fix(workspace): register plugins_registry as sys.modules shim before loading adapters

KI-296 fix: when the PyPI-installed runtime (molecule-ai-workspace-runtime 0.1.129+) ships plugins_registry as molecule_runtime.plugins_registry (a subpackage), plugin adapter files that do ``from plugins_registry import ...`` as a top-level name fail with ModuleNotFoundError because Python's import system cannot find a top-level ``plugins_registry`` package. The fix in plugins_registry/__init__.py:_load_module_from_path() registers molecule_runtime.plugins_registry as ``plugins_registry`` in sys.modules before exec'ing any plugin adapter file, so the top-level import resolves correctly in both environments: - PyPI wheel (molecule_runtime.plugins_registry → sys.modules["plugins_registry"]) - molecule-core workspace source (top-level workspace/plugins_registry already on sys.path; the setdefault is a no-op) Submodules (builtins, protocol, raw_drop) are also registered so adapters that import ``from plugins_registry.builtins import ...`` work without error. Added test_load_module_from_path_registers_plugins_registry_sys_modules. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
fix(workspace): default PLATFORM_URL to host.docker.internal in all modules
2026-05-10 14:55:05 +00:00 · 2026-05-10 14:55:05 +00:00 · 2026-05-10 14:43:23 +00:00 · 2026-05-10 14:42:59 +00:00 · 2026-05-10 14:19:36 +00:00 · 2026-05-10 13:56:29 +00:00
47 changed files with 797 additions and 996 deletions
@@ -32,9 +32,11 @@ on:
      - '.gitea/workflows/publish-workspace-server-image.yml'
  workflow_dispatch:

-# Serialize per-branch so two rapid main pushes don't race the same
-# :staging-latest tag retag. Allow parallel runs as they produce
-# different :staging-<sha> tags and last-write-wins on :staging-latest.
+# Serialize per-branch so two rapid staging pushes don't race the same
+# :staging-latest tag retag. Allow staging and main to run in parallel
+# (different GITHUB_REF → different concurrency group) since they
+# produce different :staging-<sha> tags and last-write-wins on
+# :staging-latest is acceptable across branches.
 #
 # cancel-in-progress: false → in-flight builds finish; the next push's
 # build queues. This avoids a partially-pushed image.
@@ -57,6 +59,25 @@ jobs:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

+      # Health check: verify Docker daemon is accessible before attempting any
+      # build steps. This fails loudly at step 1 when the runner's docker.sock
+      # is inaccessible (e.g. permission change, daemon restart, or group-membership
+      # drift) rather than silently continuing to step 2 where `docker build`
+      # fails deep in the process with a cryptic ECR auth error that doesn't
+      # surface the root cause.  Also reports the daemon version so operator
+      # can correlate with runner host logs.
+      - name: Verify Docker daemon access
+        run: |
+          set -euo pipefail
+          echo "::group::Docker daemon health check"
+          docker info 2>&1 | head -5 || {
+            echo "::error::Docker daemon is not accessible at /var/run/docker.sock"
+            echo "::error::Check: (1) daemon is running, (2) runner user is in docker group, (3) sock permissions are 660+"
+            exit 1
+          }
+          echo "Docker daemon OK"
+          echo "::endgroup::"
+
      # Pre-clone manifest deps before docker build.
      #
      # Why: workspace-template-* repos on Gitea are private. The pre-fix
@@ -54,6 +54,22 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

+      # Health check: verify Docker daemon is accessible before attempting any
+      # build steps. This fails loudly at step 1 when the runner's docker.sock
+      # is inaccessible rather than silently continuing to the build step
+      # where docker build fails deep in ECR auth with a cryptic error.
+      - name: Verify Docker daemon access
+        run: |
+          set -euo pipefail
+          echo "::group::Docker daemon health check"
+          docker info 2>&1 | head -5 || {
+            echo "::error::Docker daemon is not accessible at /var/run/docker.sock"
+            echo "::error::Check: (1) daemon running, (2) runner user in docker group, (3) sock perms 660+"
+            exit 1
+          }
+          echo "Docker daemon OK"
+          echo "::endgroup::"
+
      - name: Compute tags
        id: tags
        shell: bash
@@ -107,6 +107,22 @@ jobs:
        run: |
          echo "sha=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"

+      # Health check: verify Docker daemon is accessible before attempting any
+      # build steps. This fails loudly at step 1 when the runner's docker.sock
+      # is inaccessible rather than silently continuing to the build step
+      # where docker build fails deep in ECR auth with a cryptic error.
+      - name: Verify Docker daemon access
+        run: |
+          set -euo pipefail
+          echo "::group::Docker daemon health check"
+          docker info 2>&1 | head -5 || {
+            echo "::error::Docker daemon is not accessible at /var/run/docker.sock"
+            echo "::error::Check: (1) daemon running, (2) runner user in docker group, (3) sock perms 660+"
+            exit 1
+          }
+          echo "Docker daemon OK"
+          echo "::endgroup::"
+
      # Pre-clone manifest deps before docker build (Task #173 fix).
      #
      # Why pre-clone: post-2026-05-06, every workspace-template-* repo on
@@ -1 +0,0 @@
-staging trigger
@@ -31,14 +31,17 @@ export function extractMessageText(body: Record<string, unknown> | null): string
    if (text) return text;

    // Response: result.parts[].text or result.parts[].root.text
-    // Takes only the first non-empty entry (prefers parts[].text over root).
    const result = body.result as Record<string, unknown> | undefined;
    const rParts = (result?.parts || []) as Array<Record<string, unknown>>;
-    for (const p of rParts) {
-      if (typeof p.text === "string" && p.text) return p.text;
-      const root = p.root as Record<string, unknown> | undefined;
-      if (typeof root?.text === "string" && root.text) return root.text;
-    }
+    const rText = rParts
+      .map((p) => {
+        if (p.text) return p.text as string;
+        const root = p.root as Record<string, unknown> | undefined;
+        return (root?.text as string) || "";
+      })
+      .filter(Boolean)
+      .join("\n");
+    if (rText) return rText;

    if (typeof body.result === "string") return body.result;
  } catch { /* ignore */ }
@@ -9,25 +9,11 @@ import React from "react";
 import { render, screen, fireEvent, cleanup, waitFor, act } from "@testing-library/react";
 import { afterEach, describe, expect, it, vi, beforeEach } from "vitest";
 import { ApprovalBanner } from "../ApprovalBanner";
+import { showToast } from "@/components/Toaster";
 import { api } from "@/lib/api";

-// ─── Mock Toaster (hoisted so it's available in module scope) ─────────────────
-const mockShowToast = vi.hoisted(() => vi.fn());
-
 vi.mock("@/components/Toaster", () => ({
-  showToast: mockShowToast,
-}));
-
-// ─── Mock API ─────────────────────────────────────────────────────────────────
-// vi.hoisted() ensures these are resolved before vi.mock factories run.
-const mockApiGet = vi.hoisted(() => vi.fn());
-const mockApiPost = vi.hoisted(() => vi.fn());
-
-vi.mock("@/lib/api", () => ({
-  api: {
-    get: mockApiGet,
-    post: mockApiPost,
-  },
+  showToast: vi.fn(),
 }));

 // ─── Helpers ──────────────────────────────────────────────────────────────────
@@ -50,27 +36,11 @@ const pendingApproval = (id = "a1", workspaceId = "ws-1"): {
  created_at: "2026-05-10T10:00:00Z",
 });

-// ─── Cleanup between tests ────────────────────────────────────────────────────
-// jsdom is shared across test files; clear the DOM before each test to prevent
-// leftover elements from previous test files (e.g. aria-time-sensitive.test.tsx)
-// from polluting queries.
-beforeEach(() => {
-  document.body.innerHTML = "";
-  mockApiGet.mockReset();
-  mockApiPost.mockReset();
-  mockShowToast.mockReset();
-});
-
-afterEach(() => {
-  cleanup();
-  vi.restoreAllMocks();
-});
-
 // ─── Tests ────────────────────────────────────────────────────────────────────

 describe("ApprovalBanner — empty state", () => {
  it("renders nothing when there are no pending approvals", async () => {
-    mockApiGet.mockResolvedValueOnce([]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -79,7 +49,7 @@ describe("ApprovalBanner — empty state", () => {
  });

  it("does not render any approve/deny buttons when list is empty", async () => {
-    mockApiGet.mockResolvedValueOnce([]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -91,7 +61,7 @@ describe("ApprovalBanner — empty state", () => {

 describe("ApprovalBanner — renders approval cards", () => {
  it("renders an alert card for each pending approval", async () => {
-    mockApiGet.mockResolvedValueOnce([
+    vi.spyOn(api, "get").mockResolvedValueOnce([
      pendingApproval("a1"),
      pendingApproval("a2", "ws-2"),
    ]);
@@ -104,7 +74,7 @@ describe("ApprovalBanner — renders approval cards", () => {
  });

  it("displays the workspace name and action text", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -114,7 +84,7 @@ describe("ApprovalBanner — renders approval cards", () => {
  });

  it("displays the reason when present", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -123,7 +93,9 @@ describe("ApprovalBanner — renders approval cards", () => {
  });

  it("omits the reason div when reason is null", async () => {
-    mockApiGet.mockResolvedValueOnce([{ ...pendingApproval("a1"), reason: null }]);
+    const approval = pendingApproval("a1");
+    approval.reason = null;
+    vi.spyOn(api, "get").mockResolvedValueOnce([approval]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -132,7 +104,7 @@ describe("ApprovalBanner — renders approval cards", () => {
  });

  it("renders both Approve and Deny buttons per card", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -142,7 +114,7 @@ describe("ApprovalBanner — renders approval cards", () => {
  });

  it("has aria-live=assertive on the alert container", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -164,7 +136,7 @@ describe("ApprovalBanner — polling", () => {
  });

  it("clears the polling interval on unmount", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
    const { unmount } = render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -176,8 +148,9 @@ describe("ApprovalBanner — polling", () => {

 describe("ApprovalBanner — decisions", () => {
  it("calls POST /workspaces/:id/approvals/:id/decide on Approve click", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1", "ws-1")]);
-    mockApiPost.mockResolvedValueOnce(undefined);
+    const approval = pendingApproval("a1", "ws-1");
+    vi.spyOn(api, "get").mockResolvedValueOnce([approval]);
+    const postSpy = vi.spyOn(api, "post").mockResolvedValueOnce(undefined);

    render(<ApprovalBanner />);
    await act(async () => {
@@ -187,7 +160,7 @@ describe("ApprovalBanner — decisions", () => {
    fireEvent.click(screen.getByRole("button", { name: /approve/i }));

    await waitFor(() => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(postSpy).toHaveBeenCalledWith(
        "/workspaces/ws-1/approvals/a1/decide",
        { decision: "approved", decided_by: "human" }
      );
@@ -195,8 +168,9 @@ describe("ApprovalBanner — decisions", () => {
  });

  it("calls POST with decision=denied on Deny click", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1", "ws-1")]);
-    mockApiPost.mockResolvedValueOnce(undefined);
+    const approval = pendingApproval("a1", "ws-1");
+    vi.spyOn(api, "get").mockResolvedValueOnce([approval]);
+    const postSpy = vi.spyOn(api, "post").mockResolvedValueOnce(undefined);

    render(<ApprovalBanner />);
    await act(async () => {
@@ -206,7 +180,7 @@ describe("ApprovalBanner — decisions", () => {
    fireEvent.click(screen.getByRole("button", { name: /deny/i }));

    await waitFor(() => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(postSpy).toHaveBeenCalledWith(
        "/workspaces/ws-1/approvals/a1/decide",
        { decision: "denied", decided_by: "human" }
      );
@@ -214,8 +188,9 @@ describe("ApprovalBanner — decisions", () => {
  });

  it("removes the card from state after a successful decision", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
-    mockApiPost.mockResolvedValueOnce(undefined);
+    const approval = pendingApproval("a1", "ws-1");
+    vi.spyOn(api, "get").mockResolvedValueOnce([approval]);
+    vi.spyOn(api, "post").mockResolvedValueOnce(undefined);

    render(<ApprovalBanner />);
    await act(async () => {
@@ -233,8 +208,8 @@ describe("ApprovalBanner — decisions", () => {
  });

  it("shows a success toast on approve", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
-    mockApiPost.mockResolvedValueOnce(undefined);
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "post").mockResolvedValueOnce(undefined);

    render(<ApprovalBanner />);
    await act(async () => {
@@ -244,13 +219,13 @@ describe("ApprovalBanner — decisions", () => {
    fireEvent.click(screen.getByRole("button", { name: /approve/i }));

    await waitFor(() => {
-      expect(mockShowToast).toHaveBeenCalledWith("Approved", "success");
+      expect(showToast).toHaveBeenCalledWith("Approved", "success");
    });
  });

  it("shows an info toast on deny", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
-    mockApiPost.mockResolvedValueOnce(undefined);
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "post").mockResolvedValueOnce(undefined);

    render(<ApprovalBanner />);
    await act(async () => {
@@ -260,13 +235,13 @@ describe("ApprovalBanner — decisions", () => {
    fireEvent.click(screen.getByRole("button", { name: /deny/i }));

    await waitFor(() => {
-      expect(mockShowToast).toHaveBeenCalledWith("Denied", "info");
+      expect(showToast).toHaveBeenCalledWith("Denied", "info");
    });
  });

  it("shows an error toast when POST fails", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
-    mockApiPost.mockRejectedValueOnce(new Error("Network error"));
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "post").mockRejectedValueOnce(new Error("Network error"));

    render(<ApprovalBanner />);
    await act(async () => {
@@ -276,13 +251,13 @@ describe("ApprovalBanner — decisions", () => {
    fireEvent.click(screen.getByRole("button", { name: /approve/i }));

    await waitFor(() => {
-      expect(mockShowToast).toHaveBeenCalledWith("Failed to submit decision", "error");
+      expect(showToast).toHaveBeenCalledWith("Failed to submit decision", "error");
    });
  });

  it("keeps the card visible when the POST fails", async () => {
-    mockApiGet.mockResolvedValueOnce([pendingApproval("a1")]);
-    mockApiPost.mockRejectedValueOnce(new Error("Network error"));
+    vi.spyOn(api, "get").mockResolvedValueOnce([pendingApproval("a1")]);
+    vi.spyOn(api, "post").mockRejectedValueOnce(new Error("Network error"));

    render(<ApprovalBanner />);
    await act(async () => {
@@ -300,7 +275,7 @@ describe("ApprovalBanner — decisions", () => {

 describe("ApprovalBanner — handles empty list from server", () => {
  it("shows nothing when the API returns an empty array on first poll", async () => {
-    mockApiGet.mockResolvedValueOnce([]);
+    vi.spyOn(api, "get").mockResolvedValueOnce([]);
    render(<ApprovalBanner />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -11,16 +11,9 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { BundleDropZone } from "../BundleDropZone";
 import { api } from "@/lib/api";

-// jsdom is shared across test files; clear the DOM before each test.
-beforeEach(() => {
-  document.body.innerHTML = "";
-});
-
-const mockApiPost = vi.hoisted(() => vi.fn());
-
 vi.mock("@/lib/api", () => ({
  api: {
-    post: mockApiPost,
+    post: vi.fn(),
  },
 }));

@@ -49,31 +42,49 @@ function makeBundle(name = "test-workspace"): File {
 describe("BundleDropZone — render", () => {
  it("renders a hidden file input with correct accept and aria-label", () => {
    render(<BundleDropZone />);
-    // Use id to uniquely target the input (the <button> shares aria-label).
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
-    expect(input).toBeTruthy();
+    const input = screen.getByLabelText("Import bundle file");
    expect(input.getAttribute("type")).toBe("file");
    expect(input.getAttribute("accept")).toBe(".bundle.json");
-    expect(input.getAttribute("aria-label")).toBe("Import bundle file");
  });

  it("renders the keyboard-accessible import button with aria-label", () => {
    render(<BundleDropZone />);
-    // Use aria-controls to uniquely identify the button (input and button share
-    // aria-label, so query by the aria-controls link to the input's ID instead).
-    const btn = document.querySelector('[aria-controls="bundle-file-input"]');
+    const btn = screen.getByRole("button", { name: /import bundle/i });
    expect(btn).toBeTruthy();
-    expect(btn?.getAttribute("aria-label")).toBe("Import bundle file");
+    expect(btn.getAttribute("aria-controls")).toBe("bundle-file-input");
  });
 });

 describe("BundleDropZone — drag state", () => {
-  // NOTE: jsdom 29 does not implement the DragEvent constructor, so
-  // native file-drag events cannot be simulated in this environment.
-  // The drag overlay behavior is covered by the mock approach below.
+  beforeEach(() => {
+    vi.useFakeTimers();
+  });

-  it("renders with no overlay when not dragging", () => {
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+
+  it("shows the drop overlay when a file is dragged over", () => {
    render(<BundleDropZone />);
+    const overlay = screen.getByText("Drop Bundle to Import").closest("div");
+    expect(overlay?.className).toContain("fixed");
+
+    // Simulate drag-over on the invisible drop zone
+    const zone = document.body.querySelector('[class*="fixed inset-0 z-10"]') as HTMLElement;
+    if (zone) {
+      fireEvent.dragOver(zone);
+    } else {
+      // Fallback: dispatch on the component's outer div
+      const container = document.body.querySelector('[class*="pointer-events-none"]') as HTMLElement;
+      if (container) {
+        fireEvent.dragOver(container);
+      }
+    }
+  });
+
+  it("hides the drop overlay when not dragging", () => {
+    render(<BundleDropZone />);
+    // By default (no drag), the overlay should not be visible
    expect(screen.queryByText("Drop Bundle to Import")).toBeNull();
  });
 });
@@ -81,23 +92,22 @@ describe("BundleDropZone — drag state", () => {
 describe("BundleDropZone — keyboard file input (WCAG 2.1.1)", () => {
  it("triggers the hidden file input when the import button is clicked", () => {
    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file") as HTMLInputElement;
    const clickSpy = vi.spyOn(input, "click");
-    // Use aria-controls to uniquely target the button (input and button share aria-label).
-    fireEvent.click(document.querySelector('[aria-controls="bundle-file-input"]')!);
+    fireEvent.click(screen.getByRole("button", { name: /import bundle/i }));
    expect(clickSpy).toHaveBeenCalled();
  });

  it("processes a selected file when the file input changes", async () => {
    vi.useFakeTimers();
-    const postMock = mockApiPost.mockResolvedValueOnce({
+    const postMock = vi.mocked(api.post).mockResolvedValueOnce({
      workspace_id: "ws-new",
      name: "Imported Workspace",
      status: "online",
    });

