executeDelegation(sourceID, targetID) fires proxyA2ARequest which calls
registry.CanCommunicate(sourceID, targetID) when source != target. Both
IDs are different test fixtures (ws-source-159, ws-target-159), so the
lookup fires two separate getWorkspaceRef queries:
SELECT id, parent_id FROM workspaces WHERE id = $1 -- sourceID
SELECT id, parent_id FROM workspaces WHERE id = $1 -- targetID
expectExecuteDelegationBase only mocked the URL/status fallback query.
sqlmock would fail with "unexpected query" when the CanCommunicate
lookups fired — this was a silent failure because the tests never
verified ExpectationWereMet on the CanCommunicate path.
Fix: add two ExpectQuery rows for both parent_id lookups (both NULL,
root-level siblings, allowed).
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Adds a continue-on-error step that runs ./internal/handlers/... and
./internal/pendinguploads/... with -v -timeout 60s, tee-ing output to
/tmp/ and emitting last-100-lines to step summary. Gitea Actions logs
API returns 404 (gitea/gitea#22168), making the run-page step summary
the only available signal when CI stalls. Step is stripped before merge.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
REVERT of #599 (infra/docker-runner-label) — urgent CI regression fix.
The `docker` label is NOT registered on any act_runner. With
runs-on: [ubuntu-latest, docker], publish-workflow jobs queue
indefinitely with zero eligible runners — strictly worse than the
pre-#599 coin-flip (50% success rate).
Restore runs-on: ubuntu-latest so publish-workflow jobs can run
again. The docker-label registration is the hard prerequisite that
must be satisfied before re-applying #599.
Fixes: publish-workspace-server-image + publish-canvas-image
stuck in "Waiting to run" since #599 merged ~23:24Z.
To re-apply: once `docker` label is registered on ≥2 runners,
re-apply the runs-on: [ubuntu-latest, docker] change from
#599 (branch infra/docker-runner-label).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Runs the full Platform-Go suite (build, vet, golangci-lint, tests with
coverage thresholds) every Monday at 04:17 UTC regardless of whether
workspace-server/ was touched by the last push.
Background: ci.yml's platform-build gates real work on
`needs.changes.outputs.platform == 'true'`. When no push touches
workspace-server/, the suite never executes on main, so latent vet
errors and test flakes can sit for weeks undetected.
This workflow surfaces those errors in advance so the next
workspace-server push doesn't trigger unexpected failures.
Closes#567.
Closes molecule-core#567.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds DEFAULT_TIMEOUT=15 to gate_check.py and passes it to all urlopen()
calls (api_get, comment POST, comment PATCH).
Adds socket.setdefaulttimeout(15) to the inline Python in the workflow's
cron step, catching the PR-polling loop too.
Defence-in-depth: the real fix is provisioning SOP_TIER_CHECK_TOKEN
in Gitea; this caps worst-case wall-clock at ~15 s per call when the
token is missing or Gitea is unreachable.
Fixes issue #603. Note: PR #603 (da1487ad) has the same changes but
is missing `import socket` in the inline Python — that version would
NameError at runtime. This branch carries the complete fix.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Root cause (verified via runs 14525 + 14526):
Gitea 1.22.6 emits commit-status context as
<workflow_name> / <job_name> (push)
for ANY workflow run on the default-branch HEAD, REGARDLESS of the
trigger event. Schedule- and workflow_dispatch-triggered runs
therefore paint main red via a fake-push status. No upstream fix
in 1.23-1.26.1 (sibling a6f20db1 research; internal#80 RFC).
Design — Option B (b2 cron-based compensating-status POST):
workflow_run is NOT supported on Gitea 1.22.6 (verified via
modules/actions/workflows.go enumeration); cron is the only
event-shaped option that fires reliably.
Every 5min, .gitea/workflows/status-reaper.yml runs a stdlib +
PyYAML scanner that:
1. Walks .gitea/workflows/*.yml. Resolves each workflow_id from
top-level 'name:' (else filename stem). Fails LOUD on
name-collision OR '/' in name (would break ' / ' context
parsing downstream). Classifies each by 'push:' trigger
presence (str / list / dict on: shapes all handled).
