9 Commits

Author	SHA1	Message	Date
claude-ceo-assistant	15935143c8	chore(manifest): drop reno-stars + 5 org-templates flipped public; document OSS-surface contract ... Follow-up to the workspace-template visibility flip in 558e4fee. After flipping the 5 private workspace-templates public (#192 root cause), the harness-replays clone moved one step deeper to the org-templates list, where 6 of 7 were also private. Hongming-confirmed flip plan: - 5 of 6 (molecule-dev, free-beats-all, medo-smoke, molecule-worker-gemini, ux-ab-lab) — flipped public per `feedback_oss_first_repo_visibility_default`. These are unambiguously OSS-template-shape: generic README, no customer-shaped names, no creds in content. - 1 of 6 (reno-stars) — name itself is customer-shaped (would expose customer/tenant identity). Kept private; removed from manifest.json per Hongming. Will be handled at provision-time via the per-tenant credential resolver designed in internal#102 (Layer-3 RFC). Documents the OSS-surface contract in two places: - manifest.json _comment: every entry MUST be public; Layer-3 lives elsewhere - clone-manifest.sh comment block: rationale + the explicit ci-readonly team-grant escape hatch (review-gated, not default). Closes the second clone-fail layer of #192. Combined with 558e4fee + the workspace-template visibility flips, the Pre-clone manifest deps step should now succeed anonymously for the full registered set. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 11:58:09 -07:00
claude-ceo-assistant (Claude Opus 4.7 on Hongming's MacBook)	25fb696965	chore: reconcile main → staging post-suspension divergence ... Refs Task #165 (Class D AUTO_SYNC_TOKEN plumbing). main and staging diverged after the 2026-05-06 GitHub-org suspension because Class D / Class G / feature work landed on staging while unrelated CI fixes (#34-47, ECR auth-inline, buildx→docker, pre-clone manifest deps) landed straight on main. Both branches edited the same workflow files, so every push to main triggered an Auto-sync run that aborted at `git merge --no-ff origin/main` with 7 content conflicts: - .github/workflows/canary-verify.yml (URL: github.com → Gitea) - .github/workflows/ci.yml (3 URL refs) - .github/workflows/publish-runtime.yml (cascade: HTTP repo-dispatch → Gitea push) - .github/workflows/publish-workspace-server-image.yml (drop AWS-action steps; ECR auth is inline) - .github/workflows/retarget-main-to-staging.yml (URL) - manifest.json (lowercase org slug + add mock-bigorg from main) - scripts/clone-manifest.sh (keep main's MOLECULE_GITEA_TOKEN auth path + drop awk-tolower since manifest is now lowercase) Resolution: union — staging's post-suspension Gitea/ECR migrations win on URL/policy edits; main's additive work (mock-bigorg manifest entry, inline ECR auth, MOLECULE_GITEA_TOKEN basic-auth) is preserved on top. After this lands, staging is a strict superset of main, so the next auto-sync run on a push to main will be a clean fast-forward / no-op. The auto-sync workflow on main also picks up staging's AUTO_SYNC_TOKEN swap (Class D #26) for free, fixing the latent layer-2 push-auth issue. Verified locally: - bash -n scripts/clone-manifest.sh - python -c 'yaml.safe_load(...)' on each touched workflow - python -c 'json.load(open(manifest.json))' (21 plugins, 9 templates, 7 org_templates) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 14:24:37 -07:00
devops-engineer	990b4d2eb8	fix(post-suspension): redirect clone-manifest to Gitea (Class G #168 followup) ... The Class G #168 PR (#40) caught explicit `github.com/Molecule-AI/<repo>` URL literals in 23 files but missed two indirect forms: - `scripts/clone-manifest.sh` lines 50,52 had `https://github.com/${repo}.git` (the org/repo path is a variable, so the Class-G regex `github\.com/Molecule-AI/` didn't match). - `manifest.json` had `"Molecule-AI/<repo>"` (no `github.com` prefix; the prefix gets prepended by the script). Together these are what `Dockerfile.tenant`'s stage-3 templates RUN actually fetches. After PR #40 the harness-replays workflow against staging still fails with `fatal: could not read Username for 'https://github.com'` because the in-image build is the unfixed shell loop. This PR: - scripts/clone-manifest.sh: replaces both clone URLs with `https://git.moleculesai.app/${repo}.git`. Anonymous public clones work for these repos (verified manually). - manifest.json: lowercases `Molecule-AI/` to `molecule-ai/` to match Gitea's canonical org slug. Gitea is case-insensitive so both work, but the lowercase form matches every other URL in the org and is what main's clone-manifest.sh (PR #38) already standardises on. This is the minimum-diff staging fix. Sister #173 already shipped a more sophisticated version on main (with optional MOLECULE_GITEA_TOKEN auth + per-build pre-clone). When auto-sync resolves the staging-vs-main conflict, this minimal version gets superseded by the main version naturally. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 13:34:53 -07:00
