molecule-ai/molecule-core
52
0
Fork 2
Code Issues 183 Pull Requests 65 Actions 2 Packages Projects Releases Wiki Activity

refactor(workspace-server): SSOT consolidation for BYO-compute meta-runtimes #2895

Open
agent-dev-b wants to merge 1 commits from fix/byo-compute-meta-runtime-ssot into main
pull from: fix/byo-compute-meta-runtime-ssot
merge into: molecule-ai:main
Conversation 0 Commits 1 Files Changed 3
+188 -25
agent-dev-b commented 2026-06-15 00:26:36 +00:00
Member
Copy Link
Copy Source

Summary

Per PM-triage approval (bounded-fill, low-priority): SSOT consolidation for the BYO-compute meta-runtime set (external, kimi, kimi-cli). The same 3 names were previously hardcoded in 4 separate sites with 3 different shapes — adding a new BYO-compute meta-runtime required updating all 4 in lockstep. Now a single var externalLikeRuntimes = []string{"external", "kimi", "kimi-cli"} drives all 4.

The drift surface (4 sites, 3 shapes)

# Location Shape (pre-PR)
1 runtime_registry.go:76-88 (fallbackRuntimes map) map[string]struct{}{"external": {}, "kimi": {}, "kimi-cli": {}, ...}
2 runtime_registry.go:109-122 (loadRuntimesFromManifest injection) map[string]struct{}{"external": {}, "kimi": {}, "kimi-cli": {}, "mock": {}}
3 runtime_registry.go:144 (isExternalLikeRuntime switch) case "external", "kimi", "kimi-cli": return true
4 workspace.go:400 (error message) "external workspaces must use runtime \"external\", \"kimi\", or \"kimi-cli\""

isExternalLikeRuntime (#3) is called in 4 different files (plugins.go:245, discovery.go:142, discovery.go:187, registry.go:186). So the SSOT in #3 already drives 4 caller sites; consolidating all 4 means the entire BYO-compute meta-runtime set is provably the same everywhere.

The existing runtime_registry.go docstring (lines 7-15) already documents a prior drift incident in this file: "knownRuntimes was a hardcoded Go map in workspace_provision.go, kept in sync MANUALLY...". This PR eliminates the next drift surface (the BYO-compute meta-runtime set) in the same file.

Changes

File Lines Purpose
workspace-server/internal/handlers/runtime_registry.go +92/-23 New externalLikeRuntimes SSOT; new joinExternalLikeRuntimesForMessage() helper; derive all 3 sites from SSOT; isExternalLikeRuntime switch → loop
workspace-server/internal/handlers/workspace.go +5/-1 Error message now uses joinExternalLikeRuntimesForMessage()
workspace-server/internal/handlers/runtime_registry_test.go +92/-0 New TestExternalLikeRuntimesConsistent pin test

Total: +188/-25 across 3 files.

Behavior-preserving

The pin test (TestExternalLikeRuntimesConsistent) asserts identical resolved shapes before and after the consolidation:

  • externalLikeRuntimes length and order match {"external", "kimi", "kimi-cli"} exactly
  • fallbackRuntimes contains the SSOT + claude-code / hermes / openclaw / codex / mock (8 entries total — same as pre-PR)
  • loadRuntimesFromManifest injects the SSOT + mock (4 entries — same as pre-PR)
  • isExternalLikeRuntime returns true for each SSOT entry and false for claude-code / hermes / openclaw / codex / mock / unknown-runtime-xyz (same as pre-PR)
  • joinExternalLikeRuntimesForMessage() produces the exact wire shape "external", "kimi", or "kimi-cli"
  • The full workspace.go:400 error body is external workspaces must use runtime "external", "kimi", or "kimi-cli" (verbatim preserved)

No API contract change, no migration, no test deletion, no caller update.

