RFC: generic plugin proxy socket (two-tier registry); image gen = first consumer #3105

2026-06-21T02:27:59Z

core-devops commented

2026-06-21 02:27:59 +00:00

Draft RFC (rev 2) for your review.

Re-scoped per your direction: image gen is uncapped, consumes platform credits via the existing platform proxy (which already does platform-managed billing); the plugin is a thin adaptor to the proxy. No per-plugin caps, key-injection, or attribution — the proxy/billing owns all of it.

Real work = extend the proxy with image routes + vendor handlers (OpenAI GPT Image 2, Gemini Nano Banana) + image SKUs in the price catalog + credit-debit. The plugin is trivial.

Cost-leak guard is now intrinsic: billed via finite credits, and any unpriced image model is rejected at the proxy (never the fail-open $0 that hid the opus leak).

5 open questions in §7 need your calls (proxy image extension point; Vertex vs Gemini-Developer-API; image pricing source; BYOK in v1 or defer; output form).

Won't build until approved. Repo name confirmed: molecule-ai-plugin-image-gen.

🤖 Generated with Claude Code

Draft RFC (rev 2) for your review. **Re-scoped per your direction:** image gen is **uncapped**, consumes **platform credits** via the **existing platform proxy** (which already does platform-managed billing); the **plugin is a thin adaptor** to the proxy. No per-plugin caps, key-injection, or attribution — the proxy/billing owns all of it. **Real work = extend the proxy** with image routes + vendor handlers (OpenAI GPT Image 2, Gemini Nano Banana) + image SKUs in the price catalog + credit-debit. The plugin is trivial. **Cost-leak guard** is now intrinsic: billed via finite credits, and any **unpriced image model is rejected** at the proxy (never the fail-open $0 that hid the opus leak). **5 open questions** in §7 need your calls (proxy image extension point; Vertex vs Gemini-Developer-API; image pricing source; BYOK in v1 or defer; output form). Won't build until approved. Repo name confirmed: molecule-ai-plugin-image-gen. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

core-devops added 1 commit 2026-06-21 02:27:59 +00:00

docs(rfc): platform-metered image generation (entitlement, key injection, cap, attribution)

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 6s

Details

CI / Python Lint & Test (pull_request) Successful in 6s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 9s

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 7s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 7s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s

Details

qa-review / approved (pull_request_target) Failing after 10s

Details

sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 7s

Details

reserved-path-review / reserved-path-review (pull_request_target) Failing after 10s

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 11s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 18s

Details

CI / Detect changes (pull_request) Successful in 20s

Details

gate-check-v3 / gate-check (pull_request_target) Successful in 15s

Details

security-review / approved (pull_request_target) Failing after 15s

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 18s

Details

E2E Chat / detect-changes (pull_request) Successful in 22s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 22s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 19s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s

Details

CI / Canvas (Next.js) (pull_request) Successful in 3s

Details

CI / Platform (Go) (pull_request) Successful in 4s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 21s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s

Details

E2E Chat / E2E Chat (pull_request) Successful in 4s

Details

CI / Canvas Deploy Status (pull_request) Successful in 1s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s

Details

CI / all-required (pull_request) Successful in 3s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 37s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 36s

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Waiting to run

Details

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Waiting to run

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Waiting to run

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Waiting to run

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Waiting to run

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Waiting to run

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Waiting to run

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Waiting to run

Details

bc1d530f71

Draft RFC for CTO review — the billing-sensitive half of molecule-ai-plugin-image-gen.
Applies the post-opus-cost-leak guardrails (attribution + fail-closed cap + priced models)
to a default-platform-metered, BYOK-override image-gen plugin (OpenAI GPT Image 2 + Gemini Nano Banana).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops changed title from ~~RFC: platform-metered image generation (entitlement, key injection, cap, attribution)~~ to RFC: image generation via the platform proxy (credits-billed, no caps; plugin = thin adaptor)

2026-06-21 02:34:18 +00:00

core-devops added 1 commit 2026-06-21 02:34:18 +00:00

docs(rfc): rev 2 — re-scope image gen to proxy-fronted + credits-billed, no caps, thin-adaptor plugin

CI / Python Lint & Test (pull_request) Successful in 6s

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 9s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 5s

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 8s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 13s

Details

CI / Detect changes (pull_request) Successful in 15s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 12s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 8s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 17s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

E2E Chat / detect-changes (pull_request) Successful in 17s

Details

qa-review / approved (pull_request_target) Failing after 9s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 16s

