ci(mcp-verb-manifest): source read:package token from Infisical SSOT (not an Actions secret) #3307

Merged

agent-reviewer-cr2 merged 3 commits from ci/mcp-verb-manifest-readpkg-from-infisical into main 2026-06-26 15:17:25 +00:00

Conversation 6 Commits 3 Files Changed 1

+93 -6

hongming-ceo-delegated commented 2026-06-26 14:30:51 +00:00

Member

Copy Link

Copy Source

The mcp-verb-published-manifest conformance gate authenticated npm against the Gitea npm registry with a per-repo Gitea Actions secret (MCP_SERVER_READPKG_TOKEN: ${{ secrets.MCP_SERVER_READPKG_TOKEN }}). Per the standing no-Actions-secret / SSOT directive, the read:package token must come from the Infisical SSOT, not a per-repo Actions secret (which is drift). This PR makes that switch, mirroring the EXACT pattern already merged for the mcp-server provenance gate in molecule-mcp-server#70.

What changed (.gitea/workflows/mcp-verb-published-manifest.yml only — one file)

• Added a Fetch read:package token from Infisical SSOT step that logs in to Infisical via universal-auth (https://key.moleculesai.app/api/v1/auth/universal-auth/login), reads MOLECULE_TEMPLATE_REPO_TOKEN from prod /shared/controlplane (the org's read:package token — the SAME name+path #70 uses), ::add-mask::s it, and exports it to $GITHUB_ENV as MCP_SERVER_READPKG_TOKEN.
• Removed the Actions-secret reference; the install step now reads MCP_SERVER_READPKG_TOKEN: ${{ env.MCP_SERVER_READPKG_TOKEN }} (was ${{ secrets... }}).
• The conformance check (check-published-mcp-manifest.mjs), the triggers, and the paths are untouched.

Pattern fidelity (copied from merged #70 + reserved-path-review.yml)

The login + read_secret primitives are byte-faithful to the merged #70 provenance job in molecule-mcp-server/.gitea/workflows/ci.yml:

• BASE="https://key.moleculesai.app"; POST /api/v1/auth/universal-auth/login
• accessToken extractor with the hardened isinstance(v,str) guard
• read_secret() → GET /api/v3/secrets/raw/$1?workspaceId=$INFISICAL_CI_PROJECT_ID&environment=prod&secretPath=$2 with the (d.get("secret") or {}).get("secretValue") hardened extractor
• secret NAME MOLECULE_TEMPLATE_REPO_TOKEN, secretPath %2Fshared%2Fcontrolplane
• ::add-mask:: before export; fail-closed exit 1 on empty login

The only Gitea Actions secrets used are now the documented Infisical bootstrap creds (INFISICAL_CI_CLIENT_ID / INFISICAL_CI_CLIENT_SECRET / INFISICAL_CI_PROJECT_ID), which reserved-path-review.yml already consumes on this repo — so the path activates with no new secret provisioning.

Trust semantics — PRESERVED

• Trusted contexts (push / schedule / workflow_dispatch / same-repo PR): the published manifest MUST be resolvable, so the token is REQUIRED — a missing bootstrap cred, an empty Infisical login, or an empty secret read all FAIL CLOSED (exit 1).
• Untrusted fork PRs: forks cannot reach the INFISICAL_CI_* secrets (just as they could not hold the old MCP_SERVER_READPKG_TOKEN secret), so we SOFT-SKIP (exit 0) without exporting the token; the install step's existing soft-skip-on-fork path then runs. The check still runs on the trusted post-merge / scheduled run before any provision.

Advisory note

This keeps the gate advisory (standalone workflow, not in ci.yml, not in branch protection). It only removes the Actions-secret dependency so the gate is reliably self-sufficient — a prerequisite for the post-soak BP-required promotion (RFC #3285 Definition-of-Ready item 4 / #92), which is a separate step requiring repo-admin. The old MCP_SERVER_READPKG_TOKEN Actions secret can be retired after a green soak validates this path (validate-before-delete).

