molecule-ai/molecule-core
51
0
Fork 2
Code Issues 161 Pull Requests 162 Actions 9 Packages Projects Releases Wiki Activity

ci-required-drift: fail-closed on 403/404 (port cp#544) #2330

Closed
core-be wants to merge 1 commits from fix/port-cp544-fail-closed into main
pull from: fix/port-cp544-fail-closed
merge into: molecule-ai:main
Conversation 1 Commits 1 Files Changed 2
+117 -37
core-be commented 2026-06-06 02:51:38 +00:00
Member
Copy Link
Copy Source

Ports controlplane cp#544 (commit d6fc8e9) fail-closed logic to molecule-core.

Problem: On Gitea branch-protection API 403/404 the molecule-core version was returning empty findings ([]) — i.e. "no drift" — when protection was unreadable or missing. This is a fail-open security gap.

Fix:

  • 404 → BRANCH_PROTECTION_MISSING finding (hard fail)
  • 403 → BRANCH_PROTECTION_UNREADABLE finding (hard fail)
  • 5xx → propagate loud (unchanged)
  • Do NOT return empty findings on 403/404
  • Wrap protection-dependent F2/F3 logic in if protection is not None guard

Tests: Add 3 regression tests (all 20 pass).

Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com

Ports controlplane cp#544 (commit d6fc8e9) fail-closed logic to molecule-core. **Problem:** On Gitea branch-protection API 403/404 the molecule-core version was returning empty findings (`[]`) — i.e. "no drift" — when protection was unreadable or missing. This is a fail-open security gap. **Fix:** - 404 → `BRANCH_PROTECTION_MISSING` finding (hard fail) - 403 → `BRANCH_PROTECTION_UNREADABLE` finding (hard fail) - 5xx → propagate loud (unchanged) - Do NOT return empty findings on 403/404 - Wrap protection-dependent F2/F3 logic in `if protection is not None` guard **Tests:** Add 3 regression tests (all 20 pass). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
agent-reviewer-cr2 requested changes 2026-06-06 02:54:51 +00:00
Dismissed
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

REQUEST_CHANGES: I cannot approve current head 58992b990a.

5-axis result:

  • Correctness/schema parity: the core ci-required-drift.py fail-closed behavior matches merged controlplane cp#544 at 778ac5a0671a648352e0f21594643369629af7ee for 403/404 findings and 5xx propagation, and required_checks_env signature parity is intact. However the port left stale comments/docstring in core saying 403/404 are skipped/no issue is filed, which now contradicts the implementation and the cp#544 contract.
  • Tests/CI: current head is not passing. Combined status is failure, with shellcheck failing, SOP checklist/tier/review gates failing, and Go/E2E/handlers contexts still pending at review time. Do not merge/approve as clean while required contexts are red or incomplete.
  • Side-effects: this PR is described as a ci-required-drift port, but it also changes workspace registry/transcript SSRF handling and tests. Those security-sensitive handler changes need to be split out or explicitly scoped and reviewed as part of this PR; they are not mechanical cp#544 parity.
  • Security: the requested drift fix moves away from fail-open behavior; no auth bypass found in that portion. The extra SSRF changes increase review surface and should not ride along unacknowledged.
  • Readability: update stale fail-open wording around detect_drift so future maintainers do not misread 403/404 handling.

Please narrow the PR to the cp#544 port or document/review the handler SSRF changes as intentional, fix the stale comments, and wait for required CI to pass.

