v0

plugin-agent-permissions/.gitignore

@@ -0,0 +1,5 @@
+node_modules
+dist
+.pnpm-debug.log
+*.log
+.DS_Store

plugin-agent-permissions/SUBTASKS.md

@@ -0,0 +1,62 @@
+# Agent Permissions Plugin - Subtasks
+
+## Proposed Issue Breakdown
+
+The following subtasks should be created under FRE-339 "Scope a plugin":
+
+### FRE-XXX: Scaffold agent permissions plugin
+**Description:** Create basic plugin structure with manifest, worker entry point, and UI entry point. Set up TypeScript/Vitest build configuration.
+
+**Deliverables:**
+- Plugin directory structure created
+- `package.json` with dependencies
+- `tsconfig.json` configured
+- `esbuild.config.mjs` for bundling
+- `src/manifest.ts` with plugin metadata and capabilities
+- `src/worker.ts` entry point (stub)
+- `src/ui/index.tsx` entry point (stub)
+- `vitest.config.ts` for testing
+
+---
+
+### FRE-XXX: Implement worker data/action handlers
+**Description:** Implement the worker logic for reading and writing agent permissions.
+
+**Deliverables:**
+- `agent-permissions` data handler - returns permissions for a single agent
+- `toggle-agent-permission` action - enables/disables a permission for an agent
+- `all-agents-permissions` data handler - returns all agents with their permissions
+- Database queries against `principal_permission_grants` and `principals` tables
+- Proper error handling and validation
+
+---
+
+### FRE-XXX: Build UI components
+**Description:** Create React UI components for displaying and toggling agent permissions.
+
+**Deliverables:**
+- `AgentPermissionsTab.tsx` - Detail tab component shown on agent page
+- Permission toggle controls with proper styling
+- Loading states and error handling
+- Integration with Paperclip UI design system
+
+---
+
+### FRE-XXX: Test plugin
+**Description:** Write unit and integration tests for the plugin.
+
+**Deliverables:**
+- Unit tests for worker data handlers
+- Unit tests for action handlers
+- Integration tests for UI components
+- Test coverage report
+
+---
+
+## Notes
+
+- All subtasks should have `assigneeAgentId: d20f6f1c-1f24-4405-a122-2f93e0d6c94a` (Founding Engineer)
+- All subtasks should have `projectId: 1c49333d-5ee2-41d7-b4c0-2ddfd577ba61` (Paperclip plugins)
+- All subtasks should have `parentId: 2777d642-6a55-4ae9-950a-b115ad270e28` (FRE-339)
+- Priority: medium
+- Status: todo

plugin-agent-permissions/esbuild.config.mjs

@@ -0,0 +1,17 @@
+import esbuild from "esbuild";
+import { createPluginBundlerPresets } from "@paperclipai/plugin-sdk/bundlers";
+
+const presets = createPluginBundlerPresets({ uiEntry: "src/ui/index.tsx" });
+const watch = process.argv.includes("--watch");
+
+const workerCtx = await esbuild.context(presets.esbuild.worker);
+const manifestCtx = await esbuild.context(presets.esbuild.manifest);
+const uiCtx = await esbuild.context(presets.esbuild.ui);
+
+if (watch) {
+  await Promise.all([workerCtx.watch(), manifestCtx.watch(), uiCtx.watch()]);
+  console.log("esbuild watch mode enabled for worker, manifest, and ui");
+} else {
+  await Promise.all([workerCtx.rebuild(), manifestCtx.rebuild(), uiCtx.rebuild()]);
+  await Promise.all([workerCtx.dispose(), manifestCtx.dispose(), uiCtx.dispose()]);
+}

