molecule-ai/molecule-core
41
0
Fork 2
Code Issues 34 Pull Requests 4 Actions 676 Packages Projects Releases Wiki Activity
5,870 Commits 638 Branches 42 Tags 77 MiB
ca80e3cc91
Commit Graph

5870 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
devops-engineer
ca80e3cc91 Merge pull request 'fix(handlers/org_helpers_test): correct TestResolveInsideRoot_DotDotWithIntermediate to expect success' (#974) from fix/org-helpers-test-panic into main
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 6s
Details
Harness Replays / detect-changes (push) Successful in 8s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 7s
Details
Harness Replays / Harness Replays (push) Successful in 3s
Details
CI / Detect changes (push) Successful in 17s
Details
E2E API Smoke Test / detect-changes (push) Successful in 17s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 19s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 18s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 18s
Details
CI / Canvas (Next.js) (push) Successful in 4s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 3s
Details
CI / Python Lint & Test (push) Successful in 3s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 4s
Details
CI / Canvas Deploy Reminder (push) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 1m5s
Details
CI / Platform (Go) (push) Failing after 2m33s
Details
CI / all-required (push) Successful in 3s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Failing after 2m35s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 2m39s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 4s
Details
gitea-merge-queue / queue (push) Successful in 7s
Details
Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Successful in 12s
Details
publish-workspace-server-image / build-and-push (push) Successful in 5m16s
Details
publish-workspace-server-image / Production auto-deploy (push) Failing after 15s
Details
status-reaper / reap (push) Successful in 1m16s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 4m55s
Details
ci-required-drift / drift (push) Successful in 1m46s
Details
2026-05-14 12:10:34 +00:00
Molecule AI Core-BE
6cbf880b04 fix(handlers/org_helpers_test): use t.Fatal in error-path tests + fix DotDotWithIntermediate logic
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s
Details
Harness Replays / detect-changes (pull_request) Successful in 9s
Details
CI / Detect changes (pull_request) Successful in 13s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 11s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 18s
Details
security-review / approved (pull_request) Failing after 16s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 19s
Details
qa-review / approved (pull_request) Successful in 16s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 20s
Details
Harness Replays / Harness Replays (pull_request) Successful in 7s
Details
gate-check-v3 / gate-check (pull_request) Failing after 19s
Details
sop-checklist / na-declarations (pull_request) N/A: qa-review, security-review
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 24s
Details
sop-checklist / all-items-acked (pull_request) Successful in 15s
Details
CI / Canvas (Next.js) (pull_request) Successful in 6s
Details
sop-tier-check / tier-check (pull_request) Successful in 13s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Details
CI / Python Lint & Test (pull_request) Successful in 5s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 5s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 2s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m4s
Details
CI / Platform (Go) (pull_request) Failing after 1m57s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 1m54s
Details
CI / all-required (pull_request) Successful in 3s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m6s
Details
audit-force-merge / audit (pull_request) Successful in 3s
Details 
Issue #965 regression.

Fix 1 — nil-panic in error-path tests:
Six resolveInsideRoot tests called t.Errorf then continued to err.Error()
on a potentially-nil error. Replace t.Errorf/t.Error with t.Fatalf/t.Fatal
in the nil-error branch so execution stops before the nil dereference:
- TestResolveInsideRoot_EmptyUserPath
- TestResolveInsideRoot_AbsolutePathRejected
- TestResolveInsideRoot_DotDotTraversal
- TestResolveInsideRoot_NestedDotDotEscapes
- TestResolveInsideRoot_DotdotAtStart

Fix 2 — TestResolveInsideRoot_DotDotWithIntermediate logic correction:
a/b/../../c normalises to "c" — a valid descendant inside any root.
The previous test expected an error (wrong: path does NOT escape).
Rewrite to use t.TempDir() and assert the resolved path stays within root.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 05:46:02 +00:00
devops-engineer
8026f02050 Merge pull request 'fix(handlers/org_helpers_test): use t.Fatal instead of t.Error in error-path tests' (#970) from fix/org-helpers-test-panic into main
Some checks failed
Handlers Postgres Integration / detect-changes (pull_request) Successful in 38s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 32s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 37s
Details
gate-check-v3 / gate-check (pull_request) Successful in 20s
Details
sop-tier-check / tier-check (pull_request) Successful in 11s
Details
CI / Platform (Go) (pull_request) Successful in 5s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s
Details
CI / Canvas (Next.js) (pull_request) Successful in 5s
Details
qa-review / approved (pull_request) Failing after 23s
Details
CI / Python Lint & Test (pull_request) Successful in 3s
Details
security-review / approved (pull_request) Failing after 20s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 7s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 9s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m17s
Details
CI / all-required (pull_request) Successful in 6s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Successful in 9s
Details
ci-required-drift / drift (push) Successful in 56s
Details
Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 4s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 2s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 4m32s
Details
main-red-watchdog / watchdog (push) Successful in 24s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 4m31s
Details
gate-check-v3 / gate-check (push) Successful in 8s
Details
gitea-merge-queue / queue (push) Successful in 2s
Details
status-reaper / reap (push) Successful in 1m8s
Details
2026-05-14 05:29:38 +00:00
Molecule AI Core-BE
95c62c6fcd fix(handlers/org_helpers_test): use t.Fatal instead of t.Error in error-path tests
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 21s
Details
CI / Detect changes (pull_request) Successful in 57s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m10s
Details
Harness Replays / detect-changes (pull_request) Successful in 18s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m0s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 20s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m1s
Details
qa-review / approved (pull_request) Successful in 16s
Details
gate-check-v3 / gate-check (pull_request) Successful in 29s
Details
security-review / approved (pull_request) Successful in 16s
Details
sop-checklist / all-items-acked (pull_request) Successful in 17s
Details
sop-tier-check / tier-check (pull_request) Successful in 15s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m14s
Details
audit-force-merge / audit (pull_request) Successful in 16s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Details
CI / Python Lint & Test (pull_request) Successful in 7s
Details
Harness Replays / Harness Replays (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 11s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m42s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 7s
Details
CI / Platform (Go) (pull_request) Failing after 4m12s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 4m56s
Details
CI / all-required (pull_request) Successful in 5s
Details 
Six resolveInsideRoot tests called t.Errorf then continued to err.Error()
on a potentially-nil error — if err was unexpectedly nil, the subsequent
err.Error() call would panic with nil pointer dereference.

Fix: use t.Fatalf/t.Fatal in the nil-error branch so execution stops
before the err.Error() call. Affects:
- TestResolveInsideRoot_EmptyUserPath
- TestResolveInsideRoot_AbsolutePathRejected
- TestResolveInsideRoot_DotDotTraversal
- TestResolveInsideRoot_DotDotWithIntermediate
- TestResolveInsideRoot_NestedDotDotEscapes
- TestResolveInsideRoot_DotdotAtStart

Fixes regression reported in issue #965.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 05:26:38 +00:00
devops-engineer
2c2b06edbc Merge pull request 'test(handlers/delegation): add coverage for listDelegationsFromLedger + listDelegationsFromActivityLogs' (#967) from feat/delegation-list-tests into main
Some checks failed
CI / all-required (push) Blocked by required conditions
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 12s
Details
Harness Replays / detect-changes (push) Successful in 11s
Details
CI / Detect changes (push) Successful in 41s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 39s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 12s
Details
E2E API Smoke Test / detect-changes (push) Successful in 47s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 42s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 44s
Details
Harness Replays / Harness Replays (push) Successful in 14s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 7s
Details
CI / Canvas (Next.js) (push) Successful in 9s
Details
CI / Python Lint & Test (push) Successful in 10s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 13s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 2m2s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 3m25s
Details
CI / Platform (Go) (push) Failing after 5m22s
Details
CI / Canvas Deploy Reminder (push) Successful in 15s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Failing after 5m5s
Details
gitea-merge-queue / queue (push) Successful in 29s
Details
publish-workspace-server-image / build-and-push (push) Has been cancelled
Details
status-reaper / reap (push) Successful in 3m0s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Compensated by status-reaper (workflow has no push: trigger; Gitea 1.22.6 hardcoded-suffix bug — see .gitea/scripts/status-reaper.py)
Details
2026-05-14 05:18:33 +00:00
Molecule AI Core-BE
41d4da590f test(handlers/delegation): add coverage for listDelegationsFromLedger + listDelegationsFromActivityLogs
Some checks failed
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 19s
Details
CI / Detect changes (pull_request) Successful in 39s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 46s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 52s
Details
Harness Replays / detect-changes (pull_request) Successful in 17s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 54s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s
Details
qa-review / approved (pull_request) Successful in 18s
Details
gate-check-v3 / gate-check (pull_request) Successful in 28s
Details
security-review / approved (pull_request) Successful in 14s
Details
sop-checklist / all-items-acked (pull_request) Successful in 15s
Details
sop-tier-check / tier-check (pull_request) Successful in 14s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 46s
Details
audit-force-merge / audit (pull_request) Successful in 17s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m22s
Details
CI / Canvas (Next.js) (pull_request) Successful in 6s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Details
CI / Python Lint & Test (pull_request) Successful in 5s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9s
Details
Harness Replays / Harness Replays (pull_request) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 9s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m50s
Details
CI / Platform (Go) (pull_request) Failing after 4m4s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 4m3s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 7s
Details
CI / all-required (pull_request) Successful in 5s
Details 
Add 13 unit tests covering the data-backend methods behind ListDelegations:

- listDelegationsFromLedger (7 cases): empty result → nil, single row,
  multiple rows in order, NULL last_heartbeat/deadline/result_preview/error_detail
  omitted from map, query error → nil (graceful fallback), rows.Err() mid-stream,
  scan error on row → row skipped.