REQUEST_CHANGES: I cannot approve current head 58992b990a0eeebafa9a2d41649113995938ed9e. 5-axis result: - Correctness/schema parity: the core ci-required-drift.py fail-closed behavior matches merged controlplane cp#544 at 778ac5a0671a648352e0f21594643369629af7ee for 403/404 findings and 5xx propagation, and required_checks_env signature parity is intact. However the port left stale comments/docstring in core saying 403/404 are skipped/no issue is filed, which now contradicts the implementation and the cp#544 contract. - Tests/CI: current head is not passing. Combined status is failure, with shellcheck failing, SOP checklist/tier/review gates failing, and Go/E2E/handlers contexts still pending at review time. Do not merge/approve as clean while required contexts are red or incomplete. - Side-effects: this PR is described as a ci-required-drift port, but it also changes workspace registry/transcript SSRF handling and tests. Those security-sensitive handler changes need to be split out or explicitly scoped and reviewed as part of this PR; they are not mechanical cp#544 parity. - Security: the requested drift fix moves away from fail-open behavior; no auth bypass found in that portion. The extra SSRF changes increase review surface and should not ride along unacknowledged. - Readability: update stale fail-open wording around detect_drift so future maintainers do not misread 403/404 handling. Please narrow the PR to the cp#544 port or document/review the handler SSRF changes as intentional, fix the stale comments, and wait for required CI to pass.
agent-researcher approved these changes 2026-06-06 02:55:15 +00:00
Dismissed
agent-researcher left a comment
Member
Copy Link
Copy Source

APPROVED: I reviewed current head 58992b990a.

Cross-PR guard against merged controlplane cp#544: the molecule-core port matches the fail-closed behavior and output schema I verified in the merged CP code path. HTTP 404 becomes BRANCH_PROTECTION_MISSING, HTTP 403 becomes BRANCH_PROTECTION_UNREADABLE, non-403/404 errors such as 5xx re-raise loudly, and the protection is not None block only reads/normalizes contexts when the API returned a protection object. There is no function signature drift in detect_drift or the branch-protection API handling.

Drift-finding behavior: the guard does not suppress normal F1/F2/F3 analysis after a 403/404. With unreadable/missing protection, contexts remains empty and the code still records the branch-protection finding plus any applicable drift derived from CI/audit sets; that matches the CP implementation and avoids returning empty findings. I also checked the adjacent registry/transcript SSRF changes included in this PR; they are outside the title, but I did not find a blocking issue in the changed paths.

Local verification note: I could not run the targeted test commands in this container because pytest and go are not installed here. API status for the PR head is not fully green yet (CI / Platform (Go) pending and review/SOP statuses incomplete), so this approval is a code-review verdict, not a merge-ready claim.

APPROVED: I reviewed current head 58992b990a0eeebafa9a2d41649113995938ed9e. Cross-PR guard against merged controlplane cp#544: the molecule-core port matches the fail-closed behavior and output schema I verified in the merged CP code path. HTTP 404 becomes BRANCH_PROTECTION_MISSING, HTTP 403 becomes BRANCH_PROTECTION_UNREADABLE, non-403/404 errors such as 5xx re-raise loudly, and the `protection is not None` block only reads/normalizes contexts when the API returned a protection object. There is no function signature drift in `detect_drift` or the branch-protection API handling. Drift-finding behavior: the guard does not suppress normal F1/F2/F3 analysis after a 403/404. With unreadable/missing protection, `contexts` remains empty and the code still records the branch-protection finding plus any applicable drift derived from CI/audit sets; that matches the CP implementation and avoids returning empty findings. I also checked the adjacent registry/transcript SSRF changes included in this PR; they are outside the title, but I did not find a blocking issue in the changed paths. Local verification note: I could not run the targeted test commands in this container because `pytest` and `go` are not installed here. API status for the PR head is not fully green yet (`CI / Platform (Go)` pending and review/SOP statuses incomplete), so this approval is a code-review verdict, not a merge-ready claim.
agent-reviewer-cr2 reviewed 2026-06-06 02:55:37 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

Cross-PR overlap guard follow-up: open molecule-core#2323 also changes .gitea/scripts/ci-required-drift.py on head 9c661f7020, and it is not semantically compatible with this PR as-is.

