even a useful one — is a gap.

If both questions are answered yes, the verdict would flip to ALIGNED. Consider updating the task-system tree node to explicitly acknowledge the in_review handoff pattern as a sanctioned workflow shortcut.

---

_{Reviewed commit: <code>228d1c6</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · issue: #3273

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Requiring projectId in the plugin tool execute endpoint contradicts the tree's company-scoped isolation model, where companyId is the authoritative scope boundary and projectId is an optional context field. Removing projectId from the required validation check is the correct fix.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Scoping model | projectId should be optional in runContext; companyId is the required scope boundary | Tree: "Company-scoped isolation — all entities scoped to company_id. Never leak data across companies." projectId is not the isolation unit. | ✅ Aligned |
| Plugin tool dispatch | Plugin tool execution routes to PluginToolDispatcher which dispatches to plugin workers | PluginToolDispatcher dispatches executeTool calls to the appropriate plugin worker; projectId is passed through as context, not used for routing | ✅ Aligned |
| Agent wake-on-demand | Many agent runs have no project association (wake-on-demand) | Agent model supports "callable" as the minimum contract; no requirement for project context to trigger or run an agent | ✅ Aligned |
| Governance | Auth/access enforced at server layer | Governance: "Governance rules are control-plane invariants enforced at the server" — the fix keeps companyId required (the actual isolation boundary) while removing the spurious projectId check | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [plugins/runtime/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/runtime/NODE.md) — PluginToolDispatcher dispatches executeTool calls; PluginRegistry has pluginId scoping; no mention of projectId as a routing requirement
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — Company-scoped isolation, governance enforced at server layer
- [product/agent-model/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/agent-model/NODE.md) — Minimum contract: "callable" — no project context required

</details>

### Recommendation

The proposed fix is correct and consistent with the architecture. Accept the change: remove !runContext.projectId from the validation guard, keep agentId, runId, and companyId required. Consider also verifying that projectId is propagated to plugin workers as optional context (not silently dropped) so plugins that care about project context still receive it when it exists.

---

_{Reviewed issue: #3273 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: high · issue: #3271

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Agent JWTs being blocked from plugin tool endpoints by assertBoard directly contradicts the tree's governance decision that "the same REST API serves both the Board UI and agents — authentication determines permissions." The proposed assertBoardOrAgent fix for the two tool endpoints is the correct and architecturally expected solution.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Unified API + auth-based scoping | Replace assertBoard with assertBoardOrAgent on tool list/execute endpoints only | Governance: "Unified API, Different Authorization — same REST API serves both Board UI and agents. Authentication determines permissions: board auth has full access, agent API keys have scoped access." | ✅ Aligned |
| Agent access scope | Agents scoped to their own company via assertCompanyAccess(req, runContext.companyId) | Governance: "agent API keys have scoped access (own tasks, cost reporting, company context)"; plugin tools are execution-side tools an agent legitimately needs | ✅ Aligned |
| Plugin extensibility | Plugin tools (e.g., escalate_to_human) contributed to the runtime are inaccessible to agents | Plugin SDK: tools is a first-class client on PluginContext; PluginToolDispatcher is designed to serve agent executeTool calls. Blocking agents defeats the purpose. | ✅ Aligned |
| Board-only management routes | Install, enable, disable, and other management routes stay board-only | Governance: board has unrestricted access; only tool list/execute endpoints need loosening for agents. This is correctly scoped in the proposal. | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — "Unified API, Different Authorization" decision; board vs agent auth scoping; governance enforced at server layer
- [plugins/runtime/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/runtime/NODE.md) — PluginToolRegistry / PluginToolDispatcher: registers tools and dispatches executeTool calls from agents to plugin workers
- [plugins/sdk/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/sdk/NODE.md) — tools is a first-class PluginContext client; plugin tool contribution is an SDK-level contract with agents as the consumers

</details>

### Recommendation

This is a high-severity bug because it breaks a core tree invariant: agents are supposed to have scoped-but-real API access, and plugin tools are the primary extensibility surface. The fix is well-scoped — introducing assertBoardOrAgent on the two affected endpoints while leaving all plugin management routes board-only is exactly right. Recommend prioritizing this fix. The existing assertCompanyAccess call provides the correct isolation boundary for agent access.

---

_{Reviewed issue: #3271 · Tree snapshot: 33dc6fd · Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: c630af5

> [!NOTE]
> Context Review — this checks product-context fit against the project's
> context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

A narrow, additive fix inside the claude-local adapter that extends an existing session-retry pattern to cover a second transient error type. No product-model changes, no cross-domain impact.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Adapter boundary | Change is entirely within claude-local/src/server/{execute,parse}.ts | Adapters are isolated per-package; local adapters handle process spawning and error parsing | ✅ Aligned |
| Session retry pattern | Extends existing isClaudeUnknownSessionError retry to also cover isClaudeImageProcessingError | Claude-local adapter: session resume via --session-id; adapter handles transient session errors | ✅ Aligned |
| Adapter abstraction | New helper function mirrors the existing isClaudeUnknownSessionError shape exactly | Adapters implement ServerAdapterModule; error-type helpers are internal adapter concerns, not control-plane concerns | ✅ Aligned |
| Surface problems, don't hide them | Logs the specific reason ("contains an unprocessable image") before retrying | Product decision 6: no silent recovery — the retry is logged with a distinct message | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/claude-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/claude-local/NODE.md) — Session resume, stream-json output, adapter boundaries
- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — Adapter architecture; adapters do not own orchestration or persist state

</details>

### Recommendation

No concerns. The change is well-scoped to the adapter layer and follows the established pattern. The retry log message clearly identifies the reason, satisfying the "surface problems" principle.

