molecule-ai/molecule-ai-workspace-runtime
51
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
main
molecule-ai-workspace-runtime/scripts
T
History
core-devops befdaa3ca9
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
ci / lint (pull_request) Successful in 17s
Details
ci / build (pull_request) Successful in 37s
Details
ci / smoke-install (pull_request) Successful in 55s
Details
ci / unit-tests (pull_request) Successful in 1m36s
Details
ci / responsiveness-e2e (pull_request) Successful in 1m44s
Details
test(guardrails): G0/G1/G6 de-bake SSOT guardrails + guardrail self-test (task #80) 
Adds the missing de-bake CI guardrails (the existing G2/G5 already live in
test_prompt_files_ssot.py / test_mcp_render_openclaw_failclosed.py) plus a
meta self-test that PROVES each guardrail catches its bug.

  G0 (runtime half) — tests/test_prompt_filename_ssot_g0.py: build_system_prompt's
     no-prompt_files fallback is the canonical filename "system-prompt.md" (the
     same literal core's subst/probe/allowlist/default-config converge on), with a
     NEGATIVE fixture: prompt_files pointing at an unshipped file => identity LOST
     (not silently wrong). Core half pinned by the companion Go guardrail.
  G1 — tests/test_prompt_channel_ssot_g1.py: the SINGLE prompt-delivery channel is
     config.system_prompt. _common_setup publishes it from the one build; with the
     channel = MARKER-A and system-prompt.md on disk = MARKER-B, an executor reads
     the channel (A), never re-reads the file (B). Guards that the executor-facing
     setup pipeline does NOT call the legacy per-runtime get_system_prompt re-read.
     Pairs with task #76.
  G6 — tests/test_mcp_render_completeness_g6.py: every runtime in the kind=platform
     allowlist {claude-code, codex, openclaw} has a CONCRETE mcp_render._RUNTIME_SPECS
     entry (not the _DEFAULT_RUNTIME claude fallback) — its own native MCP-config
     path + renderer + present-reader; no #3159 cross-runtime mis-attribution.
  Guardrail self-test — tests/test_guardrail_self_test.py + the runnable driver
     scripts/run_guardrail_self_test.py: for G0/G1/G2/G5/G6, inject the known
     regression into a throwaway fixture/patched module and assert the guardrail
     goes RED, then revert. "How do we test the guardrails work?" — run the driver.

NO-BYPASS: all files are tests/test_*.py collected by the unit-tests CI job
(pytest -q --ignore=tests/integration) with no paths: filter and no
continue-on-error — merge-blocking by construction.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 18:40:13 -07:00
..
auto_release_runtime.py
fix(release): tag-only auto-release (main is PR-only, cannot commit bump)
2026-06-10 23:14:46 +00:00
check_consumer_runtime_drift.py
fix(runtime#86): re-apply GIT_ASKPASS + add workflow URL-embedding regression gate (#167)
2026-06-23 08:05:43 +00:00
check_platform_comm_contract.py
fix(runtime#86): re-apply GIT_ASKPASS + add workflow URL-embedding regression gate (#167)
2026-06-23 08:05:43 +00:00
merge_runtime_version_bumps.py
fix(runtime#131): auto-merge propagated .runtime-version bump PRs on consumer templates (#169)
2026-06-23 15:50:32 +00:00
propagate_runtime_version.py
fix(runtime#52): bounded retry/backoff on PR POST in propagate_runtime_version (#168)
2026-06-23 08:21:23 +00:00
run_guardrail_self_test.py
test(guardrails): G0/G1/G6 de-bake SSOT guardrails + guardrail self-test (task #80)
2026-06-24 18:40:13 -07:00
scrub_memory_credentials.py
security(memory): redact credentials before auto-memory persistence (#2832)
2026-06-14 09:11:42 +00:00
test_merge_runtime_version_bumps.py
fix(runtime#131): auto-merge propagated .runtime-version bump PRs on consumer templates (#169)
2026-06-23 15:50:32 +00:00
test_propagate_runtime_version_dual_pin.py
fixup(propagate): resolve duplicate test module + network-isolate plan tests
2026-06-14 13:26:32 +00:00