6666 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
core-devops	679314aa8f	fix(core): keep chat e2e echo url local	2026-05-20 20:29:04 -07:00
hongming	c58ffd2828	Merge pull request 'ci: reduce scheduled runner load and prep prebaked browsers' (#1628) from fix/ci-cron-bots-prebake-1357 into main	2026-05-21 03:17:11 +00:00
core-devops	1e850af6de	fix(core): use safe urls in api e2e discovery	2026-05-20 20:09:53 -07:00
core-devops	256eeedc69	fix(core): make api e2e use external workspace auth	2026-05-20 19:56:47 -07:00
core-devops	a501d33f80	fix(core): ignore codex placeholder in coverage e2e	2026-05-20 17:44:58 -07:00
core-fe	a9bc5e39d5	ci: reduce scheduled runner load and prep prebaked browsers	2026-05-20 17:36:09 -07:00
core-devops	73faaf9448	fix(core): refresh chat e2e runtime url cache	2026-05-20 17:28:32 -07:00
core-devops	0aff9cf85f	fix(core): use per-workspace auth in today coverage e2e	2026-05-20 17:24:43 -07:00
core-be	2ee97c097d	fix(self-deleg): 3-layer defense including SQL self-filter (closes #383) ... 2 APPROVES (core-security id=5165, core-devops id=5167). CI/all-required green. Resolves chloe-dong 小董文婷 self-delegation 400 loop. Co-authored-by: core-be <core-be@agents.moleculesai.app> Co-committed-by: core-be <core-be@agents.moleculesai.app>	2026-05-21 00:12:38 +00:00
core-devops	f088e0ee90	fix(core): decouple local peer visibility from container boot	2026-05-20 16:56:04 -07:00
core-be	ee9dc5b9c5	fix(rfc523): scope forbidden-env check to global_secrets (allow user-set workspace_secrets) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: core-be <core-be@agents.moleculesai.app> Co-committed-by: core-be <core-be@agents.moleculesai.app>	2026-05-20 23:40:54 +00:00
core-devops	ea4681299d	fix(core): choose keyed parent for local peer visibility	2026-05-20 16:29:13 -07:00
core-fe	5455ddefe2	feat(canvas): surface current org name/slug/UUID in Settings panel ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 23:27:58 +00:00
core-fe	80d517b8ab	fix(canvas): external/MCP workspace progress UX — surface poll-mode queued state (task #227) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:59:38 +00:00
core-be	dbbd351c70	fix(workspace-server): debounce file-write → RestartByID tight loop (#624) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: core-be <core-be@agents.moleculesai.app> Co-committed-by: core-be <core-be@agents.moleculesai.app>	2026-05-20 22:59:05 +00:00
core-fe	55fa44571e	fix(canvas): polite tasks/cancel before /workspaces/:id/restart for Stop All (task #377 companion) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:58:57 +00:00
core-fe	676f9a033b	fix(canvas/chat): A2A hints point at Activity tab (closeout internal#212) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:58:51 +00:00
core-devops	b343995c05	fix(core): exercise external connection e2e with external runtime	2026-05-20 15:58:31 -07:00
core-devops	4be7966654	fix(core): satisfy shellcheck for e2e auth patch	2026-05-20 15:24:15 -07:00
core-devops	4c290f49f2	fix(core): make e2e auth explicit after token bootstrap	2026-05-20 15:20:31 -07:00
core-devops	f13a675408	fix(core): use runtime package in e2e after workspace deletion	2026-05-20 15:03:38 -07:00
core-devops	9aa4764301	chore(runtime): delete core workspace copy	2026-05-20 14:47:55 -07:00
core-devops	90467540dd	Merge pull request 'chore(ssot): delete dead .github/workflows/ — Gitea is SSOT per #347 (#331 SSOT-Instance-4)' (#1615) from chore/ssot4-delete-dead-github-workflows into main	2026-05-20 16:45:18 +00:00
