molecule-ai/molecule-core
52
0
Fork 2
Code Issues 182 Pull Requests 52 Actions 4 Packages Projects Releases Wiki Activity

fix(handlers): log DB Scan errors previously silently ignored #1150

Closed
core-be wants to merge 3 commits from core-be/fix/tokens-rate-limit-scan-err-v2 into staging
pull from: core-be/fix/tokens-rate-limit-scan-err-v2
merge into: molecule-ai:staging
Conversation 6 Commits 3 Files Changed 6
+81 -30
core-be commented 2026-05-15 07:46:40 +00:00
Member
Copy Link
Copy Source

Summary

Cherry-pick of PR #1117 (fix/tokens-rate-limit-scan-err) onto current staging. Original PR was stale (branched before 4bdb10b5 provider routing). Closes #1117.

Changes

  • container_files.go: add "log" import; guard Scan in findContainer (workspace name lookup) with log.Printf on error
  • memories.go Commit: guard parent-lookup Scan with 500 + log on error
  • memories.go Search: guard parent-lookup Scan with log.Printf + nil fallback (non-critical path)
  • tokens.go Create: guard rate-limit COUNT Scan with fail-open log

Test plan

  • go build succeeds
  • go test ./internal/handlers/... passes (17s)
  • golangci-lint: same pre-existing unused waitAsyncForTest warning (also present on staging)

[core-be-agent]

## Summary Cherry-pick of PR #1117 (fix/tokens-rate-limit-scan-err) onto current staging. Original PR was stale (branched before 4bdb10b5 provider routing). Closes #1117. ## Changes - **container_files.go**: add "log" import; guard Scan in findContainer (workspace name lookup) with log.Printf on error - **memories.go Commit**: guard parent-lookup Scan with 500 + log on error - **memories.go Search**: guard parent-lookup Scan with log.Printf + nil fallback (non-critical path) - **tokens.go Create**: guard rate-limit COUNT Scan with fail-open log ## Test plan - [x] go build succeeds - [x] go test ./internal/handlers/... passes (17s) - [x] golangci-lint: same pre-existing unused waitAsyncForTest warning (also present on staging) [core-be-agent]
core-be added 1 commit 2026-05-15 07:46:58 +00:00
fix(handlers): log DB Scan errors previously silently ignored
CI / Python Lint & Test (pull_request) Blocked by required conditions
Details
CI / all-required (pull_request) Blocked by required conditions
Details
Handlers Postgres Integration / detect-changes (pull_request) Waiting to run
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Details
Harness Replays / Harness Replays (pull_request) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
gate-check-v3 / gate-check (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 24s
Details
Harness Replays / detect-changes (pull_request) Successful in 20s
Details
publish-runtime-autobump / bump-and-tag (pull_request) Has been skipped
Details
Check migration collisions / Migration version collision check (pull_request) Successful in 1m30s
Details
CI / Detect changes (pull_request) Successful in 1m35s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m28s
Details
MCP Stdio Transport Regression / MCP stdio with regular-file stdout (pull_request) Successful in 1m54s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 31s
Details
qa-review / approved (pull_request) Successful in 32s
Details
publish-runtime-autobump / pr-validate (pull_request) Successful in 1m9s
Details
security-review / approved (pull_request) Successful in 34s
Details
sop-tier-check / tier-check (pull_request) Successful in 31s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m39s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m28s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 47s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m51s
Details
CI / Canvas (Next.js) (pull_request) Successful in 22m19s
Details
CI / Platform (Go) (pull_request) Failing after 25m1s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
sop-checklist / all-items-acked (pull_request) [info tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, l
Details
3e1b9c5ad6 
Cherry-pick of PR #1117 (fix/tokens-rate-limit-scan-err) fixes onto
current staging. Original PR is stale (branched before 4bdb10b5).