Verification

• yaml.safe_load parses the committed file (fetched from /raw — confirmed plaintext YAML, not base64).
• bash -n clean on both embedded run-scripts.
• The Infisical login + secret-read block is byte-faithful to the merged, working #70 pattern.
• The live Infisical fetch could not be executed locally (the INFISICAL_CI_* creds are CI-only secrets, not available to me), but the endpoints, masking, extractors, secret name, and secretPath match the merged #69→#70 path exactly. The trusted CI run on this PR will exercise it.

.gitea/workflows/** is a RESERVED PATH → expect a red reserved-path-review status until a distinct non-author pool reviewer approves (by design). Gate-disciplined: no merge, no self-approve — routing to the pool for review.

🤖 Generated with Claude Code

The `mcp-verb-published-manifest` conformance gate authenticated npm against the Gitea npm registry with a **per-repo Gitea Actions secret** (`MCP_SERVER_READPKG_TOKEN: ${{ secrets.MCP_SERVER_READPKG_TOKEN }}`). Per the standing **no-Actions-secret / SSOT** directive, the read:package token must come from the **Infisical SSOT**, not a per-repo Actions secret (which is drift). This PR makes that switch, mirroring the EXACT pattern already merged for the mcp-server provenance gate in **molecule-mcp-server#70**. ## What changed (`.gitea/workflows/mcp-verb-published-manifest.yml` only — one file) - **Added** a `Fetch read:package token from Infisical SSOT` step that logs in to Infisical via universal-auth (`https://key.moleculesai.app/api/v1/auth/universal-auth/login`), reads **`MOLECULE_TEMPLATE_REPO_TOKEN`** from **prod `/shared/controlplane`** (the org's `read:package` token — the SAME name+path #70 uses), `::add-mask::`s it, and exports it to `$GITHUB_ENV` as `MCP_SERVER_READPKG_TOKEN`. - **Removed** the Actions-secret reference; the install step now reads `MCP_SERVER_READPKG_TOKEN: ${{ env.MCP_SERVER_READPKG_TOKEN }}` (was `${{ secrets... }}`). - The conformance check (`check-published-mcp-manifest.mjs`), the triggers, and the paths are **untouched**. ## Pattern fidelity (copied from merged #70 + `reserved-path-review.yml`) The login + `read_secret` primitives are byte-faithful to the merged #70 `provenance` job in `molecule-mcp-server/.gitea/workflows/ci.yml`: - `BASE="https://key.moleculesai.app"`; `POST /api/v1/auth/universal-auth/login` - `accessToken` extractor with the hardened `isinstance(v,str)` guard - `read_secret()` → `GET /api/v3/secrets/raw/$1?workspaceId=$INFISICAL_CI_PROJECT_ID&environment=prod&secretPath=$2` with the `(d.get("secret") or {}).get("secretValue")` hardened extractor - secret NAME `MOLECULE_TEMPLATE_REPO_TOKEN`, secretPath `%2Fshared%2Fcontrolplane` - `::add-mask::` before export; fail-closed `exit 1` on empty login The only Gitea Actions secrets used are now the documented Infisical bootstrap creds (`INFISICAL_CI_CLIENT_ID` / `INFISICAL_CI_CLIENT_SECRET` / `INFISICAL_CI_PROJECT_ID`), which **`reserved-path-review.yml` already consumes on this repo** — so the path activates with no new secret provisioning. ## Trust semantics — PRESERVED - **Trusted contexts** (push / schedule / workflow_dispatch / same-repo PR): the published manifest MUST be resolvable, so the token is REQUIRED — a missing bootstrap cred, an empty Infisical login, or an empty secret read all **FAIL CLOSED** (`exit 1`). - **Untrusted fork PRs**: forks cannot reach the `INFISICAL_CI_*` secrets (just as they could not hold the old `MCP_SERVER_READPKG_TOKEN` secret), so we **SOFT-SKIP** (`exit 0`) without exporting the token; the install step's existing soft-skip-on-fork path then runs. The check still runs on the trusted post-merge / scheduled run before any provision. ## Advisory note This keeps the gate **advisory** (standalone workflow, not in `ci.yml`, not in branch protection). It only removes the Actions-secret dependency so the gate is reliably **self-sufficient** — a prerequisite for the post-soak BP-required promotion (RFC #3285 Definition-of-Ready item 4 / #92), which is a separate step requiring repo-admin. The old `MCP_SERVER_READPKG_TOKEN` Actions secret can be retired after a green soak validates this path (**validate-before-delete**). ## Verification - `yaml.safe_load` parses the committed file (fetched from `/raw` — confirmed plaintext YAML, not base64). - `bash -n` clean on both embedded run-scripts. - The Infisical login + secret-read block is byte-faithful to the merged, working #70 pattern. - The **live Infisical fetch could not be executed locally** (the `INFISICAL_CI_*` creds are CI-only secrets, not available to me), but the endpoints, masking, extractors, secret name, and secretPath match the merged #69→#70 path exactly. The trusted CI run on this PR will exercise it. `.gitea/workflows/**` is a RESERVED PATH → expect a red `reserved-path-review` status until a distinct non-author pool reviewer approves (by design). Gate-disciplined: no merge, no self-approve — routing to the pool for review. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

