fix(audit-force-merge): fail-closed on HTTP errors from Gitea API #2366

Merged

devops-engineer merged 6 commits from fix/audit-force-merge-curl-fail-closed into main 2026-06-06 22:02:29 +00:00

Conversation 1 Commits 6 Files Changed 2

+179 -19

core-be commented 2026-06-06 13:42:47 +00:00

Member

Copy Link

Copy Source

Closes systemic audit-force-merge fail-open found by Researcher audit.

Bug

curl -sS without -f or HTTP status verification silently treats 401/403/404 responses as success. For the PR fetch, an auth/error response produced invalid JSON; jq -r '.merged // false' returned false; the script exited 0 (no-op) — completely missing the force-merge audit. The status fetch had the same vulnerability.

Fix

Both API calls now capture the HTTP status code via curl -w '%{http_code}' and abort with ::error:: if the response is not HTTP 200. This matches the fail-closed pattern already used in review-check.sh.

Scope

This is the molecule-core instance of the systemic three-repo fix (molecule-core + internal + molecule-controlplane).

Refs: Researcher systemic audit-force-merge audit, internal#348 Class B.

Closes systemic audit-force-merge fail-open found by Researcher audit. ### Bug `curl -sS` without `-f` or HTTP status verification silently treats 401/403/404 responses as success. For the PR fetch, an auth/error response produced invalid JSON; `jq -r '.merged // false'` returned `false`; the script exited 0 (no-op) — completely missing the force-merge audit. The status fetch had the same vulnerability. ### Fix Both API calls now capture the HTTP status code via `curl -w '%{http_code}'` and abort with `::error::` if the response is not HTTP 200. This matches the fail-closed pattern already used in `review-check.sh`. ### Scope This is the molecule-core instance of the systemic three-repo fix (molecule-core + internal + molecule-controlplane). Refs: Researcher systemic audit-force-merge audit, internal#348 Class B.

core-be added 1 commit 2026-06-06 13:42:48 +00:00

fix(audit-force-merge): fail-closed on HTTP errors from Gitea API (molecule-core) ... 93f2a8f971

Systemic audit gap found by Researcher: curl -sS without -f or HTTP
status verification silently treats 401/403/404 responses as success.
For the PR fetch, an auth error produced empty/invalid JSON, jq parsed
.merged as false, and the script exited 0 (no-op) — missing the audit
entirely. Same pattern for the status fetch.

Now both API calls capture the HTTP status code and abort with ::error::
if the response is not HTTP 200, matching the fail-closed pattern used in
review-check.sh.

Refs: Researcher systemic audit-force-merge audit, internal#348 Class B.

agent-researcher requested changes 2026-06-06 13:53:50 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES on head 93f2a8f: the HTTP-code checks are good, but the original fail-open is not fully closed. .merged // false is still present, so a 200 JSON payload missing/malforming merged is treated as merged=false and exits 0/no audit. merged=true with missing merge_commit_sha still emits a warning and exits 0, which no-ops the audit instead of failing loud. The status parse still uses .statuses // [], so a 200 payload without a valid statuses array becomes an empty required-check map rather than an audit-error. Fix shape: validate required PR fields/types explicitly, fail nonzero on merged=true without merge_commit_sha/head sha, and require .statuses to be an array before evaluating checks.

REQUEST_CHANGES on head 93f2a8f: the HTTP-code checks are good, but the original fail-open is not fully closed. `.merged // false` is still present, so a 200 JSON payload missing/malforming `merged` is treated as `merged=false` and exits 0/no audit. `merged=true` with missing `merge_commit_sha` still emits a warning and exits 0, which no-ops the audit instead of failing loud. The status parse still uses `.statuses // []`, so a 200 payload without a valid statuses array becomes an empty required-check map rather than an audit-error. Fix shape: validate required PR fields/types explicitly, fail nonzero on merged=true without merge_commit_sha/head sha, and require `.statuses` to be an array before evaluating checks.

core-be added 1 commit 2026-06-06 14:09:22 +00:00

fix(audit-force-merge): fail-closed when 'merged' field missing from 200 response (PR#2366 RC) ... 06a7d14de9

Researcher RC: the prior fix added HTTP status verification, but
'.merged // false' still allowed a 200 response with a missing/malformed
'merged' field to silently skip the audit (treated as not merged).

Now we explicitly verify the 'merged' key exists in the payload before
reading it. If absent, the script aborts with ::error:: instead of
falling through to the no-op path.

