6301 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Molecule AI Core-DevOps	43f00ddaec	docs(runbooks): add Gitea Actions operational quirks reference ... Documents four persistent Gitea 1.22.6 Actions quirks discovered during the 2026-05-11 CI noise investigation (PR #441): - Runner network isolation: git remote unreachable from container - continue-on-error only at step level: job-level flag ignored - workflow_dispatch.inputs not supported: parser rejects at load time - fetch-depth:0 times out: use fetch-depth:1 + Compare API Closes #457. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-16 13:09:37 +00:00
Molecule AI Core-DevOps	004599750f	fix(ci): replace fetch-depth: 0 with targeted shallow fetch in detect-changes ... Root cause of mc#1314: detect-changes jobs in CI/E2E workflows were running `fetch-depth: 0` (full repository history clone) before computing the git diff. On large repositories this takes 10+ minutes, causing the detect-changes job itself to timeout and fail. Fix: use `fetch-depth: 1` (shallow clone of HEAD only) plus explicit `git fetch --depth=1 origin <BASE> --no-walk` to fetch the BASE commit without its ancestry. This makes detect-changes complete in seconds instead of minutes. Files changed: - ci.yml: changes job - e2e-api.yml: detect-changes job - e2e-staging-canvas.yml: detect-changes job - runtime-prbuild-compat.yml: detect-changes job Lint workflows (lint-mask-pr-atomicity, lint-required-context-exists-in-bp, check-migration-collisions, lint-pre-flip-continue-on-error) retain fetch-depth: 0 because they use `git show <base>:<path>` which needs the full blob set from the base commit. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-16 13:09:37 +00:00
devops-engineer	8e754e6b28	Merge pull request 'fix(workspace-server): inject /configs token files agent-owned, not root (P0 list_peers 401)' (#1327) from fix/workspace-token-injection-agent-owned into main	2026-05-16 12:51:57 +00:00
devops-engineer	8179ff77e9	Merge branch 'main' into fix/workspace-token-injection-agent-owned	2026-05-16 12:05:32 +00:00
Molecule AI Infra-Runtime-BE	6188c6ddf3	fix(org_helpers): correct duplicate phrase in loadWorkspaceEnv comment ... The comment had the phrase "the workspace-specific .env" duplicated. Removed the redundant repetition. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-16 10:27:13 +00:00
hongming	85c627c86f	Merge pull request 'chore: promote staging→main (chat E2E + accumulated fixes)' (#1242) from promote/staging-to-main into main	2026-05-16 09:20:35 +00:00
core-be	f986444dbd	fix(workspace-server): inject /configs token files agent-owned, not root ... The fleet-wide list_peers 401 (Hermes et al): two workspace-server token-injection paths wrote /configs/.auth_token (and /configs/.platform_inbound_secret) as root:root 0600 AFTER the template entrypoint's `chown -R agent:agent /configs` ran. The a2a_mcp_server runs as the agent uid (1000, via `gosu agent`), so platform_auth.get_token() hit `[Errno 13] Permission denied` → empty bearer → platform 401 on /registry/{id}/peers (the literal tool_list_peers path). PR#23 fixed only the entrypoint dir chown (first boot); it cannot reach the post-entrypoint root re-injection. This covers both injection paths: 1. WriteAuthTokenToVolume (#1877, pre-start): the throwaway alpine container ran chmod 0600 but never chowned — alpine runs as root, so the file stayed root:root. Now `chown 1000:1000 /vol/.auth_token` (0600 preserved). 2. WriteFilesToContainer (#418, post-start re-injection): the tar headers left Uid/Gid unset → CopyToContainer extracted root:root. Now every tar entry is stamped Uid/Gid = agent. This path (re)writes BOTH .auth_token and .platform_inbound_secret, so both are fixed. uid 1000:1000 verified from the templates (claude-code-default + hermes Dockerfile `useradd -u 1000 ... agent`, entrypoint `gosu agent`), exposed as AgentUID/AgentGID constants. Tar-build and alpine-cmd extracted into pure helpers (mirrors buildTemplateTar) so the ownership contract is unit-tested without a live Docker daemon; the test fails on pre-fix root:root and passes post-fix (real tar / real command, not a mock). PR#23's entrypoint chown is unchanged (still correct for the dir + first boot). No feature flag, no backwards-compat shim. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 02:19:11 -07:00