core-devops	7932bc4c48	chore(ssot): delete dead .github/workflows/ — Gitea is SSOT (#331 SSOT-Instance-4) ... Per CTO directive 2026-05-20 and task #347 (disabled GitHub-mirror push fleet-wide), .github/workflows/ on molecule-core is dead — Gitea Actions reads .gitea/workflows/ exclusively (memory: reference_molecule_core_actions_gitea_only), and GitHub Actions has had no real push activity since 2026-05-06 (the only post-2026-05-06 runs are dynamic CodeQL re-runs on frozen pre-suspension PRs). Empirical validation: - 24 files total in .github/workflows/. - 23 have same-name siblings in .gitea/workflows/ (port carries "Ported from .github/workflows/X on 2026-05-11 per RFC internal#219" header on most files). - 1 .github-only file: canary-staging.yml — already ported to .gitea/workflows/staging-smoke.yml on 2026-05-11 per the same RFC, Hongming directive renamed canary→smoke. Verified via header comment in staging-smoke.yml. - Last GitHub-side push event: 2026-05-06T07:06:12Z (pre-suspension). - All 24 .github/workflows/* files removed. Tooling updates needed (load-bearing): - tools/branch-protection/check_name_parity.sh: hard-coded $REPO_ROOT/.github/workflows path → switched to .gitea/workflows. Pre-existing parity findings (3x Analyze CodeQL names absent from any workflow file) are unchanged — that drift exists pre-PR and is out-of-scope (file as follow-up). - tools/branch-protection/test_check_name_parity.sh: synthetic test fixtures now create .gitea/workflows/ instead of .github/workflows/. All 6 unit tests pass after change. - .gitea/workflows/lint-required-workflows-docker-host-pinned.yml: dropped '.github/workflows/**' from path-filter triggers + dropped '.github/workflows' from the python directory-walk loop (the isdir-check would have made this a no-op cleanly, but pruning reflects current truth). Out-of-scope (NOT touched in this PR): - .github/CODEOWNERS, .github/dependabot.yml, .github/scripts/ remain (task is scoped to .github/workflows/). - COVERAGE_FLOOR.md, workspace/smoke_mode.py, workspace/main.py contain comment references to .github/workflows/* — stale docs string-references only, not behavioral. Separate follow-up. - Provenance comments inside .gitea/workflows/* of the form "Ported from .github/workflows/X on 2026-05-11" are intentionally preserved — useful history. Refs: task #331 (SSOT-Instance-4), task #347 (mirror push disabled), memory reference_molecule_core_actions_gitea_only, memory reference_per_repo_gitea_vs_github_actions_dir, RFC internal#219 §1 (the original 2026-05-11 port sweep).	2026-05-20 09:29:33 -07:00
core-devops	dd3090c894	Merge pull request 'ci: SSOT-Instance-10 — ECR registry via vars.ECR_REGISTRY (#333)' (#1611) from chore/ssot10-ecr-registry-var into main	2026-05-20 13:04:05 +00:00
core-devops	6f69c62d5b	Merge pull request 'fix(sop-checklist): stream comment pagination + RLIMIT_AS guardrail + na-fallback (task #369)' (#1610) from fix/sop-checklist-stream-pagination-oom into main	2026-05-20 13:03:49 +00:00
core-devops	bf3f044786	Merge pull request 'chore(workspace-server): drop dead runtime_image_pins migration (closes #335, supersedes #1608)' (#1612) from task335/drop-runtime-image-pins-mig-fresh into main	2026-05-20 12:59:45 +00:00
core-devops	03cee314ba	chore(workspace-server): drop dead runtime_image_pins migration (closes #335, supersedes #1608) ... Empirical finding (a6e3ff018, 2026-05-20): molecule-core's runtime_image_pins table (mig 047) has never had a writer in any repo. The reader at handlers/runtime_image_pin.go has been hitting sql.ErrNoRows on every workspace provision since mig 047 landed, silently falling through to the :latest path. CP's parallel table (CP mig 027) is the de-facto and only SSOT — it has the writer (POST /cp/admin/runtime-image/promote), the reader, the hard-gate (RFC internal#541 Step 2), seeded post-suspension