molecule-ai/molecule-cli
48
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
ci/guard-setup-go-cache
molecule-cli/internal/cmd/platform.go
T
sdk-dev a002b412e9
Release Go binaries / release (pull_request) Blocked by required conditions
Details
CI / Test / test (pull_request) Successful in 1m51s
Details
Release Go binaries / test (pull_request) Successful in 1m11s
Details
feat(cli): fix runHTTP auth bug + add management verbs 
Fix the auth bug FIRST: internal/cmd/http.go runHTTP (and the
internal/client Platform HTTP helpers, which had the same gap) sent NO
Authorization header, so management calls (workspace create/delete,
secrets, tokens, …) 401'd a hardened tenant. Now every request attaches
`Authorization: Bearer $MOLECULE_API_KEY` and, when set,
`X-Molecule-Org-Id: $MOLECULE_ORG_ID` (the tenant TenantGuard routing
gate). Headers are omitted when the env vars are unset so fresh
self-host/dev tenants keep working. Regression test
TestRunHTTP_SetsAuthHeader asserts the header is set and is proven
load-bearing (fails with `Authorization header = ""` when the fix is
reverted).

Add the management verbs (PLATFORM-MANAGEMENT-API.md §5(b)), each wired
to the OpenAPI-documented endpoint at the correct auth tier (verified
against the live workspace-server router.go + handlers and controlplane
orgs handler, since the parallel feat/openapi-management-spec branch
does not exist in molecule-core — reconciled to the actual handler
source instead):

  org   list|get|create --slug/--name|create --template|export
        token list|create|revoke | allowlist
  workspace list|get|create|delete|restart|pause|resume
            budget|billing-mode|token mint
  secret  ws  list|set|delete
          org list|set|delete
  template list|import|refresh
  bundle  export|import
  events
  approvals

Org-lifecycle verbs target the control plane (MOLECULE_CP_URL, default
= api-url); tenant verbs target the tenant host with the Org API Key.
All verbs honor --json (and existing -o table|json|yaml). Request/
response shapes match the handler structs (budget USD-cents
budget_limits; billing-mode {mode}; org import {dir,mode}; secrets
{key,value}; template import {name,files}; etc.).

Tests: table-driven request-construction tests (method/path/body/auth)
for all 30 management methods against an httptest mock, plus
cmd-layer branch tests (budget flag→limits, billing-mode validation,
template file mapping, --json resolution, CP-url fallback). Existing
workspace/agent/platform commands switched to the authenticated client.

go build ./..., go vet ./..., go test ./... all green; gofmt clean on
edited files. Binary smoke-tested end-to-end: auth headers reach the
server and --json output renders.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:53:04 -07:00

154 lines
4.1 KiB
Go
Raw Permalink Blame History

// Package cmd implements the CLI command tree.
package cmd
import (
"fmt"
"io"
"net/http"
"os"
"text/tabwriter"
"github.com/spf13/cobra"
"go.moleculesai.app/cli/internal/client"
)
// ---------------------------------------------------------------------------
// Platform command group
// ---------------------------------------------------------------------------
var platformCmd = &cobra.Command{
Use: "platform",
Short: "Platform-level operations",
Long: `Audit the platform, check health, and inspect raw API responses.`,
}
func init() {
platformCmd.AddCommand(platformAuditCmd, platformHealthCmd)
}
// ===========================================================================
// mol platform audit
// ===========================================================================
var platformAuditCmd = &cobra.Command{
Use: "audit",
Short: "Full platform audit: workspaces, agents, delegation summary",
RunE: runPlatformAudit,
}
func runPlatformAudit(cmd *cobra.Command, _ []string) error {
cl := newClient()
workspaces, agents, err := cl.AuditWorkspaces()
if err != nil {
return fmt.Errorf("platform audit: %w", err)
}
delegationsByWS := map[string]int{}
for _, ws := range workspaces {
dels, err := cl.GetDelegations(ws.ID)
if err == nil {
delegationsByWS[ws.ID] = len(dels)
}
}
type wsRow struct {
ID, Name, Status, Role string
AgentCount, DelegationCount int
}
byStatus := map[string]int{}
for _, ws := range workspaces {
byStatus[ws.Status]++
}
rows := make([]wsRow, 0, len(workspaces))
for _, ws := range workspaces {
ac := 0
for _, a := range agents {
if a.WorkspaceID == ws.ID {
ac++
}
}
rows = append(rows, wsRow{
ID: ws.ID, Name: ws.Name, Status: ws.Status, Role: ws.Role,
AgentCount: ac, DelegationCount: delegationsByWS[ws.ID],
})
}
type audit struct {
WorkspaceCount int `json:"workspace_count"`
AgentCount int `json:"agent_count"`
ByStatus map[string]int `json:"by_status"`
DelegationMap map[string]int `json:"delegations_by_workspace"`
Rows []wsRow `json:"workspaces"`
Agents []client.Agent `json:"agents"`
}
auditReport := audit{
WorkspaceCount: len(workspaces),
AgentCount: len(agents),
ByStatus: byStatus,
DelegationMap: delegationsByWS,
Rows: rows,
Agents: agents,
}
if outputFormat == "json" {
return printJSON(auditReport)
}
if outputFormat == "yaml" {
return printYAML(auditReport)
}
w := tabwriter.NewWriter(os.Stdout, 0, 4, 2, ' ', 0)
fmt.Fprintf(w, "=== Platform Audit (%d workspaces, %d agents) ===\n\n",
len(workspaces), len(agents))
fmt.Fprintln(w, "WORKSPACE\tSTATUS\tROLE\tAGENTS\tDELEGATIONS")
for _, r := range rows {
fmt.Fprintf(w, "%s\t%s\t%s\t%d\t%d\n",
r.Name, r.Status, r.Role, r.AgentCount, r.DelegationCount)
}
return w.Flush()
}
// ===========================================================================
// mol platform health
// ===========================================================================
var platformHealthCmd = &cobra.Command{
Use: "health",
Short: "Check platform health and version",
RunE: runPlatformHealth,
}
func runPlatformHealth(cmd *cobra.Command, _ []string) error {
cl := newClient()
h, err := cl.Health()
if err != nil {
// Fall back to raw check if /health 404s on older platforms.
body, hErr := platformRawHealth(cl.BaseURL)
if hErr != nil {
return fmt.Errorf("platform health: %w (and /health fallback also failed: %v)", err, hErr)
}
fmt.Printf("Platform reachable at %s — raw status: %s\n", cl.BaseURL, string(body))
return nil
}
if outputFormat == "json" {
return printJSON(h)
}
if outputFormat == "yaml" {
return printYAML(h)
}
w := tabwriter.NewWriter(os.Stdout, 0, 4, 2, ' ', 0)
kv(w, "Status", h.Status)
kv(w, "Version", h.Version)
kv(w, "Uptime", h.Uptime)
kv(w, "Database", h.Database)
return w.Flush()
}
func platformRawHealth(baseURL string) ([]byte, error) {
req, _ := http.NewRequest("GET", baseURL+"/health", nil)
resp, err := httpClient().Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
return io.ReadAll(resp.Body)
}
Reference in New Issue View Git Blame Copy Permalink