Verification

  • go build ./... — clean
  • go vet ./internal/handlers/ — clean
  • gofmt -l — clean
  • go test ./internal/handlers/ — 25.3s, all green
  • TestExternalLikeRuntimesConsistent — PASS
  • All 5 existing TestLoadRuntimesFromManifest_* / TestInitTemplateRepoByName_* tests pass unchanged

Out of scope (per PM scope agreement)

  • Canvas TS RUNTIME_OPTIONS list (canvas/src/components/tabs/ContainerConfigTab.tsx:48) — out of lane for a Go-side bounded fill, and the user-facing canvas dropdown has different semantics (it's a list of all user-selectable runtimes, not just the BYO-compute subset).
  • Renaming mock into the externalLikeRuntimes set — intentionally separate. mock is virtual-only (no container, no EC2), never user-selected (only the funding-demo org uses it), and has different A2A-reply semantics. Folding it into the SSOT would conflate "BYO-compute meta-runtime" (user-facing) with "virtual test runtime" (test-only). The pin test asserts mock is in fallbackRuntimes and in the loadRuntimesFromManifest injection but NOT in externalLikeRuntimes — locks the boundary.

Routing

Routes to 1-genuine (low-priority, per PM scope agreement). Will not block the security / main-red queue. No self-merge. Will pivot off this work instantly if any of (a) #2853 re-review RC, (b) Kimi #2851 Go-consumption request, (c) driver's #2818 scope call lands.

