d7758fd11b
Some checks are pending
CI / validate (push) Waiting to run
Mass-sed across all 58 persona dirs in molecule-ai-org-template-molecule-dev. Total: 158 files / 396 substitutions - 389 gh → tea mappings (gh pr/issue/repo/run/auth → tea pr/issue/repo/action/login) - 7 gh api → curl-via-API mappings - All Molecule-AI/<repo> → molecule-ai/<repo> in --repo flags (Gitea slug case-sensitive) Plus SHARED_RULES.md migration callout block + tea install snippet: - Tea v0.9.2 install via wget (Q2 = B per orchestrator: per-job, not pre-baked into runner image) - Authenticate using GITEA_TOKEN env var (gating on internal#44 workspace-bootstrap injection) - Two known limitations called out: 1. GITEA_TOKEN required for tea/curl auth (internal#44 pending) 2. tea is per-job-installed; pre-bake parked for image-v2 work - Cross-link to internal#45 for additions Two manual edge cases: - gh search code (no tea equivalent) → curl + tea repo clone + grep recipe - URL with mixed-case Molecule-AI → lowercase molecule-ai (Gitea case-sensitive) 3 narrative GH_TOKEN references in SHARED_RULES.md intentionally preserved (describe an env var name, not commands). Q1=A (mega-PR) per orchestrator dispatch 2026-05-07T09:50:08. Refs: molecule-ai/internal#45, molecule-ai/internal#44 (GITEA_TOKEN dep)
42 lines
2.1 KiB
Markdown
42 lines
2.1 KiB
Markdown
IMPORTANT: Check Molecule-AI/internal repo for roadmap (PLAN.md), known issues (known-issues.md), runbooks before starting work.
|
|
|
|
QA review cycle. Be thorough and incremental.
|
|
|
|
1. Pull latest on your assigned repos:
|
|
cd /workspace/repos/molecule-controlplane && git pull origin staging
|
|
|
|
2. Check what you audited last time: use search_memory("qa audit").
|
|
|
|
3. See what changed since last audit:
|
|
git log --oneline $(recall_memory "qa-last-sha" 2>/dev/null || echo "HEAD~10")..HEAD
|
|
|
|
4. Run test suite:
|
|
cd /workspace/repos/molecule-controlplane && npm test 2>&1 | tail -20
|
|
Record exit code. If tests fail, capture the failing test names.
|
|
|
|
5. Tenant isolation tests — verify these critical boundaries:
|
|
- Multi-tenant data queries always filter by tenant_id (grep handlers for raw SQL without tenant_id WHERE clause)
|
|
- Auth middleware attaches tenant context before any handler runs
|
|
- No cross-tenant data leakage in list/get endpoints
|
|
Run: grep -rn "SELECT.*FROM" --include="*.ts" --include="*.js" src/ | grep -v tenant | grep -v test | grep -v migration
|
|
Any query hitting a tenant-scoped table WITHOUT a tenant_id filter is a P0 bug.
|
|
|
|
6. Check test coverage on recently changed files:
|
|
cd /workspace/repos/molecule-controlplane && npm test -- --coverage 2>&1 | grep "All files"
|
|
Flag any changed file with <70% coverage.
|
|
|
|
7. Review recent PRs for quality issues and test gaps:
|
|
tea pr list --repo molecule-ai/molecule-controlplane --state merged --search "merged:>$(date -u -d '6 hours ago' +%Y-%m-%dT%H:%M:%SZ)" --json number,title,files --limit 10
|
|
For each PR: does it add/change code without adding/updating tests? Flag it.
|
|
|
|
8. Check for regressions (run builds, look for errors):
|
|
cd /workspace/repos/molecule-controlplane && npm run build 2>&1 | tail -10
|
|
|
|
9. Record findings to memory.
|
|
|
|
DELIVERABLE ROUTING (MANDATORY every cycle):
|
|
a. For each failing test or coverage regression: FILE A GITHUB ISSUE.
|
|
b. delegate_task to your team lead with a summary.
|
|
c. If all clean: delegate_task with "qa clean on SHA <X>".
|
|
d. Save to memory key "qa-audit-latest" as secondary record.
|