3 Commits

Author	SHA1	Message	Date
Molecule AI Infra-SRE	b95a20bb9e	fix(provisioner): fix type mismatch in checkTool seam ... checkToolOnPath must match the checkTool func(tool string) error signature in LocalBuildOptions — Go does not allow assigning a function with (string, error) returns to a func(string) error variable. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 18:45:39 +00:00
Molecule AI Infra-SRE	6f0001d04c	fix(provisioner): fail-fast pre-flight check for docker+git in local-build mode ... Before reaching the clone/build cold path, check that both `docker` and `git` are on PATH. Previously, a missing `docker` would produce a cryptic "exec: docker: executable file not found" from deep inside the docker-has-tag or docker-build call. Now the error surfaces immediately with: local-build: "docker" not found on PATH — local-build mode requires both docker and git; either install them, or set MOLECULE_IMAGE_REGISTRY so local-build is bypassed The check runs before the cache-hit fast path too, since docker is used for image inspect + tag even on a cache hit. Adds checkTool seam to LocalBuildOptions so tests can inject a stub (no-op in makeTestOpts; two new tests exercise the missing-tool path). Fixes issue #529 option B. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 18:32:05 +00:00
claude-ceo-assistant	d9e380c5bc	feat(workspace-server): local-dev provisioner builds from Gitea source when MOLECULE_IMAGE_REGISTRY is unset (#63, Task #194) ... OSS contributors who clone molecule-core and `go run ./workspace-server/cmd/server` now get a working end-to-end provision without authenticating to GHCR or AWS ECR. Pre-fix: with MOLECULE_IMAGE_REGISTRY unset, the provisioner attempted to pull ghcr.io/molecule-ai/workspace-template-<runtime>:latest, which has been returning 403 since the 2026-05-06 GitHub-org suspension. Post-fix: when MOLECULE_IMAGE_REGISTRY is unset, the provisioner switches to local-build mode — looks up the workspace-template-<runtime> repo's HEAD sha on Gitea via a single API call, shallow-clones into ~/.cache/molecule/, and runs `docker build --platform=linux/amd64`. SHA-pinned cache key skips the clone+build entirely on subsequent provisions. Production tenants are unaffected: every prod tenant sets the var to its private ECR mirror, so the SaaS pull path is byte-for-byte identical. SSOT for mode detection lives in Resolve() (registry_mode.go) returning a discriminated RegistrySource{Mode, Prefix} so call sites that branch on mode get a compile-time push instead of a string-equality footgun. Coverage: * registry_mode.go — new SSOT (Resolve, RegistryMode, IsKnownRuntime) * registry_mode_test.go — 8 tests pinning mode-decision contract * localbuild.go — clone+build pipeline (570 LOC, fully unit-tested) * localbuild_test.go — 22 tests covering happy/sad paths, fail-closed * provisioner.go — Start() inserts ensureLocalImageHook in local mode * docs/adr/ADR-002 — design rationale + alternatives + security review * docs/development/local-development.md — local-build flow + env overrides Security: * Allowlist-only runtime names (knownRuntimes) gate the clone path. * Repo prefix hardcoded to git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-; forks via opt-in MOLECULE_LOCAL_TEMPLATE_REPO_PREFIX. * MOLECULE_GITEA_TOKEN masked in every log line via maskTokenInURL/maskTokenInString. * Fail-closed: Gitea unreachable / runtime not mirrored → clear error, never silently fall back to GHCR/ECR. * docker build invocation passes no --build-arg from external input. * HTTP body cap 64KB on Gitea API responses (defence vs malicious upstream). Closes #63 / Task #194. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 15:16:51 -07:00