fix(tests): add model to compute validation test to satisfy MODEL_REQUIRED gate

TestWorkspaceCreate_WithInvalidCompute_ReturnsBadRequest was missing a
model field, so it hit the 422 MODEL_REQUIRED gate (added 2026-05-22)
before reaching compute validation. Adding \"model\":\"gpt-4\" lets the
test reach the intended 400 BadRequest from invalid instance_type.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.gitea/workflows/ci-arm64-advisory.yml

@@ -1,186 +0,0 @@
-# ci-arm64-advisory — Mac arm64 self-hosted ADVISORY fast-check lane.
-#
-# === WHY ===
-#
-# The amd64 Gitea runner pool (molecule-runner-1..20) is queue-contended
-# (internal#418). This lane offloads the *genuinely container-independent*
-# fast checks (Go build/vet/lint, shellcheck, Python lint) onto the Mac
-# arm64 self-hosted runner so developers get a fast arm64 signal WITHOUT
-# adding load to the starved amd64 pool — capability-honestly, as an
-# additive pilot. Pilot ② of the Mac-CI strategy (CTO-delegated 2026-05-17).
-#
-# === NON-NEGOTIABLE SAFETY CONTRACT (the prime directive) ===
-#
-# This lane is **ADVISORY ONLY**. It is provably incapable of hanging a
-# merge. Concretely:
-#
-#   1. It is a SEPARATE workflow file. `ci.yml` is byte-for-byte
-#      untouched by this PR. The `CI / all-required` aggregator sentinel
-#      and the five contexts it polls
-#      (`CI / Detect changes|Platform (Go)|Canvas (Next.js)|
-#      Shellcheck (E2E scripts)|Python Lint & Test (pull_request)`)
-#      are unchanged. The canonical required gate stays 100% on the
-#      existing amd64 pool.
-#
-#   2. The context this workflow emits is
-#      `ci-arm64-advisory / fast-checks (pull_request)`. That string is
-#      DELIBERATELY NOT present in, and this PR does NOT add it to:
-#        - branch_protections/{main,staging}.status_check_contexts
-#          (DB-verified pb 86/75 = exactly
-#           ["CI / all-required (pull_request)",
-#            "sop-checklist / all-items-acked (pull_request)"])
-#        - audit-force-merge.yml REQUIRED_CHECKS env
-#        - ci.yml `all-required` sentinel's hardcoded `required[]` list
-#      Branch protection therefore never waits on this context. If the
-#      Mac runner is absent / offline / removed, this workflow's status
-#      simply never appears — and because nothing requires it, every
-#      merge proceeds exactly as it does today. There is no path by
-#      which a missing/red arm64 status blocks a merge.
-#
-#   3. `continue-on-error: true` on the job — even a genuine arm64-only
-#      failure (toolchain drift, arch-specific test flake) is surfaced
-#      as information, never as a merge blocker, for the duration of
-#      the pilot.
-#
-#   4. The job carries a `github.event_name` `if:` gate. Beyond its
-#      functional purpose this also keeps the job OUT of
-#      `ci-required-drift.py:ci_job_names()` (which excludes
-#      `github.event_name`/`github.ref`-gated jobs), so the hourly
-#      ci-required-drift sentinel's F1 ("job not under sentinel needs")
-#      cannot ever flag this advisory job. F2/F3 are untouched because
-#      this context is absent from BP and from REQUIRED_CHECKS.
-#      `lint-bp-context-emit-match` only fails on BP→emitter gaps; an
-#      emitter without a BP context is explicitly informational there.
-#
-# === RUNNER TARGETING ===
-#
-# The Mac runner is `hongming-pc-runner-1`. The bare `self-hosted`
-# label is POLLUTED in this Gitea instance: molecule-runner-1..20
-# (the contended amd64 pool) also advertise `self-hosted`. Targeting
-# bare `self-hosted` would route back onto the very pool we are trying
-# to relieve — and onto amd64 hardware. We therefore require an
-# AND-set of labels that ONLY the Mac satisfies. `macos-self-hosted`
-# is Mac-exclusive (the amd64 pool does not carry it). Until the
-# label-install burst (a10862b2) lands `self-hosted`+`macos-self-hosted`
-# on the Mac, the runner's current unique label `hongming-pc-laptop`
-# is also listed; AND-semantics over the labels a runner advertises
-# means a job requiring [self-hosted, macos-self-hosted] can ONLY be
-# claimed once the Mac advertises both. If neither label set is yet
-# present on the Mac, the workflow stays queued harmlessly and is
-# garbage-collected by the normal stale-run reaper — it blocks nothing
-# (see safety contract point 2).
-#
-# === ROLLBACK ===
-#
-# Delete this single file (`git rm .gitea/workflows/ci-arm64-advisory.yml`)
-# and merge. No branch-protection edit, no ci.yml edit, no
-# REQUIRED_CHECKS edit is required to roll back, because none were made
-# to roll forward. Zero blast radius either direction.
-
-name: ci-arm64-advisory
-
-on:
-  push:
-    branches: [main, staging]
-  pull_request:
-    branches: [main, staging]
-
-# Per-ref cancel: a newer commit on the same ref supersedes the older
-# advisory run. Distinct from ci.yml's `ci-${ref}` group so this lane
-# never cancels (or is cancelled by) the canonical required CI.
-concurrency:
-  group: ci-arm64-advisory-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  GITHUB_SERVER_URL: https://git.moleculesai.app
-
-jobs:
-  fast-checks:
-    name: fast-checks
-    # AND-set: only the Mac arm64 runner advertises macos-self-hosted.
-    # See "RUNNER TARGETING" header note for why bare self-hosted is unsafe.
-    runs-on: [self-hosted, macos-self-hosted]
-    # ADVISORY: never blocks. See safety contract point 3.
-    continue-on-error: true
-    # event_name gate: functional (only meaningful on push/PR) AND keeps
-    # this job out of ci-required-drift.py:ci_job_names() so F1 can never
-    # flag it. See safety contract point 4.
-    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
-    timeout-minutes: 20
-    steps:
-      - name: Provenance — advisory lane, non-gating
-        run: |
-          echo "This is the arm64 ADVISORY fast-check lane."
-          echo "It does NOT gate merges. Canonical required CI is ci.yml"
-          echo "on the amd64 pool. Arch: $(uname -m) on $(uname -s)."
-
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      # ---- Go: build + vet + lint (container-independent: needs only the
-      # Go toolchain; no amd64 ECR image, no docker-in-job). Race-detector
-      # unit-test + coverage gates are deliberately NOT duplicated here —
-      # those stay authoritative on amd64 ci.yml `Platform (Go)`. This lane
-      # is fast-feedback for the compile/vet/lint surface only. ----
-      - name: Setup Go
-        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
-        with:
-          go-version: 'stable'
-      - name: Go build + vet (workspace-server)
-        working-directory: workspace-server
-        run: |
-          go mod download
-          go build ./cmd/server
-          go vet ./...
-      - name: golangci-lint (workspace-server)
-        working-directory: workspace-server
-        run: |
-          go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2
-          "$(go env GOPATH)/bin/golangci-lint" run --timeout 3m ./...
-
-      # ---- Shellcheck (container-independent: shellcheck binary only).
-      # Mirrors ci.yml `Shellcheck (E2E scripts)` bulk pass scope. ----
-      - name: Install shellcheck (arm64)
-        run: |
-          if ! command -v shellcheck >/dev/null 2>&1; then
-            echo "shellcheck not preinstalled on this self-hosted runner."
-            echo "Attempting Homebrew install (Mac arm64)."
-            brew install shellcheck || {
-              echo "::warning::shellcheck unavailable on runner; advisory shellcheck skipped."
-              exit 0
-            }
-          fi
-          shellcheck --version
-      - name: Shellcheck tests/e2e + infra/scripts
-        run: |
-          command -v shellcheck >/dev/null 2>&1 || { echo "skip"; exit 0; }
-          find tests/e2e infra/scripts -type f -name '*.sh' -print0 \
-            | xargs -0 shellcheck --severity=warning
-
-      # ---- Python lint/compile (container-independent: CPython only).
-      # Lint + import-compile surface; the authoritative pytest + coverage
-      # floors stay on amd64 ci.yml `Python Lint & Test`. ----
-      - name: Setup Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-        with:
-          python-version: '3.11'
-      - name: Python byte-compile (workspace)
-        working-directory: workspace
-        run: |
-          python -m pip install --quiet ruff || true
-          python -m compileall -q .
-          if command -v ruff >/dev/null 2>&1; then
-            ruff check . || echo "::warning::ruff findings (advisory only)"
-          fi
-
-      - name: Advisory summary
-        if: always()
-        run: |
-          {
-            echo "## arm64 advisory fast-checks complete"
-            echo ""
-            echo "This lane is **advisory** — it does not gate merges."
-            echo "Authoritative required CI remains \`CI / all-required\`"
-            echo "on the amd64 pool (\`ci.yml\`, unchanged by this PR)."
-          } >> "$GITHUB_STEP_SUMMARY"

tests/e2e/test_peer_visibility_mcp_local.sh

@@ -24,12 +24,14 @@
 #
 # Only PROVISIONING differs from staging:
 #   - staging: POST /cp/admin/orgs (cold EC2 tenant) + per-tenant admin
-#     token + each workspace's MCP bearer from the POST /workspaces
-#     create response.
+#     token + each workspace's MCP bearer from create response or an admin
+#     token-mint fallback.
 #   - local:   POST /workspaces directly against the local stack
-#     (BASE, default http://localhost:8080), MCP bearer consumed inline
-#     from the create response (auth_token field). Same model every
-#     other local E2E uses; no new credential/provision flow.
+#     (BASE, default http://localhost:8080), MCP bearer minted via
+#     GET /admin/workspaces/:id/test-token (e2e_mint_test_token —
+#     deterministic, gated by MOLECULE_ENV != production). Same model
+#     every other local E2E (test_priority_runtimes_e2e.sh,
+#     test_api.sh) already uses; no new credential/provision flow.
 #
 # By default the local backend creates external-mode workspace rows and
 # drives the literal MCP path directly. That keeps the local peer-visibility
@@ -79,17 +81,6 @@ NAME_PREFIX="PV-Local-$$-$(date +%H%M%S)"
 log()  { echo "[$(date +%H:%M:%S)] $*"; }
 ok()   { echo "[$(date +%H:%M:%S)] ✅ $*"; }
 
