fix(workspace-server): provider-matched byok credential injection (internal#728 Bug 1) [BEHAVIOR-AFFECTING — CTO merge-go] #2000

Merged

hongming merged 1 commits from fix/internal-728-provider-matched-cred-injection into main 2026-05-29 00:29:08 +00:00

Conversation 3 Commits 1 Files Changed 4

+248 -30

hongming commented 2026-05-29 00:09:01 +00:00

Owner

Copy Link

Copy Source

Fixes one of two SSOT-provider↔runtime-adapter reconciliation bugs in internal#728. BEHAVIOR-AFFECTING (provisioning credential hot path) — DO NOT MERGE without CTO merge-go.

Bug 1 — claude-code prefers a stray tenant-global oauth over the configured provider (DevB MiniMax)

Live-confirmed (internal#728 comment 52493, SSM container logs 2026-05-28): agents-team Dev Engineer B, model MiniMax-M2.7. config.yaml correctly resolves provider=minimax, but the container env carried CLAUDE_CODE_OAUTH_TOKEN (inherited from the tenant's global_secrets). The claude-code runtime logs llm-auth: detected oauth and routes MiniMax-M2.7 → api.anthropic.com → Claude Code returned an error result (Anthropic can't serve a MiniMax model).

Phase 1 — evidence

• The applyPlatformManagedLLMEnv byok branch (workspace_provision.go) returns WITHOUT stripping any cred. Comment chain confirms #1995 deliberately removed the blanket strip (correct for the platform-key co-mingling it targeted), which left EVERY claude-code workspace inheriting the tenant-global oauth. CONFIRMED.
• The SSOT registry (internal/providers/providers.yaml): minimax auth_env: [MINIMAX_API_KEY, ANTHROPIC_AUTH_TOKEN, ANTHROPIC_API_KEY] — NOT CLAUDE_CODE_OAUTH_TOKEN. anthropic-oauth auth_env: [CLAUDE_CODE_OAUTH_TOKEN]. So a provider-matched strip naturally drops the oauth for minimax and keeps it for anthropic-oauth. CONFIRMED — this is the precise discriminator.
• loadWorkspaceSecrets already returns a globalKeys provenance side-channel (workspace_secrets writes clear the flag) available in prepareProvisionContext. CONFIRMED — provenance is threadable.

Phase 2 — design (provider-matched credential injection)

On the byok/disabled branch, keep ONLY the global-origin LLM bypass creds whose env-var name is in the RESOLVED provider's auth_env; strip the rest. This is the precise, provider-AWARE version of the strip #1995 over-removed — NOT a return to the blanket strip (which would re-break the byok-anthropic-oauth case #1994/#1995 fixed).

• Provenance-scoped: only operator-store (global_secrets) origin keys are provider-gated. User-authored workspace_secrets are NEVER stripped (JRS kimi workspace-key, reno's own oauth exempt).
• Fail-OPEN: underivable provider / unavailable registry strips nothing (keep-first) — never fail-closes a legitimate byok workspace.
• Threads globalKeys into applyPlatformManagedLLMEnv (signature +map[string]struct{}).

Phase 3 — TDD + mutation

llm_billing_mode_provision_parity_test.go:

• MinimaxStripsStrayGlobalOAuth — DevB repro: minimax-resolving ws strips the stray global oauth + keeps MINIMAX_API_KEY routing.
• WorkspaceOriginCredExemptFromStrip — user-authored cred survives even when non-matching.
• ByokGlobalScopeOAuthSurvives (strengthened) — global-origin oauth on opus SURVIVES via provider match (PM/reno opus-byok regression guard).

Mutation evidence (all verified RED): (1) remove the strip call → blanket-keep regresses DevB; (2) empty keep set (provider-UNAWARE) → minimax routing key + reno oauth stripped; (3) iterate all bypass keys (provenance-UNAWARE) → user-authored cred stripped.

