molecule-ai/molecule-core
52
0
Fork 2
Code Issues 184 Pull Requests 14 Actions Packages Projects Releases Wiki Activity

fix(create): recover the atomic-byok-create commit dropped from #2617 (main lifecycle e2e is red) #2640

Merged
core-devops merged 1 commits from fix/2617-recover-atomic-byok-create into main 2026-06-12 11:26:07 +00:00
Conversation 1 Commits 1 Files Changed 4
+39 -7
core-devops commented 2026-06-12 11:21:41 +00:00
Member
Copy Link
Copy Source

Main is currently red on the required Local Provision Lifecycle E2E (stub) gate, blocking every open PR. Root cause: the merge queue landed #2617 at its FIRST commit only (the hard-fail gate), dropping the follow-up 1e782880 that made create atomic for byok — the exact same first-commit-only behavior that split #2603/#2605. With the hard-fail in but the atomic fix out, the lifecycle e2e's create(model=byok) with no payload key 422s as designed, and main went red.

This cherry-picks the dropped commit verbatim: the create-scope vendor-key guard derives billing from CREATE inputs (so a byok payload may carry its own key), the gate accepts a payload key without the global scan, the lifecycle e2e passes the dummy key in the create body, and the rollback test mock is updated. Clean cherry-pick, builds + create tests green, bash -n clean.

Unblocks main's required gate and every in-flight PR (incl. #2639).

Refs #2608, #2617.

🤖 Generated with Claude Code

**Main is currently red on the required Local Provision Lifecycle E2E (stub) gate**, blocking every open PR. Root cause: the merge queue landed #2617 at its FIRST commit only (the hard-fail gate), dropping the follow-up `1e782880` that made create atomic for byok — the exact same first-commit-only behavior that split #2603/#2605. With the hard-fail in but the atomic fix out, the lifecycle e2e's `create(model=byok)` with no payload key 422s as designed, and main went red. This cherry-picks the dropped commit verbatim: the create-scope vendor-key guard derives billing from CREATE inputs (so a byok payload may carry its own key), the gate accepts a payload key without the global scan, the lifecycle e2e passes the dummy key in the create body, and the rollback test mock is updated. Clean cherry-pick, builds + create tests green, `bash -n` clean. Unblocks main's required gate and every in-flight PR (incl. #2639). Refs #2608, #2617. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
core-devops added 1 commit 2026-06-12 11:21:41 +00:00
fix(create): atomic byok create — payload vendor key satisfies the gate AND the vendor-key guard
CI / Detect changes (pull_request) Successful in 6s
Details
Harness Replays / detect-changes (pull_request) Successful in 4s
Details
CI / Python Lint & Test (pull_request) Successful in 6s
Details
E2E Chat / detect-changes (pull_request) Successful in 6s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 8s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 7s
Details
gate-check-v3 / gate-check (pull_request_target) Successful in 5s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 7s
Details
Harness Replays / Harness Replays (pull_request) Successful in 1s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 8s
Details
E2E Chat / E2E Chat (pull_request) Successful in 3s
Details
CI / Canvas Deploy Status (pull_request) Successful in 1s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 8s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 18s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 1s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 21s
Details
reserved-path-review / reserved-path-review (pull_request_target) Successful in 17s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 39s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Successful in 47s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 5s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 45s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Failing after 18s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m1s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1m2s
Details
reserved-path-review / reserved-path-review (pull_request_review) Successful in 4s
Details
qa-review / approved (pull_request_target) Approved via pull_request_review trigger
security-review / approved (pull_request_target) Approved via pull_request_review trigger
qa-review / approved (pull_request_review) Successful in 10s
Details
security-review / approved (pull_request_review) Successful in 9s
Details
CI / Platform (Go) (pull_request) Successful in 2m13s
Details
CI / all-required (pull_request) Successful in 4s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m26s
Details
audit-force-merge / audit (pull_request_target) Successful in 4s
Details
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Waiting to run
Details
871a156ead 
The lifecycle e2e exposed the deadlock the hard-fail gate creates with
the OLD ordering: a byok model now REQUIRES a credential at create, but
the create-scope vendor-key guard rejected that credential because it
resolved billing from the not-yet-stored MODEL secret (always
platform_managed mid-create). Net: no way to express create(model=byok,
secrets={key}) in one call.