fullstack-engineer	aef45b83a6	Merge main into promote/staging-to-main to resolve outdated branch	2026-05-16 01:17:18 -07:00
devops-engineer	43a77ccfbc	Merge pull request 'test(e2e): gate fresh-provision peer-visibility via literal MCP list_peers' (#1298) from e2e/peer-visibility-mcp-gate-v2 into main	2026-05-16 07:32:27 +00:00
core-devops	c7eeec1607	ci: re-trigger (prior run infra-failed: act_runner<->Gitea API read-timeout storm starved all-required aggregator + go test -race 10m budget blown on contended runner; PR touches zero Go) [no-op]	2026-05-16 06:58:48 +00:00
core-devops	2e8603f940	test(e2e): gate fresh-provision peer-visibility via the literal MCP list_peers call ... Hermes and OpenClaw were reported "fleet-verified / cascade-complete" off proxy signals (registry registration + heartbeat; model round-trip 200) while a freshly-provisioned workspace asked "can you see your peers" on canvas actually FAILS (Hermes: 401 on the molecule MCP list_peers call; OpenClaw: native sessions_list fallback, no platform peers). Tasks #142/#159 were even marked "completed" under this proxy-verification flaw. This adds a dedicated staging-E2E gate that codifies the LITERAL user-facing path so it can never silently regress: - New e2e-peer-visibility.yml + tests/e2e/test_peer_visibility_mcp_staging.sh. - Provisions a brand-new throwaway org via the real CP provisioning path + one sibling workspace per runtime under test (hermes, openclaw, claude-code) under a shared parent. - For each runtime, drives the byte-for-byte JSON-RPC tools/call name=list_peers envelope to POST /workspaces/:id/mcp using that workspace's OWN bearer token, through the real WorkspaceAuth + MCPRateLimiter chain. NOT a proxy: not GET /registry/:id/peers, not /health, not the heartbeat table. - Asserts HTTP 200 + JSON-RPC result (not error) + the returned peer set literally contains the other provisioned sibling IDs (not empty, not a native-sessions fallback). - Scoped teardown only of the e2e-pv-<run_id> org this run created (script EXIT trap + workflow always() net + sweep-stale-e2e-orgs as the final 'e2e-' prefix net) — never a cluster-wide cleanup. Honest gate, NO continue-on-error: it is RED on today's broken behavior by design and goes green only when the in-flight Hermes-401 + OpenClaw-MCP-wiring root-cause fixes actually land. Landed NON-required (not in branch_protections) so it does not wedge unrelated merges while red; flip-to-required checklist tracked in molecule-core#1296. Gitea-1.22.6 / act_runner hardening honored: mirrored actions/checkout SHA (the one e2e-staging-canvas.yml uses successfully), per-SHA concurrency, workflow-level GITHUB_SERVER_URL, no cross-repo uses. Passes lint-workflow-yaml, lint-continue-on-error-tracking, lint-required-no-paths locally. Refs: molecule-core#1296 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 23:08:56 -07:00
fullstack-engineer	a3f3ac361e	fix(e2e-chat): set CORS_ORIGINS for dynamic canvas port in CI	2026-05-15 22:12:57 -07:00
fullstack-engineer	48a1a604ac	chore: retrigger CI after operator maintenance and auto-heal race condition	2026-05-15 21:42:20 -07:00
fullstack-engineer	97cb104667	chore: retrigger CI after fixing runner-queue-janitor per-workflow supersession bug	2026-05-15 20:35:10 -07:00
fullstack-engineer	6c72aee1d9	chore: retrigger CI after system mass cancellation event	2026-05-15 20:28:15 -07:00
fullstack-engineer	873b522f10	chore: retrigger CI after mass cancellation ... All workflows for PR #1242 were simultaneously cancelled around 2026-05-16T00:02Z. Canvas, Python Lint, Shellcheck, and Detect changes had already succeeded; Platform Go and all-required were in-flight. Empty commit to re-queue the full check suite.	2026-05-15 18:28:27 -07:00
