5403 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
core-devops	d837519dfe	feat(ci)(hard-gate): lint-bp-context-emit-match (Tier 2f) ... Daily scheduled lint detecting drift between `branch_protections/<branch>.status_check_contexts` and the contexts emitted by `.gitea/workflows/*.yml`. Files/PATCHes a `[ci-bp-drift]` issue (idempotent) on mismatch. The class this prevents ----------------------- A BP-required context with no emitting workflow blocks merges forever — Gitea 1.22.6 treats absent-as-`pending`, NOT absent-as-`skipped`. Previously surfaced as feedback_phantom_required_check_after_gitea_migration (a port that kept the GitHub context name after rename to Gitea). Implementation -------------- - `.gitea/scripts/lint_bp_context_emit_match.py` — PyYAML walk of every workflow's `on:` block + `jobs.*.name:` (or job-key fallback) to enumerate emitted contexts. Compares against BP. Two directions: (a) BP→emitter: required by BP, no emitter → ERROR + drift issue. (b) Emitter→BP: emitter exists, BP doesn't list → NOTICE only (Tier 2g handles at PR-time; scheduled-flag would noisily flag every transitional state during a BP rollout). Event-suffix match strict: `(push)` and `(pull_request)` are distinct. `pull_request_target` maps to `(pull_request)` per Gitea convention. - `.gitea/workflows/lint-bp-context-emit-match.yml` — schedule `31 3 * * *` + workflow_dispatch. NO pull_request / push triggers (Tier 2g owns those). Phase 3 (continue-on-error: true) per RFC #219 §1. - `tests/test_lint_bp_context_emit_match.py` — 10 unit tests: perfect match, BP-orphan fail, emitter-orphan notice-only, multi-orphan aggregation, empty-BP skip, 403/404 graceful, event-suffix mismatch flag, pull_request_target mapping, idempotent PATCH-on-existing-issue. Auth uses DRIFT_BOT_TOKEN (same as ci-required-drift.yml) — Gitea 1.22.6 requires repo-admin scope on `/branch_protections/*`. Graceful degrade on 403 per Tier 2a contract. Refs: #350	2026-05-11 23:15:24 -07:00
Molecule AI · core-devops	b462270201	Merge pull request 'feat(ci)(hard-gate): lint-workflow-yaml catches Gitea-1.22.6-hostile shapes' (#671) from infra/lint-workflow-yaml-hostile-shapes into main	2026-05-12 05:53:01 +00:00
core-devops	d57ed520f0	feat(ci)(hard-gate): lint-workflow-yaml catches Gitea-1.22.6-hostile shapes ... Tier-2 hardening per RFC internal#219 §1 + charter §SOP-N rule (m). New CI lint that scans .gitea/workflows/*.yml for six structurally-hostile shapes that Gitea 1.22.6 silently rejects or ambiguously parses, BEFORE they reach main. Rules (4 fatal + 1 fatal cross-file + 1 heuristic-warn): 1. on.workflow_dispatch.inputs — Gitea 1.22.6 mis-parses inputs.X as sibling event types and rejects the entire workflow with [W] ignore invalid workflow ... unknown on type. Memory: feedback_gitea_workflow_dispatch_inputs_unsupported. Origin: 2026-05-11 publish-runtime-v1.0.0 silent freeze, ~24h PyPI lag. 2. on: workflow_run — not enumerated in Gitea 1.22.6 event types (verified via modules/actions/workflows.go; task #81). Workflow registers, fires for zero events. 3. workflow name: containing / — breaks the commit-status convention <workflow> / <job> (<event>) used by sop-tier-check + status-reaper to tokenize context strings. 4. cross-file name: collision — status-routing is by name; collision yields undefined commit-status updates (status-reaper rev1 class). 5. cross-repo uses: org/repo/subpath@ref — DEFAULT_ACTIONS_URL=github resolves to github.com/<org-suspended>/... and 404s. Memory: feedback_gitea_cross_repo_uses_blocked. Cross-link: task #109. 6. (WARN, heuristic) api.github.com refs without workflow-level env.GITHUB_SERVER_URL. Memory: feedback_act_runner_github_server_url. Per halt-condition 3: downgraded to warn-not-fail to avoid the 3 known benign hits on current main (OCI source label + jq-release pin) which use https://github.com/... not https://api.github.com/. Empirical history this hardens against: - status-reaper rev1 caught rule-4 (name-collision) class fail-loud - sop-tier-refire DOA-d on rule-2 (workflow_run partial) - #319 bootstrap-paradox (chained-defect class, related) - internal#329 dispatcher race (adjacent) - 2026-05-11 publish-runtime: rule-1, 24h PyPI freeze on runtime-v1.0.0 publish Triggers: - pull_request — pre-merge gate - push to main/staging — post-merge regression catch even if the PR gate is bypassed by branch-protection drift Per RFC #219 §1 contract: continue-on-error: true on the job during the surface-broken-shapes phase. Follow-up PR flips off after the 3 existing rule-2 violations on main are migrated to a supported trigger. Existing-on-main violations surfaced by this lint (3, informational, NOT auto-fixed per halt-condition 2): - .gitea/workflows/redeploy-tenants-on-main.yml — rule 2 - .gitea/workflows/redeploy-tenants-on-staging.yml — rule 2 - .gitea/workflows/staging-verify.yml — rule 2 All three have on: workflow_run: triggers that will fire for zero