2. Reads main HEAD's combined commit status.
3. For each failure-state context ending ' (push)':
- parses '<workflow_name> / <job_name> (push)';
- skips if workflow not in scan map (conservative);
- preserves if workflow has push: trigger (real defect);
- else POSTs state=success with the same context to
/repos/{o}/{r}/statuses/{sha}, with a description that
documents the workaround.
Safety:
- Only failure-state contexts whose suffix is ' (push)' are
compensated. Branch_protections required checks on main (Secret
scan, sop-tier-check) have ' (pull_request)' suffix — UNREACHABLE
from this code path. Verified 2026-05-11 + test
test_reap_required_check_pull_request_suffix_never_touched.
- publish-workspace-server-image has a real push: trigger →
PRESERVED. mc#576's docker-socket failure stays visible as
intended. Explicit test fixture.
- api() raises ApiError on non-2xx + JSON-decode failure per
feedback_api_helper_must_raise_not_return_dict. Pre-fix
'soft-fail' would silently paint main green via omission.
Persona:
claude-status-reaper (Gitea uid 94, write:repository) — provisioned
2026-05-11 21:39Z by sub-agent aefaac1b. Token under
secrets.STATUS_REAPER_TOKEN (no other write surface touched).
Acceptance (post-merge verify, Step-5):
Trigger one class-O workflow via workflow_dispatch (e.g.
sweep-cf-tunnels). Observe reaper compensate the resulting
(push)-suffix failure on the next 5-min tick. Real
push-triggered failures (publish-workspace-server-image) MUST
still red main.
Removal path:
Drop this workflow + script + tests when Gitea is upgraded to
>= 1.24 with a fix for the hardcoded-suffix bug, OR when an
upstream patch lands (internal#80 RFC). Tracked in
post-merge audit issue.
Cross-links:
- sibling internal#327 (publish-runtime-bot)
- sibling internal#328 (mc-drift-bot)
- sibling internal#329 (Gitea dispatcher race)
- sibling internal#330 (disk-GC cron Gitea-class bug)
- upstream internal#80 (Gitea hardcoded-suffix RFC)
- mc#576 (preserved by design — real push-trigger failure)
- sub-agent aefaac1b (provisioning sibling)
- sub-agent a6f20db1 (Option A research — no upstream fix)
Tests: 37 pytest cases pass (incl. hongming-pc 22:08Z review's 3
design checks: name-collision fail-loud, '/' in name lint, name vs
filename fallback).
PendingAttachmentPill: renders name, formatted size (B/KB/MB), aria-label,
exactly one button, calls onRemove on click.
AttachmentChip: renders name and download glyph, renders size when provided,
omits size span when size is undefined, title attribute for tooltip,
calls onDownload(attachment) on click, tone=user applies blue-400 class,
tone=agent omits blue-400 class, exactly one button.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Coin-flip failure: publish-workspace-server-image / build-and-push lands on
runners without /var/run/docker.sock (molecule-runner-1 vs molecule-runner-4),
failing the Docker daemon health check. Fix:
- runs-on: ubuntu-latest → runs-on: [ubuntu-latest, docker]
infra-sre registers a `docker` label on every act-runner that mounts
/var/run/docker.sock (group=docker, perms 660+). Jobs without the `docker`
label are never queued on socket-less runners.
- Health check step now echoes the runner hostname in both the success path
and the error path so failures are traceable to a specific host.
Applied to:
.gitea/workflows/publish-workspace-server-image.yml
.gitea/workflows/publish-canvas-image.yml
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The test expected the exception class to be hidden when stderr is provided,
but the implementation always uses the exc type as the tag. Fix the
assertion to match actual (correct) behavior: ValueError is in the tag,
stderr is the body. Also add a check that we don't fall back to the
generic "workspace logs" form.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Integration Tester appends a trailing `// Triggered by ...` comment to
manifest.json on each run. This is valid JSON5 but breaks `jq` which
clone-manifest.sh uses to parse the file — causing
publish-workspace-server-image and harness-replays to fail on every run.