fullstack-engineer	ab99ea54ad	fix(e2e-chat): dynamic canvas port to avoid conflict with Gitea :3000 ... The operator host runs Gitea on 127.0.0.1:3000. With act_runner using container.network: host, the E2E Chat job's Next.js dev server (also port 3000) collides and crashes with EADDRINUSE. Changes: - Pick an ephemeral host port for the canvas dev server (same pattern already used for the platform port). - Pass the port to next dev via -p flag (overrides package.json -p 3000). - Update the health-check loop to probe the dynamic port. - Export PLAYWRIGHT_BASE_URL so Playwright tests connect to the right URL. - Make playwright.config.ts read baseURL from PLAYWRIGHT_BASE_URL env var with fallback to localhost:3000 (preserves local dev workflow). This is an infrastructure compatibility fix, not a test logic change.	2026-05-15 17:14:40 -07:00
fullstack-engineer	e21898f7a5	fix(ci): restore main-style all-required sentinel ... During staging→main merge conflict resolution the all-required job accidentally inherited staging's + + shape while keeping main's Python polling script. This creates a broken hybrid: the job is killed after 1 minute before the 40-minute polling deadline, and + re-introduces the Gitea 1.22 skipped-sentinel bug that main deliberately avoids. Restore main's proven shape: no , no , , Python polling. Per core-devops review on PR #1242.	2026-05-15 16:23:06 -07:00
fullstack-engineer	b5c8b235ab	fix(e2e-chat): correct actions/setup-node SHA ... The pinned SHA 60edb5dd...d6f5 was invalid (typo in last 4 chars). act_runner failed to resolve it with 'reference not found' after ~14s, causing the E2E Chat job to fail before any test step could run. Switch to the v6.4.0 SHA (48b55a01...4041e) already verified in ci.yml and e2e-staging-canvas.yml. mc#774 tracker: this was a pre-existing failure mode, not introduced by PR #1142 / promotion #1242.	2026-05-15 16:16:09 -07:00
fullstack-engineer	896c680eb4	chore: retrigger CI after adding Paired reference to PR body	2026-05-15 15:39:37 -07:00
devops-engineer	2045388293	fix(canvas): skip config.yaml write for openclaw + bump request timeout to 35s (promote #1237 to main) (#1241) ... Direct-to-main promote of #1237 (URGENT FIX, user GO). Approved by core-devops (review #3876, DB-promoted from PENDING). All required gates green: CI / all-required = success, sop-checklist / all-items-acked = success. All CI jobs green (incl. Platform (Go), Canvas (Next.js)). Triggers publish-canvas-image.yml + publish-workspace-server-image.yml on main → ECR :staging-<sha> → tenant fleet redeploy. Refs: #1237 (staging merge 6a082197), internal#418, follow-up internal#423	2026-05-15 22:27:51 +00:00
fullstack-engineer	0e13a80121	chore: promote staging→main (chat E2E + accumulated fixes) ... Promotes the following staging-only changes to main: - feat(e2e): stabilize Playwright chat tests for desktop + mobile (PR #1142) - feat(workspace): broadcast and talk-to-user platform abilities - feat(adapter-base): ProviderRegistry type + resolve_provider_routing - fix(staging): OFFSEC-010 CP config wiring + CWE-78 rows.Err fixes - fix(staging): restore goAsync tracking in dispatch calls - fix(ci): needs-based all-required sentinel - fix(canvas): load chat history in MobileChat (closes #1062) Merge-conflict resolutions: - ThemeToggle.tsx: take staging (INDEX_SIZE_ERR test fix) - MobileChat.tsx + test: take staging (shared hooks refactor) - workspace_broadcast.go: take main (OFFSEC-015 org isolation) - org_helpers.go + tests: combine both (CWE-78 guard + rows.Err) - secrets.go: take staging (descriptive rows.Err log messages) - workspace.go: combine (goAsync tracking + SaaS tier hard-gate) - cp_provisioner.go: combine (OFFSEC-010 comments + main formatting) - ci.yml: combine (mc#774 trackers + all-required needs cleanup) - test_a2a_offsec003_sanitization.py: delete (redundant per mc#62d38667)	2026-05-15 15:20:52 -07:00
