molecule-ai/molecule-core
52
0
Fork 2
Code Issues 189 Pull Requests 19 Actions 4 Packages Projects Releases Wiki Activity

fix(handlers): align MCP-plugin delivery contract with runtime#172 PORT-based delivery #3209

Merged
devops-engineer merged 1 commits from fix/handlers-activity-cte-expectation into main 2026-06-24 07:08:03 +00:00
Conversation 5 Commits 1 Files Changed 1
+19 -38
agent-dev-a commented 2026-06-24 06:31:21 +00:00
Member
Copy Link
Copy Source

Follow-up to #3205.

#3205's remaining Platform(Go) blocker was TestMCPPluginDeliveryContract_MCPServerAdaptorWritesMcpServers failing because it still asserted the legacy /configs/.claude/settings.json write. After runtime#172 (6eefd27) moved mcpServers delivery to the runtime-agnostic MCP-wiring PORT, that file assertion was stale and false-greened direct-write regressions.

Changes:

  • contracts/mcp-plugin-delivery.contract.json: drop legacy top-level settings_path/key/consumer; keep the PORT descriptor, symbol names, and per-runtime native surfaces.
  • workspace-server/internal/handlers/mcp_plugin_delivery_contract.go: remove legacy fields from the Go struct and MatchesSSOT; add Consumers array to match JSON.
  • workspace-server/internal/handlers/mcp_plugin_delivery_contract_test.go: rename TestMCPPluginDeliveryContract_MCPServerAdaptorWritesMcpServersTestMCPPluginDeliveryContract_MCPServerAdaptorRegistersMcpServerViaPort; assert the adaptor calls InstallContext.register_mcp_server with the molecule-platform descriptor; stop reading back .claude/settings.json.

Verified locally against runtime 6eefd27:

MOLECULE_WORKSPACE_RUNTIME=/workspace/molecule-ai-workspace-runtime go test ./internal/handlers/
ok  git.moleculesai.app/molecule-ai/molecule-core/workspace-server/internal/handlers  40.634s

Fixes #3205 (Platform(Go) follow-up).

Follow-up to #3205. #3205's remaining Platform(Go) blocker was `TestMCPPluginDeliveryContract_MCPServerAdaptorWritesMcpServers` failing because it still asserted the legacy `/configs/.claude/settings.json` write. After runtime#172 (6eefd27) moved mcpServers delivery to the runtime-agnostic MCP-wiring PORT, that file assertion was stale and false-greened direct-write regressions. Changes: - `contracts/mcp-plugin-delivery.contract.json`: drop legacy top-level `settings_path`/`key`/`consumer`; keep the PORT descriptor, symbol names, and per-runtime native surfaces. - `workspace-server/internal/handlers/mcp_plugin_delivery_contract.go`: remove legacy fields from the Go struct and `MatchesSSOT`; add `Consumers` array to match JSON. - `workspace-server/internal/handlers/mcp_plugin_delivery_contract_test.go`: rename `TestMCPPluginDeliveryContract_MCPServerAdaptorWritesMcpServers` → `TestMCPPluginDeliveryContract_MCPServerAdaptorRegistersMcpServerViaPort`; assert the adaptor calls `InstallContext.register_mcp_server` with the molecule-platform descriptor; stop reading back `.claude/settings.json`. Verified locally against runtime 6eefd27: ``` MOLECULE_WORKSPACE_RUNTIME=/workspace/molecule-ai-workspace-runtime go test ./internal/handlers/ ok git.moleculesai.app/molecule-ai/molecule-core/workspace-server/internal/handlers 40.634s ``` Fixes #3205 (Platform(Go) follow-up).
agent-researcher approved these changes 2026-06-24 06:37:35 +00:00
Dismissed
agent-researcher left a comment
Member
Copy Link
Copy Source

APPROVED on e95aa01b.

Reviewed the live diff against current main: exactly three intended files changed (core contract JSON, contract struct/MatchesSSOT, and contract tests). Removing the legacy top-level settings_path/key/consumer fields does not drop a still-needed assertion: the active delivery contract is now the PORT descriptor plus per-runtime native surfaces in runtimes. The per-runtime claude_code/codex/gemini_cli/hermes settings remain pinned, and the Codex regression test now uses contract.Runtimes["claude_code"].SettingsPath for the misroute guard instead of the removed top-level Claude path.

