concierge: generalize runtime from hardcoded claude-code (P3b de-bake) #3248

Merged

devops-engineer merged 2 commits from fix/concierge-runtime-generalization into main 2026-06-25 00:31:31 +00:00

Conversation 8 Commits 2 Files Changed 5

+471 -208

hongming-ceo-delegated commented 2026-06-24 23:33:53 +00:00

Member

Copy Link

Copy Source

What

De-bake phase P3b: make the platform-agent (concierge) runtime a parameter instead of hardcoded claude-code, and flip the platform-managed default model to MiniMax (CTO decision). This unblocks codex / openclaw / hermes concierges.

Changes (workspace-server/internal/handlers/)

1. Runtime is a parameter. conciergeRuntime const → defaultConciergeRuntime (still "claude-code"). New per-runtime helpers conciergeModelForRuntime + conciergeTemplateForRuntime. ensureConciergeModel / ensureConciergeProvider take a runtime arg; applyConciergeProvisionConfig reads the row's runtime column and threads it (model validation now gates against the chosen runtime's registry, not claude-code's).

2. Default model → minimax/MiniMax-M2.7 (was moonshot/kimi-k2.6). MiniMax is cheaper and served via the proxy's Anthropic-compatible arm (providers.yaml minimax: base_url_anthropic https://api.minimax.io/anthropic/v1, auth_env MINIMAX_API_KEY). It is a registered platform model. No API key hardcoded — the credential is platform-proxy-side (Infisical /shared/minimax-token-plan). The model stays a parameter (conciergeModelForRuntime) so a per-runtime override is one line; the default for every runtime is this id.

   • The ensureConciergeProvider pin gate is now registry-derived (conciergeModelIsPlatformManaged → DeriveProvider().IsPlatform()), replacing the hardcoded moonshot/ string-prefix so the new minimax/ default (and any registered platform model on any runtime) is recognized. Empty-model and BYOK-model behaviors preserved.

3. installPlatformAgent runtime parameter + per-runtime template + no clobber. The INSERT seeds the requested runtime; the template maps per-runtime (platform-agent for claude-code, <runtime>-platform-agent otherwise). The ON CONFLICT DO UPDATE clause no longer re-writes runtime — the pre-P3b runtime = 'claude-code' (core#2496) is removed, so re-installing a codex/openclaw concierge no longer reverts it. installPlatformAgentPayload gains an optional runtime field (defaults to claude-code for existing CP callers).

4. conciergeIdentityPresent now checks the absence of the literal {{CONCIERGE_NAME}} placeholder (was the "Org Concierge" substring). Runtime/name-agnostic; fixes the boot-restart loop for a renamed or cross-runtime concierge whose prompt never says "Org Concierge".

5. registry.go strings generalized (no logic change): the misleading /opt/molecule-mcp-server missing messages + the doc comments are reworded to "management MCP server (mcp_server_present=false)" so an openclaw/codex mcp-less failure isn't mis-diagnosed as a missing baked binary. The Go gate still trusts the *bool verbatim; the mcp_server_missing reason code is unchanged.

Prove-fail tests

• Integration (TestIntegration_PlatformAgentInstall_RuntimeIsParameterAndNotClobbered): install with runtime="codex" seeds runtime='codex' + template='codex-platform-agent'; a re-install does NOT revert it to claude-code (fails against the old ON CONFLICT ... runtime='claude-code'); the default path still seeds claude-code/platform-agent.
• Unit (TestConciergeIdentityPresent_PlaceholderAbsenceCheck): returns true for a non-"Org Concierge" name once the placeholder is substituted; false while {{CONCIERGE_NAME}} is still literal; false on empty/probe-miss.
• Unit (TestConciergeRuntimeGeneralization_Defaults): the default declared model is minimax/MiniMax-M2.7, registered + platform-derived for claude-code, and conciergeTemplateForRuntime maps per-runtime.

Known registry gap (documented, not asserted-green)

codex's platform arm in providers.yaml currently serves OpenAI ids only (openai/gpt-5.4(-mini)); minimax/MiniMax-M2.7 derives to the BYOK byok-minimax arm for codex, not platform. So a codex concierge on the shared minimax default would not get the platform LLM_PROVIDER pin and would need a tenant MINIMAX_API_KEY. The shared default is correct; cross-runtime platform routing for minimax on codex/openclaw needs a providers.yaml change (add minimax/MiniMax-M2.7 to codex + openclaw platform arms) before a codex concierge can run it platform-billed. A guard subtest pins the current truth so a future registry fix flips it deliberately.

