From 20558a1d4181242ffa055815f2ba5bab197e4002 Mon Sep 17 00:00:00 2001 From: hongming Date: Sun, 24 May 2026 02:55:22 -0700 Subject: [PATCH] build(tenant-image): #1791 bundle memory-backfill CLI into tenant image MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Phase A2 step 2 prerequisite. The memory-backfill CLI exists in cmd/memory-backfill/ but isn't currently baked into the tenant image, so an operator can't run it directly via docker exec on a tenant EC2. Workarounds (s3-upload + ssm-download, sidecar container, build on host) all add operational friction for what is a one-shot per-tenant backfill. Bundling it follows the same pattern as /memory-plugin (which is also a workspace-server-internal CLI bundled into the tenant image since the v2 cutover). The binary stays inert until invoked — no auto-run on boot. After this lands and tenants recycle, run the backfill with: docker exec molecule-tenant /memory-backfill -dry-run docker exec molecule-tenant /memory-backfill -apply (Per-tenant; idempotent on re-run via UUID upsert in the plugin.) Tracking: parent issue #1791 (Phase A2). Part of the memory-system work that follows #1747 (kill v1 fallback) and #1794 (route POST /memories through plugin). --- workspace-server/Dockerfile.tenant | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/workspace-server/Dockerfile.tenant b/workspace-server/Dockerfile.tenant index f0982b971..4bac86db0 100644 --- a/workspace-server/Dockerfile.tenant +++ b/workspace-server/Dockerfile.tenant @@ -74,6 +74,21 @@ RUN CGO_ENABLED=0 GOOS=linux go build \ -ldflags "-s -w -X github.com/Molecule-AI/molecule-monorepo/platform/internal/buildinfo.GitSHA=${GIT_SHA}" \ -o /memory-plugin ./cmd/memory-plugin-postgres +# Memory v1→v2 backfill CLI (issue #1791 Phase A2). Bundled so an +# operator can migrate the historical agent_memories rows into the v2 +# plugin via: +# +# docker exec molecule-tenant /memory-backfill -dry-run +# docker exec molecule-tenant /memory-backfill -apply +# +# Idempotent (UUID upsert in the plugin); safe to re-run. See the +# tool's main.go for full usage. Stays inert until invoked — does not +# run automatically on boot. +RUN CGO_ENABLED=0 GOOS=linux go build \ + -trimpath \ + -ldflags "-s -w -X github.com/Molecule-AI/molecule-monorepo/platform/internal/buildinfo.GitSHA=${GIT_SHA}" \ + -o /memory-backfill ./cmd/memory-backfill + # ── Stage 2: Canvas Next.js standalone ──────────────────────────────── FROM node:20-alpine@sha256:afdf98210b07b586eb71fa22ba2e432e058e4cd1304d31ed60888755b8c865fb AS canvas-builder WORKDIR /canvas @@ -106,9 +121,10 @@ RUN deluser --remove-home node 2>/dev/null || true; \ delgroup node 2>/dev/null || true; \ addgroup -g 1000 canvas && adduser -u 1000 -G canvas -s /bin/sh -D canvas -# Go platform binary + Memory v2 sidecar +# Go platform binary + Memory v2 sidecar + v1→v2 backfill CLI COPY --from=go-builder /platform /platform COPY --from=go-builder /memory-plugin /memory-plugin +COPY --from=go-builder /memory-backfill /memory-backfill COPY workspace-server/migrations /migrations # Templates + plugins (pre-cloned by scripts/clone-manifest.sh in the @@ -135,7 +151,7 @@ COPY workspace-server/entrypoint-tenant.sh /entrypoint.sh # !external (e.g. molecule-dev → dev-lead). Caught on staging-cplead-2 # 2026-05-10 — see internal incident debrief. RUN chmod +x /entrypoint.sh && \ - chown -R canvas:canvas /canvas /platform /memory-plugin /migrations /org-templates + chown -R canvas:canvas /canvas /platform /memory-plugin /memory-backfill /migrations /org-templates EXPOSE 8080 # entrypoint.sh starts as root to fix volume perms, then drops to -- 2.52.0