🤖 Generated with Claude Code

## Summary Per PM-triage approval (bounded-fill, low-priority): SSOT consolidation for the BYO-compute meta-runtime set (`external`, `kimi`, `kimi-cli`). The same 3 names were previously hardcoded in **4 separate sites with 3 different shapes** — adding a new BYO-compute meta-runtime required updating all 4 in lockstep. Now a single `var externalLikeRuntimes = []string{"external", "kimi", "kimi-cli"}` drives all 4. ## The drift surface (4 sites, 3 shapes) | # | Location | Shape (pre-PR) | |---|---|---| | 1 | `runtime_registry.go:76-88` (`fallbackRuntimes` map) | `map[string]struct{}{"external": {}, "kimi": {}, "kimi-cli": {}, ...}` | | 2 | `runtime_registry.go:109-122` (`loadRuntimesFromManifest` injection) | `map[string]struct{}{"external": {}, "kimi": {}, "kimi-cli": {}, "mock": {}}` | | 3 | `runtime_registry.go:144` (`isExternalLikeRuntime` switch) | `case "external", "kimi", "kimi-cli": return true` | | 4 | `workspace.go:400` (error message) | `"external workspaces must use runtime \"external\", \"kimi\", or \"kimi-cli\""` | `isExternalLikeRuntime` (#3) is called in 4 different files (`plugins.go:245`, `discovery.go:142`, `discovery.go:187`, `registry.go:186`). So the SSOT in #3 already drives 4 caller sites; consolidating all 4 means the entire BYO-compute meta-runtime set is provably the same everywhere. The existing `runtime_registry.go` docstring (lines 7-15) already documents a prior drift incident in this file: "knownRuntimes was a hardcoded Go map in workspace_provision.go, kept in sync MANUALLY...". This PR eliminates the next drift surface (the BYO-compute meta-runtime set) in the same file. ## Changes | File | Lines | Purpose | |---|---|---| | `workspace-server/internal/handlers/runtime_registry.go` | +92/-23 | New `externalLikeRuntimes` SSOT; new `joinExternalLikeRuntimesForMessage()` helper; derive all 3 sites from SSOT; `isExternalLikeRuntime` switch → loop | | `workspace-server/internal/handlers/workspace.go` | +5/-1 | Error message now uses `joinExternalLikeRuntimesForMessage()` | | `workspace-server/internal/handlers/runtime_registry_test.go` | +92/-0 | New `TestExternalLikeRuntimesConsistent` pin test | Total: **+188/-25** across 3 files. ## Behavior-preserving The pin test (`TestExternalLikeRuntimesConsistent`) asserts **identical resolved shapes** before and after the consolidation: - `externalLikeRuntimes` length and order match `{"external", "kimi", "kimi-cli"}` exactly - `fallbackRuntimes` contains the SSOT + `claude-code` / `hermes` / `openclaw` / `codex` / `mock` (8 entries total — same as pre-PR) - `loadRuntimesFromManifest` injects the SSOT + `mock` (4 entries — same as pre-PR) - `isExternalLikeRuntime` returns `true` for each SSOT entry and `false` for `claude-code` / `hermes` / `openclaw` / `codex` / `mock` / `unknown-runtime-xyz` (same as pre-PR) - `joinExternalLikeRuntimesForMessage()` produces the exact wire shape `"external", "kimi", or "kimi-cli"` - The full `workspace.go:400` error body is `external workspaces must use runtime "external", "kimi", or "kimi-cli"` (verbatim preserved) No API contract change, no migration, no test deletion, no caller update. ## Verification - `go build ./...` — clean - `go vet ./internal/handlers/` — clean - `gofmt -l` — clean - `go test ./internal/handlers/` — 25.3s, all green - `TestExternalLikeRuntimesConsistent` — PASS - All 5 existing `TestLoadRuntimesFromManifest_*` / `TestInitTemplateRepoByName_*` tests pass unchanged ## Out of scope (per PM scope agreement) - **Canvas TS `RUNTIME_OPTIONS` list** (`canvas/src/components/tabs/ContainerConfigTab.tsx:48`) — out of lane for a Go-side bounded fill, and the user-facing canvas dropdown has different semantics (it's a list of *all* user-selectable runtimes, not just the BYO-compute subset). - **Renaming `mock` into the `externalLikeRuntimes` set** — intentionally separate. `mock` is virtual-only (no container, no EC2), never user-selected (only the funding-demo org uses it), and has different A2A-reply semantics. Folding it into the SSOT would conflate "BYO-compute meta-runtime" (user-facing) with "virtual test runtime" (test-only). The pin test asserts `mock` is in `fallbackRuntimes` and in the `loadRuntimesFromManifest` injection but NOT in `externalLikeRuntimes` — locks the boundary. ## Routing Routes to **1-genuine** (low-priority, per PM scope agreement). Will not block the security / main-red queue. No self-merge. Will pivot off this work instantly if any of (a) #2853 re-review RC, (b) Kimi #2851 Go-consumption request, (c) driver's #2818 scope call lands. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
agent-dev-b added 1 commit 2026-06-15 00:26:37 +00:00
refactor(workspace-server): SSOT consolidation for BYO-compute meta-runtimes
CI / Python Lint & Test (pull_request) Successful in 5s
Details
E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 5s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 6s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
Harness Replays / detect-changes (pull_request) Successful in 9s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
security-review / approved (pull_request_target) Failing after 8s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
qa-review / approved (pull_request_target) Failing after 11s
Details
CI / Detect changes (pull_request) Successful in 15s
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 8s
Details
reserved-path-review / reserved-path-review (pull_request_target) Successful in 10s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 15s
Details
gate-check-v3 / gate-check (pull_request_target) Failing after 14s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
E2E Chat / detect-changes (pull_request) Successful in 17s
Details
CI / Canvas (Next.js) (pull_request) Successful in 3s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 20s
Details
CI / Canvas Deploy Status (pull_request) Successful in 1s
Details
E2E Chat / E2E Chat (pull_request) Successful in 3s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 23s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 30s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 35s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 32s
Details
Harness Replays / Harness Replays (pull_request) Successful in 1m12s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m29s
Details
CI / Platform (Go) (pull_request) Successful in 2m40s
Details
CI / all-required (pull_request) Successful in 4s
Details
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Successful in 5m38s
Details
c7d75fed19 
Per PM-triage approval (bounded-fill, low-priority): consolidate
the BYO-compute meta-runtime set (external, kimi, kimi-cli) into
a single SSOT. Before this PR the same 3 names were hardcoded
in 4 separate sites with 3 different shapes:

1. runtime_registry.go:76-88  fallbackRuntimes map (3 entries)
2. runtime_registry.go:109-122 loadRuntimesFromManifest injection
3. runtime_registry.go:144     isExternalLikeRuntime switch
4. workspace.go:400             error message string literal

Adding a new BYO-compute meta-runtime required updating all 4
sites in lockstep; missing one was a silent drift surface. Now
a single var externalLikeRuntimes = []string{"external", "kimi",
"kimi-cli"} drives all 4.