devops-engineer	a118c63cd9	fix(canvas): skip config.yaml write for openclaw + bump request timeout to 35s (#1237) ... Direct merge per user GO (URGENT FIX implementation). Approved by core-devops (review #3869, DB-promoted from PENDING per Gitea 1.22.6 bug). Required gates: CI / all-required = success, sop-checklist / all-items-acked = success. Non-required Platform (Go) failure (pre-existing TestProxyA2A_Upstream502_*) unrelated to canvas-only diff. Refs: internal#418, follow-up internal#423	2026-05-15 15:05:49 -07:00
core-devops	843092db7d	feat(e2e): stabilize Playwright chat tests for desktop + mobile ... Comprehensive Playwright E2E coverage for the unified chat stack. - chat-seed.ts: external workspace creation with psql bypass for loopback URLs, heartbeat keeper, platform_inbound_secret pre-seed, and DB cleanup - echo-runtime.ts: minimal A2A JSON-RPC server with workspace-side /internal/chat/uploads/ingest endpoint for file-attachment round-trips - panel load, send/receive echo, history persistence - file attachment round-trip (desktop + mobile) - composer auto-grow (mobile) - markdown rendering: code blocks and tables (desktop) - activity log visibility (desktop) - Extract shared hooks: useChatHistory, useChatSend, useChatSocket - MobileChat: add file attachments, markdown rendering, history context - ChatTab: migrate to shared hooks - data-testid: chat-panel, workspace-card, mobile-chat-cta - .gitea/workflows/e2e-chat.yml: ephemeral Postgres/Redis, workspace-server build, canvas dev server, Playwright run, artifact upload on failure	2026-05-15 14:20:04 -07:00
devops-engineer	02a37a360c	Merge pull request 'chore: promote #1121 (broadcast + talk-to-user abilities) to main' (#1224) from promote/1121-broadcast-talk-to-user-to-main into main	2026-05-15 19:52:03 +00:00
hongming-codex-laptop	5a05302cd6	fix(broadcast): OFFSEC-015 — scope recipients to sender's org ... Previously POST /workspaces/:id/broadcast collected every non-removed workspace in the database, allowing a workspace in Org-A to broadcast to every workspace in Org-B, Org-C, etc. Fix: walk parent_id chain with a recursive CTE to find the sender's org root, then filter recipients to workspaces sharing that root. Same isolation pattern as hotfix #1157 (staging) — port to this main-target PR so the cherry-pick doesn't ship the vulnerable original. Adds workspace_broadcast_test.go from #1157 with: - TestBroadcast_OrgScopedRecipients (cross-org isolation regression) - TestBroadcast_OrgScoped_OrgRootSender - TestBroadcast_OrgScoped_ChildWorkspaceSender - + NotFound / Disabled / EmptyOrg / InvalidID coverage Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 12:30:03 -07:00
hongming-codex-laptop	59b4f44224	fix(mcp): add broadcast_message dispatch arm to a2a_mcp_server ... test_dispatcher_schema_drift caught that broadcast_message was registered in platform_tools.registry but had no elif branch in handle_tool_call, so every MCP call would fall through to "Unknown tool". Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 12:03:08 -07:00
hongming-codex-laptop	ee55473812	test(e2e): workspace broadcast and talk-to-user abilities ... 20-assertion shell E2E covering the full abilities contract: - talk_to_user_enabled=true (default) → POST /notify succeeds - PATCH /abilities to disable → /notify returns 403 with error code and delegate_task hint; re-enabling restores delivery - broadcast_enabled=false (default) → POST /broadcast returns 403 - PATCH /abilities to enable → fan-out succeeds, delivered count >= 1 - Receiver activity log has broadcast_receive row (activity_type) with correct summary and source_id pointing at sender workspace - Sender activity log has broadcast_sent row; sender has no self-receive - Empty broadcast message returns 400 - Partial PATCH leaves unmentioned flags unchanged Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 12:03:08 -07:00