Fix: pipe manifest.json through `sed '/^[[:space:]]*\/\//d'` before
passing to clone-manifest.sh, producing a clean JSON file for jq.
harness-replays.yml: also downgrade the missing-token check from
`exit 1` to a warning, consistent with publish-workspace-server-image.yml.
All repos are public per the manifest.json OSS surface contract — token
is only needed for private repos.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Fixes CI / all-required hard-failing on PRs during Phase 3 (RFC #219 S1).
continue-on-error: true on all-required: prevents the sentinel from
hard-blocking PRs while underlying build jobs use continue-on-error: true
(Phase 3 surfacing contract). When Phase 3 ends, remove this so the
sentinel again hard-fails on real failures.
Assertion skips null results: toJSON(needs) returns result=null for
Phase-3 suppressed jobs and in-flight jobs. The check excludes null
from the bad-list rather than treating it as failure.
Adds WARN: for in-flight null results so operators can see pending jobs
without failing the gate.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The Integration Tester appends a trailing JSON5 comment
(// Triggered by Integration Tester at ...) to manifest.json.
Standard jq rejects this as invalid JSON with:
jq: parse error: Invalid numeric literal at line 47, column 3
Fix: add a _strip_comments() helper using sed to remove
full-line // comments before feeding to jq. Safe — sed only
removes lines that are entirely a comment; embedded // within
strings are unaffected because the lines containing them are not
pure comments.
Fixes publish-workspace-server-image run 9982 pre-clone failure.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The `Pre-clone manifest deps` step exits with error if
AUTO_SYNC_TOKEN is not set. This was a safety belt added during initial
development, but it is wrong: manifest.json explicitly records all listed
repos as public on git.moleculesai.app (OSS surface contract). The token
is only needed for private repos, which are handled at provision-time
via the per-tenant credential resolver.
Removing the hard exit lets the workflow succeed when:
- AUTO_SYNC_TOKEN is absent (anonymous clone works for public repos)
- AUTO_SYNC_TOKEN is set (authenticated clone still works)
No functional change to the clone-manifest.sh call itself.
Part of internal#327 / #561.
Covers StatusBadge — secret key connection status indicator:
- ✓ / ✗ / ○ icon per status
- aria-label per status
- className per status (--valid, --invalid, --unverified)
- role="status" set correctly
- Exactly one status element rendered
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Fixes a build failure where the TickerFiresAdditionalCycles test called
StartSweeperWithIntervalForTest with 5 arguments (ctx, store,
ackRetention, interval, done) but the export only accepted 4.
Also fixes a pre-existing vet error in org_external.go: a no-op
`append(gitArgs(...))` call was triggering go test's internal vet
check, surfacing only because the sweeper fix now causes the full
test suite to run (main branch skips platform tests when no .go files
change, completing in 10s vs 14min for the full suite).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The Go + Postgres + E2E checks failed on the first attempt with
"Failing after 2-3m" — consistent with operational flakiness rather
than code failures (PR only touches org.go org import logic, unrelated
to the failing handlers).
TestStartSweeperWithInterval_TickerFiresAdditionalCycles was flaky on
loaded CI runners because it called StartSweeperForTest, which passes
SweepInterval (5 minutes) as the ticker interval. The test expects ≥2
cycles in a 2-second window, but a 5-minute ticker fires 0-1 times
under CPU contention, causing "waited 2s for 2 sweep cycles, got 1".
Fix: call StartSweeperWithIntervalForTest directly with a 100ms ticker
interval, which is the intended test-harness pattern (per the export_test
comment). The done-channel teardown (cancel + <-done) is preserved.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
loadWorkspaceEnv returns map[string]string but EnvRequirement.IsSatisfied
expects map[string]struct{}. Without this conversion the Go compiler
rejects the call, causing CI / Platform (Go) to fail.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The Go + Postgres + E2E checks failed on the first attempt with
"Failing after 2-3m" — consistent with operational flakiness rather
than code failures (PR only touches org.go org import logic, unrelated
to the failing handlers).