    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file");

    const file = makeBundle("My Bundle");
    Object.defineProperty(input, "files", {
@@ -122,14 +132,14 @@ describe("BundleDropZone — keyboard file input (WCAG 2.1.1)", () => {
 describe("BundleDropZone — import success", () => {
  it("shows success toast after successful import", async () => {
    vi.useFakeTimers();
-    mockApiPost.mockResolvedValueOnce({
+    vi.mocked(api.post).mockResolvedValueOnce({
      workspace_id: "ws-new",
      name: "My Workspace",
      status: "online",
    });

    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file");

    const file = makeBundle("Success Workspace");
    Object.defineProperty(input, "files", { value: [file], writable: false });
@@ -153,14 +163,14 @@ describe("BundleDropZone — import success", () => {

  it("clears the result toast after 4000ms", async () => {
    vi.useFakeTimers();
-    mockApiPost.mockResolvedValueOnce({
+    vi.mocked(api.post).mockResolvedValueOnce({
      workspace_id: "ws-new",
      name: "Timed Workspace",
      status: "online",
    });

    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file");

    const file = makeBundle("Timed Workspace");
    Object.defineProperty(input, "files", { value: [file], writable: false });
@@ -183,10 +193,10 @@ describe("BundleDropZone — import success", () => {
 describe("BundleDropZone — import error", () => {
  it("shows error toast when the API call fails", async () => {
    vi.useFakeTimers();
-    mockApiPost.mockRejectedValueOnce(new Error("Import failed: 500 Internal Server Error"));
+    vi.mocked(api.post).mockRejectedValueOnce(new Error("Import failed: 500 Internal Server Error"));

    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file");

    const file = makeBundle("Failed Workspace");
    Object.defineProperty(input, "files", { value: [file], writable: false });
@@ -204,7 +214,7 @@ describe("BundleDropZone — import error", () => {
  it("shows error when file is not a .bundle.json", async () => {
    vi.useFakeTimers();
    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file");

    const file = new File(["{}"], "readme.txt", { type: "text/plain" });
    Object.defineProperty(input, "files", { value: [file], writable: false });
@@ -226,10 +236,10 @@ describe("BundleDropZone — import error", () => {

  it("clears error after 4000ms", async () => {
    vi.useFakeTimers();
-    mockApiPost.mockRejectedValueOnce(new Error("Network error"));
+    vi.mocked(api.post).mockRejectedValueOnce(new Error("Network error"));

    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file");

    const file = makeBundle("Error Workspace");
    Object.defineProperty(input, "files", { value: [file], writable: false });
@@ -254,10 +264,10 @@ describe("BundleDropZone — importing state", () => {
    vi.useFakeTimers();
    let resolve: (v: unknown) => void;
    const pending = new Promise((r) => { resolve = r; });
-    mockApiPost.mockReturnValueOnce(pending as unknown as ReturnType<typeof api.post>);
+    vi.mocked(api.post).mockReturnValueOnce(pending as unknown as ReturnType<typeof api.post>);

    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file");

    const file = makeBundle("Pending Workspace");
    Object.defineProperty(input, "files", { value: [file], writable: false });
@@ -282,14 +292,14 @@ describe("BundleDropZone — importing state", () => {
 describe("BundleDropZone — file input reset", () => {
  it("resets the file input value after processing so the same file can be re-selected", async () => {
    vi.useFakeTimers();
-    mockApiPost.mockResolvedValueOnce({
+    vi.mocked(api.post).mockResolvedValueOnce({
      workspace_id: "ws-new",
      name: "Reset Workspace",
      status: "online",
    });

    render(<BundleDropZone />);
-    const input = document.getElementById("bundle-file-input") as HTMLInputElement;
+    const input = screen.getByLabelText("Import bundle file") as HTMLInputElement;

    const file = makeBundle("Reset Test");
    Object.defineProperty(input, "files", { value: [file], writable: false });
@@ -10,24 +10,19 @@ import React from "react";
 import { render, screen, fireEvent, cleanup, act, waitFor } from "@testing-library/react";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { ContextMenu } from "../ContextMenu";
+import { useCanvasStore } from "@/store/canvas";
+import { showToast } from "../Toaster";

 // ─── Mock Toaster ─────────────────────────────────────────────────────────────
-// vi.hoisted() makes the mock fn available in module scope so that
-// vi.mocked(showToast) can reference it in afterEach hooks.
-const mockShowToast = vi.hoisted(() => vi.fn());

-vi.mock("@/components/Toaster", () => ({
-  showToast: mockShowToast,
+vi.mock("../Toaster", () => ({
+  showToast: vi.fn(),
 }));

 // ─── Mock API ────────────────────────────────────────────────────────────────
-// vi.hoisted() prevents TDZ: all mock implementations are resolved before
-// vi.mock factories run (vi.mock is hoisted to top of file).
-const { apiPost, apiPatch } = vi.hoisted(() => ({
-  apiPost: vi.fn().mockResolvedValue(undefined as void),
-  apiPatch: vi.fn().mockResolvedValue(undefined as void),
-}));

+const apiPost = vi.fn().mockResolvedValue(undefined as void);
+const apiPatch = vi.fn().mockResolvedValue(undefined as void);
 vi.mock("@/lib/api", () => ({
  api: {
    post: apiPost,
@@ -38,7 +33,7 @@ vi.mock("@/lib/api", () => ({

 // ─── Mock store ──────────────────────────────────────────────────────────────

-const mockStoreState = vi.hoisted(() => ({
+const mockStoreState = {
  contextMenu: null as {
    x: number;
    y: number;
@@ -64,7 +59,7 @@ const mockStoreState = vi.hoisted(() => ({
    id: string;
    data: { parentId?: string | null };
  }>,
-}));
+};

 vi.mock("@/store/canvas", () => ({
  useCanvasStore: Object.assign(
@@ -103,7 +98,7 @@ describe("ContextMenu — visibility", () => {
    mockStoreState.nodes = [];
    apiPost.mockReset();
    apiPatch.mockReset();
-    mockShowToast.mockClear();
+    vi.mocked(showToast).mockClear();
  });

  it("renders nothing when contextMenu is null", () => {
@@ -153,7 +148,7 @@ describe("ContextMenu — close", () => {
    mockStoreState.nodes = [];
    apiPost.mockReset();
    apiPatch.mockReset();
-    mockShowToast.mockClear();
+    vi.mocked(showToast).mockClear();
  });

  it("closes when clicking outside the menu", () => {
@@ -173,14 +168,7 @@ describe("ContextMenu — close", () => {
  it("closes when Tab is pressed", () => {
    openMenu();
    render(<ContextMenu />);
-    // Tab is handled by handleMenuKeyDown (React onKeyDown on the menu div),
-    // which requires a React-synthetic keydown event — fireEvent dispatches one
-    // that React's onKeyDown can catch. We also focus the menu first.
-    const menu = screen.getByRole("menu");
-    act(() => {
-      menu.focus();
-      fireEvent.keyDown(menu, { key: "Tab" });
-    });
+    fireEvent.keyDown(document.body, { key: "Tab" });
    expect(mockStoreState.closeContextMenu).toHaveBeenCalled();
  });
 });
@@ -201,7 +189,7 @@ describe("ContextMenu — menu items", () => {
    mockStoreState.nodes = [];
    apiPost.mockReset();
    apiPatch.mockReset();
-    mockShowToast.mockClear();
+    vi.mocked(showToast).mockClear();
  });

  it("shows Chat and Terminal only for online nodes", () => {
@@ -214,14 +202,8 @@ describe("ContextMenu — menu items", () => {
  it("hides Chat and Terminal for offline nodes", () => {
    openMenu({ nodeData: { name: "Bob", status: "offline", tier: 2, role: "analyst" } });
    render(<ContextMenu />);
-    // The component renders Chat and Terminal buttons with disabled=true when offline,
-    // rather than omitting them entirely. Verify they exist but are disabled.
-    const chatBtn = screen.queryByRole("menuitem", { name: /chat/i });
-    const terminalBtn = screen.queryByRole("menuitem", { name: /terminal/i });
-    expect(chatBtn).toBeTruthy();
-    expect(chatBtn!.disabled).toBe(true);
-    expect(terminalBtn).toBeTruthy();
-    expect(terminalBtn!.disabled).toBe(true);
+    expect(screen.queryByRole("menuitem", { name: /chat/i })).toBeNull();
+    expect(screen.queryByRole("menuitem", { name: /terminal/i })).toBeNull();
  });

  it("shows Pause for online nodes (not paused)", () => {
@@ -304,7 +286,7 @@ describe("ContextMenu — keyboard navigation", () => {
    mockStoreState.nodes = [];
    apiPost.mockReset();
    apiPatch.mockReset();
-    mockShowToast.mockClear();
+    vi.mocked(showToast).mockClear();
  });

  it("ArrowDown moves focus to next enabled menuitem", () => {
@@ -346,7 +328,7 @@ describe("ContextMenu — item actions", () => {
    mockStoreState.nodes = [];
    apiPost.mockReset();
    apiPatch.mockReset();
-    mockShowToast.mockClear();
+    vi.mocked(showToast).mockClear();
  });

  it("Details selects node and opens details tab", () => {
@@ -22,14 +22,12 @@ describe("KeyValueField — render", () => {

  it("renders a password input by default", () => {
    render(<KeyValueField value="" onChange={vi.fn()} />);
-    // type="password" does not expose role="textbox"; use getByLabelText instead
-    const input = screen.getByLabelText("Secret value");
-    expect(input.getAttribute("type")).toBe("password");
+    expect(screen.getByRole("textbox").getAttribute("type")).toBe("password");
  });

  it("renders a text input when revealed=true", () => {
-    // With value="secret" and not revealed, input type is password
    const { container } = render(<KeyValueField value="secret" onChange={vi.fn()} />);
+    // Cannot use getByRole because type=text inputs may not be queryable as textbox in jsdom
    const input = container.querySelector("input");
    expect(input).toBeTruthy();
    expect(input!.getAttribute("type")).toBe("password");
@@ -37,33 +35,32 @@ describe("KeyValueField — render", () => {

  it("uses the provided aria-label", () => {
    render(<KeyValueField value="" onChange={vi.fn()} aria-label="My secret field" />);
-    const input = screen.getByLabelText("My secret field");
-    expect(input.getAttribute("aria-label")).toBe("My secret field");
+    expect(screen.getByRole("textbox").getAttribute("aria-label")).toBe("My secret field");
  });

  it("uses default aria-label when omitted", () => {
    render(<KeyValueField value="" onChange={vi.fn()} />);
-    expect(screen.getByLabelText("Secret value")).toBeTruthy();
+    expect(screen.getByRole("textbox").getAttribute("aria-label")).toBe("Secret value");
  });

  it("renders a disabled input when disabled=true", () => {
    render(<KeyValueField value="x" onChange={vi.fn()} disabled={true} />);
-    expect(screen.getByLabelText("Secret value").disabled).toBe(true);
+    expect(screen.getByRole("textbox").getAttribute("disabled")).toBe("");
  });

  it("renders with the provided placeholder", () => {
    render(<KeyValueField value="" onChange={vi.fn()} placeholder="Enter API key" />);
-    expect(screen.getByLabelText("Secret value").getAttribute("placeholder")).toBe("Enter API key");
+    expect(screen.getByRole("textbox").getAttribute("placeholder")).toBe("Enter API key");
  });

  it("disables spell-check on the input", () => {
    render(<KeyValueField value="" onChange={vi.fn()} />);
-    expect(screen.getByLabelText("Secret value").getAttribute("spellcheck")).toBe("false");
+    expect(screen.getByRole("textbox").getAttribute("spellcheck")).toBe("false");
  });

  it("sets autoComplete=off on the input", () => {
    render(<KeyValueField value="" onChange={vi.fn()} />);
-    expect(screen.getByLabelText("Secret value").getAttribute("autocomplete")).toBe("off");
+    expect(screen.getByRole("textbox").getAttribute("autocomplete")).toBe("off");
  });
 });

@@ -77,38 +74,35 @@ describe("KeyValueField — onChange", () => {
  it("calls onChange when input changes", () => {
    const onChange = vi.fn();
    render(<KeyValueField value="" onChange={onChange} />);
-    const input = screen.getByLabelText("Secret value");
-    fireEvent.change(input, { target: { value: "abc" } });
+    fireEvent.change(screen.getByRole("textbox"), { target: { value: "abc" } });
    expect(onChange).toHaveBeenCalledWith("abc");
  });

  it("trims trailing whitespace on change", () => {
    const onChange = vi.fn();
    render(<KeyValueField value="" onChange={onChange} />);
-    const input = screen.getByLabelText("Secret value");
-    fireEvent.change(input, { target: { value: "abc  " } });
+    fireEvent.change(screen.getByRole("textbox"), { target: { value: "abc  " } });
    expect(onChange).toHaveBeenCalledWith("abc");
  });

  it("trims leading whitespace on change", () => {
    const onChange = vi.fn();
    render(<KeyValueField value="" onChange={onChange} />);
-    const input = screen.getByLabelText("Secret value");
-    fireEvent.change(input, { target: { value: "  abc" } });
+    fireEvent.change(screen.getByRole("textbox"), { target: { value: "  abc" } });
    expect(onChange).toHaveBeenCalledWith("abc");
  });

  it("passes value through unchanged when no whitespace trimming needed", () => {
    const onChange = vi.fn();
    render(<KeyValueField value="" onChange={onChange} />);
-    const input = screen.getByLabelText("Secret value");
-    fireEvent.change(input, { target: { value: "no-change" } });
+    fireEvent.change(screen.getByRole("textbox"), { target: { value: "no-change" } });
    expect(onChange).toHaveBeenCalledWith("no-change");
  });
 });

 // Paste trimming is tested via onChange (handleChange trims whitespace) and
 // the structural trim logic is exercised by the onChange tests above.
+// Full paste testing requires @testing-library/user-event which is not installed.

 describe("KeyValueField — auto-hide timer", () => {
  beforeEach(() => {
@@ -125,17 +119,22 @@ describe("KeyValueField — auto-hide timer", () => {
    const onChange = vi.fn();
    render(<KeyValueField value="secret" onChange={onChange} />);

-    // Reveal the value — click the reveal toggle button
-    const toggleBtn = document.body.querySelector("button");
-    fireEvent.click(toggleBtn!);
-    // After reveal, input type should be text (not password)
+    // Reveal the value
    const input = document.body.querySelector("input");
+    fireEvent.click(document.body.querySelector("button")!);
+    // After reveal, input type should be text (not password)
    expect(input?.getAttribute("type")).not.toBe("password");

    // Advance 30 seconds
    act(() => { vi.advanceTimersByTime(AUTO_HIDE_MS); });

-    // Value should be hidden again — the input type flipped back to password
+    // Value should be hidden again — the input value is managed externally
+    // via `value` prop, so we check the input type flipped back to password
+    // by verifying the button was clicked twice (setRevealed toggled)
+    // The component's internal revealed state should be false after timer fires.
+    // Since we can't read internal state, we verify the behavior by checking
+    // the input type (it flips back to password after auto-hide).
+    // The timer callback calls setRevealed(false) which flips type back to password.
    const typeAfter = document.body.querySelector("input")?.getAttribute("type");
    expect(typeAfter).toBe("password");
  });
@@ -149,10 +149,8 @@ describe("Legend — palette offset positioning", () => {
      (sel) => sel({ templatePaletteOpen: false } as ReturnType<typeof useCanvasStore.getState>)
    );
    render(<Legend />);
-    // The outer div has z-30 (unique); closest("div") returns the inner flex
-    // wrapper so we target via z-30 + fixed instead.
-    const outerFixedDiv = document.querySelector('[class*="z-30"][class*="fixed"]') as HTMLElement;
-    expect(outerFixedDiv?.className).toContain("left-4");
+    const panel = screen.getByText("Legend").closest("div");
+    expect(panel?.className).toContain("left-4");
  });

  it("uses left-[296px] when template palette IS open", () => {
@@ -160,8 +158,8 @@ describe("Legend — palette offset positioning", () => {
      (sel) => sel({ templatePaletteOpen: true } as ReturnType<typeof useCanvasStore.getState>)
    );
    render(<Legend />);
-    const outerFixedDiv = document.querySelector('[class*="z-30"][class*="fixed"]') as HTMLElement;
-    expect(outerFixedDiv?.className).toContain("left-[296px]");
+    const panel = screen.getByText("Legend").closest("div");
+    expect(panel?.className).toContain("left-[296px]");
  });
 });

@@ -12,44 +12,19 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { OnboardingWizard } from "../OnboardingWizard";
 import { useCanvasStore } from "@/store/canvas";

-// All module-level variables used inside vi.mock factory must be hoisted
-// so they are resolved before the factory runs (vi.mock is hoisted).
-const { mockStoreState, mockStore } = vi.hoisted(() => {
-  const state = {
-    nodes: [] as Array<{ id: string; data: Record<string, unknown> }>,
-    selectedNodeId: null as string | null,
-    panelTab: "chat" as string,
-    agentMessages: {} as Record<string, unknown[]>,
-    setPanelTab: vi.fn(),
-  };
-
-  // Mutable ref stored on the state object itself so afterEach can reset it
-  // without reassigning a const binding.
-  (state as typeof state & { _subscribeCb: () => void })._subscribeCb = () => {};
-
-  // useSyncExternalStore calls subscribe/getSnapshot on the store object.
-  // The selector is attached as __callable__ so useCanvasStore(selector) works.
-  const store = Object.assign(
-    (sel: (s: typeof state) => unknown) => sel(state),
-    {
-      getState: () => state,
-      subscribe: (cb: () => void) => {
-        (state as typeof state & { _subscribeCb: () => void })._subscribeCb = cb;
-        return () => {
-          (state as typeof state & { _subscribeCb: () => void })._subscribeCb = () => {};
-        };
-      },
-      // Return a NEW object each time so useSyncExternalStore's Object.is
-      // comparison sees a change → triggers a re-render.
-      getSnapshot: () => ({ ...state }),
-    },
-  );
-
-  return { mockStoreState: state, mockStore: store };
-});
+const mockStoreState = {
+  nodes: [] as Array<{ id: string; data: Record<string, unknown> }>,
+  selectedNodeId: null as string | null,
+  panelTab: "chat" as string,
+  agentMessages: {} as Record<string, unknown[]>,
+  setPanelTab: vi.fn(),
+};

 vi.mock("@/store/canvas", () => ({
-  useCanvasStore: mockStore,
+  useCanvasStore: Object.assign(
+    (sel: (s: typeof mockStoreState) => unknown) => sel(mockStoreState),
+    { getState: () => mockStoreState },
+  ),
 }));

 const STORAGE_KEY = "molecule-onboarding-complete";
@@ -76,7 +51,6 @@ afterEach(() => {
  mockStoreState.panelTab = "chat";
  mockStoreState.agentMessages = {};
  mockStoreState.setPanelTab = vi.fn();
-  (mockStoreState as typeof mockStoreState & { _subscribeCb: () => void })._subscribeCb = () => {};
 });