Details

CI / Canvas (Next.js) (pull_request) Successful in 2s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s

Details

sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2

Details

CI / Platform (Go) (pull_request) Successful in 4s

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s

Details

reserved-path-review / reserved-path-review (pull_request_target) Failing after 10s

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 10s

Details

CI / Canvas Deploy Status (pull_request) Successful in 1s

Details

security-review / approved (pull_request_target) Failing after 11s

Details

E2E Chat / E2E Chat (pull_request) Successful in 4s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 4s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 15s

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 17s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 18s

Details

CI / all-required (pull_request) Successful in 4s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 3s

Details

gate-check-v3 / gate-check (pull_request_target) Failing after 16s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 40s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 2m8s

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been cancelled

Details

1683a4131f

Per CTO: image gen is uncapped, consumes platform credits via the existing platform proxy/billing;
the plugin is just an adaptor to the proxy. Drops per-plugin caps/key-injection/attribution.
Cost-leak guard moves to the proxy price-catalog (unpriced image model = rejected, no fail-open).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops added 1 commit 2026-06-21 02:50:01 +00:00

docs(rfc): rev 3 — fold in CTO answers (price x1.5, defer BYOK, return-URL output) + proxy/Vertex findings

CI / Python Lint & Test (pull_request) Successful in 6s

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 8s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 7s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 8s

Details

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 15s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 14s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 19s

Details

reserved-path-review / reserved-path-review (pull_request_target) Failing after 10s

Details

security-review / approved (pull_request_target) Failing after 8s

Details

qa-review / approved (pull_request_target) Failing after 11s

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 15s

Details

E2E Chat / detect-changes (pull_request) Successful in 19s

Details

sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

CI / Detect changes (pull_request) Successful in 24s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 21s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s

Details

gate-check-v3 / gate-check (pull_request_target) Successful in 15s

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 11s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s

Details

E2E Chat / E2E Chat (pull_request) Successful in 4s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 20s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 19s

Details

CI / Platform (Go) (pull_request) Successful in 3s

Details

CI / Canvas (Next.js) (pull_request) Successful in 3s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s

Details

CI / Canvas Deploy Status (pull_request) Successful in 2s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 3s

Details

CI / all-required (pull_request) Successful in 4s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 33s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 2m6s

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Has been cancelled

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been cancelled

Details

2ba7da3155

Q1: proxy is per-wire-format (add ProxyImages like /v1/responses) + image billing is count/size not tokens + needs image storage->URL.
Q2: Vertex NOT available (SA 404 on aiplatform; AI-Studio project) -> recommend Gemini Developer API key.
Q5: tool returns a download URL; agent places it; no forced /workspace write.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops added 1 commit 2026-06-21 03:24:07 +00:00

RFC image-gen: Q2 resolved + verified live (Vertex gemini-2.5-flash-image 200, 1290 tok/image); per-vendor billing-unit note

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been skipped

Details

CI / Python Lint & Test (pull_request) Successful in 5s

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 8s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 5s

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 8s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 13s

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 14s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 13s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 10s

Details

qa-review / approved (pull_request_target) Failing after 10s

Details

security-review / approved (pull_request_target) Failing after 9s

Details

sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 18s

Details

CI / Detect changes (pull_request) Successful in 19s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 19s

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 16s

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 10s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 17s

Details

gate-check-v3 / gate-check (pull_request_target) Successful in 16s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 17s

Details

CI / Canvas (Next.js) (pull_request) Successful in 2s

Details

CI / Platform (Go) (pull_request) Successful in 3s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Successful in 23s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 4s

Details

CI / Canvas Deploy Status (pull_request) Successful in 1s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s

Details

reserved-path-review / reserved-path-review (pull_request_target) Failing after 19s

Details

E2E Chat / detect-changes (pull_request) Successful in 29s

Details

CI / all-required (pull_request) Successful in 6s

Details

E2E Chat / E2E Chat (pull_request) Successful in 5s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 39s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 2m19s

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Failing after 17m9s

Details

9463f074f8

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops added 1 commit 2026-06-21 03:55:20 +00:00

RFC image-gen: Q2 FINAL — reuse existing molecule-vertex keyless WIF (retire molecules-ai-proxy SA-key detour); reflects CP #880

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been skipped

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s

Details

CI / Python Lint & Test (pull_request) Successful in 7s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 7s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 9s

Details

E2E Chat / detect-changes (pull_request) Successful in 15s

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 14s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 13s

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Successful in 13s

Details

sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 18s

Details

security-review / approved (pull_request_target) Failing after 9s

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 9s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 1s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 19s