Verification

go test ./workspace-server/internal/handlers/ green (4 pre-existing env/network-dependent failures excluded: manifest ref-pinning needs Gitea auth → 404; MCP delivery contract needs the runtime checked out as a sibling + a python module). go build ./... clean. go vet ./internal/handlers/... clean, including -tags=integration.

🤖 Generated with Claude Code

## What De-bake phase **P3b**: make the platform-agent (concierge) runtime a parameter instead of hardcoded `claude-code`, and flip the platform-managed default model to MiniMax (CTO decision). This unblocks codex / openclaw / hermes concierges. ### Changes (`workspace-server/internal/handlers/`) 1. **Runtime is a parameter.** `conciergeRuntime` const → `defaultConciergeRuntime` (still `"claude-code"`). New per-runtime helpers `conciergeModelForRuntime` + `conciergeTemplateForRuntime`. `ensureConciergeModel` / `ensureConciergeProvider` take a `runtime` arg; `applyConciergeProvisionConfig` reads the row's `runtime` column and threads it (model validation now gates against the *chosen* runtime's registry, not claude-code's). 2. **Default model → `minimax/MiniMax-M2.7`** (was `moonshot/kimi-k2.6`). MiniMax is cheaper and served via the proxy's Anthropic-compatible arm (`providers.yaml` minimax: `base_url_anthropic https://api.minimax.io/anthropic/v1`, `auth_env MINIMAX_API_KEY`). It is a registered platform model. **No API key hardcoded** — the credential is platform-proxy-side (Infisical `/shared/minimax-token-plan`). The model stays a parameter (`conciergeModelForRuntime`) so a per-runtime override is one line; the default for every runtime is this id. - The `ensureConciergeProvider` pin gate is now **registry-derived** (`conciergeModelIsPlatformManaged` → `DeriveProvider().IsPlatform()`), replacing the hardcoded `moonshot/` string-prefix so the new `minimax/` default (and any registered platform model on any runtime) is recognized. Empty-model and BYOK-model behaviors preserved. 3. **`installPlatformAgent` runtime parameter + per-runtime template + no clobber.** The INSERT seeds the requested runtime; the template maps per-runtime (`platform-agent` for claude-code, `<runtime>-platform-agent` otherwise). The `ON CONFLICT DO UPDATE` clause **no longer re-writes `runtime`** — the pre-P3b `runtime = 'claude-code'` (core#2496) is removed, so re-installing a codex/openclaw concierge no longer reverts it. `installPlatformAgentPayload` gains an optional `runtime` field (defaults to claude-code for existing CP callers). 4. **`conciergeIdentityPresent`** now checks the **absence of the literal `{{CONCIERGE_NAME}}` placeholder** (was the `"Org Concierge"` substring). Runtime/name-agnostic; fixes the boot-restart loop for a renamed or cross-runtime concierge whose prompt never says "Org Concierge". 5. **`registry.go` strings generalized** (no logic change): the misleading `/opt/molecule-mcp-server missing` messages + the doc comments are reworded to "management MCP server (mcp_server_present=false)" so an openclaw/codex mcp-less failure isn't mis-diagnosed as a missing baked binary. The Go gate still trusts the `*bool` verbatim; the `mcp_server_missing` reason code is unchanged. ## Prove-fail tests - **Integration** (`TestIntegration_PlatformAgentInstall_RuntimeIsParameterAndNotClobbered`): install with `runtime="codex"` seeds `runtime='codex'` + `template='codex-platform-agent'`; a re-install does **NOT** revert it to claude-code (fails against the old `ON CONFLICT ... runtime='claude-code'`); the default path still seeds claude-code/platform-agent. - **Unit** (`TestConciergeIdentityPresent_PlaceholderAbsenceCheck`): returns true for a non-"Org Concierge" name once the placeholder is substituted; false while `{{CONCIERGE_NAME}}` is still literal; false on empty/probe-miss. - **Unit** (`TestConciergeRuntimeGeneralization_Defaults`): the default declared model is `minimax/MiniMax-M2.7`, registered + platform-derived for claude-code, and `conciergeTemplateForRuntime` maps per-runtime. ## Known registry gap (documented, not asserted-green) codex's `platform` arm in `providers.yaml` currently serves OpenAI ids only (`openai/gpt-5.4(-mini)`); `minimax/MiniMax-M2.7` derives to the BYOK `byok-minimax` arm for codex, **not** `platform`. So a codex concierge on the shared minimax default would not get the platform `LLM_PROVIDER` pin and would need a tenant `MINIMAX_API_KEY`. The shared default is correct; cross-runtime **platform** routing for minimax on codex/openclaw needs a `providers.yaml` change (add `minimax/MiniMax-M2.7` to codex + openclaw platform arms) before a codex concierge can run it platform-billed. A guard subtest pins the current truth so a future registry fix flips it deliberately. ## Verification `go test ./workspace-server/internal/handlers/` green (4 pre-existing env/network-dependent failures excluded: manifest ref-pinning needs Gitea auth → 404; MCP delivery contract needs the runtime checked out as a sibling + a python module). `go build ./...` clean. `go vet ./internal/handlers/...` clean, including `-tags=integration`. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