CHANGES
=======

1. runtime_registry.go: new const-style var externalLikeRuntimes
   is the SINGLE source of truth. fallbackRuntimes builds itself
   from externalLikeRuntimes + the (intentionally-separate) mock
   entry. loadRuntimesFromManifest injects the SSOT into its
   result map the same way. isExternalLikeRuntime converts from
   a hardcoded switch to a loop over the SSOT. New helper
   joinExternalLikeRuntimesForMessage() builds the Oxford-comma
   "external", "kimi", or "kimi-cli" string from the SSOT.

2. workspace.go:400: the 422 error body now uses
   fmt.Sprintf("external workspaces must use runtime %s",
   joinExternalLikeRuntimesForMessage()) so the user-facing
   string derives from the SSOT. A future SSOT change auto-
   propagates to the error message.

3. runtime_registry_test.go: new TestExternalLikeRuntimesConsistent
   pin test locks the resolved shape across all 4 sites. Asserts
   (a) externalLikeRuntimes length and order match {"external",
   "kimi", "kimi-cli"}; (b) fallbackRuntimes contains the SSOT
   + claude-code/hermes/openclaw/codex/mock; (c) isExternalLikeRuntime
   returns true for each SSOT entry and false for template-backed
   runtimes + unknown; (d) joinExternalLikeRuntimesForMessage()
   produces the exact wire shape "external", "kimi", or
   "kimi-cli"; (e) the full error string is preserved verbatim.

BEHAVIOR-PRESERVING
====================

The pin test asserts identical resolved shapes before and after
the consolidation:
  - fallbackRuntimes has the same 8 entries (4 template-backed +
    3 external-like + mock)
  - loadRuntimesFromManifest injects the same 4 entries (3
    external-like + mock) + the manifest-backed entries
  - isExternalLikeRuntime returns the same boolean for every
    runtime input (loop vs switch is mechanical)
  - The user-facing error message produces the same string for
    the same runtime set

No API contract change, no migration, no test deletion, no caller
update. Drift guard (the new pin test) PREVENTS future drift,
doesn't fix existing bugs.

VERIFICATION
============

  - go build ./...  clean
  - go vet ./internal/handlers/  clean
  - gofmt -l  clean
  - go test ./internal/handlers/  25.3s, all green
  - TestExternalLikeRuntimesConsistent  PASS
  - All 5 existing TestLoadRuntimesFromManifest_* / TestInitTemplateRepoByName_*
    tests pass unchanged

OUT OF SCOPE
============

- Canvas TS RUNTIME_OPTIONS list (out of lane for a Go-side
  bounded fill)
- Renaming "mock" into the external-like set (intentionally
  separate — mock is virtual-only, never user-selected, has
  different semantics around A2A replies)

Routes to 1-genuine (low-priority; will not block the security /
main-red queue). Per PM: "the review jam is capacity, not
PR-count, so one more low-pri queued PR doesn't hurt". No
self-merge.
Some optional checks failed
CI / Python Lint & Test (pull_request) Successful in 5s
Details
E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 5s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 6s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Required
Details
Harness Replays / detect-changes (pull_request) Successful in 9s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 6s
Required
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
security-review / approved (pull_request_target) Failing after 8s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
qa-review / approved (pull_request_target) Failing after 11s
Details
CI / Detect changes (pull_request) Successful in 15s
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 8s
Details
reserved-path-review / reserved-path-review (pull_request_target) Successful in 10s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 15s
Details
gate-check-v3 / gate-check (pull_request_target) Failing after 14s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
E2E Chat / detect-changes (pull_request) Successful in 17s
Details
CI / Canvas (Next.js) (pull_request) Successful in 3s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 20s
Details
CI / Canvas Deploy Status (pull_request) Successful in 1s
Details
E2E Chat / E2E Chat (pull_request) Successful in 3s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 23s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 30s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 35s
Required
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 32s
Details
Harness Replays / Harness Replays (pull_request) Successful in 1m12s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m29s
Required
Details
CI / Platform (Go) (pull_request) Successful in 2m40s
Details
CI / all-required (pull_request) Successful in 4s
Required
Details
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Successful in 5m38s
Details
This pull request doesn't have enough required approvals yet. 0 of 1 official approvals granted.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin fix/byo-compute-meta-runtime-ssot:fix/byo-compute-meta-runtime-ssot
git checkout fix/byo-compute-meta-runtime-ssot
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2895
Delete Branch "fix/byo-compute-meta-runtime-ssot"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?