digests (CP mig 028), and the admin endpoints. This PR ratifies that reality. Note: this is a fresh rebase against current main (tip f17375a9). PR #1608 was cut from a base before #1585 (RFC#596 Phase 2 dual-push) landed, so merging it would silently revert the publish-runtime.yml Gitea-PyPI-primary path. Sub-agent a5521785 flagged this on PR #1608 comment 41389. The substantive Go logic is identical to PR #1608; the only difference is the base. What - Add 20260520120000_drop_runtime_image_pins.up.sql / .down.sql to drop the unused table. Care zone PRESERVED: workspaces.runtime_image_digest column + its partial index untouched (earmarked for a future stale-workspace panel per RFC internal#617 §3). - Delete handlers/runtime_image_pin.go (the dead reader) + handlers/runtime_image_pin_test.go. - handlers/workspace_provision.go: replace resolveRuntimeImage(ctx, payload.Runtime) with Image: "" (the dead reader was already returning "" on every call). Rewire the surviving db.DB.QueryRow on this call site to QueryRowContext so the provision-timeout ctx stays load-bearing. - Doc comments in provisioner/provisioner.go + provisioner/registry.go updated to point at CP as the SSOT instead of the dead local table. - Add db/migration_20260520_drop_runtime_image_pins_test.go — static- file pin that up.sql DROPs runtime_image_pins, does NOT touch the care-zone column / index, and that the dead reader files cannot be re-added without failing the test. - Hygiene: prune the now-stranded mock.ExpectQuery("SELECT digest FROM runtime_image_pins") rows in handlers/handlers_test.go and handlers/workspace_provision_test.go (the dead reader is gone, so the mock expectation can never fire). Provisioner test comment updated to reflect CP-as-SSOT. Why Two parallel-named tables with structurally incompatible schemas, only one ever written — that is exactly the kind of internal drift feedback_no_single_source_of_truth was written about for non-vendor surfaces. The deletion is reversible (down.sql recreates the table) and the only behavior change is "ctx is now propagated into the workspace_dir DB lookup", which is a small correctness nudge. Verification - [x] go vet ./internal/handlers/... ./internal/db/... ./internal/provisioner/... — clean - [x] go build ./... — clean - [x] go test ./internal/handlers/ ./internal/db/ ./internal/provisioner/ — all pass (16.5s + 0.2s + 0.3s) - [x] New regression tests assert the care-zone column is not touched + the dead reader cannot return - [x] Empirical grep cross-check: no writer for runtime_image_pins in molecule-core; no reader for workspaces.runtime_image_digest anywhere (both confirmed in RFC internal#617 §1 + §3) - [x] Verified clean rebase: branch parent is current main tip (f17375a9), NOT pre-#1585 stale base. Diff vs main contains ONLY the migration-drop work — no .gitea/workflows/publish-runtime.yml regression. Tier tier:medium + area:schema — schema/migration change. Reversible by re-running the down-migration. Two-eye review reviewers: core-be (read path / Go) + core-qa (migration correctness). Cascade plan to ~6 live tenant DBs per RFC internal#617 §7 + feedback_image_promote_is_not_user_live (verify on at least 2 tenants post-deploy). Memory consulted: feedback_no_single_source_of_truth, feedback_image_promote_is_not_user_live, feedback_verify_actual_endstate_not_ack_follow_sop, reference_package_distribution_open_ecosystem_dual_push. RFC: molecule-ai/internal#617 Supersedes: #1608 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-20 05:30:35 -07:00
