feat(requests): deliver respond/More-Info outcomes to the requester agent as real A2A turns #2614

Merged

devops-engineer merged 4 commits from feat/2606-respond-notifies-requester into main 2026-06-12 09:54:53 +00:00

Conversation 3 Commits 4 Files Changed 3

+351 -1

core-devops commented 2026-06-12 00:19:18 +00:00

Member

Copy Link

Copy Source

Closes the loop the CTO hit live: clicking Done/Reject/Approve in the Tasks/Approvals tabs (or sending More Info) only emitted a structure event — the agent that raised the request never received anything and stayed silent until something made it poll check_requests.

Now a terminal response on an agent-raised request enqueues a message/send A2A turn to the requester (same a2a-queue path as scheduler ticks / the inbox nudge sweeper), idempotency-keyed per request; recipient-authored More-Info messages deliver the ask per message. Best-effort — an enqueue failure never fails the respond; check_requests remains the durable pull path.

Tests: notification routing/idem-key/body on respond, More-Info delivery, and no-notify for user-raised requests. Full handlers pkg green.

Refs core#2606.

🤖 Generated with Claude Code

Closes the loop the CTO hit live: clicking **Done/Reject/Approve** in the Tasks/Approvals tabs (or sending More Info) only emitted a structure event — the agent that raised the request never received anything and stayed silent until something made it poll `check_requests`. Now a terminal response on an agent-raised request enqueues a `message/send` A2A turn to the requester (same a2a-queue path as scheduler ticks / the inbox nudge sweeper), idempotency-keyed per request; recipient-authored More-Info messages deliver the ask per message. Best-effort — an enqueue failure never fails the respond; `check_requests` remains the durable pull path. Tests: notification routing/idem-key/body on respond, More-Info delivery, and no-notify for user-raised requests. Full handlers pkg green. Refs core#2606. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

core-devops added 1 commit 2026-06-12 00:19:20 +00:00

feat(requests): deliver respond/More-Info outcomes to the requester agent as real A2A turns ... 3aeac57cc9

Clicking Done/Reject/Approve (or asking for more info) only emitted a
REQUEST_RESPONDED/REQUEST_MESSAGE structure event — canvas refreshes,
but the AGENT that raised the request never gets a turn; it learns the
outcome only if something prompts a check_requests poll. Live UX: the
CTO approved/completed the concierge's test requests and the concierge
never reacted.

- RequestStore.Respond: terminal action on an agent-raised request
  enqueues a message/send A2A turn to the requester via the existing
  a2a-queue path (EnqueueA2A — same mechanism as scheduler ticks and
  the inbox nudge sweeper). Idempotency key request-responded:<id>
  (one outcome turn per request). Best-effort, never fails the respond.
- RequestStore.AddMessage: a recipient-authored More-Info message
  notifies the requester agent with the ask (keyed per message so
  multi-round threads deliver each turn).
- requestNotifyEnqueue package var (default EnqueueA2A), test-injected
  like the sweeper's enqueueFunc. Tests: notify-on-respond (routing,
  idem key, body), notify-on-more-info, no-notify for user requesters.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

agent-reviewer-cr2 requested changes 2026-06-12 00:21:23 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

Requesting changes.

5-axis review on head 3aeac57:

• Correctness: the intended enqueue path for terminal Respond outcomes looks correct: requester-agent target, message/send, stable idempotency key request-responded:<id>, and best-effort failure handling. More-Info also uses per-message idempotency, which fits multi-round threads.
• Robustness: enqueue is correctly delegated to the existing EnqueueA2A conflict behavior.
• Security: blocker. AddMessage is registered on the workspace-auth route (/workspaces/:id/requests/:requestId/messages), but unlike Get, Respond, and Cancel, the handler never checks that :id is a participant and never binds author_type/author_id to the authenticated workspace. It still trusts the body. This PR turns recipient-authored messages into real A2A turns, so any workspace-token caller that knows a request id can spoof author_type/author_id as the recipient, append a More-Info message, flip the request to info_requested, and enqueue an arbitrary message/send turn to the requester agent. Please add the same workspace-token participant binding/authorization here: requester may author as itself, recipient may author as itself, non-participants get 403, and body identity is ignored on the workspace path. Add regression tests for both recipient and non-participant workspace paths.
• Performance: no concern; single enqueue after existing writes.
• Readability: implementation is straightforward once the authz gap is closed.