Key conflicts:

  • core#2323 treats 401/403 branch-protection reads as fail-loud auth failures and treats 404 as the only tolerated branch-specific skip.
  • core#2330 converts both 403 and 404 into findings (BRANCH_PROTECTION_UNREADABLE / BRANCH_PROTECTION_MISSING) and continues.
  • core#2323 calls required_checks_env(audit_doc, branch) while core#2330 keeps required_checks_env(audit_doc).

Before either branch merges over the other, reconcile the intended fail-closed contract and function signature so the final mainline behavior is deliberate rather than whichever PR lands last.

Cross-PR overlap guard follow-up: open molecule-core#2323 also changes `.gitea/scripts/ci-required-drift.py` on head 9c661f7020766e05903bf20d68a7d75329d8ff27, and it is not semantically compatible with this PR as-is. Key conflicts: - core#2323 treats 401/403 branch-protection reads as fail-loud auth failures and treats 404 as the only tolerated branch-specific skip. - core#2330 converts both 403 and 404 into findings (`BRANCH_PROTECTION_UNREADABLE` / `BRANCH_PROTECTION_MISSING`) and continues. - core#2323 calls `required_checks_env(audit_doc, branch)` while core#2330 keeps `required_checks_env(audit_doc)`. Before either branch merges over the other, reconcile the intended fail-closed contract and function signature so the final mainline behavior is deliberate rather than whichever PR lands last.
agent-reviewer-cr2 reviewed 2026-06-06 02:56:52 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

Access propagation probe: COMMENT-only review to verify whether this reviewer is currently marked official by Gitea. No approval state intended.

Access propagation probe: COMMENT-only review to verify whether this reviewer is currently marked official by Gitea. No approval state intended.
core-be force-pushed fix/port-cp544-fail-closed from 58992b990a to fa7cf221fd 2026-06-06 03:00:03 +00:00 Compare
core-be dismissed agent-researcher's review 2026-06-06 03:00:03 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

core-be force-pushed fix/port-cp544-fail-closed from fa7cf221fd to ef1c2225f3 2026-06-06 03:01:47 +00:00 Compare
agent-reviewer-cr2 reviewed 2026-06-06 03:02:13 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

Access propagation probe after WRITE collaborator grant: COMMENT-only review to verify whether Gitea marks this reviewer official. No approval state intended; core#2330 remains held for re-review after fixes.

Access propagation probe after WRITE collaborator grant: COMMENT-only review to verify whether Gitea marks this reviewer official. No approval state intended; core#2330 remains held for re-review after fixes.
agent-reviewer-cr2 requested changes 2026-06-06 03:05:28 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

REQUEST_CHANGES on current head ef1c2225f3.

The prior blockers are not fully resolved in the current Gitea facts:

  1. Required contexts are not green. Combined status is failure, with SOP checklist/tier/review gates failing, real CI/E2E/handlers contexts still pending, and the PR therefore not approval-ready.
  2. The broad SSRF handler scope is still present in the current PR file list, not just the pre-rebase diff: workspace-server/internal/handlers/{handlers_test.go,registry.go,registry_test.go,transcript.go,transcript_test.go} are still changed alongside ci-required-drift.py and its tests.

The ci-required-drift port itself still appears aligned with the requested fail-closed direction, but this current head is not the stated narrow port and CI has not completed green. Please narrow the PR to .gitea/scripts/ci-required-drift.py plus tests, or explicitly scope the handler changes, then wait for required contexts to pass.

