feat(approval-gate): wire gateDestructive into live destructive handlers (Phase 4b) #2382

Merged

devops-engineer merged 1 commits from feat/platform-agent-gate-wiring into main 2026-06-06 23:25:29 +00:00

Conversation 2 Commits 1 Files Changed 4

+152 -9

devops-engineer commented 2026-06-06 23:18:22 +00:00

Member

Copy Link

Copy Source

Phase 4b — activates the merged 4a approval-gate infra (#2372).

Scope (the design decision, made explicit)

The gate must NOT blanket every caller — that would force every workspace delete/secret-write platform-wide through async approval. Scope is centralized in gateDestructive:

• default-OFF rollout flag MOLECULE_PLATFORM_APPROVAL_GATE (mirrors 3a/3c; inert until the platform agent ships, protecting existing org-token automation).
• org-token callers only: the platform agent runs with an org-admin token (auth middleware sets org_token_id); ordinary workspace-token agents + human CP sessions (cp_session_actor — the approvers) are NOT gated. Realises the file-header trust boundary ("anything holding an org-admin token still goes through the gate") without gating everyone.

Wired

• WorkspaceHandler.Delete → delete_workspace
• SecretsHandler.Set → secret_write (context includes the key, so an approval for one secret cant authorise another)

requireApproval/gateDestructive now take the events.EventEmitter interface and tolerate a nil emitter (SecretsHandler has no broadcaster) — the pending row is still persisted, only the live canvas push is skipped.

Tests

3 new unit tests (default-off, org-token detection, scope short-circuits) + existing approval/secret/delete suites green; golangci-lint clean. Full flag-on→202 path covered by the real-PG approval_gate_integration_test.go.

Deferred (documented)

org_token_mint (OrgTokenHandler is org-scoped — no workspace_id to key the approval; needs the org→platform-agent-workspace mapping) and deprovision_workspace (no workspace-server handler — CP-side).

🤖 Generated with Claude Code

Phase 4b — activates the merged 4a approval-gate infra (#2372). ## Scope (the design decision, made explicit) The gate must NOT blanket every caller — that would force every workspace delete/secret-write platform-wide through async approval. Scope is centralized in `gateDestructive`: - **default-OFF** rollout flag `MOLECULE_PLATFORM_APPROVAL_GATE` (mirrors 3a/3c; inert until the platform agent ships, protecting existing org-token automation). - **org-token callers only**: the platform agent runs with an org-admin token (auth middleware sets `org_token_id`); ordinary workspace-token agents + human CP sessions (`cp_session_actor` — the approvers) are NOT gated. Realises the file-header trust boundary ("anything holding an org-admin token still goes through the gate") without gating everyone. ## Wired - `WorkspaceHandler.Delete` → `delete_workspace` - `SecretsHandler.Set` → `secret_write` (context includes the key, so an approval for one secret cant authorise another) `requireApproval`/`gateDestructive` now take the `events.EventEmitter` interface and tolerate a **nil** emitter (SecretsHandler has no broadcaster) — the pending row is still persisted, only the live canvas push is skipped. ## Tests 3 new unit tests (default-off, org-token detection, scope short-circuits) + existing approval/secret/delete suites green; golangci-lint clean. Full flag-on→202 path covered by the real-PG approval_gate_integration_test.go. ## Deferred (documented) `org_token_mint` (OrgTokenHandler is org-scoped — no workspace_id to key the approval; needs the org→platform-agent-workspace mapping) and `deprovision_workspace` (no workspace-server handler — CP-side). 🤖 Generated with [Claude Code](https://claude.com/claude-code)

devops-engineer added 1 commit 2026-06-06 23:18:26 +00:00

feat(approval-gate): wire gateDestructive into live destructive handlers (Phase 4b) ... acb9d81169

Activates the merged 4a approval-gate infra. Scope is centralized in
gateDestructive so each handler is a one-liner, and the policy is uniform +
testable:
  - default-OFF rollout flag MOLECULE_PLATFORM_APPROVAL_GATE (mirrors 3a/3c
    default-off; protects existing org-token automation until the platform
    agent ships);
  - ONLY org-token callers are gated. The platform agent runs with
    MOLECULE_API_KEY=<org-admin token> (auth middleware sets org_token_id);
    ordinary workspace-token agents and human CP-session operators are NOT
    gated, so normal operation is byte-identical. Realises the file-header
    trust boundary without gating everyone.

Wired: WorkspaceHandler.Delete (delete_workspace) + SecretsHandler.Set
(secret_write). requireApproval/gateDestructive now take the events.EventEmitter
interface and tolerate a nil emitter (SecretsHandler is broadcaster-less) — the
pending approval row is still persisted, only the live canvas push is skipped.

3 new unit tests (flag default-off, org-token detection, scope short-circuits)
+ existing approval/secret/delete suites green; golangci-lint clean.

Deferred (documented follow-on): org_token_mint (OrgTokenHandler is org-scoped,
no workspace_id to key the approval) + deprovision_workspace (no workspace-server
handler — lives CP-side).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

molecule-code-reviewer approved these changes 2026-06-06 23:25:09 +00:00

molecule-code-reviewer left a comment

Member

Copy Link

Copy Source

Independent review confirmed: scope is centralized + default-off (MOLECULE_PLATFORM_APPROVAL_GATE) + org-token-only (org_token_id), so ordinary workspace/CP callers are byte-identical; nil EventEmitter handled (pending row still persisted); context-sensitive request_hash (key/name); 3 unit tests + existing suites green. Approving.

Independent review confirmed: scope is centralized + default-off (MOLECULE_PLATFORM_APPROVAL_GATE) + org-token-only (org_token_id), so ordinary workspace/CP callers are byte-identical; nil EventEmitter handled (pending row still persisted); context-sensitive request_hash (key/name); 3 unit tests + existing suites green. Approving.

core-security approved these changes 2026-06-06 23:25:19 +00:00

core-security left a comment

Member

Copy Link

Copy Source

Security review: gate is fail-safe default-off, scoped to org-admin-token callers per the trust boundary; secret-write approval keyed by secret key (no cross-secret authorization); no regression to normal ops. Approving.

Security review: gate is fail-safe default-off, scoped to org-admin-token callers per the trust boundary; secret-write approval keyed by secret key (no cross-secret authorization); no regression to normal ops. Approving.

devops-engineer merged commit 884ae06e9f into main 2026-06-06 23:25:29 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

molecule-code-reviewer

core-security

Labels

Clear labels

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

platform/go

Go platform test issues

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2382