-extract_auth_token() {
-  python3 -c "
-import sys, json
-try:
-    d = json.load(sys.stdin)
-except Exception:
-    print(''); sys.exit(0)
-print(d.get('auth_token') or d.get('connection', {}).get('auth_token') or '')
-" 2>/dev/null
-}
-
 CREATED_WSIDS=()
 ADMIN_BEARER="${MOLECULE_ADMIN_TOKEN:-${ADMIN_TOKEN:-}}"
 ADMIN_AUTH=()
@@ -140,6 +131,17 @@ if ! curl -fsS "$BASE/health" -m 5 >/dev/null 2>&1; then
   echo "::error::Local stack not healthy at $BASE/health — bring it up (make up) before this gate. Infra, not a workspace bug (feedback_fix_root_not_symptom)." >&2
   exit 1
 fi
+# admin/test-token is the local MCP-bearer mint path; it 404s in
+# production. If it is off, this gate cannot drive the literal call.
+if ! curl -fsS "$BASE/admin/workspaces/preflight-probe/test-token" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -m 5 >/dev/null 2>&1; then
+  # A 404 here is EITHER "no such ws" (fine — endpoint is enabled) OR the
+  # endpoint is disabled (MOLECULE_ENV=production). Distinguish by body.
+  PROBE=$(curl -s "$BASE/admin/workspaces/preflight-probe/test-token" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -m 5 2>/dev/null)
+  if echo "$PROBE" | grep -qi 'production\|disabled\|not found.*endpoint'; then
+    echo "::error::GET /admin/workspaces/:id/test-token disabled (MOLECULE_ENV=production?). Cannot mint a local MCP bearer." >&2
+    exit 1
+  fi
+fi
 ok "    local stack healthy"
 
 # ─── Resolve per-runtime provisioning secrets ──────────────────────────
@@ -258,12 +260,6 @@ PARENT_MODEL=$(_model_for_runtime "$PARENT_RUNTIME")
 P_RESP=$(curl -s -X POST "$BASE/workspaces" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -H "Content-Type: application/json" \
   -d "{\"name\":\"${NAME_PREFIX}-parent\",\"runtime\":\"$PARENT_RUNTIME\",\"model\":\"$PARENT_MODEL\",\"tier\":3$PARENT_EXTRA,\"secrets\":$PARENT_SECRETS}")
 PARENT_ID=$(echo "$P_RESP" | python3 -c 'import json,sys;print(json.load(sys.stdin).get("id",""))' 2>/dev/null)
-# PARENT_TOKEN captured for symmetry with the per-sibling auth-token
-# capture in the runtime loop below + reserved for follow-up steps
-# that need parent-side auth. Current downstream steps reach the parent
-# via admin token, so the variable isn't dereferenced — SC2034.
-# shellcheck disable=SC2034 # captured for downstream parent-auth use; see #1644 follow-up
-PARENT_TOKEN=$(echo "$P_RESP" | extract_auth_token)
 if [ -z "$PARENT_ID" ]; then
   echo "::error::parent create failed: $(echo "$P_RESP" | head -c 300)" >&2
   exit 1
@@ -279,8 +275,6 @@ log "    PARENT_ID=$PARENT_ID runtime=$PARENT_RUNTIME"
 WS_IDS_MAP=""
 # shellcheck disable=SC2034 # map values are updated through portable eval-based helpers.
 VERDICT_MAP=""
-# shellcheck disable=SC2034 # map values are updated through portable eval-based helpers.
-WS_TOKENS_MAP=""
 _map_set() { # _map_set <mapvarname> <key> <value>
   local __m="$1" __k="$2" __v="$3" __cur
   eval "__cur=\$$__m"
@@ -317,17 +311,11 @@ for rt in $PV_RUNTIMES; do
   R=$(curl -s -X POST "$BASE/workspaces" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -H "Content-Type: application/json" \
     -d "{\"name\":\"${NAME_PREFIX}-$rt\",\"runtime\":\"$CREATE_RUNTIME\",\"model\":\"$CREATE_MODEL\",\"tier\":2,\"parent_id\":\"$PARENT_ID\"$CREATE_EXTRA,\"secrets\":$SEC}")
   WID=$(echo "$R" | python3 -c 'import json,sys;print(json.load(sys.stdin).get("id",""))' 2>/dev/null)
-  WTOK=$(echo "$R" | extract_auth_token)
   if [ -z "$WID" ]; then
     echo "::error::$rt workspace create failed: $(echo "$R" | head -c 300)" >&2
     exit 1
   fi
-  if [ -z "$WTOK" ]; then
-    echo "::error::$rt workspace create did not return an auth_token — cannot drive the literal MCP call" >&2
-    exit 1
-  fi
   _map_set WS_IDS_MAP "$rt" "$WID"
-  _map_set WS_TOKENS_MAP "$rt" "$WTOK"
   CREATED_WSIDS+=("$WID")
   ALL_WS_IDS="$ALL_WS_IDS $WID"
   ACTIVE_RUNTIMES="$ACTIVE_RUNTIMES $rt"
@@ -385,10 +373,10 @@ log "4/5 driving the LITERAL list_peers MCP call per online runtime..."
 echo ""
 for rt in $ONLINE_RUNTIMES; do
   wid="$(_map_get WS_IDS_MAP "$rt")"
-  WTOK="$(_map_get WS_TOKENS_MAP "$rt")"
+  WTOK=$(e2e_mint_test_token "$wid" 2>/dev/null || true)
   if [ -z "$WTOK" ]; then
     echo "--- $rt (ws=$wid) ---"
-    echo "  ✗ $rt: workspace create did not return an auth_token — cannot drive the literal call"
+    echo "  ✗ $rt: could not mint a local MCP bearer (admin/test-token) — cannot drive the literal call"
     _map_set VERDICT_MAP "$rt" "FAIL(no-bearer)"
     REGRESSED=1
     echo ""

tests/e2e/test_peer_visibility_mcp_staging.sh

@@ -40,10 +40,10 @@
 #   drives: POST /cp/admin/orgs (provision), GET
 #   /cp/admin/orgs/:slug/admin-token (per-tenant token), DELETE
 #   /cp/admin/tenants/:slug (teardown). The per-tenant admin token drives
-#   tenant workspace creation; each workspace's OWN auth_token is consumed
-#   inline from the POST /workspaces 201 response to drive its MCP call.
-#   No dev-only admin token-mint routes are used in this E2E
-#   (feedback_no_dev_only_routes_in_e2e).
+#   tenant workspace creation; each workspace's OWN auth_token drives its
+#   MCP call. External-like runtimes may return the token in POST
+#   /workspaces; managed container runtimes usually require the admin token
+#   mint fallback below.
 #
 # Required env:
 #   MOLECULE_ADMIN_TOKEN   CP admin bearer — Railway staging CP_ADMIN_API_TOKEN
@@ -265,19 +265,44 @@ log "    PARENT_ID=$PARENT_ID"
 # WS_IDS[runtime]=id ; WS_TOKENS[runtime]=auth_token (the MCP bearer)
 declare -A WS_IDS WS_TOKENS
 ALL_WS_IDS="$PARENT_ID"
+TOKEN_ERRORS=0
+TOKEN_ERROR_SUMMARY=""
 for rt in $PV_RUNTIMES; do
   R=$(tenant_call POST /workspaces \
     -d "{\"name\":\"pv-$rt\",\"runtime\":\"$rt\",\"tier\":2,\"parent_id\":\"$PARENT_ID\",\"secrets\":$SECRETS_JSON}")
   WID=$(echo "$R" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null)
+  # External-like runtimes may return connection.auth_token on create.
+  # Managed container runtimes usually return only id/status here, then
+  # receive their bearer through registry/bootstrap; for this literal MCP
+  # driver we mint through the production-safe admin token route below.
   WTOK=$(echo "$R" | extract_auth_token)
-  [ -n "$WID" ] || fail "$rt workspace create failed: $(echo \"$R\" | head -c 300)"
-  [ -n "$WTOK" ] || fail "$rt workspace create did not return an auth_token — cannot drive its MCP call (workspace_id=$WID; create_resp: $(echo \"$R\" | redact_token_body))"
+  [ -n "$WID" ] || fail "$rt workspace create failed: $(echo "$R" | head -c 300)"
+  TOKEN_DIAG=""
+  if [ -z "$WTOK" ]; then
+    TTOK_FILE=$(mktemp)
+    TTOK_CODE=$(tenant_call_capture POST "/admin/workspaces/$WID/tokens" "$TTOK_FILE" 2>/dev/null || echo "curl_error")
+    TTOK_RESP=$(cat "$TTOK_FILE" 2>/dev/null || true)
+    WTOK=$(echo "$TTOK_RESP" | extract_auth_token)
+    TOKEN_DIAG="POST /admin/workspaces/$WID/tokens -> HTTP $TTOK_CODE body: $(echo "$TTOK_RESP" | redact_token_body)"
+    rm -f "$TTOK_FILE"
+  fi
   WS_IDS[$rt]="$WID"
+  if [ -z "$WTOK" ]; then
+    TOKEN_ERRORS=$((TOKEN_ERRORS + 1))
+    TOKEN_ERROR_SUMMARY="${TOKEN_ERROR_SUMMARY}
+[$rt] workspace did not return or mint an auth_token — cannot drive its MCP call (workspace_id=$WID; create_resp: $(echo "$R" | redact_token_body); token_fallbacks: $TOKEN_DIAG)"
+    log "    $rt → $WID (token acquisition failed; continuing to classify other runtimes)"
+    continue
+  fi
   WS_TOKENS[$rt]="$WTOK"
   ALL_WS_IDS="$ALL_WS_IDS $WID"
   log "    $rt → $WID"
 done
 
+if [ "$TOKEN_ERRORS" -gt 0 ]; then
+  fail "token acquisition failed for $TOKEN_ERRORS runtime(s):$TOKEN_ERROR_SUMMARY"
+fi
+
 if [ "${PV_TOKEN_DIAGNOSTIC_ONLY:-0}" = "1" ]; then
   ok "token diagnostic passed for runtimes: $PV_RUNTIMES"
   exit 0

workspace-server/internal/handlers/admin_test_token_test.go

@@ -39,7 +39,6 @@ func TestAdminTestToken_EnabledViaFlagEvenInProd(t *testing.T) {
 	mock := setupTestDB(t)
 	t.Setenv("MOLECULE_ENV", "production")
 	t.Setenv("MOLECULE_ENABLE_TEST_TOKENS", "1")
-	t.Setenv("ADMIN_TOKEN", "")
 
 	mock.ExpectQuery("SELECT id FROM workspaces WHERE id =").
 		WithArgs("ws-1").
@@ -59,7 +58,6 @@ func TestAdminTestToken_EnabledViaFlagEvenInProd(t *testing.T) {
 func TestAdminTestToken_WorkspaceNotFound(t *testing.T) {
 	mock := setupTestDB(t)
 	t.Setenv("MOLECULE_ENV", "development")
-	t.Setenv("ADMIN_TOKEN", "")
 
 	mock.ExpectQuery("SELECT id FROM workspaces WHERE id =").
 		WithArgs("missing").
@@ -77,7 +75,6 @@ func TestAdminTestToken_WorkspaceNotFound(t *testing.T) {
 func TestAdminTestToken_HappyPath_TokenValidates(t *testing.T) {
 	mock := setupTestDB(t)
 	t.Setenv("MOLECULE_ENV", "development")
-	t.Setenv("ADMIN_TOKEN", "")
 
 	mock.ExpectQuery("SELECT id FROM workspaces WHERE id =").
 		WithArgs("ws-1").

