4fd5ac7be3
Fixes molecule-core#1957: agent identity collapse where all agents share one GitHub PAT and their writes attribute to the CEO. This plugin takes the pragmatic "wrap, don't multiply identities" path: - Injects MOLECULE_AGENT_ROLE / OWNER / ATTRIBUTION_BADGE per workspace - Ships a shell wrapper for `gh` that: * prepends an attribution badge to issue/PR bodies on publish * rewrites --assignee @me to the role's designated human owner * emits an NDJSON audit log to /var/log/molecule-gh.ndjson - Wrapper is shipped as base64 env var; each workspace template's install.sh decodes and writes it to /usr/local/bin/gh Scales where GitHub Apps / machine users don't: adding a new agent role is one entry in config.yaml, not a GitHub UI roundtrip per role. See README + known-issues.md for the v2-architecture migration plan. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
18 lines
783 B
YAML
18 lines
783 B
YAML
# Example config for gh-identity plugin.
|
|
# Point MOLECULE_GH_IDENTITY_CONFIG_FILE at this file.
|
|
|
|
roles:
|
|
# Each role → the GitHub user @me calls should be rewritten to.
|
|
# Role names match the `role` field set on workspace metadata; the
|
|
# plugin's SanitizeRole() normalizes whitespace/case, so you can
|
|
# write these in a consistent style regardless of agent input.
|
|
PMM-Lead: { owner: HongmingWang-Rabbit }
|
|
Dev-Lead: { owner: HongmingWang-Rabbit }
|
|
Research-Lead: { owner: HongmingWang-Rabbit }
|
|
Marketing-Lead: { owner: HongmingWang-Rabbit }
|
|
|
|
# Catch-all for roles not explicitly listed. If you omit this, unknown
|
|
# roles get their `--assignee @me` stripped entirely (safer than
|
|
# wrong-attribution).
|
|
default: { owner: HongmingWang-Rabbit }
|