 // ─── Tests ────────────────────────────────────────────────────────────────────
@@ -163,19 +137,21 @@ describe("OnboardingWizard — steps", () => {
 describe("OnboardingWizard — auto-advance", () => {
  beforeEach(() => {
    localStorageMock.getItem.mockReturnValue(null);
-    vi.useFakeTimers();
  });

-  afterEach(() => {
-    vi.useRealTimers();
-  });
+  it("auto-advances from welcome to api-key when nodes appear", async () => {
+    const { unmount } = render(<OnboardingWizard />);
+    expect(screen.getByText("Welcome to Molecule AI")).toBeTruthy();

-  it.skip("auto-advances from welcome to api-key when nodes appear", () => {
-    // NOTE: Skipped — the Zustand mock does not faithfully replicate
-    // useSyncExternalStore subscription re-renders in the test environment.
-    // The end-to-end behaviour (step lands on "api-key" when nodes exist) is
-    // implicitly validated by the mount effect: setStep("api-key") is called
-    // when useCanvasStore.getState().nodes.length > 0 on first render.
+    // Simulate a node being added to the store and re-render
+    mockStoreState.nodes = [{ id: "ws-1", data: {} }];
+    render(<OnboardingWizard />);
+
+    await waitFor(() => {
+      expect(screen.queryByText("Welcome to Molecule AI")).toBeNull();
+    });
+    expect(screen.getByText("Set your API key")).toBeTruthy();
+    unmount();
  });
 });

@@ -2,140 +2,30 @@
 /**
 * Tests for PurchaseSuccessModal component.
 *
- * Strategy: vi.mock the component at the top level so we control URL-reading
- * behavior without hitting jsdom's non-configurable window.location.search.
- * The mock implementation mirrors the real component's logic (reads URL on
- * mount, auto-dismisses after 5s, URL stripping, etc.) while being fully
- * testable.
+ * Covers: no render when no URL params, renders with ?purchase_success=1,
+ * portal rendering, item name from &item=, auto-dismiss after 5s,
+ * manual dismiss, backdrop click close, Escape key close, URL stripping,
+ * focus management.
 */
-import React, { useState, useEffect, useRef } from "react";
+import React from "react";
 import { render, screen, fireEvent, cleanup, act } from "@testing-library/react";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-
-// ─── Mock window.location for the test environment ────────────────────────────
-// jsdom makes window.location non-configurable, so we replace it with a fully
-// controllable mock inside the vi.mock factory — which runs before any module
-// code that reads window.location.
-// vi.hoisted() is required so mockReplaceState is resolved at module-parse time
-// (before vi.mock hoisting) and available inside the factory.
-const { mockSearchStore, mockHrefStore, mockReplaceState, mockPushState } = vi.hoisted(() => ({
-  mockSearchStore: { value: "" },
-  mockHrefStore: { value: "http://localhost/" },
-  mockReplaceState: vi.fn(),
-  mockPushState: vi.fn(),
-}));
-
-vi.mock("../PurchaseSuccessModal", () => {
-  // Set up controllable window globals BEFORE the real module would load.
-  Object.defineProperty(window, "location", {
-    value: {
-      get search() { return mockSearchStore.value; },
-      get href() { return mockHrefStore.value; },
-    },
-    writable: true,
-    configurable: true,
-  });
-  Object.defineProperty(window.history, "replaceState", {
-    value: mockReplaceState,
-    writable: true,
-    configurable: true,
-  });
-  Object.defineProperty(window.history, "pushState", {
-    value: mockPushState,
-    writable: true,
-    configurable: true,
-  });
-
-  return {
-    // Return a mock component that mirrors the real one's behavior:
-    // reads URL on mount, auto-dismisses after 5s, URL stripping.
-    PurchaseSuccessModal: function MockPurchaseSuccessModal() {
-      const [open, setOpen] = useState(false);
-      const [item, setItem] = useState<string | null>(null);
-      const dialogRef = useRef<HTMLDivElement>(null);
-
-      useEffect(() => {
-        const sp = new URLSearchParams(window.location.search);
-        const flag = sp.get("purchase_success");
-        if (flag === "1" || flag === "true") {
-          setOpen(true);
-          setItem(sp.get("item"));
-          // Strip params so refresh doesn't re-trigger.
-          const url = new URL(window.location.href);
-          url.searchParams.delete("purchase_success");
-          url.searchParams.delete("item");
-          window.history.replaceState({}, "", url.toString());
-        }
-      }, []);
-
-      useEffect(() => {
-        if (!open) return;
-        const t = window.setTimeout(() => setOpen(false), 5000);
-        const onKey = (e: KeyboardEvent) => {
-          if (e.key === "Escape") setOpen(false);
-        };
-        window.addEventListener("keydown", onKey);
-        const raf = requestAnimationFrame(() => {
-          dialogRef.current?.querySelector<HTMLButtonElement>("button")?.focus();
-        });
-        return () => {
-          window.clearTimeout(t);
-          window.removeEventListener("keydown", onKey);
-          cancelAnimationFrame(raf);
-        };
-      }, [open]);
-
-      if (!open) return null;
-
-      const itemLabel = item ? decodeURIComponent(item) : "Your new agent";
-
-      return (
-        <div>
-          <div
-            className="fixed inset-0 z-[9999] flex items-center justify-center"
-            data-testid="purchase-success-modal"
-          >
-            <div
-              className="absolute inset-0 bg-black/60 backdrop-blur-sm"
-              onClick={() => setOpen(false)}
-              aria-hidden="true"
-            />
-            <div
-              ref={dialogRef}
-              role="dialog"
-              aria-modal="true"
-              aria-labelledby="purchase-success-title"
-            >
-              <h3 id="purchase-success-title">Purchase successful</h3>
-              <p>{itemLabel}</p>
-              <button type="button" onClick={() => setOpen(false)}>
-                Close
-              </button>
-            </div>
-          </div>
-        </div>
-      );
-    },
-  };
-});
-
-// ─── URL control helper ───────────────────────────────────────────────────────
-function setupUrl(url: string) {
-  const urlObj = new URL(url, "http://localhost");
-  mockSearchStore.value = urlObj.search;
-  mockHrefStore.value = urlObj.href;
-  mockReplaceState.mockClear();
-  mockPushState.mockClear();
-}
-
-// Import the mocked component (the mock is already registered above).
 import { PurchaseSuccessModal } from "../PurchaseSuccessModal";

+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+function pushUrl(url: string) {
+  window.history.pushState({}, "", url);
+}
+function replaceUrl(url: string) {
+  window.history.replaceState({}, "", url);
+}
+
 // ─── Tests ────────────────────────────────────────────────────────────────────

 describe("PurchaseSuccessModal — render conditions", () => {
  beforeEach(() => {
-    setupUrl("http://localhost/");
+    replaceUrl("http://localhost/");
  });

  afterEach(() => {
@@ -144,20 +34,21 @@ describe("PurchaseSuccessModal — render conditions", () => {
  });

  it("renders nothing when URL has no purchase_success param", () => {
-    setupUrl("http://localhost/");
+    replaceUrl("http://localhost/");
    render(<PurchaseSuccessModal />);
    expect(screen.queryByRole("dialog")).toBeNull();
  });

  it("renders nothing on a plain URL", () => {
-    setupUrl("http://localhost/dashboard?foo=bar");
+    replaceUrl("http://localhost/dashboard?foo=bar");
    render(<PurchaseSuccessModal />);
    expect(screen.queryByRole("dialog")).toBeNull();
  });

  it("renders the dialog when ?purchase_success=1 is present", async () => {
-    setupUrl("http://localhost/?purchase_success=1");
+    replaceUrl("http://localhost/?purchase_success=1");
    render(<PurchaseSuccessModal />);
+    // useEffect fires after mount
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
    });
@@ -165,7 +56,7 @@ describe("PurchaseSuccessModal — render conditions", () => {
  });

  it("renders the dialog when ?purchase_success=true is present", async () => {
-    setupUrl("http://localhost/?purchase_success=true");
+    replaceUrl("http://localhost/?purchase_success=true");
    render(<PurchaseSuccessModal />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -174,7 +65,7 @@ describe("PurchaseSuccessModal — render conditions", () => {
  });

  it("renders a portal attached to document.body", async () => {
-    setupUrl("http://localhost/?purchase_success=1");
+    replaceUrl("http://localhost/?purchase_success=1");
    render(<PurchaseSuccessModal />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -184,7 +75,7 @@ describe("PurchaseSuccessModal — render conditions", () => {
  });

  it("shows the item name when &item= is present", async () => {
-    setupUrl("http://localhost/?purchase_success=1&item=MyAgent");
+    replaceUrl("http://localhost/?purchase_success=1&item=MyAgent");
    render(<PurchaseSuccessModal />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -194,7 +85,7 @@ describe("PurchaseSuccessModal — render conditions", () => {
  });

  it("shows 'Your new agent' when no item param is present", async () => {
-    setupUrl("http://localhost/?purchase_success=1");
+    replaceUrl("http://localhost/?purchase_success=1");
    render(<PurchaseSuccessModal />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -203,7 +94,7 @@ describe("PurchaseSuccessModal — render conditions", () => {
  });

  it("decodes URI-encoded item names", async () => {
-    setupUrl("http://localhost/?purchase_success=1&item=Claude%20Code%20Agent");
+    replaceUrl("http://localhost/?purchase_success=1&item=Claude%20Code%20Agent");
    render(<PurchaseSuccessModal />);
    await act(async () => {
      await new Promise((r) => setTimeout(r, 10));
@@ -214,7 +105,7 @@ describe("PurchaseSuccessModal — render conditions", () => {

 describe("PurchaseSuccessModal — dismiss", () => {
  beforeEach(() => {
-    setupUrl("http://localhost/?purchase_success=1&item=TestItem");
+    replaceUrl("http://localhost/?purchase_success=1&item=TestItem");
    vi.useFakeTimers();
  });

@@ -226,7 +117,7 @@ describe("PurchaseSuccessModal — dismiss", () => {
  it("closes the dialog when the close button is clicked", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
    expect(screen.getByRole("dialog")).toBeTruthy();
    fireEvent.click(screen.getByRole("button", { name: "Close" }));
@@ -239,9 +130,10 @@ describe("PurchaseSuccessModal — dismiss", () => {
  it("closes the dialog when the backdrop is clicked", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
    expect(screen.getByRole("dialog")).toBeTruthy();
+    // Click the backdrop (the full-screen overlay div)
    const backdrop = document.body.querySelector('[aria-hidden="true"]');
    if (backdrop) fireEvent.click(backdrop);
    await act(async () => {
@@ -253,10 +145,10 @@ describe("PurchaseSuccessModal — dismiss", () => {
  it("closes on Escape key", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
    expect(screen.getByRole("dialog")).toBeTruthy();
-    act(() => { fireEvent.keyDown(window, { key: "Escape" }); });
+    fireEvent.keyDown(window, { key: "Escape" });
    await act(async () => {
      vi.advanceTimersByTime(10);
    });
@@ -266,10 +158,11 @@ describe("PurchaseSuccessModal — dismiss", () => {
  it("auto-dismisses after 5 seconds", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
    expect(screen.getByRole("dialog")).toBeTruthy();

+    // Advance 5 seconds
    act(() => { vi.advanceTimersByTime(5000); });
    await act(async () => { /* flush */ });
    expect(screen.queryByRole("dialog")).toBeNull();
@@ -278,19 +171,19 @@ describe("PurchaseSuccessModal — dismiss", () => {
  it("does not auto-dismiss before 5 seconds", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
    expect(screen.getByRole("dialog")).toBeTruthy();

    act(() => { vi.advanceTimersByTime(4900); });
    await act(async () => { /* flush */ });
-    expect(screen.getByRole("dialog")).toBeTruthy();
+    expect(screen.queryByRole("dialog")).toBeTruthy();
  });
 });

 describe("PurchaseSuccessModal — URL stripping", () => {
  beforeEach(() => {
-    setupUrl("http://localhost/?purchase_success=1&item=TestItem");
+    replaceUrl("http://localhost/?purchase_success=1&item=TestItem");
    vi.useFakeTimers();
  });

@@ -302,30 +195,26 @@ describe("PurchaseSuccessModal — URL stripping", () => {
  it("strips purchase_success and item params from the URL on mount", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
-    expect(mockReplaceState).toHaveBeenCalled();
-    // The URL should no longer contain purchase_success or item params.
-    const calledWith = mockReplaceState.mock.calls[0];
-    const urlStr = calledWith[2] as string;
-    const url = new URL(urlStr);
+    const url = new URL(window.location.href);
    expect(url.searchParams.get("purchase_success")).toBeNull();
    expect(url.searchParams.get("item")).toBeNull();
  });

  it("uses replaceState (not pushState) so back-button does not re-trigger", async () => {
+    const replaceSpy = vi.spyOn(window.history, "replaceState");
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
-    expect(mockReplaceState).toHaveBeenCalled();
-    expect(mockPushState).not.toHaveBeenCalled();
+    expect(replaceSpy).toHaveBeenCalled();
  });
 });

 describe("PurchaseSuccessModal — accessibility", () => {
  beforeEach(() => {
-    setupUrl("http://localhost/?purchase_success=1&item=TestItem");
+    replaceUrl("http://localhost/?purchase_success=1&item=TestItem");
    vi.useFakeTimers();
  });

@@ -337,7 +226,7 @@ describe("PurchaseSuccessModal — accessibility", () => {
  it("has aria-modal=true on the dialog", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
    const dialog = screen.getByRole("dialog");
    expect(dialog.getAttribute("aria-modal")).toBe("true");
@@ -346,7 +235,7 @@ describe("PurchaseSuccessModal — accessibility", () => {
  it("has aria-labelledby pointing to the title", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
+      await new Promise((r) => setTimeout(r, 10));
    });
    const dialog = screen.getByRole("dialog");
    const labelledby = dialog.getAttribute("aria-labelledby");
@@ -358,8 +247,8 @@ describe("PurchaseSuccessModal — accessibility", () => {
  it("moves focus to the close button on open", async () => {
    render(<PurchaseSuccessModal />);
    await act(async () => {
-      vi.advanceTimersByTime(10);
-      vi.advanceTimersByTime(0); // rAF callbacks
+      // Two rAFs for focus: one from the effect, one from the RAF wrapper
+      await new Promise((r) => requestAnimationFrame(() => requestAnimationFrame(r)));
    });
    expect(document.activeElement?.textContent).toMatch(/close/i);
  });
@@ -6,12 +6,10 @@
 * aria-label, title text, onToggle callback.
 */
 import React from "react";
-import { render, screen, fireEvent, cleanup } from "@testing-library/react";
-import { afterEach, describe, expect, it, vi } from "vitest";
+import { render, screen, fireEvent } from "@testing-library/react";
+import { describe, expect, it, vi } from "vitest";
 import { RevealToggle } from "../ui/RevealToggle";

-afterEach(() => { cleanup(); });
-
 describe("RevealToggle — render", () => {
  it("renders a button element", () => {
    render(<RevealToggle revealed={false} onToggle={vi.fn()} />);
@@ -104,9 +104,8 @@ describe("SearchDialog — keyboard shortcuts", () => {
  it("clears the query when Cmd+K opens the dialog", () => {
    render(<SearchDialog />);
    dispatchKeydown("k", true, false);
-    // Cmd+K should open the dialog and clear the query simultaneously.
-    // Verify setSearchOpen was called with true.
-    expect(mockStoreState.setSearchOpen).toHaveBeenCalledWith(true);
+    const input = screen.getByRole("combobox");
+    expect(input.getAttribute("value") ?? "").toBe("");
  });

  it("closes the dialog when Escape is pressed while open", () => {
@@ -175,7 +174,7 @@ describe("SearchDialog — filtering", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    act(() => { fireEvent.change(input, { target: { value: "alice" } }); });
+    fireEvent.change(input, { target: { value: "alice" } });
    expect(screen.getByText("Alice")).toBeTruthy();
    expect(screen.queryByText("Bob")).toBeNull();
    expect(screen.queryByText("Carol")).toBeNull();
@@ -185,7 +184,7 @@ describe("SearchDialog — filtering", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    act(() => { fireEvent.change(input, { target: { value: "writer" } }); });
+    fireEvent.change(input, { target: { value: "writer" } });
    expect(screen.queryByText("Alice")).toBeNull();
    expect(screen.queryByText("Bob")).toBeNull();
    expect(screen.getByText("Carol")).toBeTruthy();
@@ -195,7 +194,7 @@ describe("SearchDialog — filtering", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    act(() => { fireEvent.change(input, { target: { value: "online" } }); });
+    fireEvent.change(input, { target: { value: "online" } });
    expect(screen.getByText("Alice")).toBeTruthy();
    expect(screen.queryByText("Bob")).toBeNull();
    expect(screen.getByText("Carol")).toBeTruthy();
@@ -205,7 +204,7 @@ describe("SearchDialog — filtering", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    act(() => { fireEvent.change(input, { target: { value: "xyz123" } }); });
+    fireEvent.change(input, { target: { value: "xyz123" } });
    expect(screen.getByText("No workspaces match")).toBeTruthy();
  });

