molecule-ai/molecule-core
52
0
Fork 2
Code Issues 186 Pull Requests 53 Actions 1 Packages Projects Releases Wiki Activity

fix(provision): platform-managed workspace must fail-closed when CP proxy env absent (#2162) #2164

Merged
core-be merged 3 commits from fix/2162-platform-managed-fail-closed-missing-proxy into main 2026-06-03 06:21:10 +00:00
Conversation 4 Commits 3 Files Changed 8
+145 -6
core-be commented 2026-06-03 02:04:58 +00:00
Member
Copy Link
Copy Source

Fixes #2162.

Root cause

applyPlatformManagedLLMEnv returned HasUsableLLMCred: true when MOLECULE_LLM_BASE_URL + MOLECULE_LLM_USAGE_TOKEN were empty, causing claude-code workspaces to boot credential-less and hit the 600s provision-timeout sweep (adk-demo dark-wedge class, ws 29b95be9).

Fix

  • Empty-proxy-env path returns HasUsableLLMCred: false (was true).
  • Caller aborts with MISSING_PLATFORM_PROXY, symmetric to the BYOK MISSING_BYOK_CREDENTIAL hard-fail (#711).
  • User-facing error message explains the boot-race and retry path.

Regression tests

  • TestApplyPlatformManagedLLMEnv_MissingProxyEnvFailClosed: asserts HasUsableLLMCred=false when proxy env absent.
  • TestApplyPlatformManagedLLMEnv_ProxyEnvPresentInjectsCredential: asserts ANTHROPIC_API_KEY + ANTHROPIC_BASE_URL injected when proxy env present.

Refs: #2162, #711, #1994

Fixes #2162. ## Root cause `applyPlatformManagedLLMEnv` returned `HasUsableLLMCred: true` when `MOLECULE_LLM_BASE_URL` + `MOLECULE_LLM_USAGE_TOKEN` were empty, causing claude-code workspaces to boot credential-less and hit the 600s provision-timeout sweep (adk-demo dark-wedge class, ws `29b95be9`). ## Fix - Empty-proxy-env path returns `HasUsableLLMCred: false` (was `true`). - Caller aborts with `MISSING_PLATFORM_PROXY`, symmetric to the BYOK `MISSING_BYOK_CREDENTIAL` hard-fail (#711). - User-facing error message explains the boot-race and retry path. ## Regression tests - `TestApplyPlatformManagedLLMEnv_MissingProxyEnvFailClosed`: asserts `HasUsableLLMCred=false` when proxy env absent. - `TestApplyPlatformManagedLLMEnv_ProxyEnvPresentInjectsCredential`: asserts `ANTHROPIC_API_KEY` + `ANTHROPIC_BASE_URL` injected when proxy env present. Refs: #2162, #711, #1994
core-be added 1 commit 2026-06-03 02:04:58 +00:00
fix(provision): platform-managed workspace must fail-closed when CP proxy env absent (#2162)
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s
Details
CI / Python Lint & Test (pull_request) Successful in 10s
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Failing after 3s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 7s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 11s
Details
Harness Replays / detect-changes (pull_request) Successful in 10s
Details
CI / Detect changes (pull_request) Successful in 16s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 9s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 17s
Details
qa-review / approved (pull_request_target) Failing after 3s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 28s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 30s
Details
E2E Chat / detect-changes (pull_request) Successful in 30s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
security-review / approved (pull_request_target) Failing after 3s
Details
sop-tier-check / tier-check (pull_request_target) Successful in 4s
Details
gate-check-v3 / gate-check (pull_request_target) Successful in 18s
Details
Harness Replays / Harness Replays (pull_request) Successful in 2s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 11s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
E2E Chat / E2E Chat (pull_request) Successful in 2s
Details
CI / Canvas (Next.js) (pull_request) Successful in 8s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 11s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m23s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 1m1s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m56s
Details
CI / Platform (Go) (pull_request) Failing after 4m37s
Details
CI / all-required (pull_request) Has been skipped
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Failing after 8m39s
Details
55e201157a 
applyPlatformManagedLLMEnv falsely reported HasUsableLLMCred:true when
MOLECULE_LLM_BASE_URL + MOLECULE_LLM_USAGE_TOKEN were empty, causing
claude-code workspaces to boot credential-less and hit the 600s
provision-timeout sweep (adk-demo dark-wedge class).

Fix:
- Empty-proxy-env path returns HasUsableLLMCred:false (was true).
- Caller aborts with MISSING_PLATFORM_PROXY, symmetric to the BYOK
  MISSING_BYOK_CREDENTIAL hard-fail.
- User-facing error message explains the boot-race and retry path.

Regression tests:
- TestApplyPlatformManagedLLMEnv_MissingProxyEnvFailClosed: asserts
  HasUsableLLMCred=false when proxy env absent.
- TestApplyPlatformManagedLLMEnv_ProxyEnvPresentInjectsCredential:
  asserts ANTHROPIC_API_KEY + ANTHROPIC_BASE_URL injected when proxy
  env present.

