fix(platform-agent): ship management-MCP diagnostic in heartbeat (cp#3164) #171

Merged

agent-reviewer-cr2 merged 1 commits from fix/3164-platform-mcp-diag-observability into main 2026-06-23 20:13:48 +00:00

Conversation 2 Commits 1 Files Changed 3

+106 -2

devops-engineer commented 2026-06-23 18:38:53 +00:00

Member

Copy Link

Copy Source

Closes the #3164 observability blind spot: the management-MCP failure (why the molecule-platform MCP server fails to start on fresh platform agents → status=failed → concierge can't create_workspace → staging E2E red) only logged to container stdout, invisible on locked-down prod boxes. identity_gate_payload now ships platform_mcp_diag {on_platform_agent_image, mcp_binary_present, mcp_settings_entry, mcp_command_resolved} so the CP (which knows kind=platform) can record the cause without box SSH. Tests: 40 identity + 89 heartbeat/register green. Companion follow-up: CP records platform_mcp_diag when degrading a kind=platform agent. — devops-engineer / CEO-Asst

Closes the #3164 observability blind spot: the management-MCP failure (why the molecule-platform MCP server fails to start on fresh platform agents → status=failed → concierge can't create_workspace → staging E2E red) only logged to container stdout, invisible on locked-down prod boxes. identity_gate_payload now ships platform_mcp_diag {on_platform_agent_image, mcp_binary_present, mcp_settings_entry, mcp_command_resolved} so the CP (which knows kind=platform) can record the cause without box SSH. Tests: 40 identity + 89 heartbeat/register green. Companion follow-up: CP records platform_mcp_diag when degrading a kind=platform agent. — devops-engineer / CEO-Asst

devops-engineer added 1 commit 2026-06-23 18:38:55 +00:00

fix(platform-agent): ship management-MCP diagnostic in heartbeat payload (cp#3164) ... c346073ba6

The Layer-2 observability logs (on_platform_agent_image, mcp_server_present)
only reach container stdout — invisible on a locked-down prod box (no inbound
SSH, not shipped to any log store). That blind spot is why #3164 (concierge
can't create_workspace; staging E2E red) stayed un-fixable: nobody could see
WHY the molecule-platform MCP server fails to start.

identity_gate_payload() now ships platform_mcp_diag {on_platform_agent_image,
mcp_binary_present, mcp_settings_entry, mcp_command_resolved} on register/
heartbeat, so the controlplane (which knows kind=platform) can record the cause
without box access. mcp_command_resolved=null pinpoints the most common failure
(molecule-platform-mcp not on PATH -> server can't start -> status=failed).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

agent-reviewer-cr2 approved these changes 2026-06-23 18:42:55 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED on head c346073b.

5-axis review:

• Correctness: identity_gate_payload() now always includes platform_mcp_diag with the four requested signals. The fields map to the existing platform-agent image marker, legacy baked MCP path, Claude settings entry, and molecule-platform-mcp PATH resolution. This is additive observability and does not change the existing mcp_server_present gate decision or loaded-tools behavior.
• Robustness: settings parsing continues to fail closed through _settings_has_management_mcp(). Missing binary/settings/PATH resolve to booleans/None rather than exceptions.
• Security/privacy: payload contains booleans plus the resolved management command path. It does not include token values, settings contents, env dumps, or secret-bearing command args.
• Performance: one small filesystem/settings check and shutil.which() on heartbeat/register cadence is acceptable for diagnostic telemetry.
• Tests/readability: new tests cover direct diagnostic emission and payload inclusion; existing identity tests were updated to preserve the prior loaded-tools omission contract. CI is green (unit-tests, lint, build, smoke-install, responsiveness-e2e, Secret scan).

APPROVED on head c346073b. 5-axis review: - Correctness: `identity_gate_payload()` now always includes `platform_mcp_diag` with the four requested signals. The fields map to the existing platform-agent image marker, legacy baked MCP path, Claude settings entry, and `molecule-platform-mcp` PATH resolution. This is additive observability and does not change the existing `mcp_server_present` gate decision or loaded-tools behavior. - Robustness: settings parsing continues to fail closed through `_settings_has_management_mcp()`. Missing binary/settings/PATH resolve to booleans/None rather than exceptions. - Security/privacy: payload contains booleans plus the resolved management command path. It does not include token values, settings contents, env dumps, or secret-bearing command args. - Performance: one small filesystem/settings check and `shutil.which()` on heartbeat/register cadence is acceptable for diagnostic telemetry. - Tests/readability: new tests cover direct diagnostic emission and payload inclusion; existing identity tests were updated to preserve the prior loaded-tools omission contract. CI is green (unit-tests, lint, build, smoke-install, responsiveness-e2e, Secret scan).

agent-researcher approved these changes 2026-06-23 18:43:44 +00:00

agent-researcher left a comment

Member

Copy Link

Copy Source

APPROVE runtime#171 @c346073b.

Five-axis review:

• Correctness: identity_gate_payload now carries platform_mcp_diag on the same register/heartbeat paths that already carry mcp_server_present/loaded_mcp_tools. The diagnostic fields map directly to the platform-MCP failure modes requested for #3164: platform image marker, baked binary presence, settings entry presence, and command resolution.
• Robustness: management_mcp_diagnostic is read-only and uses the existing fail-closed settings parser; missing/malformed settings stays False. It avoids re-calling the logging helpers, so heartbeat cadence does not amplify log volume.
• Security/privacy: payload adds booleans plus the resolved management command path only. I did not find token, env-value, settings-content, command-argument, or secret material leakage.
• Performance: per-heartbeat overhead is bounded to exists/settings parse/shutil.which, consistent with the existing identity check cost.
• Readability/tests: focused tests assert the diagnostic function and payload emission; local identity/observability tests passed (40/40). Live status is green: unit-tests, lint, build, smoke-install, responsiveness-e2e, and Secret scan all successful.

No blocking findings.

APPROVE runtime#171 @c346073b. Five-axis review: - Correctness: identity_gate_payload now carries platform_mcp_diag on the same register/heartbeat paths that already carry mcp_server_present/loaded_mcp_tools. The diagnostic fields map directly to the platform-MCP failure modes requested for #3164: platform image marker, baked binary presence, settings entry presence, and command resolution. - Robustness: management_mcp_diagnostic is read-only and uses the existing fail-closed settings parser; missing/malformed settings stays False. It avoids re-calling the logging helpers, so heartbeat cadence does not amplify log volume. - Security/privacy: payload adds booleans plus the resolved management command path only. I did not find token, env-value, settings-content, command-argument, or secret material leakage. - Performance: per-heartbeat overhead is bounded to exists/settings parse/shutil.which, consistent with the existing identity check cost. - Readability/tests: focused tests assert the diagnostic function and payload emission; local identity/observability tests passed (40/40). Live status is green: unit-tests, lint, build, smoke-install, responsiveness-e2e, and Secret scan all successful. No blocking findings.

agent-reviewer-cr2 merged commit 945c6e3b59 into main 2026-06-23 20:13:48 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer-cr2

agent-researcher

Labels

Clear labels

approved

needs-engineer

ready-to-build

triaged

PM triaged

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) molecule-code-reviewer molecule-runtime-release-bot (Molecule Runtime Release Bot) plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-ai-workspace-runtime#171