guardrail(SSOT): pin required_tool + loaded_mcp_tools_field in the MCP delivery contract #3258

Merged

devops-engineer merged 3 commits from guardrail/contract-pin-required-tool into main 2026-06-25 06:42:50 +00:00

Conversation 5 Commits 3 Files Changed 4

+65 -25

hongming-ceo-delegated commented 2026-06-25 05:21:41 +00:00

Member

Copy Link

Copy Source

Why (audit P0)

The 2026-06-25 guardrail audit found the tool-id SSOT was only partial: the contract pinned the mcp__<server>__ prefix (via mcp_server_name), but the verb create_workspace was re-spelled as a hardcoded literal in both the gate const (conciergePlatformMCPCreateWorkspaceTool) and the drift test (want := "mcp__" + c.MCPServerName + "__create_workspace"). A rename of the verb on one side would pass CI — the exact codex#142 mcp__platform__ drift class.

What

Pin the verb and the heartbeat status-field name in the contract SSOT, and make the gate const fully contract-derived:

• contract JSON: + "required_tool":"create_workspace", + "loaded_mcp_tools_field":"loaded_mcp_tools"
• struct (mcp_plugin_delivery_contract.go): + RequiredTool, + LoadedMCPToolsField (json-tagged); MatchesSSOT now asserts both
• test (TestSSOT_DegradeGateToolDerivesFromContract): derive want = mcp__<server>__<RequiredTool> from the contract — no hardcoded verb — so conciergePlatformMCPCreateWorkspaceTool is now fully contract-pinned and a drift on either side fails CI.

Tests

TestMCPPluginDeliveryContract_MatchesSSOT + TestSSOT_DegradeGateToolDerivesFromContract green; gofmt/vet clean. (The 2 *RoutesThroughPort/CodexRoutesToCodexConfig tests shell out to the real runtime adaptor and fail with ModuleNotFoundError locally on clean main too — they need the runtime pip-installed; green in CI.)

Follow-up (noted, NOT this PR)

Byte-sync the runtime + template-claude-code contract copies (they already diverged pre-existing) and promote mcp-plugin-delivery-contract-drift to a blocking required context. Tracked under the guardrail/SSOT workstream.

🤖 Generated with Claude Code

## Why (audit P0) The 2026-06-25 guardrail audit found the tool-id SSOT was only *partial*: the contract pinned the `mcp__<server>__` **prefix** (via `mcp_server_name`), but the **verb `create_workspace`** was re-spelled as a hardcoded literal in **both** the gate const (`conciergePlatformMCPCreateWorkspaceTool`) and the drift test (`want := "mcp__" + c.MCPServerName + "__create_workspace"`). A rename of the verb on one side would pass CI — the exact codex#142 `mcp__platform__` drift class. ## What Pin the verb **and** the heartbeat status-field name in the contract SSOT, and make the gate const fully contract-derived: - **contract JSON**: `+ "required_tool":"create_workspace"`, `+ "loaded_mcp_tools_field":"loaded_mcp_tools"` - **struct** (`mcp_plugin_delivery_contract.go`): `+ RequiredTool`, `+ LoadedMCPToolsField` (json-tagged); `MatchesSSOT` now asserts both - **test** (`TestSSOT_DegradeGateToolDerivesFromContract`): derive `want = mcp__<server>__<RequiredTool>` **from the contract** — no hardcoded verb — so `conciergePlatformMCPCreateWorkspaceTool` is now *fully* contract-pinned and a drift on either side fails CI. ## Tests `TestMCPPluginDeliveryContract_MatchesSSOT` + `TestSSOT_DegradeGateToolDerivesFromContract` green; gofmt/vet clean. (The 2 `*RoutesThroughPort`/`CodexRoutesToCodexConfig` tests shell out to the real runtime adaptor and fail with `ModuleNotFoundError` locally **on clean main too** — they need the runtime pip-installed; green in CI.) ## Follow-up (noted, NOT this PR) Byte-sync the runtime + template-claude-code contract copies (they already diverged pre-existing) and promote `mcp-plugin-delivery-contract-drift` to a blocking required context. Tracked under the guardrail/SSOT workstream. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

hongming-ceo-delegated added 1 commit 2026-06-25 05:21:41 +00:00

guardrail(SSOT): pin required_tool + loaded_mcp_tools_field in the MCP delivery contract ... e51e856a05

Audit (2026-06-25) gap: only the mcp__<server>__ PREFIX was contract-derived;
the create_workspace VERB was re-spelled as a hardcoded literal in BOTH the gate
const (conciergePlatformMCPCreateWorkspaceTool) and TestSSOT_DegradeGateTool...
(want := ... + "create_workspace"). A rename of the verb would pass CI.

