mirror of
https://github.com/paperclipai/paperclip
synced 2026-03-25 11:21:48 +00:00
fe6a8687c1
Add HS256 JWT-based authentication for local adapters (claude_local, codex_local) so agents authenticate automatically without manual API key configuration. The server mints short-lived JWTs per heartbeat run and injects them as PAPERCLIP_API_KEY. The auth middleware verifies JWTs alongside existing static API keys. Includes: CLI onboard/doctor JWT secret management, env command for deployment, config path resolution from ancestor directories, dotenv loading on server startup, event payload secret redaction, multi-status issue filtering, and adapter transcript parsing for thinking/user message kinds. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
34 lines
1.1 KiB
TypeScript
34 lines
1.1 KiB
TypeScript
import fs from "node:fs";
|
|
import path from "node:path";
|
|
|
|
const PAPERCLIP_CONFIG_BASENAME = "config.json";
|
|
const PAPERCLIP_ENV_FILENAME = ".env";
|
|
|
|
function findConfigFileFromAncestors(startDir: string): string | null {
|
|
const absoluteStartDir = path.resolve(startDir);
|
|
let currentDir = absoluteStartDir;
|
|
|
|
while (true) {
|
|
const candidate = path.resolve(currentDir, ".paperclip", PAPERCLIP_CONFIG_BASENAME);
|
|
if (fs.existsSync(candidate)) {
|
|
return candidate;
|
|
}
|
|
|
|
const nextDir = path.resolve(currentDir, "..");
|
|
if (nextDir === currentDir) break;
|
|
currentDir = nextDir;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
export function resolvePaperclipConfigPath(overridePath?: string): string {
|
|
if (overridePath) return path.resolve(overridePath);
|
|
if (process.env.PAPERCLIP_CONFIG) return path.resolve(process.env.PAPERCLIP_CONFIG);
|
|
return findConfigFileFromAncestors(process.cwd()) ?? path.resolve(process.cwd(), ".paperclip", PAPERCLIP_CONFIG_BASENAME);
|
|
}
|
|
|
|
export function resolvePaperclipEnvPath(overrideConfigPath?: string): string {
|
|
return path.resolve(path.dirname(resolvePaperclipConfigPath(overrideConfigPath)), PAPERCLIP_ENV_FILENAME);
|
|
}
|