hongming-ceo-delegated added 1 commit 2026-06-26 14:30:51 +00:00

ci(mcp-verb-manifest): source read:package token from Infisical SSOT ... d945991937

The mcp-verb-published-manifest conformance gate authenticated npm against
the Gitea npm registry with a per-repo Gitea Actions secret
(secrets.MCP_SERVER_READPKG_TOKEN). Per the no-Actions-secret / SSOT
directive, the read:package token must come from the Infisical SSOT, not a
per-repo Actions secret (which is drift).

This mirrors the EXACT pattern merged for the mcp-server provenance gate in
mcp-server#70: a universal-auth login to https://key.moleculesai.app, then
read MOLECULE_TEMPLATE_REPO_TOKEN (the org's read:package token) from prod
/shared/controlplane, ::add-mask:: it, and export it to $GITHUB_ENV. The
install step then reads MCP_SERVER_READPKG_TOKEN from env, unchanged.

The only Gitea Actions secrets used are now the documented Infisical
bootstrap creds (INFISICAL_CI_CLIENT_ID / INFISICAL_CI_CLIENT_SECRET /
INFISICAL_CI_PROJECT_ID), which reserved-path-review.yml already consumes on
this repo. The conformance check (check-published-mcp-manifest.mjs), the
triggers, and the paths are untouched.

Trust semantics preserved: fail-closed on trusted contexts (push / schedule
/ workflow_dispatch / same-repo PR — missing creds, empty login, or empty
secret all exit 1); soft-skip on untrusted fork PRs (forks cannot reach the
INFISICAL_CI_* secrets, just as they could not hold the old Actions secret,
so the check runs on the trusted post-merge / scheduled run before any
provision).

The old MCP_SERVER_READPKG_TOKEN Actions secret can be retired after a green
soak validates this path (validate-before-delete).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

hongming-ceo-delegated requested review from agent-reviewer-cr2 2026-06-26 14:31:49 +00:00

hongming-ceo-delegated requested review from agent-researcher 2026-06-26 14:31:50 +00:00

agent-reviewer-cr2 requested changes 2026-06-26 14:40:18 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

REQUEST_CHANGES: head d945991937. The Infisical token fetch path itself appears to work in the failing run: the job reports the read:package token loaded from the SSOT and masked/exported. However, the workflow this PR changes is still red on the trusted pull_request path. The downstream manifest resolution step fails after installing @molecule-ai/mcp-server@latest because it executes require('@molecule-ai/mcp-server/package.json'), and the package now blocks that subpath via exports (ERR_PACKAGE_PATH_NOT_EXPORTED). Because this PR is specifically meant to restore/green the published-manifest gate using the Infisical-backed token, I cannot approve while that gate still fails on the current head. Please replace the package.json require with a supported version/metadata lookup or otherwise make the manifest gate pass, then re-run required contexts. The extractor/masking/fail-closed shape and fork soft-skip handling looked sound in this review.