core-devops	896afc5bd7	ci: SSOT-Instance-10 — ECR registry via vars.ECR_REGISTRY (#333) ... The ECR registry triplet (account.dkr.ecr.region.amazonaws.com = 153263036946.dkr.ecr.us-east-2.amazonaws.com) is currently hardcoded in every publish/verify workflow across 4+ repos. Switching AWS accounts or regions means touching every workflow. Refactor each affected workflow's env block to source the triplet from `vars.ECR_REGISTRY` with the current prod-account literal as a bootstrap fallback. Once the org-level variable is set, the fallback becomes dead code and an account/region migration is a one-line change at the org level instead of N PRs. Pattern mirrors `vars.CP_URL || 'https://api.moleculesai.app'` already in use in molecule-core/staging-verify.yml + redeploy-tenants-on-main.yml — proven to work on Gitea 1.22.6. Constraints honored: - No cross-repo `uses:` (blocked on 1.22.6 per feedback_gitea_cross_repo_uses_blocked). - No new admin-required setup (the org-level var can be set later by CTO without touching these workflows again). - Zero functional change today (fallback literal == current hardcoded value), so the in-flight cascade (publish → ECR → redeploy-fleet) is unaffected.	2026-05-20 05:27:54 -07:00
core-devops	a224b26c0f	fix(sop-checklist): stream comment pagination + RLIMIT_AS guardrail + na-gate fallback ... PRs with thousands of bot-relay comments (e.g. mc#1242-class history) pushed `get_issue_comments` past the runner's cgroup memory cap and 137'd the gate job. Sub-agent aa8fa266 verified via SHA64 1:1 mapping that the leak source is `.gitea/scripts/sop-checklist.py:463-484` — a `while True` pagination that accumulates the FULL Gitea-API comment dict (~2 KiB median, ~3 KiB p95) into one list, then iterates it twice (compute_ack_state + compute_na_state). Fix shape (task #369): 1. `get_issue_comments` now projects to a minimal `{user.login, body}` shape during pagination — drops html_url, pull_request_url, assets, created_at/updated_at, user.avatar_url, etc. Synthetic benchmark on a 5000-comment fixture: 8.2 MiB → 5.5 MiB peak heap (~33% smaller). 2. New `iter_issue_comments` generator yields one minimal-dict per comment, allowing future streaming consumers. 3. Per-comment body cap (8 KiB, env-tunable) — the directive parser only walks for ^/sop-* markers in the first few KiB; a single pasted-CI-log comment can no longer OOM the runner. 4. Script-entry `RLIMIT_AS = 2 GiB` (skipped under SOP_CHECKLIST_NO_RLIMIT=1 for the test suite) so any future regression surfaces as a catchable MemoryError instead of SIGKILL. 5. `--max-comments` cap (default 5000, env-tunable) — at the cap we post a SOFT pending status with a `[volume-skipped]` note so neither BP nor the author gets stuck. No-block. 6. Fold in `probe()` n/a-gate fallback (was issue-355-class KeyError 'security-review'): when called from `compute_na_state` with a gate name that isn't also an item slug, fall back to the gate's own `required_teams` from config instead of KeyError'ing on `items_by_slug[slug]`. Tests: 88/88 pass (87 existing + 8 new for streaming + body-cap + na-gate fallback). Live dry-run against open PR #1608 succeeds end- to-end with state=failure (expected, no acks yet) — minimal-dict shape flows cleanly through compute_ack_state + render_status. Closes #369 follow-up to #364 OOM source. RCA: sub-agent aa8fa266 (SHA64 1:1 mapping, no overlap-correlation). Supersedes mis-targeted attempts #365 (qa-review/security-review bash) and #366 (workflow yaml). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-20 05:25:05 -07:00
core-devops	f17375a901	Merge pull request 'feat(uploads): /uploads/limits SSOT endpoint + Go-side convergence (task #320)' (#1604) from feat/uploads-limits-ssot-task-320 into main	2026-05-20 12:19:03 +00:00