workspace-server/internal/handlers/github_token.go

@@ -159,7 +159,8 @@ func generateAppInstallationToken() (string, time.Time, error) {
 	req, _ := http.NewRequest("POST", fmt.Sprintf("https://api.github.com/app/installations/%d/access_tokens", installID), nil)
 	req.Header.Set("Authorization", "Bearer "+signed)
 	req.Header.Set("Accept", "application/vnd.github+json")
-	resp, err := http.DefaultClient.Do(req)
+	client := &http.Client{Timeout: 30 * time.Second}
+	resp, err := client.Do(req)
 	if err != nil {
 		return "", time.Time{}, err
 	}

workspace-server/internal/handlers/handlers_additional_test.go

@@ -33,7 +33,7 @@ func TestWorkspaceCreate_WithParentID(t *testing.T) {
 	// Default tier is 3 (Privileged) — see workspace.go create-handler comment.
 	// delivery_mode defaults to "push" when payload omits it (#2339).
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Child Agent", nil, 3, "langgraph", &parentID, nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Child Agent", nil, 3, "langgraph", sqlmock.AnyArg(), &parentID, nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -69,7 +69,7 @@ func TestWorkspaceCreate_ExplicitClaudeCodeRuntime(t *testing.T) {
 	mock.ExpectBegin()
 	// delivery_mode defaults to "push" when payload omits it (#2339).
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "CC Agent", nil, 2, "claude-code", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "CC Agent", nil, 2, "claude-code", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -291,7 +291,7 @@ func TestWorkspaceCreate_MaxConcurrentTasksOverride(t *testing.T) {
 
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Leader Agent", nil, 3, "claude-code", (*string)(nil), nil, "none", (*int64)(nil), 3, "push").
+		WithArgs(sqlmock.AnyArg(), "Leader Agent", nil, 3, "claude-code", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), 3, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").

workspace-server/internal/handlers/handlers_test.go

@@ -364,11 +364,11 @@ func TestWorkspaceCreate(t *testing.T) {
 	// Expect transaction begin for atomic workspace+secrets creation
 	mock.ExpectBegin()
 
-	// Expect workspace INSERT (uuid is dynamic, use AnyArg for id, runtime).
+	// Expect workspace INSERT (uuid is dynamic, use AnyArg for id, runtime, awareness_namespace).
 	// Default tier is 3 (Privileged) — see workspace.go create-handler comment.
 	// delivery_mode defaults to "push" when payload omits it (#2339).
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Test Agent", nil, 3, "langgraph", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Test Agent", nil, 3, "langgraph", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 
 	// Expect transaction commit (no secrets in this payload)
@@ -412,17 +412,24 @@ func TestWorkspaceCreate(t *testing.T) {
 	if resp["id"] == nil || resp["id"] == "" {
 		t.Error("expected non-empty id in response")
 	}
+	if resp["awareness_namespace"] != "workspace:"+resp["id"].(string) {
+		t.Errorf("expected awareness namespace derived from workspace id, got %v", resp["awareness_namespace"])
+	}
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unmet sqlmock expectations: %v", err)
 	}
 }
 
-func TestBuildProvisionerConfig_WorkspacePathFromPayload(t *testing.T) {
+func TestBuildProvisionerConfig_IncludesAwarenessSettings(t *testing.T) {
 	setupTestDB(t)
+	// runtime_image_pins reader removed by RFC internal#617 / task #335
+	// — CP is the SSOT for runtime image pins. No DB lookup here anymore.
+
 	broadcaster := newTestBroadcaster()
 	handler := NewWorkspaceHandler(broadcaster, nil, "http://localhost:8080", "/tmp/configs")
 
+	t.Setenv("AWARENESS_URL", "http://awareness:37800")
 	t.Setenv("WORKSPACE_DIR", "/tmp/workspace")
 
 	cfg := handler.buildProvisionerConfig(
@@ -433,10 +440,17 @@ func TestBuildProvisionerConfig_WorkspacePathFromPayload(t *testing.T) {
 		models.CreateWorkspacePayload{Tier: 2, Runtime: "claude-code", WorkspaceDir: "/tmp/workspace", WorkspaceAccess: "read_write"},
 		map[string]string{"OPENAI_API_KEY": "sk-test"},
 		"/tmp/plugins",
+		"workspace:ws-123",
 	)
 
+	if cfg.AwarenessURL != "http://awareness:37800" {
+		t.Fatalf("expected awareness URL to be injected, got %q", cfg.AwarenessURL)
+	}
+	if cfg.AwarenessNamespace != "workspace:ws-123" {
+		t.Fatalf("expected awareness namespace to be injected, got %q", cfg.AwarenessNamespace)
+	}
 	if cfg.WorkspacePath != "/tmp/workspace" {
-		t.Fatalf("expected workspace path from payload, got %q", cfg.WorkspacePath)
+		t.Fatalf("expected workspace path from env, got %q", cfg.WorkspacePath)
 	}
 }
 

workspace-server/internal/handlers/mcp_test.go

@@ -1141,8 +1141,6 @@ func TestIsSafeURL_Blocks169_254_Metadata(t *testing.T) {
 }
 
 func TestIsSafeURL_Blocks10xPrivate(t *testing.T) {
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 	err := isSafeURL("http://10.0.0.1/agent")
 	if err == nil {
 		t.Errorf("isSafeURL: expected 10.x.x.x to be blocked, got nil")
@@ -1150,8 +1148,6 @@ func TestIsSafeURL_Blocks10xPrivate(t *testing.T) {
 }
 
 func TestIsSafeURL_Blocks172Private(t *testing.T) {
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 	err := isSafeURL("http://172.16.0.1/agent")
 	if err == nil {
 		t.Errorf("isSafeURL: expected 172.16.0.0/12 to be blocked, got nil")
@@ -1159,8 +1155,6 @@ func TestIsSafeURL_Blocks172Private(t *testing.T) {
 }
 
 func TestIsSafeURL_Blocks192_168Private(t *testing.T) {
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 	err := isSafeURL("http://192.168.1.100/agent")
 	if err == nil {
 		t.Errorf("isSafeURL: expected 192.168.x.x to be blocked, got nil")
@@ -1184,8 +1178,6 @@ func TestIsSafeURL_BlocksInvalidURL(t *testing.T) {
 // ==================== SSRF Defence — isPrivateOrMetadataIP ====================
 
 func TestIsPrivateOrMetadataIP_10Range(t *testing.T) {
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 	tests := []string{"10.0.0.0", "10.255.255.255", "10.1.2.3"}
 	for _, ip := range tests {
 		if !isPrivateOrMetadataIP(net.ParseIP(ip)) {
@@ -1195,8 +1187,6 @@ func TestIsPrivateOrMetadataIP_10Range(t *testing.T) {
 }
 
 func TestIsPrivateOrMetadataIP_172Range(t *testing.T) {
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 	tests := []string{"172.16.0.0", "172.31.255.255", "172.20.1.1"}
 	for _, ip := range tests {
 		if !isPrivateOrMetadataIP(net.ParseIP(ip)) {
@@ -1206,8 +1196,6 @@ func TestIsPrivateOrMetadataIP_172Range(t *testing.T) {
 }
 
 func TestIsPrivateOrMetadataIP_192_168Range(t *testing.T) {
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 	tests := []string{"192.168.0.0", "192.168.255.255", "192.168.1.1"}
 	for _, ip := range tests {
 		if !isPrivateOrMetadataIP(net.ParseIP(ip)) {

workspace-server/internal/handlers/org.go

@@ -799,12 +799,13 @@ func (h *OrgHandler) Import(c *gin.Context) {
 	if len(tmpl.GlobalMemories) > 0 && len(results) > 0 {
 		rootID, _ := results[0]["id"].(string)
 		if rootID != "" {
+			rootNS := workspaceAwarenessNamespace(rootID)
 			// Force scope to GLOBAL regardless of what the YAML says.
 			globalSeeds := make([]models.MemorySeed, len(tmpl.GlobalMemories))
 			for i, gm := range tmpl.GlobalMemories {
 				globalSeeds[i] = models.MemorySeed{Content: gm.Content, Scope: "GLOBAL"}
 			}
-			seedInitialMemories(context.Background(), rootID, globalSeeds)
+			seedInitialMemories(context.Background(), rootID, globalSeeds, rootNS)
 			log.Printf("Org import: seeded %d global memories on root workspace %s", len(globalSeeds), rootID)
 		}
 	}

workspace-server/internal/handlers/org_import.go

@@ -102,6 +102,7 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
 	}
 
 	id := uuid.New().String()
+	awarenessNS := workspaceAwarenessNamespace(id)
 
 	var role interface{}
 	if ws.Role != "" {
@@ -167,13 +168,13 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
 	// EXACTLY for Postgres to consider the index applicable.
 	var insertedID string
 	err := db.DB.QueryRowContext(ctx, `
-		INSERT INTO workspaces (id, name, role, tier, runtime, status, parent_id, workspace_dir, workspace_access, max_concurrent_tasks)
-		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
+		INSERT INTO workspaces (id, name, role, tier, runtime, awareness_namespace, status, parent_id, workspace_dir, workspace_access, max_concurrent_tasks)
+		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)
 		ON CONFLICT (COALESCE(parent_id, '00000000-0000-0000-0000-000000000000'::uuid), name)
 		WHERE status != 'removed'
 		DO NOTHING
 		RETURNING id
-	`, id, ws.Name, role, tier, runtime, "provisioning", parentID, workspaceDir, workspaceAccess, maxConcurrent).Scan(&insertedID)
+	`, id, ws.Name, role, tier, runtime, awarenessNS, "provisioning", parentID, workspaceDir, workspaceAccess, maxConcurrent).Scan(&insertedID)
 	if errors.Is(err, sql.ErrNoRows) {
 		// Skip path — a non-removed row already exists for
 		// (parent_id, name). Re-select its id; idempotency-friendly
@@ -258,7 +259,7 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
 	if len(wsMemories) == 0 {
 		wsMemories = defaults.InitialMemories
 	}
-	seedInitialMemories(ctx, id, wsMemories)
+	seedInitialMemories(ctx, id, wsMemories, awarenessNS)
 