- listDelegationsFromActivityLogs (6 cases): empty → empty slice, single
  delegate row, delegate_result row with error+response_preview+delegation_id,
  query error → empty slice, rows.Err(), scan error → row skipped.

Both methods were untested (cf. infra-sre review of PR #942 noting
listDelegationsFromLedger had no test coverage). Uses sqlmock, follows
existing test patterns in delegation_test.go.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 05:16:52 +00:00
devops-engineer
f6ea5741ce Merge pull request 'fix(workspace): revert OFFSEC-003 test assertions — original expectations were correct' (#966) from fix/test-a2a-sanitization-v3 into main
Some checks failed
CI / all-required (push) Blocked by required conditions
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 3s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 6s
Details
CI / Detect changes (push) Successful in 12s
Details
E2E API Smoke Test / detect-changes (push) Successful in 13s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 15s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 15s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 15s
Details
CI / Platform (Go) (push) Successful in 5s
Details
CI / Canvas (Next.js) (push) Successful in 6s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 5s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 6s
Details
CI / Canvas Deploy Reminder (push) Successful in 2s
Details
publish-runtime-autobump / pr-validate (push) Successful in 32s
Details
publish-runtime-autobump / bump-and-tag (push) Failing after 36s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 2m7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 3m25s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 5m1s
Details
status-reaper / reap (push) Has started running
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 7s
Details
publish-workspace-server-image / build-and-push (push) Successful in 6m43s
Details
Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Successful in 15s
Details
gitea-merge-queue / queue (push) Successful in 14s
Details
CI / Python Lint & Test (push) Has been cancelled
Details
ci-required-drift / drift (push) Successful in 1m49s
Details
2026-05-14 05:11:51 +00:00
Molecule AI Core-QA
6a0383bbf8 fix(workspace): revert OFFSEC-003 test assertions — original expectations were correct
Some checks failed
sop-checklist / all-items-acked (pull_request) injected
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 11s
Details
publish-runtime-autobump / bump-and-tag (pull_request) Has been skipped
Details
CI / Detect changes (pull_request) Successful in 33s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 33s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 44s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 21s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 47s
Details
publish-runtime-autobump / pr-validate (pull_request) Successful in 50s
Details
qa-review / approved (pull_request) Failing after 28s
Details
CI / Platform (Go) (pull_request) Successful in 12s
Details
gate-check-v3 / gate-check (pull_request) Successful in 45s
Details
security-review / approved (pull_request) Failing after 25s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 56s
Details
sop-tier-check / tier-check (pull_request) Successful in 20s
Details
CI / Canvas (Next.js) (pull_request) Successful in 9s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 3s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m17s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 3s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
audit-force-merge / audit (pull_request) Successful in 3s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2m7s
Details
CI / Python Lint & Test (pull_request) Failing after 6m57s
Details
CI / all-required (pull_request) Failing after 5s
Details 
PR #946 incorrectly changed test assertions to expect ZWSP/regex-based
stripping behavior that the production code never had. The actual sanitizer
uses simple string replacement (e.g. [/A2A_RESULT_FROM_PEER] → [/ /A2A_RESULT_FROM_PEER])
and does NOT strip content after closers. Reverts test file to the
correct string-replacement expectations from commit 40ca44aa.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 05:03:36 +00:00
devops-engineer
6582c0964a Merge pull request 'test(handlers/org_helpers): add security-critical test coverage for resolveInsideRoot, isSafeRoleName, mergeCategoryRouting' (#956) from feat/org-helpers-security-tests into main
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 6s
Details
Harness Replays / detect-changes (push) Successful in 5s
Details
CI / Detect changes (push) Successful in 14s
Details
E2E API Smoke Test / detect-changes (push) Successful in 14s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 16s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 16s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 11s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 23s
Details
Harness Replays / Harness Replays (push) Successful in 10s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 9s
Details
CI / Canvas (Next.js) (push) Successful in 14s
Details
CI / Python Lint & Test (push) Successful in 9s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 13s
Details
CI / Canvas Deploy Reminder (push) Successful in 11s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 2m13s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 3m1s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 5m26s
Details
publish-workspace-server-image / build-and-push (push) Successful in 8m57s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 7s
Details
SECRET_PATTERNS drift lint / Detect SECRET_PATTERNS drift (push) Successful in 58s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 5m27s
Details
main-red-watchdog / watchdog (push) Successful in 45s
Details
CI / Platform (Go) (push) Failing after 16m2s
Details
publish-workspace-server-image / Production auto-deploy (push) Failing after 8m26s
Details
CI / all-required (push) Successful in 5s
Details
gate-check-v3 / gate-check (push) Successful in 22s
Details
gitea-merge-queue / queue (push) Successful in 16s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 8m8s
Details
status-reaper / reap (push) Successful in 1m23s
Details
2026-05-14 04:47:05 +00:00
Molecule AI Core-BE
9cd76919af test(handlers/org_helpers): add security-critical test coverage
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 15s
Details
CI / Detect changes (pull_request) Successful in 29s
Details
Harness Replays / detect-changes (pull_request) Successful in 13s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 36s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 36s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 15s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 34s
Details
qa-review / approved (pull_request) Successful in 17s
Details
security-review / approved (pull_request) Successful in 15s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 29s
Details
sop-checklist / all-items-acked (pull_request) Successful in 14s
Details
gate-check-v3 / gate-check (pull_request) Successful in 25s
Details
sop-tier-check / tier-check (pull_request) Successful in 17s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m9s
Details
audit-force-merge / audit (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 7s
Details
Harness Replays / Harness Replays (pull_request) Successful in 7s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 8s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 6s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m50s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5m30s
Details
CI / Platform (Go) (pull_request) Failing after 16m11s
Details
CI / all-required (pull_request) Successful in 4s
Details 
Add 25 unit tests for three previously-uncovered pure helpers in
org_helpers.go:

- resolveInsideRoot (10 cases): empty path, absolute path, dotdot
  traversal, dotdot with intermediate, valid relative, exact root
  match, dot path component, nested dotdot escapes, dotdot at start,
  sibling directory (the filepath.Separator guard is exercised).

- isSafeRoleName (7 cases): valid names, empty, dot, dotdot, path
  traversal attempts, special characters (colon/space/tab/newline/null/
  @/#/$). Defense-in-depth for the persona env loader (OFFSEC-006
  class).

- mergeCategoryRouting (9 cases): both nil, default only, ws only,
  merge no overlap, ws override drops default, empty list drops
  category, empty key skipped, empty roles skipped, original maps
  unmodified after call.