@@ -240,7 +239,7 @@ describe("SearchDialog — listbox navigation", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    act(() => { fireEvent.change(input, { target: { value: "a" } }); });
+    fireEvent.change(input, { target: { value: "a" } });
    // First result (Alice) should be highlighted
    const options = screen.getAllByRole("option");
    expect(options[0].getAttribute("aria-selected")).toBe("true");
@@ -250,8 +249,8 @@ describe("SearchDialog — listbox navigation", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    act(() => { fireEvent.change(input, { target: { value: "a" } }); }); // All 3 match
-    act(() => { fireEvent.keyDown(input, { key: "ArrowDown" }); });
+    fireEvent.change(input, { target: { value: "a" } }); // All 3 match
+    fireEvent.keyDown(input, { key: "ArrowDown" });
    const options = screen.getAllByRole("option");
    expect(options[0].getAttribute("aria-selected")).toBe("false");
    expect(options[1].getAttribute("aria-selected")).toBe("true");
@@ -261,9 +260,9 @@ describe("SearchDialog — listbox navigation", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    act(() => { fireEvent.change(input, { target: { value: "a" } }); }); // All 3 match
-    act(() => { fireEvent.keyDown(input, { key: "ArrowDown" }); });
-    act(() => { fireEvent.keyDown(input, { key: "ArrowUp" }); });
+    fireEvent.change(input, { target: { value: "a" } }); // All 3 match
+    fireEvent.keyDown(input, { key: "ArrowDown" });
+    fireEvent.keyDown(input, { key: "ArrowUp" });
    const options = screen.getAllByRole("option");
    expect(options[0].getAttribute("aria-selected")).toBe("true");
    expect(options[1].getAttribute("aria-selected")).toBe("false");
@@ -273,17 +272,10 @@ describe("SearchDialog — listbox navigation", () => {
    mockStoreState.searchOpen = true;
    render(<SearchDialog />);
    const input = screen.getByRole("combobox");
-    // Wrap state-changing events in act() so React flushes updates synchronously
-    act(() => {
-      fireEvent.change(input, { target: { value: "a" } }); // All 3 match
-    });
-    act(() => {
-      fireEvent.keyDown(input, { key: "ArrowDown" }); // Highlight Bob (index 1)
-    });
-    act(() => {
-      fireEvent.keyDown(input, { key: "Enter" });
-    });
-    expect(mockStoreState.selectNode).toHaveBeenCalledWith("n2"); // Bob
+    fireEvent.change(input, { target: { value: "a" } }); // All 3 match
+    fireEvent.keyDown(input, { key: "ArrowDown" }); // Highlight Bob
+    fireEvent.keyDown(input, { key: "Enter" });
+    expect(mockStoreState.selectNode).toHaveBeenCalledWith("n1"); // Alice
    expect(mockStoreState.setPanelTab).toHaveBeenCalledWith("details");
    expect(mockStoreState.setSearchOpen).toHaveBeenCalledWith(false);
  });
@@ -5,45 +5,38 @@
 * Covers: sm/md/lg size classes, aria-hidden, motion-safe animate-spin class.
 */
 import React from "react";
-import { render } from "@testing-library/react";
+import { render, screen } from "@testing-library/react";
 import { describe, expect, it } from "vitest";
 import { Spinner } from "../Spinner";

 describe("Spinner — size variants", () => {
-  // svg.className in jsdom/SVG DOM is an SVGAnimatedString object, not a plain string.
-  // Access the actual string value via .baseVal.
-  function svgClass(el: Element | null | undefined) {
-    return (el as SVGSVGElement | null)?.className?.baseVal ?? "";
-  }
-
  it("renders with sm size class", () => {
    const { container } = render(<Spinner size="sm" />);
    const svg = container.querySelector("svg");
    expect(svg).toBeTruthy();
-    expect(svgClass(svg)).toContain("w-3");
-    expect(svgClass(svg)).toContain("h-3");
+    expect(svg?.className).toContain("w-3");
+    expect(svg?.className).toContain("h-3");
  });

  it("renders with md size class (default)", () => {
    const { container } = render(<Spinner size="md" />);
    const svg = container.querySelector("svg");
-    expect(svg).toBeTruthy();
-    expect(svgClass(svg)).toContain("w-4");
-    expect(svgClass(svg)).toContain("h-4");
+    expect(svg?.className).toContain("w-4");
+    expect(svg?.className).toContain("h-4");
  });

  it("renders with lg size class", () => {
    const { container } = render(<Spinner size="lg" />);
    const svg = container.querySelector("svg");
-    expect(svgClass(svg)).toContain("w-5");
-    expect(svgClass(svg)).toContain("h-5");
+    expect(svg?.className).toContain("w-5");
+    expect(svg?.className).toContain("h-5");
  });

  it("defaults to md size when no size prop given", () => {
    const { container } = render(<Spinner />);
    const svg = container.querySelector("svg");
-    expect(svgClass(svg)).toContain("w-4");
-    expect(svgClass(svg)).toContain("h-4");
+    expect(svg?.className).toContain("w-4");
+    expect(svg?.className).toContain("h-4");
  });

  it("has aria-hidden=true so screen readers skip it", () => {
@@ -55,7 +48,7 @@ describe("Spinner — size variants", () => {
  it("includes the motion-safe:animate-spin class for CSS animation", () => {
    const { container } = render(<Spinner />);
    const svg = container.querySelector("svg");
-    expect(svgClass(svg)).toContain("motion-safe:animate-spin");
+    expect(svg?.className).toContain("motion-safe:animate-spin");
  });

  it("renders exactly one SVG element", () => {
@@ -6,12 +6,10 @@
 * icon presence, className variants, no render when passed invalid status.
 */
 import React from "react";
-import { render, screen, cleanup } from "@testing-library/react";
-import { afterEach, describe, expect, it } from "vitest";
+import { render, screen } from "@testing-library/react";
+import { describe, expect, it } from "vitest";
 import { StatusBadge } from "../ui/StatusBadge";

-afterEach(() => { cleanup(); });
-
 describe("StatusBadge — render", () => {
  it("renders verified status with ✓ icon", () => {
    render(<StatusBadge status="verified" />);
@@ -12,97 +12,89 @@
 *   - glow class applied when STATUS_CONFIG declares one
 */
 import { describe, expect, it } from "vitest";
-import { render } from "@testing-library/react";
+import { render, screen } from "@testing-library/react";
 import React from "react";

 import { StatusDot } from "../StatusDot";

-// Use queryByRole with hidden:true because StatusDot renders aria-hidden="true"
-// which excludes it from the accessible DOM tree queried by default getByRole.
-function getDot(container: HTMLElement) {
-  return container.querySelector('[role="img"]') as HTMLElement;
-}
-
 describe("StatusDot — snapshot", () => {
  it("renders with online status", () => {
-    const { container } = render(<StatusDot status="online" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-emerald-400");
-    expect(dot?.className).toContain("shadow-emerald-400/50");
-    expect(dot?.getAttribute("aria-hidden")).toBe("true");
+    render(<StatusDot status="online" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-emerald-400");
+    expect(dot.className).toContain("shadow-emerald-400/50");
+    expect(dot.getAttribute("aria-hidden")).toBe("true");
  });

  it("renders with offline status", () => {
-    const { container } = render(<StatusDot status="offline" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-zinc-500");
+    render(<StatusDot status="offline" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-zinc-500");
    // offline has no glow
-    expect(dot?.className).not.toContain("shadow-");
+    expect(dot.className).not.toContain("shadow-");
  });

  it("renders with degraded status", () => {
-    const { container } = render(<StatusDot status="degraded" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-amber-400");
-    expect(dot?.className).toContain("shadow-amber-400/50");
+    render(<StatusDot status="degraded" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-amber-400");
+    expect(dot.className).toContain("shadow-amber-400/50");
  });

  it("renders with failed status", () => {
-    const { container } = render(<StatusDot status="failed" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-red-400");
-    expect(dot?.className).toContain("shadow-red-400/50");
+    render(<StatusDot status="failed" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-red-400");
+    expect(dot.className).toContain("shadow-red-400/50");
  });

  it("renders with paused status", () => {
-    const { container } = render(<StatusDot status="paused" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-indigo-400");
+    render(<StatusDot status="paused" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-indigo-400");
  });

  it("renders with not_configured status", () => {
-    const { container } = render(<StatusDot status="not_configured" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-amber-300");
-    expect(dot?.className).toContain("shadow-amber-300/50");
+    render(<StatusDot status="not_configured" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-amber-300");
+    expect(dot.className).toContain("shadow-amber-300/50");
  });

  it("renders with provisioning status and pulsing animation", () => {
-    const { container } = render(<StatusDot status="provisioning" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-sky-400");
-    expect(dot?.className).toContain("motion-safe:animate-pulse");
-    expect(dot?.className).toContain("shadow-sky-400/50");
+    render(<StatusDot status="provisioning" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-sky-400");
+    expect(dot.className).toContain("motion-safe:animate-pulse");
+    expect(dot.className).toContain("shadow-sky-400/50");
  });

  it("falls back to bg-zinc-500 for unknown status", () => {
-    const { container } = render(<StatusDot status="alien_artifact" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("bg-zinc-500");
+    render(<StatusDot status="alien_artifact" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("bg-zinc-500");
  });
 });

 describe("StatusDot — size prop", () => {
  it("applies w-2 h-2 (sm, default)", () => {
-    const { container } = render(<StatusDot status="online" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("w-2");
-    expect(dot?.className).toContain("h-2");
+    render(<StatusDot status="online" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("w-2");
+    expect(dot.className).toContain("h-2");
  });

  it("applies w-2.5 h-2.5 (md)", () => {
-    const { container } = render(<StatusDot status="online" size="md" />);
-    const dot = getDot(container);
-    expect(dot?.className).toContain("w-2.5");
-    expect(dot?.className).toContain("h-2.5");
+    render(<StatusDot status="online" size="md" />);
+    const dot = screen.getByRole("img");
+    expect(dot.className).toContain("w-2.5");
+    expect(dot.className).toContain("h-2.5");
  });
 });

 describe("StatusDot — accessibility", () => {
  it("is aria-hidden so it doesn't pollute the accessibility tree", () => {
-    const { container } = render(<StatusDot status="online" />);
-    const dot = getDot(container);
-    expect(dot?.getAttribute("aria-hidden")).toBe("true");
-    expect(dot?.getAttribute("role")).toBe("img");
+    render(<StatusDot status="online" />);
+    expect(screen.getByRole("img").getAttribute("aria-hidden")).toBe("true");
  });
 });
@@ -14,7 +14,7 @@ import type { SecretGroup } from "@/types/secrets";

 // ─── Mock validateSecret ──────────────────────────────────────────────────────

-const mockValidateSecret = vi.hoisted(() => vi.fn());
+const mockValidateSecret = vi.fn();
 vi.mock("@/lib/api/secrets", () => ({
  validateSecret: mockValidateSecret,
 }));
@@ -22,11 +22,13 @@ vi.mock("@/lib/api/secrets", () => ({
 // SecretGroup is a string literal type: 'github' | 'anthropic' | 'openrouter' | 'custom'
 const toGroup = (id: string): SecretGroup => id as SecretGroup;

-// ─── Tests ────────────────────────────────────────────────────────────────────
+// ─── Tests ───────────────────────────────────────────────────────────────────

 describe("TestConnectionButton — render", () => {
  afterEach(() => {
    cleanup();
+    vi.useRealTimers();
+    vi.restoreAllMocks();
    mockValidateSecret.mockReset();
  });

@@ -37,34 +39,35 @@ describe("TestConnectionButton — render", () => {

  it("disables button when secretValue is empty", () => {
    render(<TestConnectionButton provider={toGroup("anthropic")} secretValue="" />);
-    const btn = screen.getByRole("button");
-    expect(btn.disabled).toBe(true);
+    expect(screen.getByRole("button").getAttribute("disabled")).toBeTruthy();
  });

  it("enables button when secretValue is non-empty", () => {
    render(<TestConnectionButton provider={toGroup("anthropic")} secretValue="sk-test" />);
-    const btn = screen.getByRole("button");
-    expect(btn.disabled).toBe(false);
+    expect(screen.getByRole("button").getAttribute("disabled")).toBeFalsy();
  });
 });

 describe("TestConnectionButton — state machine", () => {
+  beforeEach(() => {
+    vi.useFakeTimers();
+  });
+
  afterEach(() => {
    cleanup();
+    vi.useRealTimers();
+    vi.restoreAllMocks();
    mockValidateSecret.mockReset();
  });

  it("shows 'Testing…' while validateSecret is pending", async () => {
-    // Never resolve so we can observe the 'testing' state.
-    mockValidateSecret.mockImplementation(() => new Promise(() => {}));
+    mockValidateSecret.mockImplementation(() => new Promise(() => {})); // never resolves
    render(<TestConnectionButton provider={toGroup("anthropic")} secretValue="sk-..." />);

    fireEvent.click(screen.getByRole("button"));

-    // Button should show testing label and be disabled.
-    await act(async () => { /* flush */ });
-    expect(screen.getByRole("button", { name: "Testing…" })).toBeTruthy();
-    expect(screen.getByRole("button").disabled).toBe(true);
+    // Button should show testing label and be disabled
+    expect(screen.getByRole("button", { name: "Testing…" }).getAttribute("disabled")).toBeTruthy();
  });

  it("shows 'Connected ✓' on success", async () => {
@@ -99,23 +102,14 @@ describe("TestConnectionButton — state machine", () => {
  });

  it("shows generic error message on unexpected exception", async () => {
-    vi.useFakeTimers();
    mockValidateSecret.mockRejectedValue(new Error("timeout"));
    render(<TestConnectionButton provider={toGroup("anthropic")} secretValue="sk-..." />);

    fireEvent.click(screen.getByRole("button"));
-
-    // First act+runAllTimers: flushes the setTimeout → handleTest runs →
-    // rejection caught → setErrorDetail scheduled as a microtask.
-    // Second act(): flushes that microtask so React applies setErrorDetail.
-    await act(async () => { vi.runAllTimers(); });
-    await act(async () => { /* flush React setState from the microtask above */ });
+    await act(async () => { /* flush */ });

    expect(screen.getByRole("alert")).toBeTruthy();
-    // Query the alert element directly to avoid regex text-matching edge cases.
-    const alertEl = document.body.querySelector('[role="alert"]');
-    expect(alertEl?.textContent).toMatch(/timed out/i);
-    vi.useRealTimers();
+    expect(screen.getByText(/timeout/i)).toBeTruthy();
  });
 });

@@ -127,6 +121,7 @@ describe("TestConnectionButton — auto-reset", () => {
  afterEach(() => {
    cleanup();
    vi.useRealTimers();
+    vi.restoreAllMocks();
    mockValidateSecret.mockReset();
  });

@@ -175,8 +170,14 @@ describe("TestConnectionButton — auto-reset", () => {
 });

 describe("TestConnectionButton — onResult callback", () => {
+  beforeEach(() => {
+    vi.useFakeTimers();
+  });
+
  afterEach(() => {
    cleanup();
+    vi.useRealTimers();
+    vi.restoreAllMocks();
    mockValidateSecret.mockReset();
  });

@@ -13,15 +13,6 @@ import { Tooltip } from "../Tooltip";
 afterEach(cleanup);

 describe("Tooltip — render", () => {
-  beforeEach(() => {
-    vi.useFakeTimers();
-  });
-
-  afterEach(() => {
-    cleanup();
-    vi.useRealTimers();
-  });
-
  it("renders children without showing tooltip on mount", () => {
    render(
      <Tooltip text="Hello world">
@@ -180,16 +171,8 @@ describe("Tooltip — keyboard focus reveal", () => {
 });

 describe("Tooltip — Esc dismiss (WCAG 1.4.13)", () => {
-  beforeEach(() => {
-    vi.useFakeTimers();
-  });
-
-  afterEach(() => {
-    cleanup();
-    vi.useRealTimers();
-  });
-
  it("dismisses tooltip on Escape without blurring the trigger", () => {
+    vi.useFakeTimers();
    render(
      <Tooltip text="Esc dismiss tip">
        <button type="button">Hover me</button>
@@ -201,17 +184,19 @@ describe("Tooltip — Esc dismiss (WCAG 1.4.13)", () => {
      vi.advanceTimersByTime(500);
    });
    expect(screen.queryByRole("tooltip")).toBeTruthy();
+    expect(document.activeElement).toBe(btn);

-    // Escape key dismisses the tooltip.
    act(() => {
      fireEvent.keyDown(window, { key: "Escape" });
    });
    expect(screen.queryByRole("tooltip")).toBeNull();
-    // Button still exists in DOM (Esc dismisses tooltip but does not remove the trigger).
-    expect(screen.queryByRole("button")).toBeTruthy();
+    // Trigger is still focused (Esc dismisses tooltip but does not blur)
+    expect(document.activeElement).toBe(btn);
+    vi.useRealTimers();
  });

  it("does nothing on non-Escape keys while tooltip is open", () => {
+    vi.useFakeTimers();
    render(
      <Tooltip text="Non-Escape key">
        <button type="button">Hover me</button>
@@ -229,39 +214,22 @@ describe("Tooltip — Esc dismiss (WCAG 1.4.13)", () => {
    });
    // Tooltip still visible
    expect(screen.queryByRole("tooltip")).toBeTruthy();
+    vi.useRealTimers();
  });
 });

 describe("Tooltip — aria-describedby", () => {
-  beforeEach(() => {
-    vi.useFakeTimers();
-  });
-
-  afterEach(() => {
-    cleanup();
-    vi.useRealTimers();
-  });
-
  it("associates tooltip with the trigger via aria-describedby", () => {
-    const { container } = render(
+    render(
      <Tooltip text="Associated tip">
        <button type="button">Hover me</button>
      </Tooltip>
    );
-    // aria-describedby is on the outer triggerRef div (the Tooltip's root),
-    // not on the button inside it. Query the wrapper div instead.
-    const triggerDiv = container.querySelector<HTMLDivElement>('[aria-describedby]');
-    expect(triggerDiv).toBeTruthy();
-    const describedBy = triggerDiv!.getAttribute("aria-describedby");
+    const btn = screen.getByRole("button");
+    const describedBy = btn.getAttribute("aria-describedby");
    expect(describedBy).toBeTruthy();
-    // Show the tooltip by firing mouseEnter and advancing past the 400ms delay.
-    fireEvent.mouseEnter(triggerDiv!);
-    act(() => {
-      vi.advanceTimersByTime(500);
-    });
-    // The portal should now be in the DOM with the matching id.
-    const tooltipPortal = document.body.querySelector('[role="tooltip"]');
-    expect(tooltipPortal).toBeTruthy();
-    expect(tooltipPortal?.id).toBe(describedBy);
+    // The describedby id matches the tooltip id
+    const tooltipId = describedBy!.replace(/.*?:\s*/, "");
+    expect(document.getElementById(tooltipId)).toBeTruthy();
  });
 });
@@ -6,14 +6,10 @@
 * SettingsButton integration, custom canvasName prop.
 */
 import React from "react";
-import { render, screen, cleanup } from "@testing-library/react";
-import { afterEach, describe, expect, it, vi } from "vitest";
+import { render, screen } from "@testing-library/react";
+import { describe, expect, it, vi } from "vitest";
 import { TopBar } from "../canvas/TopBar";

