molecule-core

Author	SHA1	Message	Date
hongming	8019231a16	chore(go-module): #1760 rename Go module to git.moleculesai.app/molecule-ai/molecule-core/workspace-server (#1816 ) ci-arm64-advisory / fast-checks (push) Waiting to run Details Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (push) Successful in 8s Details Block internal-flavored paths / Block forbidden paths (push) Successful in 8s Details CI / Detect changes (push) Successful in 9s Details CI / Python Lint & Test (push) Successful in 5s Details E2E API Smoke Test / detect-changes (push) Successful in 9s Details E2E Chat / detect-changes (push) Successful in 8s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (push) Successful in 49s Details E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 12s Details publish-workspace-server-image / build-and-push (push) Successful in 3m12s Details E2E Staging SaaS (full lifecycle) / pr-validate (push) Successful in 39s Details Handlers Postgres Integration / detect-changes (push) Successful in 4s Details Harness Replays / detect-changes (push) Successful in 5s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 6s Details Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (push) Successful in 4s Details Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (push) Successful in 3s Details lint-required-workflows-docker-host-pinned / Lint docker-host pin on docker-touching workflows (push) Successful in 3s Details lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 1m6s Details Secret scan / Scan diff for credential-shaped strings (push) Successful in 14s Details CI / Canvas (Next.js) (push) Successful in 3s Details CI / Shellcheck (E2E scripts) (push) Successful in 2s Details Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m25s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (push) Successful in 5m19s Details E2E Staging External Runtime / E2E Staging External Runtime (push) Successful in 5m30s Details E2E API Smoke Test / E2E API Smoke Test (push) Successful in 2m23s Details E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (push) Successful in 6m5s Details E2E Chat / E2E Chat (push) Successful in 4m6s Details CI / Platform (Go) (push) Successful in 5m0s Details CI / all-required (push) Successful in 9m45s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 2s Details publish-workspace-server-image / Production auto-deploy (push) Successful in 8m32s Details Harness Replays / Harness Replays (push) Successful in 12s Details CI / Canvas Deploy Reminder (push) Successful in 2s Details Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 1m37s Details Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 8s Details Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 12s Details Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 5m9s Details main-red-watchdog / watchdog (push) Successful in 32s Details gate-check-v3 / gate-check (push) Successful in 25s Details Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 6m10s Details CTO-bypass merge 2026-05-24: #1760 Go module rename to git.moleculesai.app path	2026-05-24 23:37:18 +00:00
hongming-codex-laptop	ad7acd30db	fix(platform): clear golangci-lint findings Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 28s Details E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped Details CI / Detect changes (pull_request) Successful in 58s Details Harness Replays / detect-changes (pull_request) Successful in 17s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 58s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 1m0s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 14s Details E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 54s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 42s Details lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m15s Details lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m50s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s Details qa-review / approved (pull_request) Failing after 15s Details Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 2m0s Details Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m36s Details lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Successful in 2m8s Details gate-check-v3 / gate-check (pull_request) Successful in 32s Details security-review / approved (pull_request) Failing after 18s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 41s Details lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 2m11s Details sop-checklist-gate / gate (pull_request) Successful in 17s Details Harness Replays / Harness Replays (pull_request) Successful in 5s Details sop-tier-check / tier-check (pull_request) Successful in 22s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 20s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 14s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 10s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m42s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3m53s Details CI / Python Lint & Test (pull_request) Successful in 7m18s Details CI / Canvas (Next.js) (pull_request) Successful in 11m54s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details CI / Platform (Go) (pull_request) Successful in 12m45s Details CI / all-required (pull_request) Successful in 3s Details sop-checklist / all-items-acked (pull_request) acked: 7/7 Details audit-force-merge / audit (pull_request) Successful in 4s Details	2026-05-12 22:53:22 -07:00