---

_{Reviewed commit: <code>c630af5</code> · Tree snapshot: <code>33dc6fd</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium

> [!NOTE]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Confirmed bug that aligns with two load-bearing tree decisions. The fix as proposed is correct: the wakeup is currently misplaced in the HTTP route handler instead of the service layer, which breaks every non-HTTP caller.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Service-level wakeup | Move queueIssueAssignmentWakeup() into the service so all callers (HTTP + plugin host + CLI) trigger it | "Routes are thin HTTP handlers — parse request, call service, return response. Services contain all business logic." | ✅ Aligned |
| Plugin parity with HTTP | Plugin ctx.issues.create() must have the same side effects as the REST API | "Plugin system is first-class" — plugins extend Paperclip without forking | ✅ Aligned |
| Silent failure | Agent stays idle after assignment, no error surfaced | "Surface problems, don't hide them" — silent idle is the anti-pattern | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — Route/Service split: "thin HTTP handlers... Services contain all business logic"
- [plugins/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/plugins/NODE.md) — Capability-gated plugin access; plugin host services must honor the same invariants as core API callers
- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — Task assignment is the primary agent signaling mechanism

</details>

### Recommendation

Rather than duplicating the wakeup call in plugin-host-services.ts (the proposed fix), consider moving queueIssueAssignmentWakeup() into issueService.create() and issueService.update() themselves. This matches the tree's explicit guidance that "services are reusable (e.g., the CLI can call service logic directly for heartbeat runs)" — any future caller (CLI, cron jobs, internal scripts) will automatically get correct behavior instead of needing to remember to call the wakeup. If there is a reason the wakeup should NOT fire for certain callers, a { skipWakeup: true } option on the service is cleaner than duplicating the call everywhere it's needed.

Related items #1280 and #1063 suggest a broader pattern: several heartbeat/wakeup signals live outside the services that mutate the state they respond to. Worth considering whether the whole class of "mutation → wakeup" couplings should move into the service layer as part of this fix.

---

_{Reviewed snapshot: <code>issue@2026-04-10T07:48</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 6a3ca993

Upgraded from NEEDS_REVIEW · medium. Aligned with context tree. No blocking concerns.

The new commit (6a3ca993 — "fix(goals): audit every verification state transition") is a thorough and well-crafted response to the primary blocker from the prior review. Every verification state transition now writes an activity_log entry:

- goal.verification_requested — when a new cycle starts; captures attempt number, manual vs auto, criteria count
- goal.achieved — the critical governance-level transition, explicitly tagged via: "verification_outcome" so it's distinguishable from other achievement paths
- goal.verification_incomplete — missing criteria with their IDs
- goal.verification_unclear — audit even for "don't count as failure" cases, which is exactly right (the tree's "surface problems" principle covers ambiguous outcomes, not just failures)
- goal.verification_failed — failing criterion IDs and the follow-up issue ID

The VerificationActor type is well-designed. System stand-in for the auto-fire hook path, real actor threaded through for manual/issue-completion paths, with a clear comment explaining the semantics: "the audit actor for verification-driven goal transitions is the agent (or user) who PATCHed the triggering issue to done... semantically right for both branches." That's exactly the tree's "every mutation is logged with actor, action, and outcome" principle applied cleanly.

The inline comment on the goal.achieved entry deserves a specific callout: "The ACHIEVED transition is the critical auditable event here. It moves a goal from pending/active to achieved without direct human approval (per the tree's governance semantics) — the audit row captures which verification issue drove it and who was acting." That's the right framing — the PR author is treating auto-achievement as something the Board can retroactively review rather than pre-approve, and making sure the audit trail supports that.

### Residual notes (not blocking)

Two of the three questions from the prior review are still open, but neither blocks merge:

1. Is auto goal achieved a V1 governance gate? — This is a tree-docs question, not a code question. The PR now makes the transition auditable, so if the Board decides later that auto-achievement should require approval, that's a straightforward follow-up. Worth recording the decision in product/governance/NODE.md as either "auto-achievement is in-scope for V1, audit covers it" or "auto-achievement requires a new approval gate" — either answer is fine.

2. Document the verification_outcome fenced infostring in the tree. The custom json verification_outcome fence is a load-bearing agent contract that future adapters and prompt authors need to know about. Worth a short note under product/task-system/ or adapters/ describing the format so it's discoverable without reading the goal-verification source.

Neither should block this PR.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: a5fe8062

Aligned with context tree. No concerns.

Well-scoped UX improvement. The 13.6k line count is almost entirely the auto-generated Drizzle snapshot — the real change is ~436 lines. The backend side is clean: company-scoped query, assertCanMutateCompanySkills guard, and a proper logActivity audit entry on mutation (consistent with the tree's "auditable everything" decision). Folder grouping is derived from the skill key prefix at the UI layer rather than adding a new schema column — the right call for progressive disclosure that avoids carrying organizational state in the database. Migration is non-locking (boolean column with DEFAULT false). Agent detection is explicitly unchanged.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: high · issue snapshot: 2026-04-10T09:04Z

> [!NOTE]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Well-diagnosed bug. Aligns directly with the tree's "surface problems, don't hide them" principle — agents currently report "Inbox empty" while silently holding active in-progress routine issues. That's the exact anti-pattern the tree calls out. The proposed one-line fix is correct.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Agent inbox contract | Agents need to see all their assigned work | Tasks are the communication channel; silent filtering breaks the contract | ✅ Aligned |
| Board UI vs agent UI | Board can hide routine executions, agents cannot | Progressive disclosure — layers differ by audience | ✅ Aligned |
| Routine-driven pipelines | Multi-step delegations via routines | Task hierarchy traces back to company goals | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — task hierarchy and workflow states
- [product/agent-model/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/agent-model/NODE.md) — agents run externally and query their work list
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them"

</details>

### Recommendation

Land the one-line fix as proposed. Two small follow-ups worth considering:

1. Test coverage — add a regression test that creates a routine-origin issue, calls /agents/me/inbox-lite, and asserts the issue appears. The bug is trivial to reintroduce if someone refactors the includeRoutineExecutions default again.

2. Broader audit — this is the second "silent filter hides work from agents" bug pattern observed recently (see also #3215 on orphaned processes, #3207 on workspace cleanup). Worth a quick grep of other agent-facing list endpoints to confirm they all include routine executions by default. Any endpoint where agents query their own state should use the unfiltered view; board-facing endpoints can keep the filter.

---

_{Reviewed snapshot: <code>issue@2026-04-10T09:04</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: a2e725f4

Aligned with context tree. No concerns.