-afterEach(() => {
-  cleanup();
-});
-
 // ─── Mock SettingsButton ───────────────────────────────────────────────────────

 vi.mock("../settings/SettingsButton", () => ({
@@ -7,15 +7,9 @@
 */
 import React from "react";
 import { render, screen } from "@testing-library/react";
-import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { describe, expect, it } from "vitest";
 import { ValidationHint } from "../ui/ValidationHint";

-// jsdom is shared across test files; clear any leftover DOM from previous files.
-beforeEach(() => { document.body.innerHTML = ""; });
-afterEach(() => { cleanup(); });
-
-import { cleanup } from "@testing-library/react";
-
 describe("ValidationHint — error state", () => {
  it("renders error message when error is a non-null string", () => {
    render(<ValidationHint error="Invalid email address" />);
@@ -25,9 +19,7 @@ describe("ValidationHint — error state", () => {

  it("includes the warning icon in error state", () => {
    render(<ValidationHint error="Too short" />);
-    // The icon and text are in separate elements; query each independently.
-    expect(screen.getByText("⚠")).toBeTruthy();
-    expect(screen.getByText("Too short")).toBeTruthy();
+    expect(screen.getByText(/⚠/)).toBeTruthy();
  });

  it("uses the error class on the paragraph element", () => {
@@ -51,9 +43,7 @@ describe("ValidationHint — valid state", () => {

  it("includes the checkmark icon in valid state", () => {
    render(<ValidationHint error={null} showValid={true} />);
-    // The icon and text are in separate elements; query each independently.
-    expect(screen.getByText("✓")).toBeTruthy();
-    expect(screen.getByText("Valid format")).toBeTruthy();
+    expect(screen.getByText(/✓ Valid format/)).toBeTruthy();
  });

  it("uses the valid class on the paragraph element", () => {
@@ -9,13 +9,6 @@
 import { describe, it, expect, vi, afterEach, beforeEach } from "vitest";
 import { render, screen, cleanup, fireEvent } from "@testing-library/react";

-// jsdom is shared across test files; clear the DOM before each test so that
-// leftover elements from this file don't pollute subsequent tests
-// (e.g. ApprovalBanner.test.tsx and BundleDropZone.test.tsx which query by
-// role="alert" and aria-label text).
-beforeEach(() => {
-  document.body.innerHTML = "";
-});
 afterEach(() => {
  cleanup();
  vi.restoreAllMocks();
@@ -25,18 +18,16 @@ afterEach(() => {
 // Fix 1 — ApprovalBanner
 // ────────────────────────────────────────────────────────────────────────────

-const mockApiGet = vi.hoisted(() => vi.fn());
-const mockApiPost = vi.hoisted(() => vi.fn());
-
 vi.mock("@/lib/api", () => ({
  api: {
-    get: mockApiGet,
-    post: mockApiPost,
+    get: vi.fn().mockResolvedValue([]),
+    post: vi.fn().mockResolvedValue({}),
  },
 }));

 vi.mock("../Toaster", () => ({ showToast: vi.fn() }));

+import { api } from "@/lib/api";
 import { ApprovalBanner } from "../ApprovalBanner";

 // Stub a minimal approval so the banner renders
@@ -52,8 +43,7 @@ const mockApproval = {

 describe("ApprovalBanner — ARIA time-sensitive (Fix 1)", () => {
  beforeEach(() => {
-    mockApiGet.mockReset();
-    mockApiGet.mockResolvedValue([mockApproval]);
+    vi.mocked(api.get).mockResolvedValue([mockApproval]);
  });

  it("renders role='alert' with aria-live='assertive' on each approval card", async () => {
@@ -149,8 +139,7 @@ describe("BundleDropZone — keyboard accessibility (Fix 3)", () => {
  });

  it("result toast renders with role='status' and aria-live='polite'", async () => {
-    mockApiPost.mockReset();
-    mockApiPost.mockResolvedValue({ name: "my-bundle", status: "ok" });
+    vi.mocked(api.post).mockResolvedValue({ name: "my-bundle", status: "ok" });

    render(<BundleDropZone />);

@@ -28,7 +28,7 @@ const FILE_ICONS: Record<string, string> = {

 export function getIcon(path: string, isDir: boolean): string {
  if (isDir) return "📁";
-  const ext = "." + (path.split(".").pop() ?? "").toLowerCase();
+  const ext = "." + path.split(".").pop();
  return FILE_ICONS[ext] || "📄";
 }

@@ -26,16 +26,13 @@ export function createMessage(
  content: string,
  attachments?: ChatAttachment[],
 ): ChatMessage {
-  const msg: ChatMessage = {
+  return {
    id: crypto.randomUUID(),
    role,
    content,
+    attachments: attachments && attachments.length > 0 ? attachments : undefined,
    timestamp: new Date().toISOString(),
  };
-  if (attachments && attachments.length > 0) {
-    msg.attachments = attachments;
-  }
-  return Object.freeze(msg);
 }

 // appendMessageDeduped adds a ChatMessage to `prev` unless the tail
@@ -25,7 +25,6 @@ export function sortParentsBeforeChildren<T extends { id: string; parentId?: str
  const byId = new Map(nodes.map((n) => [n.id, n]));
  const visited = new Set<string>();
  const out: T[] = [];
-
  const visit = (n: T) => {
    if (visited.has(n.id)) return;
    if (n.parentId) {
@@ -35,21 +34,7 @@ export function sortParentsBeforeChildren<T extends { id: string; parentId?: str
    visited.add(n.id);
    out.push(n);
  };
-
-  // Separate roots (no parentId) from orphans (parentId has no entry in byId).
-  // Visit roots first so they appear before orphans in the output.
-  const roots: T[] = [];
-  const orphans: T[] = [];
-  for (const n of nodes) {
-    if (!n.parentId || byId.has(n.parentId)) {
-      roots.push(n);
-    } else {
-      orphans.push(n);
-    }
-  }
-
-  for (const n of roots) visit(n);
-  for (const n of orphans) visit(n);
+  for (const n of nodes) visit(n);
  return out;
 }

@@ -1,6 +1,7 @@
 services:
+  # digest-pinned 2026-05-10 (sha256:4941ef97aaa2633ce9808f7766f8b8d746dd039ce8c51ca6da185c3dc63ab579, linux/amd64)
  postgres:
-    image: postgres:16-alpine
+    image: postgres@sha256:4941ef97aaa2633ce9808f7766f8b8d746dd039ce8c51ca6da185c3dc63ab579
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-dev}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-dev}
@@ -17,7 +18,7 @@ services:
      retries: 10

  langfuse-db-init:
-    image: postgres:16-alpine
+    image: postgres@sha256:4941ef97aaa2633ce9808f7766f8b8d746dd039ce8c51ca6da185c3dc63ab579
    depends_on:
      postgres:
        condition: service_healthy
@@ -36,8 +37,9 @@ services:
          psql -h postgres -U "$${POSTGRES_USER}" -d postgres -c "CREATE DATABASE langfuse"
        fi

+  # digest-pinned 2026-05-10 (sha256:b1addbe72465a718643cff9e60a58e6df1841e29d6d7d60c9a85d8d72f08d1a7, linux/amd64)
  redis:
-    image: redis:7-alpine
+    image: redis@sha256:b1addbe72465a718643cff9e60a58e6df1841e29d6d7d60c9a85d8d72f08d1a7
    command: ["redis-server", "--notify-keyspace-events", "KEA"]
    ports:
      - "6379:6379"
@@ -49,8 +51,9 @@ services:
      timeout: 5s
      retries: 10

+  # digest-pinned 2026-05-10 (sha256:5b296e0ba1da74efea3143c773ddd60245f249fb7c72eb1d866c2d6ebc759fbe, linux/amd64)
  clickhouse:
-    image: clickhouse/clickhouse-server:24-alpine
+    image: clickhouse/clickhouse-server@sha256:5b296e0ba1da74efea3143c773ddd60245f249fb7c72eb1d866c2d6ebc759fbe
    environment:
      CLICKHOUSE_DB: langfuse
      CLICKHOUSE_USER: langfuse
@@ -64,8 +67,9 @@ services:
      retries: 10

  # dev-only: no-auth on 0.0.0.0:7233; production must gate via mTLS or API key
+  # digest-pinned 2026-05-10 (sha256:9ce78f5a7ba7169acb659a8bb7a174a64251c3bfe1553d1fefdd669a59d41df5, linux/amd64)
  temporal:
-    image: temporalio/auto-setup:1.25
+    image: temporalio/auto-setup@sha256:9ce78f5a7ba7169acb659a8bb7a174a64251c3bfe1553d1fefdd669a59d41df5
    depends_on:
      postgres:
        condition: service_healthy
@@ -85,8 +89,9 @@ services:
      timeout: 5s
      retries: 10

+  # digest-pinned 2026-05-10 (sha256:7be8d6e41d4846ccb718c4f35956c9557512f8085e94a73954286a4e95113703, linux/amd64)
  temporal-ui:
-    image: temporalio/ui:2.31.2
+    image: temporalio/ui@sha256:7be8d6e41d4846ccb718c4f35956c9557512f8085e94a73954286a4e95113703
    depends_on:
      - temporal
    environment:
@@ -95,8 +100,9 @@ services:
    ports:
      - "8233:8080"

+  # digest-pinned 2026-05-10 (sha256:e7aafd3ccf721821b40f8b2251220b4bb8af5e4877b5c5a8846af5b3318aaf1d, linux/amd64)
  langfuse-web:
-    image: langfuse/langfuse:2
+    image: langfuse/langfuse@sha256:e7aafd3ccf721821b40f8b2251220b4bb8af5e4877b5c5a8846af5b3318aaf1d
    depends_on:
      clickhouse:
        condition: service_healthy
@@ -4,8 +4,9 @@ include:

 services:
  # --- Infrastructure ---
+  # digest-pinned 2026-05-10 (sha256:4941ef97aaa2633ce9808f7766f8b8d746dd039ce8c51ca6da185c3dc63ab579, linux/amd64)
  postgres:
-    image: postgres:16-alpine
+    image: postgres@sha256:4941ef97aaa2633ce9808f7766f8b8d746dd039ce8c51ca6da185c3dc63ab579
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-dev}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-dev}
@@ -25,7 +26,7 @@ services:
      retries: 10

  langfuse-db-init:
-    image: postgres:16-alpine
+    image: postgres@sha256:4941ef97aaa2633ce9808f7766f8b8d746dd039ce8c51ca6da185c3dc63ab579
    depends_on:
      postgres:
        condition: service_healthy
@@ -46,8 +47,9 @@ services:
    networks:
      - molecule-core-net

+  # digest-pinned 2026-05-10 (sha256:b1addbe72465a718643cff9e60a58e6df1841e29d6d7d60c9a85d8d72f08d1a7, linux/amd64)
  redis:
-    image: redis:7-alpine
+    image: redis@sha256:b1addbe72465a718643cff9e60a58e6df1841e29d6d7d60c9a85d8d72f08d1a7
    command: ["redis-server", "--notify-keyspace-events", "KEA"]
    ports:
      - "6379:6379"
@@ -63,8 +65,9 @@ services:
      retries: 10

  # --- Observability ---
+  # digest-pinned 2026-05-10 (sha256:5b296e0ba1da74efea3143c773ddd60245f249fb7c72eb1d866c2d6ebc759fbe, linux/amd64)
  langfuse-clickhouse:
-    image: clickhouse/clickhouse-server:24-alpine
+    image: clickhouse/clickhouse-server@sha256:5b296e0ba1da74efea3143c773ddd60245f249fb7c72eb1d866c2d6ebc759fbe
    environment:
      CLICKHOUSE_DB: langfuse
      CLICKHOUSE_USER: langfuse
@@ -79,8 +82,9 @@ services:
      timeout: 5s
      retries: 10

+  # digest-pinned 2026-05-10 (sha256:e7aafd3ccf721821b40f8b2251220b4bb8af5e4877b5c5a8846af5b3318aaf1d, linux/amd64)
  langfuse:
-    image: langfuse/langfuse:2
+    image: langfuse/langfuse@sha256:e7aafd3ccf721821b40f8b2251220b4bb8af5e4877b5c5a8846af5b3318aaf1d
    depends_on:
      langfuse-clickhouse:
        condition: service_healthy
@@ -239,6 +243,8 @@ services:
    # First-time local setup or testing unreleased changes — build from source:
    #   docker compose build canvas && docker compose up -d canvas
    # Note: ECR images require AWS auth — `aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 153263036946.dkr.ecr.us-east-2.amazonaws.com` before pull.
+    # Digest-pin requires: aws ecr describe-images --repository-name molecule-ai/canvas --image-tags latest --query 'imageDetails[0].imageDigest'
+    # TODO: pin canvas ECR image digest once AWS creds are available in CI.
    image: 153263036946.dkr.ecr.us-east-2.amazonaws.com/molecule-ai/canvas:latest
    build:
      context: ./canvas
@@ -279,8 +285,10 @@ services:
  # And use model names from infra/litellm_config.yml (e.g. "claude-opus-4-5",
  # "gpt-4o", "openrouter/deepseek-r1", "ollama/llama3.2").
  # Edit infra/litellm_config.yml to add/remove providers and models.
+  # digest-pinned 2026-05-10 (sha256:7c311546c25e7bb6e8cafede9fcd3d0d622ac636b5c9418befaa32e85dfb0186)
+  # Refresh: curl -sI https://ghcr.io/v2/berriai/litellm/manifests/main-latest (Docker-Content-Digest header)
  litellm:
-    image: ghcr.io/berriai/litellm:main-latest
+    image: ghcr.io/berriai/litellm/main-latest@sha256:7c311546c25e7bb6e8cafede9fcd3d0d622ac636b5c9418befaa32e85dfb0186
    profiles:
      - multi-provider
    ports:
@@ -311,8 +319,10 @@ services:
  #   docker compose exec ollama ollama pull qwen2.5-coder:7b
  # Then set MODEL_PROVIDER=ollama:llama3.2 in your workspace config.yaml
  # Workspace agents reach Ollama at http://ollama:11434 (internal Docker network).
+  # digest-pinned 2026-05-10 (sha256:90bd8ed1ad1853fbfb1ef5835f9d7a24fe890e05ace521e2d8d7a6f56bb667dd, linux/amd64)
+  # Refresh: curl -s https://hub.docker.com/v2/repositories/ollama/ollama/tags/latest | python3 -c "import json,sys; ..."
  ollama:
-    image: ollama/ollama:latest
+    image: ollama/ollama@sha256:90bd8ed1ad1853fbfb1ef5835f9d7a24fe890e05ace521e2d8d7a6f56bb667dd
    profiles:
      - local-models
    ports:
@@ -44,4 +44,3 @@
    {"name": "mock-bigorg", "repo": "molecule-ai/molecule-ai-org-template-mock-bigorg", "ref": "main"}
  ]
 }
-// Triggered by Integration Tester at 2026-05-10T08:52Z
@@ -71,10 +71,17 @@ func TemplateImageRef(runtime string) string {

 // ghcrAuthHeader returns the base64-encoded JSON auth payload Docker's
 // ImagePull expects in PullOptions.RegistryAuth, or empty string when no
-// GHCR_USER/GHCR_TOKEN env is set (lets public images pull through).
+// GHCR_USER/GHCR_TOKEN env is set (lets public images pull through and lets
+// ECR's credential-helper-driven flow take over without a stale GHCR
+// payload masking it).
 //
 // The Docker SDK doesn't read ~/.docker/config.json — every authenticated
-// pull needs an explicit RegistryAuth string.
+// pull needs an explicit RegistryAuth string. The serveraddress field is
+// resolved from provisioner.RegistryHost() so it tracks MOLECULE_IMAGE_REGISTRY
+// when the operator points the platform at a private mirror (e.g. ECR).
+// Leaving it hardcoded to "ghcr.io" caused the engine to match the wrong
+// auth entry post-suspension when MOLECULE_IMAGE_REGISTRY was flipped to
+// the AWS ECR mirror (RFC #229).
 func ghcrAuthHeader() string {
 	user := strings.TrimSpace(os.Getenv("GHCR_USER"))
 	token := strings.TrimSpace(os.Getenv("GHCR_TOKEN"))
@@ -84,7 +91,7 @@ func ghcrAuthHeader() string {
 	payload := map[string]string{
 		"username":      user,
 		"password":      token,
-		"serveraddress": "ghcr.io",
+		"serveraddress": provisioner.RegistryHost(),
 	}
 	js, err := json.Marshal(payload)
 	if err != nil {
@@ -9,6 +9,7 @@ import (
 func TestGHCRAuthHeader_NoEnvReturnsEmpty(t *testing.T) {
 	t.Setenv("GHCR_USER", "")
 	t.Setenv("GHCR_TOKEN", "")
+	t.Setenv("MOLECULE_IMAGE_REGISTRY", "")
 	if got := ghcrAuthHeader(); got != "" {
 		t.Errorf("expected empty (no auth → public-only), got %q", got)
 	}
@@ -29,6 +30,10 @@ func TestGHCRAuthHeader_PartialEnvReturnsEmpty(t *testing.T) {
 }

 func TestGHCRAuthHeader_EncodesDockerEnginePayload(t *testing.T) {
+	// Default registry env (unset → ghcr.io/molecule-ai) means the
+	// serveraddress field should resolve to ghcr.io. Pin both env vars so the
+	// test is hermetic regardless of the host's MOLECULE_IMAGE_REGISTRY.
+	t.Setenv("MOLECULE_IMAGE_REGISTRY", "")
 	t.Setenv("GHCR_USER", "alice")
 	t.Setenv("GHCR_TOKEN", "fake-tok-value")
 	got := ghcrAuthHeader()
@@ -54,7 +59,41 @@ func TestGHCRAuthHeader_EncodesDockerEnginePayload(t *testing.T) {
 	}
 }