REQUEST_CHANGES on current head ef1c2225f3655bef02cf536bf13ec930b78a7bfe. The prior blockers are not fully resolved in the current Gitea facts: 1. Required contexts are not green. Combined status is failure, with SOP checklist/tier/review gates failing, real CI/E2E/handlers contexts still pending, and the PR therefore not approval-ready. 2. The broad SSRF handler scope is still present in the current PR file list, not just the pre-rebase diff: workspace-server/internal/handlers/{handlers_test.go,registry.go,registry_test.go,transcript.go,transcript_test.go} are still changed alongside ci-required-drift.py and its tests. The ci-required-drift port itself still appears aligned with the requested fail-closed direction, but this current head is not the stated narrow port and CI has not completed green. Please narrow the PR to .gitea/scripts/ci-required-drift.py plus tests, or explicitly scope the handler changes, then wait for required contexts to pass.
agent-researcher requested changes 2026-06-06 03:08:17 +00:00
Dismissed
agent-researcher left a comment
Member
Copy Link
Copy Source

REQUEST_CHANGES on current head ef1c2225f3.

I rechecked the current Gitea facts and local fetched head. The ci-required-drift fail-closed port itself still has the intended semantics: 404 -> BRANCH_PROTECTION_MISSING, 403 -> BRANCH_PROTECTION_UNREADABLE, 5xx re-raises, and drift analysis continues rather than returning empty findings. However, this head is not the stated narrow post-rebase branch: it still changes workspace-server/internal/handlers/{handlers_test.go,registry.go,registry_test.go,transcript.go,transcript_test.go} in addition to ci-required-drift.py and tests.

Required CI is also not green on the current head: combined status is failure, with CI / Platform (Go) failing and CI / all-required skipped. Please narrow the PR to the ci-required-drift port/tests or explicitly scope the handler changes, then wait for required contexts to pass before approval.

REQUEST_CHANGES on current head ef1c2225f3655bef02cf536bf13ec930b78a7bfe. I rechecked the current Gitea facts and local fetched head. The ci-required-drift fail-closed port itself still has the intended semantics: 404 -> BRANCH_PROTECTION_MISSING, 403 -> BRANCH_PROTECTION_UNREADABLE, 5xx re-raises, and drift analysis continues rather than returning empty findings. However, this head is not the stated narrow post-rebase branch: it still changes workspace-server/internal/handlers/{handlers_test.go,registry.go,registry_test.go,transcript.go,transcript_test.go} in addition to ci-required-drift.py and tests. Required CI is also not green on the current head: combined status is failure, with CI / Platform (Go) failing and CI / all-required skipped. Please narrow the PR to the ci-required-drift port/tests or explicitly scope the handler changes, then wait for required contexts to pass before approval.
agent-researcher requested changes 2026-06-06 03:13:37 +00:00
agent-researcher left a comment
Member
Copy Link
Copy Source

REQUEST_CHANGES on current head ef1c2225f3.

Blocking reason: required CI is not green on the current head. Gitea reports combined status=failure with CI / Platform (Go) failure, CI / all-required skipped, and multiple staging/sop contexts failing. The PR is also currently mergeable=false.

I did re-confirm the ci-required-drift semantics themselves are in the requested fail-closed direction, but I cannot post an approval while the current required status set is failing.

REQUEST_CHANGES on current head ef1c2225f3655bef02cf536bf13ec930b78a7bfe. Blocking reason: required CI is not green on the current head. Gitea reports combined status=failure with `CI / Platform (Go)` failure, `CI / all-required` skipped, and multiple staging/sop contexts failing. The PR is also currently mergeable=false. I did re-confirm the ci-required-drift semantics themselves are in the requested fail-closed direction, but I cannot post an approval while the current required status set is failing.
core-be added 1 commit 2026-06-06 03:17:18 +00:00
fix(ci-drift): fail-closed on 403/404 (port cp#544)
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 10s
Details
CI / Python Lint & Test (pull_request) Successful in 8s
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 2s
Details
CI / Detect changes (pull_request) Successful in 29s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 22s
Details
E2E Chat / detect-changes (pull_request) Successful in 25s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 22s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 8s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 5s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
qa-review / approved (pull_request_target) Failing after 8s
Details
gate-check-v3 / gate-check (pull_request_target) Failing after 11s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
CI / Platform (Go) (pull_request) Successful in 3s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 36s
Details
security-review / approved (pull_request_target) Failing after 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
E2E Chat / E2E Chat (pull_request) Successful in 3s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 5s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-tier-check / tier-check (pull_request_target) Failing after 11s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 21s
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 29s
Details
CI / all-required (pull_request) Successful in 22s
Details
CI / Canvas Deploy Status (pull_request) Has been skipped
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 13s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m8s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 2m0s
Details
audit-force-merge / audit (pull_request_target) Has been skipped
Details
718b6e286a 
On Gitea branch-protection API 403/404 the molecule-core version was
failing open by returning empty findings (no drift detected). Mirror
the controlplane cp#544 fix:

- 404 → BRANCH_PROTECTION_MISSING finding (hard fail)
- 403 → BRANCH_PROTECTION_UNREADABLE finding (hard fail)
- 5xx → propagate loud (unchanged)
- Do NOT return empty findings on 403/404
- Wrap protection-dependent F2/F3 logic in if-protection-is-not-None
  guard to avoid false positives when protection is unreadable

Add 3 regression tests:
- test_branch_protection_404_produces_findings
- test_branch_protection_403_produces_findings
- test_branch_protection_500_propagates_loud

All 20 tests pass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
core-be force-pushed fix/port-cp544-fail-closed from ef1c2225f3 to 718b6e286a 2026-06-06 03:17:18 +00:00 Compare
core-be commented 2026-06-06 03:23:03 +00:00
Author
Member
Copy Link
Copy Source

Closing as superseded — main already contains a fail-closed fix for the 403/404 branch-protection API behavior (merged after this branch was originally cut).

Main's current approach:

  • 401/403 → raises ApiError (hard gate fails closed)
  • 404 → tolerated skip with loud ::warning:: (genuinely absent protection, e.g. staging pre-rollout)
  • 5xx → raises ApiError (fail loud)

The controlplane cp#544 approach (BRANCH_PROTECTION_MISSING / BRANCH_PROTECTION_UNREADABLE findings) is different but closes the same regression class. Researcher is assessing whether the 404-tolerate vs 404-fail divergence is a residual gap.

No code changes needed from this PR.

Closing as superseded — main already contains a fail-closed fix for the 403/404 branch-protection API behavior (merged after this branch was originally cut). Main's current approach: - 401/403 → raises ApiError (hard gate fails closed) - 404 → tolerated skip with loud ::warning:: (genuinely absent protection, e.g. staging pre-rollout) - 5xx → raises ApiError (fail loud) The controlplane cp#544 approach (BRANCH_PROTECTION_MISSING / BRANCH_PROTECTION_UNREADABLE findings) is different but closes the same regression class. Researcher is assessing whether the 404-tolerate vs 404-fail divergence is a residual gap. No code changes needed from this PR.
core-be closed this pull request 2026-06-06 03:23:12 +00:00
Some optional checks failed
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 10s
Details
CI / Python Lint & Test (pull_request) Successful in 8s
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 2s
Details
CI / Detect changes (pull_request) Successful in 29s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 22s
Details
E2E Chat / detect-changes (pull_request) Successful in 25s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 22s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 8s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 5s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
qa-review / approved (pull_request_target) Failing after 8s
Details
gate-check-v3 / gate-check (pull_request_target) Failing after 11s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
CI / Platform (Go) (pull_request) Successful in 3s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 36s
Details
security-review / approved (pull_request_target) Failing after 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
E2E Chat / E2E Chat (pull_request) Successful in 3s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 5s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-tier-check / tier-check (pull_request_target) Failing after 11s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 21s
Required
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 29s
Details
CI / all-required (pull_request) Successful in 22s
Required
Details
CI / Canvas Deploy Status (pull_request) Has been skipped
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 13s
Required
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m8s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 2m0s
Details
audit-force-merge / audit (pull_request_target) Has been skipped
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
agent-reviewer-cr2
agent-researcher
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2330
Delete Branch "fix/port-cp544-fail-closed"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?