This is the correctly re-scoped version of #3230 (which I flagged as CONFLICT — knowledge base wedged into core). The PR author explicitly cites that feedback: "same idea, packaged as a real plugin so the host owns capability scoping, configuration, lifecycle, metrics, and audit logging." That's the exact "thin core, rich edges" architectural move the tree calls out. First-party reference plugins like this are what the plugin SDK is designed for — the plugin itself is in packages/plugins/examples/aws-file-store, declares 9 tools through the manifest, and uses standard lifecycle hooks (setup, onHealth, onConfigChanged, onValidateConfig, onShutdown).

The dev docker-compose.yml additions (MinIO + minio-init one-shot) are appropriately opt-in dev infrastructure — the comment explicitly labels them as backing "the reference plugin" and consistent with the two-mode deployment model (local-first dev vs. authenticated production). The production image is unaffected. The Dockerfile sha256 bump from #3230 was deliberately left out — good scoping discipline.

Nice response to prior feedback. If the plugin graduates from examples/ to a standalone package later, the compose snippet should probably move out of the default dev stack into an opt-in overlay — but that's a premature concern for a reference plugin.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 7f7157a3

Aligned with context tree. No concerns.

Clean 9-line bug fix. Three wakeup payloads in routes/issues.ts were passing req.params.id (the human-readable identifier like AIU-67) instead of the already-resolved issue.id UUID, silently breaking @-mention wakeups and comment-triggered wakeups — agents never woke up for mentions. Adjacent code for assignment-wake already used the correct pattern, so this fix brings all wakeup sites into consistency.

This bug is the 4th instance of the same root pattern I've flagged in recent items (#3282 silent filter, #3215 orphaned processes, #3207 silent cleanup): the control plane fails silently rather than surfacing the problem, which the tree explicitly calls out as an anti-pattern. The fix is correct in its current scope, but consider two follow-ups as separate tasks:

1. Add a loud error log or activity event when the heartbeat service fails to resolve an issueId — a silent miss should be observable.
2. A route-level integration test for @-mention wakeups would prevent regression. The PR author notes this would require a full HTTP test harness; worth the investment given how load-bearing inter-agent communication is.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: a97f4267

Aligned with context tree. No concerns.

Re-reviewed after two small follow-up commits (8c33044c TS2554 fix, a97f4267 test mocks for DialogTitle/Tooltip). Both are normal CI/test iteration — no scope or architectural changes. Verdict and tree alignment unchanged from the last review: scoped UX fix for a silent failure, with the earlier review-feedback improvements (hasAttempted state, timer cleanup via refs, full state reset on close) all still in place.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 7a3581f9

Aligned with context tree. No concerns.

Re-reviewed after the new HEAD (7a3581f9). Cleaner than the prior revision — the changed variable and both early-exit branches are now removed entirely, and a clear comment explains the rationale ("volume dirs may have been created as root"). Still closes the fresh-volume EACCES gap in the documented UID/GID remapping pattern. Same follow-up note stands: if large-dir startup time becomes a real issue later, narrow the chown to known init-time directories instead of the whole /paperclip tree.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · issue snapshot: 2026-04-10T09:44Z

Aligned with context tree. No concerns.

Well-diagnosed bug with exact line numbers and a minimal fix. Tree alignment is straightforward: the ErrorBoundary is correctly surfacing the crash (good — "surface problems, don't hide them"), but the root cause — 4 unguarded accesses to message.metadata.custom — should still be fixed so users get the rich UI instead of the plain-text fallback. The proposed optional-chaining fix (message.metadata?.custom ?? {}) is correct. Worth asking reviewers to also grep for other unguarded message.metadata.X accesses in the same file to prevent the next recurrence.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: b6c6c76b

> [!CAUTION]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Re-reviewed after HEAD update (3893420c → b6c6c76b). The new commit is chore: nudge Greptile re-review (both P2 findings addressed in 3893420c) — an empty "nudge" commit with no code changes, intended to poke the review bot. No new content to evaluate.

All tree-level concerns from the prior two cycles still stand:

1. Core-vs-plugin placement — server/src/routes/agent-memories.ts and server/src/services/agent-memories.ts are still in core. No move toward the plugin SDK pattern demonstrated by PR #3285 (plugin-aws-file-store).
2. Coordination with PR #3250 — both memory PRs are still active. Picking a direction before either merges is still the right first step.
3. PR template — "Thinking Path", "What Changed", "Verification", "Risks", "Model Used" sections are still empty boilerplate.

### Recommendation (unchanged)

- Resolve overlap with #3250 before either merges.
- Get an explicit core-vs-plugin decision recorded in the tree.
- Fill in the PR template.

### Meta note on nudge commits

Empty "nudge" commits trigger SHA-tracking bots (including gardener) to re-run. If the goal is specifically to poke Greptile without re-triggering others, consider using @greptileai re-review as a comment instead of pushing a commit. For gardener, @gardener re-review as a comment does the same thing without changing the HEAD SHA.

---

_{Reviewed commit: <code>b6c6c76b</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: b853ad7a

Aligned with context tree. No concerns.

Excellent fix. The author correctly identified that listAdapterModels(type) and detectAdapterModel(type) ignore companyId entirely — the assertCompanyAccess gate was guarding nothing and silently breaking the onboarding dropdown. Replacing it with assertBoard matches the tree's "Unified API, Different Authorization" pattern: the auth check reflects what data is actually exposed, not what the URL looks like.

What makes this PR stand out is the careful scoping discipline: POST /test-environment is explicitly left strict because it resolves per-company secrets via secretService.normalizeAdapterConfigForPersistence / resolveAdapterConfigForRuntime — loosening that one would be a real cross-company leak. Drawing that exact line, and explaining it in both the PR description and an inline test comment, is the right level of care for an auth change.

Test coverage is thoughtful too — the 95-line test file explicitly notes the local_implicit god-mode bypass and constructs realistic remote session-board actors to exercise the cross-company path. This closes a subtle test gap where default createApp() would have hidden the fix.

