Covers:
- Positive integers (including large TTLs like 3600s)
- Zero value
- Negative → collapses to 0
- Missing / absent expires_in_seconds
- No params at all
- Malformed JSON
- Empty body
- Type mismatches: null, string, float → 0
Part of ongoing pure-function test coverage for the A2A queue layer.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Issue #794.
New hub_test.go in workspace-server/internal/ws/:
- TestNewHub_NilChecker: nil AccessChecker accepted (purely advisory gating)
- TestNewHub_AccessCheckerWired: checker function correctly wired and invoked
- TestSafeSend_OpenChannel_Sends: data delivered to open channel
- TestSafeSend_ClosedChannel_ReturnsFalse: returns false on closed channel (no panic)
- TestSafeSend_FullChannel_ReturnsFalse: returns false when buffer full
- TestBroadcast_CanvasAlwaysReceives: canvas client (no workspaceID) gets all messages
- TestBroadcast_WorkspaceCanCommunicateGating: workspace→workspace filtered by checker
- TestBroadcast_DropsOnClosedChannel: closed client dropped silently (no panic)
- TestBroadcast_DropsOnFullChannel: full-channel client dropped silently
- TestBroadcast_EmptyHubNoPanic: zero clients does not panic
- TestBroadcast_MultiClient: all 5 clients receive the message
- TestBroadcast_CanvasIgnoresChecker: canvas bypasses canCommunicate checker
- TestClose_DisconnectsAllClients: all client Send channels closed
- TestClose_Idempotent: multiple Close() calls safe (sync.Once)
- TestClose_ClosesDoneChannel: Run() exits after Close()
- TestRun_UnregisterClosesClientSend: Unregister closes client Send channel
- TestBroadcast_ConcurrentSafe: 5 concurrent goroutines broadcasting safely
Also fixes hub.go:130 nil-Conn panic in Close() — adds nil guard so mock
clients with nil Conn don't cause a segfault when the hub shuts down.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Three pre-existing go vet errors introduced by staging-branch divergence from main:
1. internal/bundle/importer_test.go:80 — undefined 'files' variable.
TestBuildBundleConfigFiles_Skills creates b := &Bundle{...} but never
calls buildBundleConfigFiles(b), leaving 'files' undefined. Added
files := buildBundleConfigFiles(b).
2. internal/provisioner/localbuild_test.go — unknown field preflightLocalBuild.
Struct field was renamed preflightLocalBuild -> checkShellDeps on main
(checkShellDepsProd introduced as the replacement hook). All 4 occurrences
of preflightLocalBuild replaced with checkShellDeps in the test file.
3. internal/handlers/org_external.go:349 — append with no values.
cloneAndConfig := append(gitArgs(...)) is a pointless wrapper; main has
cloneAndConfig := gitArgs(...) directly. Removed the append().
Fixes issue #820.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Bug: `extractAgentText({ parts: [] })` fell through all three source
checks (parts, artifacts, status.message) and returned the error
string `"(Could not extract response text)"` instead of `""`. Empty tasks
should render as blank bubbles, not error indicators.
Fix: check `typeof task === "string"` first, then walk all three
sources. Return `""` when every source is exhausted rather than
falling through to the catch/error string.
Added 11 dedicated tests for `extractAgentText` covering:
- Normal extraction from parts, artifacts, status.message
- Precedence (parts > artifacts > status.message)
- String fallback
- Empty parts/array/undefined fields returning ""
- Null/undefined status.message toleration
Also merged all fixes from fix/test-declarations (37 previously
failing vitest cases resolved).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Move pure-function test cases for extractResponseText and
hasUnresolvedVarRef to their dedicated *_pure_test.go sibling
files. Keep integration/routing tests in the parent *_test.go.
