molecule-ai/molecule-core
49
0
Fork 2
Code Issues 146 Pull Requests 159 Actions 5 Packages Projects Releases Wiki Activity

fix(canvas): extend mc#1535 per-workspace MCP slug to codex/openclaw/hermes/kimi (multi-workspace class sweep) #1536

Merged
hongming merged 1 commits from fix/multi-workspace-install-snippets-class-sweep into main 2026-05-19 00:28:47 +00:00
Conversation 2 Commits 1 Files Changed 4
+135 -40
core-devops commented 2026-05-18 23:06:22 +00:00
Member
Copy Link
Copy Source

Summary

mc#1535 fixed claude mcp add moleculeclaude mcp add molecule-<slug> for the Universal MCP snippet. The same per-session-overwrite equivalence-class bug exists in EVERY OTHER runtime tab the Canvas modal renders (each MCP host keys config by name, all 5 templates hardcoded molecule). This PR extends mc#1535's existing {{MCP_SERVER_NAME}} placeholder + mcpServerNameForWorkspace() helper into the remaining 4 runtime templates so multi-workspace install works out-of-the-box for every host, not just Claude Code.

CTO 2026-05-18 22:43Z: "其实是我们没有做好instruction,这个得补充".

Gap matrix swept by this PR

Runtime tab Config key collision shape Fix
codex TOML [mcp_servers.molecule] duplicate-table stamp [mcp_servers.{{MCP_SERVER_NAME}}] + .env table
openclaw openclaw mcp set molecule overwrites ~/.openclaw/mcp/molecule.json stamp openclaw mcp set {{MCP_SERVER_NAME}}
hermes YAML plugin_platforms.molecule: duplicate-key stamp plugin_platforms.{{MCP_SERVER_NAME}}:
kimi single ~/.molecule-ai/kimi-workspace/ dir overwrites env/bridge stamp ~/.molecule-ai/kimi-{{MCP_SERVER_NAME}}/

Token-scoping check

Each template's MOLECULE_WORKSPACE_TOKEN was already per-workspace minted (Rotate/Create path mc#1535 audited). No change to token plumbing.

Open-source-templates cleanliness check

Templates live in the PRIVATE molecule-core repo (Canvas modal generator). No new git.moleculesai.app or .moleculesai.app literal added. Pre-existing git+https://git.moleculesai.app/.../hermes-channel-molecule.git in the hermes template stays — it points at a public hermes-side plugin and is its canonical URL. The open-source-template-no-hardcoded-org-internals rule (feedback_open_source_templates_no_hardcoded_org_internals.md) applies to template-codex/template-hermes/template-openclaw — separate public repos, not touched here.

Test plan

  • go test ./internal/handlers/ -run TestBuildExternalConnectionPayload — 5/5 green, including new _AllRuntimeSnippetsAreWorkspaceUnique.
  • go test ./internal/handlers/ full package — 15.9s green.
  • go vet ./internal/handlers/ clean.
  • Manual (post-merge of mc#1535): create two external workspaces on staging, paste each tab's snippet to its host, verify both coexist.

Sequencing

Branch base is fix/add-to-claude-code-unique-server-name-per-workspace (mc#1535). This PR reuses mc#1535's {{MCP_SERVER_NAME}} plumbing + BuildExternalConnectionPayload(workspaceName) signature. After mc#1535 merges, this PR retargets cleanly to main (no conflict expected — disjoint template strings).

Files

  • workspace-server/internal/handlers/external_connection.go (4 templates + headers)
  • workspace-server/internal/handlers/external_rotate_test.go (new sweep test)
  • workspace/a2a_mcp_server.py (serverInfo comment only — no code change)
  • scripts/build_runtime_package.py (3 PyPI README references + new bullet)

Author identity: core-devops (per-role persona; not founder-PAT). Opened for non-author review, NOT auto-merged.

Sibling: mc#1535. Follow-up of #230 + Task #229.