Also worth noting: this is yet another instance of the "silent failure" pattern I've been flagging in recent items (#3282, #3215, #3207, #3284). The 403 → empty dropdown with no clear error is the exact anti-pattern the tree's "surface problems, don't hide them" principle calls out. Worth a general audit: any endpoint gated by assertCompanyAccess that doesn't actually read companyId in its handler is likely misscoped for the same reason.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: 663720c0

> [!CAUTION]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The fix unblocks a real and painful onboarding failure (opencode binary segfaults under Rosetta). But softening a validation error into a warning log sits in direct tension with two load-bearing tree decisions: "surface problems, don't hide them" and "no silent auto-recovery". The trade-off deserves an explicit maintainer call before landing.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Unblock flaky probe | Let agent creation succeed when probe throws | "Surface problems, don't hide them" (product/NODE.md) | ❓ Partial |
| Demote error to warn | throw unprocessable(...) → logger.warn(...) | "No silent auto-recovery" — the tree explicitly favors bubbling failures to the actor | ❓ Partial |
| Lazy re-validation path | /adapters/opencode_local/models catches the same config at first run | Task-system assumes issues surface where the work happens — acceptable fallback | ✅ Aligned |
| Keep instrumentation | logger.warn still logs stack + adapterType + companyId | Auditability — operators can still trace | ✅ Aligned |
| Probe can't distinguish flaky vs. real misconfig | Both paths get demoted | The server can't tell them apart — this means real misconfigs also get deferred | ⚠️ Conflict |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them" (decision #6)
- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — "No automatic recovery, no automatic reassignment"
- [adapters/opencode-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/opencode-local/NODE.md) — adapter lifecycle and validation contract

</details>

### Questions for maintainers

1. Can the user see the warning? A logger.warn lives in server logs that most end users never look at. If an agent is created with a genuinely broken opencode config, the user sees "success" at create-time and then a failure at first run. That's the scenario the tree explicitly calls out as the anti-pattern. Consider: return 200 with a structured warnings: [{code, message}] field in the response body so the UI can show an inline "probe failed, here's why" banner — keeps onboarding unblocked AND surfaces the problem.

2. Is there a narrower fix? Two alternatives that address the root cause instead of the symptom:
- Detect Rosetta and skip the probe: check for the x86_64 arch running under arm64e kernel (macOS) and short-circuit the probe with a specific "probe skipped on Rosetta" log line. Users on normal arm64 or amd64 still get the pre-flight validation.
- Retry the probe: if the flakiness is intermittent (the PR says "intermittently"), 2-3 retries with small backoff would fix flakiness without demoting real failures.

3. Does the UI show the warning? Worth confirming the onboarding flow can render a structured warning alongside "agent created". If not, this fix makes the bug invisible to end users even when the probe surfaces a genuine misconfig.

### Recommendation

Don't block on unblocking the Rosetta use case — it's a real pain. But before landing this exact fix, consider:

1. Picking a root-cause path (Rosetta detection, retry, or opt-in probe) that preserves create-time validation for honest failures.
2. If that's not feasible in this PR's scope, then at least return the warning in the API response body so the UI can surface it — demoting to server logs alone violates the "surface problems" principle in practice, even if the error is technically still observable.
3. Either way, add a test case for a genuinely invalid opencode config (not just a flaky probe) to prove the lazy-validation path catches it at first run.

---

_{Reviewed commit: <code>663720c0</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: da225e31

> [!CAUTION]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The skill itself is nicely built — clear boundaries, security-conscious (no JS, no external resources, content whitelist, validator), print-ready archival output. Two product-fit questions worth a maintainer call before merge.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Skill follows existing skills/ convention | New subdirectory with SKILL.md, references/, scripts/, templates/, examples/ | Paperclip has an established skill injection pattern via listSkills / syncSkills in the adapter contract | ✅ Aligned |
| Content whitelist + HTML validator | Security enforced at skill layer, not adapter | Governance-first posture for anything agents produce | ✅ Aligned |
| "Default skill" claim | PR title says "as default skill" | No default-skill wiring in the diff | ❓ Unclear |
| Skill scope boundary | html-report is a generic agent-productivity skill | Existing skills/ are Paperclip control-plane skills: paperclip, paperclip-create-agent, paperclip-create-plugin, para-memory-files | ❓ Boundary drift |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — Skill lifecycle (listSkills / syncSkills) and skill injection via symlinks into the agent's native skill directory
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Thin core, rich edges"

</details>

### Questions for maintainers

1. Is this a "default" skill or an optional one? The PR title says "as default skill" but the diff only adds files under skills/html-report/ — no changes to server/src/services/company-skills.ts, packages/shared/src/validators/company-skill.ts, or any auto-install/bundled-skills wiring. Either:
- "Default" is aspirational and will be wired in a follow-up — in which case consider retitling to something like "Add html-report skill" to avoid confusion.
- There's a convention-based auto-discovery from skills/ that makes this "default" by virtue of living there — if so, that's worth documenting in the tree so future skill authors know the rule.

2. Is skills/ Paperclip-core or general-purpose? The existing directory holds four Paperclip control-plane skills (paperclip, paperclip-create-agent, paperclip-create-plugin, para-memory-files). html-report is a generic agent-productivity skill that would work fine outside Paperclip. That's a boundary question: should skills/ be strictly for Paperclip-meta skills (things that teach agents how to operate inside Paperclip) and general productivity skills should live elsewhere (separate repo, community skills marketplace, plugin)? Or is skills/ becoming a general first-party skill library? Whichever answer, it's worth recording in the tree so the next PR doesn't have to re-litigate.

3. Python test coverage. The PR ships 615 + 411 lines of Python (build_report.py, validate_html.py) with no visible test files. The validator is a security boundary — worth adding tests that exercise the negative examples in examples/bad-*.json to prove the validator rejects them.

### Recommendation

Don't block on the design — the skill is well-scoped and the security posture (inline CSS only, no JS, content whitelist, separate validator script) is the right shape. But before landing:

- Clarify the "default" claim in the PR title/description and the maintenance plan for skill registration.
- Get a maintainer call on whether skills/ is a control-plane-only directory or a general first-party library, and document that decision in the tree.
- Add Python tests for the validator that cover the bad-external-css.json and bad-script.json negative examples.

---

_{Reviewed commit: <code>da225e31</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: high · commit: 0aba8bc7

> [!WARNING]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review. However, this review raises a security boundary concern that should be addressed before merge.