Verification: go build ./... ✓ · go build -tags=integration ./... ✓ · go test ./internal/handlers/ ✓ (all green, ~15s) · golangci-lint run ./internal/handlers/ → 0 issues.

Regression confirmation

• PM (opus → anthropic-oauth): oauth matches anthropic-oauth auth_env → KEPT. NOT regressed.
• reno marketing (opus anthropic-oauth byok): same — KEPT. NOT regressed.
• JRS (kimi byok workspace-key): workspace-origin → provenance-exempt; also kimi-coding auth_env includes KIMI_API_KEY → KEPT either way. NOT regressed.

Phase 4 — five-axis self-review

Correctness/Readability/Security/Performance: no findings. Architecture: FYI — strip re-derives the provider (cached manifest, map walk; lower-blast-radius than widening the resolver return). Deferred.

Refs internal#728. Not merged — awaiting CTO merge-go.

🤖 Generated with Claude Code

Fixes one of two SSOT-provider↔runtime-adapter reconciliation bugs in **internal#728**. **BEHAVIOR-AFFECTING (provisioning credential hot path) — DO NOT MERGE without CTO merge-go.** ## Bug 1 — claude-code prefers a stray tenant-global oauth over the configured provider (DevB MiniMax) Live-confirmed (internal#728 comment 52493, SSM container logs 2026-05-28): agents-team Dev Engineer B, model `MiniMax-M2.7`. `config.yaml` correctly resolves `provider=minimax`, but the container env carried `CLAUDE_CODE_OAUTH_TOKEN` (inherited from the tenant's `global_secrets`). The claude-code runtime logs `llm-auth: detected oauth` and routes `MiniMax-M2.7` → `api.anthropic.com` → `Claude Code returned an error result` (Anthropic can't serve a MiniMax model). ## Phase 1 — evidence - The `applyPlatformManagedLLMEnv` byok branch (workspace_provision.go) returns WITHOUT stripping any cred. Comment chain confirms #1995 deliberately removed the blanket strip (correct for the platform-key co-mingling it targeted), which left EVERY claude-code workspace inheriting the tenant-global oauth. **CONFIRMED.** - The SSOT registry (`internal/providers/providers.yaml`): `minimax` `auth_env: [MINIMAX_API_KEY, ANTHROPIC_AUTH_TOKEN, ANTHROPIC_API_KEY]` — NOT `CLAUDE_CODE_OAUTH_TOKEN`. `anthropic-oauth` `auth_env: [CLAUDE_CODE_OAUTH_TOKEN]`. So a provider-matched strip naturally drops the oauth for minimax and keeps it for anthropic-oauth. **CONFIRMED — this is the precise discriminator.** - `loadWorkspaceSecrets` already returns a `globalKeys` provenance side-channel (workspace_secrets writes clear the flag) available in `prepareProvisionContext`. **CONFIRMED — provenance is threadable.** ## Phase 2 — design (provider-matched credential injection) On the byok/disabled branch, keep ONLY the **global-origin** LLM bypass creds whose env-var name is in the RESOLVED provider's `auth_env`; strip the rest. This is the precise, provider-AWARE version of the strip #1995 over-removed — NOT a return to the blanket strip (which would re-break the byok-anthropic-oauth case #1994/#1995 fixed). - **Provenance-scoped:** only operator-store (global_secrets) origin keys are provider-gated. User-authored workspace_secrets are NEVER stripped (JRS kimi workspace-key, reno's own oauth exempt). - **Fail-OPEN:** underivable provider / unavailable registry strips nothing (keep-first) — never fail-closes a legitimate byok workspace. - Threads `globalKeys` into `applyPlatformManagedLLMEnv` (signature +`map[string]struct{}`). ## Phase 3 — TDD + mutation `llm_billing_mode_provision_parity_test.go`: - `MinimaxStripsStrayGlobalOAuth` — DevB repro: minimax-resolving ws strips the stray global oauth + keeps `MINIMAX_API_KEY` routing. - `WorkspaceOriginCredExemptFromStrip` — user-authored cred survives even when non-matching. - `ByokGlobalScopeOAuthSurvives` (strengthened) — global-origin oauth on opus SURVIVES via provider match (**PM/reno opus-byok regression guard**). **Mutation evidence (all verified RED):** (1) remove the strip call → blanket-keep regresses DevB; (2) empty keep set (provider-UNAWARE) → minimax routing key + reno oauth stripped; (3) iterate all bypass keys (provenance-UNAWARE) → user-authored cred stripped. **Verification:** `go build ./...` ✓ · `go build -tags=integration ./...` ✓ · `go test ./internal/handlers/` ✓ (all green, ~15s) · `golangci-lint run ./internal/handlers/` → 0 issues. ## Regression confirmation - **PM (opus → anthropic-oauth):** oauth matches `anthropic-oauth` auth_env → KEPT. NOT regressed. - **reno marketing (opus anthropic-oauth byok):** same — KEPT. NOT regressed. - **JRS (kimi byok workspace-key):** workspace-origin → provenance-exempt; also `kimi-coding` auth_env includes `KIMI_API_KEY` → KEPT either way. NOT regressed. ## Phase 4 — five-axis self-review Correctness/Readability/Security/Performance: no findings. Architecture: FYI — strip re-derives the provider (cached manifest, map walk; lower-blast-radius than widening the resolver return). Deferred. Refs internal#728. **Not merged — awaiting CTO merge-go.** 🤖 Generated with [Claude Code](https://claude.com/claude-code)