plugin-agent-permissions/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@paperclipai/plugin-agent-permissions",
+  "version": "0.1.0",
+  "type": "module",
+  "private": true,
+  "description": "Per-agent permission toggling for fine-grained access control",
+  "scripts": {
+    "build": "node ./esbuild.config.mjs",
+    "dev": "node ./esbuild.config.mjs --watch",
+    "dev:ui": "paperclip-plugin-dev-server --root . --ui-dir dist/ui --port 4177",
+    "test": "vitest run --config ./vitest.config.ts",
+    "typecheck": "tsc --noEmit"
+  },
+  "paperclipPlugin": {
+    "manifest": "./dist/manifest.js",
+    "worker": "./dist/worker.js",
+    "ui": "./dist/ui/"
+  },
+  "keywords": [
+    "paperclip",
+    "plugin",
+    "permissions",
+    "agent-management"
+  ],
+  "author": "FrenoCorp",
+  "license": "MIT",
+  "pnpm": {
+    "overrides": {
+      "@paperclipai/shared": "file:.paperclip-sdk/paperclipai-shared-0.3.1.tgz"
+    }
+  },
+  "devDependencies": {
+    "@paperclipai/shared": "file:.paperclip-sdk/paperclipai-shared-0.3.1.tgz",
+    "@paperclipai/plugin-sdk": "file:.paperclip-sdk/paperclipai-plugin-sdk-1.0.0.tgz",
+    "@rollup/plugin-node-resolve": "^16.0.1",
+    "@rollup/plugin-typescript": "^12.1.2",
+    "@types/node": "^24.6.0",
+    "@types/react": "^19.0.8",
+    "esbuild": "^0.27.3",
+    "rollup": "^4.38.0",
+    "tslib": "^2.8.1",
+    "typescript": "^5.7.3",
+    "vitest": "^3.0.5"
+  },
+  "peerDependencies": {
+    "react": ">=18"
+  }
+}

plugin-agent-permissions/src/manifest.ts

@@ -0,0 +1,39 @@
+import type { PaperclipPluginManifestV1 } from "@paperclipai/plugin-sdk";
+
+const manifest: PaperclipPluginManifestV1 = {
+  id: "paperclipai.plugin-agent-permissions",
+  apiVersion: 1,
+  version: "0.1.0",
+  displayName: "Agent Permissions",
+  description: "Per-agent permission toggling for fine-grained access control",
+  author: "FrenoCorp",
+  categories: ["ui", "automation"],
+  capabilities: [
+    "agents.read",
+    "ui.detailTab.register",
+    "ui.sidebar.register"
+  ],
+  entrypoints: {
+    worker: "./dist/worker.js",
+    ui: "./dist/ui"
+  },
+  ui: {
+    slots: [
+      {
+        type: "detailTab",
+        id: "permissions",
+        displayName: "Permissions",
+        exportName: "AgentPermissionsTab",
+        entityTypes: ["agent"]
+      },
+      {
+        type: "sidebar",
+        id: "permissions-nav",
+        displayName: "Permissions",
+        exportName: "PermissionsNav"
+      }
+    ]
+  }
+};
+
+export default manifest;

