molecule-ai/molecule-ai-workspace-runtime
38
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
35 Commits 17 Branches 13 Tags 557 KiB
Python 96.7%
Shell 3.3%
32a7880f4f
Go to file
Molecule AI Infra-SRE 32a7880f4f test+fix(builtin_tools/validation): add test coverage + fix ".." bypass in regex 
Tests: 37 new test cases in tests/test_validation.py covering:
- Valid ID patterns (6): normal IDs, underscores, dots, max-length (256)
- Empty/missing (1): raises with "empty" in message
- Invalid chars (10): / \ .. # ? & whitespace
- Caching (2): result is cached; raises on repeated bad calls
- Error type (1): WorkspaceIdValidationError is a ValueError subclass

Fix: regex now uses negative lookahead `(?!.*\.\.)` to reject ".." anywhere
in the string (not just at the start). The old pattern `^[A-Za-z0-9_\-.]{1,256}$`
matched ".." literally because two dots ARE in the allowed character class.
Also adds test cases for embedded ".." (ws..example, ws../etc).

Fixes: the ".." bypass was a gap in the original CWE-20 fix.
2026-04-21 00:55:08 +00:00
.github/workflows feat(CI): add bandit security linter (audit rec #2) (#31) 2026-04-21 00:23:17 +00:00
molecule_runtime test+fix(builtin_tools/validation): add test coverage + fix ".." bypass in regex 2026-04-21 00:55:08 +00:00
tests test+fix(builtin_tools/validation): add test coverage + fix ".." bypass in regex 2026-04-21 00:55:08 +00:00
.gitignore chore: gitignore credentials for molecule-ai-workspace-runtime 2026-04-16 09:18:48 -07:00
pyproject.toml fix(adapter-loader): fall back to any BaseAdapter subclass 2026-04-20 16:59:12 -07:00
README.md feat: initial release of molecule-ai-workspace-runtime 0.1.0 2026-04-16 04:26:06 -07:00

README.md

molecule-ai-workspace-runtime

Shared Python runtime infrastructure for all Molecule AI agent adapters.

This package provides the core machinery that every Molecule AI workspace container needs:

  • A2A server — Registers with the platform, heartbeats, serves A2A JSON-RPC
  • Adapter interfaceBaseAdapter / AdapterConfig / SetupResult
  • Built-in tools — delegation, memory, approvals, sandbox, telemetry
  • Skill loader — loads and hot-reloads skill modules from /configs/skills/
  • Plugin system — per-workspace + shared plugin discovery and install
  • Config / preflight — YAML config loading with validation

Installation

pip install molecule-ai-workspace-runtime

Adapter Discovery

The runtime discovers adapters in two ways:

  1. ADAPTER_MODULE env var (standalone adapter repos):

    ADAPTER_MODULE=my_adapter molecule-runtime

    The module must export an Adapter class extending BaseAdapter.

  2. Built-in subdirectory scan (monorepo local dev): Scans molecule_runtime/adapters/ subdirectories for Adapter classes.

Writing an Adapter

from molecule_runtime.adapters.base import BaseAdapter, AdapterConfig
from a2a.server.agent_execution import AgentExecutor

class Adapter(BaseAdapter):
    @staticmethod
    def name() -> str:
        return "my-runtime"

    @staticmethod
    def display_name() -> str:
        return "My Runtime"

    @staticmethod
    def description() -> str:
        return "My custom agent runtime"

    async def setup(self, config: AdapterConfig) -> None:
        result = await self._common_setup(config)
        # Store result attributes for create_executor

    async def create_executor(self, config: AdapterConfig) -> AgentExecutor:
        # Return an AgentExecutor instance
        ...

Set ADAPTER_MODULE=my_package.adapter and run molecule-runtime.

License

BSL-1.1 — see LICENSE for details.