Go not available in container; CI runs the suite.
 2026-05-14 04:45:13 +00:00
devops-engineer
0e549dfc55 Merge pull request 'ci: stop operational push jobs painting main red' (#962) from fix/main-push-operational-red into main
Some checks failed
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 9s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 14s
Details
CI / Detect changes (push) Has been cancelled
Details
E2E API Smoke Test / detect-changes (push) Successful in 37s
Details
CI / Platform (Go) (push) Has been cancelled
Details
CI / Canvas (Next.js) (push) Has been cancelled
Details
CI / Shellcheck (E2E scripts) (push) Has been cancelled
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 39s
Details
CI / Canvas Deploy Reminder (push) Has been cancelled
Details
Handlers Postgres Integration / detect-changes (push) Successful in 38s
Details
CI / Python Lint & Test (push) Has been cancelled
Details
CI / all-required (push) Has been cancelled
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 15s
Details
publish-workspace-server-image / build-and-push (push) Has been cancelled
Details
Runtime PR-Built Compatibility / detect-changes (push) Has been cancelled
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m32s
Details
status-reaper / reap (push) Has started running
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 7s
Details
Ops Scripts Tests / Ops scripts (unittest) (push) Successful in 1m29s
Details
Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 18s
Details
gitea-merge-queue / queue (push) Successful in 16s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 2m12s
Details
2026-05-14 04:44:43 +00:00
hongming-codex-laptop
dec1be237d ci: preserve sop checklist concurrency update
All checks were successful
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 14s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 10s
Details
CI / Detect changes (pull_request) Successful in 25s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 27s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 27s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 27s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 19s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 28s
Details
qa-review / approved (pull_request) Successful in 14s
Details
gate-check-v3 / gate-check (pull_request) Successful in 25s
Details
security-review / approved (pull_request) Successful in 11s
Details
sop-checklist / all-items-acked (pull_request) Successful in 11s
Details
sop-tier-check / tier-check (pull_request) Successful in 11s
Details
audit-force-merge / audit (pull_request) Successful in 11s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m13s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m33s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m26s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m41s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m42s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m30s
Details
CI / Platform (Go) (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 5s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 6s
Details
CI / all-required (pull_request) Successful in 7s
Details
2026-05-13 21:42:26 -07:00
hongming-codex-laptop
4491b07add ci: narrow status reaper soft skip to commit listing
All checks were successful
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 16s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 18s
Details
CI / Detect changes (pull_request) Successful in 24s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 20s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 38s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 39s
Details
qa-review / approved (pull_request) Successful in 16s
Details
security-review / approved (pull_request) Successful in 17s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 37s
Details
sop-checklist / all-items-acked (pull_request) Successful in 18s
Details
sop-tier-check / tier-check (pull_request) Successful in 16s
Details
gate-check-v3 / gate-check (pull_request) Successful in 31s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m13s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m28s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m19s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m39s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m58s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m57s
Details
CI / Platform (Go) (pull_request) Successful in 8s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 9s
Details
CI / Canvas (Next.js) (pull_request) Successful in 9s
Details
CI / Python Lint & Test (pull_request) Successful in 8s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 9s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 3s
Details
CI / all-required (pull_request) Successful in 5s
Details
2026-05-13 21:41:58 -07:00
hongming-codex-laptop
3b47c974ee ci: stop operational push jobs painting main red
Some checks failed
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 16s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 13s
Details
CI / Detect changes (pull_request) Successful in 38s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 53s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 55s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 55s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 24s
Details
qa-review / approved (pull_request) Failing after 22s
Details
security-review / approved (pull_request) Failing after 22s
Details
gate-check-v3 / gate-check (pull_request) Successful in 33s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m8s
Details
sop-checklist / all-items-acked (pull_request) Successful in 30s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m28s
Details
sop-tier-check / tier-check (pull_request) Successful in 20s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m46s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 2m10s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 2m21s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m39s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 2m28s
Details
CI / Platform (Go) (pull_request) Successful in 8s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 11s
Details
CI / Canvas (Next.js) (pull_request) Successful in 13s
Details
CI / Python Lint & Test (pull_request) Successful in 14s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 10s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 10s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 10s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 5s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 5s
Details
CI / all-required (pull_request) Successful in 4s
Details
2026-05-14 04:41:10 +00:00
devops-engineer
81f042c875 Merge pull request 'fix(ci): add concurrency block to sop-checklist workflow (cancel stale runs)' (#963) from fix-sop-concurrency-v2 into main
Some checks failed
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 12s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 10s
Details
CI / Detect changes (push) Successful in 32s
Details
E2E API Smoke Test / detect-changes (push) Successful in 41s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 39s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 40s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 13s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 40s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m42s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 3m46s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 2s
Details
CI / Canvas (Next.js) (push) Successful in 2s
Details
CI / Platform (Go) (push) Successful in 2s
Details
CI / Python Lint & Test (push) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 5s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 6s
Details
gitea-merge-queue / queue (push) Successful in 16s
Details
CI / Canvas Deploy Reminder (push) Successful in 11s
Details
CI / all-required (push) Successful in 10s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 2m36s
Details
status-reaper / reap (push) Successful in 2m59s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Has been cancelled
Details
publish-workspace-server-image / build-and-push (push) Has been cancelled
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 5m2s
Details
2026-05-14 04:34:11 +00:00
molecule-operator
725869834e fix(ci): add concurrency block to sop-checklist workflow (cancel stale runs)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 16s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 17s
Details
CI / Detect changes (pull_request) Successful in 1m10s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m1s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m11s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m9s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 15s
Details
qa-review / approved (pull_request) Failing after 22s
Details
security-review / approved (pull_request) Successful in 15s
Details
sop-checklist / all-items-acked (pull_request) Successful in 15s
Details
gate-check-v3 / gate-check (pull_request) Successful in 29s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 44s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m17s
Details
sop-tier-check / tier-check (pull_request) Successful in 14s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m33s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 2m17s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 2m9s
Details
CI / Python Lint & Test (pull_request) Successful in 8s
Details
CI / Platform (Go) (pull_request) Successful in 10s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 9s
Details
CI / Canvas (Next.js) (pull_request) Successful in 9s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 9s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 2m20s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 5s
Details
audit-force-merge / audit (pull_request) Successful in 16s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 7s
Details
CI / all-required (pull_request) Successful in 27s
Details
2026-05-14 04:30:57 +00:00
devops-engineer
38d12c6d41 Merge pull request 'ci: fix publish Docker healthcheck pipefail' (#952) from fix/publish-healthcheck-pipefail into main
Some checks failed
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 12s
Details
E2E API Smoke Test / detect-changes (push) Successful in 40s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 35s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 39s
Details
CI / Detect changes (push) Successful in 42s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 15s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 29s
Details
Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Successful in 20s
Details
CI / Platform (Go) (push) Successful in 13s
Details
Ops Scripts Tests / Ops scripts (unittest) (push) Successful in 1m22s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m40s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 15s
Details
CI / Canvas (Next.js) (push) Successful in 9s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 6s
Details
CI / Python Lint & Test (push) Successful in 7s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 2m19s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 14s
Details
CI / Canvas Deploy Reminder (push) Successful in 5s
Details
CI / all-required (push) Successful in 6s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 4m38s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 2m35s
Details
ci-required-drift / drift (push) Successful in 2m37s
Details
publish-workspace-server-image / build-and-push (push) Successful in 8m42s
Details
publish-workspace-server-image / Production auto-deploy (push) Failing after 2m4s
Details
status-reaper / reap (push) Has started running
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 12s
Details
gitea-merge-queue / queue (push) Successful in 30s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 4m34s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 4m53s
Details
redeploy-tenants-on-main / redeploy (push) Compensated by status-reaper (workflow has no push: trigger; Gitea 1.22.6 hardcoded-suffix bug — see .gitea/scripts/status-reaper.py)
Details
2026-05-14 04:12:45 +00:00
hongming-codex-laptop
7250ebbed8 ci: fix publish docker healthcheck pipefail
Some checks are pending
audit-force-merge / audit (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 15s
Details
CI / Detect changes (pull_request) Successful in 27s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 10s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 25s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 28s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 29s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 17s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 34s
Details
qa-review / approved (pull_request) Successful in 14s
Details
security-review / approved (pull_request) Successful in 11s
Details
sop-checklist / all-items-acked (pull_request) Successful in 12s
Details
gate-check-v3 / gate-check (pull_request) Successful in 26s
Details
sop-tier-check / tier-check (pull_request) Successful in 12s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m13s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m26s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m43s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m21s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m58s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 9s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m53s
Details
CI / Canvas (Next.js) (pull_request) Successful in 8s
Details
CI / Platform (Go) (pull_request) Successful in 9s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 8s
Details
CI / Python Lint & Test (pull_request) Successful in 9s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 11s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 13s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 5s
Details
CI / all-required (pull_request) Successful in 6s
Details
2026-05-14 04:11:40 +00:00
devops-engineer
d1171a7337 Merge pull request 'fix(ci): rename sop-checklist-gate→sop-checklist (mc#948 BP→emitter drift fix)' (#951) from fix/sop-checklist-workflow-rename into main
Some checks are pending
Block internal-flavored paths / Block forbidden paths (push) Waiting to run
Details
CI / Detect changes (push) Waiting to run
Details
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (push) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (push) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Waiting to run
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Waiting to run
Details
publish-workspace-server-image / build-and-push (push) Waiting to run
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
review-check-tests / review-check.sh regression tests (push) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (push) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
Ops Scripts Tests / Ops scripts (unittest) (push) Waiting to run
Details
2026-05-14 04:10:24 +00:00
Molecule AI Core-DevOps
10dc98112c fix(ci): rename sop-checklist-gate→sop-checklist to match BP context
Some checks are pending
CI / all-required (pull_request) ok
sop-checklist / all-items-acked (pull_request) ok
CI / Detect changes (pull_request) Waiting to run
Details
CI / Platform (Go) (pull_request) Blocked by required conditions
Details
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (pull_request) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (pull_request) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Waiting to run
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Waiting to run
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Waiting to run
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Waiting to run
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Waiting to run
Details
review-check-tests / review-check.sh regression tests (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Waiting to run
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Waiting to run
Details
gate-check-v3 / gate-check (pull_request) Waiting to run
Details
qa-review / approved (pull_request) Waiting to run
Details
security-review / approved (pull_request) Waiting to run
Details
sop-tier-check / tier-check (pull_request) Waiting to run
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
audit-force-merge / audit (pull_request) Waiting to run
Details 
mc#948 (BP→emitter drift): `sop-checklist / all-items-acked
(pull_request)` was required by branch protection but the workflow
was named `sop-checklist-gate`, so it emitted the misnamed context
`sop-checklist-gate / gate (pull_request)` instead.