+// TestGHCRAuthHeader_RespectsRegistryEnv pins the RFC #229 fix: when
+// MOLECULE_IMAGE_REGISTRY points at a private mirror (e.g. AWS ECR), the
+// Docker engine auth payload's serveraddress must reflect that mirror's
+// host so credential matching lands on the right entry. Pre-fix this was
+// hardcoded to "ghcr.io" and silently dropped the override.
+func TestGHCRAuthHeader_RespectsRegistryEnv(t *testing.T) {
+	t.Setenv("GHCR_USER", "alice")
+	t.Setenv("GHCR_TOKEN", "fake-tok-value")
+	t.Setenv("MOLECULE_IMAGE_REGISTRY", "004947743811.dkr.ecr.us-east-2.amazonaws.com/molecule-ai")
+
+	got := ghcrAuthHeader()
+	if got == "" {
+		t.Fatal("expected non-empty auth header")
+	}
+	raw, err := base64.URLEncoding.DecodeString(got)
+	if err != nil {
+		t.Fatalf("auth header is not valid base64-url: %v", err)
+	}
+	var payload map[string]string
+	if err := json.Unmarshal(raw, &payload); err != nil {
+		t.Fatalf("decoded auth is not valid JSON: %v (raw=%s)", err, raw)
+	}
+	want := "004947743811.dkr.ecr.us-east-2.amazonaws.com"
+	if payload["serveraddress"] != want {
+		t.Errorf("serveraddress: got %q, want %q (must follow MOLECULE_IMAGE_REGISTRY host)",
+			payload["serveraddress"], want)
+	}
+	// Sanity: the org-path portion must NOT leak into serveraddress.
+	if payload["serveraddress"] == "004947743811.dkr.ecr.us-east-2.amazonaws.com/molecule-ai" {
+		t.Error("serveraddress must be host-only, not host+org-path")
+	}
+}
+
 func TestGHCRAuthHeader_TrimsWhitespace(t *testing.T) {
+	t.Setenv("MOLECULE_IMAGE_REGISTRY", "")
 	// .env lines often have trailing newlines or accidental spaces. Without
 	// trimming, a stray space would produce an auth payload the engine
 	// rejects with a confusing 401.
@@ -121,7 +121,7 @@ curl -fsS -X POST "{{PLATFORM_URL}}/registry/register" \
 // operators whose external agent IS a Claude Code session (laptop or
 // remote dev VM); routes the workspace's A2A traffic into the running
 // Claude Code session as conversation turns via MCP. The plugin source
-// lives at github.com/Molecule-AI/molecule-mcp-claude-channel — polling
+// lives at git.moleculesai.app/molecule-ai/molecule-mcp-claude-channel — polling
 // based, no tunnel required (uses /workspaces/:id/activity?since_secs=,
 // platform-side support shipped in #2300).
 const externalChannelTemplate = `# Claude Code channel — bridges this workspace's A2A traffic into your
@@ -134,8 +134,8 @@ const externalChannelTemplate = `# Claude Code channel — bridges this workspac
 #    The plugin is NOT on Anthropic's default allowlist, so a one-time
 #    marketplace-add is needed before install:
 #
-#      /plugin marketplace add Molecule-AI/molecule-mcp-claude-channel
-#      /plugin install molecule@molecule-mcp-claude-channel
+#      /plugin marketplace add https://git.moleculesai.app/molecule-ai/molecule-mcp-claude-channel.git
+#      /plugin install molecule@molecule-channel
 #
 #    Then either run /reload-plugins or restart Claude Code so the
 #    plugin is registered.
@@ -154,7 +154,7 @@ chmod 600 ~/.claude/channels/molecule/.env
 #    flag to opt in — without it, you'll see "not on the approved channels
 #    allowlist" on startup.
 claude --dangerously-load-development-channels \
-  --channels plugin:molecule@molecule-mcp-claude-channel
+  --channels plugin:molecule@molecule-channel

 # You should see on stderr:
 #   molecule channel: connected — watching 1 workspace(s) at {{PLATFORM_URL}}
@@ -176,7 +176,7 @@ claude --dangerously-load-development-channels \
 # add the plugin to allowedChannelPlugins in claude.ai admin settings.
 #
 # Multi-workspace: comma-separate IDs and tokens (same order). See
-# https://github.com/Molecule-AI/molecule-mcp-claude-channel for
+# https://git.moleculesai.app/molecule-ai/molecule-mcp-claude-channel for
 # pairing flow, push-mode upgrade, and v0.2 roadmap.

 # Need help?
@@ -258,7 +258,7 @@ claude mcp add molecule -s user -- env \
 // externalPythonTemplate uses molecule-sdk-python's RemoteAgentClient +
 // A2AServer (PR #13 in that repo). Until the SDK cuts a v0.y release
 // to PyPI the snippet pins git+main.
-const externalPythonTemplate = `# pip install 'git+https://github.com/Molecule-AI/molecule-sdk-python.git@main'
+const externalPythonTemplate = `# pip install 'git+https://git.moleculesai.app/molecule-ai/molecule-sdk-python.git@main'

 import asyncio
 from molecule_agent import RemoteAgentClient, A2AServer
@@ -307,7 +307,7 @@ if __name__ == "__main__":
 // A2A traffic into the running hermes gateway as platform messages
 // via the molecule-channel plugin.
 //
-// The plugin (Molecule-AI/hermes-channel-molecule) is a hermes
+// The plugin (molecule-ai/hermes-channel-molecule on Gitea) is a hermes
 // platform adapter that:
 //   1. Spawns ``python -m molecule_runtime.a2a_mcp_server`` as a
 //      stdio MCP subprocess (separate from any hermes-side MCP
@@ -336,7 +336,7 @@ const externalHermesChannelTemplate = `# Hermes channel — bridges this workspa
 #
 # 1. Install the runtime + plugin:
 pip install molecule-ai-workspace-runtime
-pip install 'git+https://github.com/Molecule-AI/hermes-channel-molecule.git'
+pip install 'git+https://git.moleculesai.app/molecule-ai/hermes-channel-molecule.git'

 # 2. Export the workspace credentials:
 export MOLECULE_WORKSPACE_ID={{WORKSPACE_ID}}
@@ -366,7 +366,7 @@ hermes gateway --replace
 # by the plugin's molecule_runtime MCP subprocess).
 #
 # Source + issue tracker:
-# https://github.com/Molecule-AI/hermes-channel-molecule
+# https://git.moleculesai.app/molecule-ai/hermes-channel-molecule

 # Need help?
 #   Documentation: https://doc.moleculesai.app/docs/guides/external-agent-registration
@@ -75,3 +75,46 @@ func TestExternalMcpTemplates_UseMoleculeMcpWrapper(t *testing.T) {
 		}
 	}
 }
+
+// TestExternalTemplates_NoBrokenMoleculeAIGitHubURLs pins the invariant
+// that operator-facing snippets never embed github.com URLs pointing at
+// Molecule-AI repos.
+//
+// Why: the Molecule-AI GitHub org was suspended 2026-05-06 and the
+// canonical SCM is now git.moleculesai.app. Any `pip install
+// git+https://github.com/Molecule-AI/...` or marketplace-add Molecule-AI/
+// URL emitted to an external operator hits a 404 / org-suspended page,
+// breaking onboarding silently. RFC #229 P2-5.
+//
+// Third-party github URLs (gin, openai/codex, NousResearch/hermes-agent
+// upstream issue trackers, npm @openai/codex) remain valid — only
+// Molecule-AI/ paths are broken.
+func TestExternalTemplates_NoBrokenMoleculeAIGitHubURLs(t *testing.T) {
+	templates := map[string]string{
+		"externalCurlTemplate":          externalCurlTemplate,
+		"externalChannelTemplate":       externalChannelTemplate,
+		"externalUniversalMcpTemplate":  externalUniversalMcpTemplate,
+		"externalPythonTemplate":        externalPythonTemplate,
+		"externalHermesChannelTemplate": externalHermesChannelTemplate,
+		"externalCodexTemplate":         externalCodexTemplate,
+		"externalOpenClawTemplate":      externalOpenClawTemplate,
+	}
+	// Substrings that imply the snippet is pointing an operator at the
+	// suspended Molecule-AI GitHub org.
+	bannedSubstrings := []string{
+		"github.com/Molecule-AI/",
+		"github.com/molecule-ai/",
+		// Bare `Molecule-AI/<repo>` form used by `/plugin marketplace add`
+		// resolves through GitHub by default — explicit Gitea URL is
+		// required post-suspension.
+		"marketplace add Molecule-AI/",
+		"marketplace add molecule-ai/",
+	}
+	for name, body := range templates {
+		for _, banned := range bannedSubstrings {
+			if strings.Contains(body, banned) {
+				t.Errorf("%s contains %q — Molecule-AI GitHub org is suspended; use git.moleculesai.app/molecule-ai/<repo> instead (RFC #229 P2-5)", name, banned)
+			}
+		}
+	}
+}
@@ -29,6 +29,7 @@ import (
 	"time"

 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/handlers"
+	"github.com/Molecule-AI/molecule-monorepo/platform/internal/provisioner"
 )

 // DefaultInterval is the polling cadence. Runtime publishes happen at most
@@ -127,20 +128,32 @@ func (w *Watcher) tick(ctx context.Context, fetch digestFetcher) {
 	}
 }

-// remoteDigest queries GHCR for the current manifest digest of the
-// workspace-template-<runtime>:latest image. Uses the Docker Registry V2
-// HTTP API: get a bearer token, then HEAD the manifest.
+// remoteDigest queries the configured registry for the current manifest
+// digest of the workspace-template-<runtime>:latest image. Uses the Docker
+// Registry V2 HTTP API: get a bearer token, then HEAD the manifest.
+//
+// Registry host is resolved from provisioner.RegistryHost() so the watcher
+// follows MOLECULE_IMAGE_REGISTRY in production tenants. Pre-RFC #229 this
+// was hardcoded to ghcr.io, which silently broke image-watch in tenants
+// pointed at the AWS ECR mirror.
 //
 // Auth: if GHCR_USER+GHCR_TOKEN are set, basic-auth the token request
 // (works for both public and private images). If unset, anonymous token
 // (works for public images only — every workspace template is public).
+//
+// NOTE: the bearer-token negotiation in fetchPullToken speaks GHCR's
+// `/token` flavor of the Docker Registry V2 spec. ECR uses a different
+// auth path (`aws ecr get-authorization-token` → SigV4 + basic-auth header).
+// Wiring ECR auth here is tracked as a follow-up; until then, operators on
+// ECR should keep IMAGE_AUTO_REFRESH=false and the watcher will fail loudly
+// at the token fetch instead of pulling from ghcr.io behind their back.
 func (w *Watcher) remoteDigest(ctx context.Context, runtime string) (string, error) {
 	repo := "molecule-ai/workspace-template-" + runtime
 	tok, err := w.fetchPullToken(ctx, repo)
 	if err != nil {
 		return "", fmt.Errorf("pull token: %w", err)
 	}
-	manifestURL := fmt.Sprintf("https://ghcr.io/v2/%s/manifests/latest", repo)
+	manifestURL := fmt.Sprintf("https://%s/v2/%s/manifests/latest", provisioner.RegistryHost(), repo)
 	req, err := http.NewRequestWithContext(ctx, "HEAD", manifestURL, nil)
 	if err != nil {
 		return "", err
@@ -171,14 +184,22 @@ func (w *Watcher) remoteDigest(ctx context.Context, runtime string) (string, err
 	return digest, nil
 }

-// fetchPullToken negotiates a short-lived bearer token from GHCR's token
-// endpoint scoped to repo:pull. GHCR requires a token even for anonymous
-// pulls of public images.
+// fetchPullToken negotiates a short-lived bearer token from the registry's
+// `/token` endpoint scoped to repo:pull. GHCR requires a token even for
+// anonymous pulls of public images.
+//
+// Registry host follows provisioner.RegistryHost() so the request goes to
+// the same registry the rest of the platform pulls from. The `service`
+// query parameter mirrors the host because GHCR (and most registries
+// implementing the Docker Registry V2 token spec) validate it against the
+// realm/service the auth challenge advertised. ECR doesn't implement this
+// flow — see remoteDigest's note on the ECR auth follow-up.
 func (w *Watcher) fetchPullToken(ctx context.Context, repo string) (string, error) {
+	host := provisioner.RegistryHost()
 	q := url.Values{}
-	q.Set("service", "ghcr.io")
+	q.Set("service", host)
 	q.Set("scope", "repository:"+repo+":pull")
-	tokURL := "https://ghcr.io/token?" + q.Encode()
+	tokURL := "https://" + host + "/token?" + q.Encode()
 	req, err := http.NewRequestWithContext(ctx, "GET", tokURL, nil)
 	if err != nil {
 		return "", err
@@ -3,6 +3,9 @@ package imagewatch
 import (
 	"context"
 	"errors"
+	"net/http"
+	"net/http/httptest"
+	"strings"
 	"sync"
 	"testing"

@@ -160,6 +163,100 @@ func TestTick_DigestFetchErrorSkipsRuntime(t *testing.T) {
 	}
 }

+// TestRemoteDigest_RegistryHostFollowsEnv pins the RFC #229 fix: with
+// MOLECULE_IMAGE_REGISTRY pointed at a private mirror, the watcher's HTTP
+// calls (token endpoint + manifest HEAD) must hit that mirror's host, not
+// the hardcoded ghcr.io of the pre-fix code path. We stand up an httptest
+// server, point MOLECULE_IMAGE_REGISTRY at its host, and assert both
+// endpoints get hit on it.
+//
+// Without this test, a future refactor could revert the helper indirection
+// and the watcher would silently go back to talking to ghcr.io even when
+// the platform is configured for ECR — exactly the bug RFC #229 is closing.
+func TestRemoteDigest_RegistryHostFollowsEnv(t *testing.T) {
+	var (
+		mu              sync.Mutex
+		tokenHits       int
+		manifestHits    int
+		lastTokenURL    string
+		lastManifestURL string
+	)
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		mu.Lock()
+		defer mu.Unlock()
+		switch {
+		case strings.HasPrefix(r.URL.Path, "/token"):
+			tokenHits++
+			lastTokenURL = r.URL.String()
+			w.Header().Set("Content-Type", "application/json")
+			_, _ = w.Write([]byte(`{"token":"fake-bearer"}`))
+		case strings.HasPrefix(r.URL.Path, "/v2/") && strings.Contains(r.URL.Path, "/manifests/latest"):
+			manifestHits++
+			lastManifestURL = r.URL.Path
+			w.Header().Set("Docker-Content-Digest", "sha256:cafef00d")
+			w.WriteHeader(http.StatusOK)
+		default:
+			w.WriteHeader(http.StatusNotFound)
+		}
+	}))
+	defer srv.Close()
+
+	// httptest.Server.URL is "http://127.0.0.1:NNNN". RegistryHost() works
+	// over the host:port portion (provisioner.RegistryPrefix takes the env
+	// verbatim), so we strip the scheme and append "/molecule-ai" to mimic
+	// the prefix shape MOLECULE_IMAGE_REGISTRY actually uses in production.
+	host := strings.TrimPrefix(srv.URL, "http://")
+	t.Setenv("MOLECULE_IMAGE_REGISTRY", host+"/molecule-ai")
+
+	w := newTestWatcher(&fakeRefresher{}, "claude-code")
+	// Use the test-server URL scheme by overriding the http client only —
+	// remoteDigest constructs https://<host>/... internally. We need the
+	// watcher to hit our http server, so swap the URL scheme by injecting
+	// a transport that rewrites https→http for this test.
+	w.http = &http.Client{Transport: rewriteToHTTP{}}
+
+	digest, err := w.remoteDigest(context.Background(), "claude-code")
+	if err != nil {
+		t.Fatalf("remoteDigest failed: %v", err)
+	}
+	if digest != "sha256:cafef00d" {
+		t.Errorf("digest: got %q, want sha256:cafef00d", digest)
+	}
+
+	mu.Lock()
+	defer mu.Unlock()
+	if tokenHits != 1 {
+		t.Errorf("token endpoint hits: got %d, want 1 (watcher must hit configured registry, not ghcr.io)", tokenHits)
+	}
+	if manifestHits != 1 {
+		t.Errorf("manifest HEAD hits: got %d, want 1 (watcher must hit configured registry, not ghcr.io)", manifestHits)
+	}
+	// service= query param must reflect the configured host so registries
+	// that validate the param (GHCR-style spec) accept the request.
+	if !strings.Contains(lastTokenURL, "service="+host) && !strings.Contains(lastTokenURL, "service=127.0.0.1") {
+		t.Errorf("token URL service param not host-derived: got %q", lastTokenURL)
+	}
+	wantManifestPath := "/v2/molecule-ai/workspace-template-claude-code/manifests/latest"
+	if lastManifestURL != wantManifestPath {
+		t.Errorf("manifest path: got %q, want %q", lastManifestURL, wantManifestPath)
+	}
+}
+
+// rewriteToHTTP is a tiny RoundTripper that flips https→http so the watcher
+// (which builds https URLs from the configured registry host) can target an
+// httptest.Server that only speaks http. Production code paths still go
+// over https; this is a unit-test seam only.
+type rewriteToHTTP struct{}
+
+func (rewriteToHTTP) RoundTrip(req *http.Request) (*http.Response, error) {
+	if req.URL.Scheme == "https" {
+		clone := req.Clone(req.Context())
+		clone.URL.Scheme = "http"
+		req = clone
+	}
+	return http.DefaultTransport.RoundTrip(req)
+}
+
 func TestShortDigest(t *testing.T) {
 	cases := map[string]string{
 		"sha256:abcdef0123456789":     "sha256:abcdef012345",
@@ -3,6 +3,7 @@ package provisioner
 import (
 	"fmt"
 	"os"
+	"strings"
 )

 // defaultRegistryPrefix is the upstream OSS face for all workspace template
@@ -62,6 +63,32 @@ func RegistryPrefix() string {
 	return defaultRegistryPrefix
 }

+// RegistryHost returns just the registry host portion of RegistryPrefix() —
+// i.e. everything before the first "/" separator. This is the value that
+// belongs in:
+//
+//   - Docker Engine PullOptions.RegistryAuth payloads (`serveraddress` field)
+//     — the engine matches credentials against host, not host+org-path.
+//   - Docker Registry V2 HTTP API base URLs (e.g. `https://<host>/v2/...`)
+//     — the V2 API is host-rooted; the org-path lives in the manifest path.
+//
+// Examples:
+//
+//	"ghcr.io/molecule-ai"                                    → "ghcr.io"
+//	"123456789012.dkr.ecr.us-east-2.amazonaws.com/molecule-ai" → "123456789012.dkr.ecr.us-east-2.amazonaws.com"
+//	"git.moleculesai.app/molecule-ai"                        → "git.moleculesai.app"
+//
+// If RegistryPrefix() ever returns a bare host (no `/`), we return it as-is
+// rather than letting strings.SplitN produce an empty string — defensive
+// against a misconfiguration where the operator sets just the host.
+func RegistryHost() string {
+	prefix := RegistryPrefix()
+	if i := strings.IndexByte(prefix, '/'); i > 0 {
+		return prefix[:i]
+	}
+	return prefix
+}
+
 // RuntimeImage returns the canonical image reference for the given runtime,
 // using the current RegistryPrefix() and the moving `:latest` tag.
 //
@@ -127,6 +127,50 @@ func TestComputeRuntimeImages_ReflectsCurrentEnv(t *testing.T) {
 	}
 }