### Summary

The product direction is good — inline HTML report preview fits the "tasks are the communication channel" and "progressive disclosure" principles, and this builds naturally on the html-report skill in #3292. But the current implementation crosses a trust boundary without enough care: agent-generated HTML is rendered in the Paperclip UI origin with a CSP that allows inline scripts and no iframe sandboxing. That's a cross-site scripting vector.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Inline report preview in issue chat | Rich artifact rendering in the task UI | "Tasks are the communication channel" + progressive disclosure | ✅ Aligned |
| Company-scoped route auth | assertCompanyAccess on the new endpoint | Multi-company isolation | ✅ Aligned |
| CSP on served HTML | default-src 'self' 'unsafe-inline' data: blob: | "Governance-first" — agent output is untrusted input | ⚠️ Conflict |
| Iframe sandboxing | No sandbox attribute on the preview iframe | Trust boundary between agent output and the Paperclip UI origin | ⚠️ Conflict |
| File-level authorization | Any board user in a company can fetch any .html in any workspace | "Every mutation is auditable" and least-privilege implied | ❓ Partial |
| Filesystem path disclosure | debug: { checkedPaths } in 404 response | Information disclosure — minor but not needed | ❓ Partial |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — communication via tasks
- [product/governance/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/governance/NODE.md) — governance enforced at server layer, agent output is untrusted
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — service/route split and authz patterns

</details>

### Security concerns (must address before merge)

1. CSP allows inline scripts. The response sets:

    Content-Security-Policy: default-src 'self' 'unsafe-inline' data: blob:; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline';
    

2. No iframe sandboxing. The HtmlReportPreview component needs <iframe sandbox="allow-same-origin" ...> (or drop allow-same-origin entirely if the report is served with CSP blocking scripts). Without sandbox, a malicious report runs in the Paperclip UI origin with access to cookies, local storage, and any in-page state.

3. Same-origin deployment. Reports are served from /api/companies/:companyId/issues/:issueId/reports/:filename — same origin as the app. Combined with (1) and (2), this is the full XSS path. Even if the html-report skill validator is correct, defense-in-depth requires the browser-level protections.

### Other concerns

4. File-level authorization. assertCompanyAccess grants any board user access to any report in any issue workspace in the company. That may be the intended model, but it's worth confirming — an ops user who can see one issue's chat also gets enumeration over every other issue's workspace files, just by guessing filenames. The filename pattern YYYY-MM-DD-slug.html is guessable.

5. Information disclosure in 404. The debug: { checkedPaths } field leaks server filesystem layout to any client that hits a 404. Remove for production builds or gate behind a debug flag.

6. "First match wins" across candidate dirs. The endpoint checks up to ~20 candidate directories and returns the first file that exists. This is correct for a single issue but has a subtle consistency bug: if the workspace lookup returns a stale or wrong workspace (e.g., a detached project workspace with an unrelated file of the same name), the wrong report is served. Low probability, but worth a guard — e.g., require the workspace row's issueId/sourceIssueId to match.

### Recommendation

Don't block on the product direction — inline preview is the right call. But before merge:

1. Tighten CSP: default-src 'none'; img-src 'self' data:; style-src 'unsafe-inline'; base-uri 'none'; form-action 'none';
2. Add iframe sandbox: <iframe sandbox="" srcdoc={...}> or <iframe sandbox="" src={url}> — no allow-same-origin, no allow-scripts.
3. Remove the debug.checkedPaths field from the 404 response body.
4. Tighten the workspace match so the served file always corresponds to a row whose issueId/sourceIssueId matches the URL.
5. Confirm the file-level auth model with maintainers — board users should probably only see reports for issues they're already permitted to view, not every workspace file in the company.

Given the html-report skill ships inline CSS and no JS, the restricted CSP above will render the expected reports correctly while making it safe to extend the system later. Worth the extra pass before landing.

---

_{Reviewed commit: <code>0aba8bc7</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: NEEDS_REVIEW · severity: medium · commit: 5ba2663a

> [!CAUTION]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

The individual fixes are all technically reasonable and several align well with the tree. Two product-fit concerns deserve a maintainer call: (1) the PR bundles four logically distinct fixes, which makes review and bisect harder; (2) several of the changes implicitly expand "running Paperclip as root" into a supported deployment mode, which contradicts what infrastructure/deployment/NODE.md documents.

<details open>
<summary><strong>Context match per sub-fix</strong></summary>

| Sub-fix | Tree guidance | Fit |
|---------|---------------|-----|
| OpenClaw context → extraSystemPrompt | Adapter owns agent-param shaping | ✅ Aligned |
| OpenClaw token via env var / _FILE | Secrets are provider-abstracted, *_FILE matches Docker/K8s pattern | ✅ Aligned |
| Claude rate-limit reclassification | "Surface problems, don't hide them" — classifies but doesn't hide | ✅ Aligned |
| Claude root-UID auto-disable --dangerously-skip-permissions | Adapter knows its CLI constraints | ✅ Aligned |
| CLAUDE_ROOT_HEADLESS_ALLOWED_TOOLS hardcoded allowlist including Bash(*) | Governance-first / least privilege | ❓ Partial |
| Embedded PG createPostgresUser: true when uid=0 | infrastructure/deployment documents UID/GID remapping, not running as root | ❓ Conflict |
| Implicit expansion of "run as root" deployment mode | "UID/GID remapping for volume permissions" pattern already exists | ❓ Partial |
| UI gateway token field in CreateConfigValues | Secrets should flow through secretService.normalizeAdapterConfigForPersistence | ❓ Unclear |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [infrastructure/deployment/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/infrastructure/deployment/NODE.md) — "UID/GID remapping for volume permissions" — the docker entrypoint remaps the node user and gosus to it, which means Paperclip should not run as uid 0 in production
- [adapters/claude-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/claude-local/NODE.md) — Claude adapter owns CLI invocation and flag resolution
- [adapters/openclaw-gateway/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/openclaw-gateway/NODE.md) — OpenClaw gateway transport and context shaping
- [engineering/backend/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/engineering/backend/NODE.md) — Secrets are provider-abstracted

</details>

### Questions for maintainers

1. Should this be split into two or three PRs? The four sub-fixes are:
- OpenClaw schema + token resolution (adapter concern)
- Claude rate-limit reclassification (adapter concern)
- Root-UID handling across claude-local + embedded-PG (deployment concern)
- UI gateway token field (frontend concern)

Landing as one bundle makes the "run as root" story hard to discuss independently from the OpenClaw fix. Splitting lets each get a focused review and makes bisect/revert cleaner.