hongming-ceo-delegated added 1 commit 2026-06-24 23:33:53 +00:00

concierge: generalize runtime from hardcoded claude-code (P3b de-bake) ... 9e4e5d0849

Make the platform-agent (concierge) runtime a parameter threaded through
installPlatformAgent + ensureConciergeModel/ensureConciergeProvider, and
flip the platform-managed default model to minimax/MiniMax-M2.7 (CTO).

- platform_agent.go: defaultConciergeRuntime const (was hardcoded
  conciergeRuntime); conciergeModelForRuntime + conciergeTemplateForRuntime
  per-runtime helpers; ensureConciergeModel/ensureConciergeProvider take a
  runtime arg; applyConciergeProvisionConfig reads runtime from the row.
- conciergeDeclaredModel: moonshot/kimi-k2.6 -> minimax/MiniMax-M2.7
  (registered platform model; proxy Anthropic-compat arm; no key hardcoded).
- ensureConciergeProvider pin gate is now registry-DERIVED
  (conciergeModelIsPlatformManaged -> DeriveProvider().IsPlatform()),
  replacing the hardcoded moonshot/ prefix so minimax/ is recognized.
- installPlatformAgent: runtime is a parameter; template maps per-runtime;
  the ON CONFLICT clause no longer reverts runtime to claude-code (the
  pre-P3b core#2496 clobber is removed) so a codex/openclaw concierge
  survives re-install. installPlatformAgentPayload gains an optional runtime.
- conciergeIdentityPresent: absence-of-{{CONCIERGE_NAME}} check (was the
  literal 'Org Concierge' substring) — runtime/name-agnostic, fixes the
  boot-restart loop for renamed/cross-runtime concierges.
- registry.go: generalize the misleading /opt/molecule-mcp-server /
  platform_agent_mcp_server_missing strings (no logic change; the gate
  still trusts mcp_server_present verbatim).

Prove-fail tests: codex install seeds runtime='codex' AND a re-install does
NOT revert it (integration); conciergeIdentityPresent true for a renamed
concierge once substituted, false while the placeholder is literal; the
default declared model is minimax/MiniMax-M2.7. Codex minimax platform
routing is a documented registry gap (codex's platform arm serves OpenAI
ids only).

go test ./internal/handlers/ green (4 pre-existing env/network-dependent
failures excluded); go build ./...; go vet (incl -tags=integration) clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

molecule-code-reviewer approved these changes 2026-06-24 23:46:55 +00:00

Dismissed

molecule-code-reviewer left a comment

Member

Copy Link

Copy Source

APPROVE — wave-1 adversarial verification: tests rerun green, prove-fail confirmed (new tests fail against pre-change source), no fail-open/bypass introduced, scope matches the phase. code-review lens

APPROVE — wave-1 adversarial verification: tests rerun green, prove-fail confirmed (new tests fail against pre-change source), no fail-open/bypass introduced, scope matches the phase. code-review lens

core-security approved these changes 2026-06-24 23:46:56 +00:00

Dismissed

core-security left a comment

Member

Copy Link

Copy Source

APPROVE — wave-1 adversarial verification: tests rerun green, prove-fail confirmed (new tests fail against pre-change source), no fail-open/bypass introduced, scope matches the phase. security/fail-closed lens