infra-sre	6602361bf5	ci(publish-runtime): dual-push to Gitea PyPI primary + PyPI fallback (RFC#596 Phase 2) (#1585) ... Co-authored-by: infra-sre <infra-sre@agents.moleculesai.app> Co-committed-by: infra-sre <infra-sre@agents.moleculesai.app> runtime-v0.1.1013	2026-05-20 10:19:50 +00:00
hongming-codex-laptop	47d24be523	feat(uploads): add /uploads/limits SSOT endpoint + Go-side convergence (task #320) ... Eliminates the upload-cap drift class that produced mc#1588 (push-mode bumped to 100MB) and mc#1589 (poll-mode + DB CHECK catch-up one day later). The same five surfaces had to be hand-synced for every cap change; this PR collapses the Go-side mirrors into a single source (internal/uploads) and exposes that source via a public GET /uploads/limits endpoint so the out-of-process consumers (canvas TS, workspace Python push + poll) can converge in Phase 2 follow-ups. Source: * internal/uploads/limits.go — UploadLimits struct + DefaultUploadLimits() (per_file_bytes=100MB, per_request_bytes=100MB, max_attachments_per_message=10). JSON-tagged shape is the stable wire contract. * Pinned by internal/uploads/limits_test.go — every cap change must update this test as part of the same PR (forces a reviewer to see the cap move and audit the matching DB migration + nginx config). Endpoint: * GET /uploads/limits — public, no auth, mirrors /buildinfo rationale (platform constraint, not operational state; gating it would force pre-auth UX before learning the cap). * Cached in the binary via DefaultUploadLimits(); zero per-request DB round-trip. Go consumer convergence: * pendinguploads.MaxFileBytes — now var derived from uploads.DefaultUploadLimits().PerFileBytes (int cast preserves the int-typed API surface so len() comparisons and make([]byte, N+1) sites keep working). * handlers.chatUploadMaxBytes — now var derived from uploads.DefaultUploadLimits().PerRequestBytes (int64 for http.MaxBytesReader). * chat_files.go line 631: int64(pendinguploads.MaxFileBytes) conversion for fh.Size (multipart.FileHeader.Size is int64). * chat_files_poll_test.go: matching int64 cast in the skip-guard that compares per-file vs body cap. Tests: * internal/uploads/limits_test.go — pins values + JSON wire shape. * internal/router/uploads_limits_route_test.go — pins endpoint is public + 200 + payload matches DefaultUploadLimits + in-tree Go consumers agree with the SSOT. * Full workspace-server test suite green (go test ./... — all packages ok). Boundaries (intentional non-changes): * Cap value stays at 100MB everywhere — no behavior change for any upload. The 25→100MB bump landed in mc#1588 + mc#1589; this PR is purely the SSOT refactor. * Migration's pending_uploads.size_bytes CHECK upper bound stays at 104857600 — DB constraints can't read Go vars at runtime, so this constant lives in lockstep with DefaultUploadLimits and the migration's --comment notes the dependency. Bumping the cap is still a two-step coordinated dance (Go default + matching migration) but step 1 is now one line. * Canvas TS (MAX_UPLOAD_BYTES) + workspace Python (CHAT_UPLOAD_MAX_BYTES / MAX_FILE_BYTES) stay as their own pinned-100MB constants for this PR; the Phase 2 follow-up migrates them to fetch /uploads/limits at startup with a cache. The doc comments in chat_files.go point at this PR so reviewers of the Phase 2 PR can trace the SSOT lineage. Why the canvas + Python migrations are NOT in this PR: Each consumer needs a different cache+retry shape (canvas at app-init in a browser, workspace Python at module-load in the container, python ingest similar but distinct). Bundling all of them into a single mega-PR fails the review-able-unit test and blocks CI for hours on a single conflict. The source-first sequencing (this PR) + per-consumer follow-up PRs ships faster through 2-eye review per CTO 2026-05-19 move-fast directive.	2026-05-20 03:15:10 -07:00