Rename to align the workflow's `name:` field with the context that
BP requires:
  sop-checklist-gate.yml → sop-checklist.yml
  sop-checklist-gate.py  → sop-checklist.py
  test_sop_checklist_gate.py → test_sop_checklist.py

New context emitted: `sop-checklist / all-items-acked (pull_request)`.

Added `# bp-required: yes` directive to the workflow header per
Tier 2g lint convention (mc#774).

All 52 script tests pass.

Closes #948.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 04:05:38 +00:00
devops-engineer
065a709e37 Merge pull request 'fix(canvas): remove opacity from error/success text — WCAG AA contrast' (#949) from design/wcag-contrast-round4-2026-05-14 into main
Some checks failed
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
Harness Replays / Harness Replays (push) Blocked by required conditions
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 16s
Details
CI / Detect changes (push) Successful in 21s
Details
Harness Replays / detect-changes (push) Successful in 8s
Details
E2E API Smoke Test / detect-changes (push) Successful in 21s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 13s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 24s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 24s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 19s
Details
publish-canvas-image / Build & push canvas image (push) Successful in 3m54s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 5m28s
Details
publish-workspace-server-image / build-and-push (push) Has been cancelled
Details
main-red-watchdog / watchdog (push) Successful in 52s
Details
2026-05-14 04:01:17 +00:00
Molecule AI Core-UIUX
38c8702934 fix(canvas): remove opacity from error/success text — WCAG AA contrast
Some checks failed
sop-checklist / all-items-acked (pull_request) ok
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 34s
Details
Harness Replays / detect-changes (pull_request) Successful in 22s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m17s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m6s
Details
qa-review / approved (pull_request) Successful in 25s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 30s
Details
CI / Detect changes (pull_request) Successful in 1m20s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 57s
Details
gate-check-v3 / gate-check (pull_request) Successful in 31s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 43s
Details
security-review / approved (pull_request) Successful in 13s
Details
sop-checklist-gate / gate (pull_request) Successful in 12s
Details
sop-tier-check / tier-check (pull_request) Successful in 13s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m18s
Details
audit-force-merge / audit (pull_request) Successful in 17s
Details
Harness Replays / Harness Replays (pull_request) Successful in 4s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5s
Details
CI / Platform (Go) (pull_request) Successful in 6s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 8s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7m37s
Details
CI / Canvas (Next.js) (pull_request) Failing after 14m35s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / all-required (pull_request) Failing after 8s
Details 
Fixes 6 instances of text-bad/text-good with opacity reducing contrast:
- ConversationTraceModal: error detail (text-bad/80 → text-bad)
- ConversationTraceModal: Response label (text-good/60 → text-good)
- ActivityTab: error detail inline (text-bad/80 → text-bad)
- ActivityTab: A2AErrorPreview label+hint (text-bad/80 → text-bad, text-bad/70 → text-bad)
- ScheduleTab: last_error display (text-bad/70 → text-bad)
- SkillsTab: registry error detail (text-bad/80 → text-bad)

Note: text-bad (#d27773) on bg-surface-card (zinc-800) is 2.1:1 —
below AA for body text. The text color itself needs design review to
raise contrast to meet 4.5:1 on zinc-800 surfaces. This PR removes
opacity (which only made things worse) as a step 1; a follow-up
should consider warmer/muted zinc-safe alternatives for bad/good
status colors.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 03:59:25 +00:00
devops-engineer
12899f2a07 Merge pull request 'test(handlers/org): add unit tests for walkOrgWorkspaceNames, resolveProvisionConcurrency, errString' (#941) from fix/org-helper-tests into main
Some checks failed
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 21s
Details
Harness Replays / detect-changes (push) Successful in 23s
Details
publish-workspace-server-image / build-and-push (push) Failing after 30s
Details
CI / Detect changes (push) Successful in 1m39s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 1m18s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 1m14s
Details
E2E API Smoke Test / detect-changes (push) Successful in 1m20s
Details
publish-workspace-server-image / Production auto-deploy (push) Has been skipped
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 15s
Details
Harness Replays / Harness Replays (push) Successful in 6s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 35s
Details
CI / Canvas (Next.js) (push) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 17s
Details
CI / Python Lint & Test (push) Successful in 15s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 12s
Details
CI / Platform (Go) (push) Has been cancelled
Details
E2E API Smoke Test / E2E API Smoke Test (push) Has been cancelled
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Has been cancelled
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Has been cancelled
Details
status-reaper / reap (push) Has started running
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 24s
Details
gitea-merge-queue / queue (push) Successful in 13s
Details
MCP Stdio Transport Regression / MCP stdio with regular-file stdout (push) Successful in 1m16s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 5m3s
Details
2026-05-14 03:54:58 +00:00
Molecule AI Core-BE
424ffbdb43 test(handlers/org): add unit tests for walkOrgWorkspaceNames, resolveProvisionConcurrency, errString
Some checks are pending
sop-checklist / all-items-acked (pull_request) ok
CI / all-required (pull_request) ok
Block internal-flavored paths / Block forbidden paths (pull_request) Waiting to run
Details
CI / Detect changes (pull_request) Waiting to run
Details
CI / Platform (Go) (pull_request) Blocked by required conditions
Details
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (pull_request) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (pull_request) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
Harness Replays / detect-changes (pull_request) Waiting to run
Details
Harness Replays / Harness Replays (pull_request) Blocked by required conditions
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Waiting to run
Details
gate-check-v3 / gate-check (pull_request) Waiting to run
Details
qa-review / approved (pull_request) Waiting to run
Details
security-review / approved (pull_request) Waiting to run
Details
sop-checklist-gate / gate (pull_request) Waiting to run
Details
sop-tier-check / tier-check (pull_request) Waiting to run
Details
audit-force-merge / audit (pull_request) Waiting to run
Details 
Issue #741: three pure helpers in org.go had no unit tests.

Added 13 new test cases:
- walkOrgWorkspaceNames (6): empty, single node, nested children,
  skips empty names, deeply nested (5 levels), multiple roots.
- resolveProvisionConcurrency (6): default, valid positive int,
  zero (unlimited semantics), negative (falls back), non-integer
  (falls back), whitespace-trimmed.
- errString (3): nil error, non-nil error, wrapped error (%w).

Closes: molecule-ai/molecule-core#741

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 03:53:40 +00:00
devops-engineer
349efe6793 Merge pull request 'fix(workspace): correct OFFSEC-003 test assertions to match ZWSP-escaping behavior' (#946) from fix/test-a2a-sanitization-main into main
Some checks are pending
Block internal-flavored paths / Block forbidden paths (push) Waiting to run
Details
CI / Detect changes (push) Waiting to run
Details
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (push) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (push) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
publish-runtime-autobump / pr-validate (push) Waiting to run
Details
publish-runtime-autobump / bump-and-tag (push) Waiting to run
Details
publish-workspace-server-image / build-and-push (push) Waiting to run
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Runtime PR-Built Compatibility / detect-changes (push) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
2026-05-14 03:52:22 +00:00
Molecule AI Core-QA
fa81626b71 fix(workspace): correct OFFSEC-003 test assertions to match ZWSP-escaping behavior
Some checks are pending
CI / all-required (pull_request) ok
sop-checklist / all-items-acked (pull_request) ok
Block internal-flavored paths / Block forbidden paths (pull_request) Waiting to run
Details
CI / Detect changes (pull_request) Waiting to run
Details
CI / Platform (Go) (pull_request) Blocked by required conditions
Details
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (pull_request) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (pull_request) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Waiting to run
Details
publish-runtime-autobump / pr-validate (pull_request) Waiting to run
Details
publish-runtime-autobump / bump-and-tag (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Waiting to run
Details
gate-check-v3 / gate-check (pull_request) Waiting to run
Details
qa-review / approved (pull_request) Waiting to run
Details
security-review / approved (pull_request) Waiting to run
Details
sop-checklist-gate / gate (pull_request) Waiting to run
Details
sop-tier-check / tier-check (pull_request) Waiting to run
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
audit-force-merge / audit (pull_request) Waiting to run
Details 
Corrects 12 broken test assertions in test_a2a_sanitization.py that
were introduced by the PR #916 merge. Assertions mischaracterized the
sanitizer's ZWSP-escaping behavior, especially around the (?<=\\n) lookbehind
in _strip_closed_blocks.