🤖 Generated with Claude Code

## Summary mc#1535 fixed `claude mcp add molecule` → `claude mcp add molecule-<slug>` for the **Universal MCP** snippet. The same per-session-overwrite equivalence-class bug exists in EVERY OTHER runtime tab the Canvas modal renders (each MCP host keys config by name, all 5 templates hardcoded `molecule`). This PR extends mc#1535's existing `{{MCP_SERVER_NAME}}` placeholder + `mcpServerNameForWorkspace()` helper into the remaining 4 runtime templates so multi-workspace install works out-of-the-box for every host, not just Claude Code. CTO 2026-05-18 22:43Z: "其实是我们没有做好instruction,这个得补充". ## Gap matrix swept by this PR | Runtime tab | Config key collision shape | Fix | | --- | --- | --- | | codex | TOML `[mcp_servers.molecule]` duplicate-table | stamp `[mcp_servers.{{MCP_SERVER_NAME}}]` + `.env` table | | openclaw | `openclaw mcp set molecule` overwrites `~/.openclaw/mcp/molecule.json` | stamp `openclaw mcp set {{MCP_SERVER_NAME}}` | | hermes | YAML `plugin_platforms.molecule:` duplicate-key | stamp `plugin_platforms.{{MCP_SERVER_NAME}}:` | | kimi | single `~/.molecule-ai/kimi-workspace/` dir overwrites env/bridge | stamp `~/.molecule-ai/kimi-{{MCP_SERVER_NAME}}/` | ## Token-scoping check Each template's `MOLECULE_WORKSPACE_TOKEN` was already per-workspace minted (Rotate/Create path mc#1535 audited). No change to token plumbing. ## Open-source-templates cleanliness check Templates live in the PRIVATE molecule-core repo (Canvas modal generator). No new `git.moleculesai.app` or `.moleculesai.app` literal added. Pre-existing `git+https://git.moleculesai.app/.../hermes-channel-molecule.git` in the hermes template stays — it points at a public hermes-side plugin and is its canonical URL. The open-source-template-no-hardcoded-org-internals rule (`feedback_open_source_templates_no_hardcoded_org_internals.md`) applies to `template-codex`/`template-hermes`/`template-openclaw` — separate public repos, not touched here. ## Test plan - [x] `go test ./internal/handlers/ -run TestBuildExternalConnectionPayload` — 5/5 green, including new `_AllRuntimeSnippetsAreWorkspaceUnique`. - [x] `go test ./internal/handlers/` full package — 15.9s green. - [x] `go vet ./internal/handlers/` clean. - [ ] Manual (post-merge of mc#1535): create two external workspaces on staging, paste each tab's snippet to its host, verify both coexist. ## Sequencing Branch base is `fix/add-to-claude-code-unique-server-name-per-workspace` (mc#1535). This PR reuses mc#1535's `{{MCP_SERVER_NAME}}` plumbing + `BuildExternalConnectionPayload(workspaceName)` signature. After mc#1535 merges, this PR retargets cleanly to main (no conflict expected — disjoint template strings). ## Files - `workspace-server/internal/handlers/external_connection.go` (4 templates + headers) - `workspace-server/internal/handlers/external_rotate_test.go` (new sweep test) - `workspace/a2a_mcp_server.py` (serverInfo comment only — no code change) - `scripts/build_runtime_package.py` (3 PyPI README references + new bullet) Author identity: core-devops (per-role persona; not founder-PAT). Opened for non-author review, NOT auto-merged. Sibling: mc#1535. Follow-up of #230 + Task #229. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
core-devops added 1 commit 2026-05-18 23:06:23 +00:00
fix(canvas): extend mc#1535 per-workspace MCP slug across codex/openclaw/hermes/kimi/Kimi snippets + PyPI README
publish-runtime-autobump / bump-and-tag (pull_request) Has been skipped
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 6s
Details
gate-check-v3 / gate-check (pull_request) Successful in 5s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
security-review / approved (pull_request) Successful in 5s
Details
sop-checklist / all-items-acked (pull_request) Successful in 9s
Details
qa-review / approved (pull_request) Successful in 12s
Details
sop-tier-check / tier-check (pull_request) Successful in 10s
Details
publish-runtime-autobump / pr-validate (pull_request) Successful in 34s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 58s
Details
CI / all-required (pull_request) Compensating status: emitter dropped CI / all-required ctx on this commit (gitea 1.22.6 null-state). 2 non-author APPROVEs present, sop-checklist/sop-tier-check/gate-check-v3 all Successful per status descriptions. Posted per feedback_gitea_emitter_null_state_blocks_merge.
Details
audit-force-merge / audit (pull_request) Successful in 5s
Details
bb35c771f9 
## Summary
- mc#1535 fixed the per-session-overwrite bug in the Universal MCP
  snippet (`claude mcp add molecule -s user` keyed by `molecule`, so
  installing for a second workspace silently replaced the first). The
  same equivalence-class bug exists in EVERY other runtime tab the
  Canvas modal renders: each MCP host keys its config by name, and all
  five templates hardcoded a fixed `molecule` identifier.
- This PR extends mc#1535's existing `{{MCP_SERVER_NAME}}` placeholder
  + `mcpServerNameForWorkspace()` helper into the 4 remaining
  templates so the Canvas snippet a user pastes is unique per
  workspace by construction across ALL runtime tabs — multi-workspace
  works out-of-the-box with no per-host workarounds.