core-devops	7704afcf90	chore(manifest): drop mock-bigorg from org_templates (task #337) (#1601)	2026-05-20 09:55:48 +00:00
hongming-pc2	02e305f6f5	chore(ci): retrigger publish-workspace-server-image after EACCES hotfix on PC2 WSL publish-2 (#1600) ... chore(ci): retrigger publish-workspace-server-image after EACCES hotfix on PC2 WSL publish-2 (#1600) Trigger-only � 8-line doc-comment in workflow header. Hot-patched the buildx/certs dir perms on the WSL publish runner. The push:main triggers publish-workspace-server-image.yml; the image rebuild from the unchanged main HEAD lands platform-tenant:staging-<sha> in ECR, unblocking the mc#1589 cascade (CP scoped redeploy + reno-stars 94MB PDF retry).	2026-05-20 09:40:36 +00:00
core-be	0f0f1ba28a	fix(uploads): bump poll-mode size_bytes CHECK to 100MB to match push-mode (mc#1588) (#1589) ... PR #1589 � fix(uploads): bump poll-mode size_bytes CHECK to 100MB (mc#1588 follow-up) Completes the poll-mode side of the 25?100MB upload cap raise. Storage cap + migration + tests + python ingest tweaks; chat_files.go doc-comment hunk dropped post-rebase as redundant with mc#1588. 3 non-author APPROVEs from core-qa + core-security + core-devops on the rebased head 5918031. Co-authored-by: Molecule AI · core-be <core-be@agents.moleculesai.app> Co-committed-by: Molecule AI · core-be <core-be@agents.moleculesai.app> runtime-v0.1.1011	2026-05-20 09:08:27 +00:00
infra-sre	349d3a5ca7	fix(ci): add confirm:true to redeploy-fleet callers (cp#228 contract) (#1595) ... Closes follow-up to cp#228 (44317b0). Adds confirm:true to all 4 fleet-wide callers of /cp/admin/tenants/redeploy-fleet (publish-workspace-server-image via prod-auto-deploy.py + redeploy-tenants-on-main + redeploy-tenants-on-staging + staging-verify). Pairs with cp#228 TestRedeployFleet_ConfirmTrueProceeds. 2 APPROVES from core-devops + core-qa (both independent of cp#228 author devops-engineer and this PR author infra-sre). Co-authored-by: infra-sre <infra-sre@agents.moleculesai.app> Co-committed-by: infra-sre <infra-sre@agents.moleculesai.app>	2026-05-20 08:15:06 +00:00
devops-engineer	74ba88ff27	fix(ci): drop slash from lint-no-tenant-gitea-token name (#1593) ... Closes task #307. Unblocks Production auto-deploy SOP path on publish-workspace-server-image (the manual aa375b1f curl is no longer required). Verification on this SHA: - Lint workflow YAML for Gitea-1.22.6-hostile shapes: Successful in 1m5s (cured Rule 3). - Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface: Successful in 4s (renamed, still scans). - lint-required-context-exists-in-bp: Successful in 1m33s (bp-exempt directive in def11782 satisfies Tier 2g). - CI / all-required: Successful in 7m31s. - qa-review: Refired and APPROVED by core-qa (id=4957). - security-review: Refired and APPROVED by core-security (id=4958). - sop-checklist / all-items-acked: Successful (7/7 acked). 2/2 APPROVES from core-qa + core-security (both independent of devops-engineer author).	2026-05-20 07:58:35 +00:00
devops-engineer	def11782f4	ci: add bp-exempt directive to renamed scan emission (#1593) ... The workflow-name rename in 979064f9 creates a new context emission ('Lint no tenant GITEA or GITHUB token write / Scan ...') that the lint_required_context_exists_in_bp (Tier 2g) gate flags as undeclared. The scan job is advisory (PR-review-driven, not BP-required), so the directive is bp-exempt rather than bp-required: pending. Verified locally: re-running the gate script with BASE/HEAD now exits 0 (no missing directives, no asymmetry).	2026-05-20 00:47:10 -07:00