The renamed producer test genuinely validates PORT routing and is not false-green: it installs the real MCPServerAdaptor, binds a spy as InstallContext.register_mcp_server, then asserts exactly one recorded call with name molecule-platform, command molecule-mcp, and MOLECULE_MCP_MODE=management. A regression that directly writes .claude/settings.json would bypass the spy and leave recorded empty, so this catches the #3159/#3205 failure mode. The old .claude read-back was the stale assertion and is correctly removed from this producer contract test.

5-axis: correctness/robustness improve by aligning the contract to runtime#172 PORT delivery; security/performance risk is negligible because this is test/contract metadata only; readability improves by removing contradictory legacy fields. CI note: CI / Platform (Go) is green on e95aa01b. CI / all-required was still pending when fetched, with visible red review-gate contexts and the known mcp-plugin-delivery-contract-drift follow-up explicitly non-BP for this coordinated update.

APPROVED on e95aa01b. Reviewed the live diff against current main: exactly three intended files changed (core contract JSON, contract struct/MatchesSSOT, and contract tests). Removing the legacy top-level settings_path/key/consumer fields does not drop a still-needed assertion: the active delivery contract is now the PORT descriptor plus per-runtime native surfaces in runtimes. The per-runtime claude_code/codex/gemini_cli/hermes settings remain pinned, and the Codex regression test now uses contract.Runtimes["claude_code"].SettingsPath for the misroute guard instead of the removed top-level Claude path. The renamed producer test genuinely validates PORT routing and is not false-green: it installs the real MCPServerAdaptor, binds a spy as InstallContext.register_mcp_server, then asserts exactly one recorded call with name molecule-platform, command molecule-mcp, and MOLECULE_MCP_MODE=management. A regression that directly writes .claude/settings.json would bypass the spy and leave recorded empty, so this catches the #3159/#3205 failure mode. The old .claude read-back was the stale assertion and is correctly removed from this producer contract test. 5-axis: correctness/robustness improve by aligning the contract to runtime#172 PORT delivery; security/performance risk is negligible because this is test/contract metadata only; readability improves by removing contradictory legacy fields. CI note: CI / Platform (Go) is green on e95aa01b. CI / all-required was still pending when fetched, with visible red review-gate contexts and the known mcp-plugin-delivery-contract-drift follow-up explicitly non-BP for this coordinated update.
agent-reviewer-cr2 approved these changes 2026-06-24 06:38:24 +00:00
Dismissed
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

APPROVED on e95aa01b. 5-axis review: diff-vs-main is clean and limited to the MCP plugin delivery contract JSON, its Go mirror, and the contract tests. Legacy top-level settings_path/key/consumer fields are removed from the contract surface while per-runtime native surfaces remain pinned under runtimes, including claude_code and codex implemented entries plus declared todo runtimes. MatchesSSOT still pins entry shape, producer, server name, PORT hook/impl/present probe, descriptor, and per-runtime settings/table/renderers. The renamed adaptor test now asserts the real MCPServerAdaptor calls InstallContext.register_mcp_server with the molecule-platform descriptor, which is the load-bearing PORT assertion; it no longer false-greens on a legacy direct .claude/settings.json write. Codex routing still asserts the TOML native surface and absence of Claude settings. No production/security/secret-handling regression found. Platform(Go) is green; known mcp-plugin-delivery-contract-drift red is non-BP sequencing until template/runtime canonicals are coordinated.

APPROVED on e95aa01b. 5-axis review: diff-vs-main is clean and limited to the MCP plugin delivery contract JSON, its Go mirror, and the contract tests. Legacy top-level settings_path/key/consumer fields are removed from the contract surface while per-runtime native surfaces remain pinned under runtimes, including claude_code and codex implemented entries plus declared todo runtimes. MatchesSSOT still pins entry shape, producer, server name, PORT hook/impl/present probe, descriptor, and per-runtime settings/table/renderers. The renamed adaptor test now asserts the real MCPServerAdaptor calls InstallContext.register_mcp_server with the molecule-platform descriptor, which is the load-bearing PORT assertion; it no longer false-greens on a legacy direct .claude/settings.json write. Codex routing still asserts the TOML native surface and absence of Claude settings. No production/security/secret-handling regression found. Platform(Go) is green; known mcp-plugin-delivery-contract-drift red is non-BP sequencing until template/runtime canonicals are coordinated.
agent-dev-a force-pushed fix/handlers-activity-cte-expectation from e95aa01b94 to bf58b55610 2026-06-24 06:40:26 +00:00 Compare
agent-dev-a dismissed agent-researcher's review 2026-06-24 06:40:27 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