 	// Handle external workspaces
 	if ws.External {

workspace-server/internal/handlers/registry_test.go

@@ -712,8 +712,6 @@ func TestHeartbeat_SkipsRemovedRows(t *testing.T) {
 // ------------------------------------------------------------
 
 func TestValidateAgentURL(t *testing.T) {
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 	cases := []struct {
 		name    string
 		url     string

workspace-server/internal/handlers/security_regression_685_686_687_688_test.go

@@ -95,7 +95,6 @@ func TestSecurity_GetTemplates_NoAuth_Returns401(t *testing.T) {
 func TestSecurity_GetTemplates_FreshInstall_FailsOpen(t *testing.T) {
 	setupTestDB(t)
 	setupTestRedis(t)
-	t.Setenv("ADMIN_TOKEN", "")
 	authDB, authMock := newFreshInstallAuthDB(t)
 
 	tmpDir := t.TempDir()
@@ -153,7 +152,6 @@ func TestSecurity_GetOrgTemplates_NoAuth_Returns401(t *testing.T) {
 func TestSecurity_GetOrgTemplates_FreshInstall_FailsOpen(t *testing.T) {
 	setupTestDB(t)
 	setupTestRedis(t)
-	t.Setenv("ADMIN_TOKEN", "")
 	authDB, authMock := newFreshInstallAuthDB(t)
 
 	tmpDir := t.TempDir()

workspace-server/internal/handlers/workspace.go

@@ -216,6 +216,7 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {
 	}
 
 	id := uuid.New().String()
+	awarenessNamespace := workspaceAwarenessNamespace(id)
 	if h.IsSaaS() {
 		// SaaS hard gate: every hosted workspace gets its own sibling
 		// EC2 instance, so T4 is the only meaningful runtime boundary.
@@ -447,10 +448,10 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {
 	// returns the actually-persisted name (which we MUST thread back into
 	// payload + broadcast so the canvas displays what the DB has).
 	const insertWorkspaceSQL = `
-		INSERT INTO workspaces (id, name, role, tier, runtime, status, parent_id, workspace_dir, workspace_access, budget_limit, max_concurrent_tasks, delivery_mode)
-		VALUES ($1, $2, $3, $4, $5, 'provisioning', $6, $7, $8, $9, $10, $11)
+		INSERT INTO workspaces (id, name, role, tier, runtime, awareness_namespace, status, parent_id, workspace_dir, workspace_access, budget_limit, max_concurrent_tasks, delivery_mode)
+		VALUES ($1, $2, $3, $4, $5, $6, 'provisioning', $7, $8, $9, $10, $11, $12)
 	`
-	insertArgs := []any{id, payload.Name, role, payload.Tier, payload.Runtime, payload.ParentID, workspaceDir, workspaceAccess, payload.BudgetLimit, maxConcurrent, deliveryMode}
+	insertArgs := []any{id, payload.Name, role, payload.Tier, payload.Runtime, awarenessNamespace, payload.ParentID, workspaceDir, workspaceAccess, payload.BudgetLimit, maxConcurrent, deliveryMode}
 	persistedName, currentTx, err := insertWorkspaceWithNameRetry(
 		ctx,
 		tx,
@@ -571,7 +572,7 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {
 
 	// Seed initial memories from the create payload (issue #1050).
 	// Non-fatal: failures are logged but don't block workspace creation.
-	seedInitialMemories(ctx, id, payload.InitialMemories)
+	seedInitialMemories(ctx, id, payload.InitialMemories, awarenessNamespace)
 
 	// Broadcast provisioning event. Include `runtime` so the canvas can
 	// populate the Runtime pill on the side panel immediately — without it
@@ -706,9 +707,10 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {
 	}
 
 	c.JSON(http.StatusCreated, gin.H{
-		"id":               id,
-		"status":           "provisioning",
-		"workspace_access": workspaceAccess,
+		"id":                  id,
+		"status":              "provisioning",
+		"awareness_namespace": awarenessNamespace,
+		"workspace_access":    workspaceAccess,
 	})
 }
 

workspace-server/internal/handlers/workspace_budget_test.go

@@ -152,6 +152,7 @@ func TestWorkspaceBudget_Create_WithLimit(t *testing.T) {
 			nil,                              // role
 			3,                                // tier (default, workspace.go create-handler)
 			"langgraph",                      // runtime
+			sqlmock.AnyArg(),                 // awareness_namespace
 			(*string)(nil),                   // parent_id
 			nil,                              // workspace_dir
 			"none",                           // workspace_access

workspace-server/internal/handlers/workspace_compute_test.go

@@ -145,6 +145,7 @@ func TestBuildProvisionerConfig_CopiesComputeSizingFromPayload(t *testing.T) {
 		},
 		nil,
 		t.TempDir(),
+		"workspace:ws-compute",
 	)
 
 	if cfg.InstanceType != "m6i.xlarge" {

workspace-server/internal/handlers/workspace_create_name_integration_test.go

@@ -103,13 +103,13 @@ func cleanupTestRows(t *testing.T, conn *sql.DB, namePrefix string) {
 // TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision
 // exercises the helper end-to-end against a real Postgres:
 //
-//  1. INSERT a row with name "<prefix>-Repro" — succeeds.
-//  2. Run insertWorkspaceWithNameRetry with the same name —
-//     partial-unique violation fires, helper retries with
-//     " (2)", that succeeds.
-//  3. SELECT the row by id, confirm name = "<prefix>-Repro (2)".
-//  4. Run helper AGAIN — second collision, helper retries with
-//     " (3)".
+//   1. INSERT a row with name "<prefix>-Repro" — succeeds.
+//   2. Run insertWorkspaceWithNameRetry with the same name —
+//      partial-unique violation fires, helper retries with
+//      " (2)", that succeeds.
+//   3. SELECT the row by id, confirm name = "<prefix>-Repro (2)".
+//   4. Run helper AGAIN — second collision, helper retries with
+//      " (3)".
 //
 // This is the live-test that proves the partial-index behaviour
 // matches the migration's intent — sqlmock cannot reach this depth.
@@ -130,9 +130,9 @@ func TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision(t *testin
 	// targets + the NOT NULL columns required by the schema).
 	firstID := uuid.New().String()
 	if _, err := conn.ExecContext(ctx, `
-		INSERT INTO workspaces (id, name, tier, runtime, status)
-		VALUES ($1, $2, 2, 'claude-code', 'provisioning')
-	`, firstID, baseName); err != nil {
+		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
+		VALUES ($1, $2, 2, 'claude-code', $3, 'provisioning')
+	`, firstID, baseName, "workspace:"+firstID); err != nil {
 		t.Fatalf("seed first row: %v", err)
 	}
 
@@ -145,10 +145,10 @@ func TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision(t *testin
 	}
 	secondID := uuid.New().String()
 	query := `
-		INSERT INTO workspaces (id, name, tier, runtime, status)
-		VALUES ($1, $2, 2, 'claude-code', 'provisioning')
+		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
+		VALUES ($1, $2, 2, 'claude-code', $3, 'provisioning')
 	`
-	args := []any{secondID, baseName}
+	args := []any{secondID, baseName, "workspace:" + secondID}
 	persistedName, finalTx, err := insertWorkspaceWithNameRetry(
 		ctx, tx, beginTx, baseName, 1, query, args,
 	)
@@ -179,7 +179,7 @@ func TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision(t *testin
 		t.Fatalf("begin tx3: %v", err)
 	}
 	thirdID := uuid.New().String()
-	args3 := []any{thirdID, baseName}
+	args3 := []any{thirdID, baseName, "workspace:" + thirdID}
 	persistedName3, finalTx3, err := insertWorkspaceWithNameRetry(
 		ctx, tx3, beginTx, baseName, 1, query, args3,
 	)
@@ -216,9 +216,9 @@ func TestIntegration_WorkspaceCreate_NameRetry_TombstonedRowDoesNotCollide(t *te
 	// Seed a row, then tombstone it.
 	firstID := uuid.New().String()
 	if _, err := conn.ExecContext(ctx, `
-		INSERT INTO workspaces (id, name, tier, runtime, status)
-		VALUES ($1, $2, 2, 'claude-code', 'removed')
-	`, firstID, baseName); err != nil {
+		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
+		VALUES ($1, $2, 2, 'claude-code', $3, 'removed')
+	`, firstID, baseName, "workspace:"+firstID); err != nil {
 		t.Fatalf("seed tombstoned row: %v", err)
 	}
 
@@ -231,10 +231,10 @@ func TestIntegration_WorkspaceCreate_NameRetry_TombstonedRowDoesNotCollide(t *te
 	}
 	secondID := uuid.New().String()
 	query := `
-		INSERT INTO workspaces (id, name, tier, runtime, status)
-		VALUES ($1, $2, 2, 'claude-code', 'provisioning')
+		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
+		VALUES ($1, $2, 2, 'claude-code', $3, 'provisioning')
 	`
-	args := []any{secondID, baseName}
+	args := []any{secondID, baseName, "workspace:" + secondID}
 	persistedName, finalTx, err := insertWorkspaceWithNameRetry(
 		ctx, tx, beginTx, baseName, 1, query, args,
 	)

workspace-server/internal/handlers/workspace_crud.go

@@ -435,16 +435,13 @@ func (h *WorkspaceHandler) CascadeDelete(ctx context.Context, id string) ([]stri
 	if err != nil {
 		return nil, nil, fmt.Errorf("descendant query: %w", err)
 	}
-	defer descRows.Close()
 	for descRows.Next() {
 		var descID string
 		if descRows.Scan(&descID) == nil {
 			descendantIDs = append(descendantIDs, descID)
 		}
 	}
-	if err := descRows.Err(); err != nil {
-		return nil, nil, fmt.Errorf("CascadeDelete: failed iterating descendants: %w", err)
-	}
+	descRows.Close()
 
 	allIDs := append([]string{id}, descendantIDs...)
 

workspace-server/internal/handlers/workspace_crud_test.go

@@ -503,32 +503,6 @@ func TestCascadeDelete_DescendantQueryError(t *testing.T) {
 	// sqlmock verifies all expected queries were executed
 }
 
