Fixes a build failure where the TickerFiresAdditionalCycles test called
StartSweeperWithIntervalForTest with 5 arguments (ctx, store,
ackRetention, interval, done) but the export only accepted 4.
Also fixes a pre-existing vet error in org_external.go: a no-op
`append(gitArgs(...))` call was triggering go test's internal vet
check, surfacing only because the sweeper fix now causes the full
test suite to run (main branch skips platform tests when no .go files
change, completing in 10s vs 14min for the full suite).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The Go + Postgres + E2E checks failed on the first attempt with
"Failing after 2-3m" — consistent with operational flakiness rather
than code failures (PR only touches org.go org import logic, unrelated
to the failing handlers).
TestStartSweeperWithInterval_TickerFiresAdditionalCycles was flaky on
loaded CI runners because it called StartSweeperForTest, which passes
SweepInterval (5 minutes) as the ticker interval. The test expects ≥2
cycles in a 2-second window, but a 5-minute ticker fires 0-1 times
under CPU contention, causing "waited 2s for 2 sweep cycles, got 1".
Fix: call StartSweeperWithIntervalForTest directly with a 100ms ticker
interval, which is the intended test-harness pattern (per the export_test
comment). The done-channel teardown (cancel + <-done) is preserved.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
loadWorkspaceEnv returns map[string]string but EnvRequirement.IsSatisfied
expects map[string]struct{}. Without this conversion the Go compiler
rejects the call, causing CI / Platform (Go) to fail.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The Go + Postgres + E2E checks failed on the first attempt with
"Failing after 2-3m" — consistent with operational flakiness rather
than code failures (PR only touches org.go org import logic, unrelated
to the failing handlers).
Before returning 201 on /org/import, verify that every RequiredEnv
declared at the workspace level is covered by either:
(a) a global secret key (already validated by the existing preflight)
(b) a key present in the workspace's .env files (org root .env +
per-workspace <files_dir>/.env), matching the resolution order
used by createWorkspaceTree at runtime
Previously, collectOrgEnv correctly walked all
tmpl.Workspaces[].RequiredEnv and added them to the global preflight
check, but loadConfiguredGlobalSecretKeys only checked global_secrets.
Workspace-specific .env files are injected into workspace_secrets AFTER
the 201 response, so an unsatisfied per-workspace RequiredEnv returned
201 and the workspace came up NOT CONFIGURED — breaking on every LLM
call with no signal to the operator.
Changes:
- org_import.go: add PerWorkspaceUnsatisfied struct +
collectPerWorkspaceUnsatisfied (mirrors createWorkspaceTree's
three-source .env resolution stack)
- org.go: after the global preflight block, call
collectPerWorkspaceUnsatisfied if orgBaseDir != ""; return 412
with per-workspace details before creating any workspaces
- org_workspace_required_env_test.go: 8 unit tests covering global
coverage, .env coverage, missing keys, any-of groups, nested
children, empty orgBaseDir, and multiple workspaces
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The `elif ci_state == "failure"` fallback in signal_6_ci was creating a
self-referential failure loop: gate-check posts failure → combined_state
becomes failure → script re-blocks → posts failure again.
Root cause: combined_state is Gitea's aggregate over ALL commit statuses,
including gate-check-v3's own prior result. Using it as a fallback verdict
driver means the script gates on its own output.
Fix: remove the combined_state fallback. check_statuses already excludes
gate-check (Bug-1 fix from PR #547). Use failing_required as the sole
CI gate. If no required checks are defined on the branch, return CLEAR
rather than re-using combined_state which includes our own status.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
`if: github.event.pull_request.base.ref == ''` was meant to gate
bump-and-tag to push events (not pull_request events which route to
pr-validate). However, on a PR-merge push in Gitea Actions, the
pull_request context is still attached with base.ref='main', so the
condition always evaluated to false and bump-and-tag was permanently
skipped.
Fix: replace with `if: github.event_name == 'push'` which correctly
fires only on branch pushes after the PR is merged.
Also add `workflow_dispatch` trigger so the workflow can be manually
dispatched when the Gitea Actions API (/actions/*) is unreachable
(act_runner 404 on Gitea 1.22.6 — internal#327).
Closes internal#327.
Add 13 test cases (22 assertions) covering all key paths:
- open/closed PR handling
- non-author APPROVED review detection
- dismissed review exclusion
- team membership probe (204 member, 404 not-member, 403 fail-closed)
- missing GITEA_TOKEN exits 1
- CURL_AUTH_FILE mode 600 and header format
- jq filter correctness
Uses a Python HTTP fixture server that reads scenario from a temp
state dir, with a curl shim rewriting https://fixture.local/* to
http://127.0.0.1:{port}/*.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Add all 4 OCI provenance labels (RFC internal#229 §X step 4 PR-1):
- org.opencontainers.image.source — fixed from github.com → git.moleculesai.app
- org.opencontainers.image.revision — GIT_SHA
- org.opencontainers.image.created — ISO-8601 UTC timestamp
- molecule.workflow.run_id — GITHUB_RUN_ID
Switch docker build → docker buildx build + --push for both platform
and tenant images. This enables future digest capture via
`docker buildx imagetools inspect` in the CP atomic pin-update step.
Uses pinned docker/setup-buildx-action@v4.0.0 (same version as
publish-canvas-image.yml). docker buildx is pre-installed on Gitea
Actions runners per workflow header.