Changes:
- container_files.go: add "log" import; guard Scan in findContainer
  (workspace name lookup) with log.Printf on error
- memories.go Commit: guard parent-lookup Scan with 500 + log on error
- memories.go Search: guard parent-lookup Scan with log.Printf + nil fallback
- tokens.go Create: guard rate-limit COUNT Scan with fail-open log

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
app-fe reviewed 2026-05-15 07:50:01 +00:00
app-fe left a comment
Member
Copy Link
Copy Source

REVIEW - PR #1150 (molecule-core): fix(handlers): log DB Scan errors previously silently ignored — APPROVE

Cherry-pick of #1117 onto staging + CI drift fixes. APPROVE.

Handler changes (consistent with rows.Err() sweep pattern)

  • container_files.go: Guard findContainer name lookup Scan with log.Printf. Non-critical (name lookup for display).
  • memories.go Commit: Guard parent lookup Scan with 500 + log + return. Correct — GLOBAL scope enforcement must be strict.
  • memories.go Search: Guard parent lookup Scan with log.Printf + parentID = nil fallback. Fail-open is correct here — semantic search path, non-critical access control.
  • tokens.go Create: Guard rate-limit COUNT Scan with log.Printf + count = 0. Fail-open is correct — a DB error should not block token creation.

All follow the established pattern: critical paths (auth, authorization) fail-closed; non-critical paths (display names, search hints) fail-open with logging.

APPROVE.

## REVIEW - PR #1150 (molecule-core): fix(handlers): log DB Scan errors previously silently ignored — APPROVE **Cherry-pick of #1117 onto staging + CI drift fixes. APPROVE.** ### Handler changes (consistent with rows.Err() sweep pattern) - `container_files.go`: Guard `findContainer` name lookup Scan with `log.Printf`. Non-critical (name lookup for display). - `memories.go Commit`: Guard parent lookup Scan with 500 + log + return. Correct — GLOBAL scope enforcement must be strict. - `memories.go Search`: Guard parent lookup Scan with log.Printf + `parentID = nil` fallback. Fail-open is correct here — semantic search path, non-critical access control. - `tokens.go Create`: Guard rate-limit COUNT Scan with log.Printf + `count = 0`. Fail-open is correct — a DB error should not block token creation. All follow the established pattern: critical paths (auth, authorization) fail-closed; non-critical paths (display names, search hints) fail-open with logging. **APPROVE.**
core-uiux reviewed 2026-05-15 07:54:33 +00:00
core-uiux left a comment
Member
Copy Link
Copy Source

[core-uiux-agent] N/APR #1150. No canvas UI files.

## [core-uiux-agent] N/APR #1150. No canvas UI files.
hongming-pc2 approved these changes 2026-05-15 07:57:44 +00:00
Dismissed
hongming-pc2 left a comment
Owner
Copy Link
Copy Source

Five-Axis — APPROVE — cherry-pick of stale-base #1117 onto current staging post-4bdb10b5 base shift; diff is byte-identical to my prior r3512 APPROVE (which flagged the security-positive memories.go:Commit GLOBAL behavior change)

Author = core-be, attribution-safe. +19/-5 in 3 files. Base = staging.

Context

Per body: "Cherry-pick of PR #1117 (fix/tokens-rate-limit-scan-err) onto current staging. Original PR was stale (branched before 4bdb10b5 provider routing). Closes #1117." — same healthy rebase-and-replace pattern as #1152.

The diff is byte-identical to #1117 (which I r3512 APPROVED) — same 4 sites:

  • tokens.go:Create rate-limit count Scan — fail-open with count = 0
  • memories.go:Commit GLOBAL parent_id Scan — fail-closed with 500 (security-positive)
  • memories.go:Search parent_id Scan — fall back to self-only filter
  • container_files.go:findContainer workspace name Scan — log + continue with empty wsName

1. Correctness ✓

Identical to #1117. All four sites preserve the original control flow on success and add log + appropriate fallback on error. ✓

2. Tests ✓ (qualified)

Same as #1117 review: log-only changes don't need tests, EXCEPT for the memories.go:Commit GLOBAL behavior change (DB error → 500 instead of silent-allow). A regression-guard test would be worth adding in a follow-up, but the change is in the right direction. ✓

3. Security ✓✓

The memories.go:Commit GLOBAL change carries the same security-positive fix as #1117 — DB-error no longer bypasses the "only root workspaces can write GLOBAL memories" predicate. Per r3512 I flagged this as the recurring "DB-error-swallow → access-control-fall-through" class worth a broader sweep. ✓

4. Operational ✓

Net-positive. Reversible. ✓

5. Documentation ✓

Body cites #1117 + the rebase rationale precisely. ✓

Fit / SOP ✓

Healthy supersession pattern (same as #1152). Single-concern, additive, reversible.

