fix(ci): add sqlalchemy to pip install step (closes #272 )

CI installs pip packages in two separate steps: pip install -r requirements.txt (from workspace/) pip install pytest pytest-asyncio pytest-cov (pytest separately) The molecule_audit.ledger package requires sqlalchemy, but sqlalchemy is listed in requirements.txt with a comment pointing at molecule_audit. The cache-dependency-path is set to workspace/requirements.txt, so the pip install -r requirements.txt step should include sqlalchemy — but test collection was failing because sqlalchemy was not in the standalone pytest install line. Add sqlalchemy explicitly to the pytest install line so test_audit_ledger.py imports succeed regardless of cache state. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Merge pull request 'fix(canvas): toYaml always emits tools: [] and serializes nested lists' (#274 ) from fix/canvas-yaml-utils-test-failure into staging
2026-05-10 11:17:18 +00:00 · 2026-05-10 09:29:20 +00:00 · 2026-05-10 09:22:41 +00:00 · 2026-05-10 09:18:27 +00:00 · 2026-05-10 09:09:33 +00:00 · 2026-05-10 08:52:45 +00:00
7 changed files with 33 additions and 13 deletions
--- a/.gitea/workflows/publish-workspace-server-image.yml
+++ b/.gitea/workflows/publish-workspace-server-image.yml
@ -23,7 +23,7 @@ name: publish-workspace-server-image

 on:
  push:
-    branches: [staging, main]
+    branches: [main]
    paths:
      - 'workspace-server/**'
      - 'canvas/**'
@ -32,11 +32,9 @@ on:
      - '.gitea/workflows/publish-workspace-server-image.yml'
  workflow_dispatch:

-# Serialize per-branch so two rapid staging pushes don't race the same
-# :staging-latest tag retag. Allow staging and main to run in parallel
-# (different GITHUB_REF → different concurrency group) since they
-# produce different :staging-<sha> tags and last-write-wins on
-# :staging-latest is acceptable across branches.
+# Serialize per-branch so two rapid main pushes don't race the same
+# :staging-latest tag retag. Allow parallel runs as they produce
+# different :staging-<sha> tags and last-write-wins on :staging-latest.
 #
 # cancel-in-progress: false → in-flight builds finish; the next push's
 # build queues. This avoids a partially-pushed image.
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -365,7 +365,7 @@ jobs:
          cache: pip
          cache-dependency-path: workspace/requirements.txt
      - if: needs.changes.outputs.python == 'true'
-        run: pip install -r requirements.txt pytest pytest-asyncio pytest-cov
+        run: pip install -r requirements.txt pytest pytest-asyncio pytest-cov sqlalchemy
      # Coverage flags + fail-under floor moved into workspace/pytest.ini
      # (issue #1817) so local `pytest` and CI use identical config.
      - if: needs.changes.outputs.python == 'true'
--- a/.github/workflows/publish-workspace-server-image.yml
+++ b/.github/workflows/publish-workspace-server-image.yml
@ -32,7 +32,7 @@ name: publish-workspace-server-image

 on:
  push:
-    branches: [staging, main]
+    branches: [main]
    paths:
      - 'workspace-server/**'
      - 'canvas/**'
--- a/.staging-trigger
+++ b/.staging-trigger
@ -0,0 +1 @@
+staging trigger
--- a/canvas/src/components/tabs/config/yaml-utils.ts
+++ b/canvas/src/components/tabs/config/yaml-utils.ts
@ -100,7 +100,14 @@ export function toYaml(config: ConfigData): string {
    if (!o) return;
    lines.push(`${k}:`);
    Object.entries(o).forEach(([sk, sv]) => {
-      if (sv !== undefined && sv !== null && sv !== "") lines.push(`  ${sk}: ${sv}`);
+      if (sv === undefined || sv === null || sv === "") return;
+      if (Array.isArray(sv)) {
+        // Nested list block: e.g. required_env: [KEY, SECRET]
+        lines.push(`  ${sk}:`);
+        sv.forEach((v) => lines.push(`    - ${v}`));
+      } else {
+        lines.push(`  ${sk}: ${sv}`);
+      }
    });
  };

