core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
e502003c74
molecule-core/workspace-server/internal/registry/access.go
Hongming Wang d8026347e5 chore: open-source restructure — rename dirs, remove internal files, scrub secrets 
Renames:
- platform/ → workspace-server/ (Go module path stays as "platform" for
  external dep compat — will update after plugin module republish)
- workspace-template/ → workspace/

Removed (moved to separate repos or deleted):
- PLAN.md — internal roadmap (move to private project board)
- HANDOFF.md, AGENTS.md — one-time internal session docs
- .claude/ — gitignored entirely (local agent config)
- infra/cloudflare-worker/ → Molecule-AI/molecule-tenant-proxy
- org-templates/molecule-dev/ → standalone template repo
- .mcp-eval/ → molecule-mcp-server repo
- test-results/ — ephemeral, gitignored

Security scrubbing:
- Cloudflare account/zone/KV IDs → placeholders
- Real EC2 IPs → <EC2_IP> in all docs
- CF token prefix, Neon project ID, Fly app names → redacted
- Langfuse dev credentials → parameterized
- Personal runner username/machine name → generic

Community files:
- CONTRIBUTING.md — build, test, branch conventions
- CODE_OF_CONDUCT.md — Contributor Covenant 2.1

All Dockerfiles, CI workflows, docker-compose, railway.toml, render.yaml,
README, CLAUDE.md updated for new directory names.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 00:24:44 -07:00

131 lines
4.0 KiB
Go
Raw Blame History

package registry
import (
"database/sql"
"log"
"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
)
// maxAncestorWalk caps the depth of the parent-chain walk in
// CanCommunicate. Org trees are realistically 3-5 deep
// (PM → Dev Lead → Backend Engineer is depth 3); 32 is a safety
// ceiling so a malformed cycle in the workspaces table can't loop
// forever.
const maxAncestorWalk = 32
type workspaceRef struct {
ID string
ParentID *string
}
func getWorkspaceRef(id string) (*workspaceRef, error) {
var ws workspaceRef
var parentID sql.NullString
err := db.DB.QueryRow(`SELECT id, parent_id FROM workspaces WHERE id = $1`, id).
Scan(&ws.ID, &parentID)
if err != nil {
return nil, err
}
if parentID.Valid {
ws.ParentID = &parentID.String
}
return &ws, nil
}
// isAncestorOf returns true if `ancestorID` is found anywhere on the
// parent-chain walk starting from `childID`. Walks at most maxAncestorWalk
// steps so a corrupt parent-cycle cannot loop forever. Returns false on any
// DB lookup error (logged) — fail-secure.
func isAncestorOf(ancestorID, childID string) bool {
current := childID
for i := 0; i < maxAncestorWalk; i++ {
ref, err := getWorkspaceRef(current)
if err != nil {
log.Printf("isAncestorOf: walk lookup %s: %v", current, err)
return false
}
if ref.ParentID == nil {
return false
}
if *ref.ParentID == ancestorID {
return true
}
current = *ref.ParentID
}
log.Printf("isAncestorOf: walk exceeded maxAncestorWalk=%d from %s — corrupt parent chain?",
maxAncestorWalk, childID)
return false
}
// CanCommunicate checks if two workspaces can talk to each other based on
// the org hierarchy. The rules:
//
// - self → self
// - siblings (same parent, including both root-level)
// - any ancestor → any descendant (e.g. PM → Backend Engineer)
// - any descendant → any ancestor (e.g. Security Auditor → PM)
//
// The third and fourth rules generalise the previous "direct parent ↔
// child" check. Originally this was strict 1-step parent/child only,
// which broke the audit-routing contract: Security Auditor (under Dev
// Lead, under PM) could not call delegate_task on PM to deliver an
// audit_summary, so it fell back to delegating to Dev Lead — bypassing
// PM's category_routing entirely.
//
// The relaxation preserves the hierarchy intent (no horizontal cross-team
// chatter — Frontend Engineer cannot directly message Backend Engineer
// unless they share a parent, which they do under Dev Lead) while
// unblocking the leadership-chain pattern that is fundamental to how
// audit summaries fan out across the org.
func CanCommunicate(callerID, targetID string) bool {
if callerID == targetID {
return true
}
caller, err := getWorkspaceRef(callerID)
if err != nil {
log.Printf("CanCommunicate: lookup caller %s: %v", callerID, err)
return false
}
target, err := getWorkspaceRef(targetID)
if err != nil {
log.Printf("CanCommunicate: lookup target %s: %v", targetID, err)
return false
}
// Siblings — same parent (including root-level where both have no parent)
if caller.ParentID != nil && target.ParentID != nil &&
*caller.ParentID == *target.ParentID {
return true
}
// Root-level siblings — both have no parent
if caller.ParentID == nil && target.ParentID == nil {
return true
}
// Direct parent → child (fast path; avoids the ancestor walk)
if target.ParentID != nil && caller.ID == *target.ParentID {
return true
}
// Direct child → parent (fast path)
if caller.ParentID != nil && target.ID == *caller.ParentID {
return true
}
// Distant ancestor → descendant: caller is somewhere up target's chain.
// Triggers extra DB lookups, only reached when the fast paths above didn't match.
if target.ParentID != nil && isAncestorOf(callerID, *target.ParentID) {
return true
}
// Distant descendant → ancestor: target is somewhere up caller's chain.
// (e.g. Security Auditor → PM, where Security Auditor's parent is Dev Lead.)
if caller.ParentID != nil && isAncestorOf(targetID, *caller.ParentID) {
return true
}
return false
}
View Git Blame Copy Permalink