events. Fix path: replace with cron or with push+paths:[upstream-yml] gate. Tracked separately (do not block this PR). Tests: tests/test_lint_workflow_yaml.py — 15 pytest cases: - 6 × per-rule violation-detected (rules 1-3,5 + rule 4 cross-file + rule 6 heuristic-warn) - 6 × per-rule clean-passes - 1 × cross-file collision detected - 1 × all-violations-aggregated single file - 1 × empty workflow dir = exit 0 - 1 × vendor-truth: the exact 2026-05-11 publish-runtime YAML shape from feedback_gitea_workflow_dispatch_inputs_unsupported is caught (per feedback_smoke_test_vendor_truth_not_shape_match: fixtures mirror real Gitea 1.22.6 semantics, not yaml-parser quirks) 15/15 tests pass locally. Lint exits 1 against current .gitea/workflows/ because of the 3 existing rule-2 violations above; that is the gate working as intended (and continue-on-error keeps the PR-status soft until the violations are migrated).	2026-05-12 05:50:55 +00:00
Molecule AI · core-devops	966e5cf59c	Merge pull request 'feat(ci)(hard-gate): lint-required-workflows-no-paths-filter' (#670) from infra/lint-required-no-paths-filter into main	2026-05-12 05:50:36 +00:00
core-devops	c0f594cd22	feat(ci)(hard-gate): lint-required-workflows-no-paths-filter (structural enforcement of feedback_path_filtered_workflow_cant_be_required) ... Add `.gitea/workflows/lint-required-no-paths.yml` + supporting script and tests that fail a PR if any workflow whose status-check context appears in `branch_protections/main.status_check_contexts` carries a `paths:` or `paths-ignore:` filter in its `on:` block. Why --- A required-check workflow with a paths filter silently degrades the merge gate. If a PR's diff doesn't match the filter, the workflow never fires; Gitea (1.22.6) treats the required context as `pending` (NOT `skipped == success`), so the PR cannot merge. A docs-only PR against `paths: ['**.go']` would be wedged forever — no human action produces a green. Previously this was prevented only by reviewer vigilance + the saved memory `feedback_path_filtered_workflow_cant_be_required`. This commit makes it a structural CI gate. Empirical baseline (verified 2026-05-11 against git.moleculesai.app/molecule-ai/molecule-core/branch_protections/main): status_check_contexts: - "Secret scan / Scan diff for credential-shaped strings (pull_request)" - "sop-tier-check / tier-check (pull_request)" - "CI / all-required (pull_request)" All three workflows (`secret-scan.yml`, `sop-tier-check.yml`, `ci.yml`) have NO paths/paths-ignore filter today. This lint locks that contract: a future PR adding `paths:` to any of them — or to any new required workflow per RFC#324 Step 2 (qa-review, security-review) — fails fast at PR time. How --- - Workflow runs on `pull_request: [opened, synchronize, reopened]` + `workflow_dispatch`. Deliberately NO `paths:` filter on itself — the workflow is self-evidently a meta-required-check. - Reads `branch_protections/main` via `DRIFT_BOT_TOKEN` (same secret ci-required-drift.yml uses — repo-admin scope required for the endpoint per Gitea 1.22.6). - Parses each context `<workflow_name> / <job_name> (<event>)`, walks `.gitea/workflows/*.yml` for a file whose `name:` matches, then YAML-AST-walks the `on:` block for `paths` / `paths-ignore` keys. Behavior-based gate per `feedback_behavior_based_ast_gates` — NOT grep-by-name, so reformatting / event moves still detect. - Token-scope fallback: if `branch_protections` returns 403/404, exits 0 with a loud `::error::` rather than red-X every PR. Token issues should be fixed at the token. Tests ----- 20 tests in `tests/test_lint_required_no_paths.py`, all green: - parse_context (3): standard, slash-in-job-name, malformed - resolve_workflow_file (2): match-by-name, missing - detect_paths_filters (8): clean, paths, paths-ignore, push.paths, both, on-string-shorthand, on-list-shorthand, on-event-null - run() end-to-end (7): empty contexts, clean workflow, paths fails, paths-ignore fails, unknown-context warns-not-fails, multi-required one-bad-one-good, protection-403 skip Live smoke (DRIFT_BOT_TOKEN against molecule-ai/molecule-core/main): all 3 required workflows clean — exit 0. Cross-links ----------- - `feedback_path_filtered_workflow_cant_be_required` (the rule now structurally enforced) - `feedback_behavior_based_ast_gates` (PyYAML AST walk, not grep) - ci-required-drift.yml (precedent for DRIFT_BOT_TOKEN reuse + branch_protections-read scope-fallback pattern) - Charter §SOP-N rule (f): required-checks must run unconditionally Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-12 05:48:22 +00:00
Molecule AI · core-uiux	18a32e1ad4	Merge pull request 'fix(canvas/mobile): remove ?? [] from Zustand selector to prevent infinite render loop' (#662) from fix/canvas-mobile-chat-loop into main	2026-05-12 05:26:02 +00:00
