github paperclipai/paperclip v2026.416.0
on GitHub

latest releases: canary/v2026.416.1-canary.4, canary/v2026.416.1-canary.3, canary/v2026.416.1-canary.2...
12 hours ago

v2026.416.0

Released: 2026-04-16

Highlights

  • Issue chat thread — Replaced the classic comment timeline with a full chat-style thread powered by assistant-ui. Agent run transcripts, chain-of-thought, and user messages now render inline as a continuous conversation with polished avatars, action bars, and relative timestamps. (#3079)
  • Execution policies — Issues can now carry a review/approval execution policy with multi-stage signoff workflows. Reviewers and approvers are selected per-stage, and Paperclip routes the issue through each stage automatically. (#3222)
  • Blocker dependencies — First-class issue blocker relations with automatic wake-on-dependency-resolved. Set blockedByIssueIds on any issue and Paperclip wakes the assignee when all blockers reach done. (#2797)
  • Issue-to-issue navigation — Faster navigation between issues with scroll reset, prefetch, and detail-view optimizations. (#3542)
  • Auto-checkout for scoped wakes — The agent harness now automatically checks out the scoped issue on comment-driven wakes, reducing latency for agent heartbeats. (#3538)
  • Inbox parent-child nesting — Parent issues group their children in the inbox Mine view with a toggle button, j/k keyboard traversal across nested items, and collapsible groups. (#2218, @HenkDz)

Improvements

  • BETA Standalone MCP server — New @paperclipai/mcp-server package exposing the Paperclip API as an MCP tool server, including approval creation. (#2435)
  • Board approvals — Generic issue-linked board approvals with card styling and visibility improvements in the issue detail sidebar. (#3220)
  • Inbox workspace grouping — Issues can now be grouped by workspace in the inbox with collapsible mobile groups and shared column controls across inbox and issues lists. (#3356)
  • Improvements to plugin system — Third-party adapters can now be installed as npm packages or loaded from local directories. Plugins declare a config schema and an optional UI transcript parser; built-in adapters can be overridden by external ones. Includes Hermes local session management and provider/model display in run details. (#2649, #2650, #2651, #2654, #2655, #2659, @plind-dm)
  • Issue search — Trigram-indexed full-text search across titles, identifiers, descriptions, and comments with debounced input. Comment matches now surface in search results. (#2999)
  • Sub-issues inline — Sub-issues moved from a separate tab to inline display on the issue detail, with parent-inherited workspace defaults and assignee propagation. (#3355)
  • Document revision diff viewer — Side-by-side diff viewer for issue document revisions with improved modal layout. (#2792)
  • Keyboard shortcut cheatsheet — Press ? to open a keyboard shortcut reference dialog; new g i (go to inbox), g c (comment composer), and inbox archive undo shortcuts. (#2772)
  • Bedrock model selection — Claude local adapter now supports AWS Bedrock authentication and model selection. (#3033, @kimnamu)
  • Codex fast mode — Added fast mode support for the Codex local adapter. (#3383)
  • Backup improvements — Gzip-compressed backups with tiered daily/weekly/monthly retention and UI controls in Instance Settings. (#3015, @aronprins)
  • GitHub webhook signing modes — Added github_hmac and none webhook signing modes with timing-safe HMAC comparison. (#1961, @antonio-mello-ai)
  • Project environment variables — Projects can now define environment variables that are inherited by workspace runs.
  • Routine improvements — Draft routine defaults, run-time overrides, routine title variables, and relaxed project/agent requirements for routines. (#3220)
  • Workspace runtime controls — Start/stop controls, runtime state reconciliation, runtime service JSON textarea improvements, and workspace branch/folder display in the issue properties sidebar. (#3354)
  • Attachment improvements — Arbitrary file attachments (not just images), drag-and-drop non-image files onto markdown editor, and square-cropped image gallery grid. (#2749)
  • Image gallery in chat — Clicking images in chat messages now opens a full gallery viewer.
  • Mobile UX — Gmail-inspired mobile top bar for inbox issue views, responsive execution workspace pages, mobile mention menu placement, and mobile comment copy button feedback.
  • Sidebar order persistence — Sidebar project and company ordering preferences now persist per-user.
  • Skill auto-enable — Mentioned skills are automatically enabled for heartbeat runs.
  • Comment wake batching — Multiple comment wakes are batched into a single inline payload for more efficient agent heartbeats.
  • Server-side adapter pause/resume — Builtin adapter types can now be paused/resumed from the server with overridePaused. (#2542, @plind-dm)
  • Skill slash-command autocomplete — Skill names now autocomplete in the editor.
  • Worktree reseed command — New CLI command to reseed worktrees from latest repo state. (#3353)

