molecule-ai/molecule-core
52
0
Fork 2
Code Issues 185 Pull Requests 55 Actions Packages Projects Releases Wiki Activity

fix(workspace-server): strip JSON5 // comments from manifest.json before parsing #1483

Closed
infra-runtime-be wants to merge 7 commits from fix/runtime-registry-json5-comment into main
pull from: fix/runtime-registry-json5-comment
merge into: molecule-ai:main
Conversation 14 Commits 7 Files Changed 8
+238 -8
8 changed files with 238 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/scripts/gitea-merge-queue.py
+62 -5
View File
@@ -44,7 +44,10 @@ REQUIRED_CONTEXTS_RAW = _env(
"REQUIRED_CONTEXTS",
default=(
"CI / all-required (pull_request),"
"sop-checklist / all-items-acked (pull_request)"
"sop-checklist / all-items-acked (pull_request),"
"E2E Chat / E2E Chat (pull_request),"
"qa-review / approved (pull_request),"
"security-review / approved (pull_request)"
),
)
# Required contexts for push (main/staging) runs. The push CI uses the same
@@ -348,6 +351,25 @@ def post_comment(pr_number: int, body: str, *, dry_run: bool) -> None:
api("POST", f"/repos/{OWNER}/{NAME}/issues/{pr_number}/comments", body={"body": body})
def add_hold_label(pr_number: int, *, dry_run: bool) -> None:
"""Apply the hold label so the queue skips this PR and processes the next."""
print(f"::notice::adding `{HOLD_LABEL}` to PR #{pr_number}")
if dry_run:
return
try:
api(
"POST",
f"/repos/{OWNER}/{NAME}/issues/{pr_number}/labels",
body={"labels": [HOLD_LABEL]},
)
except ApiError as exc:
# 404 = PR already closed/deleted; 422 = label already present (Gitea
# returns 422 for duplicate label assignment — not a real error).
if "404" in str(exc) or "422" in str(exc):
return
sys.stderr.write(f"::warning::could not add hold label to PR #{pr_number}: {exc}\n")
def update_pull(pr_number: int, *, dry_run: bool) -> None:
print(f"::notice::updating PR #{pr_number} with base branch via style={UPDATE_STYLE}")
if dry_run:
@@ -444,6 +466,22 @@ def process_once(*, dry_run: bool = False) -> int:
dry_run=dry_run,
)
return 0
if decision.action == "wait":
# Required contexts are not green. Auto-hold so the queue stops cycling
# on this PR and processes the next. Holds are removed manually once the
# blocker (e.g. qa/sec gate, missing SOP_TIER_CHECK_TOKEN) is resolved.
add_hold_label(pr_number, dry_run=dry_run)
post_comment(
pr_number,
(
f"merge-queue: auto-held — required contexts not green: "
f"{decision.reason}. "
"Remove the `merge-queue-hold` label and re-label `merge-queue` "
"to restart queue processing once the blocker is resolved."
),
dry_run=dry_run,
)
return 0
if decision.ready:
latest_main_sha = get_branch_head(WATCH_BRANCH)
if latest_main_sha != main_sha:
@@ -455,10 +493,29 @@ def process_once(*, dry_run: bool = False) -> int:
try:
merge_pull(pr_number, dry_run=dry_run)
except MergePermissionError as exc:
# Permanent merge failure (HTTP 403/404/405). Post a comment so
# maintainers know why, then return 0 so this tick is done.
# The PR stays in the queue; future ticks can retry after the
# permission issue is resolved.
# HTTP 403/404/405. Distinguish status-check gate (405 with
# "Not all required status checks") from a genuine permission
# error. Case-insensitive match — Gitea uses "Not all required..."
# (capital N) while other paths may return lowercase.
msg_lower = str(exc).lower()
is_status_check_failure = "not all required status checks successful" in msg_lower
if is_status_check_failure:
# Gitea's merge gate blocked us — a required context (e.g.
# E2E Chat, qa-review, security-review) is failing. Auto-add
# hold so the queue skips this PR and processes the next.
add_hold_label(pr_number, dry_run=dry_run)
post_comment(
pr_number,
(
"merge-queue: merge blocked by Gitea's status-check gate "
"(E2E Chat, qa-review, security-review, or other required "
"context failing). Auto-held via `merge-queue-hold`. "
"Remove the hold label to requeue once CI is green."