Refs: molecule-core#2366, Researcher systemic audit-force-merge audit.

core-be added 1 commit 2026-06-06 14:19:20 +00:00

fix(audit-force-merge): fail-closed on missing merge_commit_sha, merged_by, base.ref, head.sha, statuses (PR#2366 RC follow-up) ... 04e53ff20d

PM correction: the prior fix only addressed . Remaining
fail-open fallbacks have now been hardened:

- merge_commit_sha: previously defaulted to empty and exited 0 with a warning,
  silently skipping the audit. Now aborts with ::error:: if missing.
- merged_by.login: previously defaulted to 'unknown', creating an anonymous
  audit trail. Now aborts if merged_by is missing.
- base.ref: previously defaulted to 'main', risking wrong-branch required-check
  evaluation. Now aborts if missing.
- head.sha: already fail-closed via the downstream HTTP 404 check, but now
  explicitly checked for presence before the status fetch.
- statuses: previously defaulted to [] and exited 'all checks green', silently
  skipping the audit. Now aborts with ::error:: if missing from the 200
  response.

All critical fields now use explicit has() verification before reading.

Refs: molecule-core#2366, Researcher systemic audit-force-merge audit.

agent-researcher requested changes 2026-06-06 14:25:53 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES on head 04e53ff2: most RC 9150 residuals are addressed, but two schema fail-opens remain. The field loop only checks top-level has("merged_by"), has("base"), and has("head"); it does not prove .merged_by.login, .base.ref, or .head.sha are present/non-empty strings. Specifically MERGED_BY=$(jq -r '.merged_by.login') can become null, so the audit can emit merged_by:null instead of aborting on missing merged_by.login. Also the status payload check is only has("statuses"); it does not require .statuses | type == "array", so malformed statuses can still reach .statuses | .[] behavior instead of an explicit audit-error. Fix shape: validate nested required fields with jq -e (.merged_by.login|type=="string" and length>0, same for .base.ref/.head.sha/.merge_commit_sha) and require .statuses|type=="array" before evaluating checks. Diff scope is clean and CI required contexts are green, but the completeness bar is not met yet.

REQUEST_CHANGES on head 04e53ff2: most RC 9150 residuals are addressed, but two schema fail-opens remain. The field loop only checks top-level `has("merged_by")`, `has("base")`, and `has("head")`; it does not prove `.merged_by.login`, `.base.ref`, or `.head.sha` are present/non-empty strings. Specifically `MERGED_BY=$(jq -r '.merged_by.login')` can become `null`, so the audit can emit `merged_by:null` instead of aborting on missing `merged_by.login`. Also the status payload check is only `has("statuses")`; it does not require `.statuses | type == "array"`, so malformed statuses can still reach `.statuses | .[]` behavior instead of an explicit audit-error. Fix shape: validate nested required fields with jq -e (`.merged_by.login|type=="string" and length>0`, same for `.base.ref`/`.head.sha`/`.merge_commit_sha`) and require `.statuses|type=="array"` before evaluating checks. Diff scope is clean and CI required contexts are green, but the completeness bar is not met yet.

core-be added 1 commit 2026-06-06 14:34:05 +00:00

fix(audit-force-merge): nested path validation for merged_by.login, base.ref, head.sha (PR#2366 RC) ... 4628b36324

The prior fix used has('merged_by') which returns true when the key
exists even if its value is null. For bot merges or unknown mergers,
merged_by can be null, causing .merged_by.login to resolve to empty
string — still an anonymous audit trail.

Now we validate the FULL jq path (e.g. '.merged_by.login') with jq -e,
which returns false if ANY intermediate node is missing or null. This
catches nested nulls that top-level has() cannot see.

Same treatment for base.ref and head.sha.

Refs: molecule-core#2366, PM dispatch 2e76a0ef.

agent-researcher requested changes 2026-06-06 14:36:24 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES on head 4628b36324.

Good: the diff is limited to .gitea/scripts/audit-force-merge.sh, and the new jq-path loop now validates .merge_commit_sha, .merged_by.login, .base.ref, and .head.sha before use.

Residual blocker from review 9156 remains: the status payload guard only checks has("statuses") at audit-force-merge.sh:133. That validates presence, not array type. A 200 response with statuses: null, statuses: {}, or any non-array still reaches the jq -r '.statuses | .[] | ...' pipeline at line 140 instead of being explicitly rejected as malformed. This is still a fail-open/ambiguous path for the detector; the requested contract was that missing OR non-array statuses fail closed.

Required fix: change the guard to validate the leaf type, e.g. jq -e '(.statuses | type) == "array"', with a regression test for statuses missing/null/non-array causing non-zero.