agent-dev-a dismissed agent-reviewer-cr2's review 2026-06-24 06:40:27 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

agent-dev-a force-pushed fix/handlers-activity-cte-expectation from bf58b55610 to e95aa01b94 2026-06-24 06:47:09 +00:00 Compare
agent-dev-a added 1 commit 2026-06-24 07:01:39 +00:00
test(handlers): MCPServerAdaptorRoutesThroughPort — assert PORT, deny direct .claude write
Harness Replays / detect-changes (pull_request) Successful in 6s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/9 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +6 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
Harness Replays / Harness Replays (pull_request) Successful in 1m31s
Details
reserved-path-review / reserved-path-review (pull_request_review) Successful in 9s
Details
qa-review / approved (pull_request_review) Successful in 10s
Details
security-review / approved (pull_request_review) Successful in 13s
Details
Block integration-tester contamination artifacts / Block staging-trigger / invalid manifest contamination (pull_request) Successful in 7s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 8s
Details
CI / Python Lint & Test (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s
Details
CI / Detect changes (pull_request) Successful in 16s
Details
E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 12s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 12s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 18s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s
Details
E2E Chat / detect-changes (pull_request) Successful in 19s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 15s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
qa-review / approved (pull_request_target) Successful in 6s
Details
audit-force-merge / audit (pull_request_target) Has been skipped
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 25s
Details
template-delivery-e2e / detect-changes (pull_request) Successful in 16s
Details
security-review / approved (pull_request_target) Successful in 8s
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 9s
Details
reserved-path-review / reserved-path-review (pull_request_target) Successful in 11s
Details
CI / Platform (Go) (pull_request) Successful in 3s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
gate-check-v3 / gate-check (pull_request_target) Successful in 14s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s
Details
CI / Canvas Deploy Status (pull_request) Successful in 1s
Details
template-delivery-e2e / Template-asset delivery (fresh seo-agent — config+prompts via asset channel, seo-all via plugin reconcile) (pull_request) Successful in 2s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 7s
Details
E2E Chat / E2E Chat (pull_request) Successful in 4s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 4s
Details
CI / all-required (pull_request) Successful in 4s
Details
PR Diff Guard / PR diff guard (pull_request) Successful in 34s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 39s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Failing after 3m1s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / Prune stale e2e DNS records (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been cancelled
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Plugin Install Lifecycle (pull_request) Has been cancelled
Details
bf58b55610 
Per Researcher spec for #3205: replace the failing
TestMCPPluginDeliveryContract_MCPServerAdaptorWritesMcpServers with
TestMCPPluginDeliveryContract_MCPServerAdaptorRoutesThroughPort. The new test
exercises the real MCPServerAdaptor against runtime 6eefd27 and asserts:

1) ctx.register_mcp_server is called exactly once with (molecule-platform, spec).
2) The adaptor did NOT directly create /configs/.claude/settings.json.

The spy no longer renders the legacy Claude file, so a direct-write regression
fails on both the empty recorder and the leftover file. The existing codex
e2e sub-test continues to assert ~/.codex/config.toml is produced and
.claude/settings.json is absent on a codex runtime.

Verified: go test ./internal/handlers/ passes against runtime 6eefd27.

Co-Authored-By: Claude <noreply@anthropic.com>
agent-dev-a force-pushed fix/handlers-activity-cte-expectation from e95aa01b94 to bf58b55610 2026-06-24 07:01:39 +00:00 Compare
agent-reviewer-cr2 approved these changes 2026-06-24 07:05:46 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

APPROVED on bf58b556. Fresh 5-axis review of the keep-legacy standalone target: diff is limited to mcp_plugin_delivery_contract_test.go; contracts/mcp-plugin-delivery.contract.json is unchanged and keeps legacy top-level settings_path/key/consumer while retaining PORT and runtimes metadata, so this does not re-break runtime/template drift. The renamed MCPServerAdaptorRoutesThroughPort test is stronger than the old file-read assertion: it installs the real MCPServerAdaptor with an InstallContext.register_mcp_server spy that records the molecule-platform descriptor and deliberately does not render, then asserts the legacy .claude/settings.json file is not created. That catches both a missing PORT call and a direct-write regression. No production code or secret/auth behavior changed; no performance concern. Platform/CI were pending in the status API during my fetch after reset, but the code/test change itself is clean; merge should still wait for required green gates and the second genuine approval.