Also add two missing assertions to workspace_crud validators test
(t.Log zeroing and conflict detection).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Key fixes:
- MissingKeysModal: add missing aria-hidden="true" to AllKeysModal
backdrop (ProviderPickerModal had it; AllKeysModal was missing it)
- MissingKeysModal.a11y: use class-based backdrop selector in jsdom
- ContextMenu: fix Tab key test to fire on menu element; offline nodes
use hasAttribute("disabled") instead of queryByRole().toBeNull()
- ConversationTraceModal: correct part-text expectation (joins all parts)
- Legend: fix palette-offset test to use document.querySelector on fixed
panel div, not .closest("div") which found inner text element
- OnboardingWizard: use RTL rerender for auto-advance (second render()
created a new component instance without shared state)
- PurchaseSuccessModal: mock history.replaceState to prevent SecurityError
in jsdom; replace setTimeout-promises with advanceTimersByTime
- Spinner: use getAttribute("class") instead of .className (SVGAnimatedString
in jsdom)
- TestConnectionButton: move Spinner outside <button> to fix accessible
name conflict; use hasAttribute("disabled"); fix error text assertion
- Tooltip: focus first focusable child inside trigger ref, not wrapper div
- TestConnectionButton component: restructure JSX — Spinner as sibling
- createMessage: conditional attachments spread (only include when non-empty)
- BundleDropZone: fix DragEvent in jsdom with createDragOverEvent helper
All 2257 canvas tests pass; npm run build succeeds.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Preemptively incorporate mc#817 fix into the staging port of
sop-checklist-gate.yml. Without this, adding tier:* labels to a PR
after initial gate run leaves a stale failure status (no-tier → mode=hard
→ failure), requiring compensating statuses on every label add/remove.
Also closes mc#817 itself — same fix is PR #818 on main.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Bootstrap fix for mc#805 follow-up: adds the two missing Gitea
workflows + their runtime dependencies to the staging branch so that
`pull_request_target`-based CI and SOP gates fire for all staging PRs.
Changes:
- .gitea/workflows/ci.yml — copied from main; already targets staging
- .gitea/workflows/sop-checklist-gate.yml — copied from main; fires via
pull_request_target + issue_comment (no branch filter)
- .gitea/scripts/sop-checklist-gate.py — copied from main; required by
sop-checklist-gate.yml
- .gitea/sop-checklist-config.yaml — copied from main; config for the
SOP gate script
The ci.yml sop-checklist job already targets branches=[main,staging];
sop-checklist-gate.yml fires on all pull_request_target events. The
script dependency (sop-checklist-gate.py) is checked out from the repo's
default_branch (main) per sop-checklist-gate.yml's trust model.
Bootstrap note: this PR cannot self-validate via CI (the workflows
won't post status checks until the PR is merged). Compensating statuses
must be posted manually:
POST .../statuses/{sha} {"state":"success","context":"CI / all-required (pull_request)"}
POST .../statuses/{sha} {"state":"success","context":"sop-checklist / all-items-acked (pull_request)"}
Refs: mc#805 (bootstrap paradox — same fix pattern as PR #802 for staging)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
mc#786: parseEnvFile(filepath.Join(orgBaseDir, ws.FilesDir, ".env")) was called
without the resolveInsideRoot path-traversal guard. A malicious org YAML with
filesDir: "../../../etc" could read arbitrary server files.
Fix: replace the two-parseEnvFile block with a single loadWorkspaceEnv call.
loadWorkspaceEnv already applies resolveInsideRoot to ws.FilesDir internally,
closing the regression introduced when the guard was dropped from createWorkspaceTree.
Also removes duplicate test declarations (TestHasUnresolvedVarRef_* from org_test.go
and TestExtractResponseText_ResultNotMap from delegation_test.go) that blocked
go build — the comprehensive versions live in *_pure_test.go / *_extract_response_text_test.go
and were not cleaned up from the parent files after the fix/test-declarations merge.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
mc#798 drift-detect F3a/F3b: staging branch protection requires only
sop-checklist/all-items-acked, not sop-tier-check or Secret scan.
- F3a: removed sop-tier-check and Secret scan from REQUIRED_CHECKS
(these are not enforced on staging — would false-positive)
- F3b: added sop-checklist/all-items-acked to REQUIRED_CHECKS
(enforced on staging — force-merge without it would be missed)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The staging branch diverged from main before PR #542 landed and was never
forward-ported. a2a_tools.py was missing the import and wrapping of
sanitize_a2a_result, leaving peer-controlled A2A response text
unsanitized before entering the agent context (OFFSEC-003 violation).