Molecule AI Core-UIUX	56945ffd49	fix(canvas/mobile): remove ?? [] from Zustand selector to prevent infinite render loop ... React error #185 (Maximum update depth exceeded) on mobile chat tab. Root cause: useCanvasStore((s) => s.agentMessages[agentId] ?? []) used a `?? []` fallback in the selector. Zustand uses Object.is for selector equality. When agentMessages[agentId] is undefined (initial state), the fallback creates a NEW [] reference on every store update. Zustand sees this as a state change and re-renders the component. The component reads from the store again, gets another new [] reference, and the cycle repeats until React hits the depth cap. Fix: remove `?? []` from the selector (returns undefined when no messages) and move the fallback to the useState initializer: storedMessages = useCanvasStore(selector) // returns undefined | T[] [messages] = useState(() => (storedMessages ?? []).map(...)) The useState initializer only runs once on mount, so the `?? []` there is safe — it creates the initial state once, then messages are managed via setMessages. Fixes issue #651. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 04:56:49 +00:00
Molecule AI · core-qa	d23bd286ce	Merge pull request 'fix(ci)(interim): re-add continue-on-error to platform-build (mc#664)' (#665) from fix/664-interim-remask-platform-build into main	2026-05-12 04:47:23 +00:00
Molecule AI Core-Lead	9aa2b13934	fix(ci)(interim): re-add continue-on-error to platform-build (mc#664 fix-forward in flight) ... Phase-3-masked test failures in workspace-server/internal/handlers/ surfaced when #656 (RFC internal#219 Phase 4) flipped platform-build continue-on-error from true to false on 0e5152c3. The pre-#656 main was masking these: 4x delegation_test.go (lines 1110/1176/1228/1271): TestExecuteDelegation_DeliveryConfirmedProxyError_TreatsAsSuccess TestExecuteDelegation_ProxyErrorNon2xx_RemainsFailed TestExecuteDelegation_ProxyErrorEmptyBody_RemainsFailed TestExecuteDelegation_CleanProxyResponse_Unchanged Root cause: expectExecuteDelegationBase/Success/Failed helpers do not mock the DB queries production has issued since ~2026-04-21: - UPDATE workspaces SET last_outbound_at (commit 2f36bb9a, 2026-04-18, async goroutine fired from logA2ASuccess in a2a_proxy_helpers.go) - SELECT delivery_mode / SELECT runtime FROM workspaces (lookup* in a2a_proxy_helpers.go since file split in 64ccf8e1, 2026-04-21) - INSERT INTO activity_logs (a2a_receive) via LogActivity in logA2ASuccess/logA2AError (preexisting, not mocked) - recordLedgerStatus writes (RFC #2829 #318) Symptoms: sqlmock unexpected query → production short-circuits → trailing ExpectExec for completed/failed never fires → mock.ExpectationsWereMet() reports unmet remaining expectations. 8.11s uniform wall time is the delegationRetryDelay × 2 attempts after the first unexpected-query causes a transient retry path. Halt cond #3 applies (>7 days masked → broader sweep needed; many subsequent commits stacked on top). 1x mcp_test.go:433 (TestMCPHandler_CommitMemory_GlobalScope_Blocked): Commit 7d1a189f (2026-05-10) hardened mcp.go:427 to scrub err.Error() from JSON-RPC error.Message (OFFSEC-001 / #259) — returning the constant string "tool call failed" instead. The test asserts the message contains "GLOBAL". Production-vs-test contract collision; needs a design call (revert OFFSEC scrub for this code class, or update the test to assert a different oracle e.g. captured logs / specific error code). Halt cond #2 applies (alternate-class finding, not sqlmock-mismatch). Time-boxed Option A (90 min sqlmock update) does not fit either failure class within scope. Choosing Option B per brief: interim re-mask of platform-build only — the other 4 #656 flips (changes, canvas-build, shellcheck, python-lint) retain continue-on-error: false. This is a sequenced revert→fix→reflip per feedback_strict_root_only_after_class_a emergency clause, NOT a permanent re-mask. mc#664 stays open as the fix-then-reflip tracker. Process note for charter SOP-N (companion to vendor-truth-review-discipline): before flipping a job continue-on-error: true → false, do not trust the combined-status "success" signal alone — pull the actual run log and grep for --- FAIL / FAIL <package> to confirm the tests really pass. The masked green on 0e5152c3 came from continue-on-error suppressing the per-job status to neutral, which the combined-status aggregator counted as not-failure. Cross-links: - mc#664 (hongming-pc2 04:35Z Phase-3-masked defect filing) - mc#656 (the flip that surfaced this; 0e5152c3 first commit to actually run the Go tests against internal/handlers/* since the silent stack-up began) - feedback_strict_root_only_after_class_a (revert→fix→reflip discipline) - feedback_return_contract_change_audit_caller_tests (mcp case applies) - feedback_no_such_thing_as_flakes (these are real bugs, not flakes) Evidence (run 17810 / job 33895 / task 34532 on 0e5152c3): - 5x --- FAIL lines confirmed in actions_log/molecule-ai/molecule-core/e4/34532.log - delegation_test.go:1110/1176/1228/1271: "unmet sqlmock expectations" - mcp_test.go:433: "error message should mention GLOBAL, got: tool call failed" Gitea 1.22.6 quirk #10 confirmation: per the run, job-level continue-on-error DID still allow the combined commit-status to show neutral/success when the job logically failed — so the #656 PR check showed green even with these underlying failures masked. Reproduced. Co-Authored-By: Hongming Wang <hongmingwang.rabbit@users.noreply.github.com>	2026-05-12 04:40:32 +00:00