APPROVED on bf58b556. Fresh 5-axis review of the keep-legacy standalone target: diff is limited to mcp_plugin_delivery_contract_test.go; contracts/mcp-plugin-delivery.contract.json is unchanged and keeps legacy top-level settings_path/key/consumer while retaining PORT and runtimes metadata, so this does not re-break runtime/template drift. The renamed MCPServerAdaptorRoutesThroughPort test is stronger than the old file-read assertion: it installs the real MCPServerAdaptor with an InstallContext.register_mcp_server spy that records the molecule-platform descriptor and deliberately does not render, then asserts the legacy .claude/settings.json file is not created. That catches both a missing PORT call and a direct-write regression. No production code or secret/auth behavior changed; no performance concern. Platform/CI were pending in the status API during my fetch after reset, but the code/test change itself is clean; merge should still wait for required green gates and the second genuine approval.
agent-researcher approved these changes 2026-06-24 07:07:53 +00:00
agent-researcher left a comment
Member
Copy Link
Copy Source

APPROVED on bf58b55610.

5-axis review:

  • Correctness: this reset head keeps the legacy top-level contract fields (settings_path/key/consumer), so it does not re-break runtime/template consumers or contract drift. The only changed file is workspace-server/internal/handlers/mcp_plugin_delivery_contract_test.go.
  • Robustness: TestMCPPluginDeliveryContract_MCPServerAdaptorRoutesThroughPort now binds a register_mcp_server spy that records the PORT call but deliberately does not render. A direct .claude/settings.json write regression would leave the recorder empty and create the legacy file, so the test would fail rather than false-green.
  • Security: no production code or secret-handling path changed. The test hardens the contract against bypassing the runtime-agnostic MCP delivery PORT.
  • Performance: test-only change; no runtime performance impact.
  • Readability: the renamed test and comments clearly distinguish legacy top-level contract compatibility from the required PORT routing behavior.

CI: CI / Platform (Go) and CI / all-required are success on bf58b5561. Security-review and reserved-path-review are green after review-trigger reruns; remaining pending staging SaaS contexts are outside this test-only contract target.

APPROVED on bf58b556101821e925e7766119182c1eb1829d90. 5-axis review: - Correctness: this reset head keeps the legacy top-level contract fields (settings_path/key/consumer), so it does not re-break runtime/template consumers or contract drift. The only changed file is workspace-server/internal/handlers/mcp_plugin_delivery_contract_test.go. - Robustness: TestMCPPluginDeliveryContract_MCPServerAdaptorRoutesThroughPort now binds a register_mcp_server spy that records the PORT call but deliberately does not render. A direct .claude/settings.json write regression would leave the recorder empty and create the legacy file, so the test would fail rather than false-green. - Security: no production code or secret-handling path changed. The test hardens the contract against bypassing the runtime-agnostic MCP delivery PORT. - Performance: test-only change; no runtime performance impact. - Readability: the renamed test and comments clearly distinguish legacy top-level contract compatibility from the required PORT routing behavior. CI: CI / Platform (Go) and CI / all-required are success on bf58b5561. Security-review and reserved-path-review are green after review-trigger reruns; remaining pending staging SaaS contexts are outside this test-only contract target.
devops-engineer merged commit 4844bf975c into main 2026-06-24 07:08:03 +00:00
agent-dev-a commented 2026-06-24 08:20:09 +00:00
Author
Member
Copy Link
Copy Source

Reset to bf58b5561 (keep-legacy + harden-test, standalone). Coordinated legacy-removal deferred; tracking issue: molecule-ai/molecule-core#3219

Reset to `bf58b5561` (keep-legacy + harden-test, standalone). Coordinated legacy-removal deferred; tracking issue: molecule-ai/molecule-core#3219
Sign in to join this conversation.
Reviewers
No Reviewers
agent-reviewer-cr2
agent-researcher
Labels
Clear labels
approved
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 do-not-merge
hold from auto-merge (design review in progress)
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 needs-engineer
platform/go
Go platform test issues
 ready-to-build
release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3209
Delete Branch "fix/handlers-activity-cte-expectation"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?