+// TestRegistryHost_SplitsHostFromOrgPath pins the contract that callers
+// (Docker auth payloads, registry V2 HTTP base URLs) need: the host portion
+// must be free of the "/molecule-ai" org suffix that appears in the
+// pull-prefix form. Pre-RFC #229, ghcr.io was hardcoded in two places
+// (imagewatch + admin_workspace_images auth payload); this helper is the
+// single source they should resolve from.
+func TestRegistryHost_SplitsHostFromOrgPath(t *testing.T) {
+	cases := []struct {
+		name string
+		env  string
+		want string
+	}{
+		{"default GHCR", "", "ghcr.io"},
+		{"AWS ECR mirror", "004947743811.dkr.ecr.us-east-2.amazonaws.com/molecule-ai", "004947743811.dkr.ecr.us-east-2.amazonaws.com"},
+		{"self-hosted Gitea", "git.moleculesai.app/molecule-ai", "git.moleculesai.app"},
+		// Bare host (no /org) — defensive: return as-is rather than empty.
+		{"bare host no org-path", "registry.example.com", "registry.example.com"},
+		// Multi-level org path — split at the first "/" only.
+		{"nested org path", "registry.example.com/org/sub", "registry.example.com"},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Setenv("MOLECULE_IMAGE_REGISTRY", tc.env)
+			got := RegistryHost()
+			if got != tc.want {
+				t.Errorf("RegistryHost() with env=%q: got %q, want %q", tc.env, got, tc.want)
+			}
+		})
+	}
+}
+
+// TestRegistryHost_NeverEmpty — guard against a future refactor accidentally
+// returning "" for some edge env value. An empty serveraddress in the
+// Docker engine auth payload, or an empty host in `https:///v2/...`, would
+// silently break image operations.
+func TestRegistryHost_NeverEmpty(t *testing.T) {
+	for _, env := range []string{"", "ghcr.io/molecule-ai", "/leading-slash", "host-only", "host/with/path"} {
+		t.Setenv("MOLECULE_IMAGE_REGISTRY", env)
+		if got := RegistryHost(); got == "" {
+			t.Errorf("RegistryHost() with env=%q returned empty (would break Docker auth + V2 HTTP)", env)
+		}
+	}
+}
+
 // TestKnownRuntimes_AlphabeticalOrder — pin the order so test snapshots
 // (and human readers diffing the file) see deterministic output. Adding a
 // new runtime out of alphabetical order will fail this test, which is the
@@ -28,7 +28,7 @@ WORKSPACE_ID = _WORKSPACE_ID_raw
 if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_VERSION"):
    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
 else:
-    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://localhost:8080")
+    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")


 async def discover(target_id: str) -> dict | None:
@@ -29,7 +29,7 @@ WORKSPACE_ID = _WORKSPACE_ID_raw
 if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_VERSION"):
    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
 else:
-    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://localhost:8080")
+    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")

 # Cache workspace ID → name mappings (populated by list_peers calls)
 _peer_names: dict[str, str] = {}
@@ -77,16 +77,6 @@ async def delegate_task(workspace_id: str, task: str) -> str:
                return str(result) if isinstance(result, str) else "(no text)"
            elif "error" in data:
                err = data["error"]
-                # Handle both string-form errors ("error": "some string")
-                # and object-form errors ("error": {"message": "...", "code": ...}).
-                msg = ""
-                if isinstance(err, dict):
-                    msg = err.get("message", "")
-                elif isinstance(err, str):
-                    msg = err
-                else:
-                    msg = str(err)
-                return f"Error: {msg}"
                msg = ""
                if isinstance(err, dict):
                    msg = err.get("message", "")
@@ -54,6 +54,16 @@ import httpx

 logger = logging.getLogger(__name__)

+
+def _platform_url() -> str:
+    """Return the platform URL, defaulting to host.docker.internal when running
+    inside a Docker container (where localhost refers to the container, not the
+    host).  External callers can always override via the PLATFORM_URL env var.
+    """
+    if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_VERSION"):
+        return os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
+    return os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
+
 # ─────────────────────────────────────────────────────────────────────────────
 # Constants
 # ─────────────────────────────────────────────────────────────────────────────
@@ -79,12 +89,12 @@ async def _fetch_latest_checkpoint(workspace_id: str) -> Optional[dict]:
        workspace_id: The workspace to query.

    Reads:
-        PLATFORM_URL  Platform base URL (default ``http://localhost:8080``).
+        PLATFORM_URL  Platform base URL (default ``http://host.docker.internal:8080``).
    """
    try:
        from platform_auth import auth_headers as _auth_headers  # type: ignore[import]

-        platform_url = os.environ.get("PLATFORM_URL", "http://localhost:8080")
+        platform_url = _platform_url()
        url = f"{platform_url}/workspaces/{workspace_id}/checkpoints/latest"
        async with httpx.AsyncClient(timeout=5.0) as client:
            resp = await client.get(url, headers=_auth_headers())
@@ -125,12 +135,12 @@ async def _save_checkpoint(
        payload:       Optional JSON-serialisable dict stored as JSONB.

    Reads:
-        PLATFORM_URL   Platform base URL (default ``http://localhost:8080``).
+        PLATFORM_URL   Platform base URL (default ``http://host.docker.internal:8080``).
    """
    try:
        from platform_auth import auth_headers as _auth_headers  # type: ignore[import]

-        platform_url = os.environ.get("PLATFORM_URL", "http://localhost:8080")
+        platform_url = _platform_url()
        url = f"{platform_url}/workspaces/{workspace_id}/checkpoints"
        body: dict = {
            "workflow_id": workflow_id,
@@ -21,7 +21,7 @@ logger = logging.getLogger(__name__)
 if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_VERSION"):
    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
 else:
-    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://localhost:8080")
+    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
 _WORKSPACE_ID_raw = os.environ.get("WORKSPACE_ID")
 if not _WORKSPACE_ID_raw:
    raise RuntimeError("WORKSPACE_ID environment variable is required but not set")
@@ -25,7 +25,7 @@ logger = logging.getLogger(__name__)
 if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_VERSION"):
    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
 else:
-    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://localhost:8080")
+    PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
 _WORKSPACE_ID_raw = os.environ.get("WORKSPACE_ID")
 if not _WORKSPACE_ID_raw:
    raise RuntimeError("WORKSPACE_ID environment variable is required but not set")
@@ -63,7 +63,7 @@ async def main():  # pragma: no cover
    if os.path.exists("/.dockerenv") or os.environ.get("DOCKER_VERSION"):
        platform_url = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
    else:
-        platform_url = os.environ.get("PLATFORM_URL", "http://localhost:8080")
+        platform_url = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
    awareness_config = get_awareness_config()