Molecule AI · core-lead	0e5152c342	Merge pull request 'fix(ci): RFC internal#219 Phase 4 — all-required enforced, stable jobs hard-fail' (#656) from infra/622-force-merge-protection-fix into main	2026-05-12 04:18:19 +00:00
Molecule AI Core-DevOps	1719534bf3	fix(ci): RFC internal#219 Phase 4 — all-required sentinel enforced, stable jobs hard-fail ... Phase 4 of the force-merge protection fix (internal#219 §2). Changes: - audit-force-merge.yml REQUIRED_CHECKS: add CI / all-required (pull_request) — closes the audit gap; force-merge audit now checks ci/all-required. - ci.yml: flip continue-on-error: false on stable jobs (changes, platform-build, canvas-build, shellcheck, python-lint) — confirmed green on main 2026-05-12 combined-status check. The all-required sentinel (continue-on-error: true) will be flipped once branch protection PATCH lands (Owner-tier, delegated separately). NOT included in this PR (separate Owner-tier action required): - Branch protection PATCH: add ci/all-required as required check on main. Needed to make the sentinel actually block merges. Delegate to Core Platform Lead. Refs: molecule-core#622, molecule-core#623	2026-05-12 04:09:44 +00:00
claude-ceo-assistant	49355cf971	Merge pull request 'fix(ci): status-reaper rev4 reads per-context "status" key not "state" (compensation was unreachable since rev1)' (#652) from infra/status-reaper-rev4-status-key-fix into main	2026-05-12 03:52:04 +00:00
claude-ceo-assistant	f6477f87ff	Merge branch 'main' into infra/status-reaper-rev4-status-key-fix	2026-05-12 03:46:25 +00:00
Molecule AI Core-UIUX	0caafb85bc	test(canvas): ActivityTab + DetailsTab + DropTargetBadge (65 cases) (#647) ... Co-authored-by: Molecule AI Core-UIUX <core-uiux@agents.moleculesai.app> Co-committed-by: Molecule AI Core-UIUX <core-uiux@agents.moleculesai.app>	2026-05-12 03:45:48 +00:00
core-devops	5674b0e067	fix(ci): status-reaper rev4 reads per-context "status" key not "state" (compensation was unreachable since rev1) ... Schema asymmetry in Gitea 1.22.6 combined-status response: - top-level `combined.state` → uses key "state" - per-entry `combined.statuses[i].*` → uses key "status", NOT "state" Pre-rev4 the per-entry loop in reap() (and the matching is_red() / render_body() in main-red-watchdog) read `s.get("state")` only, which returned None on every real Gitea response → state coerced to "" → `"" != "failure"` guard preserved every entry → compensation path unreachable since rev1. Empirical proof (orchestrator probe 2026-05-12 03:42Z): GET /repos/molecule-ai/molecule-core/commits/210da3b1/status → 29 per-entry items, ALL have key "status", ZERO have key "state". status value distribution: {success:18, failure:8, pending:3}. rev3 production run 17516 reported preserved_non_failure=585=30*19.5 (every context across all 30 SHAs preserved, none compensated) despite the same SHAs showing ~25 real failures via direct probe. Fix is one line per call site: s.get("state") → s.get("status") or s.get("state") The `state` fallback is defensive — keeps rev1-3 fixtures green and absorbs a hypothetical future Gitea version that emits both keys. Sibling-script audit: - main-red-watchdog.py: same bug at 3 sites (filter in is_red, display in render_body, debug dict in run_once). Bundled here because the fix is structurally identical and the failure mode matches. - ci-required-drift.py: no per-entry status iteration. Clean. Test gap (rev1-3 fixtures mirrored the bug): All 42 reaper fixtures + 26 watchdog fixtures used "state" per entry — same wrong key. That's why rev1-3 tests stayed green while the production code was no-op. Logged under `feedback_smoke_test_vendor_truth_not_shape_match`. New tests (8 total: 4 reaper + 4 watchdog) explicitly use the vendor-truth `status` per entry. Hostile self-review: temporarily reverted the reaper fix and re-ran — new tests FAILED at exactly the predicted assertion `assert counters["compensated"] == 1` → proves they're load-bearing, not tautological. Cross-links: task #90 (orchestrator), task #46 (hongming-pc2 paired investigation) PR #618 (rev1), PR #633 (rev2), PR #650 (rev3 widened window)	2026-05-11 20:44:20 -07:00
Molecule AI · core-devops	07ed95fd14	Merge pull request 'fix(ci): make go vet hard-failing in weekly-platform-go (#567/#612 followup)' (#615) from infra/weekly-platform-go-vet-hard into main	2026-05-12 03:38:40 +00:00
Molecule AI Core-DevOps	1c9255125e	fix(ci): make go vet hard-failing in weekly-platform-go	2026-05-12 03:37:52 +00:00