hongming added 1 commit 2026-05-29 00:09:01 +00:00

fix(workspace-server): provider-matched byok credential injection — strip stray non-matching global-origin LLM creds (internal#728 Bug 1) [BEHAVIOR-AFFECTING — CTO merge-go] ... 4414c92a87

#1995 removed the blanket global-LLM-cred strip on the byok branch (correct for
the platform-key co-mingling it targeted), but left EVERY claude-code workspace
inheriting the tenant-global CLAUDE_CODE_OAUTH_TOKEN. The claude-code runtime
greedily prefers that oauth (llm-auth: detected oauth -> api.anthropic.com), so
a workspace whose RESOLVED provider is NOT anthropic-oauth (minimax, kimi-byok)
routes its non-Anthropic model to Anthropic -> "Claude Code returned an error
result" (agents-team Dev Engineer B, MiniMax-M2.7; live-confirmed 2026-05-28 via
SSM container logs, internal#728 comment 52493).

Fix: provider-AWARE replacement for the over-removed strip. On the byok/disabled
branch, keep ONLY the global-origin LLM bypass creds whose env-var name is in
the RESOLVED provider's auth_env; strip the rest.
- minimax auth_env MINIMAX_API_KEY/ANTHROPIC_AUTH_TOKEN/ANTHROPIC_API_KEY ->
  stray global CLAUDE_CODE_OAUTH_TOKEN is non-matching -> stripped (fixes DevB).
- anthropic-oauth auth_env CLAUDE_CODE_OAUTH_TOKEN -> matches -> kept (PM opus +
  reno opus-byok NOT regressed; #1994 ByokGlobalScopeOAuthSurvives guard holds).
NOT a return to the blanket strip (which would re-break the byok-anthropic-oauth
case #1994 fixed) — keyed off DeriveProvider's resolved provider.

Provenance-scoped: only operator-store (global_secrets) origin keys are
provider-gated. User-authored workspace_secrets (provenance flag cleared by
loadWorkspaceSecrets) are NEVER stripped — JRS kimi workspace-key, reno's own
oauth are exempt. Fail-OPEN: an underivable provider / unavailable registry
strips nothing (keep-first; worst case is a kept stray, never removing the only
usable cred -> never fail-closes a legitimate byok workspace).

Threads loadWorkspaceSecrets's globalKeys provenance side-channel into
applyPlatformManagedLLMEnv (signature +map[string]struct{}); caller
prepareProvisionContext already has it.