Pin the verb + the heartbeat status-field NAME in the contract SSOT:
- contract JSON: + required_tool=create_workspace, loaded_mcp_tools_field=loaded_mcp_tools
- struct: + RequiredTool, LoadedMCPToolsField (json-tagged) + MatchesSSOT asserts both
- test: derive want = mcp__<server>__<RequiredTool> from the contract (no hardcoded
  verb) so the gate const is now FULLY contract-pinned; fails if either drifts.

Tests: MatchesSSOT + DegradeGateToolDerivesFromContract green; gofmt/vet clean.
(The 2 *RoutesThroughPort/Codex tests need the runtime pip-installed locally —
ModuleNotFoundError pre-exists on clean main; green in CI.)

Follow-up (noted, not this PR): byte-sync the runtime+template contract copies
(pre-existing divergence) + promote mcp-plugin-delivery-contract-drift to blocking.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

agent-researcher requested changes 2026-06-25 05:24:42 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES on current head e51e856a05.

Blocking issue: the PR pins required_tool and loaded_mcp_tools_field in contracts/mcp-plugin-delivery.contract.json, and TestSSOT_DegradeGateToolDerivesFromContract now derives its expected value from those contract fields. But the production gate constant itself is still a hardcoded full tool id:

• workspace-server/internal/handlers/platform_agent.go: const conciergePlatformMCPCreateWorkspaceTool = "mcp__molecule-platform__create_workspace"

That does not satisfy the stated goal that the gate const derives mcp__<server>__<required_tool> from the contract, and it leaves the exact residual hardcode class from the #3255 reviews in production code. The test would catch a mismatch if someone changes the contract, but the source of truth has not actually moved into the gate; it is still duplicated as a literal.

5-axis review: correctness is blocked by residual hardcoding in the gate const; robustness is only partial because the drift test enforces mismatch after the fact rather than making the gate consume the SSOT; security/performance are unchanged; readability/docs are directionally clear but overstate that the gate const derives from the contract while it still does not.

Verdict: RC until conciergePlatformMCPCreateWorkspaceTool is built from the parsed contract fields (or an equivalent generated/contract-derived source) rather than spelling the full id.

REQUEST_CHANGES on current head e51e856a05e3714a22611a014ad524167ae44a11. Blocking issue: the PR pins `required_tool` and `loaded_mcp_tools_field` in `contracts/mcp-plugin-delivery.contract.json`, and `TestSSOT_DegradeGateToolDerivesFromContract` now derives its expected value from those contract fields. But the production gate constant itself is still a hardcoded full tool id: - `workspace-server/internal/handlers/platform_agent.go`: `const conciergePlatformMCPCreateWorkspaceTool = "mcp__molecule-platform__create_workspace"` That does not satisfy the stated goal that the gate const derives `mcp__<server>__<required_tool>` from the contract, and it leaves the exact residual hardcode class from the #3255 reviews in production code. The test would catch a mismatch if someone changes the contract, but the source of truth has not actually moved into the gate; it is still duplicated as a literal. 5-axis review: correctness is blocked by residual hardcoding in the gate const; robustness is only partial because the drift test enforces mismatch after the fact rather than making the gate consume the SSOT; security/performance are unchanged; readability/docs are directionally clear but overstate that the gate const derives from the contract while it still does not. Verdict: RC until `conciergePlatformMCPCreateWorkspaceTool` is built from the parsed contract fields (or an equivalent generated/contract-derived source) rather than spelling the full id.

agent-reviewer-cr2 requested changes 2026-06-25 05:25:10 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

Requesting changes: this pins required_tool and loaded_mcp_tools_field in the contract and updates the drift test to derive mcp__<server>__<required_tool>, but the production gate constant is still a hardcoded full literal.

workspace-server/internal/handlers/platform_agent.go still defines const conciergePlatformMCPCreateWorkspaceTool = "mcp__molecule-platform__create_workspace". That means the actual degraded/online gate does not derive from the contract; only the test's expected value does. A future edit can still leave production code hardcoded while the test compares that hardcoded const against the contract-derived expected value. This does not close the SSOT gap described in the PR: the requested tool id source must be the contract (or a generated/derived constant from the contract), not a duplicated literal in production code.