-func TestCascadeDelete_DescendantRowsError(t *testing.T) {
-	mock, _ := setupWorkspaceCrudTest(t)
-	wsID := "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
-
-	// RowError(0, ...) requires a real row at index 0 to be reachable —
-	// sqlmock only invokes nextErr[N] when r.pos-1 == N and the row exists.
-	// AddRow ensures Next() attempts the first row, triggers the error,
-	// and rows.Err() returns the injected error.
-	h := &WorkspaceHandler{}
-	rows := sqlmock.NewRows([]string{"id"}).AddRow("desc-1").RowError(0, sql.ErrConnDone)
-	mock.ExpectQuery(`WITH RECURSIVE descendants AS`).
-		WithArgs(wsID).
-		WillReturnRows(rows)
-
-	deleted, stopErrs, err := h.CascadeDelete(context.Background(), wsID)
-	if err == nil {
-		t.Fatal("CascadeDelete returned nil error; want descendant rows error")
-	}
-	if deleted != nil {
-		t.Errorf("deleted = %v; want nil", deleted)
-	}
-	if stopErrs != nil {
-		t.Errorf("stopErrs = %v; want nil", stopErrs)
-	}
-}
-
 // Note: Full CascadeDelete testing requires mocking StopWorkspace, RemoveVolume,
 // and provisioner calls — covered in integration tests. Unit tests here focus on
 // the validation and pre-condition paths.

workspace-server/internal/handlers/workspace_provision.go

@@ -128,7 +128,7 @@ func (h *WorkspaceHandler) provisionWorkspaceOpts(workspaceID, templatePath stri
 							workspaceID, filepath.Base(runtimeTemplate))
 						templatePath = runtimeTemplate
 						// Rebuild cfg with the recovered template path so Start() sees it.
-						cfg = h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, prepared.EnvVars, prepared.PluginsPath)
+						cfg = h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, prepared.EnvVars, prepared.PluginsPath, prepared.AwarenessNamespace)
 						cfg.ResetClaudeSession = resetClaudeSession
 						recovered = true
 						break
@@ -194,11 +194,10 @@ func (h *WorkspaceHandler) provisionWorkspaceOpts(workspaceID, templatePath stri
 // a ~64k context window worth of text — but small enough to prevent abuse.
 const maxMemoryContentLength = 100_000 // ~100 KiB of text
 
-func seedInitialMemories(ctx context.Context, workspaceID string, memories []models.MemorySeed) {
+func seedInitialMemories(ctx context.Context, workspaceID string, memories []models.MemorySeed, awarenessNamespace string) {
 	if len(memories) == 0 {
 		return
 	}
-	namespace := workspaceMemoryNamespace(workspaceID)
 	for _, mem := range memories {
 		scope := strings.ToUpper(mem.Scope)
 		if scope == "" {
@@ -224,27 +223,33 @@ func seedInitialMemories(ctx context.Context, workspaceID string, memories []mod
 		if _, err := db.DB.ExecContext(ctx, `
 			INSERT INTO agent_memories (workspace_id, content, scope, namespace)
 			VALUES ($1, $2, $3, $4)
-		`, workspaceID, redactedContent, scope, namespace); err != nil {
+		`, workspaceID, redactedContent, scope, awarenessNamespace); err != nil {
 			log.Printf("seedInitialMemories: failed to insert memory for %s (scope=%s): %v", workspaceID, scope, err)
 		}
 	}
 	log.Printf("seedInitialMemories: seeded %d memories for workspace %s", len(memories), workspaceID)
 }
 
-// workspaceMemoryNamespace returns the canonical v2 memory namespace
-// string for a workspace. Matches the form produced by
-// internal/memory/namespace/resolver.go for self-reads (issue #1735).
-func workspaceMemoryNamespace(workspaceID string) string {
+func workspaceAwarenessNamespace(workspaceID string) string {
 	return fmt.Sprintf("workspace:%s", workspaceID)
 }
 
+func (h *WorkspaceHandler) loadAwarenessNamespace(ctx context.Context, workspaceID string) string {
+	var awarenessNamespace string
+	err := db.DB.QueryRowContext(ctx, `SELECT COALESCE(awareness_namespace, '') FROM workspaces WHERE id = $1`, workspaceID).Scan(&awarenessNamespace)
+	if err != nil || awarenessNamespace == "" {
+		return workspaceAwarenessNamespace(workspaceID)
+	}
+	return awarenessNamespace
+}
+
 func (h *WorkspaceHandler) buildProvisionerConfig(
 	ctx context.Context,
 	workspaceID, templatePath string,
 	configFiles map[string][]byte,
 	payload models.CreateWorkspacePayload,
 	envVars map[string]string,
-	pluginsPath string,
+	pluginsPath, awarenessNamespace string,
 ) provisioner.WorkspaceConfig {
 	// Per-workspace workspace_dir takes priority over global WORKSPACE_DIR env var.
 	// If neither is set, the provisioner creates an isolated Docker volume.
@@ -283,18 +288,20 @@ func (h *WorkspaceHandler) buildProvisionerConfig(
 	}
 
 	return provisioner.WorkspaceConfig{
-		WorkspaceID:     workspaceID,
-		TemplatePath:    templatePath,
-		ConfigFiles:     configFiles,
-		PluginsPath:     pluginsPath,
-		WorkspacePath:   workspacePath,
-		WorkspaceAccess: workspaceAccess,
-		Tier:            payload.Tier,
-		Runtime:         payload.Runtime,
-		InstanceType:    payload.Compute.InstanceType,
-		DiskGB:          int32(payload.Compute.Volume.RootGB),
-		EnvVars:         envVars,
-		PlatformURL:     h.platformURL,
+		WorkspaceID:        workspaceID,
+		TemplatePath:       templatePath,
+		ConfigFiles:        configFiles,
+		PluginsPath:        pluginsPath,
+		WorkspacePath:      workspacePath,
+		WorkspaceAccess:    workspaceAccess,
+		Tier:               payload.Tier,
+		Runtime:            payload.Runtime,
+		InstanceType:       payload.Compute.InstanceType,
+		DiskGB:             int32(payload.Compute.Volume.RootGB),
+		EnvVars:            envVars,
+		PlatformURL:        h.platformURL,
+		AwarenessURL:       os.Getenv("AWARENESS_URL"),
+		AwarenessNamespace: awarenessNamespace,
 		// Image left empty — molecule-core's runtime_image_pins table (mig
 		// 047, dead reader removed by RFC internal#617 / task #335) was an
 		// aspirational SSOT that never received a writer. CP's

workspace-server/internal/handlers/workspace_provision_shared.go

@@ -85,9 +85,10 @@ func readOrLazyHealInboundSecret(ctx context.Context, workspaceID, opLabel strin
 // prepareProvisionContext when the caller proceeds; nil + non-empty
 // abort message when the caller must mark the workspace failed.
 type preparedProvisionContext struct {
-	EnvVars     map[string]string
-	PluginsPath string
-	Config      provisioner.WorkspaceConfig
+	EnvVars            map[string]string
+	PluginsPath        string
+	AwarenessNamespace string
+	Config             provisioner.WorkspaceConfig
 }
 
 // provisionAbort describes why prepareProvisionContext refused to
@@ -169,6 +170,7 @@ func (h *WorkspaceHandler) prepareProvisionContext(
 	}
 
 	pluginsPath, _ := filepath.Abs(filepath.Join(h.configsDir, "..", "plugins"))
+	awarenessNamespace := h.loadAwarenessNamespace(ctx, workspaceID)
 
 	// Per-agent git identity (#1957) — must run after secret loads so
 	// a workspace_secret named GIT_AUTHOR_NAME can override.
@@ -229,13 +231,14 @@ func (h *WorkspaceHandler) prepareProvisionContext(
 		}
 	}
 
-	cfg := h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, envVars, pluginsPath)
+	cfg := h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, envVars, pluginsPath, awarenessNamespace)
 	cfg.ResetClaudeSession = resetClaudeSession
 
 	return &preparedProvisionContext{
-		EnvVars:     envVars,
-		PluginsPath: pluginsPath,
-		Config:      cfg,
+		EnvVars:            envVars,
+		PluginsPath:        pluginsPath,
+		AwarenessNamespace: awarenessNamespace,
+		Config:             cfg,
 	}, nil
 }
 

workspace-server/internal/handlers/workspace_provision_test.go

@@ -17,9 +17,9 @@ import (
 	"gopkg.in/yaml.v3"
 )
 
-// ==================== workspaceMemoryNamespace ====================
+// ==================== workspaceAwarenessNamespace ====================
 
-func TestWorkspaceMemoryNamespace(t *testing.T) {
+func TestWorkspaceAwarenessNamespace(t *testing.T) {
 	tests := []struct {
 		workspaceID string
 		expected    string
@@ -31,9 +31,9 @@ func TestWorkspaceMemoryNamespace(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.workspaceID, func(t *testing.T) {
-			result := workspaceMemoryNamespace(tt.workspaceID)
+			result := workspaceAwarenessNamespace(tt.workspaceID)
 			if result != tt.expected {
-				t.Errorf("workspaceMemoryNamespace(%q) = %q, want %q", tt.workspaceID, result, tt.expected)
+				t.Errorf("workspaceAwarenessNamespace(%q) = %q, want %q", tt.workspaceID, result, tt.expected)
 			}
 		})
 	}
@@ -645,7 +645,7 @@ func TestSeedInitialMemories_TruncatesOversizedContent(t *testing.T) {
 					WillReturnResult(sqlmock.NewResult(1, 1))
 			}
 
-			seedInitialMemories(context.Background(), workspaceID, memories)
+			seedInitialMemories(context.Background(), workspaceID, memories, "test-ns")
 
 			if err := mock.ExpectationsWereMet(); err != nil {
 				t.Errorf("unmet DB expectations: %v", err)
@@ -674,7 +674,7 @@ func TestSeedInitialMemories_RedactsSecrets(t *testing.T) {
 		WithArgs(workspaceID, wantRedacted, "LOCAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(1, 1))
 
-	seedInitialMemories(context.Background(), workspaceID, memories)
+	seedInitialMemories(context.Background(), workspaceID, memories, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unmet DB expectations: %v", err)
@@ -691,7 +691,7 @@ func TestSeedInitialMemories_InvalidScopeSkipped(t *testing.T) {
 		{Content: "this should be skipped", Scope: "NOT_A_REAL_SCOPE"},
 	}
 
