molecule-core

Author	SHA1	Message	Date
Molecule AI Infra-SRE	7770af32be	fix(docker-compose): remove redundant langfuse-web from infra All checks were successful Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 22s Details CI / Detect changes (pull_request) Successful in 1m30s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 1m14s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m22s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m10s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 16s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 20s Details sop-tier-check / tier-check (pull_request) Successful in 20s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m1s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 11s Details CI / Canvas (Next.js) (pull_request) Successful in 14s Details CI / Python Lint & Test (pull_request) Successful in 9s Details CI / Platform (Go) (pull_request) Successful in 21s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 11s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 10s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 14s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 12s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details langfuse-web in docker-compose.infra.yml is a dead duplicate of langfuse in docker-compose.yml (same image, same port 3001:3000). Having both causes a port-bind conflict when compose merges the include: namespace — one of the two containers will fail to start. Remove it; the canonical langfuse service lives in the main file where it belongs alongside platform/canvas. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 08:12:06 +00:00
Molecule AI Infra-SRE	85261b1af9	fix(docker): resolve duplicate services conflict (PR #385 ) All checks were successful Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 13s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 11s Details CI / Detect changes (pull_request) Successful in 29s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 30s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 14s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 31s Details sop-tier-check / tier-check (pull_request) Successful in 18s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 35s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 35s Details CI / Platform (Go) (pull_request) Successful in 13s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s Details CI / Python Lint & Test (pull_request) Successful in 8s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 11s Details CI / Canvas (Next.js) (pull_request) Successful in 38s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 40s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 8s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 10s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details - docker-compose.yml: remove duplicate postgres/redis/langfuse-db-init/ langfuse-clickhouse definitions; import all infra services via include: docker-compose.infra.yml (Docker Compose v2 require directive) - docker-compose.infra.yml: add networks + restart policies to infra services; rename clickhouse → langfuse-clickhouse to match the name docker-compose.yml was importing; update langfuse-web depends_on and CLICKHOUSE_URL accordingly Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 07:56:59 +00:00
Molecule AI Core-DevOps	40736a41e1	infra: pin all compose file image digests Some checks failed Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 3s Details sop-tier-check / tier-check (pull_request) Failing after 2s Details Replace mutable tags (postgres:16-alpine, redis:7-alpine, clickhouse/clickhouse-server:24-alpine, temporalio/auto-setup:1.25, temporalio/ui:2.31.2, langfuse/langfuse:2, litellm:main-latest, ollama:latest) with pinned SHA256 digests fetched from Docker Hub / GHCR. Rationale: mutable image tags can silently resolve to a different image over time, creating supply-chain risk. Digest-pinning ensures the exact image content runs every time. Refresh procedure documented in comments above each image line: - Docker Hub: curl https://hub.docker.com/v2/repositories/<img>/tags/<tag> - GHCR: curl -sI https://ghcr.io/v2/<owner>/<repo>/manifests/<tag> Remaining: canvas ECR image (requires AWS credentials to fetch digest). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 12:06:10 +00:00