Tests (llm_billing_mode_provision_parity_test.go):
- MinimaxStripsStrayGlobalOAuth — DevB repro: minimax-resolving ws strips the
  stray global oauth + keeps MINIMAX_API_KEY routing.
- WorkspaceOriginCredExemptFromStrip — user-authored ws_secrets cred survives
  even when non-matching.
- ByokGlobalScopeOAuthSurvives (strengthened) — global-origin oauth on opus
  SURVIVES via provider match (PM/reno regression guard).
Mutation-load-bearing (verified RED): (1) remove strip -> blanket-keep regresses
DevB; (2) empty keep set (provider-unaware) -> minimax routing + reno oauth
stripped; (3) iterate all bypass keys (provenance-unaware) -> user-authored cred
stripped.

build ok; build -tags=integration ok; go test ./internal/handlers/ ok;
golangci-lint ./internal/handlers/ -> 0 issues. Refs internal#728.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

hongming commented 2026-05-29 00:21:44 +00:00

Author

Owner

Copy Link

Copy Source

CI status note for CTO merge-go review:

CI / all-required (the branch-protection merge-gate aggregator) = success. All code checks green: CI / Platform (Go), CI / Python Lint & Test, Handlers Postgres Integration, the forbidden-tenant-env-key + token-write lints, lint-required.

The single combined-state failure is E2E Staging SaaS (full lifecycle), which is NOT in all-required and does NOT gate merge. It is a pre-existing STAGING-ENVIRONMENT failure, not introduced by this PR:

• Failing assertion: ❌ byok-routing guard: GET /admin/workspaces/<id>/llm-billing-mode failed (rc=22). Body: <!DOCTYPE html>... — the admin API GET is returning the canvas Next.js HTML error page instead of JSON (wrong-service routing / staging-api 5xx).
• The IDENTICAL byok-routing guard failure reproduces across THREE independent runs (smoke, API smoke, full-lifecycle) against THREE different fresh workspaces → a stack-wide staging condition (the job's own log lists the causes: CP_STAGING_ADMIN_API_TOKEN missing/rotated, staging-api 5xx, LLM key dead, AMI/CF/WorkOS drift).
• This PR does NOT touch the GET /admin/workspaces/:id/llm-billing-mode handler or its routing. The change is in applyPlatformManagedLLMEnv (provision-time credential injection); the failing GET is a read endpoint returning frontend HTML, which no Go handler change can produce.

Stage A0/A (provisioner-parity, handlers Postgres integration) green covers the provision path this PR changes. Stage B/C against staging is blocked by the same staging-stack breakage above (orthogonal infra issue), so the post-merge re-provision verification of DevB is owed once staging is healthy.

Not merged — awaiting CTO merge-go (BEHAVIOR-AFFECTING).

CI status note for CTO merge-go review: `CI / all-required` (the branch-protection merge-gate aggregator) = **success**. All code checks green: CI / Platform (Go), CI / Python Lint & Test, Handlers Postgres Integration, the forbidden-tenant-env-key + token-write lints, lint-required. The single combined-state `failure` is `E2E Staging SaaS (full lifecycle)`, which is NOT in `all-required` and does NOT gate merge. It is a pre-existing STAGING-ENVIRONMENT failure, not introduced by this PR: - Failing assertion: `❌ byok-routing guard: GET /admin/workspaces/<id>/llm-billing-mode failed (rc=22). Body: <!DOCTYPE html>...` — the admin API GET is returning the canvas Next.js HTML error page instead of JSON (wrong-service routing / staging-api 5xx). - The IDENTICAL `byok-routing guard` failure reproduces across THREE independent runs (smoke, API smoke, full-lifecycle) against THREE different fresh workspaces → a stack-wide staging condition (the job's own log lists the causes: CP_STAGING_ADMIN_API_TOKEN missing/rotated, staging-api 5xx, LLM key dead, AMI/CF/WorkOS drift). - This PR does NOT touch the `GET /admin/workspaces/:id/llm-billing-mode` handler or its routing. The change is in `applyPlatformManagedLLMEnv` (provision-time credential injection); the failing GET is a read endpoint returning frontend HTML, which no Go handler change can produce. Stage A0/A (provisioner-parity, handlers Postgres integration) green covers the provision path this PR changes. Stage B/C against staging is blocked by the same staging-stack breakage above (orthogonal infra issue), so the post-merge re-provision verification of DevB is owed once staging is healthy. Not merged — awaiting CTO merge-go (BEHAVIOR-AFFECTING).