plugin-agent-permissions/src/ui/AgentPermissionsTab.tsx

@@ -0,0 +1,88 @@
+import { useState } from "react";
+import { usePluginData, usePluginAction } from "@paperclipai/plugin-sdk/ui";
+import type { PluginDetailTabProps } from "@paperclipai/plugin-sdk/ui";
+
+const PERMISSION_KEYS = [
+  "agents:create",
+  "users:invite",
+  "users:manage_permissions",
+  "tasks:assign",
+  "tasks:assign_scope",
+  "joins:approve"
+] as const;
+
+const PERMISSION_LABELS: Record<string, string> = {
+  "agents:create": "Create Agents",
+  "users:invite": "Invite Users",
+  "users:manage_permissions": "Manage Permissions",
+  "tasks:assign": "Assign Tasks",
+  "tasks:assign_scope": "Task Assignment Scope",
+  "joins:approve": "Approve Join Requests"
+};
+
+export function AgentPermissionsTab({ context }: PluginDetailTabProps) {
+  const { entityId: agentId } = context;
+  
+  const { data, loading, error, refresh } = usePluginData<{
+    agentId: string;
+    permissions: Record<string, boolean>;
+  }>("agent-permissions", { agentId });
+  
+  const togglePermission = usePluginAction("toggle-agent-permission");
+  const [updating, setUpdating] = useState<string | null>(null);
+
+  if (loading) return <div style={{ padding: "1rem" }}>Loading permissions...</div>;
+  if (error) return <div style={{ padding: "1rem", color: "#c00" }}>Error: {error.message}</div>;
+  if (!data) return <div style={{ padding: "1rem" }}>No permissions data available</div>;
+
+  async function handleToggle(permissionKey: string, currentEnabled: boolean) {
+    setUpdating(permissionKey);
+    try {
+      await togglePermission({ agentId, permissionKey, enabled: !currentEnabled });
+      await refresh();
+    } catch (err) {
+      console.error("Failed to toggle permission:", err);
+    } finally {
+      setUpdating(null);
+    }
+  }
+
+  return (
+    <div style={{ padding: "1rem", maxWidth: "600px" }}>
+      <h2 style={{ marginBottom: "1.5rem", fontSize: "1.25rem", fontWeight: 600 }}>Agent Permissions</h2>
+      <p style={{ color: "#666", marginBottom: "1.5rem" }}>
+        Control what actions this agent can perform.
+      </p>
+      
+      <div style={{ display: "flex", flexDirection: "column", gap: "0.75rem" }}>
+        {PERMISSION_KEYS.map((key) => {
+          const enabled = data.permissions[key] ?? false;
+          const isUpdating = updating === key;
+          
+          return (
+            <label key={key} style={{ 
+              display: "flex", 
+              alignItems: "center",
+              gap: "0.75rem",
+              cursor: isUpdating ? "wait" : "pointer",
+              padding: "0.5rem",
+              borderRadius: "4px",
+              backgroundColor: isUpdating ? "#f5f5f5" : "transparent",
+              transition: "background-color 0.2s"
+            }}>
+              <input
+                type="checkbox"
+                checked={enabled}
+                onChange={() => handleToggle(key, enabled)}
+                disabled={updating !== null}
+                style={{ width: "18px", height: "18px", cursor: isUpdating ? "wait" : "pointer" }}
+              />
+              <span style={{ fontWeight: 500 }}>{PERMISSION_LABELS[key] || key}</span>
+              {isUpdating && <span style={{ color: "#888", fontSize: "0.875rem" }}>updating...</span>}
+            </label>
+          );
+        })}
+      </div>
+    </div>
+  );
+}

plugin-agent-permissions/src/ui/PermissionsNav.tsx

@@ -0,0 +1,54 @@
+import { usePluginData } from "@paperclipai/plugin-sdk/ui";
+import type { PluginSidebarProps } from "@paperclipai/plugin-sdk/ui";
+
+interface AgentPermissionsSummary {
+  agentId: string;
+  agentName: string;
+  permissions: Record<string, boolean>;
+}
+
+export function PermissionsNav({ context }: PluginSidebarProps) {
+  const { data: agentsData, loading, error } = usePluginData<AgentPermissionsSummary[]>("all-agents-permissions");
+
+  if (loading) return <div style={{ padding: "1rem" }}>Loading...</div>;
+  if (error) return <div style={{ padding: "1rem", color: "#c00" }}>Error: {error.message}</div>;
+  if (!agentsData || agentsData.length === 0) {
+    return (
+      <div style={{ padding: "1rem" }}>
+        <h3 style={{ fontSize: "1rem", fontWeight: 600, marginBottom: "0.5rem" }}>Permissions</h3>
+        <p style={{ color: "#666", fontSize: "0.875rem" }}>No agents found</p>
+      </div>
+    );
+  }
+
+  const agentsWithPermissions = agentsData.filter(a => 
+    Object.values(a.permissions).some(v => v)
+  );
+
+  return (
+    <div style={{ padding: "1rem" }}>
+      <h3 style={{ fontSize: "1rem", fontWeight: 600, marginBottom: "0.75rem" }}>Permissions</h3>
+      <p style={{ color: "#666", fontSize: "0.75rem", marginBottom: "1rem" }}>
+        {agentsWithPermissions.length} agent(s) with custom permissions
+      </p>
+      <div style={{ display: "flex", flexDirection: "column", gap: "0.5rem" }}>
+        {agentsData.slice(0, 5).map(agent => {
+          const permCount = Object.values(agent.permissions).filter(Boolean).length;
+          return (
+            <div key={agent.agentId} style={{ 
+              fontSize: "0.875rem", 
+              padding: "0.5rem", 
+              backgroundColor: "#f9f9f9", 
+              borderRadius: "4px" 
+            }}>
+              <div style={{ fontWeight: 500 }}>{agent.agentName}</div>
+              <div style={{ color: "#888", fontSize: "0.75rem" }}>
+                {permCount} permission(s) granted
+              </div>
+            </div>
+          );
+        })}
+      </div>
+    </div>
+  );
+}