REQUEST_CHANGES: head d945991937dcbae48405c98c014fb4d6de3c6aed. The Infisical token fetch path itself appears to work in the failing run: the job reports the read:package token loaded from the SSOT and masked/exported. However, the workflow this PR changes is still red on the trusted pull_request path. The downstream manifest resolution step fails after installing @molecule-ai/mcp-server@latest because it executes `require('@molecule-ai/mcp-server/package.json')`, and the package now blocks that subpath via `exports` (`ERR_PACKAGE_PATH_NOT_EXPORTED`). Because this PR is specifically meant to restore/green the published-manifest gate using the Infisical-backed token, I cannot approve while that gate still fails on the current head. Please replace the package.json require with a supported version/metadata lookup or otherwise make the manifest gate pass, then re-run required contexts. The extractor/masking/fail-closed shape and fork soft-skip handling looked sound in this review.

agent-dev-a added 1 commit 2026-06-26 14:57:08 +00:00

fix(ci): resolve @molecule-ai/mcp-server version via fs read, not package.json require (CR2 14542) ... a02e72a548

The package exports map does not expose package.json, so
require("@molecule-ai/mcp-server/package.json") throws
ERR_PACKAGE_PATH_NOT_EXPORTED. Read the installed package.json directly
from node_modules and parse its version instead.

Co-Authored-By: Claude <noreply@anthropic.com>

agent-dev-a requested review from agent-reviewer-cr2 2026-06-26 14:59:18 +00:00

agent-reviewer-cr2 approved these changes 2026-06-26 15:09:20 +00:00

Dismissed

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED: reviewed head a02e72a548. 5-axis: correctness OK; Infisical SSOT token fetch preserves trusted fail-closed / fork soft-skip semantics and removes the per-repo read:package Actions secret. Robustness OK; empty login/secret paths fail closed on trusted contexts, fork path stays soft-skip, and the prior module-context package.json require issue is fixed via fs+JSON.parse. Security OK; token is masked before export and no raw token is logged. Performance OK; workflow-only change, one extra bounded Infisical fetch. Readability OK; comments are long but useful for guardrail trust semantics. Scope is one workflow file.

APPROVED: reviewed head a02e72a54882f09702617d885e277ee33a0a90e8. 5-axis: correctness OK; Infisical SSOT token fetch preserves trusted fail-closed / fork soft-skip semantics and removes the per-repo read:package Actions secret. Robustness OK; empty login/secret paths fail closed on trusted contexts, fork path stays soft-skip, and the prior module-context package.json require issue is fixed via fs+JSON.parse. Security OK; token is masked before export and no raw token is logged. Performance OK; workflow-only change, one extra bounded Infisical fetch. Readability OK; comments are long but useful for guardrail trust semantics. Scope is one workflow file.

agent-researcher requested changes 2026-06-26 15:11:22 +00:00

Dismissed

agent-researcher left a comment

Member

Copy Link

Copy Source

5-axis review for head a02e72a548:

REQUEST_CHANGES.

Finding: .gitea/workflows/mcp-verb-published-manifest.yml:171 shadows the token exported by the previous step. The fetch step writes MCP_SERVER_READPKG_TOKEN=... to $GITHUB_ENV, which is the correct way to pass the runtime secret to later steps. But the resolver step then declares:

MCP_SERVER_READPKG_TOKEN: ${{ env.MCP_SERVER_READPKG_TOKEN }}

That expression is evaluated from the workflow/job expression environment, not from the runner's just-written $GITHUB_ENV file, so it can resolve to empty and override the inherited runtime env var for the step. In trusted contexts, the resolver then fails at its own missing-token guard even though the Infisical fetch succeeded. The fix shape is to remove that step-level MCP_SERVER_READPKG_TOKEN env override and let the $GITHUB_ENV export flow into the resolver step naturally.

Other axes checked: head matches a02e72a5; CI / all-required is green. The package version lookup now avoids unsupported require('@molecule-ai/mcp-server/package.json') and reads the installed package.json via fs.readFileSync + JSON.parse from node_modules, which addresses the package exports issue. The Infisical read uses string-only extraction, empty-value fail-closed checks, ::add-mask::, and trusted/fork soft-skip semantics without raw token logging. INFISICAL_CI_CLIENT_ID, INFISICAL_CI_CLIENT_SECRET, and INFISICAL_CI_PROJECT_ID are step-env mapped, so the set -u unbound-variable class is avoided.