Molecule AI Core Platform Lead	9e3d420363	[core-lead-agent] fix(core#228): cascade fixes for PluginResolver — make main compile Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s Details sop-tier-check / tier-check (pull_request) Successful in 4s Details PR #256 introduced PluginResolver to break the SourceResolver redeclaration deadlock, but missed three downstream call-sites that left main uncompilable: 1. plugins/drift_sweeper.go: PluginResolver.Resolve was declared returning PluginResolver (recursive). Registry.Resolve returns the production SourceResolver from source.go, so Registry didn't satisfy PluginResolver. Fix: Resolve returns SourceResolver. Add compile-time assertion that Registry satisfies PluginResolver so any future signature drift fails the build instead of router wiring. 2. plugins/drift_sweeper_test.go: stubResolver was still declared with the old SourceResolver shape AND asserted against SourceResolver — the assertion failed because stubResolver lacks Scheme()/Fetch(). Fix: stub is a PluginResolver; assertion targets PluginResolver. Drop the unused "database/sql" import that fails go vet. 3. router/router.go: - The `70f84823` reorder moved the plgh init block above its dockerCli dependency (line 538 used; line 594 declared). Moved the dockerCli declaration up so it's available where used; replaced the orphaned declaration in the terminal block with a comment. - Setup's pluginResolver param was typed plugins.SourceResolver — wrong for plugins.Registry (Registry is not a per-scheme resolver). Retyped to plugins.PluginResolver, which Registry actually satisfies. - Removed the broken `plgh.WithSourceResolver(pluginResolver)` call — WithSourceResolver expects a per-scheme SourceResolver, not a PluginResolver/registry. plgh has its own internal default registry (github+local) from NewPluginsHandler, so dropping the call is functionally a no-op vs the broken state. Kept the param so the drift sweeper (main.go) can share scheme enumeration when needed. 4. go.sum: add the content hash entry for go.moleculesai.app/plugin/ gh-identity/pluginloader (only the /go.mod hash was present, breaking `go build ./cmd/server`). Verified locally: go build ./... ✓ go vet ./... ✓ (only pre-existing org_external append warning) go test ./internal/plugins/... ✓ go test ./internal/router/... ✓ 6 pre-existing handler test failures (TestExecuteDelegation_, TestHandleDiagnose_*) are orthogonal — they did not run before because the package didn't compile. Out of scope for this fix; tracking separately. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 09:46:35 +00:00
core-be	d88a320f0c	fix: resolve SourceResolver naming conflict, SSRF guard placement, and multiple test regressions - plugins/drift_sweeper.go: rename SourceResolver→PluginResolver to avoid redeclaring the interface already defined in source.go (core#228) - handlers/workspace.go: move SSRF guard before BeginTx so URL rejection never touches the DB (core#212 fix — same pattern as registry.go:324) - handlers/restart_signals.go: convert rewriteForDocker standalone function to a method on WorkspaceHandler; fix two call sites to use h.rewriteForDocker - handlers/plugins.go: change Sources() return type from plugins.SourceResolver to pluginSources (the narrow interface satisfied by Registry) - handlers/admin_plugin_drift.go: remove unused "context" import - handlers/delegation_test.go: remove stray closing brace - handlers/restart_signals_test.go: rewrite with correct miniredis v2 API (mr.Get takes context, mr.Set requires TTL), resolveURLTestWrapper embedding pattern, and corrected Redis key handling - handlers/workspace_test.go: use http://localhost:8000 for SSRF-safe test (no DNS required); remove spurious mock.ExpectExec for Redis CacheURL call Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 06:05:11 +00:00