    # 0. Initialise OpenTelemetry (no-op if packages not installed)
@@ -51,22 +51,32 @@ class AdaptorSource:

 def _load_module_from_path(module_name: str, path: Path):
    """Import a Python file by absolute path. Returns the module or None on failure."""
-    # Ensure the plugins_registry package and its submodules are importable in the
-    # fresh module namespace created by module_from_spec().  Plugin adapters
-    # (molecule-skill-*/adapters/*.py) use "from plugins_registry.builtins import ..."
-    # which requires plugins_registry and its submodules to already be in sys.modules.
-    # We import and register them before exec_module so the plugin's own
-    # from ... import statements resolve correctly.
-    import sys
-    import plugins_registry
-    sys.modules.setdefault("plugins_registry", plugins_registry)
-    for _sub in ("builtins", "protocol", "raw_drop"):
+
+    # KI-296: Before exec'ing plugin-adapter files (which import
+    # ``from plugins_registry import ...`` as a top-level name), register
+    # the molecule-runtime subpackage as ``plugins_registry`` in sys.modules.
+    # In the molecule-core workspace source this is already a top-level package,
+    # so the setdefault is a no-op. In the PyPI-installed runtime wheel
+    # (molecule-ai-workspace-runtime 0.1.129+), the package ships as
+    # ``molecule_runtime.plugins_registry`` and without this shim every
+    # plugin adapter would fail with ModuleNotFoundError.
+    import sys as _sys
+
+    if "plugins_registry" not in _sys.modules:
        try:
-            sub = importlib.import_module(f"plugins_registry.{_sub}")
-            sys.modules.setdefault(f"plugins_registry.{_sub}", sub)
-        except Exception:
-            # Submodule may not exist in all versions; skip if absent.
+            _mr_pr = __import__("molecule_runtime.plugins_registry", fromlist=[""])
+            _sys.modules["plugins_registry"] = _mr_pr
+            # Also register submodules the adapters commonly import directly.
+            for _sub in ("builtins", "protocol", "raw_drop"):
+                _submod = getattr(_mr_pr, _sub, None)
+                if _submod is not None:
+                    _sys.modules[f"plugins_registry.{_sub}"] = _submod
+        except ImportError:
+            # molecule-runtime not installed (e.g. test environment with
+            # workspace/ on sys.path directly) — skip shim; the top-level
+            # workspace/plugins_registry package is already findable.
            pass
+
    spec = importlib.util.spec_from_file_location(module_name, path)
    if spec is None or spec.loader is None:
        return None
@@ -1,60 +0,0 @@
-"""Tests for _load_module_from_path sys.modules injection fix (issue #296).
-
-Verifies that plugin adapters using "from plugins_registry.builtins import ..."
-can be loaded via _load_module_from_path() without ModuleNotFoundError.
-"""
-import sys
-import tempfile
-import os
-from pathlib import Path
-
-# Ensure the plugins_registry package is importable
-import plugins_registry
-
-from plugins_registry import _load_module_from_path
-
-
-def test_load_adapter_with_plugins_registry_import():
-    """Plugin adapter using 'from plugins_registry.builtins import ...' loads cleanly."""
-    # Write a temp adapter file that does the exact import from the bug report.
-    with tempfile.NamedTemporaryFile(
-        mode="w", suffix=".py", delete=False, dir=tempfile.gettempdir()
-    ) as f:
-        f.write("from plugins_registry.builtins import AgentskillsAdaptor as Adaptor\n")
-        f.write("assert Adaptor is not None\n")
-        adapter_path = Path(f.name)
-
-    try:
-        module = _load_module_from_path("test_adapter", adapter_path)
-        assert module is not None, "module should load without error"
-        assert hasattr(module, "Adaptor"), "module should expose Adaptor"
-    finally:
-        os.unlink(adapter_path)
-
-
-def test_load_adapter_with_full_plugins_registry_import():
-    """Plugin adapter using 'from plugins_registry import ...' loads cleanly."""
-    with tempfile.NamedTemporaryFile(
-        mode="w", suffix=".py", delete=False, dir=tempfile.gettempdir()
-    ) as f:
-        f.write("from plugins_registry import InstallContext, resolve\n")
-        f.write("from plugins_registry.protocol import PluginAdaptor\n")
-        f.write("assert InstallContext is not None\n")
-        f.write("assert resolve is not None\n")
-        f.write("assert PluginAdaptor is not None\n")
-        adapter_path = Path(f.name)
-
-    try:
-        module = _load_module_from_path("test_adapter_full", adapter_path)
-        assert module is not None, "module should load without error"
-        assert hasattr(module, "InstallContext"), "module should expose InstallContext"
-        assert hasattr(module, "resolve"), "module should expose resolve"
-        assert hasattr(module, "PluginAdaptor"), "module should expose PluginAdaptor"
-    finally:
-        os.unlink(adapter_path)
-
-
-if __name__ == "__main__":
-    test_load_adapter_with_plugins_registry_import()
-    test_load_adapter_with_full_plugins_registry_import()
-    print("ALL TESTS PASS")
@@ -325,3 +325,44 @@ def test_resolve_registry_missing_module_falls_through(monkeypatch, tmp_path: Pa
    monkeypatch.setattr(pr, "_REGISTRY_ROOT", tmp_path / "empty-registry")
    _, source = pr.resolve("demo-plugin", "test_runtime", plugin_root)
    assert source == AdaptorSource.RAW_DROP
+
+
+def test_load_module_from_path_registers_plugins_registry_sys_modules(tmp_path: Path):
+    """KI-296: _load_module_from_path registers ``plugins_registry`` in sys.modules
+    before exec'ing the adapter, so adapter files that do
+    ``from plugins_registry import ...`` resolve correctly when the runtime is
+    installed from the PyPI wheel (where the package ships as
+    ``molecule_runtime.plugins_registry`` rather than a top-level ``plugins_registry``).
+    """
+    import sys as _sys
+    import plugins_registry as pr
+
+    # Create a fake adapter that imports plugins_registry at top level.
+    adapter_file = tmp_path / "fake_runtime_adapter.py"
+    adapter_file.write_text(
+        "from plugins_registry import InstallContext  # noqa: F401\n"
+        "from plugins_registry.builtins import AgentskillsAdaptor as Adaptor  # noqa: F401\n"
+    )
+
+    # Evict any pre-existing sys.modules entries for the shim keys so the
+    # import inside _load_module_from_path actually runs.
+    _saved = {
+        k: _sys.modules.pop(k, None)
+        for k in (
+            "plugins_registry", "plugins_registry.builtins",
+            "plugins_registry.protocol", "plugins_registry.raw_drop",
+            "_plugin_adaptor.test.fake_runtime",
+        )
+    }
+
+    try:
+        result = pr._load_module_from_path("_plugin_adaptor.test.fake_runtime", adapter_file)
+        assert result is not None, "module should load without ImportError"
+        assert hasattr(result, "Adaptor"), "AgentskillsAdaptor alias should be in namespace"
+    finally:
+        # Restore sys.modules state.
+        for k, v in _saved.items():
+            if v is None:
+                _sys.modules.pop(k, None)
+            else:
+                _sys.modules[k] = v
@@ -1,266 +0,0 @@
-"""Tests for shared_runtime helper functions.
-
-Covers the untested helpers in shared_runtime.py:
- _extract_part_text
- extract_message_text
- format_conversation_history
- build_task_text
- append_peer_guidance
- brief_task
-
-Does NOT cover set_current_task (async, covered in test_a2a_executor.py).
-"""
-
-from __future__ import annotations
-
-import sys
-
-# Ensure the workspace root is on the path so 'shared_runtime' resolves
-_ws_root = __file__.rsplit("/tests/", 1)[0]
-if _ws_root not in sys.path:
-    sys.path.insert(0, _ws_root)
-
-from shared_runtime import (
-    _extract_part_text,
-    extract_message_text,
-    format_conversation_history,
-    build_task_text,
-    append_peer_guidance,
-    brief_task,
-)
-
-
-# ─── _extract_part_text ──────────────────────────────────────────────────────
-
-class TestExtractPartText:
-    def test_dict_with_text(self):
-        assert _extract_part_text({"text": "hello world"}) == "hello world"
-
-    def test_dict_with_nested_root_text(self):
-        assert _extract_part_text({"root": {"text": "nested text"}}) == "nested text"
-
-    def test_dict_prefers_text_over_root(self):
-        # When both text and root exist, text wins (outer text)
-        assert _extract_part_text({"text": "outer", "root": {"text": "inner"}}) == "outer"
-
-    def test_dict_empty_text_and_root(self):
-        assert _extract_part_text({"kind": "text"}) == ""
-
-    def test_dict_missing_fields(self):
-        assert _extract_part_text({"kind": "image"}) == ""
-
-    def test_dict_mixed_with_extra_fields(self):
-        assert _extract_part_text({"kind": "text", "text": "foo", "url": "http://..."}) == "foo"
-
-    def test_object_with_text_attribute(self):
-        class PartObj:
-            text = "object text"
-
-        assert _extract_part_text(PartObj()) == "object text"
-
-    def test_object_with_root_text_attribute(self):
-        class RootObj:
-            text = "root object text"
-
-        class PartObj:
-            root = RootObj()
-
-        assert _extract_part_text(PartObj()) == "root object text"
-
-    def test_object_empty_text(self):
-        class EmptyObj:
-            text = ""
-
-        assert _extract_part_text(EmptyObj()) == ""
-
-    def test_object_no_text_or_root(self):
-        class NoTextObj:
-            pass
-
-        assert _extract_part_text(NoTextObj()) == ""
-
-    def test_none_like(self):
-        assert _extract_part_text(None) == ""
-
-
-# ─── extract_message_text ────────────────────────────────────────────────────
-
-class TestExtractMessageText:
-    def test_list_of_dict_parts(self):
-        parts = [{"text": "hello"}, {"text": "world"}]
-        assert extract_message_text(parts) == "hello world"
-
-    def test_single_part(self):
-        parts = [{"text": "only one"}]
-        assert extract_message_text(parts) == "only one"
-
-    def test_empty_list(self):
-        assert extract_message_text([]) == ""
-
-    def test_none_parts(self):
-        assert extract_message_text(None) == ""
-
-    def test_object_with_message_parts(self):
-        """Object with .message.parts attribute (A2A RequestContext pattern)."""
-        msg = type("Message", (), {"parts": [{"text": "from context"}, {"text": "message"}]})()
-        ctx = type("Context", (), {"message": msg})()
-        assert extract_message_text(ctx) == "from context message"
-
-    def test_joins_with_single_space(self):
-        # Inter-part join uses single space; internal whitespace within parts is preserved
-        parts = [{"text": "hello"}, {"text": "world"}]
-        assert extract_message_text(parts) == "hello world"
-
-    def test_preserves_within_part_whitespace(self):
-        parts = [{"text": "  spaced  "}, {"text": "\ttext\t"}]
-        # Leading/trailing whitespace stripped; internal whitespace within parts preserved
-        assert extract_message_text(parts) == "spaced   \ttext"
-
-    def test_skips_parts_without_text(self):
-        parts = [{"kind": "image"}, {"text": "visible"}, {"url": "http://x"}]
-        assert extract_message_text(parts) == "visible"
-
-
-# ─── format_conversation_history ──────────────────────────────────────────────
-
-class TestFormatConversationHistory:
-    def test_empty_history(self):
-        assert format_conversation_history([]) == ""
-
-    def test_single_user_message(self):
-        result = format_conversation_history([("human", "hello")])
-        assert "User: hello" in result
-
-    def test_single_agent_message(self):
-        result = format_conversation_history([("ai", "hi there")])
-        assert "Agent: hi there" in result
-
-    def test_interleaved_history(self):
-        history = [
-            ("human", "first"),
-            ("ai", "response one"),
-            ("human", "second"),
-            ("ai", "response two"),
-        ]
-        result = format_conversation_history(history)
-        lines = result.strip().split("\n")
-        assert len(lines) == 4
-        assert lines[0] == "User: first"
-        assert lines[1] == "Agent: response one"
-        assert lines[2] == "User: second"
-        assert lines[3] == "Agent: response two"
-
-
-# ─── build_task_text ──────────────────────────────────────────────────────────
-
-class TestBuildTaskText:
-    def test_no_history_returns_user_message(self):
-        assert build_task_text("hello", []) == "hello"
-
-    def test_history_prepends_transcript(self):
-        history = [("human", "hi"), ("ai", "hello")]
-        result = build_task_text("send email", history)
-        assert "Conversation so far:" in result
-        assert "User: hi" in result
-        assert "Agent: hello" in result
-        assert "Current request: send email" in result
-
-    def test_empty_history_returns_user_message(self):
-        # Empty list should behave like no history
-        assert build_task_text("hello", []) == "hello"
-
-    def test_single_history_entry(self):
-        result = build_task_text("bye", [("human", "last")])
-        assert "User: last" in result
-        assert "Current request: bye" in result
-
-
-# ─── append_peer_guidance ─────────────────────────────────────────────────────
-
-class TestAppendPeerGuidance:
-    def test_no_base_text_uses_default(self):
-        result = append_peer_guidance(
-            None,
-            "peer info here",
-            default_text="default",
-            tool_name="delegate_task",
-        )
-        assert "peer info here" in result
-        assert "## Peers" in result
-        assert "delegate_task" in result
-        assert "default" in result
-
-    def test_base_text_preserved(self):
-        result = append_peer_guidance(
-            "my prompt",
-            "peer info",
-            default_text="fallback",
-            tool_name="delegate_task",
-        )
-        assert "my prompt" in result
-        assert "## Peers" in result
-
-    def test_empty_peers_info_skipped(self):
-        result = append_peer_guidance(
-            "my prompt",
-            "",
-            default_text="fallback",
-            tool_name="delegate_task",
-        )
-        assert result == "my prompt"
-
-    def test_whitespace_trimmed(self):
-        result = append_peer_guidance(
-            "  prompt  ",
-            " peers ",
-            default_text="fallback",
-            tool_name="delegate_task",
-        )
-        # Should not double-space
-        assert "  " not in result
-
-    def test_tool_name_injected(self):
-        result = append_peer_guidance(
-            None,
-            "peer info",
-            default_text="default",
-            tool_name="my_tool",
-        )
-        assert "my_tool" in result
-
-
-# ─── brief_task ───────────────────────────────────────────────────────────────
-
-class TestBriefTask:
-    def test_short_text_unchanged(self):
-        assert brief_task("hello world") == "hello world"
-
-    def test_exactly_at_limit(self):
-        text = "a" * 60
-        assert brief_task(text) == text
-
-    def test_over_limit_truncates(self):
-        text = "a" * 100
-        result = brief_task(text)
-        assert len(result) == 63  # 60 + "..."
-        assert result.endswith("...")
-
-    def test_under_limit_no_ellipsis(self):
-        text = "a" * 59
-        result = brief_task(text)
-        assert result == text
-        assert "..." not in result
-
-    def test_default_limit_60(self):
-        text = "a" * 70
-        result = brief_task(text, limit=60)
-        assert len(result) == 63
-
-    def test_custom_limit(self):
-        text = "a" * 20
-        result = brief_task(text, limit=10)
-        assert len(result) == 13  # 10 + "..."
-
-    def test_empty_string(self):
-        assert brief_task("") == ""
-        assert brief_task("") == ""  # no ellipsis for empty
Author	SHA1	Message	Date
infra-runtime-be	2e0080fb0b	fix(workspace): register plugins_registry as sys.modules shim before loading adapters Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 1s Details sop-tier-check / tier-check (pull_request) Failing after 1s Details audit-force-merge / audit (pull_request) Has been skipped Details KI-296 fix: when the PyPI-installed runtime (molecule-ai-workspace-runtime 0.1.129+) ships plugins_registry as molecule_runtime.plugins_registry (a subpackage), plugin adapter files that do ``from plugins_registry import ...`` as a top-level name fail with ModuleNotFoundError because Python's import system cannot find a top-level ``plugins_registry`` package. The fix in plugins_registry/__init__.py:_load_module_from_path() registers molecule_runtime.plugins_registry as ``plugins_registry`` in sys.modules before exec'ing any plugin adapter file, so the top-level import resolves correctly in both environments: - PyPI wheel (molecule_runtime.plugins_registry → sys.modules["plugins_registry"]) - molecule-core workspace source (top-level workspace/plugins_registry already on sys.path; the setdefault is a no-op) Submodules (builtins, protocol, raw_drop) are also registered so adapters that import ``from plugins_registry.builtins import ...`` work without error. Added test_load_module_from_path_registers_plugins_registry_sys_modules. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 14:55:05 +00:00
infra-runtime-be	75b5901d57	fix(workspace): default PLATFORM_URL to host.docker.internal in all modules KI-014 follow-on: inside a workspace container, localhost refers to the container itself, not the platform. Four files had the Docker-aware if-branch correct but fell through to localhost:8080 as the non-Docker fallback — effectively making the Docker path the ONLY path that works, since local dev on Mac/Linux can also resolve host.docker.internal via the Docker daemon's built-in resolver. Fix: unify the default to host.docker.internal in both branches, so the env-var override always works and no caller ever silently falls back to the wrong address. - a2a_cli.py: else branch hardcoded localhost → host.docker.internal - consolidation.py: same - coordinator.py: same - builtin_tools/temporal_workflow.py: two inline os.environ.get defaults replaced with a _platform_url() helper for DRY + consistent detection Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 14:55:05 +00:00
core-devops	7ad26f4a7c	Merge pull request '[infra-lead-agent] fix(ci): clone-manifest.sh retry+backoff — CI-infra carve-out to main (parallel to PR #298 )' (#316 ) from fix/publish-workspace-server-ci-clone-manifest-retry-main into main publish-workspace-server-image / build-and-push (push) Failing after 1s Details Secret scan / Scan diff for credential-shaped strings (push) Failing after 1s Details	2026-05-10 14:43:23 +00:00
core-devops	a9265f0a19	Merge main into fix/publish-workspace-server-ci-clone-manifest-retry-main sop-tier-check / tier-check (pull_request) Bypassed — Gitea Actions runner unavailable Details Secret scan / Scan diff for credential-shaped strings (pull_request) Bypassed — Gitea Actions runner unavailable Details audit-force-merge / audit (pull_request) Failing after 1s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 14:42:59 +00:00
core-devops	ffb1b8eb35	Merge pull request 'infra: pin all compose file image digests' (#303 ) from infra/pin-compose-image-digests into main Secret scan / Scan diff for credential-shaped strings (push) Failing after 1s Details	2026-05-10 14:19:36 +00:00
core-devops	aded61038f	[core-devops-agent] track PR #303 status Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 2s Details sop-tier-check / tier-check (pull_request) Failing after 4s Details audit-force-merge / audit (pull_request) Failing after 2s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 13:56:29 +00:00
core-devops	9f263cec9b	[core-devops-agent] force re-trigger: nudge SOP tier-check run sop-tier-check / tier-check (pull_request) Failing after 1s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 2s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 13:28:37 +00:00
core-devops	969edba572	Merge branch 'main' into infra/pin-compose-image-digests audit-force-merge / audit (pull_request) Has been skipped Details Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 2s Details sop-tier-check / tier-check (pull_request) Failing after 2s Details	2026-05-10 13:18:18 +00:00
infra-lead	75e6bfe7cc	[infra-lead-agent] fix(ci): clone-manifest.sh retry+backoff — CI-infra carve-out to main (parallel to PR #298 ) sop-tier-check / tier-check (pull_request) Bypassed — Gitea Actions runner unavailable Details Secret scan / Scan diff for credential-shaped strings (pull_request) Bypassed — Gitea Actions runner unavailable Details Ports the bounded retry+backoff around each `git clone` in scripts/clone-manifest.sh onto main, mirroring PR #298 which landed the same change on staging. CI-infra carve-out: publish-workspace-server-image.yml fires on `push: branches:[main]`, so the retry mitigation must be on main for the workflow to be resilient to the OOM-killed-git-mid-clone flake (`error: git-remote-https died of signal 9`, run 4622) when triggered by a main push. Same one-file change as #298 (+45/-5), POSIX-sh, sh -n clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 13:15:44 +00:00
hongming-pc2	f34cc2783a	Merge pull request 'ci: add Docker daemon health-check step before build' (#285 ) from ci/docker-daemon-health-guard into main Secret scan / Scan diff for credential-shaped strings (push) Waiting to run Details publish-workspace-server-image / build-and-push (push) Failing after 1s Details	2026-05-10 12:54:16 +00:00
infra-sre	6d94fd3077	fix(ci): scope trigger to main only — revert accidental staging push addition audit-force-merge / audit (pull_request) Failing after 1s Details The Docker daemon health-check fix should not change which branches trigger the build. Revert accidental addition of 'staging' to branch filters. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 12:08:34 +00:00
infra-sre	8b6a11ccc7	fix(ci): restore SHA-pins that were accidentally reverted to mutable tags Reverts two accidental mutable-tag changes introduced in this branch: - pypa/gh-action-pypi-publish: release/v1 -> cef22109... (matches #276 intent) - actions/checkout: @v6 -> de0fac2e... (matches #276 intent) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 12:08:07 +00:00
core-devops	40736a41e1	infra: pin all compose file image digests Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 3s Details sop-tier-check / tier-check (pull_request) Failing after 2s Details Replace mutable tags (postgres:16-alpine, redis:7-alpine, clickhouse/clickhouse-server:24-alpine, temporalio/auto-setup:1.25, temporalio/ui:2.31.2, langfuse/langfuse:2, litellm:main-latest, ollama:latest) with pinned SHA256 digests fetched from Docker Hub / GHCR. Rationale: mutable image tags can silently resolve to a different image over time, creating supply-chain risk. Digest-pinning ensures the exact image content runs every time. Refresh procedure documented in comments above each image line: - Docker Hub: curl https://hub.docker.com/v2/repositories/<img>/tags/<tag> - GHCR: curl -sI https://ghcr.io/v2/<owner>/<repo>/manifests/<tag> Remaining: canvas ECR image (requires AWS credentials to fetch digest). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 12:06:10 +00:00
core-devops	8af1eb6774	ci: add Docker daemon health-check to canvas image workflow Cover the canvas image publish workflow with the same `docker info` guard added to publish-workspace-server-image.yml (commit `5216e781`). publish-canvas-image.yml was the only docker-build workflow still missing the step. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 12:00:47 +00:00
core-be	14287ab1e9	Merge pull request 'fix(workspace-server): emit Gitea/PyPI URLs for external user instructions (RFC #229 P2-5)' (#295 ) from fix/external-connection-user-facing-urls into main publish-workspace-server-image / build-and-push (push) Waiting to run Details Secret scan / Scan diff for credential-shaped strings (push) Waiting to run Details	2026-05-10 11:43:10 +00:00
claude-ceo-assistant	65f9df24b8	Merge branch 'main' into fix/external-connection-user-facing-urls Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 32s Details sop-tier-check / tier-check (pull_request) Successful in 33s Details audit-force-merge / audit (pull_request) Failing after 2s Details	2026-05-10 11:37:44 +00:00
claude-ceo-assistant	a8bdeb033f	merge: RFC #229 P2-batch Secret scan / Scan diff for credential-shaped strings (push) Successful in 38s Details publish-workspace-server-image / build-and-push (push) Successful in 9m22s Details Auto-merge per Hongming policy.	2026-05-10 11:34:06 +00:00
claude-ceo-assistant	b34ec9f1e2	Merge branch 'main' into fix/external-connection-user-facing-urls Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 30s Details sop-tier-check / tier-check (pull_request) Successful in 30s Details	2026-05-10 11:32:26 +00:00
claude-ceo-assistant	d278c22a82	Merge branch 'main' into fix/workspace-server-registry-config-helper Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 33s Details sop-tier-check / tier-check (pull_request) Successful in 36s Details audit-force-merge / audit (pull_request) Successful in 35s Details	2026-05-10 11:31:49 +00:00
core-be	a355b6f0ad	fix(workspace-server): emit Gitea/PyPI URLs for external user instructions (RFC #229 P2-5) audit-force-merge / audit (pull_request) Has been skipped Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s Details sop-tier-check / tier-check (pull_request) Successful in 23s Details The Molecule-AI GitHub org was suspended 2026-05-06; canonical SCM is now git.moleculesai.app. external_connection.go was still emitting github.com URLs in operator-facing copy-paste blocks, breaking external-agent onboarding silently. Per-site decisions (8 emit sites in 1 file): - L124 (channel template doc comment): swap source-of-truth comment to Gitea host. - L137 /plugin marketplace add Molecule-AI/...: swap to explicit Gitea HTTPS URL form. End-to-end-verified path per internal#37 § 1.A. - L138 /plugin install molecule@molecule-mcp-claude-channel: marketplace name is molecule-channel (per remote .claude-plugin/marketplace.json), not the repo name. Fix to molecule@molecule-channel. - L157 --channels plugin:molecule@molecule-mcp-claude-channel: same marketplace-name fix. - L179 user-facing GitHub URL: swap to Gitea. - L261 pip install git+https://github.com/Molecule-AI/molecule-sdk-python: not on PyPI; swap to git+https://git.moleculesai.app/molecule-ai/... - L310 hermes-channel doc comment: swap source-of-truth comment. - L339 pip install git+https://github.com/Molecule-AI/hermes-channel-molecule: not on PyPI; swap to Gitea. - L369 issue-tracker URL: swap to Gitea. Verification: - molecule-ai-workspace-runtime, codex-channel-molecule are on PyPI (200); no swap needed for those pip lines (they were already package-name form). - molecule-mcp-claude-channel, molecule-sdk-python, hermes-channel-molecule are NOT on PyPI; swapped to git+https://git.moleculesai.app/molecule-ai/ form. All three repos are public on Gitea (default branch main) and serve git-upload-pack unauthenticated (verified curl 200 against /info/refs?service=git-upload-pack). - Third-party github URLs (gin import, openai/codex, NousResearch/ hermes-agent upstream issue trackers, npm @openai/codex) intentionally preserved. Adds TestExternalTemplates_NoBrokenMoleculeAIGitHubURLs regression guard to prevent the same broken URLs from re-emerging on future template edits. go vet / go build / existing TestExternal* — all clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-10 04:23:46 -07:00
core-be	0846ebc1f6	fix(workspace-server): respect MOLECULE_IMAGE_REGISTRY in imagewatch + admin_workspace_images (RFC #229 P2-4) audit-force-merge / audit (pull_request) Has been skipped Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 24s Details sop-tier-check / tier-check (pull_request) Successful in 26s Details Two surfaces in workspace-server hardcoded `ghcr.io` and silently bypassed the `MOLECULE_IMAGE_REGISTRY` env override that flips every other image operation to the configured private mirror (e.g. AWS ECR in production): 1. internal/imagewatch/watch.go — image-auto-refresh polled `https://ghcr.io/v2/...` and `https://ghcr.io/token` directly. Post- suspension, with the platform pointed at ECR, the watcher silently stopped seeing digest changes (every poll either 404'd or hung on a registry it has no business talking to). 2. internal/handlers/admin_workspace_images.go — Docker Engine auth payload pinned `serveraddress: "ghcr.io"`, so when the operator sets `MOLECULE_IMAGE_REGISTRY=…ecr…/molecule-ai` the engine matched the wrong credential entry on every authenticated pull. Fix: extract `provisioner.RegistryHost()` returning the host portion of `RegistryPrefix()` (e.g. `ghcr.io` ← `ghcr.io/molecule-ai`, or `004947743811.dkr.ecr.us-east-2.amazonaws.com` ← the ECR mirror prefix), and route both surfaces through it. Default behavior is unchanged for OSS users on GHCR. Tests - New `TestRegistryHost_SplitsHostFromOrgPath` and `TestRegistryHost_NeverEmpty` pin the helper across GHCR / ECR / self-hosted Gitea / bare-host edge cases. - New `TestGHCRAuthHeader_RespectsRegistryEnv` asserts the Docker auth payload's `serveraddress` follows MOLECULE_IMAGE_REGISTRY (and never leaks the org-path suffix). - New `TestRemoteDigest_RegistryHostFollowsEnv` stands up an httptest server, points MOLECULE_IMAGE_REGISTRY at it, and confirms both the token endpoint and the manifest HEAD land there — i.e. the full image- watch loop respects the env override end-to-end. Both new tests were verified to FAIL on the pre-fix code path before the helper was wired in, so a future revert can't silently re-introduce the bug. Out of scope (followup needed) ECR uses `aws ecr get-authorization-token` (SigV4 + basic-auth) instead of GHCR's `/token?service=…&scope=…` flow. This PR makes the URL host- configurable; the bearer-token negotiation in `fetchPullToken` still speaks the GHCR flavor. On ECR with `IMAGE_AUTO_REFRESH=true`, the watcher will now fail loudly at the token fetch (logged per tick) rather than silently hitting ghcr.io. Operators on ECR should keep IMAGE_AUTO_REFRESH=false until ECR auth is wired — tracked as a separate task. Net effect of this PR alone is strictly better than pre-fix: fail-loud > silent-broken. Refs: RFC #229 P2-4 tier:low Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-10 04:21:27 -07:00
infra-sre	5216e781cd	ci: add Docker daemon health-check step before build sop-tier-check / tier-check (pull_request) Failing after 15s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s Details Run `docker info` as the first CI step to catch runner Docker socket permission issues (docker.sock unreadable, daemon restarted, group membership drift) before the expensive `docker build` step. The error now surfaces immediately with a clear `::error::` message rather than silently continuing into `docker build` where the same failure would appear 60-90s later as a cryptic ECR auth error. Gitea Actions run 4350 (2026-05-10 05:58 UTC) is the trigger: the runner's docker.sock became inaccessible for ~6 minutes, `docker build` failed at step 2 with `permission denied...docker.sock`, and `go build` (step 3) was never reached — masking the compile errors that were already on main. The downstream code errors only surfaced once run 4407 succeeded at `docker build` and finally reached `go build`. Now: `docker info` → fail in ~1s with actionable error. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 10:01:01 +00:00