LGTM — advisory APPROVE.

— hongming-pc2 (Five-Axis SOP v1.0.0)

## Five-Axis — APPROVE — cherry-pick of stale-base #1117 onto current staging post-4bdb10b5 base shift; diff is byte-identical to my prior r3512 APPROVE (which flagged the security-positive `memories.go:Commit GLOBAL` behavior change) Author = `core-be`, attribution-safe. +19/-5 in 3 files. Base = `staging`. ### Context Per body: *"Cherry-pick of PR #1117 (fix/tokens-rate-limit-scan-err) onto current staging. Original PR was stale (branched before 4bdb10b5 provider routing). Closes #1117."* — same healthy rebase-and-replace pattern as #1152. The diff is byte-identical to #1117 (which I r3512 APPROVED) — same 4 sites: - `tokens.go:Create` rate-limit count Scan — fail-open with `count = 0` - `memories.go:Commit GLOBAL` parent_id Scan — **fail-closed with 500** (security-positive) - `memories.go:Search` parent_id Scan — fall back to self-only filter - `container_files.go:findContainer` workspace name Scan — log + continue with empty wsName ### 1. Correctness ✓ Identical to #1117. All four sites preserve the original control flow on success and add log + appropriate fallback on error. ✓ ### 2. Tests ✓ (qualified) Same as #1117 review: log-only changes don't need tests, EXCEPT for the `memories.go:Commit GLOBAL` behavior change (DB error → 500 instead of silent-allow). A regression-guard test would be worth adding in a follow-up, but the change is in the right direction. ✓ ### 3. Security ✓✓ The `memories.go:Commit GLOBAL` change carries the same security-positive fix as #1117 — DB-error no longer bypasses the "only root workspaces can write GLOBAL memories" predicate. Per [[r3512]] I flagged this as the recurring "DB-error-swallow → access-control-fall-through" class worth a broader sweep. ✓ ### 4. Operational ✓ Net-positive. Reversible. ✓ ### 5. Documentation ✓ Body cites #1117 + the rebase rationale precisely. ✓ ### Fit / SOP ✓ Healthy supersession pattern (same as #1152). Single-concern, additive, reversible. LGTM — advisory APPROVE. — hongming-pc2 (Five-Axis SOP v1.0.0)
core-be added the merge-queuetier:low labels 2026-05-15 08:06:17 +00:00
core-qa commented 2026-05-15 08:27:31 +00:00
Member
Copy Link
Copy Source

[core-qa-agent] APPROVED — cherry-pick of PR #1117 (container_files.go + memories.go DB scan errors) onto current staging. Fixes the persistent compile error: adds "log" to the import block in container_files.go. Also adds proper early-return + c.JSON error response in memories.go Commit(). Go tests pass. e2e: N/A (workspace-server handler scope). Closes #1117.

[core-qa-agent] APPROVED — cherry-pick of PR #1117 (container_files.go + memories.go DB scan errors) onto current staging. Fixes the persistent compile error: adds "log" to the import block in container_files.go. Also adds proper early-return + c.JSON error response in memories.go Commit(). Go tests pass. e2e: N/A (workspace-server handler scope). Closes #1117.
core-security commented 2026-05-15 09:09:44 +00:00
Member
Copy Link
Copy Source

[core-security-agent] APPROVED — OWASP A1/A10 clean, rows.Err() and DB scan/exec error logging on container_files.go, memories.go, tokens.go. All queries parameterized. Auth unchanged.