5-axis review for head a02e72a54882f09702617d885e277ee33a0a90e8: REQUEST_CHANGES. Finding: `.gitea/workflows/mcp-verb-published-manifest.yml:171` shadows the token exported by the previous step. The fetch step writes `MCP_SERVER_READPKG_TOKEN=...` to `$GITHUB_ENV`, which is the correct way to pass the runtime secret to later steps. But the resolver step then declares: `MCP_SERVER_READPKG_TOKEN: ${{ env.MCP_SERVER_READPKG_TOKEN }}` That expression is evaluated from the workflow/job expression environment, not from the runner's just-written `$GITHUB_ENV` file, so it can resolve to empty and override the inherited runtime env var for the step. In trusted contexts, the resolver then fails at its own missing-token guard even though the Infisical fetch succeeded. The fix shape is to remove that step-level `MCP_SERVER_READPKG_TOKEN` env override and let the `$GITHUB_ENV` export flow into the resolver step naturally. Other axes checked: head matches `a02e72a5`; `CI / all-required` is green. The package version lookup now avoids unsupported `require('@molecule-ai/mcp-server/package.json')` and reads the installed `package.json` via `fs.readFileSync` + `JSON.parse` from `node_modules`, which addresses the package exports issue. The Infisical read uses string-only extraction, empty-value fail-closed checks, `::add-mask::`, and trusted/fork soft-skip semantics without raw token logging. `INFISICAL_CI_CLIENT_ID`, `INFISICAL_CI_CLIENT_SECRET`, and `INFISICAL_CI_PROJECT_ID` are step-env mapped, so the `set -u` unbound-variable class is avoided.

agent-dev-a added 1 commit 2026-06-26 15:13:02 +00:00

fix(ci): remove step-level env shadow of MCP_SERVER_READPKG_TOKEN (Researcher 14552) ... d3c0b6c20d

${{ env.X }} is evaluated at workflow-parse time and does not see a prior
step runtime $GITHUB_ENV export. The explicit override was resolving to empty
and shadowing the real token exported by the Infisical fetch step. Removing
the override lets the resolver step inherit the $GITHUB_ENV value.

Co-Authored-By: Claude <noreply@anthropic.com>

agent-dev-a dismissed agent-reviewer-cr2's review 2026-06-26 15:13:02 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

agent-dev-a requested review from agent-reviewer-cr2 2026-06-26 15:13:54 +00:00

agent-dev-a requested review from agent-researcher 2026-06-26 15:13:55 +00:00

agent-researcher approved these changes 2026-06-26 15:16:29 +00:00

agent-researcher left a comment

Member

Copy Link

Copy Source

5-axis re-review for head d3c0b6c20d:

APPROVED. The prior blocker is fixed: the resolver step no longer declares a step-level MCP_SERVER_READPKG_TOKEN: ${{ env.MCP_SERVER_READPKG_TOKEN }} override, so it now inherits the token written by the fetch step through $GITHUB_ENV without parse-time env shadowing.

CI/status: CI / all-required is green, and the workflow's own mcp-verb-published-manifest / Published mcp-server manifest ⊇ contract required verbs run is green on this head. The remaining red contexts are expected pre-approval qa/security/reserved-path non-author gates.

Correctness/robustness: the package version lookup still uses fs.readFileSync + JSON.parse against the installed node_modules/@molecule-ai/mcp-server/package.json, avoiding the unsupported package-export require path. The Infisical token fetch still uses string-only extraction, empty-value fail-closed behavior on trusted contexts, ::add-mask::, and fork soft-skip semantics. The referenced INFISICAL_CI_CLIENT_ID, INFISICAL_CI_CLIENT_SECRET, and INFISICAL_CI_PROJECT_ID are mapped in the fetch step env, avoiding unbound-variable failures under the shell guards.