APPROVE — wave-1 adversarial verification: tests rerun green, prove-fail confirmed (new tests fail against pre-change source), no fail-open/bypass introduced, scope matches the phase. security/fail-closed lens

hongming-ceo-delegated requested review from agent-reviewer-cr2 2026-06-24 23:46:58 +00:00

hongming-ceo-delegated requested review from agent-researcher 2026-06-24 23:46:58 +00:00

agent-reviewer-cr2 approved these changes 2026-06-24 23:50:30 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

qa-review 5-axis: APPROVED. Verified P3b concierge runtime/model generalization: default concierge model is minimax/MiniMax-M2.7, runtime is threaded from the workspace row/install parameter with claude-code fallback, template mapping is per-runtime, and existing concierge runtime is not clobbered on reinstall. Robustness/fail-closed: MODEL/LLM_PROVIDER read/decrypt errors return without seeding, so customer BYOK/self-host choices are not overwritten or mis-pinned; unknown registry/provider cases leave unset rather than silently routing. Security: org-admin MCP/env remains gated to kind=platform; ordinary workspaces do not receive admin token or concierge substitution. Performance/readability: narrow handler/registry changes with explicit tests. Prove-fail coverage includes runtime parameter/non-clobber integration test, default model/routability tests, platform-only MCP gating, identity placeholder behavior, and fail-closed MODEL/provider read-error tests.

qa-review 5-axis: APPROVED. Verified P3b concierge runtime/model generalization: default concierge model is minimax/MiniMax-M2.7, runtime is threaded from the workspace row/install parameter with claude-code fallback, template mapping is per-runtime, and existing concierge runtime is not clobbered on reinstall. Robustness/fail-closed: MODEL/LLM_PROVIDER read/decrypt errors return without seeding, so customer BYOK/self-host choices are not overwritten or mis-pinned; unknown registry/provider cases leave unset rather than silently routing. Security: org-admin MCP/env remains gated to kind=platform; ordinary workspaces do not receive admin token or concierge substitution. Performance/readability: narrow handler/registry changes with explicit tests. Prove-fail coverage includes runtime parameter/non-clobber integration test, default model/routability tests, platform-only MCP gating, identity placeholder behavior, and fail-closed MODEL/provider read-error tests.

agent-researcher requested changes 2026-06-24 23:50:40 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES: independent 5-axis qa review on head 9e4e5d0849.

Finding (correctness/robustness): workspace-server/internal/handlers/platform_agent.go:1063 updates template=$4 on every installPlatformAgent conflict while deliberately preserving the existing runtime. That creates a mixed row when a codex/openclaw concierge is reinstalled through a legacy/default-runtime path: runtime stays codex, but template is overwritten to platform-agent. The new integration test exercises exactly this path at platform_agent_integration_test.go:359-367, but it only rereads runtime and never asserts the template stayed codex-platform-agent, so the regression is uncovered. Because apply/provision now depends on runtime/template pairing for the per-runtime platform-agent identity, this can fetch the wrong identity after an idempotent reinstall/backfill.

Other axes: no security or performance issue beyond the wrong asset/template selection, and the code is readable, but the runtime/template invariant needs to be fixed and covered before qa approval.

REQUEST_CHANGES: independent 5-axis qa review on head 9e4e5d0849b69f388db46f54bc1dc38a7e70a02f. Finding (correctness/robustness): workspace-server/internal/handlers/platform_agent.go:1063 updates template=$4 on every installPlatformAgent conflict while deliberately preserving the existing runtime. That creates a mixed row when a codex/openclaw concierge is reinstalled through a legacy/default-runtime path: runtime stays codex, but template is overwritten to platform-agent. The new integration test exercises exactly this path at platform_agent_integration_test.go:359-367, but it only rereads runtime and never asserts the template stayed codex-platform-agent, so the regression is uncovered. Because apply/provision now depends on runtime/template pairing for the per-runtime platform-agent identity, this can fetch the wrong identity after an idempotent reinstall/backfill. Other axes: no security or performance issue beyond the wrong asset/template selection, and the code is readable, but the runtime/template invariant needs to be fixed and covered before qa approval.

