core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
e081c8335f
molecule-core/workspace-server/internal/handlers
History
Hongming Wang e081c8335f refactor(handlers): widen WorkspaceHandler.provisioner to LocalProvisionerAPI interface (#2369) 
Symmetric with the existing CPProvisionerAPI interface. Closes the
asymmetry where the SaaS provisioner field was an interface (mockable
in tests) but the Docker provisioner field was a concrete pointer
(not).

## Changes

- New ``provisioner.LocalProvisionerAPI`` interface — the 7 methods
  WorkspaceHandler / TeamHandler call on h.provisioner today: Start,
  Stop, IsRunning, ExecRead, RemoveVolume, VolumeHasFile,
  WriteAuthTokenToVolume. Compile-time assertion confirms *Provisioner
  satisfies it. Mirror of cp_provisioner.go's CPProvisionerAPI block.
- ``WorkspaceHandler.provisioner`` and ``TeamHandler.provisioner``
  re-typed from ``*provisioner.Provisioner`` to
  ``provisioner.LocalProvisionerAPI``. Constructor parameter type is
  unchanged — the assignment widens to the interface, so the 200+
  callers of ``NewWorkspaceHandler`` / ``NewTeamHandler`` are
  unaffected.
- Constructors gain a ``if p != nil`` guard before assigning to the
  interface field. Without this, ``NewWorkspaceHandler(..., nil, ...)``
  (the test fixture pattern across 200+ tests) yields a typed-nil
  interface value where ``h.provisioner != nil`` evaluates *true*,
  and the SaaS-vs-Docker fork incorrectly routes nil-fixture tests
  into the Docker code path. Documented inline with reference to
  the Go FAQ.
- Hardened the 5 Provisioner methods that lacked nil-receiver guards
  (Start, ExecRead, WriteAuthTokenToVolume, RemoveVolume,
  VolumeHasFile) — return ErrNoBackend on nil receiver instead of
  panicking on p.cli dereference. Symmetric with Stop/IsRunning
  (already hardened in #1813). Defensive cleanup so a future caller
  that bypasses the constructor's nil-elision still degrades
  cleanly.
- Extended TestZeroValuedBackends_NoPanic with 5 new sub-tests
  covering the newly-hardened nil-receiver paths. Defense-in-depth:
  a future refactor that drops one of the nil-checks fails red here
  before reaching production.

## Why now

- Provisioner orchestration has been touched in #2366 / #2368 — the
  interface symmetry is the natural follow-up captured in #2369.
- Future work (CP fleet redeploy endpoint, multi-backend
  provisioners) wants this in place. Memory note
  ``project_provisioner_abstraction.md`` calls out pluggable
  backends as a north-star.
- Memory note ``feedback_long_term_robust_automated.md`` —
  compile-time gates + ErrNoBackend symmetry > runtime panics.

## Verification

- ``go build ./...`` clean.
- ``go test ./...`` clean — 1300+ tests pass, including the
  previously-flaky Create-with-nil-provisioner paths that now
  exercise the constructor's nil-elision correctly.
- ``go test ./internal/provisioner/ -run TestZeroValuedBackends_NoPanic
  -v`` — all 11 nil-receiver subtests green (was 6, +5 for the
  newly-hardened methods).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 09:18:16 -07:00
..