Molecule AI Core-DevOps	252f8d0c47	tech-debt: rename molecule-monorepo-net -> molecule-core-net Some checks failed sop-tier-check / tier-check (pull_request) Failing after 4s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s Details Renames Docker network across all code, configs, scripts, and docs. Per issue #93: the network was named molecule-monorepo-net as a holdover from when the repo was called molecule-monorepo. The canonical repo name is now molecule-core, so the network should be molecule-core-net. Files changed: - docker-compose.yml, docker-compose.infra.yml: network definition - infra/scripts/setup.sh: docker network create - scripts/nuke-and-rebuild.sh: docker network rm - workspace-server/internal/provisioner/provisioner.go: DefaultNetwork - All comments/docs: updated wording Acceptance: grep -rn 'molecule-monorepo-net' returns zero matches. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 20:51:48 +00:00
Hongming Wang	9ad803a802	fix(quickstart): make README cp-paste flow bugless end-to-end (#1871 ) Reproducing the README's quickstart on a clean clone surfaced seven independent bugs between `git clone` and seeing the Canvas in a browser. Each fix is minimal and local-dev-only — the SaaS/EC2 provisioner path (issue #1822) is untouched. Bugs fixed: 1. `infra/scripts/setup.sh` applied migrations via raw psql, bypassing the platform's `schema_migrations` tracker. The platform then re-ran every migration on first boot and crashed on non-idempotent ALTER TABLE statements (e.g. `036_org_api_tokens_org_id.up.sql`). Dropped the migration block — `workspace-server/internal/db/postgres.go:53` already tracks and skips applied files. 2. `.env.example` shipped `DATABASE_URL=postgres://USER:PASS@postgres:...` with literal `USER:PASS` placeholders and the Docker-internal hostname `postgres`. A `cp .env.example .env` followed by `go run ./cmd/server` on the host failed with `dial tcp: lookup postgres: no such host`. Replaced with working `dev:dev@localhost:5432` defaults that match `docker-compose.infra.yml`. 3. `docker-compose.infra.yml` and `docker-compose.yml` set `CLICKHOUSE_URL: clickhouse://...:9000/...`. Langfuse v2 rejects anything other than `http://` or `https://`, so the container crash-looped and returned HTTP 500. Switched to `http://...:8123` (HTTP interface) and added `CLICKHOUSE_MIGRATION_URL` for the migration-time native-protocol connection. Also removed `LANGFUSE_AUTO_CLICKHOUSE_MIGRATION_DISABLED` so migrations actually run. 4. `canvas/package.json` dev script crashed with `EADDRINUSE :::8080` when `.env` was sourced before `npm run dev` — Next.js reads `PORT` from env and the platform owns 8080. Pinned `dev` to `-p 3000` so sourced env can't hijack it. `start` left as-is because production `node server.js` (Dockerfile CMD) must respect `PORT` from the orchestrator. 5. README/CONTRIBUTING told users to clone `Molecule-AI/molecule-monorepo` — that repo 404s; the actual name is `molecule-core`. The Railway and Render deploy buttons had the same broken URL. Replaced in both English and Chinese READMEs and in CONTRIBUTING. Internal identifiers (Go module path, Docker network `molecule-monorepo-net`, Python helper `molecule-monorepo-status`) deliberately left alone — renaming those is an invasive refactor orthogonal to this fix. 6. README quickstart was missing `cp .env.example .env`. Users who went straight from `git clone` to `./infra/scripts/setup.sh` got a script that warned about an unset `ADMIN_TOKEN` (harmless) but then couldn't run the platform without figuring out the env setup on their own. Added the step in both READMEs and CONTRIBUTING. Deliberately NOT generating `ADMIN_TOKEN`/`SECRETS_ENCRYPTION_KEY` here — the e2e-api suite (`tests/e2e/test_api.sh`) assumes AdminAuth fallback mode (no server-side `ADMIN_TOKEN`), which is how CI runs it. 7. CI shellcheck only covered `tests/e2e/.sh` — `infra/scripts/setup.sh` is in the critical path of every new-user onboarding but was never linted. Extended the `shellcheck` job and the `changes` filter to cover `infra/scripts/`. `scripts/` deliberately excluded until its pre-existing SC3040/SC3043 warnings are cleaned up separately. Verification (fresh nuke-and-rebuild following the updated README): - `docker compose -f docker-compose.infra.yml down -v` + `rm .env` - `cp .env.example .env` → defaults work as-is - `bash infra/scripts/setup.sh` — clean, no