hongming-codex-laptop	29b4bffb13	feat(workspace): add broadcast and talk-to-user platform abilities ... Two new workspace-level ability flags (broadcast_enabled, talk_to_user_enabled) with full backend enforcement, MCP tool, and canvas UI: - Migration: adds broadcast_enabled (default false) and talk_to_user_enabled (default true) columns to workspaces table - PATCH /workspaces/:id/abilities (AdminAuth) toggles either flag independently - POST /workspaces/:id/broadcast (WorkspaceAuth) fans out a broadcast_receive activity_log entry + WS BROADCAST_MESSAGE event to all non-removed peers; requires broadcast_enabled=true on the sender - AgentMessageWriter checks talk_to_user_enabled; returns ErrTalkToUserDisabled which surfaces as HTTP 403 on /notify and the send_message_to_user MCP tool - broadcast_message MCP tool added to registry + a2a_tools_messaging.py - Canvas ChatTab shows "Agent is not enabled to chat with you" banner with Enable button when talkToUserEnabled=false on the workspace node Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 12:03:08 -07:00
devops-engineer	76609f4129	Merge pull request 'feat(workspace): broadcast and talk-to-user platform abilities' (#1121) from feat/workspace-abilities-broadcast-talk-to-user into staging	2026-05-15 07:42:19 +00:00
Molecule AI App-FE	5dc1e462de	fix(external-workspace): pin molecule-ai-workspace-runtime>=0.1.999 in OpenClaw snippet (#1143) ... fix(external-workspace): pin molecule-ai-workspace-runtime>=0.1.999 in OpenClaw snippet Ensures the molecule-mcp console script (heartbeat + register-on-startup) is present on install. Older versions only ship a2a_mcp_server which does not heartbeat, causing workspaces to go OFFLINE within 60s. Closes openclaw keepalive regression. Co-authored-by: Molecule AI App-FE <app-fe@agents.moleculesai.app> Co-committed-by: Molecule AI App-FE <app-fe@agents.moleculesai.app>	2026-05-15 07:35:57 +00:00
hongming-codex-laptop	8439a066b6	fix(mcp): add broadcast_message dispatch arm to a2a_mcp_server ... test_dispatcher_schema_drift caught that broadcast_message was registered in platform_tools.registry but had no elif branch in handle_tool_call, so every MCP call would fall through to "Unknown tool". Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 00:19:44 -07:00
hongming-codex-laptop	d7d376118d	test(e2e): workspace broadcast and talk-to-user abilities ... 20-assertion shell E2E covering the full abilities contract: - talk_to_user_enabled=true (default) → POST /notify succeeds - PATCH /abilities to disable → /notify returns 403 with error code and delegate_task hint; re-enabling restores delivery - broadcast_enabled=false (default) → POST /broadcast returns 403 - PATCH /abilities to enable → fan-out succeeds, delivered count >= 1 - Receiver activity log has broadcast_receive row (activity_type) with correct summary and source_id pointing at sender workspace - Sender activity log has broadcast_sent row; sender has no self-receive - Empty broadcast message returns 400 - Partial PATCH leaves unmentioned flags unchanged Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 00:19:44 -07:00
hongming-codex-laptop	026d1c5fae	feat(workspace): add broadcast and talk-to-user platform abilities ... Two new workspace-level ability flags (broadcast_enabled, talk_to_user_enabled) with full backend enforcement, MCP tool, and canvas UI: - Migration: adds broadcast_enabled (default false) and talk_to_user_enabled (default true) columns to workspaces table - PATCH /workspaces/:id/abilities (AdminAuth) toggles either flag independently - POST /workspaces/:id/broadcast (WorkspaceAuth) fans out a broadcast_receive activity_log entry + WS BROADCAST_MESSAGE event to all non-removed peers; requires broadcast_enabled=true on the sender - AgentMessageWriter checks talk_to_user_enabled; returns ErrTalkToUserDisabled which surfaces as HTTP 403 on /notify and the send_message_to_user MCP tool - broadcast_message MCP tool added to registry + a2a_tools_messaging.py - Canvas ChatTab shows "Agent is not enabled to chat with you" banner with Enable button when talkToUserEnabled=false on the workspace node Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 00:19:44 -07:00
devops-engineer	48ad38e795	Merge pull request 'feat(adapter-base): ProviderRegistry type + resolve_provider_routing utility' (#1138) from feat/provider-routing-base-v2 into staging	2026-05-15 06:52:15 +00:00