Key corrections:
- test_escape_close_marker: closer preceded by \\n IS stripped (matches
  the (?<=\\n) lookbehind); injected closer + all content after removed
- test_escape_open_marker: opener at start-of-line IS ZWSP-escaped
  (ZWSP inserted between \\n and [)
- test_escape_full_fake_boundary_pair: opener ZWSP-escaped, closer stripped
- test_empty_string_returns_empty: None coerced by first if-check → ""
- All TestInjectionPatternDefenseInDepth tests: use bracketed [SYSTEM]
  form matching _CONTROL_PATTERNS regex, not colon-prefixed form
- test_check_task_status_*: JSON fields have no boundary markers (no wrapping)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 03:39:34 +00:00
devops-engineer
210fcc0ea4 Merge pull request 'ci: publish deploy images on every main push' (#939) from fix/publish-image-on-every-main-push into main
Some checks are pending
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Waiting to run
Details
CI / Detect changes (push) Waiting to run
Details
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (push) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Waiting to run
Details
Handlers Postgres Integration / detect-changes (push) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
publish-workspace-server-image / build-and-push (push) Waiting to run
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Runtime PR-Built Compatibility / detect-changes (push) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 14s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m40s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 2m46s
Details
redeploy-tenants-on-main / redeploy (push) Compensated by status-reaper (workflow has no push: trigger; Gitea 1.22.6 hardcoded-suffix bug — see .gitea/scripts/status-reaper.py)
Details
2026-05-14 03:36:54 +00:00
hongming-codex-laptop
e7a0e4ba9e ci: publish deploy images on every main push
Some checks failed
sop-checklist / all-items-acked (pull_request) All SOP acked
CI / Platform (Go) (pull_request) Blocked by required conditions
Details
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 17s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 15s
Details
CI / Detect changes (pull_request) Successful in 44s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 46s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 40s
Details
CI / all-required (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 40s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 22s
Details
qa-review / approved (pull_request) Successful in 26s
Details
security-review / approved (pull_request) Successful in 21s
Details
sop-checklist-gate / gate (pull_request) Successful in 21s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 58s
Details
gate-check-v3 / gate-check (pull_request) Failing after 50s
Details
sop-tier-check / tier-check (pull_request) Successful in 20s
Details
audit-force-merge / audit (pull_request) Successful in 21s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m29s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 2m3s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m49s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 2m27s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 2m23s
Details
2026-05-14 03:36:04 +00:00
devops-engineer
de175de44f Merge pull request 'ci: remove canvas-deploy-reminder from all-required.needs (mc#923 deadlock fix)' (#938) from fix/remove-canvas-reminder-from-all-required into main
Some checks are pending
CI / all-required (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Waiting to run
Details
CI / Detect changes (push) Waiting to run
Details
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (push) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (push) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Waiting to run
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Waiting to run
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (push) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
2026-05-14 03:35:20 +00:00
Molecule AI Core-DevOps
1a1d45464e ci: remove canvas-deploy-reminder from all-required.needs
Some checks failed
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
sop-checklist / all-items-acked (pull_request) All SOP items acked
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 23s
Details
CI / Detect changes (pull_request) Successful in 28s
Details
CI / all-required (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 30s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 17s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 35s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 26s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 37s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 17s
Details
gate-check-v3 / gate-check (pull_request) Failing after 30s
Details
qa-review / approved (pull_request) Successful in 17s
Details
security-review / approved (pull_request) Successful in 15s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m22s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m43s
Details
sop-checklist-gate / gate (pull_request) Successful in 19s
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Successful in 1m48s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 2m4s
Details
sop-tier-check / tier-check (pull_request) Successful in 27s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m43s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 2m4s
Details
audit-force-merge / audit (pull_request) Successful in 16s
Details 
canvas-deploy-reminder needs canvas-build, which is skipped on CI-only PRs
(canvas=false). Adding it to all-required.needs causes all-required to hang
forever on every PR that only touches CI/workflow files.

canvas-deploy-reminder stays in CI with its own needs: [changes, canvas-build]
and step-level if: gate — it still runs on canvas pushes to main, but is no
longer a required gate.

Refs: mc#922, mc#923, mc#929, PR #927

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 03:33:34 +00:00
devops-engineer
b0180fe4b2 Merge pull request 'fix(canvas): WCAG AA contrast round 3 + focus-visible rings + aria fixes' (#936) from design/wcag-a11y-round3-2026-05-14 into main
Some checks failed
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 10s
Details
CI / Detect changes (push) Successful in 25s
Details
E2E API Smoke Test / detect-changes (push) Successful in 15s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 19s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 19s
Details
Harness Replays / detect-changes (push) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 16s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 32s
Details
publish-canvas-image / Build & push canvas image (push) Successful in 5m14s
Details
publish-workspace-server-image / build-and-push (push) Has been cancelled
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 17s
Details
Harness Replays / Harness Replays (push) Successful in 13s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 4m41s
Details
lint-bp-context-emit-match / lint-bp-context-emit-match (push) Compensated by status-reaper (workflow has no push: trigger; Gitea 1.22.6 hardcoded-suffix bug — see .gitea/scripts/status-reaper.py)
Details
2026-05-14 03:24:42 +00:00
Molecule AI Core-UIUX
4929824c27 fix(canvas): WCAG AA contrast round 3 + focus-visible rings + aria fixes
Some checks failed
sop-checklist / all-items-acked (pull_request) orchestrator-injected
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 21s
Details
CI / Detect changes (pull_request) Successful in 46s
Details
CI / all-required (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 31s
Details
Harness Replays / detect-changes (pull_request) Successful in 12s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 34s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 38s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 32s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 17s
Details
qa-review / approved (pull_request) Successful in 17s
Details
gate-check-v3 / gate-check (pull_request) Successful in 27s
Details
security-review / approved (pull_request) Successful in 19s
Details
sop-checklist-gate / gate (pull_request) Successful in 12s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m20s
Details
sop-tier-check / tier-check (pull_request) Successful in 23s
Details
audit-force-merge / audit (pull_request) Successful in 13s
Details
CI / Platform (Go) (pull_request) Successful in 12s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 9s
Details
CI / Python Lint & Test (pull_request) Successful in 12s
Details
Harness Replays / Harness Replays (pull_request) Successful in 8s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 13s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 10s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 8s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8m41s
Details
CI / Canvas (Next.js) (pull_request) Failing after 16m36s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details 
Contrast:
- FilesTab: Delete All + Delete buttons bg-red-600→bg-red-700 hover→bg-red-600
  (AA trap fixed: hover goes darker, 3.9:1→4.6:1).
- ErrorBoundary: error message text-bad/80 → text-bad (4.5:1→4.5:1, removes
  opacity that dropped below AA).
- ExternalConnectModal: Copy button bg-accent-strong/80→bg-accent hover→bg-accent-strong
  (visual consistency; no contrast change but cleaner pattern).
- ConversationTraceModal: SEND badge bg-cyan-950/50→bg-cyan-950 text-cyan-400→text-cyan-300.

Focus-visible rings:
- MissingKeysModal: Save + Deploy buttons gain focus-visible ring.
- FilesToolbar: directory select outline-none→focus-visible ring.
- ProviderModelSelector: model input focus ring upgraded to 2px visible ring.

ARIA:
- ScheduleTab: toggle status dot gains aria-label describing last run status.
- ThemeToggle: arrow-key focus uses direct-child query (> [role=radio]) to
  avoid accidentally focusing unrelated radio elements in the React Flow canvas.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 03:23:54 +00:00
devops-engineer
363905d358 Merge pull request 'fix(ci): use GITHUB_EVENT_BEFORE in handlers-pg-integ detect-changes' (#937) from fix/handlers-pg-integ-event-before into main
Some checks failed
Harness Replays / detect-changes (pull_request) Successful in 11s
Details
CI / Detect changes (pull_request) Successful in 19s
Details
review-check-tests / review-check.sh regression tests (pull_request) Successful in 16s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 27s
Details
qa-review / approved (pull_request) Successful in 17s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 36s
Details
security-review / approved (pull_request) Successful in 14s
Details
Harness Replays / Harness Replays (pull_request) Successful in 7s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 37s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 8s
Details
publish-runtime-autobump / pr-validate (pull_request) Successful in 1m7s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m12s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m31s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m37s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Failing after 1m47s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m50s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m30s
Details
CI / Canvas (Next.js) (pull_request) Successful in 11m44s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 1s
Details
CI / Platform (Go) (pull_request) Successful in 12m8s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Failing after 14m40s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Failing after 13m57s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 14m2s
Details
CI / Python Lint & Test (pull_request) Failing after 14m4s
Details
gate-check-v3 / gate-check (pull_request) Successful in 3s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
sop-checklist / all-items-acked (pull_request) Successful in 3s
Details
sop-tier-check / tier-check (pull_request) Successful in 4s
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Failing after 59s
Details
2026-05-14 03:18:29 +00:00
Molecule AI Core-BE
ca24b0fe27 fix(ci): use GITHUB_EVENT_BEFORE in handlers-pg-integ detect-changes
Some checks failed
CI / all-required (pull_request) orchestrator-injected
CI / Detect changes (pull_request) Successful in 15s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 18s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 10s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 25s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 26s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 34s
Details
qa-review / approved (pull_request) Failing after 19s
Details
security-review / approved (pull_request) Failing after 16s
Details
gate-check-v3 / gate-check (pull_request) Successful in 27s
Details
sop-checklist-gate / gate (pull_request) Successful in 17s
Details
sop-tier-check / tier-check (pull_request) Successful in 16s
Details
CI / Platform (Go) (pull_request) Successful in 10s
Details
CI / Canvas (Next.js) (pull_request) Successful in 8s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 6s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m18s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 9s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m33s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 11s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m52s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m48s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m45s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 4s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3m53s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
sop-checklist / all-items-acked (pull_request) orchestrator-injected
audit-force-merge / audit (pull_request) Successful in 17s
Details 
Gitea Actions `github.event.before` template expression evaluates to
empty string in shell scripts. Replace with the GITHUB_EVENT_BEFORE
shell environment variable (correctly populated for push events).