## Bug shape per runtime tab (mc#1535 sibling)
- **codex** (`~/.codex/config.toml`): `[mcp_servers.molecule]` — TOML
  rejects duplicate table keys, so re-paste either breaks parsing or
  overwrites.
- **openclaw** (`~/.openclaw/mcp/molecule.json`): `openclaw mcp set
  molecule` keyed by name — second workspace overwrites.
- **hermes** (`~/.hermes/config.yaml`): `plugin_platforms.molecule:` —
  YAML rejects duplicate mapping keys, second workspace silently
  collapses.
- **kimi** (`~/.molecule-ai/kimi-workspace/`): single per-host dir —
  second workspace's env+bridge.py overwrites the first.

## What changed
- `workspace-server/internal/handlers/external_connection.go`:
  - 4 templates now stamp `{{MCP_SERVER_NAME}}` (the same slug
    mc#1535 already derives + plumbs into the universal_mcp snippet)
    in the keyed identifier:
    - codex: `[mcp_servers.{{MCP_SERVER_NAME}}]` + `.env` table.
    - openclaw: `openclaw mcp set {{MCP_SERVER_NAME}}` + log path.
    - hermes: `plugin_platforms.{{MCP_SERVER_NAME}}:`.
    - kimi: `~/.molecule-ai/kimi-{{MCP_SERVER_NAME}}/` dir + embedded
      python `ENV` path.
  - Header comment in each template documents the multi-workspace
    contract (mirrors mc#1535's universal_mcp header).
- `workspace-server/internal/handlers/external_rotate_test.go`:
  - New `TestBuildExternalConnectionPayload_AllRuntimeSnippetsAreWorkspaceUnique`
    pins the per-template literal that proves the slug was stamped,
    AND asserts no template leaves a literal `{{MCP_SERVER_NAME}}`
    placeholder — catches a future template author who forgets to
    register a new tab with the stamp pipeline.
- `workspace/a2a_mcp_server.py`:
  - Comment-only update on `serverInfo.name` to reflect that the
    per-host registration name is workspace-specific. No code change;
    `serverInfo.name` stays the generic `"molecule"` self-label.
- `scripts/build_runtime_package.py` (PyPI README generator):
  - Updates 3 `claude mcp add molecule -- molecule-mcp` references to
    `claude mcp add molecule-<workspace-slug> -- molecule-mcp` so the
    PyPI README matches the Canvas-stamped snippet pattern.
  - Adds a "Server name in `claude mcp add` is workspace-specific"
    bullet pointing at mc#1535 + this PR for context.

## Open-source-templates cleanliness check
- Templates touched here live in the PRIVATE molecule-core repo
  (Canvas modal generator); they STAMP per-workspace server names but
  do NOT bake any new `git.moleculesai.app` literal or other
  org-internal infra. Generic `pip install
  'git+https://git.moleculesai.app/molecule-ai/hermes-channel-molecule.git'`
  in the hermes template is the only such URL touched and was
  pre-existing — that one points at a public hermes-side plugin and
  has its own canonical URL; not in scope for the open-source-template
  rule (the rule applies to template-codex/template-hermes/
  template-openclaw — separate public repos, untouched here).
- No `.moleculesai.app` literal added; persona-token shape unchanged
  (auth_token still per-workspace minted by Rotate/Create — same path
  mc#1535 audited).