testdata/a2a_corpus test(a2a): protocol-shape replay corpus gate (#2345 follow-up) 2026-04-30 01:26:02 -07:00
a2a_corpus_test.go test(a2a): protocol-shape replay corpus gate (#2345 follow-up) 2026-04-30 01:26:02 -07:00
a2a_proxy_helpers.go fix(a2a): detect dead EC2 agents on upstream 5xx + reactive auto-restart for SaaS 2026-04-30 00:28:22 -07:00
a2a_proxy_test.go refactor(wsauth): extract lookupTokenByHash to dedup auth predicate across 3 callers 2026-04-30 03:11:38 -07:00
a2a_proxy.go fix(a2a): cover CF 521/522/523 in dead-origin status set 2026-04-30 01:39:04 -07:00
a2a_queue_status_test.go feat(a2a): per-queue-id status endpoint + per-message TTL (RFC #2331 Tier 1) 2026-04-29 20:21:17 -07:00
a2a_queue_status.go feat(a2a): per-queue-id status endpoint + per-message TTL (RFC #2331 Tier 1) 2026-04-29 20:21:17 -07:00
a2a_queue_test.go fix(platform/delegation): classify queued response + stitch drain result back 2026-04-26 10:14:19 -07:00
a2a_queue.go feat(a2a): per-queue-id status endpoint + per-message TTL (RFC #2331 Tier 1) 2026-04-29 20:21:17 -07:00
activity_since_id_test.go feat(activity): since_id cursor on GET /activity (#2339 PR 3) 2026-04-29 22:51:52 -07:00
activity_since_secs_test.go feat(activity): accept ?since_secs= for time-window filtering (#2268) 2026-04-29 05:53:52 -07:00
activity_test.go fix(activity): include request/response bodies in ACTIVITY_LOGGED broadcast 2026-04-27 13:38:23 -07:00
activity.go feat(activity): since_id cursor on GET /activity (#2339 PR 3) 2026-04-29 22:51:52 -07:00
admin_memories_test.go fix(handlers): unblock Platform (Go) CI — sqlmock budget-check + test loopback 2026-04-22 19:40:06 -07:00
admin_memories.go fix(org-api-tokens): add org_id column, close requireCallerOwnsOrg regression 2026-04-21 01:34:05 +00:00
admin_queue_test.go fix(handlers/admin_queue_test): wire sqlmock to make DropStale tests pass 2026-04-24 04:40:19 +00:00
admin_queue.go fix(handlers/admin_queue): remove unused db import 2026-04-24 02:22:16 +00:00
admin_schedules_health_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
admin_schedules_health.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
admin_test_token_test.go test(admin_test_token): pin ADMIN_TOKEN IDOR-fix (#112) gate behavior 2026-04-30 02:59:08 -07:00
admin_test_token.go fix(security): close IDOR gaps on /admin/test-token and /orgs/:id/allowlist 2026-04-20 23:29:27 +00:00
admin_workspace_images_test.go feat(platform/admin): /admin/workspace-images/refresh + Docker SDK + GHCR auth 2026-04-26 10:17:21 -07:00
admin_workspace_images.go feat(workspace-server): GHCR digest watcher closes runtime CD chain (#2114) 2026-04-26 13:36:26 -07:00
agent_git_identity_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
agent_git_identity.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
agent_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
agent.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
approvals_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
approvals.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
artifacts_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
artifacts.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
audit_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
audit.go fix: guard HMAC slice truncation in audit chain verification (fixes #1332) (#1339) 2026-04-21 07:52:11 +00:00
budget_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
budget.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
bundle.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
channels_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
channels.go chore: sync staging to main — 1188 commits, 5 conflicts resolved (#1743) 2026-04-23 18:30:18 +00:00
chat_files_test.go test(chat_files): pin lazy-heal mint contract for both Upload and Download 2026-04-30 02:38:28 -07:00
chat_files.go refactor(chat_files): extract streamWorkspaceResponse helper for Upload+Download 2026-04-30 08:27:45 -07:00
checkpoints_integration_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
checkpoints_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
checkpoints.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
config_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
config.go fix(security): cap webhook + config PATCH bodies (H3/H4) 2026-04-19 01:23:03 -07:00
container_files_delete_test.go chore: sync staging to main — 1188 commits, 5 conflicts resolved (#1743) 2026-04-23 18:30:18 +00:00
container_files_test.go fix(handlers): add empty/dot-only path guard to validateRelPath 2026-04-24 07:17:26 +00:00
container_files.go fix(tests): path validation before docker check + a2a queue mock in tests 2026-04-24 11:07:43 +00:00
delegation_test.go fix(platform/delegation): classify queued response + stitch drain result back 2026-04-26 10:14:19 -07:00
delegation.go fix(platform/delegation): classify queued response + stitch drain result back 2026-04-26 10:14:19 -07:00
discovery_test.go fix(discovery): isSafeURL guard on registered URLs (closes #1484) 2026-04-26 06:50:36 -07:00
discovery.go fix(discovery): isSafeURL guard on registered URLs (closes #1484) 2026-04-26 06:50:36 -07:00
events_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