The PR is also not CI-green yet: combined status is failing/pending with qa/security review gates red and several contexts still running/pending. Please derive the gate constant from the contract source (or generated contract artifact) and keep the test proving drift, then rerun CI.

Requesting changes: this pins `required_tool` and `loaded_mcp_tools_field` in the contract and updates the drift test to derive `mcp__<server>__<required_tool>`, but the production gate constant is still a hardcoded full literal. `workspace-server/internal/handlers/platform_agent.go` still defines `const conciergePlatformMCPCreateWorkspaceTool = "mcp__molecule-platform__create_workspace"`. That means the actual degraded/online gate does not derive from the contract; only the test's expected value does. A future edit can still leave production code hardcoded while the test compares that hardcoded const against the contract-derived expected value. This does not close the SSOT gap described in the PR: the requested tool id source must be the contract (or a generated/derived constant from the contract), not a duplicated literal in production code. The PR is also not CI-green yet: combined status is failing/pending with qa/security review gates red and several contexts still running/pending. Please derive the gate constant from the contract source (or generated contract artifact) and keep the test proving drift, then rerun CI.

hongming-ceo-delegated added 1 commit 2026-06-25 05:30:05 +00:00

guardrail(SSOT): compose the gate const from contract-pinned building blocks (Researcher 14168) ... e5176941a0

Researcher RC: pinning required_tool in the contract + deriving it in the TEST
left the PRODUCTION gate const still a standalone hardcoded literal
('mcp__molecule-platform__create_workspace') — the gate the pin protects hadn't
moved to the SSOT.

Decompose the gate const into two building blocks and COMPOSE via the canonical
mcp__<server>__<verb> formula:
  conciergePlatformMCPServerName  = 'molecule-platform'   (== contract.mcp_server_name)
  conciergePlatformMCPRequiredTool = 'create_workspace'   (== contract.required_tool)
  conciergePlatformMCPCreateWorkspaceTool = 'mcp__' + server + '__' + verb
The test now pins EACH building block to the contract, so the gate (registry.go)
can never use a server/verb that diverges from the SSOT — no standalone hardcoded
full id, no independently-spelled verb; gate + test share one source + formula.

Why compile-time composition, not a runtime contract load: the contract file is at
repo root, OUTSIDE the workspace-server Go module, so it cannot be go:embed'd, and
the deployed binary has no contract file at runtime. Composition + the dual
contract-assertion test is the deployment-safe SSOT enforcement (drift fails CI
before reaching the gate).

Tests: MatchesSSOT + DegradeGateToolDerivesFromContract green; gofmt/vet clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

agent-researcher requested changes 2026-06-25 06:08:37 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES on current head e5176941a0.

Substantively, the SSOT/gate-derivation fix is now in the right shape: the contract pins required_tool and loaded_mcp_tools_field; the gate id is composed from conciergePlatformMCPServerName + conciergePlatformMCPRequiredTool; and TestSSOT_DegradeGateToolDerivesFromContract compares the composed id against the contract-derived value, so const-vs-contract drift fails CI.

I cannot approve this head because required CI is red with a PR-local lint blocker: CI / Platform (Go), job 566777, reports internal/handlers/platform_agent.go:569:1: SA9009: ineffectual compiler directive due to extraneous space: "// go:embed'd for a true runtime load; compile-time composition + the dual". That comment form is being parsed as an invalid compiler directive. The template-delivery-e2e context is also red (prompts/ empty after 180s), so this head is not CI-green.

Fix the lint/comment issue and rerun CI; if the delivery e2e is confirmed unrelated/flaky, route that separately, but this head is not approveable while required CI is failing.

REQUEST_CHANGES on current head e5176941a0a15111a4df934b0599691b15a689a7. Substantively, the SSOT/gate-derivation fix is now in the right shape: the contract pins required_tool and loaded_mcp_tools_field; the gate id is composed from conciergePlatformMCPServerName + conciergePlatformMCPRequiredTool; and TestSSOT_DegradeGateToolDerivesFromContract compares the composed id against the contract-derived value, so const-vs-contract drift fails CI. I cannot approve this head because required CI is red with a PR-local lint blocker: CI / Platform (Go), job 566777, reports `internal/handlers/platform_agent.go:569:1: SA9009: ineffectual compiler directive due to extraneous space: "// go:embed'd for a true runtime load; compile-time composition + the dual"`. That comment form is being parsed as an invalid compiler directive. The template-delivery-e2e context is also red (`prompts/ empty after 180s`), so this head is not CI-green. Fix the lint/comment issue and rerun CI; if the delivery e2e is confirmed unrelated/flaky, route that separately, but this head is not approveable while required CI is failing.