Refs: #2162, #711 (BYOK fail-closed pattern), #1994
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
core-be added 1 commit 2026-06-03 05:41:44 +00:00
test(provision): supply CP proxy env in tests that hit platform-managed default
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
CI / Python Lint & Test (pull_request) Successful in 3s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 4s
Details
E2E Chat / detect-changes (pull_request) Successful in 6s
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Failing after 1s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 6s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 3s
Details
gate-check-v3 / gate-check (pull_request_target) Successful in 3s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 12s
Details
qa-review / approved (pull_request_target) Failing after 3s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 4s
Details
security-review / approved (pull_request_target) Failing after 4s
Details
sop-tier-check / tier-check (pull_request_target) Successful in 5s
Details
E2E Chat / E2E Chat (pull_request) Successful in 8s
Details
Harness Replays / detect-changes (pull_request) Successful in 16s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 15s
Details
CI / Detect changes (pull_request) Successful in 27s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 26s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 27s
Details
Harness Replays / Harness Replays (pull_request) Successful in 6s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 28s
Details
CI / Canvas (Next.js) (pull_request) Successful in 1s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 4s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 59s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 1m1s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m57s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Failing after 4m19s
Details
CI / Platform (Go) (pull_request) Failing after 4m15s
Details
CI / all-required (pull_request) Has been skipped
Details
334d485efc 
The #2162 fix adds a MISSING_PLATFORM_PROXY abort when a platform-managed
workspace has no CP proxy env. Five existing tests call prepareProvisionContext
or provisionWorkspaceCP with a payload that resolves to platform_managed but
do not set MOLECULE_LLM_BASE_URL / MOLECULE_LLM_USAGE_TOKEN, causing them to
abort early and fail their assertions.

Add the proxy env to:
- TestPrepareProvisionContext_ParentIDInjected
- TestPrepareProvisionContext_InjectsGitHTTPCredsFromPersonaToken
- TestPrepareProvisionContext_WorkspaceSecretWinsOverPersonaToken
- TestProvisionWorkspaceCP_NoInternalErrorsInBroadcast
- TestProvisionWorkspaceCP_ConcurrentBurst_NoSilentDrop

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
core-be added 1 commit 2026-06-03 05:54:30 +00:00
test(provision): supply CP proxy env in auto-routing tests (#2162)
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s
Details
CI / Python Lint & Test (pull_request) Successful in 2s
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Failing after 2s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 3s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 7s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 8s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
Details
gate-check-v3 / gate-check (pull_request_target) Successful in 3s
Details
qa-review / approved (pull_request_target) Failing after 3s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 3s
Details
sop-tier-check / tier-check (pull_request_target) Successful in 3s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 22s
Details
E2E Chat / detect-changes (pull_request) Successful in 23s
Details
Harness Replays / detect-changes (pull_request) Successful in 21s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 21s
Details
CI / Detect changes (pull_request) Successful in 25s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 24s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
CI / Canvas (Next.js) (pull_request) Successful in 8s
Details
Harness Replays / Harness Replays (pull_request) Successful in 7s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Details
E2E Chat / E2E Chat (pull_request) Successful in 9s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m0s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 51s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 1m1s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Failing after 3m58s
Details
CI / Platform (Go) (pull_request) Successful in 4m41s
Details
CI / all-required (pull_request) Successful in 2s
Details
qa-review / approved (pull_request_review) Has been skipped
Details
security-review / approved (pull_request_review) Has been skipped
Details
sop-tier-check / tier-check (pull_request_review) Successful in 6s
Details
security-review / approved (pull_request_target) Refired via /security-recheck by unknown
Details
audit-force-merge / audit (pull_request_target) Successful in 9s
Details
9a28c88682 
Three auto-routing tests (TestProvisionWorkspaceAuto_RoutesToCPWhenSet,
TestRestartWorkspaceAuto_RoutesToCPWhenSet,
TestProvisionWorkspaceAutoSync_RoutesToCPWhenSet) use
models.CreateWorkspacePayload with Runtime="claude-code" and empty Model.
This now derives to platform_managed billing mode, which fails closed
with MISSING_PLATFORM_PROXY when the CP proxy env is absent.

Supply the proxy env via t.Setenv so the tests reach the CP provisioner
stub instead of aborting early.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
core-qa approved these changes 2026-06-03 06:14:20 +00:00
core-qa left a comment
Member
Copy Link
Copy Source

core-qa official-approve — #2162 fail-closed. Verified by CTO: empty-proxy path returns HasUsableLLMCred=false + prepareProvisionContext aborts MISSING_PLATFORM_PROXY (symmetric to BYOK), with the watch-fail regression test. CI/Platform(Go)+all-required green. qa APPROVE.

core-qa official-approve — #2162 fail-closed. Verified by CTO: empty-proxy path returns HasUsableLLMCred=false + prepareProvisionContext aborts MISSING_PLATFORM_PROXY (symmetric to BYOK), with the watch-fail regression test. CI/Platform(Go)+all-required green. qa APPROVE.
core-security approved these changes 2026-06-03 06:14:40 +00:00
core-security left a comment
Member
Copy Link
Copy Source

core-security official-approve — #2162 fail-closed platform-managed provision. No credential-less boot; aborts MISSING_PLATFORM_PROXY. security APPROVE.

core-security official-approve — #2162 fail-closed platform-managed provision. No credential-less boot; aborts MISSING_PLATFORM_PROXY. security APPROVE.
molecule-code-reviewer commented 2026-06-03 06:14:41 +00:00
Member
Copy Link
Copy Source

/qa-recheck

/qa-recheck
molecule-code-reviewer commented 2026-06-03 06:14:42 +00:00
Member
Copy Link
Copy Source

/security-recheck

/security-recheck
core-be merged commit 9aafcf7ad3 into main 2026-06-03 06:21:10 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
core-qa
core-security
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2164
Delete Branch "fix/2162-platform-managed-fail-closed-missing-proxy"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?