events.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
external_connection.go docs: surface molecule-mcp-claude-channel plugin in external-workspace creation + CONTRIBUTING 2026-04-29 11:33:31 -07:00
github_token_test.go fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 2026-04-23 07:14:33 +00:00
github_token.go fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247) 2026-04-21 03:18:21 +00:00
handlers_additional_test.go feat(external): default external runtime to poll-mode + awaiting_agent 2026-04-30 06:39:57 -07:00
handlers_extended_test.go Fix TestExtended_WorkspaceDelete missing sqlmock expectations 2026-04-20 01:13:52 -07:00
handlers_test.go feat(external): default external runtime to poll-mode + awaiting_agent 2026-04-30 06:39:57 -07:00
hermes_messages_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
hermes_messages.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
hibernation_test.go feat(platform): 409 guard on /hibernate when active_tasks > 0 (closes #822) 2026-04-18 12:09:52 -07:00
instructions.go fix(review): address code review blockers on tool-trace + instructions 2026-04-22 16:18:06 -07:00
mcp_test.go fix(security): backport SSRF defence (CWE-918) to main — isSafeURL in a2a_proxy.go (#1292) (#1302) 2026-04-21 07:06:42 +00:00
mcp_tools.go fix(restart): support SaaS control-plane provisioner (unblocks Platform Go build too) (#1512) 2026-04-21 22:56:01 +00:00
mcp.go fix: CWE-78 rm scope, go vet failures, delegation idempotency 2026-04-21 18:22:30 +00:00
memories_test.go test: GLOBAL memory delimiter spoofing escape + LOCAL scope untouched 2026-04-18 11:54:52 -07:00
memories.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
memory_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
memory.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
native_session_test.go feat(runtime): native_session skips a2a_queue enqueue — primitive #5 of 6 2026-04-26 23:34:04 -07:00
native_status_mgmt_test.go feat(runtime): native_status_mgmt skip — primitive #4 of 6 2026-04-26 23:13:13 -07:00
org_helpers.go fix: CWE-78 rm scope, go vet failures, delegation idempotency 2026-04-21 18:22:30 +00:00
org_import_force_removed_test.go fix(org-import): remove force=true bypass of required-env preflight 2026-04-29 03:23:23 -07:00
org_import.go merge: sync staging into feat/wire-max-concurrent-from-template-1408 2026-04-26 11:11:30 -07:00
org_include_test.go fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 2026-04-23 07:14:33 +00:00
org_include.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
org_path_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
org_plugin_allowlist_test.go fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 2026-04-23 07:14:33 +00:00
org_plugin_allowlist.go fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 2026-04-23 07:14:33 +00:00
org_prompt_ref_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
org_test.go feat(org-templates): add ux-ab-lab + manifest entry + schema smoke test 2026-04-24 16:22:14 -07:00
org_tokens_test.go fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 2026-04-23 07:14:33 +00:00
org_tokens.go fix(platform): unblock SaaS workspace registration end-to-end 2026-04-21 03:06:46 -07:00
org.go fix(org-import): remove force=true bypass of required-env preflight 2026-04-29 03:23:23 -07:00
plugins_install_pipeline_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
plugins_install_pipeline.go test(plugins): unblock TestResolveAndStage_NoInternalErrorsInHTTPErr (#1814) 2026-04-27 04:00:39 -07:00
plugins_install.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
plugins_listing.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
plugins_sources.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
plugins_test.go fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 2026-04-23 07:14:33 +00:00
plugins.go test(plugins): unblock TestResolveAndStage_NoInternalErrorsInHTTPErr (#1814) 2026-04-27 04:00:39 -07:00
registry_test.go feat(external): default external runtime to poll-mode + awaiting_agent 2026-04-30 06:39:57 -07:00
registry.go feat(external): default external runtime to poll-mode + awaiting_agent 2026-04-30 06:39:57 -07:00
restart_context_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
restart_context.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
restart_template_test.go fix(handlers): apply sanitizeRuntime allowlist before Tier 4 filepath.Join (CWE-22) 2026-04-24 11:37:19 +00:00
restart_template.go fix(handlers): apply sanitizeRuntime allowlist before Tier 4 filepath.Join (CWE-22) 2026-04-24 11:37:19 +00:00
runtime_overrides_test.go feat(runtime): native_scheduler skip — primitive #3 of 6 2026-04-26 22:47:00 -07:00
runtime_overrides.go feat(runtime): native_scheduler skip — primitive #3 of 6 2026-04-26 22:47:00 -07:00
runtime_provision_timeouts_test.go feat(workspace-server): surface provision_timeout_ms in workspace API (#2054 phase 2) 2026-04-26 06:37:45 -07:00
runtime_provision_timeouts.go refactor(handlers): apply simplify findings on PR #2094 2026-04-26 06:40:15 -07:00
runtime_registry_test.go feat(external-runtime): first-class BYO-compute workspaces + manifest-driven registry 2026-04-24 15:34:10 -07:00