claude-ceo-assistant	33e0f8e24b	Merge pull request 'fix(gitea): audit-force-merge.sh pipefail guard — same as sop-tier-check fix' (#649) from fix/audit-force-merge-pipefail into main	2026-05-12 03:34:57 +00:00
claude-ceo-assistant	f9214391fb	Merge branch 'main' into fix/audit-force-merge-pipefail	2026-05-12 03:34:13 +00:00
claude-ceo-assistant	2f51a6176d	Merge pull request 'fix(ci): status-reaper rev3 widens window 10->30 + raises watchdog timeout + re-enables both crons' (#650) from infra/status-reaper-rev3-widen-window into main	2026-05-12 03:31:04 +00:00
core-devops	fae62ac8c1	fix(ci): status-reaper rev3 widens window 10->30 + raises watchdog timeout + re-enables both crons ... Phase 1+2 evidence (rev2 PR#633, merged 01:48Z): 6/6 ticks post-merge with `compensated:0` despite ~25 known-stranded reds visible across those same 10 SHAs on direct probe ~30min later. Reaper run 17057 at 02:46Z explicitly logged: scanned 42 workflows; push-triggered=19, class-O candidates=23 status-reaper summary: {compensated:0, preserved_non_failure:185, scanned_shas:10, limit:10} Root cause: schedule workflows post `failure` to commit-status RETROACTIVELY 5-15 min after their merge. By the time reaper's next */5 tick lands, the stranded red is on a SHA that has already fallen OUTSIDE a 10-commit window during a burst-merge period. Reaper algorithm is correct; the lookback window is too narrow vs. the retroactive-failure-post lag. Three-in-one fix (atomic per hongming-pc2 GO 03:25Z): 1. `.gitea/scripts/status-reaper.py` DEFAULT_SWEEP_LIMIT 10 -> 30. Trades window-width-cheap for cadence-loady; kept `*/5` cron unchanged (avoiding `*/2` which would double runner load). 2. `.gitea/workflows/status-reaper.yml` Restore schedule cron block (revert mc#645 comment-out for THIS workflow only). Cron stays `*/5 * * * *`. 3. `.gitea/workflows/main-red-watchdog.yml` Restore schedule cron block (revert mc#645 comment-out) AND raise job-level `timeout-minutes: 5 -> 15`. Original 5min cap was producing cancels under runner-saturation latency, which fed the very `[main-red]` issues this workflow files (self-poisoning). 4. `tests/test_status_reaper.py` + test_default_sweep_limit_is_30 (contract pin) + test_reap_widened_window_catches_retroactive_failure: mocks 30 SHAs, plants the failing context on SHA[20] (depth strictly past rev2's window=10), asserts the compensation POST lands on that SHA. Existing tests retain explicit `limit=10` overrides and remain unchanged. Suite: 42/42 passed (was 40 + 2 new). Verification plan (post-merge, 10-15 min after merge / 2-3 cron ticks): - DB: SELECT id, status FROM action_run WHERE workflow_id= 'status-reaper.yml' ORDER BY id DESC LIMIT 5 -> all status=1 - Log via web UI: /molecule-ai/molecule-core/actions/runs/<index>/jobs/0/logs -> summary line should now show compensated > 0 with compensated_per_sha populated - Direct probe: pick a SHA in the last 30 main commits with class-O fails, GET /repos/molecule-ai/molecule-core/commits/{sha}/status -> compensated contexts now show state=success with description starting 'Compensated by status-reaper' If rev3 STILL shows compensated:0 after the window-widening, the diagnosis is wrong and a DIFFERENT bug needs to be uncovered (per hongming-pc2 caveat 03:25Z). Re-enabling the crons IS the diagnosis verification. Cross-links: - PR#618 (rev1, drop-concurrency, merge 4db64bcb) - PR#633 (rev2, sweep-recent-commits, merge e7965a0f) - PR#645 (interim disable, merge 4c54b590) — re-enable being reverted - task #90 (orch rev3 tracker) / task #46 (hongming-pc2 tracker) - feedback_brief_hypothesis_vs_evidence (empirical evidence above) - feedback_strict_root_only_after_class_a (3-in-one root fix vs. longer patching chain) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-11 20:29:06 -07:00
Molecule AI Infra-Runtime-BE	8c343e3ac4	fix(gitea): add || true guards to jq pipelines in audit-force-merge.sh ... Same root cause as sop-tier-check.sh (commit a1e8f46): when GITEA_TOKEN is empty or returns a non-JSON error page, the jq pipeline exits 1, triggering set -e and aborting before the SOP_FAIL_OPEN fallback can run. Added || true to all jq-piped variable assignments: - MERGE_SHA, MERGED_BY, TITLE, BASE_BRANCH, HEAD_SHA extractions (lines 52-56): guard against malformed/empty PR JSON - process-substitution in the status-check while loop (line 78): guard against empty/invalid STATUS response - FAILED_JSON construction (line 100): guard against empty FAILED_CHECKS array producing empty-pipeline jq failures Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 03:26:36 +00:00
Molecule AI · core-devops	b915f1bc2d	Merge pull request 'fix(ci): sop-tier-check gracefully handles empty/invalid token' (#635) from fix/sop-tier-check-token-graceful into main	2026-05-12 03:20:33 +00:00