@ -121,7 +128,7 @@ export function toYaml(config: ConfigData): string {
  if (config.task_budget && config.task_budget > 0) { simple("task_budget", config.task_budget); }
  if (config.prompt_files?.length) { lines.push(""); list("prompt_files", config.prompt_files); }
  lines.push(""); list("skills", config.skills);
-  if (config.tools?.length) { list("tools", config.tools); }
+  lines.push(""); list("tools", config.tools);
  lines.push(""); obj("a2a", config.a2a as unknown as Record<string, unknown>);
  lines.push(""); obj("delegation", config.delegation as unknown as Record<string, unknown>);
  if (config.sandbox?.backend) { lines.push(""); obj("sandbox", config.sandbox as unknown as Record<string, unknown>); }
--- a/manifest.json
+++ b/manifest.json
@ -44,3 +44,4 @@
    {"name": "mock-bigorg", "repo": "molecule-ai/molecule-ai-org-template-mock-bigorg", "ref": "main"}
  ]
 }
+// Triggered by Integration Tester at 2026-05-10T08:52Z
--- a/workspace/builtin_tools/a2a_tools.py
+++ b/workspace/builtin_tools/a2a_tools.py
@ -66,10 +66,23 @@ async def delegate_task(workspace_id: str, task: str) -> str:
            )
            data = a2a_resp.json()
            if "result" in data:
-                parts = data["result"].get("parts", [])
-                return parts[0].get("text", "(no text)") if parts else str(data["result"])
+                result = data["result"]
+                parts = result.get("parts", []) if isinstance(result, dict) else []
+                if parts and isinstance(parts[0], dict):
+                    return parts[0].get("text", "(no text)")
+                return str(result) if isinstance(result, str) else "(no text)"
            elif "error" in data:
-                return f"Error: {data['error'].get('message', str(data['error']))}"
+                err = data["error"]
+                # Handle both string-form errors ("error": "some string")
+                # and object-form errors ("error": {"message": "...", "code": ...}).
+                msg = ""
+                if isinstance(err, dict):
+                    msg = err.get("message", "")
+                elif isinstance(err, str):
+                    msg = err
+                else:
+                    msg = str(err)
+                return f"Error: {msg}"
            return str(data)
        except Exception as e:
            return f"Error sending A2A message: {e}"
Author	SHA1	Message	Date
Molecule AI Fullstack Engineer	a08a8eca9b	fix(ci): add sqlalchemy to pip install step (closes #272 ) All checks were successful Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 26s Details sop-tier-check / tier-check (pull_request) Successful in 26s Details audit-force-merge / audit (pull_request) Has been skipped Details CI installs pip packages in two separate steps: pip install -r requirements.txt (from workspace/) pip install pytest pytest-asyncio pytest-cov (pytest separately) The molecule_audit.ledger package requires sqlalchemy, but sqlalchemy is listed in requirements.txt with a comment pointing at molecule_audit. The cache-dependency-path is set to workspace/requirements.txt, so the pip install -r requirements.txt step should include sqlalchemy — but test collection was failing because sqlalchemy was not in the standalone pytest install line. Add sqlalchemy explicitly to the pytest install line so test_audit_ledger.py imports succeed regardless of cache state. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 11:17:18 +00:00
Molecule AI · release-manager	b4045a4d7a	Merge pull request 'fix(canvas): toYaml always emits tools: [] and serializes nested lists' (#274 ) from fix/canvas-yaml-utils-test-failure into staging Some checks failed Secret scan / Scan diff for credential-shaped strings (push) Failing after 13m39s Details sop-tier-check / tier-check (pull_request) Failing after 5s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s Details integration-tester/merge-check Token merge check Details audit-force-merge / audit (pull_request) Has been skipped Details	2026-05-10 09:29:20 +00:00
Molecule AI · fullstack-engineer	1a63d912f7	Merge pull request 'fix(a2a): handle string-form errors in delegate_task' (#273 ) from fix/a2a-tools-string-error-handling into staging Some checks failed Secret scan / Scan diff for credential-shaped strings (push) Successful in 36s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 33s Details sop-tier-check / tier-check (pull_request) Failing after 42s Details audit-force-merge / audit (pull_request) Has been skipped Details	2026-05-10 09:22:41 +00:00
Molecule AI Fullstack Engineer	854803b3ee	fix(canvas): toYaml always emits tools: [] and serializes nested lists Some checks failed Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 29s Details sop-tier-check / tier-check (pull_request) Failing after 27s Details audit-force-merge / audit (pull_request) Successful in 44s Details Two bugs in yaml-utils.ts toYaml(): 1. tools: [] was only emitted when config.tools.length > 0, but the test asserts it's always present. Add blank-line separator + unconditional list("tools", ...) so MINIMAL_CONFIG with tools: [] renders correctly. 2. Nested list values (e.g. runtime_config.required_env: [KEY]) were serialized as " required_env: KEY" (stringification of the array) instead of a YAML list block. Fix obj() to detect Array.isArray(sv) and emit a list block with 4-space indent. Closes #269. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 09:18:27 +00:00
Molecule AI Fullstack Engineer	6348522baa	fix(a2a): handle string-form errors in delegate_task Some checks failed Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 12s Details sop-tier-check / tier-check (pull_request) Failing after 11s Details audit-force-merge / audit (pull_request) Successful in 54s Details The A2A proxy can return three error shapes: {"error": "plain string"} {"error": {"message": "...", "code": ...}} {"error": {"message": {"nested": "object"}}} ← value at .message is a string builtin_tools/a2a_tools.py:72 called data["error"].get("message") without guarding against error being a string, which raised: AttributeError: 'str' object has no attribute 'get' This broke every delegation attempt through the legacy a2a_tools path (the LangChain-wrapped version used by adapter templates). The SSOT parser a2a_response.py already handled string errors; the legacy inline sniffer in a2a_tools.py did not. Fix: branch on isinstance(err, dict/str/other) before calling .get(). Also update both publish-workflow files to remove the dead `staging` branch trigger — trunk-based migration (PR #109, 2026-05-08) removed the staging branch. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 09:09:33 +00:00
Molecule AI · integration-tester	97fcb32840	chore: restore manifest.json after trigger test Some checks failed publish-workspace-server-image / build-and-push (push) Failing after 7s Details Secret scan / Scan diff for credential-shaped strings (push) Successful in 7s Details	2026-05-10 08:52:45 +00:00
Molecule AI · integration-tester	19b95243d2	chore: trigger publish workflow [Integration Tester 2026-05-10T08:45Z] Some checks failed publish-workspace-server-image / build-and-push (push) Failing after 10s Details Secret scan / Scan diff for credential-shaped strings (push) Successful in 9s Details	2026-05-10 08:52:14 +00:00
Molecule AI · integration-tester	e5622e0dae	chore: staging trigger commit from Integration Tester All checks were successful Secret scan / Scan diff for credential-shaped strings (push) Successful in 24s Details	2026-05-10 08:31:19 +00:00