5951 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
hongming	77e511f905	ci: refire CI run	2026-05-14 18:30:17 +00:00
Molecule AI Fullstack Engineer	1a4d012383	fix(provisioner): skip symlinks in CopyTemplateToContainer Walk (OFFSEC-010) ... filepath.Walk follows symlinks by default. A malicious org template containing a symlink (e.g. template/.ssh → /root/.ssh) could escape the intended directory and include arbitrary host files in the tar archive copied into workspace containers. Fix: skip symlinks in the Walk callback. Broken template symlinks are a silent no-op rather than an error, matching the security- first posture (no escalation on unexpected input). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 18:26:47 +00:00
hongming	146009af51	ci: refire CI run	2026-05-14 18:01:28 +00:00
hongming	3a902747c3	ci: refire CI run	2026-05-14 18:01:08 +00:00
hongming	a50ed4169a	ci: refire CI [skip review]	2026-05-14 18:00:03 +00:00
hongming-codex-laptop	7a768060e3	ci: rerun after runner disk cleanup	2026-05-14 10:45:43 -07:00
hongming-codex-laptop	7a614f2e3b	fix: harden saas workspace provisioning config	2026-05-14 10:26:27 -07:00
devops-engineer	45fb96e475	Merge pull request 'fix(queue): catch ApiError in main() so transient failures dont crash workflow' (#1045) from fix/queue-script-error-handling into main	2026-05-14 17:09:13 +00:00
Molecule AI Infra-SRE	8ec2f4f33d	chore: trigger CI re-eval	2026-05-14 10:06:18 -07:00
Molecule AI Infra-SRE	6baeb1f7e2	fix(queue): catch ApiError in main() so transient failures don't crash the workflow ... The queue script exits with code 1 when any api() call raises ApiError (e.g. 401/403 from missing/wrong AUTO_SYNC_TOKEN, or network errors). Since the queue runs every 5 minutes, returning non-zero permanently fails the workflow run and blocks all future ticks. Fix: wrap process_once() call in main() with try/except catching ApiError, URLError, and TimeoutError. Log via ::error:: annotation and return 0 so the workflow is marked success and the next tick can retry. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 10:06:18 -07:00
devops-engineer	c6023e45d1	Merge pull request 'test: satisfy staticcheck on PR regression tests' (#1043) from fix/staticcheck-pr-regression-tests into main	2026-05-14 16:53:52 +00:00
hongming-codex-laptop	033c1b9bd4	test: satisfy staticcheck on PR regression tests	2026-05-14 09:43:04 -07:00
devops-engineer	b1f740013d	Merge pull request 'fix(handlers): synchronize async DB users in race tests' (#1041) from fix/main-async-db-race into main	2026-05-14 16:41:37 +00:00
hongming-codex-laptop	19fce4d400	fix(handlers): keep embedded missing env refs literal	2026-05-14 09:37:52 -07:00
hongming-codex-laptop	096faa2562	fix(provisioner): seed configs before container start	2026-05-14 09:37:52 -07:00
hongming-codex-laptop	1c3b4ff321	fix(handlers): synchronize async DB users in race tests	2026-05-14 09:37:52 -07:00
devops-engineer	3ddc8a0300	Merge pull request 'fix(handlers): add rows.Err() checks after all secrets scan loops' (#1039) from fix/secrets-rows-err-check into main	2026-05-14 16:26:20 +00:00
Molecule AI Core-BE	420c42a202	fix(handlers): add rows.Err() checks after all secrets scan loops ... Regression from audit #109: rows.Err() checks were removed from List, ListGlobal, restartAllAffectedByGlobalKey, and Values between commits 3a30b073 and b25b4fb6. Without these checks, a mid-stream query error (e.g. connection loss during iteration) is silently ignored and partial results are returned as if the query succeeded. Fix: add if err := rows.Err(); err != nil { log.Printf(...) } after every for rows.Next() loop in secrets.go. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 09:17:31 -07:00
devops-engineer	cee43a6dd8	Merge pull request 'fix(handlers): restore POSIX-identifier guard in expandWithEnv (CWE-78, MC#982 regression)' (#1030) from fix/982-posix-identifier-guard into main	2026-05-14 16:12:26 +00:00
Molecule AI Infra-SRE	499e204a82	chore: trigger CI for SOP gate re-check (n/a declarations added)	2026-05-14 09:07:04 -07:00