Molecule AI Core-DevOps	df821c8258	fix(ci): sop-tier-check gracefully handles empty/invalid token ... SOP_FAIL_OPEN=1 was not preventing CI failures because three API calls with `set -euo pipefail` would abort the script before reaching the SOP_FAIL_OPEN exit block: 1. `WHOAMI=$(curl ... | jq -r ...)` — jq exits 1 on empty input, triggering set -e → script exits before SOP_FAIL_OPEN check. 2. `curl` for reviews — curl exits non-zero on 401 from empty token, triggering set -e → same problem. 3. `curl` for org teams list — same issue. Fix: add `|| true` to jq pipelines and `set +e` / `set -e` guards around curl calls that may fail with empty token. When SOP_FAIL_OPEN=1 and the token is invalid, the script now exits 0 instead of 1, preventing blocking CI failures on unconfigured runners. Refs: sop-tier-check failure on PRs #617, #621, #587, #562	2026-05-12 03:16:17 +00:00
Molecule AI · core-devops	0bc1381ffe	Merge pull request 'fix(ci): ci-required-drift handles 403/404 on protection endpoint gracefully' (#630) from infra/ci-required-drift-token-scope into main	2026-05-12 03:14:55 +00:00
Molecule AI Core-DevOps	7d011828e8	fix(ci): ci-required-drift handles 403/404 on protection endpoint gracefully ... Root cause: DRIFT_BOT_TOKEN lacks repo-admin scope → Gitea 1.22.6's `GET /repos/.../branch_protections/{branch}` returns 403/404 → ApiError → non-zero exit → workflow red. The token trail (internal#329) was never completed for mc-drift-bot on molecule-core. Fix (script): catch ApiError on the protection fetch; on 403/404 log a clear ::error:: diagnostic explaining the token-scope gap and return empty findings (skip this branch). The issue IS the alarm, not a red workflow. 5xx is still propagated (transient outage). Fix (workflow): remove stale transitional comment that claimed the all-required sentinel didn't exist yet (it landed in #553). Fixes: infra/ci-required-drift red on main (210da3b1→4db64bcb). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 03:13:37 +00:00
claude-ceo-assistant	4c54b59099	Merge pull request 'fix(ci)(interim): disable status-reaper + main-red-watchdog crons (machinery-down)' (#645) from infra/interim-disable-reaper-watchdog-crons into main	2026-05-12 02:45:52 +00:00
claude-ceo-assistant	6ee9ecdf0d	fix(ci)(interim): disable status-reaper + main-red-watchdog crons ... RFC#420 Option-C machinery has been down ~2.5h: - status-reaper rev2 (PR#633, merged 01:48Z): 0 'Compensated by status-reaper' status on the last 14 main commits. Schedule reds stranded on stale commits despite the rev2 sweep-last-10 design. - main-red-watchdog: 'Failing after 10m56s' with timeout-minutes:5 — runner saturation queue-lag pushed it past its own timeout. No [main-red] issues filed during the outage despite 5 reds on HEAD e7965a0f at the high watermark. Both workflows were themselves contributing to the red pileup on main + queuing the ubuntu-latest pool. Cheap-and-safe interim: comment out the schedule: blocks. workflow_dispatch: stays so they can be triggered manually for debugging. Re-enable after: 1. rev3 lands (likely scan_workflows() should LOG-and-skip rather than sys.exit on a malformed workflow; list_recent_commit_shas() should degrade gracefully) 2. Dedicated status-ops runner-label (route status-reaper + watchdog + ci-required-drift to it so they don't queue behind CI-merge-churn) Per hongming-pc2 02:31Z directive: 'pick one: rev3+raise-timeout OR temporarily disable the crons'. Choosing disable for safety while rev3 investigation proceeds. Reviewed-by: hongming-pc2 (pre-APPROVE on sight 02:31Z) Author: claude-ceo-assistant (orchestrator emergency; operator-host unreachable 02:01-02:38Z blocked SSH-bridge to core-devops persona) Cross-links: task #90 (rev2), task #75 (main-red sweep), RFC#420 Option-C	2026-05-11 19:39:43 -07:00
Molecule AI · core-devops	c9166faac2	Merge pull request 'feat(ci): wire review-check.sh regression tests into CI (closes #540)' (#620) from ci/review-check-tests-wire into main	2026-05-12 02:27:39 +00:00
Molecule AI · core-lead	2ca0433a35	Merge branch 'main' into ci/review-check-tests-wire	2026-05-12 01:55:16 +00:00
claude-ceo-assistant	e7965a0f0c	Merge pull request 'feat(ci): status-reaper rev2 sweeps last 10 main commits (closes stranded-status gap)' (#633) from infra/status-reaper-rev2-sweep-recent-commits into main	2026-05-12 01:47:57 +00:00
claude-ceo-assistant	f6f477d6b3	Merge branch 'main' into infra/status-reaper-rev2-sweep-recent-commits	2026-05-12 01:47:16 +00:00
Molecule AI · app-fe	83b4e4a88a	Merge pull request 'test(tabs): export + unit-test getSkills + extractSkills (28 cases)' (#629) from test/skill-helpers-coverage into main	2026-05-12 01:45:57 +00:00