devops-engineer	b8bf0646be	ci: empty commit to retrigger flaky runners (modules-cache miss) ... CI / Platform (Go), Handlers Postgres Integration / detect-changes, and lint-required-context-exists-in-bp all hit: Error: Cannot find module '/var/run/act/actions/1c2355.../dist/index.js' on the post-checkout step — an act_runner action-cache miss (the action artifact tarball was evicted between resolve and post-step execution). Empty commit per reference_empty_commit_is_only_rerun_mechanism_on_1_22_6 to re-fire the affected workflows.	2026-05-20 00:43:00 -07:00
devops-engineer	979064f90a	fix(ci): drop slash from lint-no-tenant-gitea-token name (task #307) ... The workflow's `name:` field contained `GITEA/GITHUB`, which trips `lint-workflow-yaml` Rule 3 (slash in workflow name breaks `<workflow> / <job> (<event>)` status-context tokenization). On 2026-05-20 aa375b1f this fatal lint blocked the Production auto-deploy job on `publish-workspace-server-image`, forcing a manual `redeploy-fleet` curl. Rename to "Lint no tenant GITEA or GITHUB token write" (the linter already documents `-` or space as the supported separators). Verification: - Pre-fix: `python3 .gitea/scripts/lint-workflow-yaml.py` → exit 1, Rule 3 FATAL on lint-no-tenant-gitea-token.yml. - Post-fix: same command → exit 0, 'no fatal Gitea-1.22.6-hostile shapes', and `pytest tests/test_lint_workflow_yaml.py` 27/27 pass. Surface unchanged: workflow still triggers on the same pull_request and push events; only the human-readable display name shifts.	2026-05-20 00:35:38 -07:00
devops-engineer	491ce1d1f0	chore(ci): retrigger publish-workspace-server-image after op-config#110 deploy (internal#603) (#1591) ... Retrigger publish-workspace-server-image after PR#110 op-config runner HOME fix. Required for workspace-server 100MB upload cap to reach tenants. Approvals: core-devops, core-security, core-qa. Co-Authored-By: hongming (CTO directive 2026-05-19)	2026-05-20 05:12:03 +00:00
devops-engineer	a23c0217ae	feat(uploads): bump cap to 100MB + correct-reason error messages (#1588) ... Bump chat upload cap 50MB → 100MB across canvas, workspace-server (Go), workspace (Python), and the nginx test harness. Pre-flight gates oversized files BEFORE network I/O so the user gets an immediate 'File too large (got X MB) — limit is 100MB' instead of a downstream timeout. Scaled abort-timeout (60s floor, ~100KB/s rate) replaces the fixed 60s that mis-attributed slow-uplink streams as 'timed out'. Resolves forensic a99ab0a1. Approvers: core-devops (id=52), core-qa (id=64), core-security (id=68). Follow-up: SSOT for upload cap (4 mirror sites) — see internal/<issue-tba>. runtime-v0.1.1010	2026-05-20 03:36:27 +00:00
infra-runtime-be	5c989fef2f	feat(uploads): bump cap to 100MB + correct-reason error messages ... CTO 2026-05-19 directive on forensic a99ab0a1 (reno-stars >50MB upload that surfaced "signal timed out" when the real cause was file-size + a fixed 60s client timeout): "if its file size issue, should have error that instead saying timeout which is wrong" Bundles the cap raise + the wrong-reason fix in ONE PR because the two are coupled — bumping the server alone would still leak the fixed-60s timeout for legitimate slow uploads; fixing the client alone would 413 every >50MB attempt. Server (push-mode, EC2 workspace): - workspace-server/internal/handlers/chat_files.go: chatUploadMaxBytes 50→100 MB httpClient.Timeout 120→1200 s (matches the new slow-uplink budget) - workspace/internal_chat_uploads.py: CHAT_UPLOAD_MAX_BYTES 50→100 MB CHAT_UPLOAD_MAX_FILE_BYTES 25→100 MB (aligned with total so a single legitimate large file succeeds end-to-end) Canvas: - canvas/src/components/tabs/chat/uploads.ts: MAX_UPLOAD_BYTES 