Molecule AI Core-DevOps	a3a358f968	fix(handlers): restore POSIX-identifier guard in expandWithEnv (CWE-78) ... Restore the POSIX shell-identifier guard in expandWithEnv (org_helpers.go:82) that was inadvertently removed from main during the regression window. Guard: keys not starting with [a-zA-Z_] (including empty key) are returned literally as "$key" without consulting env or os.Getenv. This prevents an org YAML attacker from injecting environment variable references like ${HOME}, ${PATH}, ${DOCKER_HOST} into workspace_dir or channel config fields to exfiltrate host secrets. Also restore org_helpers_pure_test.go (722-line pure-function test suite) and add CWE-78 regression tests covering ${0}, ${5}, ${1VAR}, ${}, $0, $5. Fixes MC#982 regression. Co-Audit: core-offsec, core-security. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 09:07:04 -07:00
devops-engineer	ed01130536	Merge pull request 'fix(handlers): repair instructions test compile' (#1028) from fix/handlers-instructions-test-compile into main	2026-05-14 15:50:42 +00:00
hongming-codex-laptop	3359580502	fix(handlers): repair instructions test compile	2026-05-14 08:20:32 -07:00
devops-engineer	c0bbcb7756	Merge pull request 'fix(canvas/ThemeToggle): replace querySelectorAll with Array.from children approach' (#1017) from design/themetoggle-test-teardown-fix into main	2026-05-14 15:07:31 +00:00
Molecule AI Core-UIUX	20241de570	fix(canvas/ThemeToggle): resolve 5 pre-existing INDEX_SIZE_ERR test errors ... Root cause: handleKeyDown used querySelectorAll("> [role=radio]") to find the next radio button after a key press. jsdom's selector parser throws INDEX_SIZE_ERR on the child-combinator selector in test environments, which @asamuzakjp/dom-selector surfaces as SyntaxError. The error always fired after the last keyboard-navigation test in each describe block (ArrowRight, ArrowLeft, ArrowDown, Home, End = 5 errors) and was non-fatal to the test pass count (18/18 still passed). Fix: 1. Replace querySelectorAll("> [role=radio]") with Array.from(radiogroup.children).filter(el => el.tagName === "BUTTON" && el.getAttribute("role") === "radio" ) — avoids the child-combinator selector entirely. 2. Guard the focus call with isConnected check to survive React StrictMode double-invocation of the handler during re-render. 3. Add bounds check (next < btns.length) before accessing btns[next]. Result: 18/18 pass, 0 errors (was 18/18 pass, 5 errors). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 14:37:29 +00:00
devops-engineer	5738f53ee8	Merge pull request 'fix(ci): repair delegation list and merge queue tests' (#1013) from fix/main-red-cdb0b040-ci-tests into main	2026-05-14 14:36:38 +00:00
hongming-codex-laptop	0b47f9516d	fix(ci): repair delegation list and merge queue tests	2026-05-14 14:19:42 +00:00
devops-engineer	2a476c3bbb	Merge pull request 'fix(ci): add job-level if: to canvas-deploy-reminder (mc#958 root-fix)' (#1015) from sre/ci-required-drift-canvas-reminder-skip into main	2026-05-14 14:17:21 +00:00
Molecule AI Infra-SRE	7888f96f45	fix(ci): add job-level if: to canvas-deploy-reminder (mc#958 root-fix) ... canvas-deploy-reminder had step-level gating (REF_NAME != refs/heads/main) but no job-level `if:`. The ci-required-drift.py ci_job_names() skip logic only detects job-level `github.ref` gates, so canvas-deploy-reminder was flagged as F1 (missing from all-required.needs) despite being intentionally excluded. Fix: - Added job-level `if: github.ref == 'refs/heads/main'` to canvas-deploy-reminder so ci-required-drift.py correctly skips it from ci_job_names() F1 check - Added canvas-deploy-reminder to all-required.needs (sentinel handles skipped job result correctly) - Removed stale continue-on-error: true (was mc#774 interim mask; step exits 0 when not applicable) The step-level exit 0 is preserved for the "canvas not changed" case on main pushes. The job-level `if:` makes the main-push-only scope visible to the drift detector. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 13:58:40 +00:00
devops-engineer	4e92e46182	Merge pull request 'test(handlers): add InstructionsHandler coverage — 18 sqlmock cases' (#1005) from test/instructions-handler-coverage into main	2026-05-14 13:58:27 +00:00
Molecule AI Core-BE	f417c1a870	test(handlers): add InstructionsHandler coverage — 18 cases ... Add sqlmock unit tests for InstructionsHandler (instructions.go): - List: empty result, scope filter, workspace_id filter, DB error - Create: success (global), success (workspace with scope_target), invalid scope, workspace scope missing scope_target, content too long (>8192), title too long (>200) - Update: success, not found (0 rows), content too long, title too long - Delete: success, not found (0 rows) - Resolve: empty workspace, with global+workspace instructions, missing workspace_id - scanInstructions: rows.Err() handled gracefully (continues, not fatal) All 18 tests cover the DB query paths using sqlmock.	2026-05-14 13:49:43 +00:00
