chore(deps): pin embedded-postgres to beta.15

[rileymiller]

Thinking Path

• Paperclip relies on embedded PostgreSQL for local/runtime database flows, so the embedded-postgres package and its platform binaries need to resolve as one coherent version set.
• PR chore(deps): pin embedded-postgres to beta.15 patch #4102 tried to pin embedded-postgres to beta.15, but the branch name failed the lockfile policy and pnpm still resolved @embedded-postgres/* platform packages to beta.16 through upstream optional dependency ranges.
• The replacement path needs to use the one policy-approved branch name for lockfile changes and explicitly pin the platform packages so Linux installs do not drift back to beta.16.
• Keeping the existing package patch aligned with beta.15 preserves the LC_MESSAGES environment behavior while making the lockfile and package metadata agree.

What Changed

• Pinned direct embedded-postgres dependencies in cli, packages/db, and server to exact 18.1.0-beta.15.
• Moved the patched dependency entry and patch filename from embedded-postgres@18.1.0-beta.16 to embedded-postgres@18.1.0-beta.15.
• Added root pnpm.overrides for every @embedded-postgres/* optional platform package so pnpm resolves all platform binaries to 18.1.0-beta.15 instead of beta.16.
• Refreshed pnpm-lock.yaml on the policy-approved chore/refresh-lockfile branch.
• Confirmed no 18.1.0-beta.16 references remain in dependency files, lockfile, or patches.

Verification

• Local port of PR policy check: branch name allows pnpm-lock.yaml; Dockerfile deps stage check passed; lockfile-only install passed.
• env -u NODE_ENV CI=true pnpm install --frozen-lockfile
• env -u NODE_ENV pnpm -r typecheck
• env -u NODE_ENV -u DATABASE_URL pnpm test:run (first run inherited a local DATABASE_URL and failed that env-sensitive runtime-config assertion; rerun with DATABASE_URL unset passed)
• env -u NODE_ENV -u DATABASE_URL pnpm build
• env -u NODE_ENV -u DATABASE_URL npx playwright install chromium
• env -u NODE_ENV -u DATABASE_URL PAPERCLIP_E2E_SKIP_LLM=true pnpm run test:e2e
• Disposable clone canary dry-run: ./scripts/release.sh canary --skip-verify --dry-run passed after env -u NODE_ENV CI=true pnpm install --frozen-lockfile installed dependencies in the clone. The first dry-run attempt only failed because the disposable clone had no node_modules.

Risks

• Low dependency hygiene risk: the direct package and all platform optional packages are now explicitly pinned to beta.15, so the remaining risk is upstream package metadata changing in a future release.
• The lockfile exception depends on the branch name staying exactly chore/refresh-lockfile; this PR uses that branch name from the fork head.

Model Used

• OpenAI Codex
• Model ID: GPT-5.5
• Reasoning effort: xhigh
• Capabilities used: terminal tool execution, GitHub CLI, GitHub connector, local test/build/release verification

Checklist

• I have included a thinking path that traces from project context to this change
• I have specified the model used (with version and capability details)
• I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work
• I have run tests locally and they pass
• I have added or updated tests where applicable
• If this change affects the UI, I have included before/after screenshots (not applicable; dependency-only change)
• I have updated relevant documentation to reflect my changes (not applicable; dependency-only change)
• I have considered and documented any risks above
• I will address all Greptile and reviewer comments before requesting merge

[greptile-apps]

Greptile Summary

This PR pins embedded-postgres from ^18.1.0-beta.16 to the exact version 18.1.0-beta.15 across cli, packages/db, and server, adds pnpm.overrides for all eight @embedded-postgres/* platform packages so optional binaries don't drift back to beta.16, and renames/adjusts the existing patch file to match the beta.15 dist layout. The lockfile is updated consistently with new integrity hashes for all affected packages.

Confidence Score: 5/5

Safe to merge — dependency-only change with consistent pinning across all package manifests, lockfile, and patch.

All six changed files are coherent: direct specifiers, platform overrides, patchedDependencies entry, hunk offsets in the patch, and lockfile integrity hashes all point to the same beta.15 version set. No beta.16 references remain. The PR author verified frozen-lockfile install, typecheck, tests, build, and e2e locally.

No files require special attention.

Important Files Changed

Filename	Overview
package.json	Adds pnpm overrides for all 8 @embedded-postgres/* platform packages to pin them to beta.15; also renames the patchedDependency entry from beta.16 to beta.15.
cli/package.json	Updates embedded-postgres specifier from ^18.1.0-beta.16 to exact 18.1.0-beta.15.
packages/db/package.json	Updates embedded-postgres specifier from ^18.1.0-beta.16 to exact 18.1.0-beta.15.
server/package.json	Updates embedded-postgres specifier from ^18.1.0-beta.16 to exact 18.1.0-beta.15.
patches/embedded-postgres@18.1.0-beta.15.patch	Patch renamed from beta.16 to beta.15; hunk offsets updated from lines 133/177 to 121/165 to match the beta.15 dist layout; patch content (LC_MESSAGES and env spread) is unchanged.
pnpm-lock.yaml	All embedded-postgres and @embedded-postgres/* entries updated from beta.16 to beta.15 with new integrity hashes; overrides section aligned with package.json.

_{Reviews (1): Last reviewed commit: "fix: pin embedded-postgres platform pack..." | Re-trigger Greptile}