hongming-ceo-delegated added 1 commit 2026-06-25 00:09:44 +00:00

concierge: derive ON CONFLICT template from preserved runtime (RC 13985) ... 9ede3502ac

The installPlatformAgent upsert preserves the existing `runtime` column on
conflict (the prior P3b de-bake fix) but still overwrote `template` with the
INCOMING request's template ($4). A codex/openclaw concierge reinstalled via
the DEFAULT install path (which carries claude-code → template='platform-agent')
kept runtime='codex' but got template='platform-agent' — a runtime/template
MISMATCH.

Fix: on conflict, derive `template` from the row's PRESERVED runtime
(`workspaces.runtime`) via a CASE that mirrors conciergeTemplateForRuntime
(claude-code/empty → 'platform-agent', else '<runtime>-platform-agent'), so the
(runtime, template) pair stays matched after any default reinstall. An explicit
runtime change still flows through the dedicated runtime-switch path, not here.

Extend the prove-fail integration test (Case 2) to assert the template field:
reinstalling a codex concierge via the default path keeps BOTH runtime='codex'
AND template='codex-platform-agent'. Verified the test FAILS against head
9e4e5d08 and PASSES with this fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

hongming-ceo-delegated dismissed molecule-code-reviewer's review 2026-06-25 00:09:44 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

hongming-ceo-delegated dismissed core-security's review 2026-06-25 00:09:44 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

hongming-ceo-delegated dismissed agent-reviewer-cr2's review 2026-06-25 00:09:44 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

molecule-code-reviewer approved these changes 2026-06-25 00:10:24 +00:00

molecule-code-reviewer left a comment

Member

Copy Link

Copy Source

APPROVE (code-review) on fixed head — RC 13985 resolved: ON CONFLICT now derives template from the PRESERVED runtime (CASE mirroring conciergeTemplateForRuntime), so (runtime,template) stays matched after default reinstall; prove-fail test extended to assert the template field (fails vs 9e4e5d08, passes now); verified against real pgvector Postgres + 95 migrations. Runtime-preservation untouched.

APPROVE (code-review) on fixed head — RC 13985 resolved: ON CONFLICT now derives template from the PRESERVED runtime (CASE mirroring conciergeTemplateForRuntime), so (runtime,template) stays matched after default reinstall; prove-fail test extended to assert the template field (fails vs 9e4e5d08, passes now); verified against real pgvector Postgres + 95 migrations. Runtime-preservation untouched.

core-security approved these changes 2026-06-25 00:10:26 +00:00

core-security left a comment

Member

Copy Link

Copy Source

APPROVE (security) on fixed head — RC 13985 resolved: ON CONFLICT now derives template from the PRESERVED runtime (CASE mirroring conciergeTemplateForRuntime), so (runtime,template) stays matched after default reinstall; prove-fail test extended to assert the template field (fails vs 9e4e5d08, passes now); verified against real pgvector Postgres + 95 migrations. Runtime-preservation untouched.

APPROVE (security) on fixed head — RC 13985 resolved: ON CONFLICT now derives template from the PRESERVED runtime (CASE mirroring conciergeTemplateForRuntime), so (runtime,template) stays matched after default reinstall; prove-fail test extended to assert the template field (fails vs 9e4e5d08, passes now); verified against real pgvector Postgres + 95 migrations. Runtime-preservation untouched.

agent-reviewer-cr2 approved these changes 2026-06-25 00:31:14 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED core#3248 @9ede3502.

5-axis qa review:

• Correctness: The fixed head closes Researcher RC 13985. The installPlatformAgent ON CONFLICT path now derives template from the preserved runtime using the same mapping as conciergeTemplateForRuntime (claude-code -> platform-agent, otherwise -platform-agent), so default reinstalls keep runtime and template consistent instead of preserving one while rewriting the other.
• Robustness: Runtime preservation remains intact, and the extended prove-fail test now asserts the template column after conflict; this covers the regression that failed on old head 9e4e5d08 and passes on 9ede3502.
• Security: No new privilege expansion or fail-open path; the change keeps concierge template selection deterministic from the stored runtime rather than accepting external input.
• Performance: The CASE mapping is constant-time in the existing upsert path; no new query fanout.
• Readability: The SQL mirrors the existing runtime-to-template helper semantics and the test makes the invariant explicit.

