From f9971306d6a3da389c291ee1471e9a085ec85b0b Mon Sep 17 00:00:00 2001
From: rabbitblood <hongmingwangrabbit@gmail.com>
Date: Mon, 20 Apr 2026 12:53:16 -0700
Subject: [PATCH] =?UTF-8?q?feat:=20nuke-and-rebuild.sh=20=E2=80=94=20one-c?=
 =?UTF-8?q?ommand=20fleet=20reset?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two scripts:
- nuke-and-rebuild.sh: docker down -v, clean orphans, rebuild, setup
- post-rebuild-setup.sh: insert global secrets (MiniMax + GH PAT),
  import org template, wait for platform health

Global secrets ensure every provisioned container gets MiniMax API
config and GitHub PAT injected as env vars automatically — no manual
settings.json deployment needed.

Usage: bash scripts/nuke-and-rebuild.sh

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 scripts/nuke-and-rebuild.sh   | 18 ++++++++++++++
 scripts/post-rebuild-setup.sh | 44 +++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 scripts/nuke-and-rebuild.sh
 create mode 100644 scripts/post-rebuild-setup.sh

diff --git a/scripts/nuke-and-rebuild.sh b/scripts/nuke-and-rebuild.sh
new file mode 100644
index 00000000..9faeec46
--- /dev/null
+++ b/scripts/nuke-and-rebuild.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+# Full nuke + rebuild — one command to reset everything
+# Usage: bash scripts/nuke-and-rebuild.sh
+set -euo pipefail
+
+echo "=== NUKE ==="
+docker compose down -v 2>/dev/null || true
+docker ps -a --format "{{.Names}}" | grep "^ws-" | xargs -r docker rm -f 2>/dev/null || true
+docker volume ls --format "{{.Name}}" | grep "^ws-" | xargs -r docker volume rm 2>/dev/null || true
+docker network rm molecule-monorepo-net 2>/dev/null || true
+echo "  cleaned"
+
+echo "=== REBUILD ==="
+docker compose up -d --build
+echo "  platform + canvas up"
+
+echo "=== POST-REBUILD SETUP ==="
+bash scripts/post-rebuild-setup.sh
diff --git a/scripts/post-rebuild-setup.sh b/scripts/post-rebuild-setup.sh
new file mode 100644
index 00000000..7a1ea393
--- /dev/null
+++ b/scripts/post-rebuild-setup.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Post-rebuild setup — run after docker compose up -d --build
+# Inserts global secrets that the provisioner injects into every workspace container.
+# Without these, agents can't call MiniMax or push to GitHub.
+
+set -euo pipefail
+
+DB_CONTAINER="${DB_CONTAINER:-molecule-monorepo-postgres-1}"
+DB_USER="${DB_USER:-dev}"
+DB_NAME="${DB_NAME:-molecule}"
+PLATFORM_URL="${PLATFORM_URL:-http://127.0.0.1:8080}"
+ADMIN_TOKEN="${ADMIN_TOKEN:-***REDACTED***F1088-CREDENTIAL-3***=}"
+
+echo "=== Waiting for platform health ==="
+until curl -s --max-time 5 "$PLATFORM_URL/health" >/dev/null 2>&1; do
+    echo "  waiting..."
+    sleep 3
+done
+echo "  platform up"
+
+echo "=== Inserting global secrets ==="
+docker exec "$DB_CONTAINER" psql -U "$DB_USER" -d "$DB_NAME" -c "
+INSERT INTO global_secrets (key, encrypted_value, encryption_version) VALUES
+('ANTHROPIC_BASE_URL', 'https://api.minimax.io/anthropic', 0),
+('ANTHROPIC_AUTH_TOKEN', '${MINIMAX_API_KEY:-***REDACTED***F1088-CREDENTIAL-1***}', 0),
+('ANTHROPIC_MODEL', 'MiniMax-M2.7', 0),
+('ANTHROPIC_SMALL_FAST_MODEL', 'MiniMax-M2.7', 0),
+('API_TIMEOUT_MS', '3000000', 0),
+('CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC', '1', 0),
+('GITHUB_TOKEN', '${GITHUB_PAT:-***REDACTED***F1088-CREDENTIAL-2***}', 0)
+ON CONFLICT (key) DO UPDATE SET encrypted_value = EXCLUDED.encrypted_value;
+"
+echo "  7 global secrets set"
+
+echo "=== Importing org template ==="
+curl -s --max-time 600 -X POST "$PLATFORM_URL/org/import" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{"dir":"molecule-dev"}' | head -1
+echo ""
+echo "  import complete"
+
+echo "=== Done ==="
+echo "Run: http://127.0.0.1:3000 for canvas"