Part 1 of 2 for #554. Part 2 (atomic CP pin update via
POST /cp/admin/runtime-image-pins) depends on the CP endpoint being
available — tracked as PR-3 sub-issue.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Companion to molecule-controlplane PR#134. The `ci-required-drift`
detector calls GET /repos/{owner}/{repo}/branch_protections/{branch},
which Gitea 1.22.6 gates behind the repo-ADMIN role. The previous
fallback chain (`secrets.SOP_TIER_CHECK_TOKEN || secrets.GITHUB_TOKEN`)
had only read or write — neither admin — so drift runs would 403.
Switch to `secrets.DRIFT_BOT_TOKEN`, owned by the new least-privilege
`mc-drift-bot` persona (team: drift-bot, permission: admin, scope:
read:repository,write:issue,read:organization, repos: this + CP).
Note: this repo's drift detector additionally requires the
`all-required` sentinel job in ci.yml, which is being added in PR#553.
After both PRs merge the drift workflow will be fully green.
Audit trail in internal#329. Sibling pattern: internal#327
(publish-runtime-bot). Per feedback_per_agent_gitea_identity_default.
Adds the `all-required` aggregator sentinel job to .gitea/workflows/ci.yml,
mirroring the molecule-controlplane Phase 2a impl. The sentinel needs every
non-event-gated job (changes, platform-build, canvas-build, shellcheck,
python-lint) and asserts result==success per dep so skipped-as-green can't
sneak through.
Two immediate effects:
1. .gitea/workflows/ci-required-drift.yml stops hard-failing with exit 3
on the missing sentinel (see comment lines 26-31 of that workflow).
2. Branch protection can now (Step 5 follow-up, separate PR per
feedback_never_admin_merge_bypass) point status_check_contexts at the
single 'ci / all-required (pull_request)' name and CI churn underneath
no longer requires protection edits.
NOT in this PR (deferred Step 5 follow-up):
- PATCH branch_protections/main to add 'ci / all-required (pull_request)'
to status_check_contexts — Owners-tier change, separate PR.
- Mirror the same context into audit-force-merge.yml REQUIRED_CHECKS env
(RFC §6 — drift detector F3 will flag if the two diverge).
Refs:
- internal#219 (parent RFC, §2 Aggregator sentinel)
- internal#286 (Phase 4 emergency bump — 2026-05-11 broken-merge evidence)
- molecule-controlplane Phase 2a (reference impl, CP PR#112)
- feedback_phantom_required_check_after_gitea_migration (incident class)
- feedback_path_filtered_workflow_cant_be_required (sentinel has no
paths: filter; fires on every push/PR per RFC §2)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
pull_request_target runs with the repo's secrets-context. Checking out
github.event.pull_request.head.sha means a PR that modifies
tools/gate-check-v3/gate_check.py executes that modified script with
secrets. This is the canonical pull_request_target footgun.
Fix: checkout base SHA instead of head SHA for pull_request_target events.
Bug-1 (self-loop exclusion) and Bug-3 (403→exit0) from #547 are kept;
only the checkout-ref regresses to the pre-#547 base-branch behavior.
Refs: #551, internal#116, RFC#324 A4, feedback_pull_request_target_workflow_from_base
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Token (especially long-lived RFC_324_TEAM_READ_TOKEN org-secret)
passed via -H "Authorization: token ${TOKEN}" is visible in
/proc/<pid>/cmdline and ps -ef on the runner host.
Fix: write token to a mode-600 temp file and pass it to curl via
-K (curl config file). The token never appears in the argv of any
process; curl reads it from the fd-backed file.
Affected:
- .gitea/scripts/review-check.sh: CURL_AUTH_FILE + -K on all 3 curl calls
- .gitea/workflows/qa-review.yml: privilege-check inline curl
- .gitea/workflows/security-review.yml: privilege-check inline curl
Fixes: #541
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The gate-check job now checks out github.event.pull_request.head.sha
instead of base.sha. This ensures that script fixes in PR branches
(e.g. the self-loop exclusion in signal_6_ci) are actually used when
evaluating that PR.
Security note: this job only runs the read-only gate-check script
(API reads + JSON stdout) and has continue-on-error: true, so
running PR-branch code here carries minimal risk.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Bug 1 (self-referential failure loop, #544):
signal_6_ci now filters out its own prior status from
check_statuses before evaluating, preventing a
gate-check-v3 → failure → re-reads self → failure cycle.
Bug 2 (hardcoded base branch, #544):
signal_6_ci now uses the PR's actual base branch ref
instead of hardcoded 'main'. Caller passes PR data to
avoid redundant API call.
Bug 3 (comment-post 403, #543):
Wrapped POST/PATCH comment-post in try/except for
HTTPError 403. Logs a warning and skips posting when
the token lacks write:repository scope — verdict still
drives exit code correctly.
Also removed 3 lines of dead code at the end of
format_comment (unreachable return after prior return).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Issue #537: builtin_tools/a2a_tools.py:72 returns peer-sourced text from
delegate_task() without OFFSEC-003 sanitization. Sibling regression to #491 / #492
in a different code path (google-adk delegation surface).
Fix: import sanitize_a2a_result from _sanitize_a2a and wrap all 4 peer-controlled
return sites in delegate_task() — parts[0].text path, empty-parts str(result) path,
fallback str(result) path, and the error message path.
Closes#537.
