molecule-ai/molecule-ai-workspace-template-claude-code
35
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
96 Commits 9 Branches 1 Tag 384 KiB
Python 88.9%
Shell 8.7%
Dockerfile 2.4%
ad4241cebb
Go to file
dev-lead ad4241cebb
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
Details
CI / Adapter unit tests (push) Successful in 55s
Details
CI / Adapter unit tests (pull_request) Successful in 1m0s
Details
CI / validate (pull_request) Successful in 3m10s
Details
CI / validate (push) Successful in 3m10s
Details
fix(dockerfile): bundle config.yaml into /app so providers registry loads 
The adapter's _load_providers tries 4 paths in order:
  1. /opt/adapter/config.yaml  — provisioner-managed (currently missing)
  2. os.path.dirname(__file__)/config.yaml  — alongside adapter.py
  3. ${WORKSPACE_CONFIG_PATH}/config.yaml  — workspace overrides
  4. _BUILTIN_PROVIDERS  — oauth + anthropic-api only

On this template's docker image /opt/adapter/ is never populated by
the platform provisioner (verified 2026-05-08 by SSM-exec on a live
canary's workspace EC2: ls /opt/adapter/ → no such file or directory).
That makes path 2 — the dir adjacent to /app/adapter.py — the
load-bearing one for production workloads.

The Dockerfile copies adapter.py + claude_sdk_executor.py + scripts/
+ entrypoint.sh + __init__.py into /app, but it does NOT copy
config.yaml. So /app/config.yaml doesn't exist, path 2 fails, and
the adapter falls all the way through to _BUILTIN_PROVIDERS.

_BUILTIN_PROVIDERS contains only anthropic-oauth + anthropic-api.
Every MiniMax / GLM / Kimi / DeepSeek model id has no matching
prefix in those two, so _resolve_provider returns providers[0] =
anthropic-oauth (per "unknown ids fall back to providers[0]" rule).
That provider needs CLAUDE_CODE_OAUTH_TOKEN, which is unset for
non-OAuth tenants. The claude CLI fails with:
  Not logged in · Please run /login

…which surfaces in the A2A response as "Agent error (Exception)".

This is the root cause of:
  • Canary chronic red since 2026-05-07 02:30 UTC (38h+ at time of
    investigation)
  • molecule-core#129 failure mode #1
  • Memory feedback_template_vs_workspace_config_separation
    (template-claude-code PR #37 added the multi-path lookup but
    didn't bundle config.yaml into the image — the lookup paths
    point at files that don't exist)

Fix: one-line `COPY config.yaml .` in the Dockerfile.

Verification path (post-merge): publish-runtime workflow rebuilds
the image, deploys to staging tenant fleet, next canary cron run
sees /app/config.yaml → loads minimax provider → MINIMAX_API_KEY
matches → claude CLI auths → A2A returns PONG → green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 11:15:39 -07:00
.claude feat: initial template content (extracted from molecule-monorepo) 2026-04-16 03:05:40 -07:00
.github/workflows chore(ci): adopt .runtime-version push-mode cascade signal 2026-05-07 03:03:02 -07:00
.molecule-ci/scripts docs: add CI validation scripts (#4) 2026-04-21 03:17:30 +00:00
runbooks docs(install): migrate git clone URL to git.moleculesai.app (#37) 2026-05-07 00:31:16 -07:00
scripts fix: wire up GitHub App token refresh — fixes #1933 2026-04-23 17:57:30 -07:00
tests test(adapter): install adapter import shims via conftest 2026-05-07 10:58:51 -07:00
__init__.py feat: add adapter code + Dockerfile for standalone deployment 2026-04-16 04:27:22 -07:00
.gitattributes chore: enforce LF line endings + fix entrypoint.sh CRLF 2026-04-23 17:57:57 -07:00
.gitignore chore: gitignore credentials for molecule-ai-workspace-template-claude-code 2026-04-16 09:15:36 -07:00
.runtime-version chore(ci): adopt .runtime-version push-mode cascade signal 2026-05-07 03:03:02 -07:00
adapter.py fix(adapter): honor explicit provider config — fail fast when not in registry (#180) 2026-05-07 10:58:51 -07:00
claude_sdk_executor.py chore(executor): runtime_wedge mirror follow-ups from PR #29 review 2026-05-01 18:04:24 -07:00
CLAUDE.md docs(claude): document runtime_wedge integration + dev-channels server tag 2026-05-01 20:04:11 -07:00
config.yaml feat: per-vendor env routing for third-party providers (task #244) 2026-05-02 22:20:03 -07:00
Dockerfile fix(dockerfile): bundle config.yaml into /app so providers registry loads 2026-05-08 11:15:39 -07:00
entrypoint.sh feat(adapter,entrypoint): boot env audit + crash-loop diagnosis logging 2026-05-02 21:41:05 -07:00
known-issues.md fix(adapter): warn at startup if CLAUDE_CODE_OAUTH_TOKEN is absent (KI-001) 2026-04-29 01:57:16 -07:00
README.md fix: document Token Plan URL support and multi-endpoint routing 2026-04-29 16:56:43 -07:00
requirements.txt chore: bump pin to >=0.1.22 (state_transition_history fix) 2026-04-27 07:39:20 -07:00

README.md

template-claude-code-default

Molecule AI workspace template for the claude-code-default runtime.

Usage

In Molecule AI canvas

Select this template when creating a new workspace — it appears in the template picker automatically.

From a URL (community install)

Paste this URL when creating a workspace:

github://Molecule-AI/template-claude-code-default

Files

  • config.yaml — workspace configuration (runtime, model, skills, etc.)
  • system-prompt.md — agent system prompt (if present)

Auth paths

Path Env var(s) Where to get the key
OAuth (Claude Code subscription) CLAUDE_CODE_OAUTH_TOKEN claude login
Anthropic API (direct) ANTHROPIC_API_KEY console.anthropic.com
Third-party Anthropic-compat (e.g. Xiaomi MiMo pay-as-you-go) ANTHROPIC_API_KEY (provider's key) provider console
Xiaomi MiMo Token Plan ANTHROPIC_API_KEY (Token Plan key), ANTHROPIC_BASE_URL (Token Plan endpoint) token-plan dashboard

For third-party providers, entrypoint.sh rewrites ANTHROPIC_BASE_URL based on the selected MODEL so the claude CLI routes there. Currently auto-routes mimo-* models to https://api.xiaomimimo.com/anthropic (pay-as-you-go). Token Plan users should set ANTHROPIC_BASE_URL=https://token-plan-sgp.xiaomimimo.com/anthropic as a workspace or org-level secret — the shell mapping is the fallback and operator-set values always win. Other Token Plan endpoints (e.g. token-plan-hk.xiaomimimo.com) can be used by setting the secret explicitly.

Schema version

template_schema_version: 1 — compatible with Molecule AI platform v1.x.

License

Business Source License 1.1 — © Molecule AI.