- Gate: a payload secret the derived arm accepts satisfies it outright
  (no global_secrets query — atomic creates stay DB-free).
- Guard: derive from CREATE inputs (runtime, payload.Model, payload
  keys); a non-platform derivation allows vendor keys in the same
  payload. Platform-resolving creates keep the full guard.
- lifecycle e2e: dummy key rides in the create body (the shape the
  script's own comment wished for); flip+write steps stay as the
  restart-path belt-and-suspenders.
- Rollback test: billing-mode query expectation dropped (the new guard
  derives without DB).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
agent-reviewer-cr2 approved these changes 2026-06-12 11:23:30 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

APPROVED on current head 871a156ead.

Fast SOP / 5-axis review for the red-main unblock:

  • Correctness: this restores the missing atomic BYOK-create behavior from the dropped #2617 follow-up. The create-boundary gate now accepts a matching payload key for the derived non-platform provider, the create-scope vendor-key guard derives from CREATE inputs (runtime, payload model, payload secret names) before persisted MODEL exists, and the lifecycle stub create request now sends the dummy key in the create body.
  • Robustness: the change preserves rollback semantics; the updated rollback test expects the vendor-key write to reach the failing insert path without the previous stored-state billing query. Global-secret fallback logic remains after the payload-key fast path.
  • Security: the vendor-key bypass is limited to create payloads that derive a non-platform/BYOK provider from create inputs; platform-resolving creates retain the existing direct LLM bypass guard.
  • Performance: no meaningful new cost; payload-key check is small and avoids DB work when the payload already satisfies the derived provider.
  • Readability/QA: small, localized, well-commented recovery patch.

Status note: the main-unblocking Local Provision Lifecycle E2E (stub) is green on this head, as are Handlers Postgres, Canvas, Shellcheck, secret scan, and lint-required-no-paths. E2E API still showed running during review; real-image Local Provision remains advisory red, and qa/security gates should clear from approval.

APPROVED on current head 871a156ead7d58c62f77e8d6e428bda8e2e55c9e. Fast SOP / 5-axis review for the red-main unblock: - Correctness: this restores the missing atomic BYOK-create behavior from the dropped #2617 follow-up. The create-boundary gate now accepts a matching payload key for the derived non-platform provider, the create-scope vendor-key guard derives from CREATE inputs (`runtime`, payload model, payload secret names) before persisted MODEL exists, and the lifecycle stub create request now sends the dummy key in the create body. - Robustness: the change preserves rollback semantics; the updated rollback test expects the vendor-key write to reach the failing insert path without the previous stored-state billing query. Global-secret fallback logic remains after the payload-key fast path. - Security: the vendor-key bypass is limited to create payloads that derive a non-platform/BYOK provider from create inputs; platform-resolving creates retain the existing direct LLM bypass guard. - Performance: no meaningful new cost; payload-key check is small and avoids DB work when the payload already satisfies the derived provider. - Readability/QA: small, localized, well-commented recovery patch. Status note: the main-unblocking `Local Provision Lifecycle E2E (stub)` is green on this head, as are Handlers Postgres, Canvas, Shellcheck, secret scan, and lint-required-no-paths. E2E API still showed running during review; real-image Local Provision remains advisory red, and qa/security gates should clear from approval.
core-devops merged commit f6c9bc1a69 into main 2026-06-12 11:26:07 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
agent-reviewer-cr2
Labels
Clear labels
approved
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 do-not-merge
hold from auto-merge (design review in progress)
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 needs-engineer
platform/go
Go platform test issues
 ready-to-build
release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2640
Delete Branch "fix/2617-recover-atomic-byok-create"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?