devops-engineer	8628d5cd2d	Merge pull request 'fix(ci): add explicit 20m timeout to canvas-build job' (#1006) from sre/canvas-build-timeout into main	2026-05-14 13:49:05 +00:00
Molecule AI Infra-SRE	4262c0a3db	fix(ci): add explicit 20m timeout to canvas-build job ... Cold runner cache causes O(npm install) to take ~14m on first run. Without an explicit job-level timeout, Gitea's hard limit (~15m) is the active constraint — a single slow build would timeout instead of completing successfully. Matches the pattern already used by platform-build (timeout-minutes: 15). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 13:30:01 +00:00
devops-engineer	1dd6697031	Merge pull request 'fix(canvas): guard querySelectorAll in ThemeToggle handleKeyDown' (#1001) from fix/2088-themetoggle-queryselectorall-errors into main	2026-05-14 13:13:09 +00:00
Molecule AI Core-FE	5e6c490b19	fix(canvas): guard querySelectorAll in ThemeToggle handleKeyDown ... querySelectorAll throws INDEX_SIZE_ERR in jsdom when the child-combinator selector is evaluated in certain DOM attachment states. Wrap in try-catch with fallback selector to restore the 5 errors (0 failures) in ThemeToggle.test.tsx. Tests: 208 files, 3245 passed, 0 errors.	2026-05-14 13:11:46 +00:00
devops-engineer	cdb0b0401a	Merge pull request 'ci: fix db.DB pollution + ci-required-drift github.ref skip (mc#975, mc#958, mc#959)' (#991) from ci/975-db-pollution-fix into main	2026-05-14 13:01:05 +00:00
Molecule AI Core-DevOps	3297d16093	ci-required-drift: also skip jobs gated on github.ref (fixes mc#958/mc#959) ... canvas-deploy-reminder has: if: needs.changes.outputs.canvas == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' ci_job_names() only skipped jobs with `github.event_name` in their `if:`. The `github.ref` branch was invisible to the detector, so canvas-deploy-reminder was flagged as missing from all-required.needs — a false positive that fires on every PR touching canvas/ code. Now the skip check also fires when `github.ref` is present in the `if:` condition string, matching the same rationale as the event_name skip: these jobs never execute in a PR context, so requiring them under all-required.needs: is not meaningful. Refs: mc#958 (main), mc#959 (staging) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:58:13 +00:00
Molecule AI Core-DevOps	e0e5dd911f	handlers: add missing db import + remove duplicate test declarations ... Two compilation errors were preventing CI/Platform (Go) from running any tests at all (go vet failed first): 1. delegation_list_test.go: missing `db` import. The file assigns `db.DB = mockDB` but never imported the `db` package — a silent omission that compiled before the staging promotion's go.mod bump. 2. org_helpers_security_test.go: three test functions redeclared in org_helpers_pure_test.go (both files added by the staging promotion): TestIsSafeRoleName_Valid, TestMergeCategoryRouting_EmptyListDropsCategory, TestMergeCategoryRouting_EmptyKeySkipped. Removed from security file; pure_test.go versions use testify and are more comprehensive. Together with the prevDB/restore fixes in the previous commits, this should make CI/Platform (Go) fully green. Refs: mc#975 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:58:04 +00:00
Molecule AI Core-DevOps	a50f51eb8f	handlers/internal: fix db.DB pollution in registry and scheduler test helpers ... Five more test helpers have the same setupTestDB bug (save db.DB but don't restore on teardown). go test -race runs tests in parallel; when test A sets db.DB = mockA and test B sets db.DB = mockB, if A runs first and cleanup closes mockA, B then runs with db.DB pointing at a closed mock. Fixed files: - internal/registry/liveness_test.go setupLivenessTestDB - internal/registry/hibernation_test.go setupHibernationMock - internal/registry/access_test.go setupMockDB - internal/registry/healthsweep_test.go setupTestDB - internal/scheduler/scheduler_test.go setupTestDB All now follow: prevDB := db.DB; db.DB = mockDB; t.Cleanup(func() { mockDB.Close(); db.DB = prevDB }) Total files fixed for mc#975: 8 files, ~20 test helper functions across the workspace-server. Together with the CI fix to remove the PHASE3_MASKED workaround, this should make CI/Platform (Go) stable. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:58:03 +00:00