core-devops	98323734ea	feat(ci): status-reaper rev2 sweeps last 10 main commits (closes stranded-status gap) ... rev1 (PR #618, merged 4db64bcb) only inspected the CURRENT main HEAD per tick. Schedule workflows post `failure` to whatever SHA was HEAD when the run COMPLETED, which by the next */5 tick is usually a stale commit because main has already moved forward via merges. Result: rev1 was running successfully but with `compensated:0` on every tick across ~6 cycles (orchestrator + hongming-pc2 Phase 1+2 evidence 23:46Z / 23:59Z / 00:02Z); reds stranded on stale commits. rev2 sweeps the last 10 main commits per tick: - New `list_recent_commit_shas(branch, limit)` wraps GET /repos/{o}/{r}/commits?sha={branch}&limit={limit}. Vendor-truth probe 2026-05-11 confirms Gitea 1.22.6 returns a JSON list of commit objects with `sha` keys (per `feedback_smoke_test_vendor_truth_not_ shape_match`). - New `reap_branch()` orchestrates the sweep: - For each SHA: GET combined status with PER-SHA ERROR ISOLATION (refinement #7) — ApiError on one stale SHA logs `:⚠️:` and continues to the next. Different from the single-HEAD pre-rev2 path where fail-loud was correct; the sweep is best-effort across historical commits. - When `combined.state == "success"`: skip the per-context loop entirely (refinement #2, cost optimization, common case). - Otherwise delegate to the existing per-SHA `reap()` worker (logic UNCHANGED — `_has_push_trigger` / `parse_push_context` / `scan_workflows` not touched per refinement #6). - Aggregated counters preserve all rev1 fields PLUS: - `scanned_shas`: how many SHAs we actually iterated (always 10 in normal operation; less if commits API returns fewer) - `compensated_per_sha`: {<full_sha>: [<context>, ...]} for the SHAs that actually got at least one compensation - `reap()` now also returns `compensated_contexts` so `reap_branch()` can build `compensated_per_sha` without re-deriving it from the POST stream. Backwards-compatible — all existing test assertions check specific counter keys, none enforce a closed dict shape. - `main()` switches from `get_head_sha` + `get_combined_status` + `reap` to a single `reap_branch()` call. Adds `--limit` CLI flag for ops-driven sweep-width tuning (default 10). Design choices (refinements 1-4): - N=10: covers the burst-merge window between */5 ticks; older reds falling off acceptable (the schedule run that posted them has long since been overwritten by a real push trigger). - Skip combined=success early: most commits in the window will be green; short-circuit before the per-context loop saves work. - No de-dup needed (refinement #4): each workflow run posts to exactly one SHA, so two different SHAs in the sweep cannot have the same (context) pair eligible for compensation. Test suite: 37 + 3 = 40/40 cases pass. - New: test_reap_sweeps_n_shas_smoke (mock 3 SHAs, verify each GET'd) - New: test_reap_skips_combined_success_shas (verify the combined=success short-circuit; only the 1 failure SHA is iterated) - New: test_reap_continues_on_per_sha_apierror (per-SHA error isolation contract — ApiError on SHA[0] logged + skipped + SHA[1] processes) - All 37 existing rev1 tests pass unchanged (per-SHA worker logic + the helpers it consumes are untouched). Live dry-run smoke against git.moleculesai.app: scanned 41 workflows; push-triggered=18, class-O candidates=23 summary: {"branch":"main","compensated":0,"compensated_per_sha":{}, "dry_run":true,"limit":10,"preserved_non_failure":196, ...,"scanned_shas":10} Cross-link: - internal#327 (sibling publish-runtime-bot) - task #90 (orchestrator brief), task #46 (hongming-pc2 brief) - PR #618 (parent rev1, merge 4db64bcb) - `reference_post_suspension_pipeline` - `feedback_no_shared_persona_token_use` (commit author = core-devops, not hongming-pc2) - `feedback_strict_root_only_after_class_a` (root cause, not symptom) - `feedback_brief_hypothesis_vs_evidence` (evidence: compensated:0 across 6 cycles) Removal path: drop this workflow when Gitea >= 1.24 ships with a real fix for the hardcoded-suffix bug. Audit issue (filed alongside rev1) tracks the deletion as a follow-up sweep.	2026-05-11 18:41:39 -07:00
Molecule AI App-FE	1f2089a6a9	chore: retimestamp to retrigger CI	2026-05-12 01:34:45 +00:00
Molecule AI App-FE	4d2636f31a	test(tabs): export and unit-test getSkills + extractSkills pure helpers (28 cases) ... getSkills (DetailsTab): null/undefined/empty inputs, id+name priority, description truthy-guard edge cases, id-name precedence, falsy coercion. extractSkills (SkillsTab): same inputs plus tags/examples coercion, "undefined" id vs "Unnamed skill" name distinction, mixed valid/invalid. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 01:34:45 +00:00
Molecule AI · app-fe	451cec1a75	Merge pull request 'test(ui): add KeyValueField + RevealToggle + ValidationHint coverage (29 cases)' (#616) from test/ui-primitive-coverage into main	2026-05-12 01:33:40 +00:00
Molecule AI App-FE	8724776e24	chore: retimestamp to retrigger CI	2026-05-12 01:29:04 +00:00
Molecule AI App-FE	f6275dd6c0	test(ui): add KeyValueField, RevealToggle, ValidationHint coverage (29 cases) ... - ValidationHint (6 cases): null/valid/error render, role=alert a11y - RevealToggle (9 cases): eye-icon toggle, aria-label, onToggle callback, SVG icons - KeyValueField (14 cases): password type, aria-label forwarding, onChange with whitespace trim, disabled state, auto-hide timer setup + cleanup Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 01:29:04 +00:00
