mirror of
https://github.com/paperclipai/paperclip
synced 2026-04-25 17:25:15 +02:00
9d6d159209
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - The GitHub repository uses CODEOWNERS to enforce review requirements on critical files > - Currently only release scripts and CI config are protected — package manifests are not > - Dependency changes (package.json, lockfile) can introduce supply-chain risk if merged without review > - This PR adds all package files to CODEOWNERS > - The benefit is that any dependency change now requires explicit approval from maintainers ## What Changed - Added root package manifest files (`package.json`, `pnpm-lock.yaml`, `pnpm-workspace.yaml`, `.npmrc`) to CODEOWNERS - Added all 19 workspace `package.json` files (`cli/`, `server/`, `ui/`, `packages/*`) to CODEOWNERS - All entries owned by `@cryppadotta` and `@devinfoley`, consistent with existing release infrastructure ownership ## Verification - `gh api repos/paperclipai/paperclip/contents/.github/CODEOWNERS?ref=PAPA-41-add-package-files-to-codeowners` to inspect the file - Open a test PR touching any `package.json` and confirm GitHub requests review from the listed owners ## Risks - Low risk. CODEOWNERS only adds review requirements — does not block merges unless branch protection enforces it. New packages added in the future will need a corresponding CODEOWNERS entry. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have run tests locally and they pass - [ ] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge Co-authored-by: Paperclip <noreply@paperclip.ing>