100 MB constant + FileTooLargeError class pre-flight gate: file-size violation throws BEFORE any fetch, with the actionable "File too large (got X MB) — limit is 100MB" computeUploadTimeoutMs: 60s floor + 100 KB/s scaled deadline (was a fixed 60s — the root cause of the forensic) - canvas/src/components/tabs/chat/hooks/useChatSend.ts: mapUploadErrorToReason: routes each cause to ITS OWN message (FileTooLargeError | TimeoutError | server-Error | fallback) no conflation between file-size and connection-too-slow Tests: - workspace-server chat_files_test.go: pins 100 MB constant, asserts sub-cap forwards + over-cap non-2xx - canvas uploads.cap.test.ts (10 cases): pre-flight gate, exact-cap edge, scaled-timeout curve, server-413 propagation, AbortSignal shape — explicit negative on "TimeoutError ≠ FileTooLargeError" - canvas useChatSend.errorReason.test.ts (5 cases): per-cause message contract, explicit negatives that guard against the wrong-reason conflation Test harness mirror: - tests/harness/cf-proxy/nginx.conf: client_max_body_size 50m→100m (this is the harness mirror; the production CF / nginx tier is out-of-repo. If prod still caps at 50m, this mirror passes while prod 413s — surface to ops.) Follow-up (SSOT, NOT in this PR): The 100 MB constant now lives in THREE mirror sites (canvas TS + workspace Python + platform Go). Per feedback_no_single_source_of_truth, the proper fix is exposing the cap via GET /uploads/limits so the client fetches the live value. Filing as a separate issue. References: - task #295 (internal tracker; CTO-authorized this work) - forensic a99ab0a1 (reno-stars 2026-05-19) - feedback_surface_actionable_failure_reason_to_user (CTO 2026-05-17) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-19 20:23:04 -07:00
infra-sre	5e5e10a8dc	ci(workflows): consolidate issue_comment subscribers — sop-checklist + review-refire (issue #1280) (#1333) ... Co-authored-by: Molecule AI Infra-SRE <infra-sre@agents.moleculesai.app> Co-committed-by: Molecule AI Infra-SRE <infra-sre@agents.moleculesai.app>	2026-05-20 02:29:24 +00:00
core-be	52a31072a3	fix(autobump): trigger on scripts/build_runtime_package.py changes (#1580) ... Co-authored-by: Molecule AI · core-be <core-be@agents.moleculesai.app> Co-committed-by: Molecule AI · core-be <core-be@agents.moleculesai.app>	2026-05-20 00:27:39 +00:00
hongming	7b40a03c45	Merge pull request 'chore(workspace): trigger autobump for PDF P0 cure cascade' (#1583) from chore/trigger-autobump-2026-05-19 into main runtime-v0.1.1009	2026-05-19 22:56:58 +00:00
core-be	e9d32c09d3	chore(workspace): trigger autobump for python-multipart pin cascade	2026-05-19 15:33:54 -07:00
core-be	e89f0ce605	fix(workspace-server): rename workspace_secrets MODEL_PROVIDER → MODEL (#1581) ... 3-reviewer relay: core-devops + core-security + core-qa APPROVED. Fixes the MODEL_PROVIDER naming-confusion (abe512c2 finding). Migration 20260519000000 is idempotent. CI/all-required green. Co-authored-by: core-be <core-be@agents.moleculesai.app> Co-committed-by: core-be <core-be@agents.moleculesai.app>	2026-05-19 22:31:23 +00:00
core-be	1278d57c12	fix(workspace/deps): pin python-multipart>=0.0.27 for chat-upload Starlette parser (#1578) ... Closes PDF upload P0 root cause: Starlette Request.form() requires python-multipart at parse time. Without it, chat-uploads surfaced an opaque 400. Mirrors workspace/requirements.txt floor; >=0.0.27 avoids CVE-2024-53981. Fresh APPROVEs on 940bae15: - core-devops: review id=4879 - core-security: review id=4878 - core-qa: review id=4880 Co-authored-by: core-be <core-be@agents.moleculesai.app> Co-committed-by: core-be <core-be@agents.moleculesai.app>	2026-05-19 21:41:06 +00:00