forked from molecule-ai/molecule-core
3501e6bfd7
Migrates the two Go modules under molecule-core off the dead
github.com/Molecule-AI/molecule-monorepo/... identity onto the vanity
host go.moleculesai.app. Also fixes the historical naming
inconsistency where the Gitea repo is molecule-core but the Go module
path said molecule-monorepo.
Module changes:
- workspace-server/go.mod:
github.com/Molecule-AI/molecule-monorepo/platform
-> go.moleculesai.app/core/platform
- tests/harness/cp-stub/go.mod:
github.com/Molecule-AI/molecule-monorepo/tests/harness/cp-stub
-> go.moleculesai.app/core/tests/harness/cp-stub
Surfaces touched
- 174 *.go files (374 import lines) — every import under
workspace-server/ + tests/harness/cp-stub/
- 2 Dockerfiles (workspace-server/Dockerfile + Dockerfile.tenant) —
-ldflags strings updated in lockstep with the module rename so
buildinfo.GitSHA injection still resolves correctly
- README + docs + scripts + comment URLs to git.moleculesai.app form
- NEW workspace-server/internal/lint/import_path_lint_test.go —
structural lint gate rejecting future github.com/Molecule-AI/ or
Molecule-AI/molecule-monorepo references. Identical template to the
other migration PRs (plugin-gh-identity#3, molecule-cli#2,
molecule-controlplane#32).
Cross-repo dep allowlist (documented in lint gate)
workspace-server requires molecule-ai-plugin-gh-identity, whose own
vanity migration is PR molecule-ai-plugin-gh-identity#3. Until that PR
merges + a tag is cut at go.moleculesai.app/plugin/gh-identity, the
two locations referencing the legacy github.com path
(workspace-server/go.mod require, cmd/server/main.go import) remain
allowlisted. Follow-up PR drops the allowlist + updates both refs in
one shot once gh-identity is fully migrated.
Test plan
- go build ./... clean for both modules
- go test ./... green except two pre-existing failures
(TestStartSweeper_RecordsMetricsOnSuccess flaky-on-suite,
TestLocalResolver_BubblesUpCopyFailure relies on read-only fs perms
but runs as root on operator host) — both reproduce identically on
baseline main pre-migration; NOT regressions of this PR
- Mutation-tested: lint gate fails on canaries in .go + .md;
allowlist correctly suppresses cross-repo dep references in go.mod
while still flagging unrelated additions
Open dependency
- go.moleculesai.app responder must be deployed before fresh-clone
external builds resolve the vanity path. Existing CI / Docker builds
ride pinned go.sum + self-referential module path + responder is
not on critical path for those.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3.7 KiB
3.7 KiB
Internal content policy
The molecule-ai/molecule-core repo is public. Anything internal
(positioning, competitive briefs, sales playbooks, PMM/press drip, draft
campaigns, raw research notes, ops runbooks, retrospectives) lives in
Molecule-AI/internal.
This page is the canonical decision tree.
Quick decision
"I'm an agent (or human) about to write a markdown file. Where does it go?"
| If the artifact is… | Put it in… |
|---|---|
| Competitive brief, market analysis, raw research notes | Molecule-AI/internal/research/ |
| PMM positioning draft, sales playbook, press release pre-publish | Molecule-AI/internal/marketing/ |
| Draft campaign asset (still iterating, not yet customer-visible) | Molecule-AI/internal/marketing/campaigns/ |
| Roadmap discussion, planning doc, retrospective | Molecule-AI/internal/PLAN.md or Molecule-AI/internal/retrospectives/ |
| Runbook, ops procedure, incident postmortem | Molecule-AI/internal/runbooks/ |
| Public-ready blog post (final draft, ready to ship to docs site) | molecule-ai/molecule-core/docs/blog/ |
| Public-ready tutorial / quickstart | molecule-ai/molecule-core/docs/tutorials/ |
| Public DevRel content (code samples, demos for users) | molecule-ai/molecule-core/docs/devrel/ |
| API reference, architecture docs for external developers | molecule-ai/molecule-core/docs/api/ |
| Code, tests, infrastructure | wherever is appropriate inside this repo |
Rule of thumb: "Would I be comfortable if a competitor / journalist / customer
read this verbatim today?" — yes → monorepo/docs/. No / not yet → internal/.
Why
This repo is publicly indexable. Anything pushed here is permanently in git history, search-engine indexed, and accessible to anyone who clones. Past incidents (audit 2026-04-23) found:
- Competitive teardowns of CrewAI / Paperclip / VoltAgent at root
/research/ - 45 marketing artifacts at root
/marketing/includingpmm/positioning.md,press/launch.md,sales/enablement.md - 31 draft campaign files at
/docs/marketing/ - Junk temp files at root:
comment-1172.json,tick-reflections-temp.md
All migrated to internal/from-monorepo-2026-04-23/ for curator triage.
Enforcement
Three layers, all required:
.gitignore— blocks the directories atgit addtime. Quietest layer; doesn't fire if someone usesgit add -f.- CI workflow
block-internal-paths.yml— fails any PR that adds a forbidden path. Mechanical backstop. Cannot be bypassed without editing the workflow + PR review. - Agent prompts —
SHARED_RULES.mdrule (inmolecule-ai-org-template-molecule-dev) tells every agent role to write internal content toMolecule-AI/internaldirectly viagh repo clone+ commit + PR. This is the prevention-at-source layer.
If you're hitting the CI gate and your file genuinely belongs in this repo,
edit FORBIDDEN_PATTERNS in the workflow with reviewer signoff. Don't
work around the gate by renaming files.
How to write to the internal repo (for agents)
# One-time clone (idempotent — re-running is a no-op)
mkdir -p ~/repos
test -d ~/repos/internal || gh repo clone Molecule-AI/internal ~/repos/internal
cd ~/repos/internal
git pull origin main
mkdir -p research
cat > research/<slug>.md <<EOF
# <title>
…content…
EOF
git checkout -b <agent-role>/research-<slug>
git add research/<slug>.md
git commit -m "research: add <slug>"
git push -u origin HEAD
gh pr create --base main --fill
Yes, this is more steps than cd molecule-monorepo && git add research/foo.md.
That cost is intentional: the friction is the point. Public space and
internal space are different products with different audiences and
different durability guarantees.