),
dry_run=dry_run,
)
return 0
# Genuine permission error — token lacks Can-merge.
sys.stderr.write(f"::error::merge permission error for PR #{pr_number}: {exc}\n")
post_comment(
pr_number,
.gitea/scripts/tests/test_gitea_merge_queue.py
+51
View File
@@ -128,3 +128,54 @@ def test_MergePermissionError_message_preserved():
exc = mq.MergePermissionError("POST /merge -> HTTP 405: User not allowed")
assert "405" in str(exc)
assert "User not allowed" in str(exc)
def test_merge_decision_waits_when_required_contexts_not_green():
"""When a required context (e.g. qa-review, E2E Chat) is not success, the
decision is 'wait' — the queue can then auto-hold on this."""
required = [
"CI / all-required (pull_request)",
"sop-checklist / all-items-acked (pull_request)",
"qa-review / approved (pull_request)",
]
decision = mq.evaluate_merge_readiness(
main_status={
"state": "success",
"statuses": [{"context": "CI / all-required (push)", "status": "success"}],
},
pr_status={
"state": "failure",
"statuses": [
{"context": "CI / all-required (pull_request)", "status": "success"},
{"context": "sop-checklist / all-items-acked (pull_request)", "status": "success"},
{"context": "qa-review / approved (pull_request)", "status": "failure"},
],
},
required_contexts=required,
pr_has_current_base=True,
pr_labels=None,
)
assert decision.ready is False
assert decision.action == "wait"
assert "qa-review" in decision.reason
def test_tier_low_sop_checklist_pending_soft_fail():
"""tier:low PRs get soft-fail on sop-checklist: pending is accepted."""
required = ["sop-checklist / all-items-acked (pull_request)"]
statuses = {
"sop-checklist / all-items-acked (pull_request)": {"status": "pending"}
}
ok, missing = mq.required_contexts_green(statuses, required, pr_labels={"tier:low"})
assert ok is True
assert missing == []
def test_tier_low_sop_checklist_failure_not_soft_fail():
"""tier:low soft-fail only covers pending, not actual failure."""
required = ["sop-checklist / all-items-acked (pull_request)"]
statuses = {
"sop-checklist / all-items-acked (pull_request)": {"status": "failure"}
}
ok, missing = mq.required_contexts_green(statuses, required, pr_labels={"tier:low"})
assert ok is False
.gitea/workflows/publish-runtime.yml
+1 -1
View File
@@ -267,7 +267,7 @@ jobs:
fi
GITEA_URL="${GITEA_URL:-https://git.moleculesai.app}"
TEMPLATES="claude-code hermes openclaw codex langgraph crewai autogen deepagents gemini-cli"
TEMPLATES="claude-code hermes openclaw codex langgraph autogen"
FAILED=""
SKIPPED=""
.gitea/workflows/qa-review.yml
+1
View File
@@ -89,6 +89,7 @@ on:
permissions:
contents: read
pull-requests: read
secrets: read # required for SOP_TIER_CHECK_TOKEN team-membership probe
jobs:
# bp-exempt: PR review bot signal; required merge state is enforced by CI / all-required.
.gitea/workflows/security-review.yml
+1
View File
@@ -16,6 +16,7 @@ on:
permissions:
contents: read
pull-requests: read
secrets: read # required for SOP_TIER_CHECK_TOKEN team-membership probe
jobs:
# bp-exempt: PR security review bot signal; required merge state is enforced by CI / all-required.
manifest.json
-1
View File
@@ -41,4 +41,3 @@
{"name": "mock-bigorg", "repo": "molecule-ai/molecule-ai-org-template-mock-bigorg", "ref": "main"}
]
}
// Triggered by Integration Tester at 2026-05-10T08:52Z
workspace-server/internal/handlers/runtime_registry.go
+58 -1
View File
@@ -96,13 +96,70 @@ var fallbackRuntimes = map[string]struct{}{
// Caller logs + falls back to fallbackRuntimes on any error. Not
// returning the fallback here ourselves so the caller can decide
// how loud to be about the miss (prod = WARN, tests = silent).
// stripJSON5Comments removes a JSON5-style // trailing comment from manifest.json.
// The Integration Tester appends "// Triggered by ..." at the very end of the file.
// This comment is always after the final closing brace, so we scan only that
// suffix rather than trying to track string-context across the whole file.