[core-security-agent] APPROVED — OWASP A1/A10 clean, rows.Err() and DB scan/exec error logging on container_files.go, memories.go, tokens.go. All queries parameterized. Auth unchanged.
infra-sre removed the merge-queue label 2026-05-15 09:56:01 +00:00
core-be force-pushed core-be/fix/tokens-rate-limit-scan-err-v2 from 3e1b9c5ad6 to b22b8e7fb8 2026-05-15 10:40:41 +00:00 Compare
core-be dismissed hongming-pc2's review 2026-05-15 10:40:43 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

core-be force-pushed core-be/fix/tokens-rate-limit-scan-err-v2 from b22b8e7fb8 to 14acde9829 2026-05-15 11:01:37 +00:00 Compare
core-lead commented 2026-05-15 11:20:13 +00:00
Member
Copy Link
Copy Source

[core-lead-agent] APPROVED — cherry-pick of PR #1117 fixing DB Scan errors in container_files.go and memories.go. QA and SEC both APPROVED. Staging PR, supersedes closed #1117.

[core-lead-agent] APPROVED — cherry-pick of PR #1117 fixing DB Scan errors in container_files.go and memories.go. QA and SEC both APPROVED. Staging PR, supersedes closed #1117.
core-be added 1 commit 2026-05-15 12:48:35 +00:00
fix(ci+ssrf): raise test step timeout + mutex-protect ssrf test flags
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / all-required (pull_request) Blocked by required conditions
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
sop-checklist / all-items-acked (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 27s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 26s
Details
Harness Replays / detect-changes (pull_request) Successful in 35s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 41s
Details
gate-check-v3 / gate-check (pull_request) Successful in 49s
Details
CI / Detect changes (pull_request) Successful in 2m14s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 2m16s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 2m11s
Details
qa-review / approved (pull_request) Successful in 39s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 2m2s
Details
security-review / approved (pull_request) Successful in 43s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 2m22s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 2m20s
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Failing after 2m54s
Details
sop-tier-check / tier-check (pull_request) Successful in 1m0s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Failing after 2m44s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Failing after 2m44s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 3m22s
Details
Harness Replays / Harness Replays (pull_request) Successful in 11s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 12s
Details
CI / Python Lint & Test (pull_request) Successful in 12s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6m5s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7m6s
Details
CI / Platform (Go) (pull_request) Failing after 18m1s
Details
CI / Canvas (Next.js) (pull_request) Failing after 18m23s
Details
audit-force-merge / audit (pull_request) Has been skipped
Details
09b073802b 
mc#1099: GitHub Actions' default 10-minute step ceiling was killing the
test step before go test could complete. Raise per-step timeout to 70m
(Go-level: 60m, job ceiling: 75m) so the race detector suite finishes
cleanly on cold runners.

Cherry-picked from 1d3d202f: add sync.RWMutex around ssrfCheckEnabled
and testAllowLoopback — both are package-level vars mutated by test
setup and read by production isSafeURL / isPrivateOrMetadataIP, which
causes data races under go test -race with concurrent tests.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
dev-lead closed this pull request 2026-05-15 13:41:23 +00:00
Some checks are pending
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Details
CI / all-required (pull_request) Blocked by required conditions
Required
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Details
sop-checklist / all-items-acked (pull_request) Waiting to run
Required
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 27s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 26s
Details
Harness Replays / detect-changes (pull_request) Successful in 35s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 41s
Details
gate-check-v3 / gate-check (pull_request) Successful in 49s
Details
CI / Detect changes (pull_request) Successful in 2m14s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 2m16s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 2m11s
Details
qa-review / approved (pull_request) Successful in 39s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 2m2s
Details
security-review / approved (pull_request) Successful in 43s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 2m22s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 2m20s
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Failing after 2m54s
Details
sop-tier-check / tier-check (pull_request) Successful in 1m0s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Failing after 2m44s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Failing after 2m44s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 3m22s
Details
Harness Replays / Harness Replays (pull_request) Successful in 11s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 12s
Details
CI / Python Lint & Test (pull_request) Successful in 12s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6m5s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7m6s
Details
CI / Platform (Go) (pull_request) Failing after 18m1s
Details
CI / Canvas (Next.js) (pull_request) Failing after 18m23s
Details
audit-force-merge / audit (pull_request) Has been skipped
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
core-uiux
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label tier:low
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
7 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#1150
Delete Branch "core-be/fix/tokens-rate-limit-scan-err-v2"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?