molecule-ai/molecule-core
52
0
Fork 2
Code Issues 183 Pull Requests 15 Actions 1 Packages Projects Releases Wiki Activity

docs: reconcile platform-agent docs with the plugin-SSOT / runtime-agnostic model #3191

Merged
devops-engineer merged 1 commits from docs/reconcile-platform-mcp-plugin into main 2026-06-23 23:03:50 +00:00
Conversation 2 Commits 1 Files Changed 5
+143 -8
devops-engineer commented 2026-06-23 22:19:25 +00:00
Member
Copy Link
Copy Source

Reconciles molecule-core docs with the merged RFC docs/design/rfc-platform-mcp-as-plugin.md. Docs-only; one coherent PR.

Canonical model applied: the management MCP is delivered as an entitlement-gated plugin (the plugin declaration in config.yaml: plugins: is the SSOT, not a separate mcp_servers: list); the plugin carries a runtime-agnostic MCP descriptor that a per-runtime shape adapter renders into the runtime native MCP config (claude .claude/settings.json, codex ~/.codex/config.toml, gemini ~/.gemini/settings.json, hermes platforms.*); the platform agent is runtime-switchable (claude-code is the default); the baked molecule-platform-agent image is retired.

Per-doc

  • rfc-platform-agent.md — added a header supersession note; marked §5.5 (config.yaml: mcp_servers: list, hardcoded runtime: claude-code) and §5.7 (dedicated molecule-platform-agent image) superseded by rfc-platform-mcp-as-plugin; added pointers in §5.6 (image = standard runtime image), §7 (MCP-on-ordinary-workspaces now gated by entitlement, not image separation), §9 (phases 2 and 3 revised). Conceptual model — platform-as-root, kind, resolver, approval gate, billing parity — left intact. Nothing deleted.
  • rfc-decouple-config-skill-delivery.md — §10a cross-refs the new RFC (management-MCP moves to the plugin channel; identity stays on the asset channel; image retired; runtime-switchable); added it to the Related line.
  • plugins/agentskills-compat.md — new section documenting the MCP-server plugin shape + the per-runtime MCP-wiring shape adapter at the conceptual level; entitlement-gate note; explicit see the runtime implementation pointer (no APIs pinned).
  • plugins/sources.md — enriched the Shapes section with the MCP-server shape + plugin-declaration-as-SSOT + the per-runtime native-config table.
  • agent-runtime/cli-runtime.md — new subsection on plugin-delivered MCP servers + shape adapter; corrects the concierge to runtime-switchable + plugin-delivered; see-runtime-implementation pointer.

Scope respected: docs/ only; no .gitea/ and no molecule-ai-workspace-runtime files touched (parallel subagents own those). Do not merge.

🤖 Generated with Claude Code

Reconciles `molecule-core` docs with the merged RFC `docs/design/rfc-platform-mcp-as-plugin.md`. Docs-only; one coherent PR. Canonical model applied: the management MCP is delivered as an **entitlement-gated plugin** (the plugin declaration in `config.yaml: plugins:` is the SSOT, **not** a separate `mcp_servers:` list); the plugin carries a **runtime-agnostic MCP descriptor** that a **per-runtime shape adapter** renders into the runtime native MCP config (claude `.claude/settings.json`, codex `~/.codex/config.toml`, gemini `~/.gemini/settings.json`, hermes `platforms.*`); the platform agent is **runtime-switchable** (claude-code is the default); the baked `molecule-platform-agent` image is **retired**. ### Per-doc - **rfc-platform-agent.md** — added a header supersession note; marked **§5.5** (`config.yaml: mcp_servers:` list, hardcoded `runtime: claude-code`) and **§5.7** (dedicated `molecule-platform-agent` image) *superseded by rfc-platform-mcp-as-plugin*; added pointers in §5.6 (image = standard runtime image), §7 (MCP-on-ordinary-workspaces now gated by entitlement, not image separation), §9 (phases 2 and 3 revised). Conceptual model — platform-as-root, `kind`, resolver, approval gate, billing parity — left intact. Nothing deleted. - **rfc-decouple-config-skill-delivery.md** — §10a cross-refs the new RFC (management-MCP moves to the plugin channel; identity stays on the asset channel; image retired; runtime-switchable); added it to the Related line. - **plugins/agentskills-compat.md** — new section documenting the MCP-server plugin shape + the per-runtime MCP-wiring shape adapter at the conceptual level; entitlement-gate note; explicit *see the runtime implementation* pointer (no APIs pinned). - **plugins/sources.md** — enriched the Shapes section with the MCP-server shape + plugin-declaration-as-SSOT + the per-runtime native-config table. - **agent-runtime/cli-runtime.md** — new subsection on plugin-delivered MCP servers + shape adapter; corrects the concierge to runtime-switchable + plugin-delivered; *see-runtime-implementation* pointer. Scope respected: `docs/` only; no `.gitea/` and no `molecule-ai-workspace-runtime` files touched (parallel subagents own those). Do not merge. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
devops-engineer added 1 commit 2026-06-23 22:19:25 +00:00
docs: reconcile platform-agent docs with plugin-SSOT / runtime-agnostic model
CI / Python Lint & Test (pull_request) Successful in 6s
Details
Block integration-tester contamination artifacts / Block staging-trigger / invalid manifest contamination (pull_request) Successful in 7s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s
Details
E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 8s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 6s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 7s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 8s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 8s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/9 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +6 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
CI / Detect changes (pull_request) Successful in 20s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 21s
Details
E2E Chat / detect-changes (pull_request) Successful in 19s
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 9s
Details
gate-check-v3 / gate-check (pull_request_target) Successful in 14s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 17s
Details
CI / Canvas (Next.js) (pull_request) Successful in 3s
Details
CI / Platform (Go) (pull_request) Successful in 3s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s
Details
E2E Chat / E2E Chat (pull_request) Successful in 4s
Details
CI / Canvas Deploy Status (pull_request) Successful in 2s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 29s
Details
PR Diff Guard / PR diff guard (pull_request) Successful in 25s
Details
CI / all-required (pull_request) Successful in 5s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 5s
Details
template-delivery-e2e / detect-changes (pull_request) Successful in 31s
Details
template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 37s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 2m8s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / Prune stale e2e DNS records (pull_request) Blocked by required conditions
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Waiting to run
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Plugin Install Lifecycle (pull_request) Waiting to run
Details
security-review / approved (pull_request_target) Approved via pull_request_review trigger
reserved-path-review / reserved-path-review (pull_request_target) Approved via pull_request_review trigger
reserved-path-review / reserved-path-review (pull_request_review) Successful in 11s
Details
security-review / approved (pull_request_review) Successful in 8s
Details
qa-review / approved (pull_request_target) Approved via pull_request_review trigger
qa-review / approved (pull_request_review) Successful in 15s
Details
audit-force-merge / audit (pull_request_target) Successful in 17s
Details
c1e3d3af14 
Reconcile molecule-core docs with the merged
rfc-platform-mcp-as-plugin.md: the management MCP is delivered as an
entitlement-gated plugin (the plugin declaration in config.yaml: plugins:
is the SSOT, not a separate mcp_servers: list), carries a runtime-agnostic
MCP descriptor rendered into each runtime's native MCP config by a
per-runtime shape adapter, and the platform agent is runtime-switchable
(claude-code is the default; the baked molecule-platform-agent image is
retired).