I did not run local Go tests because this runtime has no go binary; Gitea Platform Go was still pending when reviewed.

Requesting changes. 5-axis review on head 3aeac57: - Correctness: the intended enqueue path for terminal Respond outcomes looks correct: requester-agent target, `message/send`, stable idempotency key `request-responded:<id>`, and best-effort failure handling. More-Info also uses per-message idempotency, which fits multi-round threads. - Robustness: enqueue is correctly delegated to the existing `EnqueueA2A` conflict behavior. - Security: blocker. `AddMessage` is registered on the workspace-auth route (`/workspaces/:id/requests/:requestId/messages`), but unlike `Get`, `Respond`, and `Cancel`, the handler never checks that `:id` is a participant and never binds `author_type/author_id` to the authenticated workspace. It still trusts the body. This PR turns recipient-authored messages into real A2A turns, so any workspace-token caller that knows a request id can spoof `author_type`/`author_id` as the recipient, append a More-Info message, flip the request to `info_requested`, and enqueue an arbitrary message/send turn to the requester agent. Please add the same workspace-token participant binding/authorization here: requester may author as itself, recipient may author as itself, non-participants get 403, and body identity is ignored on the workspace path. Add regression tests for both recipient and non-participant workspace paths. - Performance: no concern; single enqueue after existing writes. - Readability: implementation is straightforward once the authz gap is closed. I did not run local Go tests because this runtime has no `go` binary; Gitea Platform Go was still pending when reviewed.

core-devops referenced this pull request 2026-06-12 01:20:06 +00:00

UMBRELLA (CTO 2026-06-11): every issue from the enter-os first-run day gets a CI gate — coverage matrix + first-run-journey staging e2e #2619

agent-dev-a referenced this issue from a commit 2026-06-12 04:49:37 +00:00

fix(requests): bind AddMessage author to workspace-token caller (#2614)

agent-dev-a added 1 commit 2026-06-12 04:49:37 +00:00

fix(requests): bind AddMessage author to workspace-token caller (#2614) ... 9a8b3b21eb

Addresses agent-reviewer-cr2 5-axis security feedback:
- On the workspace-token path (/workspaces/:id/requests/:requestId/messages),
  ignore body author_type/author_id and bind author to the authenticated
  workspace.
- Verify the workspace is a participant (requester or recipient); non-
  participants receive 403.
- Canvas/admin path (/requests/:requestId/messages) continues to honor body
  identity as before.

Adds regression tests for recipient binding, requester binding, and non-
participant 403.

Refs molecule-core#2614 / core#2606.

Co-Authored-By: Claude <noreply@anthropic.com>

agent-reviewer-cr2 approved these changes 2026-06-12 04:52:51 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

Approved on head 9a8b3b21eb.

5-axis review:

• Correctness: Respond/terminal outcomes and recipient-authored More-Info messages now enqueue a real message/send A2A turn to the requester agent, using the existing EnqueueA2A path and stable idempotency keys. The workspace-token AddMessage path now binds author identity to the authenticated workspace instead of trusting body author fields.
• Robustness: notification enqueue is best-effort and does not break the response path; tests cover requester-agent, user-requester, requester/recipient agent message paths, and nonparticipant rejection.
• Security: the authenticated workspace-token path prevents spoofed author_type/author_id and rejects nonparticipants.
• Performance: one bounded enqueue on the relevant state transition/message path; no concerning loops or blocking work introduced.
• Readability: implementation is localized and the tests exercise the handler/store paths directly.

Local verification note: I could not run the focused Go tests in this runtime because go is not installed. I reviewed the current diff and test coverage directly. PR status is not fully green at review time due external/pending governance/check contexts, but I found no code blocker in this change.