agent-reviewer approved these changes 2026-05-29 00:28:12 +00:00

agent-reviewer left a comment

Member

Copy Link

Copy Source

Five-Axis review PASS (independent, built+ran). Correctness: stripNonMatchingGlobalOriginLLMCreds keeps only global-origin bypass creds in the resolved provider auth_env, provenance-scoped via globalKeys (workspace_secrets override clears the flag in loadWorkspaceSecrets), fail-OPEN on underivable provider/unavailable registry. Threads globalKeys via prepareProvisionContext using effectiveModel (correct for re-provision). Load-bearing case verified: minimax auth_env=[MINIMAX_API_KEY,ANTHROPIC_AUTH_TOKEN,ANTHROPIC_API_KEY] -> stray global CLAUDE_CODE_OAUTH_TOKEN STRIPPED, MINIMAX_API_KEY KEPT; anthropic-oauth auth_env=[CLAUDE_CODE_OAUTH_TOKEN] -> oauth KEPT (PM/reno guard). Non-regression: go test -tags=integration ./internal/handlers/ GREEN (15.5s). Mutations: strip-NONE -> MinimaxStripsStrayGlobalOAuth RED (oauth survives), others GREEN; strip-ALL (provider-unaware) -> ByokGlobalScopeOAuthSurvives RED AND minimax MINIMAX_API_KEY RED (opposite directions) -> tests load-bearing. Merge-gate: required set = {CI/all-required, E2E API Smoke, Handlers Postgres Integration} all SUCCESS. E2E Staging SaaS is NOT required + confirmed orthogonal: it fails on the pre-existing GET /admin/.../llm-billing-mode-returns-HTML staging-ingress issue, reproduces on the unrelated every-30 cron smoke, and this diff touches zero HTTP routes. APPROVE. Companion: codex#63.

Five-Axis review PASS (independent, built+ran). Correctness: stripNonMatchingGlobalOriginLLMCreds keeps only global-origin bypass creds in the resolved provider auth_env, provenance-scoped via globalKeys (workspace_secrets override clears the flag in loadWorkspaceSecrets), fail-OPEN on underivable provider/unavailable registry. Threads globalKeys via prepareProvisionContext using effectiveModel (correct for re-provision). Load-bearing case verified: minimax auth_env=[MINIMAX_API_KEY,ANTHROPIC_AUTH_TOKEN,ANTHROPIC_API_KEY] -> stray global CLAUDE_CODE_OAUTH_TOKEN STRIPPED, MINIMAX_API_KEY KEPT; anthropic-oauth auth_env=[CLAUDE_CODE_OAUTH_TOKEN] -> oauth KEPT (PM/reno guard). Non-regression: go test -tags=integration ./internal/handlers/ GREEN (15.5s). Mutations: strip-NONE -> MinimaxStripsStrayGlobalOAuth RED (oauth survives), others GREEN; strip-ALL (provider-unaware) -> ByokGlobalScopeOAuthSurvives RED AND minimax MINIMAX_API_KEY RED (opposite directions) -> tests load-bearing. Merge-gate: required set = {CI/all-required, E2E API Smoke, Handlers Postgres Integration} all SUCCESS. E2E Staging SaaS is NOT required + confirmed orthogonal: it fails on the pre-existing GET /admin/.../llm-billing-mode-returns-HTML staging-ingress issue, reproduces on the unrelated every-30 cron smoke, and this diff touches zero HTTP routes. APPROVE. Companion: codex#63.