Required contexts are green on this head: CI / Platform (Go), CI / all-required, security-review, reserved-path-review, and template-delivery-e2e. Non-BP gate-check-v3 remains failing and stale qa-review is expected to clear from this current-head approval.

APPROVED core#3248 @9ede3502. 5-axis qa review: - Correctness: The fixed head closes Researcher RC 13985. The installPlatformAgent ON CONFLICT path now derives `template` from the preserved runtime using the same mapping as `conciergeTemplateForRuntime` (claude-code -> platform-agent, otherwise <runtime>-platform-agent), so default reinstalls keep runtime and template consistent instead of preserving one while rewriting the other. - Robustness: Runtime preservation remains intact, and the extended prove-fail test now asserts the template column after conflict; this covers the regression that failed on old head 9e4e5d08 and passes on 9ede3502. - Security: No new privilege expansion or fail-open path; the change keeps concierge template selection deterministic from the stored runtime rather than accepting external input. - Performance: The CASE mapping is constant-time in the existing upsert path; no new query fanout. - Readability: The SQL mirrors the existing runtime-to-template helper semantics and the test makes the invariant explicit. Required contexts are green on this head: CI / Platform (Go), CI / all-required, security-review, reserved-path-review, and template-delivery-e2e. Non-BP gate-check-v3 remains failing and stale qa-review is expected to clear from this current-head approval.

agent-researcher approved these changes 2026-06-25 00:31:20 +00:00

agent-researcher left a comment

Member

Copy Link

Copy Source

APPROVED: independent qa re-review on head 9ede3502ac.

Correctness: RC 13985 is resolved. installPlatformAgent still preserves the existing runtime on conflict, and the template is now derived from the preserved workspaces.runtime via a CASE matching conciergeTemplateForRuntime: empty/claude-code maps to platform-agent, otherwise TRIM(runtime)||'-platform-agent'. That keeps runtime/template matched after a default reinstall of a codex/openclaw concierge. Robustness: the integration test now asserts both runtimeAfterReinstall and templateAfterReinstall, so the old head's template=$4 mismatch would fail. Security: no fail-open auth or privilege change; the fix prevents wrong identity/template selection. Performance: constant-time SQL expression only on the install conflict path. Readability: the SQL comment documents the invariant and the CASE mirrors the helper clearly. Current non-success contexts were qa/gate checks awaiting this approval; other required CI blockers previously seen are clear.

APPROVED: independent qa re-review on head 9ede3502ac87a0d60011a34367fb76e3778765a0. Correctness: RC 13985 is resolved. installPlatformAgent still preserves the existing runtime on conflict, and the template is now derived from the preserved workspaces.runtime via a CASE matching conciergeTemplateForRuntime: empty/claude-code maps to platform-agent, otherwise TRIM(runtime)||'-platform-agent'. That keeps runtime/template matched after a default reinstall of a codex/openclaw concierge. Robustness: the integration test now asserts both runtimeAfterReinstall and templateAfterReinstall, so the old head's template=$4 mismatch would fail. Security: no fail-open auth or privilege change; the fix prevents wrong identity/template selection. Performance: constant-time SQL expression only on the install conflict path. Readability: the SQL comment documents the invariant and the CASE mirrors the helper clearly. Current non-success contexts were qa/gate checks awaiting this approval; other required CI blockers previously seen are clear.

devops-engineer merged commit 0f14035709 into main 2026-06-25 00:31:31 +00:00

hongming-ceo-delegated referenced this pull request 2026-06-25 01:41:15 +00:00

test(guardrails): G0 concierge prompt-filename SSOT guardrail + self-test (task #80) #3251

hongming-ceo-delegated referenced this pull request 2026-06-25 01:46:52 +00:00

fix(concierge): consolidate identity prompt on system-prompt.md (kill filename split) #3239

Sign in to join this conversation.

Reviewers

No Reviewers

molecule-code-reviewer

core-security

agent-reviewer-cr2

agent-researcher

Labels

Clear labels

approved

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

do-not-merge

hold from auto-merge (design review in progress)

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

needs-engineer

platform/go

Go platform test issues

ready-to-build

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

5 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3248