-	seedInitialMemories(context.Background(), "ws-bad-scope", memories)
+	seedInitialMemories(context.Background(), "ws-bad-scope", memories, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unexpected DB calls for invalid scope: %v", err)
@@ -704,7 +704,7 @@ func TestSeedInitialMemories_EmptyMemoriesNil(t *testing.T) {
 	mock := setupTestDB(t)
 	mock.ExpectationsWereMet()
 
-	seedInitialMemories(context.Background(), "ws-nil", nil)
+	seedInitialMemories(context.Background(), "ws-nil", nil, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unexpected DB calls for nil slice: %v", err)
@@ -733,6 +733,7 @@ func TestBuildProvisionerConfig_BasicFields(t *testing.T) {
 		models.CreateWorkspacePayload{Tier: 1, Runtime: "langgraph"},
 		map[string]string{"API_KEY": "secret"},
 		pluginsPath,
+		"workspace:ws-basic",
 	)
 
 	if cfg.WorkspaceID != "ws-basic" {
@@ -747,6 +748,9 @@ func TestBuildProvisionerConfig_BasicFields(t *testing.T) {
 	if cfg.PlatformURL != "http://localhost:8080" {
 		t.Errorf("expected PlatformURL 'http://localhost:8080', got %q", cfg.PlatformURL)
 	}
+	if cfg.AwarenessNamespace != "workspace:ws-basic" {
+		t.Errorf("expected AwarenessNamespace 'workspace:ws-basic', got %q", cfg.AwarenessNamespace)
+	}
 	if cfg.PluginsPath != pluginsPath {
 		t.Errorf("expected PluginsPath %q, got %q", pluginsPath, cfg.PluginsPath)
 	}
@@ -771,6 +775,7 @@ func TestBuildProvisionerConfig_WorkspacePathFromEnv(t *testing.T) {
 
 	workspaceDir := t.TempDir()
 	t.Setenv("WORKSPACE_DIR", workspaceDir)
+	t.Setenv("AWARENESS_URL", "http://awareness:37800")
 
 	pluginsPath := t.TempDir()
 	cfg := handler.buildProvisionerConfig(
@@ -781,11 +786,15 @@ func TestBuildProvisionerConfig_WorkspacePathFromEnv(t *testing.T) {
 		models.CreateWorkspacePayload{Tier: 2, Runtime: "claude-code"},
 		nil,
 		pluginsPath,
+		"workspace:ws-env",
 	)
 
 	if cfg.WorkspacePath != workspaceDir {
 		t.Errorf("expected WorkspacePath from env, got %q", cfg.WorkspacePath)
 	}
+	if cfg.AwarenessURL != "http://awareness:37800" {
+		t.Errorf("expected AwarenessURL from env, got %q", cfg.AwarenessURL)
+	}
 }
 
 // ==================== issueAndInjectToken (issue #418) ====================
@@ -797,8 +806,6 @@ func TestIssueAndInjectToken_HappyPath(t *testing.T) {
 	mock := setupTestDB(t)
 	broadcaster := newTestBroadcaster()
 	handler := NewWorkspaceHandler(broadcaster, nil, "http://localhost:8080", t.TempDir())
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 
 	// RevokeAllForWorkspace UPDATE (0 rows — no prior tokens, still succeeds)
 	mock.ExpectExec(`UPDATE workspace_auth_tokens SET revoked_at`).
@@ -836,8 +843,6 @@ func TestIssueAndInjectToken_RotatesExistingToken(t *testing.T) {
 	mock := setupTestDB(t)
 	broadcaster := newTestBroadcaster()
 	handler := NewWorkspaceHandler(broadcaster, nil, "http://localhost:8080", t.TempDir())
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 
 	// RevokeAllForWorkspace: 1 existing token revoked
 	mock.ExpectExec(`UPDATE workspace_auth_tokens SET revoked_at`).
@@ -904,8 +909,6 @@ func TestIssueAndInjectToken_IssueFailSkipsInjection(t *testing.T) {
 	mock := setupTestDB(t)
 	broadcaster := newTestBroadcaster()
 	handler := NewWorkspaceHandler(broadcaster, nil, "http://localhost:8080", t.TempDir())
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 
 	mock.ExpectExec(`UPDATE workspace_auth_tokens SET revoked_at`).
 		WithArgs("ws-418-issue-fail").
@@ -932,8 +935,6 @@ func TestIssueAndInjectToken_NilConfigFilesAllocated(t *testing.T) {
 	mock := setupTestDB(t)
 	broadcaster := newTestBroadcaster()
 	handler := NewWorkspaceHandler(broadcaster, nil, "http://localhost:8080", t.TempDir())
-	t.Setenv("MOLECULE_ORG_ID", "")
-	t.Setenv("MOLECULE_DEPLOY_MODE", "self-hosted")
 
 	mock.ExpectExec(`UPDATE workspace_auth_tokens SET revoked_at`).
 		WithArgs("ws-418-nil-cfg").
@@ -998,7 +999,7 @@ func TestSeedInitialMemories_Truncation(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), expectTruncated, "LOCAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))
 
-	seedInitialMemories(context.Background(), "ws-1066-test", memories)
+	seedInitialMemories(context.Background(), "ws-1066-test", memories, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v\n"+
@@ -1018,7 +1019,7 @@ func TestSeedInitialMemories_ContentUnderLimit(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), "short content", "TEAM", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))
 
-	seedInitialMemories(context.Background(), "ws-1066-under", memories)
+	seedInitialMemories(context.Background(), "ws-1066-under", memories, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)
@@ -1043,7 +1044,7 @@ func TestSeedInitialMemories_ExactlyAtLimit(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), atLimitContent, "LOCAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))
 
-	seedInitialMemories(context.Background(), "ws-boundary", memories)
+	seedInitialMemories(context.Background(), "ws-boundary", memories, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)
@@ -1059,7 +1060,7 @@ func TestSeedInitialMemories_EmptyContent(t *testing.T) {
 	}
 
 	// seedInitialMemories skips empty content at line 234 — no DB call expected.
-	seedInitialMemories(context.Background(), "ws-empty", memories)
+	seedInitialMemories(context.Background(), "ws-empty", memories, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)
@@ -1083,7 +1084,7 @@ func TestSeedInitialMemories_OversizedWithSecrets(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), sqlmock.AnyArg(), "GLOBAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))
 
-	seedInitialMemories(context.Background(), "ws-secrets", memories)
+	seedInitialMemories(context.Background(), "ws-secrets", memories, "test-ns")
 
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)

workspace-server/internal/handlers/workspace_test.go

@@ -342,7 +342,7 @@ func TestWorkspaceCreate_DBInsertError(t *testing.T) {
 	// Transaction begins, workspace INSERT fails, transaction is rolled back.
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Failing Agent", nil, 3, "langgraph", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Failing Agent", nil, 3, "langgraph", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnError(sql.ErrConnDone)
 	mock.ExpectRollback()
 
@@ -375,7 +375,7 @@ func TestWorkspaceCreate_DefaultsApplied(t *testing.T) {
 	// Expect workspace INSERT with defaulted tier=3 (Privileged — the
 	// handler default in workspace.go), runtime="langgraph"
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Default Agent", nil, 3, "langgraph", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Default Agent", nil, 3, "langgraph", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 
@@ -423,7 +423,7 @@ func TestWorkspaceCreate_SaaSHardForcesTier4(t *testing.T) {
 
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "SaaS External Agent", nil, 4, "external", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "SaaS External Agent", nil, 4, "external", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -464,7 +464,7 @@ func TestWorkspaceCreate_WithSecrets_Persists(t *testing.T) {
 
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Hermes Agent", nil, 3, "hermes", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Hermes Agent", nil, 3, "hermes", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	// Secret inserted inside the same transaction.
 	mock.ExpectExec("INSERT INTO workspace_secrets").
@@ -576,7 +576,7 @@ func TestWorkspaceCreate_ExternalURL_SSRFSafe(t *testing.T) {
 
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Ext Agent", nil, 3, "external", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Ext Agent", nil, 3, "external", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	// External URL update (localhost is explicitly allowed by validateAgentURL).
@@ -615,7 +615,7 @@ func TestWorkspaceCreate_KimiRuntime_PreservesLabel(t *testing.T) {
 
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Kimi Agent", nil, 3, "kimi", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Kimi Agent", nil, 3, "kimi", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	// Pre-register flow: awaiting_agent + runtime preserved as "kimi"
@@ -1639,7 +1639,7 @@ runtime_config:
 	mock.ExpectExec("INSERT INTO workspaces").
 		WithArgs(
 			sqlmock.AnyArg(), "Hermes Agent", nil, 3, "hermes",
-			(*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+			sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -1696,7 +1696,7 @@ model: anthropic:claude-sonnet-4-5
 	mock.ExpectExec("INSERT INTO workspaces").
 		WithArgs(
 			sqlmock.AnyArg(), "Legacy Agent", nil, 3, "langgraph",
-			(*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+			sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -1749,7 +1749,7 @@ runtime_config:
 	mock.ExpectExec("INSERT INTO workspaces").
 		WithArgs(
 			sqlmock.AnyArg(), "Custom Hermes", nil, 3, "hermes",
-			(*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+			sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -1894,7 +1894,7 @@ func TestWorkspaceCreate_188_ExplicitRuntimeNoTemplate_OK(t *testing.T) {
 
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Explicit Codex", nil, 3, "codex", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Explicit Codex", nil, 3, "codex", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").

workspace-server/internal/middleware/wsauth_middleware_test.go

@@ -256,7 +256,6 @@ func TestWorkspaceAuth_WrongWorkspace_Returns401(t *testing.T) {
 // live tokens anywhere) the middleware must let the request through so existing
 // deployments keep working during the Phase-30 rollout.
 func TestAdminAuth_FailOpen_NoTokensGlobally(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "")
 	mockDB, mock, err := sqlmock.New()
 	if err != nil {
 		t.Fatalf("sqlmock.New: %v", err)
@@ -376,7 +375,6 @@ func TestAdminAuth_C11_DeleteNoBearer_Returns401(t *testing.T) {
 // TestAdminAuth_ValidBearer_Passes — a valid bearer token (from any workspace)
 // must be accepted for admin routes.
 func TestAdminAuth_ValidBearer_Passes(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "")
 	mockDB, mock, err := sqlmock.New()
 	if err != nil {
 		t.Fatalf("sqlmock.New: %v", err)
@@ -420,7 +418,6 @@ func TestAdminAuth_ValidBearer_Passes(t *testing.T) {
 