2. Is "run Paperclip as root" now a supported mode? The infrastructure/deployment tree node documents that the Docker entrypoint uses gosu to drop to the node user specifically to avoid running as root. This PR adds code paths that only fire when Paperclip runs as root:
- createPostgresUser: true for embedded-postgres
- Auto-disable --dangerously-skip-permissions for Claude CLI
- Inject --allowed-tools default allowlist

These fixes only make sense if "run as root" is a deliberately supported mode. If so, the deployment tree node should be updated to describe the two modes (gosu-remapped vs. root-direct) and when each is appropriate. If not, the fixes may be protecting a misconfiguration that operators should be correcting upstream (e.g., by setting USER_UID/USER_GID correctly).

3. Is the CLAUDE_ROOT_HEADLESS_ALLOWED_TOOLS list tight enough? The comment in the code frames this as "safer than --dangerously-skip-permissions", but Bash(*) is effectively unrestricted shell access, and the list also includes Write, Edit, WebFetch, Task, RemoteTrigger, EnterWorktree. That's the same blast radius as --dangerously-skip-permissions, just expressed differently. Two alternatives worth considering:
- Keep the hardcoded default but add a logger.warn at startup explaining "Paperclip is running as root; Claude is configured with a broad tool allowlist. Run as a non-root user for finer-grained permission control."
- Make the allowlist configurable per deployment via env var or adapter config so operators can tighten it without patching the code.

4. UI gateway token field — confirm that CreateConfigValues.openclawGatewayToken flows through secretService.normalizeAdapterConfigForPersistence and is stored in the vault, not in plain JSON in agent.adapterConfig. The PR description mentions adding the field but not the secret-handling path.

### Recommendation

Don't block on the core direction — the individual fixes address real bugs. But before merge:

- Split the PR into an OpenClaw/Claude adapter fixes PR and a separate "run as root" deployment mode PR. The former can land quickly; the latter deserves a deliberate maintainer call and tree documentation.
- If the maintainer call is that "run as root" is supported, update infrastructure/deployment/NODE.md to describe both modes and their trade-offs.
- Confirm the secrets path for the UI gateway token field.
- Add a startup warning when running as root with the broad default allowlist, so operators are explicitly aware of what they're getting.

The claude-local rate-limit reclassification is a clean improvement and would land fine on its own. The OpenClaw schema fix is also a clean adapter-level bugfix. Everything else needs a bit more deliberation.

---

_{Reviewed commit: <code>5ba2663a</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: fdecac8e

Aligned with context tree. No concerns that block merge, but a few worth noting for reviewers.

The core change is a clean single-source-of-truth refactor: three UI codepaths (NewAgent, OnboardingWizard, AgentConfigForm) each carried their own inline per-adapter default dictionaries, which had drifted. Extracting adapterConfigDefaults + getCreateValuesForAdapterType() eliminates the drift. Server-side normalization in applyAdapterConfigDefaults is actually MORE correct than UI-side defaults alone — API callers (CLI, scripts, plugins) now get the default too, not just users creating via the web UI. Good instinct.

### Notes for reviewers

1. PR scope is broader than the description suggests. The PR body says "UI-only default logic" and "no server, or adapter runtime changes" but the diff includes:
- Server-side normalization in server/src/routes/agents.ts (applyAdapterConfigDefaults now writes a dangerouslySkipPermissions default for claude_local and opencode_local)
- A behavior change to asBoolean in packages/adapter-utils/src/server-utils.ts (now accepts string "true"/"false" case-insensitively, was boolean-only)
- A new 314-line dangerously-skip-permissions.test.ts

Both extra changes are safe and well-tested, but the "low risk, UI-only" framing is misleading. Worth updating the PR description so CODEOWNERS/reviewers see the full scope.

2. Interaction with PR #3294 (still open). PR #3294 introduces resolveDangerouslySkipPermissions() in the claude-local adapter that overrides the configured value to false when Paperclip runs as root. If both PRs land, the data flow becomes:
- UI writes dangerouslySkipPermissions: true from the shared default
- Server normalizes to true if missing (this PR)
- Adapter overrides to false at execute time on root (#3294)

The config stored in the DB says one thing; the runtime does another. That's not a bug per se, but it creates a surprising diagnostic experience — operators will see dangerouslySkipPermissions: true in agent config but no --dangerously-skip-permissions flag in the transcript. Worth coordinating with #3294 or adding a logger.info explaining the override when it fires.

3. asBoolean widening is a cross-cutting behavior change. The new string coercion ("true" → true, "false" → false, case-insensitive) affects every caller of asBoolean across the codebase. The widening is backwards-compatible (existing boolean inputs behave identically), and the coercion only fires on string inputs that previously fell through to the fallback. The test coverage is thorough. Low risk, but worth calling out because adapter-utils contract changes are the kind of thing that can surprise plugin authors or downstream adapters — the utility's signature lives in @paperclipai/adapter-utils which is part of the stable surface.

4. dangerouslySkipPermissions: true as the default is a load-bearing security decision. The inline comment explains it correctly (headless mode has no interactive prompts), but it's worth documenting in the context tree under adapters/ as an explicit policy so future adapter authors know the rationale and don't re-litigate it.

### Recommendation

Land it. The refactor is good, the server-side enforcement is the right layer, and the tests are solid. Just (a) update the PR description to reflect the full scope, (b) add a coordination note to PR #3294 about the config-vs-runtime override interaction, and (c) consider adding a one-paragraph note to adapters/NODE.md or the tree about the "headless mode default skip" policy so the rationale is discoverable.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 89dcb8a2

Aligned with context tree. No concerns.