Fixes

  • Issue detail stability — Fixed visible refreshes during agent updates, comment post resets, ref update loops, split regressions, main-pane focus on navigation, and other detail-view rerender issues. (#3355)
  • Inbox badge count — Badge now correctly counts only unread Mine issues. (#2512, @AllenHyang)
  • Inbox keyboard navigation — Fixed j/k traversal across groups and nesting column alignment. (#2218, @HenkDz)
  • Vite HTML transforms — Fixed repeated Vite HTML transforms in dev mode.
  • Auth session lookup — Skipped unnecessary auth session lookups on non-API requests.
  • Stale execution locks — Fixed stale execution lock lifecycle with proper executionAgentNameKey clearing. (#2643, @chrisschwer)
  • Agent env bindings — Fixed cleared agent env bindings not persisting on save. (#3232, @officialasishkumar)
  • Capabilities field — Fixed blank screen when clearing the Capabilities field. (#2442, @sparkeros)
  • Skill deletion — Company skills can now be deleted with an agent usage check. (#2441, @DanielSousa)
  • Claude session resume — Fixed --append-system-prompt-file being sent on resumed Claude sessions, preserved instructions on resume fallback, and tightened fresh-session-only instruction file handling. (#2949, #2936, #2937, @Lempkey)
  • Typing lag — Fixed typing lag in long comment threads. (#3163)
  • Comment editor sync — Hardened issue comment editor synchronization.
  • Document revisions freshness — The latest issue document revision now stays current in the UI. (#3342)
  • Infinite render loop — Fixed infinite render loop in the inbox mobile toolbar.
  • Shimmer animation — Fixed shimmer text using an invalid hsl() wrapper on oklch colors, reduced loop jitter, and added a pause between repeats.
  • Mention selection — Restored touch mention selection and fixed spaced mention queries.
  • Inbox archive — Fixed archive flashing back after fade-out.
  • Goal description — Made the goal description area scrollable in the create dialog. (#2148, @shoaib050326)
  • Worktree provisioning — Fixed symlink relinking, fallback seeding, dependency hydration, and validated linked worktrees before reuse. (#3354)
  • Node keepAliveTimeout — Increased timeout behind reverse proxies to prevent 502 errors.
  • Noisy request logging — Reduced noisy server request logging.
  • Codex tool-use transcripts — Fixed Codex tool-use transcript completion parsing.
  • Codex resume error — Recognize missing-rollout Codex resume error as a stale session.
  • Pi quota exhaustion — Treat Pi quota exhaustion as a failed run. (#2305)
  • Issue identifier collisions — Prevented identifier collisions during concurrent issue creation.
  • OpenClaw CEO paths — Fixed $AGENT_HOME references in CEO onboarding instructions to use relative paths. (#3299, @aronprins)
  • Windows adapter wrappers — Use cmd.exe for .cmd and .bat wrappers on Windows. (#2662, @wbelt)
  • Markdown autoformat — Fixed autoformat of pasted markdown in the inline editor. (#2733, @davison)
  • Paused agent dimming — Correctly dim paused agents in list and org chart views while skipping dimming on the Paused filter tab. (#2397, @HearthCore)
  • Import role fallback — Import now reads agent role from frontmatter before defaulting to agent. (#2594, @plind-dm)
  • Backup cleanup — Clean up orphaned .sql files on compression failure and fix stale startup logs.
  • Chat layout alignment — Fixed avatar positioning, activity line alignment, comment alignment, and feedback panel closing.

Security

  • Authorization hardening (GHSA-68qg-g8mg-6pr7) — Scoped import, approval, activity, and heartbeat API routes to enforce proper authorization checks. All deployments should upgrade. (#3315)
  • JWT secret handling — Removed the hardcoded JWT secret fallback and fixed agent auth to fall back to BETTER_AUTH_SECRET when PAPERCLIP_AGENT_JWT_SECRET is absent. (#3124, #2866, @cleanunicorn, @ergonaworks)
  • Redacted Bearer tokens in logs — Server log output now redacts Bearer tokens to prevent accidental credential exposure. (#2659)
  • Dependency security bumps — Updated multer to 2.1.1 (HIGH CVEs) and rollup to 4.59.0 (path-traversal CVE). (#2819, #2909, @marysomething99-prog)

Upgrade Guide

Eight new database migrations (00490056) will run automatically on startup. These add:

  • Issue blocker relations table (0049)
  • Project environment variables (0050)
  • Trigram search indexes on issues and comments (0051 — requires pg_trgm extension)
  • Execution policy decision tracking (0052)
  • Non-issue inbox dismissals (0053)
  • Relaxed routine constraints (0054)
  • Heartbeat run process group tracking (0055)
  • User sidebar preferences (0056)

All migrations are additive — no existing data is modified or removed.

pg_trgm extension: Migration 0051 creates the pg_trgm PostgreSQL extension for full-text search. If your database user does not have CREATE EXTENSION privileges, ask your DBA to run CREATE EXTENSION IF NOT EXISTS pg_trgm; before upgrading.

If you use external adapter plugins, note that built-in adapters can now be overridden by external ones. The overriddenBuiltin flag in the adapter API indicates when this is happening.

This release also includes the fix for GHSA-68qg-g8mg-6pr7. Upgrade all deployments as soon as practical.

Contributors

Thank you to everyone who contributed to this release!

@AllenHyang, @antonio-mello-ai, @aronprins, @chrisschwer, @cleanunicorn, @cryppadotta, @DanielSousa, @davison, @ergonaworks, @HearthCore, @HenkDz, @KhairulA, @kimnamu, @Lempkey, @marysomething99-prog, @mvanhorn, @officialasishkumar, @plind-dm, @shoaib050326, @sparkeros, @wbelt

Check out latest releases or
releases around paperclipai/paperclip v2026.416.0

Don't miss a new paperclip release

NewReleases is sending notifications on new releases.

Get notifications