 // TestAdminAuth_InvalidBearer_Returns401 — wrong token must not grant admin access.
 func TestAdminAuth_InvalidBearer_Returns401(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "")
 	mockDB, mock, err := sqlmock.New()
 	if err != nil {
 		t.Fatalf("sqlmock.New: %v", err)
@@ -703,7 +700,6 @@ func TestAdminAuth_Issue180_ApprovalsListing_NoBearer_Returns401(t *testing.T) {
 // fail-open contract: on a fresh install (no tokens anywhere), the middleware
 // must not block the canvas from polling /approvals/pending.
 func TestAdminAuth_Issue180_ApprovalsListing_FailOpen_NoTokens(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "")
 	mockDB, mock, err := sqlmock.New()
 	if err != nil {
 		t.Fatalf("sqlmock.New: %v", err)
@@ -1102,7 +1098,6 @@ func TestCanvasOrBearer_TokensExist_CanvasOrigin_Passes(t *testing.T) {
 // issuing workspace has status='removed' must not grant admin access.
 // The JOIN in ValidateAnyToken filters the row out, resulting in ErrNoRows.
 func TestAdminAuth_RemovedWorkspaceToken_Returns401(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "")
 	mockDB, mock, err := sqlmock.New()
 	if err != nil {
 		t.Fatalf("sqlmock.New: %v", err)
@@ -1256,7 +1251,6 @@ func TestAdminAuth_623_ForgedCORSOrigin_Returns401(t *testing.T) {
 // TestAdminAuth_623_ValidBearer_WithOrigin_Passes — bearer + matching Origin
 // should still work (the Origin is irrelevant once the bearer validates).
 func TestAdminAuth_623_ValidBearer_WithOrigin_Passes(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "")
 	mockDB, mock, err := sqlmock.New()
 	if err != nil {
 		t.Fatalf("sqlmock: %v", err)

workspace-server/internal/models/workspace.go

@@ -17,6 +17,7 @@ type Workspace struct {
 	Name               string          `json:"name" db:"name"`
 	Role               sql.NullString  `json:"role" db:"role"`
 	Tier               int             `json:"tier" db:"tier"`
+	AwarenessNamespace sql.NullString  `json:"awareness_namespace" db:"awareness_namespace"`
 	Status             string          `json:"status" db:"status"`
 	SourceBundleID     sql.NullString  `json:"source_bundle_id" db:"source_bundle_id"`
 	AgentCard          json.RawMessage `json:"agent_card" db:"agent_card"`
@@ -206,8 +207,7 @@ type CreateWorkspacePayload struct {
 	} `json:"canvas"`
 	// InitialMemories is an optional list of memories to seed into the
 	// workspace immediately after creation. Each entry is inserted into
-	// agent_memories under the workspace's v2 memory namespace
-	// ("workspace:<id>"). Issue #1050.
+	// agent_memories with the workspace's awareness namespace. Issue #1050.
 	InitialMemories []MemorySeed `json:"initial_memories"`
 }
 

workspace-server/internal/provisioner/cp_provisioner.go

@@ -241,12 +241,9 @@ func (p *CPProvisioner) Start(ctx context.Context, cfg WorkspaceConfig) (string,
 	// Cap body read at 64 KiB — the CP only ever returns small JSON
 	// responses; an unbounded read could be weaponized into log-flood
 	// DoS by a compromised upstream.
-	respBody, readErr := io.ReadAll(io.LimitReader(resp.Body, 64<<10))
-	if readErr != nil {
-		return "", fmt.Errorf("cp provisioner: read response body: %w", readErr)
-	}
+	respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 64<<10))
 	var result cpProvisionResponse
-	unmarshalErr := json.Unmarshal(respBody, &result)
+	json.Unmarshal(respBody, &result)
 
 	if resp.StatusCode != http.StatusCreated {
 		// Prefer the structured {"error":"..."} field. Do NOT fall back
@@ -260,10 +257,6 @@ func (p *CPProvisioner) Start(ctx context.Context, cfg WorkspaceConfig) (string,
 		return "", fmt.Errorf("cp provisioner: provision failed (%d): %s", resp.StatusCode, errMsg)
 	}
 
-	if unmarshalErr != nil {
-		return "", fmt.Errorf("cp provisioner: decode 201 response: %w", unmarshalErr)
-	}
-
 	log.Printf("CP provisioner: workspace %s → EC2 instance %s (%s)", cfg.WorkspaceID, result.InstanceID, result.State)
 	provlog.Event("provision.ec2_started", map[string]any{
 		"workspace_id": cfg.WorkspaceID,
@@ -416,11 +409,7 @@ func (p *CPProvisioner) Stop(ctx context.Context, workspaceID string) error {
 		// Read a bounded slice of the body so the error message gives ops
 		// enough to triage without risking a multi-MB log line on a
 		// pathological response. 512 bytes covers any sane error envelope.
-		body, readErr := io.ReadAll(io.LimitReader(resp.Body, 512))
-		if readErr != nil {
-			return fmt.Errorf("cp provisioner: stop %s: unexpected %d (read body failed: %w)",
-				workspaceID, resp.StatusCode, readErr)
-		}
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 512))
 		return fmt.Errorf("cp provisioner: stop %s: unexpected %d: %s",
 			workspaceID, resp.StatusCode, strings.TrimSpace(string(body)))
 	}

workspace-server/internal/provisioner/cp_provisioner_test.go

@@ -442,26 +442,6 @@ func TestStart_SymlinkTemplatePathError(t *testing.T) {
 	}
 }
 
-// TestStart_Malformed201SurfacesError — when CP returns 201 Created with
-// unparseable JSON, Start must return an error instead of silently
-// returning an empty instance_id. CR2 blocker from review #5552.
-func TestStart_Malformed201SurfacesError(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusCreated)
-		_, _ = io.WriteString(w, `{"instance_id": broken-json`)
-	}))
-	defer srv.Close()
-
-	p := &CPProvisioner{baseURL: srv.URL, orgID: "org-1", httpClient: srv.Client()}
-	_, err := p.Start(context.Background(), WorkspaceConfig{WorkspaceID: "ws-1", Runtime: "py"})
-	if err == nil {
-		t.Fatal("expected error on malformed 201, got nil")
-	}
-	if !strings.Contains(err.Error(), "decode 201 response") {
-		t.Errorf("error should mention decode 201 response, got %q", err.Error())
-	}
-}
-
 // TestStop_SendsBothAuthHeaders — verify #118/#130 compliance on the
 // teardown path. Any call to /cp/workspaces/:id must carry both the
 // platform-wide shared secret AND the per-tenant admin token, or the

workspace-server/internal/provisioner/provisioner.go

@@ -102,6 +102,8 @@ type WorkspaceConfig struct {
 	DiskGB             int32             // Optional CP root volume size override in GiB (SaaS only)
 	EnvVars            map[string]string // Additional env vars (API keys, etc.)
 	PlatformURL        string
+	AwarenessURL       string
+	AwarenessNamespace string
 	WorkspaceAccess    string // #65: "none" (default), "read_only", or "read_write"
 	ResetClaudeSession bool   // #12: if true, discard the claude-sessions volume before start (fresh session dir)
 
@@ -704,19 +706,11 @@ func buildContainerEnv(cfg WorkspaceConfig) []string {
 		// still override (Dockerfile ENV is overridden by docker -e at runtime).
 		"PYTHONPATH=/app",
 	}
-	// #1687: track explicit GH_TOKEN / GITHUB_TOKEN so they win over GH_PAT
-	// alias. These are normally stripped by the SCM-write guard below, but
-	// when a user explicitly sets them we preserve the value.
-	var explicitGHToken, explicitGitHubToken string
+	if cfg.AwarenessNamespace != "" && cfg.AwarenessURL != "" {
+		env = append(env, fmt.Sprintf("AWARENESS_NAMESPACE=%s", cfg.AwarenessNamespace))
+		env = append(env, fmt.Sprintf("AWARENESS_URL=%s", cfg.AwarenessURL))
+	}
 	for k, v := range cfg.EnvVars {
-		if k == "GH_TOKEN" {
-			explicitGHToken = v
-			continue
-		}
-		if k == "GITHUB_TOKEN" {
-			explicitGitHubToken = v
-			continue
-		}
 		// Forensic #145 hardening: tenant workspace containers run
 		// agent-controlled code and must NEVER receive a Git SCM *write*
 		// credential. Without merge/approve creds in-container the
@@ -734,19 +728,6 @@ func buildContainerEnv(cfg WorkspaceConfig) []string {
 		}
 		env = append(env, fmt.Sprintf("%s=%s", k, v))
 	}
-	// #1687: alias GH_PAT → GH_TOKEN / GITHUB_TOKEN on the READ side
-	// (container env assembly). Explicit values win: only alias when the
-	// key was not set in workspace secrets.
-	if explicitGHToken != "" {
-		env = append(env, fmt.Sprintf("GH_TOKEN=%s", explicitGHToken))
-	} else if pat, hasPAT := cfg.EnvVars["GH_PAT"]; hasPAT && pat != "" {
-		env = append(env, fmt.Sprintf("GH_TOKEN=%s", pat))
-	}
-	if explicitGitHubToken != "" {
-		env = append(env, fmt.Sprintf("GITHUB_TOKEN=%s", explicitGitHubToken))
-	} else if pat, hasPAT := cfg.EnvVars["GH_PAT"]; hasPAT && pat != "" {
-		env = append(env, fmt.Sprintf("GITHUB_TOKEN=%s", pat))
-	}
 	// Inject ADMIN_TOKEN from the platform server's environment so workspace
 	// containers can call /admin/liveness and other admin-gated endpoints
 	// (core#831). cp_provisioner.go handles this separately for SaaS tenants.

workspace-server/internal/provisioner/provisioner_test.go

@@ -692,6 +692,39 @@ func TestBuildContainerEnv_MoleculeAIURLAlwaysMatchesPlatformURL(t *testing.T) {
 	}
 }
 