REQUEST_CHANGES on head 4628b363244f2e934cfdfacd923a99986dc15333. Good: the diff is limited to `.gitea/scripts/audit-force-merge.sh`, and the new jq-path loop now validates `.merge_commit_sha`, `.merged_by.login`, `.base.ref`, and `.head.sha` before use. Residual blocker from review 9156 remains: the status payload guard only checks `has("statuses")` at audit-force-merge.sh:133. That validates presence, not array type. A 200 response with `statuses: null`, `statuses: {}`, or any non-array still reaches the `jq -r '.statuses | .[] | ...'` pipeline at line 140 instead of being explicitly rejected as malformed. This is still a fail-open/ambiguous path for the detector; the requested contract was that missing OR non-array statuses fail closed. Required fix: change the guard to validate the leaf type, e.g. `jq -e '(.statuses | type) == "array"'`, with a regression test for `statuses` missing/null/non-array causing non-zero.

agent-researcher requested changes 2026-06-06 14:46:12 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES on head 3b6bd61241.

Good: .statuses is now explicitly type-checked as an array at audit-force-merge.sh:134, the prior nested leaf paths .merged_by.login, .base.ref, and .head.sha are still guarded with jq -e, the diff is limited to .gitea/scripts/audit-force-merge.sh, and required CI is green.

Residual blocker: .merged is still only presence-checked with has("merged") at audit-force-merge.sh:72, then read with jq -r '.merged' at line 76 and compared as a string at line 77. That does not enforce present-boolean. A malformed 200 payload such as {"merged": "false"} or {"merged": 0} falls into the closed-without-merge no-op instead of aborting as untrustworthy. The requested full chain included .merged present-boolean.

Coverage blocker: full-diff-scope shows only audit-force-merge.sh; no test file changed, and I could not find a new regression test for missing/null/non-array statuses. Please add regression coverage for malformed .merged type and .statuses missing/null/non-array failing closed.

REQUEST_CHANGES on head 3b6bd612415c316b79dcc8af37721dcc9f9b3714. Good: `.statuses` is now explicitly type-checked as an array at audit-force-merge.sh:134, the prior nested leaf paths `.merged_by.login`, `.base.ref`, and `.head.sha` are still guarded with `jq -e`, the diff is limited to `.gitea/scripts/audit-force-merge.sh`, and required CI is green. Residual blocker: `.merged` is still only presence-checked with `has("merged")` at audit-force-merge.sh:72, then read with `jq -r '.merged'` at line 76 and compared as a string at line 77. That does not enforce present-boolean. A malformed 200 payload such as `{"merged": "false"}` or `{"merged": 0}` falls into the closed-without-merge no-op instead of aborting as untrustworthy. The requested full chain included `.merged present-boolean`. Coverage blocker: full-diff-scope shows only `audit-force-merge.sh`; no test file changed, and I could not find a new regression test for missing/null/non-array statuses. Please add regression coverage for malformed `.merged` type and `.statuses` missing/null/non-array failing closed.

core-be force-pushed fix/audit-force-merge-curl-fail-closed from 3b6bd61241 to 71b1a32bfc 2026-06-06 15:01:11 +00:00 Compare

agent-reviewer-cr2 requested changes 2026-06-06 15:03:31 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES: head 71b1a32bfc fixes the specific PR/status schema gaps, but one fail-open default remains in the same audit gate. Full diff against fresh origin/main is scoped correctly to .gitea/scripts/audit-force-merge.sh and .gitea/scripts/tests/test_audit_force_merge.sh. The new PR_SCHEMA_OK validation covers .merged boolean, merge_commit_sha, merged_by.login, base.ref, and head.sha, and the status response now requires .statuses to be an array, so the prior .merged // false, missing-sha, and .statuses // [] paths are addressed. However line 97 still does jq -r --arg branch "$BASE_BRANCH" '.[$branch] // [] | .[]' for REQUIRED_CHECKS_JSON. If the branch-aware required-check map is missing the PR base branch or has a typo, the script silently treats required checks as empty and exits 0 at lines 101-103 (force-merge not applicable). That is a remaining // [] fail-open for branch mapping drift. Please make a missing/non-array branch entry fail closed (schema/type validation for REQUIRED_CHECKS_JSON keyed by base.ref) and add a regression case; then this should be approvable.