core-devops	4bdb10b5e2	feat(adapter-base): add ProviderRegistry type + resolve_provider_routing utility ... Adds a shared resolver that maps `provider:model` strings to (api_key, base_url, model_id). Each adapter defines its own registry; the base only provides the type alias and the routing mechanism. URL override precedence: <PREFIX>_BASE_URL env > runtime_config["provider_url"] > registry default. Unknown prefixes fall back to OpenAI credentials. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 23:02:09 -07:00
devops-engineer	ec96a8f600	Merge pull request 'fix(ci): throttle SOP refire workflow fan-out' (#1134) from fix/ci-sop-refire-concurrency into main	2026-05-15 05:57:38 +00:00
claude-ceo-assistant (Claude Opus 4.7 on Hongming's MacBook)	3198a3ee5d	fix(ci): throttle SOP refire workflow fan-out	2026-05-14 22:39:05 -07:00
devops-engineer	6452456f75	Merge pull request 'fix(ci): needs-based all-required sentinel (fixes #1083)' (#1096) from fix/ci-allrequired-needs-v2 into staging	2026-05-15 04:03:53 +00:00
core-devops	4978601032	fix(sop-checklist): update parse_directives return type to (directives, na_directives) ... Tests in test_sop_checklist.py expect parse_directives to return a 2-tuple (directives, na_directives) for forward-compatible N/A directive handling. Update the return type and fix the internal call site to match. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 20:29:45 -07:00
core-devops	ec3e27a4ec	fix(ci): needs-based all-required sentinel + remove needs:changes from build jobs (fixes #1083) ... - platform-build: drop `needs: changes`; change per-step `if:` conditions from `needs.changes.outputs.platform == 'true'` to `if: always()` and the skip step from `!= 'true'` to `if: false`. Platform always builds; `changes` output was only needed when the job was conditionally skipped. - canvas-build: same as platform-build; also add `timeout-minutes: 20` to cap runaway Next.js builds. - fix(lint): apply De Morgan's law in TestRenderCategoryRoutingYAML_StableOrdering Staticcheck QF1001: !(ai < mi && mi < zi) → ai >= mi || mi >= zi. Rebased on staging 4cc0e32a. All-required sentinel already present in staging HEAD (Python toJSON approach from prior commit); this commit completes the remaining changes from mc#1096. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 20:10:51 -07:00
hongming-codex-laptop	85b93feacc	ci: prevent advisory workflow timeout flakes	2026-05-14 20:00:19 -07:00
hongming-codex-laptop	da2fefa398	ci: harden scheduled gate check against list timeouts	2026-05-14 19:31:31 -07:00
hongming-codex-laptop	8f4c00ba05	ci: rearm after runner disk gc	2026-05-14 19:06:22 -07:00
hongming-codex-laptop	106baadf2b	ci: fix platform staticcheck lint	2026-05-14 18:12:21 -07:00
hongming-codex-laptop	6b80dca1f4	fix: preserve Claude Code provider registry in generated configs	2026-05-14 17:33:22 -07:00
devops-engineer	4cc0e32a53	Merge pull request 'fix(staging): wire OFFSEC-010 CP config + CWE-78 rows.Err fixes' (#1078) from fix/staging-offsec010-cp-wiring into staging	2026-05-15 00:05:36 +00:00
hongming-codex-laptop	2f5b145c58	ci: rerun core pipeline after runner recovery	2026-05-14 16:40:30 -07:00
hongming-codex-laptop	420ac2f00d	ci: update instructions handler test expectations	2026-05-14 16:25:55 -07:00
Molecule AI Core-BE	e9693e12ff	fix(handlers): add rows.Err() checks across approvals, tokens, instructions ... Standard CWE-78 pattern (same class as CWE-78-rows-err hotfix #1071): iterating over sql.Rows without checking rows.Err() after the loop silently ignores connection errors. Add the deferred Err() check to: - approvals.go: ListPendingApprovals (GET /approvals) - approvals.go: List (GET /workspaces/:id/approvals) - tokens.go: List (GET /workspaces/:id/tokens) - instructions.go: Resolve handler (GET /workspaces/:id/instructions/resolve) - instructions.go: scanInstructions helper (used by List handler) 🤖 Generated with [Claude Code](https://claude.com/claude-code)	2026-05-14 23:22:18 +00:00