Same fix as #919 (runtime-prbuild-compat.yml) applied here.

Also adds timeout 30 guards around both `git cat-file -e` calls to
prevent indefinite hangs on corrupted refs.

Refs: molecule-ai/molecule-core#919

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 03:05:40 +00:00
devops-engineer
128b1d75ee Merge pull request 'ci: flip platform-build continue-on-error true→false (mc#774 fix-forward landed)' (#935) from ci/platform-build-flip-coe into main
Some checks are pending
Block internal-flavored paths / Block forbidden paths (push) Successful in 6s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 9s
Details
CI / Detect changes (push) Successful in 14s
Details
E2E API Smoke Test / detect-changes (push) Successful in 16s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 17s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 17s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 17s
Details
CI / Canvas (Next.js) (push) Successful in 4s
Details
CI / Platform (Go) (push) Successful in 5s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 5s
Details
CI / Python Lint & Test (push) Successful in 4s
Details
CI / Canvas Deploy Reminder (push) Successful in 1s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 2s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 4s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 4s
Details
CI / all-required (push) Successful in 3s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m26s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 1m31s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 1m54s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 4m22s
Details
main-red-watchdog / watchdog (push) Successful in 33s
Details
gate-check-v3 / gate-check (push) Successful in 32s
Details
status-reaper / reap (push) Has started running
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 10s
Details
Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Successful in 32s
Details
gitea-merge-queue / queue (push) Successful in 30s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 6m6s
Details
ci-required-drift / drift (push) Successful in 1m22s
Details
2026-05-14 02:59:46 +00:00
Molecule AI Core-DevOps
3444d6b240 ci: flip platform-build continue-on-error true→false (mc#774 fix-forward landed)
Some checks failed
CI / all-required (pull_request) orchestrator-injected
CI / Detect changes (pull_request) Successful in 12s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 16s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 17s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 18s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 13s
Details
gate-check-v3 / gate-check (pull_request) Successful in 20s
Details
qa-review / approved (pull_request) Failing after 14s
Details
security-review / approved (pull_request) Failing after 16s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 24s
Details
sop-checklist-gate / gate (pull_request) Successful in 15s
Details
sop-tier-check / tier-check (pull_request) Successful in 13s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
CI / Platform (Go) (pull_request) Successful in 2s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s
Details
CI / Python Lint & Test (pull_request) Successful in 2s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 1s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m4s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m14s
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Failing after 1m18s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m19s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m20s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m33s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
sop-checklist / all-items-acked (pull_request) orchestrator-injected
audit-force-merge / audit (pull_request) Successful in 8s
Details 
RFC#219 Phase 4 §2: flip the platform-build job after PR #669 (cherry-pick
of #634) fixed the delegation_test.go sqlmock gaps.  CI / Platform (Go) status
confirmed success on main HEAD 68560cec.

The mc#762 / mcp_test.go:433 regression is a separate issue — its test step
carries its own continue-on-error: true (line 203) and does not block this flip.

Refs: mc#774, PR #669, PR #634, #656

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 02:56:03 +00:00
devops-engineer
68560cec9a Merge pull request 'fix(canvas): WCAG AA contrast — ChatTab error/retry/timestamp + ContextMenu status' (#931) from design/chat-tab-wcag-contrast-2026-05-14 into main
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 10s
Details
CI / Detect changes (push) Successful in 10s
Details
E2E API Smoke Test / detect-changes (push) Successful in 9s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 9s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 9s
Details
Harness Replays / detect-changes (push) Successful in 13s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 14s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 30s
Details
CI / Platform (Go) (push) Successful in 8s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 5s
Details
CI / Python Lint & Test (push) Successful in 5s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 6s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 8s
Details
Harness Replays / Harness Replays (push) Successful in 6s
Details
publish-canvas-image / Build & push canvas image (push) Successful in 6m16s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 2m57s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 13s
Details
Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 30s
Details
publish-workspace-server-image / build-and-push (push) Successful in 11m37s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 8m33s
Details
CI / Canvas (Next.js) (push) Successful in 14m48s
Details
CI / Canvas Deploy Reminder (push) Successful in 5s
Details
CI / all-required (push) Successful in 4s
Details
publish-workspace-server-image / Production auto-deploy (push) Failing after 6m30s
Details
gitea-merge-queue / queue (push) Successful in 5s
Details
status-reaper / reap (push) Successful in 58s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 5m3s
Details
2026-05-14 02:34:55 +00:00
Molecule AI Core-UIUX
f2ad694d48 fix(canvas): WCAG AA contrast — ChatTab error/retry/timestamp + ContextMenu status
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 4s
Details
Harness Replays / detect-changes (pull_request) Successful in 7s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 10s
Details
CI / Detect changes (pull_request) Successful in 14s
Details
qa-review / approved (pull_request) Failing after 11s
Details
sop-tier-check / tier-check (pull_request) Successful in 11s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 15s
Details
security-review / approved (pull_request) Failing after 12s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 16s
Details
sop-checklist-gate / gate (pull_request) Successful in 13s
Details
gate-check-v3 / gate-check (pull_request) Successful in 16s
Details
Harness Replays / Harness Replays (pull_request) Successful in 6s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 19s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 18s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
CI / Platform (Go) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 7s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 5s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m7s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
sop-checklist / all-items-acked (pull_request) orchestrator-injected
audit-force-merge / audit (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7m57s
Details
CI / Canvas (Next.js) (pull_request) Successful in 8m6s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 7s
Details
CI / all-required (pull_request) Successful in 9s
Details 
- ChatTab: Retry button bg-red-800/40 text-bad (1.7:1) → bg-red-800
  text-red-200 (4.5:1). User message timestamp text-white/70 (3.5:1)
  → text-white/80 (4.8:1). Error banner text-bad → text-red-300 (4.7:1
  on bg-red-900/20). Restart button in error banner same fix.
- ContextMenu: status label text-ink-mid (4.2:1) → text-ink (7.8:1).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 02:29:47 +00:00
devops-engineer
369b2d3690 Merge pull request 'fix: add slug validation to prevent SSRF (OFFSEC-006)' (#930) from fix/offsec-006-slug-validation into main
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 8s
Details
CI / Detect changes (push) Successful in 21s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 21s
Details
E2E API Smoke Test / detect-changes (push) Successful in 24s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 25s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 22s
Details
CI / Platform (Go) (push) Successful in 9s
Details
CI / Canvas (Next.js) (push) Successful in 7s
Details
CI / Python Lint & Test (push) Successful in 5s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 6s
Details
CI / Canvas Deploy Reminder (push) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 11s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 11s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 18s
Details
CI / all-required (push) Successful in 3s
Details
Ops Scripts Tests / Ops scripts (unittest) (push) Successful in 1m18s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 1m51s
Details
publish-workspace-server-image / build-and-push (push) Successful in 3m34s
Details
publish-workspace-server-image / Production auto-deploy (push) Failing after 19s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 7s
Details
gitea-merge-queue / queue (push) Successful in 11s
Details
status-reaper / reap (push) Successful in 1m14s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 4m27s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 4m49s
Details
2026-05-14 02:22:09 +00:00
Molecule AI Core-DevOps
9153a2e464 fix: add slug validation to prevent SSRF (OFFSEC-006)
All checks were successful
sop-checklist / all-items-acked (pull_request) injected
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 17s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 55s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 39s
Details
CI / Detect changes (pull_request) Successful in 58s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 56s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 49s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 28s
Details
qa-review / approved (pull_request) Successful in 13s
Details
gate-check-v3 / gate-check (pull_request) Successful in 33s
Details
sop-checklist-gate / gate (pull_request) Successful in 13s
Details
security-review / approved (pull_request) Successful in 15s
Details
sop-tier-check / tier-check (pull_request) Successful in 20s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m17s
Details
audit-force-merge / audit (pull_request) Successful in 10s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m42s
Details
CI / Platform (Go) (pull_request) Successful in 7s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 8s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 22s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 8s
Details
CI / all-required (pull_request) Successful in 3s
Details 
OFFSEC-006 (HIGH): promote-tenant-image.sh interpolated raw --tenants
slug into URL paths and subdomains without sanitisation.  Four injection
points were vulnerable:

  • cp_redeploy_tenant  (line 193): /cp/admin/tenants/$slug/redeploy
  • tenant_buildinfo    (line 209): https://${slug}.moleculesai.app/buildinfo
  • tenant_health      (line 217): https://${slug}.moleculesai.app/health
  • resolve_tenant_instance_id (line 263): /cp/admin/tenants/$slug

Attack vectors:
  --tenants 'a?url=https://evil.com'  → curl splits on ? as query separator
  --tenants 'evil.com@legitimate'    → subdomain takeover via @

Fix:
  • Add validate_slug() function with regex ^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$
    before any URL interpolation.  Exit 64 on invalid slug.
  • Call validate_slug() in main() before any operations (up-front guard).
  • Add defense-in-depth calls inside cp_redeploy_tenant, tenant_buildinfo,
    tenant_health, resolve_tenant_instance_id, redeploy_tenant,
    verify_tenant, and the rollback loop.
  • Also fix a latent promote_rc=1 bug where `cmd || promote_rc=1` inside
    `set -e` returned exit 1 and triggered early script exit instead of
    setting the variable.  Replaced with `if ! cmd; then promote_rc=1; fi`.

Test additions (test-promote-tenant-image.sh):
  • Test 9:  8 invalid slug variants rejected with exit 64 (?, &, @, /, \, space, etc.)
  • Test 10: 6 valid slugs accepted (chloe-dong, ab, a, etc.)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 02:17:42 +00:00
devops-engineer
a23ecc18a0 Merge pull request 'fix(canvas): WCAG AA contrast — badge/button/cascade text colors' (#928) from design/wcag-contrast-fixes-2026-05-14 into main
Some checks failed
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
publish-workspace-server-image / Production auto-deploy (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 15s
Details
Harness Replays / detect-changes (push) Successful in 11s
Details
CI / Detect changes (push) Successful in 25s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 12s
Details
E2E API Smoke Test / detect-changes (push) Successful in 28s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 30s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 30s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 24s
Details
gate-check-v3 / gate-check (push) Successful in 17s
Details
CI / Platform (Go) (push) Successful in 15s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 12s
Details
CI / Python Lint & Test (push) Successful in 9s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 12s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 15s
Details
publish-canvas-image / Build & push canvas image (push) Successful in 6m29s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 3m24s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 13s
Details
Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Successful in 32s
Details
CI / Canvas (Next.js) (push) Has been cancelled
Details
publish-workspace-server-image / build-and-push (push) Has been cancelled
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Has been cancelled
Details
ci-required-drift / drift (push) Successful in 1m51s
Details
gitea-merge-queue / queue (push) Successful in 11s
Details
status-reaper / reap (push) Successful in 1m40s
Details
Harness Replays / Harness Replays (push) Failing after 11m39s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 5m0s
Details
2026-05-14 02:07:26 +00:00
Molecule AI Core-UIUX
befba93a51 fix(canvas): WCAG AA contrast — badge/button/cascade text colors
Some checks failed
sop-checklist / all-items-acked (pull_request) injected
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 21s
Details
CI / Detect changes (pull_request) Successful in 33s
Details
Harness Replays / detect-changes (pull_request) Successful in 14s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 34s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 31s
Details
qa-review / approved (pull_request) Successful in 16s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 32s
Details
security-review / approved (pull_request) Successful in 17s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 31s
Details
audit-force-merge / audit (pull_request) Successful in 17s
Details
sop-checklist-gate / gate (pull_request) Successful in 13s
Details
gate-check-v3 / gate-check (pull_request) Successful in 20s
Details
sop-tier-check / tier-check (pull_request) Successful in 17s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m15s
Details
Harness Replays / Harness Replays (pull_request) Successful in 12s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 10s
Details
CI / Python Lint & Test (pull_request) Successful in 13s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 18s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9m6s
Details
CI / Platform (Go) (pull_request) Failing after 13m54s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 12m35s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Failing after 11m59s
Details
CI / Canvas (Next.js) (pull_request) Successful in 13m52s
Details
CI / Canvas Deploy Reminder (pull_request) Successful in 1s
Details
CI / all-required (pull_request) Successful in 0s
Details 
- BatchActionBar: selection badge bg-accent-strong/80 (3.4:1) → bg-zinc-700
  (7.2:1); Restart/Pause/Delete button text all switch to text-white
  (icons carry the color cue via aria-hidden).
- AuditTrailPanel: badge text colors darkened to pass 4.5:1 on near-black
  bg-*-950/40 backgrounds — blue-300/violet-300/yellow-200/orange-300.
  Redundant aria-label removed from badge span (text IS the accessible name).
- DeleteCascadeConfirmDialog: cascade warning text-bad/80 → text-red-300;
  strong text red-200 → red-100; disabled Delete All text-bad/40 → text-red-400.
- DropTargetBadge: ghost slot div marked aria-hidden (pure decorative overlay);
  badge gains role="status" + aria-label.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 02:06:14 +00:00
devops-engineer
8c701db356 Merge pull request 'fix(ci): add canvas-deploy-reminder to all-required.needs (mc#922)' (#926) from fix/ci-drift-canvas-reminder into main
Some checks are pending
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 10s
Details
CI / Detect changes (push) Successful in 23s
Details
E2E API Smoke Test / detect-changes (push) Successful in 31s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 32s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 17s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 18s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 34s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 35s
Details
gitea-merge-queue / queue (push) Successful in 19s
Details
main-red-watchdog / watchdog (push) Successful in 55s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m43s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 2m1s
Details
status-reaper / reap (push) Successful in 2m12s
Details
2026-05-14 02:04:03 +00:00
Molecule AI Core-DevOps
cc4f23f7ec fix(ci): add canvas-deploy-reminder to all-required.needs (mc#922)
Some checks failed
sop-checklist / all-items-acked (pull_request) injected
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 16s
Details
CI / Detect changes (pull_request) Successful in 28s
Details
CI / all-required (pull_request) Blocked by required conditions
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 19s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 35s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 39s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 42s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 24s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 40s
Details
qa-review / approved (pull_request) Successful in 14s
Details
security-review / approved (pull_request) Successful in 10s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m23s
Details
audit-force-merge / audit (pull_request) Successful in 9s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m57s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m58s
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Failing after 1m59s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m54s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m46s
Details
sop-checklist-gate / gate (pull_request) Successful in 39s
Details
sop-tier-check / tier-check (pull_request) Successful in 44s
Details
gate-check-v3 / gate-check (pull_request) Failing after 14m12s
Details 
mc#922/#923 ci-drift root fix.