devops-engineer	a6d67b4c68	fix(ci): pre-clone manifest deps in workflow, drop in-image clone (closes #173) ... publish-workspace-server-image.yml could not run on Gitea Actions because Dockerfile.tenant's stage 3 ran `git clone` against private Gitea repos from inside the Docker build context, where no auth path exists. Every workspace-server rebuild required a manual operator-host push. Move cloning to the trusted CI context (where AUTO_SYNC_TOKEN — the devops-engineer persona PAT — is naturally available). Dockerfile.tenant now COPYs from .tenant-bundle-deps/, populated by the workflow's new "Pre-clone manifest deps" step. The Gitea token never enters the image. - scripts/clone-manifest.sh: optional MOLECULE_GITEA_TOKEN env embeds basic-auth in the clone URL; redacted in log output. Anonymous fallback preserved for future public-repo path. - .github/workflows/publish-workspace-server-image.yml: new pre-clone step before docker build; injects AUTO_SYNC_TOKEN. Fail-fast if the secret is empty. - workspace-server/Dockerfile.tenant: drop stage 3 (templates), COPY from .tenant-bundle-deps/ instead. Header documents the prereq. - .gitignore: ignore /.tenant-bundle-deps/ so a local build can't accidentally commit cloned repos. Verified locally: clone-manifest.sh with the devops-engineer persona token cloned all 37 repos (9 ws + 7 org + 21 plugins, 4.9MB after .git strip). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 12:59:46 -07:00
devops-engineer	8313b2a7a7	fix(scripts): clone-manifest.sh — use Gitea + lowercase org slug ... Post-2026-05-06 GitHub-org suspension: scripts/clone-manifest.sh was still pointing at https://github.com/${repo}.git, so the Docker build for workspace-server'\''s platform image fails at: fatal: could not read Username for 'https://github.com': No such device or address with no credentials available in the build container. Fix: clone from https://git.moleculesai.app/${repo}.git instead. manifest.json'\''s repo paths still read 'Molecule-AI/...' (the historic GitHub slug, mixed-case); Gitea lowercases the org component to 'molecule-ai/...'. Lowercase the org segment on the fly with awk so we don'\''t need to rewrite every manifest entry. Local verify: bash -n passes, lowercase transform produces correct Gitea paths, anonymous git clone of one of the manifest plugins over HTTPS to git.moleculesai.app succeeds. Class G in the prod-ship CI sweep — same shape as the github.com ref Harness Replays hits, this is the second instance found.	2026-05-07 08:17:58 -07:00
Hongming Wang	96cc4b0c42	fix(quickstart): wire up template/plugin registry via manifest.json ... The Canvas template palette was empty on a fresh clone because `workspace-configs-templates/`, `org-templates/`, and `plugins/` are gitignored and nothing populated them. The registry already exists — `manifest.json` at repo root lists every curated `workspace-template-*`, `org-template-*`, and `plugin-*` repo, and `scripts/clone-manifest.sh` clones them — but the step was absent from the README and setup.sh, so new users never ran it. ### What this commit does **1. `setup.sh` runs `clone-manifest.sh` automatically** (once). After starting the Docker network but before booting infra, iterate `manifest.json` and clone any workspace_templates / org_templates / plugins that aren't already populated. Idempotent — subsequent runs skip dirs that have content. Requires `jq`; when jq is missing the step prints a clear install hint and skips (doesn't fail). **2. `clone-manifest.sh` is idempotent.** Before running `git clone`, check whether the target directory already exists and is non-empty — skip if so. Lets `setup.sh` rerun safely without forcing the operator to delete already-cloned template repos. **3. `ListTemplates` logs the reason it skips a template.