migration errors, all 6 infra containers healthy - `cd workspace-server && go run ./cmd/server` — "Applied 41 migrations (0 already applied)", platform on :8080/health 200 - `cd canvas && npm install && npm run dev` — Canvas on :3000/ 200 even with `.env` sourced (PORT=8080 in env) - `bash tests/e2e/test_api.sh` — 61 passed, 0 failed* - `cd canvas && npx vitest run` — 900 tests passed - `cd canvas && npm run build` — production build clean - `shellcheck --severity=warning infra/scripts/*.sh` — clean - Langfuse `/api/public/health` 200 (was 500) Scope notes: - SaaS/EC2 parity (issue #1822): all files touched here are local-dev surface. Canvas container uses `node server.js` with `ENV PORT=3000` in `canvas/Dockerfile` — the `-p 3000` pin in `package.json` dev script only affects `npm run dev`, not the production CMD. - Test coverage (issue #1821): project policy is tiered coverage floors, not a blanket 100% target. Files touched here are shell scripts, YAML, Markdown, and one package.json script — not classes covered by the coverage matrix. - No overlap with open PRs — searched `setup.sh`, `quickstart`, `langfuse`, `clickhouse`, `migration`, `README`; nothing conflicts. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: molecule-ai[bot] <276602405+molecule-ai[bot]@users.noreply.github.com>	2026-04-23 19:53:43 +00:00
Hongming Wang	e906f49ec0	chore: open-source preparation — scrub secrets, add community files Security: - Replace hardcoded Cloudflare account/zone/KV IDs in wrangler.toml with placeholders; add wrangler.toml to .gitignore, ship .example - Replace real EC2 IPs in docs with <EC2_IP> placeholders - Redact partial CF API token prefix in retrospective - Parameterize Langfuse dev credentials in docker-compose.infra.yml - Replace Neon project ID in runbook with <neon-project-id> Community: - Add CONTRIBUTING.md (build, test, branch conventions, CI info) - Add CODE_OF_CONDUCT.md (Contributor Covenant 2.1) Cleanup: - Replace personal runner username/machine name in CI + PLAN.md - Replace personal tenant URL in MCP setup guide - Replace personal author field in bundle-system doc - Replace personal login in webhook test fixture - Rewrite cryptominer incident reference as generic security remediation - Remove private repo commit hashes from PLAN.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-18 00:10:56 -07:00
Hongming Wang	9eadf74230	docs(gate-4): note Temporal dev-only no-auth posture	2026-04-13 21:38:38 -07:00
rabbitblood	33c107f427	fix(infra): attach docker-compose.infra.yml services to molecule-monorepo-net Closes partially #15 (network-split side of the same incident class). Running `docker compose -f docker-compose.infra.yml up -d` puts postgres, redis, clickhouse, langfuse (and the new temporal service) on a fresh `molecule-monorepo_default` bridge network, while the platform container lives on `molecule-monorepo-net` (created by the root docker-compose.yml). Platform then fails DNS on `postgres:5432` and crashes until the operator manually `docker network connect`s each service. Declare `molecule-monorepo-net` as the external default network for the infra compose file so new services join it automatically. Also adds temporal + temporal-ui services (closes the 'Temporal unavailable' noise that every agent logs at startup) and exposes the UI on :8233. Incident: 2026-04-13 — running `up -d temporal` recreated postgres into the wrong network and took the platform + all 12 workspace agents offline until networks were manually reconnected.	2026-04-13 18:10:41 -07:00
Hongming Wang	24fec62d7f	initial commit — Molecule AI platform Forked clean from public hackathon repo (Starfire-AgentTeam, BSL 1.1) with full rebrand to Molecule AI under github.com/Molecule-AI/molecule-monorepo. Brand: Starfire → Molecule AI. Slug: starfire / agent-molecule → molecule. Env vars: STARFIRE_* → MOLECULE_*. Go module: github.com/agent-molecule/platform → github.com/Molecule-AI/molecule-monorepo/platform. Python packages: starfire_plugin → molecule_plugin, starfire_agent → molecule_agent. DB: agentmolecule → molecule. History truncated; see public repo for prior commits and contributor attribution. Verified green: go test -race ./... (platform), pytest (workspace-template 1129 + sdk 132), vitest (canvas 352), build (mcp). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 11:55:37 -07:00

9 Commits