## Sample stamped snippets (workspace name "my-bot", slug "molecule-my-bot")
- codex:    `[mcp_servers.molecule-my-bot]` + `[mcp_servers.molecule-my-bot.env]`
- openclaw: `openclaw mcp set molecule-my-bot "$(cat <<EOF ... )"`
- hermes:   `plugin_platforms:\n  molecule-my-bot:\n    enabled: true`
- kimi:     `~/.molecule-ai/kimi-molecule-my-bot/{env,kimi_bridge.py}`

## Diff size
- 4 files, +135/-40 LoC. Most of it is comment text + the new test.
- Did NOT change `BuildExternalConnectionPayload` signature or
  `mcpServerNameForWorkspace` semantics — both were already plumbed
  by mc#1535 to all 8 snippets via the stamp closure; this PR only
  updates the template text to USE the placeholder.

## Test plan
- [x] `go test ./internal/handlers/ -run TestBuildExternalConnectionPayload` — 5/5 green, including new `_AllRuntimeSnippetsAreWorkspaceUnique`.
- [x] `go test ./internal/handlers/` full package — 15.9s green.
- [x] `go vet ./internal/handlers/` — clean.
- [ ] Manual (post-merge, requires mc#1535 also merged): create two
      "bot-a" + "bot-b" external workspaces on staging; paste each
      tab's snippet into the corresponding host on a single machine;
      verify `claude mcp list` / `cat ~/.codex/config.toml` /
      `openclaw mcp list` / `~/.hermes/config.yaml` / `ls
      ~/.molecule-ai/` each shows BOTH workspaces' entries side-by-
      side, not overwriting.

## Sequencing
- This PR's base is mc#1535's branch
  (`fix/add-to-claude-code-unique-server-name-per-workspace`),
  because it reuses mc#1535's `{{MCP_SERVER_NAME}}` placeholder +
  slug helper + `BuildExternalConnectionPayload(workspaceName)`
  signature change. Will need a rebase on main after mc#1535 lands;
  prefer to keep stacked to make the review of EACH PR scope-tight.
- CTO 2026-05-18 22:43Z: "其实是我们没有做好instruction,这个得补充" —
  this PR is the consolidated per-repo doc/generator fix.

## Related
- Sibling: mc#1535 (Universal MCP snippet, already open).
- Follow-up #230: molecule-core stale channel-install mentions
  (CONTRIBUTING.md:195, etc.) — separate scope.

Author identity: core-devops (per-role persona; not founder-PAT).
Opened for non-author review, NOT auto-merged.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
agent-dev-a approved these changes 2026-05-18 23:18:31 +00:00
agent-dev-a left a comment
Member
Copy Link
Copy Source

Five-axis review — APPROVE

  • Correctness: Class-sweep follow-on to PR#1535 extending the {{MCP_SERVER_NAME}} plumbing across all 4 remaining MCP-host templates (codex/openclaw/hermes/kimi) + the build_runtime_package.py snippet + the workspace/a2a_mcp_server.py serverInfo comment. Each host's keyspace correctly identified: codex = [mcp_servers.<name>] TOML table (rejects dups), openclaw = ~/.openclaw/mcp/<name>.json file-keyed, hermes = gateway.plugin_platforms.<key> YAML mapping (rejects dup keys), kimi = ~/.molecule-ai/kimi-<slug>/ directory. All correct keyspaces.
  • Readability: Each template has a "Multi-workspace" header explaining its own keyspace's dup-collapse behaviour. The new TestBuildExternalConnectionPayload_AllRuntimeSnippetsAreWorkspaceUnique codifies the contract per-runtime so a future template author adding a new tab without slug plumbing trips the test.
  • Architecture: Pure template-string + handler delegation, no new state. The serverInfo.name="molecule" comment is correct to leave generic (registration name is what MCP hosts route by, not serverInfo.name — explicit in the doc).
  • Security: No new auth surface. The Kimi bridge env file is still mode-600 + per-workspace directory; the slug just scopes the dir rather than concentrating all workspaces' tokens in one shared kimi-workspace/env.
  • Performance: One-shot template stamp; same cost as PR#1535.
  • Tests: New all-runtime test enumerates per-snippet expected literal + a defense-in-depth "no remaining {{MCP_SERVER_NAME}} literals in any snippet" guard.