Re-reviewed after HEAD update (4977b80e → 89dcb8a2). The new commit is "detect rate limits via per-line stream-json, not stdout regex" — meaningful improvement. Moving rate-limit detection from a stdout regex to per-line JSON parsing is more robust: handles multi-line output correctly, doesn't false-positive on content that happens to contain "limit" or "quota" in other contexts, and integrates cleanly with the existing stream-json parser. Scope and tree alignment unchanged from prior cycles.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 53659527

Aligned with context tree. No concerns.

Re-reviewed after HEAD update (ce8872bd → 53659527). New commits on this branch:
- 89dcb8a2 — per-line stream-json rate-limit detection (inherited from #3296)
- 63700610 — "feat(ui): OpenClaw gateway create token + enable adapter picker"
- 53659527 — "feat(deploy): root-friendly claude_local and OpenClaw token UX"

All three are refinements of the same deployment-delta scope from the prior review. The tree alignment and every concern addressed in the prior cycle (startup warning, deployment-modes.md, UI hint on token field, Monitor added to allowlist) all carry forward. Scope is still focused on the root deployment mode companion to #3296.

Still the correct split architecture. Still ALIGNED.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: b3c10821

Aligned with context tree. No concerns.

Clean adapter feature. Mirrors the existing Claude login recovery flow exactly, which is the right precedent — Paperclip control plane exposes a UI action, the adapter owns the CLI invocation using its managed CODEX_HOME strategy, and the codex_auth_required error code lets the UI react when auth is missing mid-run. No cross-adapter abstraction leaks, no governance concerns, and existing API-key support is untouched.

Tree alignment is straightforward:
- Adapter abstraction: authentication lifecycle lives in the adapter, not in core orchestration
- Surface problems, don't hide them: the new codex_auth_required error code is a structured signal, not a silent failure
- Unified API: the agent-detail UI action is a parallel of the existing Claude login button — one UI surface, adapter-specific wiring behind it

One small note: the PR description mentions pnpm build still fails on Windows because the repo build script uses cp -r. That's unrelated to this PR and worth a separate issue so it doesn't block Windows contributors.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 724893ad

Aligned with context tree. No concerns.

Minimal, well-scoped fix. Claude adapter's instruction wrapper now explicitly treats the instructionsFileDir as the authoritative base for sibling files like ./HEARTBEAT.md, ./SOUL.md, ./TOOLS.md — closes an onboarding-time failure where fresh CEO agents tried to read siblings from the parent agent directory instead of the managed bundle directory. This is exactly the kind of adapter-owned path semantics the tree expects to live inside the adapter package, and the regression test asserts the stronger directive during the resume-to-fresh fallback path. No cross-domain impact, no bundle persistence change. Related to prior issue #3191 which flagged a similar "sibling file resolution" class of bug in the managed AGENTS.md bundle — worth the reviewer confirming both paths now resolve consistently.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}

🌱 gardener:verdict: NEEDS_REVIEW · severity: high · commit: 4ce3604e

> [!WARNING]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. This review flags a scoping issue that should be addressed before any part of this PR lands.

### Summary

The stated fix is legit — re-reading index.html per request instead of caching at startup closes a real black-page bug on SPA direct navigation after a UI rebuild. But this PR is not a small fix. It is a 74-commit, 147-file, 12,834-addition bundle that spans months of fork-internal work: adapter failure taxonomy, heartbeat/memory gates, Telegram integration, self-hosted OpenTelemetry stack, remote_trigger adapter, agent bundles (cowork/agents/*), new plugin examples, workflows, and more. The stated fix is ~0.1% of the actual diff.

This is almost certainly a mistaken branch target. The branch name is fix/anga-766-spa-routing-stale-index-html but it contains commits from dozens of unrelated ANGA-* tickets. Either the author meant to open a branch with only the ANGA-766 commits, or the fork branch was never rebased onto a clean base for the upstream PR.

### Concerns

1. Impossible to review as one PR. 74 commits across adapter, heartbeat, plugins, observability, telegram, agent bundles, and workflows is far beyond what any reviewer can sanely evaluate in one sitting. Even if every change is individually correct, they should be reviewed independently.

2. Potential fork-internal content leak. The diff includes cowork/agents/{brand-artist,career-monitor,cto,dev-agent-platform,dev-agent-products,learning-agent-2,operations-lead,visibility-agent,youtube-ingest}/ instruction bundles, Taskfile additions, doc/AGENT-GIT-WORKFLOW.md, doc/PUSH_CONVENTION.md, and a plan doc at docs/plans/2026-04-01-claude-rate-limit-fallback-investigation.md. Some of that looks like org-internal material (agent personas, internal workflow docs) that the author may not intend to open-source. Worth double-checking before any of this lands.

3. Possibly conflicting changes with in-flight PRs. This branch touches several files that are currently under review in other PRs:
- packages/adapters/claude-local/src/server/execute.ts and parse.ts — also touched by PRs #3296, #3297, #3299
- packages/adapter-utils/src/types.ts — also touched by #3296, #3297
- packages/adapters/codex-local/src/server/execute.ts — also touched by #3298
- packages/adapters/gemini-local/src/server/execute.ts — conflicts with ongoing gemini work

Landing this as-is would create hard-to-resolve merge conflicts for multiple open PRs.

4. Scope laundering risk. A PR whose title claims a 9-line fix but contains 12k lines of unrelated changes defeats the "small, reviewable PRs" model and the governance principle that every change should be independently auditable. This is the exact inverse of the scoping discipline we just saw on PR #3294 → PR #3296/#3297 (which split one bundled fix into two focused PRs).

### Recommendation

Before any part of this lands:

1. Close this PR and open a small, focused one for the ANGA-766 fix (re-read index.html per request + the matching test). That fix is legitimate and should land on its own — estimated size: 1 file, ~10 lines, plus a regression test.

2. If the author wants to contribute the other changes upstream, open separate PRs per logical unit:
- Adapter failure taxonomy + fallback chain (ANGA-184/205) — one PR
- Self-hosted OpenTelemetry observability stack — one PR (large, but architecturally distinct)
- remote_trigger adapter type — one PR
- Memory pre-flight gate (ANGA-165) — one PR, and coordinate with PR #3250 / #3289 (two active memory PRs)
- Telegram integration — one PR (note: this may conflict with "Thin core, rich edges" tree guidance — telegram is likely plugin territory)

3. Audit the diff for fork-internal content before re-opening. Agent bundles under cowork/agents/ and internal workflow docs may not be intended for upstream.