Molecule AI Core-DevOps	c74c0a0283	fix(ci): add jq install to review-check-tests workflow + fix /tmp/jq hardcode ... Two fixes found during first CI run: 1. Workflow missing jq installation step — T12 jq-filter test needs jq which is not in the Gitea Actions ubuntu-latest runner image. Add the same install dance as sop-tier-check.yml (apt-get first, GitHub binary download fallback, infra#241 belt-and-suspenders). 2. test_review_check.sh hardcodes /tmp/jq in T12. In CI jq gets installed to /usr/bin/jq via apt-get. Fix: use `command -v jq` to resolve from PATH first, fall back to /tmp/jq for local dev. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 01:24:24 +00:00
Molecule AI Core-DevOps	a2a1e644ab	feat(ci): wire review-check.sh regression tests into CI (closes #540) ... New workflow .gitea/workflows/review-check-tests.yml triggers on every PR + push that touches review-check.sh or its test fixtures. Runs the existing 22-scenario regression suite (test_review_check.sh) which covers all issue #540 acceptance criteria. CONTRIBUTING.md updated with: - review-check-tests row in the CI job table - Local testing section with the smoke command Note: tests are bash-based (not bats) per existing test_review_check.sh design. Converting to bats would be refactoring rather than closing the gap. Bats dependency was never added to the runner-base image. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 01:24:24 +00:00
Molecule AI · infra-runtime-be	05c794ef33	Merge pull request 'test(tabs): add BudgetSection coverage (17 cases)' (#611) from test/budget-section-coverage into main	2026-05-12 01:21:26 +00:00
claude-ceo-assistant	4db64bcbc3	Merge pull request 'fix(ci): status-reaper drops broken concurrency block (Gitea 1.22.6 cancel-cascade)' (#618) from infra/status-reaper-rev1-drop-concurrency into main	2026-05-12 00:53:41 +00:00
core-devops	9b10af08c9	fix(ci): status-reaper drops broken concurrency block (Gitea 1.22.6 cancel-cascade)	2026-05-12 00:41:36 +00:00
Molecule AI App-FE	6bf7df1f3f	test(tabs): add BudgetSection coverage (17 cases) ... Covers all render states: loading, fetch error, 402 exceeded banner, budget loaded (with/without limit, over-limit cap), progress bar visibility, save success, save error, saving-in-flight button state, and the isApiError402 helper's regex branches. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 00:17:18 +00:00
Molecule AI App-FE	caeff4bf80	test(canvas/FilesTab): add NotAvailablePanel + FilesToolbar coverage (22 cases) ... NotAvailablePanel: renders heading, runtime name in monospace, Chat hint, SVG aria-hidden, flex layout. FilesToolbar: directory selector options + aria-label, setRoot on change, file count display, New/Upload/Clear visible only for /configs, Export/Refresh always visible, aria-labels on all buttons, onNewFile/onDownloadAll/onClearAll/onRefresh called on click, focus-visible ring on all buttons. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 00:17:18 +00:00
Molecule AI · core-qa	210da3b1a5	Merge pull request 'fix(ci): per-package diagnostic step + executeDelegation mock fix' (#609) from fix/ci-diagnostic-step into main	2026-05-12 00:13:08 +00:00
Molecule AI Core-BE	57bf2eccc6	fix(test/delegation): add CanCommunicate mock expectations ... executeDelegation(sourceID, targetID) fires proxyA2ARequest which calls registry.CanCommunicate(sourceID, targetID) when source != target. Both IDs are different test fixtures (ws-source-159, ws-target-159), so the lookup fires two separate getWorkspaceRef queries: SELECT id, parent_id FROM workspaces WHERE id = $1 -- sourceID SELECT id, parent_id FROM workspaces WHERE id = $1 -- targetID expectExecuteDelegationBase only mocked the URL/status fallback query. sqlmock would fail with "unexpected query" when the CanCommunicate lookups fired — this was a silent failure because the tests never verified ExpectationWereMet on the CanCommunicate path. Fix: add two ExpectQuery rows for both parent_id lookups (both NULL, root-level siblings, allowed). Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 00:07:45 +00:00
Molecule AI Core-BE	e05fb6911d	feat(ci): add per-package diagnostic step to platform-build job ... Adds a continue-on-error step that runs ./internal/handlers/... and ./internal/pendinguploads/... with -v -timeout 60s, tee-ing output to /tmp/ and emitting last-100-lines to step summary. Gitea Actions logs API returns 404 (gitea/gitea#22168), making the run-page step summary the only available signal when CI stalls. Step is stripped before merge. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 00:07:45 +00:00
Molecule AI · infra-runtime-be	8a572c1ef3	Merge pull request 'revert(ci): restore ubuntu-latest runner for publish workflows' (#606) from infra/revert-docker-runner-label into main	2026-05-12 00:04:01 +00:00