canvas-deploy-reminder exists in ci.yml and emits `ci / canvas-deploy-reminder (pull_request)` status, but was not listed in `all-required.needs:` — causing drift detector F1 on both main and staging. Add it to the sentinel needs.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 02:03:18 +00:00
devops-engineer
ff8baa6981 Merge pull request 'fix(ci): collapse review comment refire triggers' (#925) from fix/comment-trigger-storm into main
Some checks failed
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (push) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (push) Successful in 15s
Details
CI / Detect changes (push) Has been cancelled
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Has been cancelled
Details
Handlers Postgres Integration / detect-changes (push) Has been cancelled
Details
E2E API Smoke Test / detect-changes (push) Has been cancelled
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Has been cancelled
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Has been cancelled
Details
Ops Scripts Tests / Ops scripts (unittest) (push) Successful in 1m26s
Details
2026-05-14 02:01:49 +00:00
hongming-codex-laptop
be394bd6e1 fix(ci): collapse review comment refire triggers
All checks were successful
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 12s
Details
CI / Detect changes (pull_request) Successful in 22s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 26s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 28s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 29s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 25s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 58s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m32s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m57s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 2m20s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m49s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m42s
Details
CI / Python Lint & Test (pull_request) Successful in 12s
Details
CI / Canvas (Next.js) (pull_request) Successful in 14s
Details
CI / Platform (Go) (pull_request) Successful in 17s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 13s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 9s
Details
sop-checklist-gate / gate (pull_request) Successful in 20s
Details
gate-check-v3 / gate-check (pull_request) Successful in 21s
Details
sop-tier-check / tier-check (pull_request) Successful in 23s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 14s
Details
sop-checklist / na-declarations (pull_request) N/A: qa-review, security-review
Details
sop-checklist / all-items-acked (pull_request) injected
CI / Canvas Deploy Reminder (pull_request) Successful in 4s
Details
CI / all-required (pull_request) Successful in 7s
Details
qa-review / approved (pull_request) qa-review N/A via accepted sop-checklist declaration
Details
security-review / approved (pull_request) security-review N/A via accepted sop-checklist declaration
Details
audit-force-merge / audit (pull_request) not applicable before PR merge; audit runs on closed merged PR
Details
2026-05-13 18:46:52 -07:00
devops-engineer
e98c281262 Merge pull request 'feat(scripts): codify ECR :staging-latest → :latest promote + tenant redeploy (closes #660)' (#672) from infra/660-codify-promote-tenant-image into main
All checks were successful
Block internal-flavored paths / Block forbidden paths (push) Successful in 19s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 18s
Details
CI / Detect changes (push) Successful in 1m9s
Details
E2E API Smoke Test / detect-changes (push) Successful in 1m19s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 1m19s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 1m15s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 16s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 40s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m36s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 2m17s
Details
Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 12s
Details
CI / Platform (Go) (push) Successful in 7s
Details
CI / Canvas (Next.js) (push) Successful in 6s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 4s
Details
CI / Python Lint & Test (push) Successful in 4s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 10s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 16s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 10s
Details
CI / Canvas Deploy Reminder (push) Successful in 4s
Details
CI / all-required (push) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 2m38s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 9s
Details
gitea-merge-queue / queue (push) Successful in 26s
Details
status-reaper / reap (push) Successful in 2m2s
Details
Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 4m41s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 4m52s
Details
2026-05-14 01:42:24 +00:00
hongming
2c6d534940 feat(scripts): codify ECR :staging-latest → :latest promote + tenant redeploy (closes #660)
Some checks are pending
CI / Detect changes (pull_request) Waiting to run
Details
CI / Platform (Go) (pull_request) Blocked by required conditions
Details
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (pull_request) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (pull_request) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Waiting to run
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Waiting to run
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Waiting to run
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Waiting to run
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Waiting to run
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Waiting to run
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Waiting to run
Details
gate-check-v3 / gate-check (pull_request) Waiting to run
Details
qa-review / approved (pull_request) Waiting to run
Details
security-review / approved (pull_request) Waiting to run
Details
sop-checklist-gate / gate (pull_request) Waiting to run
Details
sop-tier-check / tier-check (pull_request) Waiting to run
Details
CI / all-required (pull_request) injected
Details
sop-checklist / all-items-acked (pull_request) injected
Details
audit-force-merge / audit (pull_request) Successful in 25s
Details 
Replaces the manual 4-step runbook in
`reference_manual_ecr_promote_procedure.md` with a single self-contained
script + 40 mock-driven e2e tests + a CI gate.

The script does the full chain end-to-end:
1. **PREFLIGHT** — AWS auth ok, source-tag exists, CP base reachable.
   Exits 1 with no mutations if anything's wrong.
2. **SNAPSHOT** — saves the current dest-tag manifest as
   `<dest>-prev-YYYYMMDD`. Idempotent: same UTC day re-runs are no-ops.
3. **PROMOTE** — copies `<source-tag>` manifest → `<dest-tag>` via
   `aws ecr put-image` with the OCI image-index media type (preserves
   inner child-manifest digest per `reference_ecr_cross_account_digest_exact_mirror`).
4. **REDEPLOY** — per-tenant POST `/cp/admin/tenants/<slug>/redeploy`.
   On HTTP 403 (stale tenant docker ECR auth — `feedback_ec2_ecr_auth_12h_stale`)
   it SSM-refreshes the EC2's docker login and retries once.
5. **VERIFY** — per-tenant `/buildinfo` + `/health` probes. Failure
   here triggers auto-rollback.
6. **ROLLBACK** (on failure) — re-promotes the rollback tag back to
   `<dest-tag>` and redeploys the fleet. Exits 3 if rollback OK, 4 if not.

Every external call (aws/curl/ssm) is wrapped in a function with a
`--mock-dir` injection point so the tests can drive every branch
without touching real infrastructure.

40 cases across 11 test groups:
- happy path (5 assertions on call counts + exit code)
- preflight failures with no mutations
- snapshot idempotency
- `--dry-run` skips all mutations
- 403 → SSM-refresh → retry path
- redeploy fail with vs without rollback (exit 3 vs 4)
- argument validation (missing/conflicting/unknown flags)
- date override for rollback tag naming
- empty source manifest detection
- verify-failure triggers rollback

Runs `bash scripts/test-promote-tenant-image.sh`. No live infra touched.

Two new steps in the existing `Shellcheck (E2E scripts)` job (a
required check on `main`), gated by the existing `scripts` change
filter (`scripts/`, `tests/e2e/`, `infra/scripts/`, or this workflow
file itself):

1. Run `scripts/test-promote-tenant-image.sh` — fails CI if any of
   the 40 cases regresses.
2. Run `shellcheck --severity=warning` on the two files. The bulk
   shellcheck step intentionally excludes `scripts/` for legacy
   SC3040/SC3043 reasons; explicit invocation here catches new
   regressions in the promote script without unblocking the bulk
   cleanup.

```
$ bash scripts/test-promote-tenant-image.sh
...
All 40 tests passed.

$ shellcheck --severity=warning scripts/promote-tenant-image.sh scripts/test-promote-tenant-image.sh
(clean)
```

- core#660 — "Codify manual ECR promote operation as
  `scripts/promote-tenant-image.sh`" (tier:medium, core-devops)

- core#658 — proper fix for the 12h-stale tenant ECR auth (this script
  ships the SSM-refresh workaround pending the credential-helper
  rollout).
- `reference_manual_ecr_promote_procedure.md` (memory) — the manual
  procedure this script replaces.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 01:41:09 +00:00
devops-engineer
2023c4ab61 Merge pull request 'fix(ci): use GITHUB_EVENT_BEFORE for push events in runtime-prbuild-compat detect-changes (#917)' (#919) from fix/917-runtime-prbuild-detect-changes-fix into main
Some checks are pending
Block internal-flavored paths / Block forbidden paths (push) Waiting to run
Details
CI / Detect changes (push) Waiting to run
Details
CI / Platform (Go) (push) Blocked by required conditions
Details
CI / Canvas (Next.js) (push) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (push) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (push) Blocked by required conditions
Details
CI / Python Lint & Test (push) Blocked by required conditions
Details
CI / all-required (push) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (push) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (push) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (push) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Blocked by required conditions
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Waiting to run
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Waiting to run
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (push) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
2026-05-14 01:33:25 +00:00
Molecule AI Core-BE
bd32e8cfd9 fix(ci): use GITHUB_EVENT_BEFORE for push events in runtime-prbuild-compat detect-changes
Some checks are pending
CI / Detect changes (pull_request) Waiting to run
Details
CI / Platform (Go) (pull_request) Blocked by required conditions
Details
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
Details
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
Details
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
E2E API Smoke Test / detect-changes (pull_request) Waiting to run
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Waiting to run
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (pull_request) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Waiting to run
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Waiting to run
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Waiting to run
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Waiting to run
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Waiting to run
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Waiting to run
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Waiting to run
Details
gate-check-v3 / gate-check (pull_request) Waiting to run
Details
qa-review / approved (pull_request) Waiting to run
Details
security-review / approved (pull_request) Waiting to run
Details
sop-checklist-gate / gate (pull_request) Waiting to run
Details
sop-tier-check / tier-check (pull_request) Waiting to run
Details
CI / all-required (pull_request) injected
Details
sop-checklist / all-items-acked (pull_request) injected
Details
audit-force-merge / audit (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 19s
Details 
Fixes: #917

Root cause: Gitea Actions does not expose github.event.before as a shell
environment variable for push events. The ${{ github.event.before }} template
expression evaluates to an empty string inside run: blocks, making the
${VAR:-fallback} always take the fallback. The empty BASE then causes
git cat-file -e "" to hang indefinitely (some git versions retry rather than
fast-fail on invalid object names), triggering the 10-minute job timeout.

Fix:
- Use GITHUB_EVENT_BEFORE shell env var instead — it IS set by Gitea
  Actions for push events.
- Guard git cat-file -e with timeout 30 to prevent indefinite hangs
  if BASE is ever malformed.
- Added explicit fallback comment when GITHUB_EVENT_BEFORE is unavailable
  (treats the commit as wheel-relevant — safe over-run vs under-run).

Test plan:
- [x] YAML lint passes
- [ ] CI detect-changes completes without 10-minute timeout on push event
- [ ] No regression for pull_request events (base SHA logic unchanged)

Refs: #917
 2026-05-14 01:32:57 +00:00