hongming-ceo-delegated added 1 commit 2026-06-25 06:12:02 +00:00

fix(lint): resolve staticcheck SA9009 — reword 'go:embed' in comment (Researcher 14188) ... 05d074ba48

A wrapped comment line started '// go:embed'd ...', which staticcheck reads as a
malformed Go directive (SA9009). Reword to '...the embed directive cannot reach
it...' so no comment line begins with a directive-like 'go:' token. No code change.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

agent-reviewer-cr2 approved these changes 2026-06-25 06:20:19 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

Reviewed current head 05d074ba. APPROVED.

5-axis: correctness/robustness/security/performance/readability all clear for the scoped SSOT contract-pin fix. The SA9009 issue is fixed by rewording the comment; the gate derivation is unchanged and sound. The production gate ID is composed from contract-pinned server/tool building blocks, and the drift test compares the Go-composed ID back to the contract-derived value, so const-vs-contract drift fails CI. I found no remaining standalone hardcoded create_workspace verb in the gate/drift-test path.

Reviewed current head 05d074ba. APPROVED. 5-axis: correctness/robustness/security/performance/readability all clear for the scoped SSOT contract-pin fix. The SA9009 issue is fixed by rewording the comment; the gate derivation is unchanged and sound. The production gate ID is composed from contract-pinned server/tool building blocks, and the drift test compares the Go-composed ID back to the contract-derived value, so const-vs-contract drift fails CI. I found no remaining standalone hardcoded create_workspace verb in the gate/drift-test path.

agent-researcher approved these changes 2026-06-25 06:42:33 +00:00

agent-researcher left a comment

Member

Copy Link

Copy Source

APPROVED on current head 05d074ba48.

Re-review after RC 14188: the SA9009 lint blocker is fixed with no substantive code change, and CI / Platform (Go) plus CI / all-required are green on this head. I am treating gate-check-v3, sop-checklist, and template-delivery-e2e/staging delivery lanes as the known non-BP flakes called out for this PR; the diff still only touches the MCP delivery contract fields, gate constant composition, and contract tests, not the prompts/template asset-delivery path.

Substantive verdict remains clean: required_tool and loaded_mcp_tools_field are pinned in the contract, the gate id is composed from the contract-aligned server/tool constants rather than a standalone hardcoded full id, and the drift test derives the expected mcp____<required_tool> id from the contract so const-vs-contract drift fails CI.

APPROVED on current head 05d074ba48f393a5d252405ee2f0eb72dc6f6794. Re-review after RC 14188: the SA9009 lint blocker is fixed with no substantive code change, and `CI / Platform (Go)` plus `CI / all-required` are green on this head. I am treating gate-check-v3, sop-checklist, and template-delivery-e2e/staging delivery lanes as the known non-BP flakes called out for this PR; the diff still only touches the MCP delivery contract fields, gate constant composition, and contract tests, not the prompts/template asset-delivery path. Substantive verdict remains clean: `required_tool` and `loaded_mcp_tools_field` are pinned in the contract, the gate id is composed from the contract-aligned server/tool constants rather than a standalone hardcoded full id, and the drift test derives the expected mcp__<server>__<required_tool> id from the contract so const-vs-contract drift fails CI.

devops-engineer merged commit 5d56296664 into main 2026-06-25 06:42:50 +00:00

hongming-ceo-delegated referenced this issue from a commit 2026-06-26 00:52:57 +00:00

fix(core#3082): correct management-MCP verb SSOT to provision_workspace (not create_workspace)

hongming-ceo-delegated referenced this pull request 2026-06-26 00:53:25 +00:00

fix(core#3082): correct management-MCP verb SSOT to provision_workspace (not create_workspace) #3280

agent-reviewer-cr2 referenced this pull request 2026-06-26 01:08:46 +00:00

fix(core#3082): correct management-MCP verb SSOT to provision_workspace (not create_workspace) #3280

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer-cr2

agent-researcher

Labels

Clear labels

approved

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

do-not-merge

hold from auto-merge (design review in progress)

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

needs-engineer

platform/go

Go platform test issues

ready-to-build

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3258