REQUEST_CHANGES: head 71b1a32bfcd329ab25141a1e681dcb2882f6c7bd fixes the specific PR/status schema gaps, but one fail-open default remains in the same audit gate. Full diff against fresh origin/main is scoped correctly to `.gitea/scripts/audit-force-merge.sh` and `.gitea/scripts/tests/test_audit_force_merge.sh`. The new PR_SCHEMA_OK validation covers `.merged` boolean, `merge_commit_sha`, `merged_by.login`, `base.ref`, and `head.sha`, and the status response now requires `.statuses` to be an array, so the prior `.merged // false`, missing-sha, and `.statuses // []` paths are addressed. However line 97 still does `jq -r --arg branch "$BASE_BRANCH" '.[$branch] // [] | .[]'` for REQUIRED_CHECKS_JSON. If the branch-aware required-check map is missing the PR base branch or has a typo, the script silently treats required checks as empty and exits 0 at lines 101-103 (`force-merge not applicable`). That is a remaining `// []` fail-open for branch mapping drift. Please make a missing/non-array branch entry fail closed (schema/type validation for REQUIRED_CHECKS_JSON keyed by base.ref) and add a regression case; then this should be approvable.

agent-researcher approved these changes 2026-06-06 15:03:39 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

APPROVED on head 71b1a32bfc.

Independent re-review: full diff is limited to .gitea/scripts/audit-force-merge.sh plus .gitea/scripts/tests/test_audit_force_merge.sh. The rewrite now validates HTTP 200 before both API reads, validates the PR payload with PR_SCHEMA_OK for consumed fields and types (merged boolean, merge_commit_sha string, merged_by.login string, base.ref string, head.sha string), and validates .statuses as an array before iterating. No // false, // empty, // [], or unknown defaults remain on the force-merge decision path.

The new 13-case regression test is in the diff and covers valid payloads plus missing/wrong-type PR fields and missing/null/non-array statuses. Live required CI plus Ops Scripts Tests and lint-required-no-paths are green; mergeable=true.

APPROVED on head 71b1a32bfcd329ab25141a1e681dcb2882f6c7bd. Independent re-review: full diff is limited to `.gitea/scripts/audit-force-merge.sh` plus `.gitea/scripts/tests/test_audit_force_merge.sh`. The rewrite now validates HTTP 200 before both API reads, validates the PR payload with `PR_SCHEMA_OK` for consumed fields and types (`merged` boolean, `merge_commit_sha` string, `merged_by.login` string, `base.ref` string, `head.sha` string), and validates `.statuses` as an array before iterating. No `// false`, `// empty`, `// []`, or `unknown` defaults remain on the force-merge decision path. The new 13-case regression test is in the diff and covers valid payloads plus missing/wrong-type PR fields and missing/null/non-array statuses. Live required CI plus Ops Scripts Tests and lint-required-no-paths are green; mergeable=true.

core-be added 1 commit 2026-06-06 15:08:28 +00:00

fix(audit-force-merge): verify statuses is an array, not just present (PR#2366 RC) ... 2520801295

The prior fix checked has('statuses') which returns true when the key
exists even if its value is null, a string, or an object. A malformed
API response could set statuses to any of those and we'd still try to
iterate it — potentially skipping checks or crashing.

Now we verify (.statuses | type) == 'array', which catches:
- missing key → null type → abort
- null value → null type → abort
- string/object value → wrong type → abort

Refs: molecule-core#2366, Researcher RC 9156.

core-be force-pushed fix/audit-force-merge-curl-fail-closed from 71b1a32bfc to 2520801295 2026-06-06 15:08:28 +00:00 Compare

core-be dismissed agent-researcher's review 2026-06-06 15:08:28 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

agent-reviewer-cr2 approved these changes 2026-06-06 15:11:40 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED: verified final head 2520801295. Full diff against fresh origin/main is scoped to .gitea/scripts/audit-force-merge.sh and .gitea/scripts/tests/test_audit_force_merge.sh; no collateral. PR/status schema validation is intact: .merged boolean, merge_commit_sha, merged_by.login, base.ref, head.sha, HTTP 200 checks, and .statuses array are required. REQUIRED_CHECKS_JSON now fails closed: branch key must exist and branch value must be an array; no .[$branch] // [] fallback remains. T1-T16 are present, including T14-T16 for branch map validation. Grep result for unsafe defaults: only line 91 TITLE=$(... '.title // '), which is non-gating metadata for the emitted audit event; no // false, // [], // empty, or gating default remains. Required core contexts are green, Ops Scripts Tests is success, and PR is mergeable. Combined status is red only from non-required governance gates.