runtime_registry.go feat(external-runtime): first-class BYO-compute workspaces + manifest-driven registry 2026-04-24 15:34:10 -07:00
schedules_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
schedules.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
secrets_test.go feat(canvas+platform): chat attachments, model selection, deploy/delete UX 2026-04-24 13:27:51 -07:00
secrets.go feat(canvas+platform): chat attachments, model selection, deploy/delete UX 2026-04-24 13:27:51 -07:00
security_regression_685_686_687_688_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
socket.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
sse_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
sse.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
ssrf_test.go test(ssrf): pin dev-mode RFC-1918 allow contract (follow-up to #2103) 2026-04-26 10:32:33 -07:00
ssrf.go fix(platform/ssrf): allow RFC-1918 in MOLECULE_ENV=development 2026-04-26 10:14:47 -07:00
team_test.go fix(team): delegate Expand child-provisioning to shared mint pipeline (#2367) 2026-04-30 02:28:29 -07:00
team.go refactor(handlers): widen WorkspaceHandler.provisioner to LocalProvisionerAPI interface (#2369) 2026-04-30 09:18:16 -07:00
template_files_eic_test.go feat(files-api): SSH-backed write for SaaS workspaces (fixes 500 docker not available) 2026-04-22 18:27:12 -07:00
template_files_eic.go feat(files-api): SSH-backed write for SaaS workspaces (fixes 500 docker not available) 2026-04-22 18:27:12 -07:00
template_import_test.go feat(quickstart): default new agents to T3 (Privileged) 2026-04-23 15:34:22 -07:00
template_import.go feat(quickstart): default new agents to T3 (Privileged) 2026-04-23 15:34:22 -07:00
templates_test.go fix(test): TestDeleteFile_WorkspaceNotFound uses relative path "old-file.txt" 2026-04-24 12:45:29 +00:00
templates.go refactor(handlers): apply simplify findings on PR #2094 2026-04-26 06:40:15 -07:00
terminal_test.go fix(terminal): check org_token_id context to allow org-token A2A routing (KI-005 followup) 2026-04-24 16:17:50 +00:00
terminal.go fix(terminal): check org_token_id context to allow org-token A2A routing (KI-005 followup) 2026-04-24 16:17:50 +00:00
tokens_sqlmock_test.go test(handlers): sqlmock coverage for tokens.go (closes #1819) 2026-04-26 02:50:42 -07:00
tokens_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
tokens.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
traces_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
traces.go fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247) 2026-04-21 03:18:21 +00:00
transcript_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
transcript.go fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247) 2026-04-21 03:18:21 +00:00
viewport_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
viewport.go fix(security): replace err.Error() with generic messages in handler responses (#1193) 2026-04-21 00:56:03 +00:00
webhooks_test.go fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 2026-04-23 07:14:33 +00:00
webhooks_workflow_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
webhooks.go fix: multiple platform handler bug fixes 2026-04-20 05:01:01 +00:00
workspace_bootstrap_test.go feat(platform): bootstrap-failed + console endpoints for CP watcher 2026-04-20 17:11:34 -07:00
workspace_bootstrap.go fix(security): sanitize error details in BootstrapFailed, provision, and plugin install (#1219) 2026-04-21 02:11:38 +00:00
workspace_budget_test.go feat(workspaces): delivery_mode column + poll-mode register flow (#2339 PR 1) 2026-04-29 21:47:14 -07:00
workspace_crud.go fix(workspace_crud): drop restartStates entries on workspace delete (#2269) 2026-04-29 05:53:34 -07:00
workspace_metrics_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
workspace_metrics.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
workspace_preflight_test.go chore: code-review cleanup on today's shipped PRs 2026-04-20 16:04:57 -07:00
workspace_preflight.go chore: code-review cleanup on today's shipped PRs 2026-04-20 16:04:57 -07:00
workspace_provision_shared_test.go test(provision): direct unit tests for readOrLazyHealInboundSecret 2026-04-30 04:41:13 -07:00
workspace_provision_shared.go refactor: extract readOrLazyHealInboundSecret to dedup chat_files + registry 2026-04-30 04:11:43 -07:00
workspace_provision_test.go fix(provision): share Docker+SaaS prepare path so both mint workspace secrets (RFC #2312) 2026-04-30 02:18:08 -07:00
workspace_provision.go fix(provision): share Docker+SaaS prepare path so both mint workspace secrets (RFC #2312) 2026-04-30 02:18:08 -07:00
workspace_restart_coalesce_test.go fix(restart): clear running flag on panic in cycle() 2026-04-29 00:00:12 -07:00
workspace_restart_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
workspace_restart.go fix(restart): extract stopForRestart helper + add 524 to dead-agent list 2026-04-30 00:58:22 -07:00
workspace_test.go feat(workspaces): delivery_mode column + poll-mode register flow (#2339 PR 1) 2026-04-29 21:47:14 -07:00
workspace.go refactor(handlers): widen WorkspaceHandler.provisioner to LocalProvisionerAPI interface (#2369) 2026-04-30 09:18:16 -07:00