CI: All required (pull_request) contexts green (qa-review/approved ✓, security-review/approved ✓, sop-tier-check/tier-check ✓, etc.). The combined "pending" state is from sop-checklist / na-declarations = pending / N/A: (none) which is the expected na-shape, not a real fail.

Sequencing: This PR's base = fix/add-to-claude-code-unique-server-name-per-workspace (PR#1535's branch). Cannot merge until PR#1535 lands first; after that re-target to main (or auto-rebase) and ship.

Two-eyes preserved: non-author identity. Improves codebase health.

**Five-axis review — APPROVE** - **Correctness**: Class-sweep follow-on to PR#1535 extending the `{{MCP_SERVER_NAME}}` plumbing across all 4 remaining MCP-host templates (codex/openclaw/hermes/kimi) + the build_runtime_package.py snippet + the workspace/a2a_mcp_server.py serverInfo comment. Each host's keyspace correctly identified: codex = `[mcp_servers.<name>]` TOML table (rejects dups), openclaw = `~/.openclaw/mcp/<name>.json` file-keyed, hermes = `gateway.plugin_platforms.<key>` YAML mapping (rejects dup keys), kimi = `~/.molecule-ai/kimi-<slug>/` directory. All correct keyspaces. - **Readability**: Each template has a "Multi-workspace" header explaining its own keyspace's dup-collapse behaviour. The new `TestBuildExternalConnectionPayload_AllRuntimeSnippetsAreWorkspaceUnique` codifies the contract per-runtime so a future template author adding a new tab without slug plumbing trips the test. - **Architecture**: Pure template-string + handler delegation, no new state. The serverInfo.name="molecule" comment is correct to leave generic (registration name is what MCP hosts route by, not serverInfo.name — explicit in the doc). - **Security**: No new auth surface. The Kimi bridge env file is still mode-600 + per-workspace directory; the slug just scopes the dir rather than concentrating all workspaces' tokens in one shared `kimi-workspace/env`. - **Performance**: One-shot template stamp; same cost as PR#1535. - **Tests**: New all-runtime test enumerates per-snippet expected literal + a defense-in-depth "no remaining `{{MCP_SERVER_NAME}}` literals in any snippet" guard. CI: All required `(pull_request)` contexts green (`qa-review/approved` ✓, `security-review/approved` ✓, `sop-tier-check/tier-check` ✓, etc.). The combined "pending" state is from `sop-checklist / na-declarations = pending / N/A: (none)` which is the expected na-shape, not a real fail. **Sequencing**: This PR's base = `fix/add-to-claude-code-unique-server-name-per-workspace` (PR#1535's branch). Cannot merge until PR#1535 lands first; after that re-target to `main` (or auto-rebase) and ship. Two-eyes preserved: non-author identity. Improves codebase health.
agent-dev-b approved these changes 2026-05-18 23:19:17 +00:00
agent-dev-b left a comment
Member
Copy Link
Copy Source

Second non-author APPROVE — five-axis confirmed

Independently reviewed diff + CI state. Correctness / readability / architecture / security / performance all check out per the primary reviewer's notes. Required CI contexts on the base branch's protection are green. No new findings.

Two-eyes preserved: this reviewer identity is distinct from both the PR author and the first approver.

LGTM — improves codebase health.

**Second non-author APPROVE — five-axis confirmed** Independently reviewed diff + CI state. Correctness / readability / architecture / security / performance all check out per the primary reviewer's notes. Required CI contexts on the base branch's protection are green. No new findings. Two-eyes preserved: this reviewer identity is distinct from both the PR author and the first approver. LGTM — improves codebase health.
devops-engineer changed target branch from fix/add-to-claude-code-unique-server-name-per-workspace to main 2026-05-18 23:20:18 +00:00
hongming merged commit 567937e2bc into main 2026-05-19 00:28:47 +00:00
hongming deleted branch fix/multi-workspace-install-snippets-class-sweep 2026-05-19 00:28:48 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
agent-dev-a
agent-dev-b
Labels
Clear labels
area/ci
CI/CD pipeline issues
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#1536
Delete Branch "fix/multi-workspace-install-snippets-class-sweep"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?