core-be	ada1008012	feat(plugins): plugin drift detector + queue + admin apply endpoint (#123 ) sop-tier-check / tier-check (pull_request) Failing after 5s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s Details ## Summary Adds the version-subscription drift detection and operator-apply workflow for per-workspace plugin tracking (core#113). ## Components Migration (`20260510000000_plugin_drift_queue`): - Adds `installed_sha` column to `workspace_plugins` — records the commit SHA installed so the drift sweeper can compare against upstream. - Creates `plugin_update_queue` table with status: pending \| applied \| dismissed. - Adds partial unique index to prevent duplicate pending rows per (workspace_id, plugin_name). GithubResolver (`github.go`): - `LastFetchSHA` field + `LastSHA()` getter — populated by `Fetch` after a successful shallow clone (captured before `.git` is stripped). Used by the install pipeline to seed `installed_sha`. - `ResolveRef(ctx, spec)` method — resolves a plugin spec to its full commit SHA using `git fetch --depth=1 + git rev-parse`. Used by the drift sweeper to get the current upstream SHA for a tracked ref (tag:vX.Y.Z, tag:latest, sha:…, or bare branch). Drift sweeper (`plugins/drift_sweeper.go`): - Periodic sweep every 1h: SELECTs rows where `tracked_ref != 'none' AND installed_sha IS NOT NULL`, resolves upstream SHA, queues drift if different. - `ListPendingUpdates()` — reads pending queue rows for the admin endpoint. - `ApplyDriftUpdate()` — marks entry applied (idempotent). - ctx.Err() guard on ticker arm to avoid post-shutdown work. Install pipeline (`plugins_install_pipeline.go`, `plugins_tracking.go`, `plugins_install.go`): - `stageResult.InstalledSHA` field — carries the SHA from Fetch to the DB. - `recordWorkspacePluginInstall` now accepts and stores `installed_sha`. - `deleteWorkspacePluginRow` — removes tracking row on uninstall so a stale SHA doesn't prevent the next install from creating a fresh row. - Both Docker and EIC uninstall paths call `deleteWorkspacePluginRow`. Admin endpoints (`handlers/admin_plugin_drift.go`): - `GET /admin/plugin-updates-pending` — list all pending drift entries. - `POST /admin/plugin-updates/:id/apply` — re-installs plugin from source_raw (re-fetching the same tracked ref), records the new SHA, marks entry applied, triggers workspace restart. Idempotent (already-applied returns 200). Router wiring (`router.go`, `cmd/server/main.go`): - Plugin registry created in main.go and shared between PluginsHandler and drift sweeper. - `router.Setup` accepts optional `pluginResolver` param. - `PluginsHandler.Sources()` export for the sweeper wiring pattern. ## Tests - `plugins/github_test.go` — `ResolveRef` coverage (invalid spec, git error, not-found mapping, no-panic for all ref shapes). - `plugins/drift_sweeper_test.go` — `ResolveRef` happy path, stub resolver interface compliance. - `handlers/admin_plugin_drift_test.go` — ListPending (empty, non-empty, DB error), Apply (not found, already applied, already dismissed, workspace_plugins missing). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 00:39:50 +00:00
core-be	e3ea8ff74a	[core-be-agent] sop-tier-check / tier-check (pull_request) Failing after 4s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s Details audit-force-merge / audit (pull_request) Has been skipped Details fix(plugins/test): skip TestLocalResolver_BubblesUpCopyFailure when running as root Fixes issue #87: the test sets chmod(dst, 0o555) to make the destination read-only and asserts the copy fails. On Linux, root bypasses filesystem permissions and can write to 0o555 directories, so the copy succeeds when running as root and the assertion fails. Fix: check os.Getuid() == 0 at the start of the test and skip with a clear message. Mirrors the existing skip in TestLocalResolver_CopyFileSourceUnreadable (line 175) which already handles the same root-bypass issue for unreadable source files. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 22:21:35 +00:00
Hongming Wang	479a027e4b	chore: open-source restructure — rename dirs, remove internal files, scrub secrets Renames: - platform/ → workspace-server/ (Go module path stays as "platform" for external dep compat — will update after plugin module republish) - workspace-template/ → workspace/ Removed (moved to separate repos or deleted): - PLAN.md — internal roadmap (move to private project board) - HANDOFF.md, AGENTS.md — one-time internal session docs - .claude/ — gitignored entirely (local agent config) - infra/cloudflare-worker/ → Molecule-AI/molecule-tenant-proxy - org-templates/molecule-dev/ → standalone template repo - .mcp-eval/ → molecule-mcp-server repo - test-results/ — ephemeral, gitignored Security scrubbing: - Cloudflare account/zone/KV IDs → placeholders - Real EC2 IPs → <EC2_IP> in all docs - CF token prefix, Neon project ID, Fly app names → redacted - Langfuse dev credentials → parameterized - Personal runner username/machine name → generic Community files: - CONTRIBUTING.md — build, test, branch conventions - CODE_OF_CONDUCT.md — Contributor Covenant 2.1 All Dockerfiles, CI workflows, docker-compose, railway.toml, render.yaml, README, CLAUDE.md updated for new directory names. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-18 00:24:44 -07:00

7 Commits