+func TestBuildContainerEnv_AwarenessOnlyWhenBothSet(t *testing.T) {
+	// Both set → both injected.
+	cfg := WorkspaceConfig{
+		WorkspaceID:        "ws-x",
+		PlatformURL:        "http://localhost:8080",
+		AwarenessURL:       "http://awareness:9000",
+		AwarenessNamespace: "ns-1",
+	}
+	env := buildContainerEnv(cfg)
+	hasNS := false
+	hasURL := false
+	for _, e := range env {
+		if e == "AWARENESS_NAMESPACE=ns-1" {
+			hasNS = true
+		}
+		if e == "AWARENESS_URL=http://awareness:9000" {
+			hasURL = true
+		}
+	}
+	if !hasNS || !hasURL {
+		t.Errorf("both awareness vars must be present: env=%v", env)
+	}
+
+	// Only namespace set → neither injected (must be both-or-nothing).
+	cfg.AwarenessURL = ""
+	env2 := buildContainerEnv(cfg)
+	for _, e := range env2 {
+		if strings.HasPrefix(e, "AWARENESS_") {
+			t.Errorf("awareness vars must NOT be injected when URL is missing: got %q", e)
+		}
+	}
+}
+
 func TestBuildContainerEnv_CustomEnvVarsAppended(t *testing.T) {
 	// NOTE: this test previously asserted GITHUB_TOKEN passed through
 	// verbatim. That assertion encoded the forensic #145 latent leak as
@@ -737,12 +770,9 @@ func TestBuildContainerEnv_CustomEnvVarsAppended(t *testing.T) {
 // place — i.e. the guard is proven by construction, not by environment
 // accident.
 func TestBuildContainerEnv_StripsSCMWriteTokens(t *testing.T) {
-	// GH_TOKEN and GITHUB_TOKEN are preserved when explicitly set (#1687)
-	// because they win over the GH_PAT alias. The unconditional strip list
-	// therefore excludes them; see TestBuildContainerEnv_GHPATAliasPrecedence
-	// for the positive assertion.
 	scmTokens := []string{
-		"GITEA_TOKEN", "GITLAB_TOKEN", "GL_TOKEN", "BITBUCKET_TOKEN",
+		"GITEA_TOKEN", "GITHUB_TOKEN", "GH_TOKEN",
+		"GITLAB_TOKEN", "GL_TOKEN", "BITBUCKET_TOKEN",
 	}
 
 	t.Run("normal path — SCM tokens explicitly set in EnvVars", func(t *testing.T) {
@@ -750,9 +780,6 @@ func TestBuildContainerEnv_StripsSCMWriteTokens(t *testing.T) {
 		for _, k := range scmTokens {
 			envVars[k] = "leaked-write-credential-" + k
 		}
-		// Explicit GH_TOKEN / GITHUB_TOKEN are now preserved (#1687).
-		envVars["GH_TOKEN"] = "explicit-gh-token"
-		envVars["GITHUB_TOKEN"] = "explicit-github-token"
 		cfg := WorkspaceConfig{
 			WorkspaceID: "ws-tenant",
 			PlatformURL: "http://localhost:8080",
@@ -768,13 +795,6 @@ func TestBuildContainerEnv_StripsSCMWriteTokens(t *testing.T) {
 		if !envContains(buildContainerEnv(cfg), "ANTHROPIC_API_KEY=sk-keep") {
 			t.Errorf("filter must not strip non-SCM API keys")
 		}
-		// Explicit GH tokens must be preserved (not stripped).
-		if !envContains(buildContainerEnv(cfg), "GH_TOKEN=explicit-gh-token") {
-			t.Errorf("explicit GH_TOKEN must be preserved")
-		}
-		if !envContains(buildContainerEnv(cfg), "GITHUB_TOKEN=explicit-github-token") {
-			t.Errorf("explicit GITHUB_TOKEN must be preserved")
-		}
 	})
 
 	t.Run("persona-file path — simulates loadPersonaEnvFile merge", func(t *testing.T) {
@@ -835,106 +855,6 @@ func TestCPProvisionerEnv_StripsSCMWriteTokens(t *testing.T) {
 	}
 }
 
-// TestBuildContainerEnv_GHPATAliasPrecedence asserts that explicit GH_TOKEN /
-// GITHUB_TOKEN in workspace secrets win over the GH_PAT alias (#1687 CR2
-// review_id=5646). The alias must only inject a key when it was NOT explicitly
-// set.
-func TestBuildContainerEnv_GHPATAliasPrecedence(t *testing.T) {
-	pat := "ghp_pat_from_secrets"
-	explicitGH := "gh_explicit_token"
-	explicitGitHub := "github_explicit_token"
-
-	t.Run("GH_PAT alone → alias both", func(t *testing.T) {
-		cfg := WorkspaceConfig{
-			WorkspaceID: "ws-x",
-			PlatformURL: "http://localhost:8080",
-			EnvVars:     map[string]string{"GH_PAT": pat},
-		}
-		env := buildContainerEnv(cfg)
-		if !envContains(env, "GH_TOKEN="+pat) {
-			t.Errorf("GH_PAT alias must set GH_TOKEN, got %v", env)
-		}
-		if !envContains(env, "GITHUB_TOKEN="+pat) {
-			t.Errorf("GH_PAT alias must set GITHUB_TOKEN, got %v", env)
-		}
-	})
-
-	t.Run("explicit GH_TOKEN wins over GH_PAT alias", func(t *testing.T) {
-		cfg := WorkspaceConfig{
-			WorkspaceID: "ws-x",
-			PlatformURL: "http://localhost:8080",
-			EnvVars: map[string]string{
-				"GH_PAT":   pat,
-				"GH_TOKEN": explicitGH,
-			},
-		}
-		env := buildContainerEnv(cfg)
-		if envContains(env, "GH_TOKEN="+pat) {
-			t.Errorf("explicit GH_TOKEN must win over GH_PAT alias, got GH_TOKEN=%q", pat)
-		}
-		if !envContains(env, "GH_TOKEN="+explicitGH) {
-			t.Errorf("explicit GH_TOKEN must be preserved, got %v", env)
-		}
-	})
-
-	t.Run("explicit GITHUB_TOKEN wins over GH_PAT alias", func(t *testing.T) {
-		cfg := WorkspaceConfig{
-			WorkspaceID: "ws-x",
-			PlatformURL: "http://localhost:8080",
-			EnvVars: map[string]string{
-				"GH_PAT":       pat,
-				"GITHUB_TOKEN": explicitGitHub,
-			},
-		}
-		env := buildContainerEnv(cfg)
-		if envContains(env, "GITHUB_TOKEN="+pat) {
-			t.Errorf("explicit GITHUB_TOKEN must win over GH_PAT alias, got GITHUB_TOKEN=%q", pat)
-		}
-		if !envContains(env, "GITHUB_TOKEN="+explicitGitHub) {
-			t.Errorf("explicit GITHUB_TOKEN must be preserved, got %v", env)
-		}
-	})
-
-	t.Run("explicit both → both preserved, no alias", func(t *testing.T) {
-		cfg := WorkspaceConfig{
-			WorkspaceID: "ws-x",
-			PlatformURL: "http://localhost:8080",
-			EnvVars: map[string]string{
-				"GH_PAT":       pat,
-				"GH_TOKEN":     explicitGH,
-				"GITHUB_TOKEN": explicitGitHub,
-			},
-		}
-		env := buildContainerEnv(cfg)
-		if envContains(env, "GH_TOKEN="+pat) {
-			t.Errorf("explicit GH_TOKEN must win, got alias value %q", pat)
-		}
-		if envContains(env, "GITHUB_TOKEN="+pat) {
-			t.Errorf("explicit GITHUB_TOKEN must win, got alias value %q", pat)
-		}
-		if !envContains(env, "GH_TOKEN="+explicitGH) {
-			t.Errorf("explicit GH_TOKEN must be preserved, got %v", env)
-		}
-		if !envContains(env, "GITHUB_TOKEN="+explicitGitHub) {
-			t.Errorf("explicit GITHUB_TOKEN must be preserved, got %v", env)
-		}
-	})
-
-	t.Run("no GH_PAT → no alias injected", func(t *testing.T) {
-		cfg := WorkspaceConfig{
-			WorkspaceID: "ws-x",
-			PlatformURL: "http://localhost:8080",
-			EnvVars:     map[string]string{"OTHER": "ok"},
-		}
-		env := buildContainerEnv(cfg)
-		for _, e := range env {
-			if strings.HasPrefix(e, "GH_TOKEN=") || strings.HasPrefix(e, "GITHUB_TOKEN=") {
-				t.Errorf("no GH_PAT present → no alias should be injected, got %q", e)
-			}
-		}
-	})
-}
-
 func assertNoSCMWriteToken(t *testing.T, env []string, scmTokens []string) {
 	t.Helper()
 	for _, e := range env {

workspace-server/internal/router/admin_test_token_route_test.go

@@ -81,7 +81,6 @@ func TestTestTokenRoute_RequiresAdminAuth_WhenTokensExist(t *testing.T) {
 // bootstrap path still works before the first workspace has registered.
 func TestTestTokenRoute_FailOpenOnFreshInstall(t *testing.T) {
 	t.Setenv("MOLECULE_ENV", "development")
-	t.Setenv("ADMIN_TOKEN", "")
 	mock := setupRouterTestDB(t)
 
 	// HasAnyLiveTokenGlobal: no tokens yet — fresh install.

workspace-server/migrations/20260523130000_drop_workspaces_awareness_namespace.down.sql

@@ -1,11 +0,0 @@
--- Reverse of 20260523130000_drop_workspaces_awareness_namespace.up.sql.
---
--- Restores the workspaces.awareness_namespace column verbatim from
--- migration 010_workspace_awareness.sql so a down-cycle leaves the
--- schema bit-identical to the pre-drop state. The column will be
--- NULL on all rows after re-add — handlers no longer write to it and
--- callers no longer read it, so this is functionally inert without
--- a paired code revert.
-
-ALTER TABLE workspaces
-    ADD COLUMN IF NOT EXISTS awareness_namespace TEXT;

workspace-server/migrations/20260523130000_drop_workspaces_awareness_namespace.up.sql

@@ -1,19 +0,0 @@
--- Issue #1735 — drop the workspaces.awareness_namespace column.
---
--- "Awareness namespaces" were a memory-routing surface (env vars
--- AWARENESS_URL / AWARENESS_NAMESPACE) that was plumbed across the
--- platform but never wired in any production or staging environment
--- (verified 2026-05-23 via Railway GraphQL on the controlplane service:
--- AWARENESS_* unset in both env IDs 59227671-… and 639539ec-…).
---
--- The column added by migration 010_workspace_awareness.sql was only
--- ever populated with the canonical "workspace:<id>" string, which is
--- also the v2 memory namespace string (see internal/memory/namespace/
--- resolver.go:186). Removing the column does not change any agent-
--- visible memory namespace — handlers now compute the same
--- "workspace:<id>" string inline when inserting into agent_memories.
---
--- Related: #1733 (memory SSOT consolidation), #1734 (Memory tab bug).
-
-ALTER TABLE workspaces
-    DROP COLUMN IF EXISTS awareness_namespace;