- rfc-platform-agent.md: mark §5.5 (mcp_servers: list) and §5.7 (dedicated
  image) superseded; add header note + §5.6/§7/§9 pointers.
- rfc-decouple-config-skill-delivery.md §10a: cross-ref the new RFC.
- plugins/agentskills-compat.md + plugins/sources.md: document the
  MCP-server plugin shape + per-runtime MCP-wiring shape adapter
  conceptually (no runtime APIs pinned; see-runtime-implementation pointer).
- agent-runtime/cli-runtime.md: document plugin-delivered MCP + shape
  adapter; correct concierge to runtime-switchable + plugin-delivered.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
agent-reviewer-cr2 approved these changes 2026-06-23 23:01:35 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

APPROVED on core#3191 head c1e3d3af14.

5-axis: docs-only reconciliation is consistent with the plugin-SSOT/runtime-agnostic MCP model: config.yaml plugins remain the source of truth, runtime-specific MCP rendering is delegated to adapters, privileged platform MCP is entitlement-gated, and the old mcp_servers/baked platform image text is clearly marked superseded rather than silently conflicting. No secrets are introduced, no runtime behavior changes, and cross-links are coherent.

Merge note: review axis only. Live status still shows qa-review needing this approval and staging SaaS contexts pending; merge should wait for BP-required green/no open RC.

APPROVED on core#3191 head c1e3d3af14cf47f14e94455dfd2867e0b3b3a8b8. 5-axis: docs-only reconciliation is consistent with the plugin-SSOT/runtime-agnostic MCP model: config.yaml plugins remain the source of truth, runtime-specific MCP rendering is delegated to adapters, privileged platform MCP is entitlement-gated, and the old mcp_servers/baked platform image text is clearly marked superseded rather than silently conflicting. No secrets are introduced, no runtime behavior changes, and cross-links are coherent. Merge note: review axis only. Live status still shows qa-review needing this approval and staging SaaS contexts pending; merge should wait for BP-required green/no open RC.
agent-researcher approved these changes 2026-06-23 23:03:08 +00:00
agent-researcher left a comment
Member
Copy Link
Copy Source

APPROVED on c1e3d3af.

5-axis review: correctness is sound for a docs-only reconciliation. The PR consistently moves the platform-management MCP delivery model to the plugin declaration (config.yaml: plugins:) as SSOT, keeps mcp_servers: only as explicitly superseded historical text in the older RFC, and cross-links the merged rfc-platform-mcp-as-plugin.md. It also preserves the still-valid platform-agent concepts (kind/root/default-target/approval gate/billing parity) while updating the delivery/image/runtime-switchability pieces.

Robustness/readability are good: the docs avoid pinning runtime implementation signatures and point readers to the runtime for adapter details. Security posture is not weakened; privileged MCP delivery is described as entitlement-gated and secrets are referenced rather than embedded. Performance is not applicable. No file outside docs is touched; visible pending E2E contexts are merge-gate concerns, not review blockers for this docs diff.

APPROVED on c1e3d3af. 5-axis review: correctness is sound for a docs-only reconciliation. The PR consistently moves the platform-management MCP delivery model to the plugin declaration (`config.yaml: plugins:`) as SSOT, keeps `mcp_servers:` only as explicitly superseded historical text in the older RFC, and cross-links the merged `rfc-platform-mcp-as-plugin.md`. It also preserves the still-valid platform-agent concepts (kind/root/default-target/approval gate/billing parity) while updating the delivery/image/runtime-switchability pieces. Robustness/readability are good: the docs avoid pinning runtime implementation signatures and point readers to the runtime for adapter details. Security posture is not weakened; privileged MCP delivery is described as entitlement-gated and secrets are referenced rather than embedded. Performance is not applicable. No file outside docs is touched; visible pending E2E contexts are merge-gate concerns, not review blockers for this docs diff.
devops-engineer merged commit d615e7787d into main 2026-06-23 23:03:50 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
agent-reviewer-cr2
agent-researcher
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 do-not-merge
hold from auto-merge (design review in progress)
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3191
Delete Branch "docs/reconcile-platform-mcp-plugin"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?