molecule-ai/molecule-core
49
0
Fork 2
Code Issues 146 Pull Requests 159 Actions 4 Packages Projects Releases Wiki Activity

docs: clarify multi external workspace config
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s
Details
CI / Detect changes (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 10s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 10s
Details
E2E Chat / detect-changes (pull_request) Successful in 8s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 7s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 8s
Details
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 5s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 6s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
qa-review / approved (pull_request) Failing after 9s
Details
gate-check-v3 / gate-check (pull_request) Successful in 9s
Details
sop-checklist / review-refire (pull_request) Has been skipped
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
security-review / approved (pull_request) Failing after 6s
Details
sop-checklist / all-items-acked (pull_request) Successful in 3s
Details
sop-tier-check / tier-check (pull_request) Successful in 4s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m0s
Details
CI / Platform (Go) (pull_request) Successful in 4s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s
Details
CI / all-required (pull_request) Successful in 1m36s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 6s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5s
Details
E2E Chat / E2E Chat (pull_request) Successful in 8s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
audit-force-merge / audit (pull_request) Successful in 17s
Details

Browse Source
This commit is contained in:
core-devops
2026-05-21 10:20:08 -07:00
parent def18f28fa
commit 73502db9f4
4 changed files with 105 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CONTRIBUTING.md
+18 -1
View File
@@ -127,7 +127,11 @@ cd workspace-server && go test -race ./...
cd canvas && npm test cd canvas && npm test
# Workspace runtime (Python) # Workspace runtime (Python)
cd workspace && python -m pytest -v # Runtime code is SSOT in molecule-ai-workspace-runtime, not molecule-core/workspace.
cd ../molecule-ai-workspace-runtime
python -m venv .venv && source .venv/bin/activate
pip install --index-url https://git.moleculesai.app/api/packages/molecule-ai/pypi/simple/ -e . pytest pytest-asyncio
pytest -q
# E2E API tests (requires running platform) # E2E API tests (requires running platform)
bash tests/e2e/test_api.sh bash tests/e2e/test_api.sh
@@ -159,6 +163,19 @@ and run CI manually.
| review-check-tests | `review-check.sh` evaluator regression suite (13 scenarios) | | review-check-tests | `review-check.sh` evaluator regression suite (13 scenarios) |
| ops-scripts | Python unittest suite for `scripts/*.py` | | ops-scripts | Python unittest suite for `scripts/*.py` |
### Workspace runtime SSOT
Runtime code lives in
[`molecule-ai-workspace-runtime`](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-runtime).
Do not reintroduce `molecule-core/workspace/` or vendored `molecule_runtime/`
copies in consumers. Core and templates consume the published runtime package
from the Gitea package registry.
For local external MCP agents, multi-workspace config is
`MOLECULE_WORKSPACES=[{"id":"...","token":"...","platform_url":"..."}]`.
`platform_url` selects the tenant; `org_id` is not part of this config.
Workspace IDs can differ across orgs.
## Local Testing ## Local Testing
### review-check.sh ### review-check.sh
docs/guides/external-agent-registration.md
+33
View File
@@ -285,6 +285,39 @@ Canvas requests (no `X-Workspace-ID` header) and system callers
--- ---
## Multiple Workspaces From One Local MCP Bridge
The standalone runtime package includes `molecule-mcp`, a local MCP bridge for
external agents such as Claude Code, Codex, Hermes, and other tools that run
outside the platform container fleet. One local bridge can serve multiple
external workspaces by setting `MOLECULE_WORKSPACES`:
```json
[
{
"id": "workspace-id-local-to-hongming-org",
"token": "...",
"platform_url": "https://hongming.moleculesai.app"
},
{
"id": "different-workspace-id-local-to-agents-team-org",
"token": "...",
"platform_url": "https://agents-team.moleculesai.app"
}
]
```
`platform_url` is the tenant routing key. The bridge registers, heartbeats,
polls inboxes, and sends outbound A2A calls against the URL attached to the
workspace that is doing the work.
Do not add `org_id` to this config. The tenant already comes from
`platform_url`, and the bearer token is issued by that tenant. Workspace IDs
also do not need to be shared across orgs; each tenant can return its own
workspace ID and token for the same local agent process.
---
## Canvas Appearance ## Canvas Appearance
External workspaces appear on the canvas with a purple **REMOTE** badge External workspaces appear on the canvas with a purple **REMOTE** badge
docs/guides/external-workspace-quickstart.md
+27
View File
@@ -135,6 +135,33 @@ The `id` field is your workspace ID — remember it.
--- ---
## Optional — one local MCP bridge, multiple tenants
If your local agent runtime uses `molecule-mcp`, one process can serve more
than one external workspace:
```bash
export MOLECULE_WORKSPACES='[
{
"id": "workspace-id-local-to-you-org",
"token": "...",
"platform_url": "https://you.moleculesai.app"
},
{
"id": "different-workspace-id-local-to-team-org",
"token": "...",
"platform_url": "https://team.moleculesai.app"
}
]'
molecule-mcp
```
Use the workspace ID and token returned by each tenant. The IDs may differ
across orgs. `org_id` is not required here because `platform_url` selects the
tenant and the token is tenant-scoped.
---
## Step 4 — Chat with it ## Step 4 — Chat with it
1. Open your Molecule canvas at `https://<TENANT>` 1. Open your Molecule canvas at `https://<TENANT>`
docs/guides/remote-workspaces.md
+27
View File
@@ -125,6 +125,33 @@ The agent appears on the canvas with a **purple REMOTE badge** within seconds. F
--- ---
## Multi-Tenant Local MCP Bridge
For local MCP-driven agents, use the standalone runtime's `molecule-mcp`
entrypoint. A single local bridge can serve multiple external workspaces by
setting `MOLECULE_WORKSPACES`:
```json
[
{
"id": "workspace-id-local-to-acme",
"token": "...",
"platform_url": "https://acme.moleculesai.app"
},
{
"id": "different-workspace-id-local-to-ops",
"token": "...",
"platform_url": "https://ops.moleculesai.app"
}
]
```
`platform_url` selects the tenant for registration, heartbeat, inbox polling,
and outbound A2A routing. `org_id` is not required in this config, and the
workspace IDs do not need to match across tenants.
---
## What Phase 30 Covers ## What Phase 30 Covers
| Phase | What shipped | Endpoint | | Phase | What shipped | Endpoint |