plugin-agent-permissions/src/ui/index.tsx

@@ -0,0 +1,2 @@
+export { AgentPermissionsTab } from './AgentPermissionsTab';
+export { PermissionsNav } from './PermissionsNav';

plugin-agent-permissions/src/worker.ts

@@ -0,0 +1,99 @@
+import { definePlugin, runWorker } from "@paperclipai/plugin-sdk";
+
+const PERMISSION_KEYS = [
+  "agents:create",
+  "users:invite",
+  "users:manage_permissions",
+  "tasks:assign",
+  "tasks:assign_scope",
+  "joins:approve"
+] as const;
+
+type PermissionKey = typeof PERMISSION_KEYS[number];
+
+interface AgentPermissions {
+  agentId: string;
+  permissions: Record<PermissionKey, boolean>;
+}
+
+interface AllAgentsPermissions {
+  agentId: string;
+  agentName: string;
+  permissions: Record<PermissionKey, boolean>;
+}
+
+type AgentPermissionsMap = Record<string, Record<PermissionKey, boolean>>;
+
+const plugin = definePlugin({
+  async setup(ctx) {
+    ctx.data.register("agent-permissions", async (params) => {
+      const { agentId } = params as { agentId: string };
+      
+      const allPerms = (await ctx.state.get(
+        { scopeKind: "instance", stateKey: "agent_permissions" }
+      ) as AgentPermissionsMap) ?? {};
+      
+      const agentPerms = allPerms[agentId] ?? {};
+      
+      return {
+        agentId,
+        permissions: PERMISSION_KEYS.reduce((acc, key) => ({
+          ...acc,
+          [key]: agentPerms[key] ?? false
+        }), {} as Record<PermissionKey, boolean>)
+      };
+    });
+
+    ctx.actions.register("toggle-agent-permission", async (params) => {
+      const { agentId, permissionKey, enabled } = params as {
+        agentId: string;
+        permissionKey: PermissionKey;
+        enabled: boolean;
+      };
+
+      const allPerms = (await ctx.state.get(
+        { scopeKind: "instance", stateKey: "agent_permissions" }
+      ) as AgentPermissionsMap) ?? {};
+      
+      const agentPerms = allPerms[agentId] ?? {};
+      const updated = { ...agentPerms, [permissionKey]: enabled };
+      
+      await ctx.state.set(
+        { scopeKind: "instance", stateKey: "agent_permissions" },
+        { ...allPerms, [agentId]: updated }
+      );
+
+      return { success: true };
+    });
+
+    ctx.data.register("all-agents-permissions", async (params) => {
+      const companyId = typeof params.companyId === "string" ? params.companyId : "";
+      
+      const agents = companyId 
+        ? await ctx.agents.list({ companyId, limit: 100, offset: 0 })
+        : [];
+      
+      const allPerms = (await ctx.state.get(
+        { scopeKind: "instance", stateKey: "agent_permissions" }
+      ) as AgentPermissionsMap) ?? {};
+      
+      const result: AllAgentsPermissions[] = agents.map(agent => ({
+        agentId: agent.id,
+        agentName: agent.name,
+        permissions: PERMISSION_KEYS.reduce((acc, key) => ({
+          ...acc,
+          [key]: allPerms[agent.id]?.[key] ?? false
+        }), {} as Record<PermissionKey, boolean>)
+      }));
+      
+      return result;
+    });
+  },
+
+  async onHealth() {
+    return { status: "ok", message: "Agent permissions plugin running" };
+  }
+});
+
+export default plugin;
+runWorker(plugin, import.meta.url);

plugin-agent-permissions/tsconfig.json

@@ -0,0 +1,23 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "lib": ["ES2022", "DOM", "DOM.Iterable"],
+    "jsx": "react-jsx",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "noEmit": true,
+    "isolatedModules": true,
+    "allowSyntheticDefaultImports": true,
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src/**/*", "tests/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

plugin-agent-permissions/vitest.config.ts

@@ -0,0 +1,10 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    environment: "node",
+    globals: true,
+    include: ["tests/**/*.spec.ts"],
+    exclude: ["node_modules", "dist"]
+  }
+});