Details

E2E Chat / E2E Chat (pull_request) Successful in 4s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 15s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 19s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 22s

Details

qa-review / approved (pull_request_target) Failing after 18s

Details

reserved-path-review / reserved-path-review (pull_request_target) Failing after 18s

Details

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 28s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

gate-check-v3 / gate-check (pull_request_target) Failing after 25s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s

Details

CI / Detect changes (pull_request) Successful in 38s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 3s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 37s

Details

CI / Canvas (Next.js) (pull_request) Successful in 3s

Details

CI / Platform (Go) (pull_request) Successful in 4s

Details

CI / Canvas Deploy Status (pull_request) Successful in 1s

Details

CI / all-required (pull_request) Successful in 3s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 34s

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Failing after 16m0s

Details

9accd8d5aa

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops changed title from ~~RFC: image generation via the platform proxy (credits-billed, no caps; plugin = thin adaptor)~~ to RFC: generic plugin proxy socket (two-tier registry); image gen = first consumer

2026-06-21 04:16:35 +00:00

core-devops added 1 commit 2026-06-21 04:16:37 +00:00

RFC rev4: re-scope to a GENERIC two-tier plugin proxy socket (capabilities = data); image gen = first Tier-A consumer; supersedes bespoke ProxyImages

E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been skipped

Details

CI / Python Lint & Test (pull_request) Successful in 7s

Details

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 10s

Details

E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 13s

Details

Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 9s

Details

Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 9s

Details

sop-checklist / review-refire (pull_request_target) Has been skipped

Details

E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 14s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 14s

Details

CI / Detect changes (pull_request) Successful in 20s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 10s

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Successful in 14s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 18s

Details

sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 24s

Details

E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 7s

Details

sop-checklist / na-declarations (pull_request) N/A: (none)

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s

Details

CI / Platform (Go) (pull_request) Successful in 4s

Details

PR Diff Guard / PR diff guard (pull_request) Successful in 18s

Details

sop-checklist / all-items-acked (pull_request_target) Successful in 10s

Details

CI / Canvas (Next.js) (pull_request) Successful in 3s

Details

reserved-path-review / reserved-path-review (pull_request_target) Failing after 13s

Details

template-delivery-e2e / detect-changes (pull_request) Successful in 16s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s

Details

E2E Chat / detect-changes (pull_request) Successful in 27s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s

Details

CI / Canvas Deploy Status (pull_request) Successful in 1s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 4s

Details

template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s

Details

lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 26s

Details

gate-check-v3 / gate-check (pull_request_target) Failing after 17s

Details

E2E Chat / E2E Chat (pull_request) Successful in 4s

Details

CI / all-required (pull_request) Successful in 4s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 37s

Details

Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 36s

Details

E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Failing after 16m46s

Details

qa-review / approved (pull_request_target) Approved via pull_request_review trigger

security-review / approved (pull_request_target) Approved via pull_request_review trigger

qa-review / approved (pull_request_review) Successful in 9s

Details

reserved-path-review / reserved-path-review (pull_request_review) Successful in 10s

Details

security-review / approved (pull_request_review) Successful in 10s

Details

audit-force-merge / audit (pull_request_target) Successful in 10s

Details

3c83d5da7c

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

molecule-code-reviewer approved these changes 2026-06-21 05:10:50 +00:00

molecule-code-reviewer left a comment

Design doc review. Generic two-tier socket is sound: capabilities=data, credential boundary stays server-side, anti-leak (fail-closed price gate + load-time fallback invariant) carried into the impl (CP #880, merged). LGTM.

core-security approved these changes 2026-06-21 05:10:51 +00:00

core-security left a comment

Security review of the design. Two-tier split correctly keeps platform-metered curated (no key-exfil/billing-bypass/SSRF) and BYOK isolated. Trust model (org-scoped box cred, keys in CP) is correct. LGTM.

core-devops merged commit 917e053310 into main

2026-06-21 05:10:53 +00:00

core-devops referenced this pull request

2026-06-21 05:56:09 +00:00

install_plugin: gitea:// source on a PRIVATE repo hangs → 502 (no fast-fail; never reconciles) #3108

core-devops referenced this issue from a commit

2026-06-21 13:04:04 +00:00

fix(csp): allow generated-image R2 host in img-src so image-gen results render

core-devops referenced this pull request

2026-06-21 13:04:24 +00:00

fix(csp): allow generated-image R2 host in img-src so image-gen results render #3128

Sign in to join this conversation.