Molecule AI Core-DevOps	e11f1f3c06	handlers: fix db.DB pollution in activity_test.go and a2a_queue_test.go ... activity_test.go: 6 test functions used `defer mockDB.Close(); db.DB = mockDB` without saving/restoring the previous db.DB. go test -race could run subsequent tests with db.DB pointing at a closed mock. a2a_queue_test.go: setupTestDBForQueueTests had the same bug as setupTestDB — called `t.Cleanup(func(){mockDB.Close()})` without restoring prevDB. All callers of this helper are now protected. Pattern applied everywhere: save prevDB, assign mockDB, t.Cleanup restores both. Together with the delegation_list_test.go fix in the previous commit, this should eliminate all remaining race-condition failures in CI/Platform (Go). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:58:03 +00:00
Molecule AI Core-DevOps	126edf74c1	handlers: restore db.DB after each test to fix CI/Platform (Go) race failures ... mc#975 root cause: TestListDelegationsFromLedger_* and TestListDelegationsFromActivityLogs_* assign db.DB = mockDB then defer mockDB.Close(), but never save/restore the previous db.DB value. With go test -race (parallel execution), any test running after one of these 13 tests sees db.DB pointing at a closed sqlmock and fails. Fix: save prevDB := db.DB before assignment, then t.Cleanup(func() { mockDB.Close(); db.DB = prevDB }) — the same pattern already used by setupTestDB for the SSRF/restore path. Also fix setupTestDB in handlers_test.go: it called t.Cleanup(func() { mockDB.Close() }) but left db.DB pointing at the closed mock; now it also restores prevDB. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:58:03 +00:00
devops-engineer	927663d5bf	Merge pull request 'fix(canvas): TIER_CONFIG legend contrast — WCAG 1.4.3' (#990) from design/tier-legend-contrast-2026-05-14 into main	2026-05-14 12:25:02 +00:00
Molecule AI Core-FE	a3eee58dbd	fix(canvas): TIER_CONFIG legend border contrast — WCAG 1.4.3 AA ... T3 (violet) and T4 (amber) tier legend border text was using the same color as the border, yielding: - T3: text-violet-600 on violet-500 border ≈ 1.4:1 FAIL - T4: text-warm on warm border ≈ 1.7:1 FAIL Fix: use text-white on both, which gives: - T3: text-white on violet-500 border ≈ 4.7:1 PASS AA - T4: text-white on warm border ≈ 5.7:1 PASS AA Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:22:19 +00:00
devops-engineer	9cf997597d	Merge pull request 'fix(ci): add explicit 10m timeout to platform-build test step' (#997) from sre/platform-go-timeout-fix into main	2026-05-14 12:20:48 +00:00
Molecule AI Infra-SRE	b713491eda	fix(ci): add explicit 10m timeout to platform-build test step ... Cold runner cache causes OOM kills at ~4m39s on `go test -race -coverprofile=coverage.out ./...`. An explicit 10m per-step timeout lets the suite complete on cold cache (~5-7m) while failing cleanly instead of OOM-killing. Also adds job-level 15m ceiling as a backstop. Affected PRs: #978, #992, #994, #991 (platform Go timeout) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:20:13 +00:00
Molecule AI Infra-SRE	bbdb753e82	chore: re-trigger CI on main [skip ci] ... SRE action: push empty commit to clear stale CI failures from runner exhaustion window. Platform Go and Handlers Postgres push jobs ran successfully at 09:01 on PRs; the stale failures on main SHA 8026f020 from 05:42 are blocking the merge queue.	2026-05-14 12:20:13 +00:00
devops-engineer	40df07e94d	Merge pull request 'fix(handlers): restore db.DB after sqlmock tests + correct DotDotWithIntermediate test' (#978) from fix/delegation-list-test-db-leak into main	2026-05-14 12:19:29 +00:00
Molecule AI Core-BE	5efbbd9fa8	ci: re-trigger gate workflows after security n/a declaration	2026-05-14 12:18:49 +00:00
Molecule AI Core-BE	3d669b35de	ci: force fresh SOP evaluation to pick up core-security n/a security-review	2026-05-14 12:18:49 +00:00
Molecule AI Core-BE	aea1223b2e	ci: force fresh SOP evaluation to register core-devops n/a declarations ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 12:18:49 +00:00