** The handler previously swallowed `resolveYAMLIncludes` errors with `continue`, so a broken template showed up as an empty palette with no log trail. Now the include-expansion and yaml.Unmarshal failure paths both emit a descriptive `log.Printf` — the exact message that made the stale `org-templates/molecule-dev/` snapshot debuggable: ListTemplates: skipping molecule-dev — !include expansion failed: !include "core-platform.yaml" at line 25: open .../teams/ core-platform.yaml: no such file or directory **4. Remove the in-tree `org-templates/molecule-dev/` snapshot** (170 files). Matches the explicit intent of prior commit `bfec9e53` — "remove org-templates/molecule-dev/ — standalone repo is source of truth". A later "full staging snapshot" re-added a partial copy that had `!include` references to 7 role files that never existed in the snapshot (`core-platform.yaml`, `controlplane.yaml`, `app-docs.yaml`, `infra.yaml`, `sdk.yaml`, `release-manager/workspace.yaml`, `integration-tester/workspace.yaml`). `clone-manifest.sh` repopulates it fresh from `Molecule-AI/molecule-ai-org-template-molecule-dev`. .gitignore exception for `molecule-dev/` is dropped accordingly — the whole `/org-templates/*` tree is now gitignored, symmetric with `/plugins/` and `/workspace-configs-templates/`. **5. Doc updates** (README, README.zh-CN, CONTRIBUTING) mention `jq` as a prerequisite and describe what setup.sh now does. ### Verification On a fresh-nuked DB with the updated branch: 1. `bash infra/scripts/setup.sh` — cleanly clones 33/33 manifest repos (20 plugins, 8 workspace_templates, 5 org_templates), then boots infra. Second run skips all 33 (idempotent). 2. `go run ./cmd/server` — "Applied 41 migrations", :8080 healthy. 3. `curl http://localhost:8080/org/templates` returns 4 templates (was `[]`): - Free Beats All - MeDo Smoke Test - Molecule AI Worker Team (Gemini) - Reno Stars Agent Team 4. `bash tests/e2e/test_api.sh` — 61/61 pass. 5. `npx vitest run` in canvas — 902/902 pass. 6. `shellcheck infra/scripts/setup.sh` — clean. ### SaaS parity All changes are local-dev surface. `setup.sh`, `clone-manifest.sh`, and the local `org-templates/` directory aren't part of the CP provisioner path — SaaS tenant machines get their templates via Dockerfile layers or CP-side provisioning, not `clone-manifest.sh`. The `ListTemplates` log addition is harmless either way (replaces a silent `continue` with a `log.Printf + continue`). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-23 14:55:34 -07:00
Hongming Wang	fd719f4d36	fix: use /bin/sh not bash in clone-manifest (Alpine has no bash)	2026-04-16 05:42:49 -07:00
Hongming Wang	74e4f30216	fix: address all code review findings + remove exposed secrets ... Code review fixes: - 🟡 #1: Replace python3 with jq in Dockerfile template stages (~50MB → ~2MB) - 🟡 #2: Add clone count verification to scripts/clone-manifest.sh (set -e + expected vs actual count check — fails build if any clone fails) - 🟡 #3: Drop 'unsafe-eval' from CSP (not needed for Next.js production standalone builds, only dev mode). Updated test assertion. - 🟡 #4: Remove broken pyproject.toml from workspace-template/ (it claimed to package as molecule-ai-workspace-runtime but the directory structure didn't match — the real package ships from the standalone repo) - 🔵 #1: Add version-pinning TODO comment to manifest.json - 🔵 #3: Add full repo URLs + test counts for SDK/MCP/CLI/runtime in CLAUDE.md Security (GitGuardian alert): - Removed Telegram bot token (8633739353:AA...) from template-molecule-dev pm/.env — replaced with ${TELEGRAM_BOT_TOKEN} placeholder - Removed Claude OAuth token (sk-ant-oat01-...) from template-molecule-dev root .env — replaced with ${CLAUDE_CODE_OAUTH_TOKEN} placeholder - Both tokens need immediate rotation by the operator Tests: Platform middleware tests updated + all pass.	2026-04-16 05:05:49 -07:00
Hongming Wang	8e304e69e8	chore: remove extracted directories, add manifest-driven Docker builds ... Remove plugins/, workspace-configs-templates/, org-templates/ dirs (now in standalone repos). Add manifest.json listing all 33 repos and scripts/clone-manifest.sh to clone them. Both Dockerfiles now use the manifest script instead of 33 hardcoded git-clone lines. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 04:13:29 -07:00