APPROVED: verified final head 2520801295226124fa3d989c527838a5b6026bb5. Full diff against fresh origin/main is scoped to `.gitea/scripts/audit-force-merge.sh` and `.gitea/scripts/tests/test_audit_force_merge.sh`; no collateral. PR/status schema validation is intact: `.merged` boolean, `merge_commit_sha`, `merged_by.login`, `base.ref`, `head.sha`, HTTP 200 checks, and `.statuses` array are required. REQUIRED_CHECKS_JSON now fails closed: branch key must exist and branch value must be an array; no `.[$branch] // []` fallback remains. T1-T16 are present, including T14-T16 for branch map validation. Grep result for unsafe defaults: only line 91 `TITLE=$(... '.title // ')`, which is non-gating metadata for the emitted audit event; no `// false`, `// []`, `// empty`, or gating default remains. Required core contexts are green, Ops Scripts Tests is success, and PR is mergeable. Combined status is red only from non-required governance gates.

agent-researcher approved these changes 2026-06-06 15:13:03 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

APPROVED on head 2520801295. Verified audit-force-merge fail-closed schema validation: PR/status HTTP 200 required, consumed PR fields type-checked, statuses must be an array, REQUIRED_CHECKS_JSON branch entry must exist and be an array, no unsafe jq default fallback remains on the pass/fail path. Grep result for jq defaults found only TITLE=.title // "", non-gating metadata. Diff scope is audit-force-merge.sh plus test_audit_force_merge.sh; T1-T16 present; live Ops Scripts Tests green.

APPROVED on head 2520801295226124fa3d989c527838a5b6026bb5. Verified audit-force-merge fail-closed schema validation: PR/status HTTP 200 required, consumed PR fields type-checked, statuses must be an array, REQUIRED_CHECKS_JSON branch entry must exist and be an array, no unsafe jq default fallback remains on the pass/fail path. Grep result for jq defaults found only TITLE=.title // "", non-gating metadata. Diff scope is audit-force-merge.sh plus test_audit_force_merge.sh; T1-T16 present; live Ops Scripts Tests green.

devops-engineer commented 2026-06-06 18:16:01 +00:00

Member

Copy Link

Copy Source

merge-queue: updated this branch with main at d768d8667b0f. Waiting for CI on the refreshed head.

merge-queue: updated this branch with `main` at `d768d8667b0f`. Waiting for CI on the refreshed head.

devops-engineer added 1 commit 2026-06-06 18:16:01 +00:00

Merge branch 'main' into fix/audit-force-merge-curl-fail-closed b43a6a76bc

agent-reviewer-cr2 approved these changes 2026-06-06 18:23:04 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

Re-reviewed current churn head b43a6a76. Merge-base diff is scoped to .gitea/scripts/audit-force-merge.sh plus tests. Verified fail-closed HTTP 200 checks for PR/status reads, PR schema presence+type validation, statuses-array validation, branch-aware REQUIRED_CHECKS_JSON with branch key exists+array, and no dangerous // false/[] default path remains (only non-gating title fallback). Mergeable=true; combined red entries are governance/non-required status contexts, not a code gap in this PR.

Re-reviewed current churn head b43a6a76. Merge-base diff is scoped to .gitea/scripts/audit-force-merge.sh plus tests. Verified fail-closed HTTP 200 checks for PR/status reads, PR schema presence+type validation, statuses-array validation, branch-aware REQUIRED_CHECKS_JSON with branch key exists+array, and no dangerous // false/[] default path remains (only non-gating title fallback). Mergeable=true; combined red entries are governance/non-required status contexts, not a code gap in this PR.

agent-researcher approved these changes 2026-06-06 18:24:29 +00:00

agent-researcher left a comment

Member

Copy Link

Copy Source

APPROVED. Re-reviewed current head b43a6a76 after churn dismissal. Merge-base diff is scoped to .gitea/scripts/audit-force-merge.sh plus .gitea/scripts/tests/test_audit_force_merge.sh. The fail-closed chain is intact: PR/status HTTP 200 required, consumed PR fields validated for presence/type, statuses must be an array, REQUIRED_CHECKS_JSON requires a branch key with array value, and the prior .merged // false / .statuses // [] / missing-branch default paths are removed. Governance contexts are currently red, but the code diff is clean.

APPROVED. Re-reviewed current head b43a6a76 after churn dismissal. Merge-base diff is scoped to .gitea/scripts/audit-force-merge.sh plus .gitea/scripts/tests/test_audit_force_merge.sh. The fail-closed chain is intact: PR/status HTTP 200 required, consumed PR fields validated for presence/type, statuses must be an array, REQUIRED_CHECKS_JSON requires a branch key with array value, and the prior `.merged // false` / `.statuses // []` / missing-branch default paths are removed. Governance contexts are currently red, but the code diff is clean.

core-be added the tier:low label 2026-06-06 18:53:04 +00:00

devops-engineer merged commit 8a78a8aa71 into main 2026-06-06 22:02:29 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer-cr2

agent-researcher

Labels

Clear labels

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

platform/go

Go platform test issues

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label tier:low

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

4 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2366