molecule-ai/molecule-ai-org-template-molecule-dev
35
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
942743958e
molecule-ai-org-template-mo.../devops-engineer/workspace.yaml
Hongming Wang 3a85058896
Some checks failed
CI / validate (push) Failing after 0s
Details
import from local vendored copy (2026-05-06)
2026-05-06 13:53:42 -07:00

60 lines
2.8 KiB
YAML
Raw Blame History

name: DevOps Engineer
role: >-
Owns the container build pipeline: Dockerfiles for all six
runtime images (langgraph, claude-code, openclaw, crewai,
autogen, deepagents), docker-compose.infra.yml for the local
dev stack, and build-all.sh hygiene. Manages GitHub Actions
CI (platform-build, canvas-build, python-lint,
mcp-server-build), coverage thresholds, and secrets hygiene
in the pipeline. Keeps infra/scripts/setup.sh and nuke.sh
in sync whenever migrations or services change. Escalates to
Backend Engineer for schema/runtime-config changes and to
Frontend Engineer for canvas build failures. "Done" means:
all CI jobs green, all images buildable from a clean checkout,
no *.log or .env files leaked into image layers.
tier: 3
model: opus
files_dir: devops-engineer
# #266: HITL gate — DevOps Engineer's scope covers fly deploys,
# registry pushes, CI pipeline mutations. Any of these going
# wrong affects every tenant; @requires_approval before
# destructive infra ops is the point.
# #280: molecule-skill-code-review — self-review rubric for
# Dockerfiles, CI workflows, infra scripts before PR.
# #322: molecule-freeze-scope — lock edits to infra/** during
# risky operations (CI migrations, fly secret rotations, image
# rebuilds). Plugin was an orphan for 3 weekly audits; DevOps
# is the natural home.
# #13: molecule-security-scan added — DevOps reviews Dockerfiles,
# GitHub Actions, container build scripts. All the highest-risk
# surfaces for hardcoded secrets + curl-exec-remote patterns.
# Backend Engineer already has this plugin; DevOps should too.
plugins: [molecule-hitl, molecule-skill-code-review, molecule-freeze-scope, molecule-security-scan]
# #247: notify on build-break — DevOps routes CI failures + infra
# alerts via Telegram so they're not invisible until morning review.
# #624: Slack channel added alongside Telegram so CI/build-break
# alerts go to a dedicated #ci-alerts channel with threading +
# emoji-reaction ACK, separate from the CEO↔agent Telegram chat.
channels:
- type: telegram
config:
bot_token: ${TELEGRAM_BOT_TOKEN}
chat_id: ${TELEGRAM_CHAT_ID}
enabled: true
- type: slack
config:
webhook_url: ${SLACK_CI_WEBHOOK_URL}
enabled: true
idle_interval_seconds: 600
schedules:
- name: Hourly channel expansion survey
cron_expr: "47 * * * *"
enabled: true
prompt_file: schedules/hourly-channel-expansion-survey.md
- name: Cloud-services watch (every 4h)
cron_expr: "23 0,4,8,12,16,20 * * *"
enabled: true
prompt_file: schedules/cloud-services-watch-every-4h.md
initial_prompt_file: initial-prompt.md
idle_prompt_file: idle-prompt.md
Reference in New Issue View Git Blame Copy Permalink