// This avoids false-positives on legitimate // in URL values (e.g. http://foo.com/bar).
func stripJSON5Comments(data []byte) []byte {
// Find the last '}' — everything before it is guaranteed standard JSON.
lastBrace := -1
for i := len(data) - 1; i >= 0; i-- {
if data[i] == '}' {
lastBrace = i
break
}
}
if lastBrace == -1 {
return data // no JSON structure found — return as-is, json.Unmarshal will error
}
// Everything after lastBrace is the trailing suffix to clean.
suffixStart := lastBrace + 1
if suffixStart >= len(data) {
return data // no suffix
}
suffix := data[suffixStart:]
// Strip leading whitespace at the start of the suffix.
cleanSuffix := trimLeadingWhitespace(suffix)
if len(cleanSuffix) == 0 || cleanSuffix[0] != '/' {
return data // suffix is empty or starts with non-comment — nothing to strip
}
// Remove the trailing comment (everything from the first // to end of file).
// Rebuild: prefix + suffix with comment stripped.
before := data[:suffixStart]
// Trim trailing whitespace from before so we don't leave a dangling newline.
trimmedBefore := trimTrailingWhitespace(before)
// Append a single newline so the JSON file ends cleanly.
result := append(trimmedBefore, '\n')
return result
}
func trimLeadingWhitespace(b []byte) []byte {
i := 0
for i < len(b) && (b[i] == ' ' || b[i] == '\t' || b[i] == '\n' || b[i] == '\r') {
i++
}
return b[i:]
}
func trimTrailingWhitespace(b []byte) []byte {
i := len(b)
for i > 0 && (b[i-1] == ' ' || b[i-1] == '\t' || b[i-1] == '\n' || b[i-1] == '\r') {
i--
}
return b[:i]
}
func loadRuntimesFromManifest(path string) (map[string]struct{}, error) {
data, err := os.ReadFile(path)
if err != nil {
return nil, err
}
// The Integration Tester appends "// Triggered by ..." to manifest.json.
// json.Unmarshal rejects it; strip // comments first (same as clone-manifest.sh).
clean := stripJSON5Comments(data)
var m manifestFile
if err := json.Unmarshal(data, &m); err != nil {
if err := json.Unmarshal(clean, &m); err != nil {
return nil, err
}
out := map[string]struct{}{
workspace-server/internal/handlers/runtime_registry_test.go
+64
View File
@@ -83,6 +83,70 @@ func TestLoadRuntimesFromManifest_MalformedJSON(t *testing.T) {
}
}
func TestLoadRuntimesFromManifest_TrailingJSON5Comment(t *testing.T) {
// The Integration Tester appends "// Triggered by Integration Tester at ..."
// to manifest.json after cloning. json.Unmarshal rejects it; stripJSON5Comments
// must remove the trailing comment so load succeeds.
dir := t.TempDir()
path := filepath.Join(dir, "manifest.json")
_ = os.WriteFile(path, []byte(`{
"workspace_templates": [
{"name": "langgraph", "repo": "org/t"}
]
}
// Triggered by Integration Tester at 2026-05-10T08:52Z`), 0600)
got, err := loadRuntimesFromManifest(path)
if err != nil {
t.Fatalf("load failed despite trailing comment: %v", err)
}
if _, ok := got["langgraph"]; !ok {
t.Errorf("langgraph missing from result: %v", keys(got))
}
}
func TestStripJSON5Comments(t *testing.T) {
cases := []struct {
name string
in string
want string
}{
{
name: "trailing comment after closing brace removed",
in: "{}\n// Triggered by Integration Tester\n",
want: "{}\n",
},
{
name: "embedded_in_url_preserved",
in: `{"url":"http://foo.com/bar"}`,
want: `{"url":"http://foo.com/bar"}`,
},
{
name: "no_closing_brace_returns_input_unchanged",
in: "no json here // comment",
want: "no json here // comment",
},
{
name: "comment_only_after_closing_brace_stripped",
in: `{"a":1}` + "\n// Triggered by Integration Tester at 2026-05-10T08:52Z",
want: `{"a":1}` + "\n",
},
{
name: "clean_json_unchanged",
in: `{"workspace_templates":[]}` + "\n",
want: `{"workspace_templates":[]}` + "\n",
},
}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
got := string(stripJSON5Comments([]byte(tc.in)))
if got != tc.want {
t.Errorf("stripJSON5Comments(%q): got %q, want %q", tc.in, got, tc.want)
}
})
}
}
// TestRealManifestParses — sanity check against the actual
// monorepo manifest.json so a future schema change to that file
// (e.g. workspace_templates → workspace_runtime_templates) surfaces