### Scope laundering note for gardener runbook

Gardener should probably flag any PR whose diff size is dramatically larger than what the title suggests, regardless of alignment, because scope laundering is itself a governance concern. This PR is the clearest example I've seen — stated as a 9-line SPA routing fix, delivered as 12,834 lines across 74 commits.

---

_{Reviewed commit: <code>4ce3604e</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: medium · issue snapshot: 2026-04-10T12:58Z

> [!NOTE]
> Context Review — this checks product-context fit against the project's context tree, not code correctness. Run Greptile/CodeRabbit for code review.

### Summary

Clear, well-diagnosed bug. Aligns with an existing class of "tool errors treated as terminal failures" bugs in the opencode-local adapter, and the tree's "surface problems, don't hide them" principle gives a clean framing for the fix. This is the same root cause as #3193 — worth linking so a single fix addresses both symptoms.

<details open>
<summary><strong>Context match</strong></summary>

| Area | Item intent | Tree guidance | Fit |
|------|-------------|---------------|-----|
| Tool-error vs run-error classification | Keep guardrail/tool errors in the agent's thought chain, not bubble as terminal failure | "Surface problems, don't hide them" — silent termination on recoverable errors is the anti-pattern | ✅ Aligned |
| Adapter-owned error shaping | Fix belongs in opencode-local JSONL parser / lifecycle code | Adapters parse agent output into the shared TranscriptEntry types | ✅ Aligned |
| Control plane boundary | Paperclip surfaces exit code; adapter decides what's terminal | "Adapters do NOT own task scheduling" but DO own "parsing agent output" | ✅ Aligned |
| Self-correction loop | Agent learns from adapter error and retries within the same run | Autonomous tasks must be able to recover from recoverable errors | ✅ Aligned |

</details>

<details>
<summary><strong>Tree nodes referenced</strong></summary>

- [adapters/opencode-local/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/opencode-local/NODE.md) — adapter lifecycle and output parsing contract
- [adapters/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/adapters/NODE.md) — adapter abstraction, three-layer package structure, session management
- [product/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/NODE.md) — "Surface problems, don't hide them"
- [product/task-system/NODE.md](https://github.com/serenakeyitan/paperclip-tree/blob/main/product/task-system/NODE.md) — task communication and recovery semantics

</details>

### Duplicate root cause

Issue #3193 ("opencode_local treats tool_use errors as terminal adapter failures") reports the same class of bug from a different angle: tool-level errors in the OpenCode JSONL stream are being folded into the same terminal-error signal as run-level failures. This issue (#3301) is the user-facing symptom of that same misclassification, specifically for the "Read before Write" guardrail. A single fix to the JSONL parser in packages/adapters/opencode-local/src/server/parse.ts (or equivalent) should address both.

Worth linking the two issues and treating them as one work item.

### Recommendation — solution ranking

The reporter proposes three solutions. Ranking them by tree alignment and blast radius:

1. Fix the JSONL parser first (implied by #3193 but not yet done). This is the root-cause fix: tool errors stay in the transcript, only fatal adapter errors bubble up as run-level failures. Scoped to the adapter package, no cross-domain changes. Do this regardless of the other options.

2. OpenCode server API transition (reporter's option 1) is architecturally attractive but much larger scope — it would enable persistent sessions and finer-grained error recovery, but deserves a dedicated design discussion and tree node under adapters/opencode-local/ describing the lifecycle shift. Not a prerequisite for fixing this bug.

3. Retry-loop logic in Paperclip (reporter's option 2) should be avoided — it crosses the adapter boundary. Paperclip's control plane shouldn't know about "adapter_failed" strings or special-case opencode error patterns; that's the adapter's job to classify correctly.

4. --session/--continue flags (reporter's option 3) is a useful supplement to option 1, but only after the parser is fixed. If the parser still classifies tool errors as terminal, CLI-level session persistence doesn't help.

### Related tree observations

This is now the fifth or sixth instance of the "something silently fails instead of being recoverable" pattern I've flagged across recent PRs and issues in this gardener run (#3282, #3215, #3207, #3284, #3290, and now #3301/#3193). Worth considering whether adapters/NODE.md should grow a short section on error classification conventions — specifically "tool errors vs adapter errors vs run errors" — so future adapter authors have a clear rule to follow. The current split looks like each adapter invents its own boundary.

---

_{Reviewed snapshot: <code>issue@2026-04-10T12:58</code> · Tree snapshot: <code>33dc6fd0</code> · Commands: <code>@gardener re-review</code> · <code>@gardener pause</code> · <code>@gardener ignore</code>}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — an open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews this repo against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree), a user-maintained context tree. Not affiliated with this project's maintainers.}

🌱 gardener:verdict: ALIGNED · severity: low · commit: 6363ab3b

Aligned with context tree. No concerns.

Direct fix for issue #3264 by the same reporter (@harperaa) who filed it — nice closing of the loop. The change matches the proposed fix exactly: instead of enumerating board routes and stripping only those, the new logic strips the company prefix whenever the first segment is not a global or board route. That's the right inversion — it treats plugin page routes as first-class citizens of the routing layer without requiring every new plugin to register itself in a central enumeration, which aligns with the tree's "thin core, rich edges" stance toward plugins.

The regression tests are well-structured: three separate test cases covering plugin page routes (the bug), board routes (to prove the fix doesn't regress existing behavior), and global routes (to prove the fix doesn't over-strip). The docstring explicitly links back to issue #3264, which makes the test self-documenting for future readers.

Two-line code change, 24-line test file. Perfect scope. Once this lands, issue #3264 can be closed.

_{Commands: @gardener re-review · @gardener pause · @gardener ignore}

_{🌱 Posted by [repo-gardener](https://github.com/agent-team-foundation/repo-gardener) — open-source context-aware review bot built on [First-Tree](https://github.com/agent-team-foundation/first-tree). Reviews against [serenakeyitan/paperclip-tree](https://github.com/serenakeyitan/paperclip-tree).}