Fix mirrors the main-line fix (PR #542 / mc#537):
- Import sanitize_a2a_result from _sanitize_a2a
- Wrap all peer-controlled return values with sanitize_a2a_result()
Also removes a duplicate dead-code block that was an artifact of the
merge conflict on the staging branch.
Fixes: molecule-ai/molecule-core#787
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Fixes a type-assertion panic when a workspace has an empty role string.
queryPeerMaps explicitly sets peer["role"] = nil for empty-string roles
(discovery.go:340), and filterPeersByQuery did p["role"].(string) without
guarding for nil. The fix uses the comma-ok idiom so nil returns "" and
no match occurs — the correct behaviour.
Test files added (all pure functions, no DB/side effects):
- discovery_filter_test.go (12 cases): nil-role/name guard regression,
empty query no-op, whitespace trimming, name/role matching, case
insensitivity, empty peers, partial matches.
- org_helpers_walk_test.go (16 cases): walkOrgWorkspaceNames (empty tree,
single node, nested, deeply nested, skips empty names, spawning:false
still walks), resolveProvisionConcurrency (default, valid int, zero
unlimited, negative falls back, non-integer falls back, whitespace),
errString (nil, non-nil, empty).
- delegation_extract_response_text_test.go (17 cases): extractResponseText
covers all code paths — parts text kind, non-text kind, nil text,
empty parts/artifacts, artifact parts, non-map elements, kind not
string, no result, result not map, non-JSON fallback, nil body.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Two pre-existing canvas test failures:
1. canvas/src/components/tabs/FilesTab/tree.ts:getIcon()
FILE_ICONS keys are lowercase (".json") but the extension was looked
up as-is (".JSON"). Result: FILE_ICONS[".JSON"] → undefined → fallback
"📄" instead of "{}".
Fix: lowercase the extension before FILE_ICONS lookup. Also added ?.
null-coalescing on split().pop() to handle filenames without extension.
2. canvas/src/store/__tests__/canvas-topology-pure.test.ts
sortParentsBeforeChildren test expectation was wrong: it assumed orphan
would come after root, but when parentId references a missing node
the orphan keeps its input order (orphan, then root). Updated the
expectation and corrected the comment to match the actual behaviour.
Closes#697.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
mc#687 root-cause finding from mc#424: the EIC diagnose smoke was
reading diagnoseStep.error (Go error string) and discarding
diagnoseStep.detail (subprocess stderr). The actionable signal — e.g.
AccessDeniedException: ... is not authorized to perform:
ec2-instance-connect:OpenTunnel
— lives in detail. Reading only .error produced:
exec: process exited with status 1
which was uninformative and caused a 21h outage investigation.
Fix: extract .detail (subprocess stderr) as primary output; append
Go error string in parentheses when both fields are populated.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds isolated tests for DropTargetBadge — the floating drag-target affordance.
Render-condition coverage:
- Renders nothing when dragOverNodeId is null
- Renders nothing when dragOverNodeId node has no store match
- Renders nothing when getInternalNode returns undefined
- Renders badge with correct name when all inputs are valid
- Badge text follows 'Drop into: <name>' format
- Badge contains exact target name from store
- Renders nothing when target name is null (empty data.name)
Ghost visibility (slot rect inside parent bounds) is deferred to
integration tests that render the full canvas — flowToScreenPosition
coordinate arithmetic is better covered there.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds isolated tests for the pure tree-traversal core of
useOrgDeployState. The buildDeployMap function handles:
- Root / leaf identification via parent-chain walk
- isDeployingRoot: true when any descendant is "provisioning"
- isActivelyProvisioning: true only for the node itself
- isLockedChild: true for non-root nodes in a deploying tree
- isLockedChild: also true for nodes in deletingIds (cross-cutting)
- descendantProvisioningCount: non-zero only on root nodes
- O(n) single-pass walk verified on 50-node tree
Also exports buildDeployMap for direct unit testing (was internal).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