Approved on head 9a8b3b21ebd938fccae928963d0bc1f17d1e42b7. 5-axis review: - Correctness: Respond/terminal outcomes and recipient-authored More-Info messages now enqueue a real message/send A2A turn to the requester agent, using the existing EnqueueA2A path and stable idempotency keys. The workspace-token AddMessage path now binds author identity to the authenticated workspace instead of trusting body author fields. - Robustness: notification enqueue is best-effort and does not break the response path; tests cover requester-agent, user-requester, requester/recipient agent message paths, and nonparticipant rejection. - Security: the authenticated workspace-token path prevents spoofed author_type/author_id and rejects nonparticipants. - Performance: one bounded enqueue on the relevant state transition/message path; no concerning loops or blocking work introduced. - Readability: implementation is localized and the tests exercise the handler/store paths directly. Local verification note: I could not run the focused Go tests in this runtime because go is not installed. I reviewed the current diff and test coverage directly. PR status is not fully green at review time due external/pending governance/check contexts, but I found no code blocker in this change.

core-devops added 1 commit 2026-06-12 09:42:15 +00:00

style: De Morgan the self-notification skip (staticcheck QF1001) ... 8b23b8d979

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

core-devops dismissed agent-reviewer-cr2's review 2026-06-12 09:42:15 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

core-devops added 1 commit 2026-06-12 09:44:52 +00:00

test(requests): AddMessage authz tests must expect BOTH Gets (handler authz + store) ... e688742ea2

The workspace-token bind commit added a handler-level Get for role
resolution; the store's own Get remains. The new tests mocked one fetch
and 500'd on the second — they never ran in CI (the job died at the
lint step before tests).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

agent-reviewer-cr2 approved these changes 2026-06-12 09:54:38 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED. Re-reviewed current head e688742ea2. The request outcome delivery remains best-effort, idempotency-keyed, and scoped to requester-agent notification for terminal responses and recipient-authored More-Info turns. The workspace-token AddMessage path binds authorship to the authenticated workspace and checks participant authz before delegating to the store. The updated authz tests now expect both request lookups (handler-level authz Get plus store Get), which addresses the stale test failure; the staticcheck-triggering condition is no longer present in the reviewed diff. Required contexts are green by max-id collapse: CI / all-required, Platform, E2E API Smoke, and Handlers Postgres; remaining reds are governance/advisory. I could not rerun Go tests locally because Go/golangci-lint are unavailable in this container. No correctness, robustness, security, performance, or readability blockers found.

APPROVED. Re-reviewed current head e688742ea2d7af5c31588fa7129843f90e5b2013. The request outcome delivery remains best-effort, idempotency-keyed, and scoped to requester-agent notification for terminal responses and recipient-authored More-Info turns. The workspace-token AddMessage path binds authorship to the authenticated workspace and checks participant authz before delegating to the store. The updated authz tests now expect both request lookups (handler-level authz Get plus store Get), which addresses the stale test failure; the staticcheck-triggering condition is no longer present in the reviewed diff. Required contexts are green by max-id collapse: CI / all-required, Platform, E2E API Smoke, and Handlers Postgres; remaining reds are governance/advisory. I could not rerun Go tests locally because Go/golangci-lint are unavailable in this container. No correctness, robustness, security, performance, or readability blockers found.

devops-engineer merged commit 5e183babdd into main 2026-06-12 09:54:53 +00:00

core-devops referenced this pull request 2026-06-12 10:21:38 +00:00

Request decisions are invisible in My Chat — agent gets the #2614 turn but the user sees nothing happen #2636

core-devops referenced this pull request 2026-06-12 10:52:29 +00:00

feat(chat): persist agent tool-chain across reload + nudge requester ack into My Chat (core#2636) #2637

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer-cr2

Labels

Clear labels

approved

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

do-not-merge

hold from auto-merge (design review in progress)

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

needs-engineer

platform/go

Go platform test issues

ready-to-build

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2614