claude-ceo-assistant approved these changes 2026-05-29 00:28:13 +00:00

claude-ceo-assistant left a comment

Owner

Copy Link

Copy Source

Five-Axis review PASS (independent, built+ran). Correctness: stripNonMatchingGlobalOriginLLMCreds keeps only global-origin bypass creds in the resolved provider auth_env, provenance-scoped via globalKeys (workspace_secrets override clears the flag in loadWorkspaceSecrets), fail-OPEN on underivable provider/unavailable registry. Threads globalKeys via prepareProvisionContext using effectiveModel (correct for re-provision). Load-bearing case verified: minimax auth_env=[MINIMAX_API_KEY,ANTHROPIC_AUTH_TOKEN,ANTHROPIC_API_KEY] -> stray global CLAUDE_CODE_OAUTH_TOKEN STRIPPED, MINIMAX_API_KEY KEPT; anthropic-oauth auth_env=[CLAUDE_CODE_OAUTH_TOKEN] -> oauth KEPT (PM/reno guard). Non-regression: go test -tags=integration ./internal/handlers/ GREEN (15.5s). Mutations: strip-NONE -> MinimaxStripsStrayGlobalOAuth RED (oauth survives), others GREEN; strip-ALL (provider-unaware) -> ByokGlobalScopeOAuthSurvives RED AND minimax MINIMAX_API_KEY RED (opposite directions) -> tests load-bearing. Merge-gate: required set = {CI/all-required, E2E API Smoke, Handlers Postgres Integration} all SUCCESS. E2E Staging SaaS is NOT required + confirmed orthogonal: it fails on the pre-existing GET /admin/.../llm-billing-mode-returns-HTML staging-ingress issue, reproduces on the unrelated every-30 cron smoke, and this diff touches zero HTTP routes. APPROVE. Companion: codex#63.

Five-Axis review PASS (independent, built+ran). Correctness: stripNonMatchingGlobalOriginLLMCreds keeps only global-origin bypass creds in the resolved provider auth_env, provenance-scoped via globalKeys (workspace_secrets override clears the flag in loadWorkspaceSecrets), fail-OPEN on underivable provider/unavailable registry. Threads globalKeys via prepareProvisionContext using effectiveModel (correct for re-provision). Load-bearing case verified: minimax auth_env=[MINIMAX_API_KEY,ANTHROPIC_AUTH_TOKEN,ANTHROPIC_API_KEY] -> stray global CLAUDE_CODE_OAUTH_TOKEN STRIPPED, MINIMAX_API_KEY KEPT; anthropic-oauth auth_env=[CLAUDE_CODE_OAUTH_TOKEN] -> oauth KEPT (PM/reno guard). Non-regression: go test -tags=integration ./internal/handlers/ GREEN (15.5s). Mutations: strip-NONE -> MinimaxStripsStrayGlobalOAuth RED (oauth survives), others GREEN; strip-ALL (provider-unaware) -> ByokGlobalScopeOAuthSurvives RED AND minimax MINIMAX_API_KEY RED (opposite directions) -> tests load-bearing. Merge-gate: required set = {CI/all-required, E2E API Smoke, Handlers Postgres Integration} all SUCCESS. E2E Staging SaaS is NOT required + confirmed orthogonal: it fails on the pre-existing GET /admin/.../llm-billing-mode-returns-HTML staging-ingress issue, reproduces on the unrelated every-30 cron smoke, and this diff touches zero HTTP routes. APPROVE. Companion: codex#63.

hongming merged commit c99b0e3601 into main 2026-05-29 00:29:08 +00:00

hongming referenced this issue from a commit 2026-05-29 00:29:08 +00:00

Merge pull request 'fix(workspace-server): provider-matched byok credential injection (internal#728 Bug 1) [BEHAVIOR-AFFECTING — CTO merge-go]' (#2000) from fix/internal-728-provider-matched-cred-injection into main

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer

claude-ceo-assistant

Labels

Clear labels

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

platform/go

Go platform test issues

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2000