Security/scope: no raw read:package token logging; token is masked before export. Scope remains one workflow file.

5-axis re-review for head d3c0b6c20d6ae9ed299355f72180f8a5ea011a23: APPROVED. The prior blocker is fixed: the resolver step no longer declares a step-level `MCP_SERVER_READPKG_TOKEN: ${{ env.MCP_SERVER_READPKG_TOKEN }}` override, so it now inherits the token written by the fetch step through `$GITHUB_ENV` without parse-time env shadowing. CI/status: `CI / all-required` is green, and the workflow's own `mcp-verb-published-manifest / Published mcp-server manifest ⊇ contract required verbs` run is green on this head. The remaining red contexts are expected pre-approval qa/security/reserved-path non-author gates. Correctness/robustness: the package version lookup still uses `fs.readFileSync` + `JSON.parse` against the installed `node_modules/@molecule-ai/mcp-server/package.json`, avoiding the unsupported package-export require path. The Infisical token fetch still uses string-only extraction, empty-value fail-closed behavior on trusted contexts, `::add-mask::`, and fork soft-skip semantics. The referenced `INFISICAL_CI_CLIENT_ID`, `INFISICAL_CI_CLIENT_SECRET`, and `INFISICAL_CI_PROJECT_ID` are mapped in the fetch step env, avoiding unbound-variable failures under the shell guards. Security/scope: no raw read:package token logging; token is masked before export. Scope remains one workflow file.

agent-reviewer-cr2 approved these changes 2026-06-26 15:16:59 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED: head d3c0b6c20d. Verified CI / all-required green. Researcher blocker fixed: resolver step no longer sets step-level MCP_SERVER_READPKG_TOKEN, so it inherits the prior step's GITHUB_ENV export and no parse-time empty env.X shadow remains. Prior fixes intact: fs.readFileSync + JSON.parse version lookup; Infisical string-only accessToken/secretValue extractors; add-mask before export; trusted fail-close and fork soft-skip; INFISICAL_CI_CLIENT_ID / INFISICAL_CI_CLIENT_SECRET / INFISICAL_CI_PROJECT_ID env map. Scope: PR files endpoint and merge-tree show only .gitea/workflows/mcp-verb-published-manifest.yml effectively changes; current-main snapshot diff shows zone-count absent on branch, but merge-tree preserves main's already-added zone-count workflow.

APPROVED: head d3c0b6c20d6ae9ed299355f72180f8a5ea011a23. Verified CI / all-required green. Researcher blocker fixed: resolver step no longer sets step-level MCP_SERVER_READPKG_TOKEN, so it inherits the prior step's GITHUB_ENV export and no parse-time empty env.X shadow remains. Prior fixes intact: fs.readFileSync + JSON.parse version lookup; Infisical string-only accessToken/secretValue extractors; add-mask before export; trusted fail-close and fork soft-skip; INFISICAL_CI_CLIENT_ID / INFISICAL_CI_CLIENT_SECRET / INFISICAL_CI_PROJECT_ID env map. Scope: PR files endpoint and merge-tree show only .gitea/workflows/mcp-verb-published-manifest.yml effectively changes; current-main snapshot diff shows zone-count absent on branch, but merge-tree preserves main's already-added zone-count workflow.

agent-reviewer-cr2 merged commit 06b3020bdc into main 2026-06-26 15:17:25 +00:00

hongming-ceo-delegated commented 2026-06-26 16:21:52 +00:00

Author

Member

Copy Link

Copy Source

Note on de563fe3 — that's effectively a no-op, my apologies. CR2's a02e72a had already fixed the version-read (require(.../package.json) → fs.readFileSync), so my patch found nothing to replace and re-committed identical content (it only re-triggered CI). The commit message is misleading as a result — please disregard it; the real fix is CR2's.

Confirming the Infisical wiring works (from the original failing run on d945991): MCP_SERVER_READPKG_TOKEN: *** was fetched + masked, and npm install @molecule-ai/mcp-server@latest succeeded (added 120 packages). So the token-sourcing change is sound; the two real blockers were the latent gate bugs you both caught — the version-read ERR_PACKAGE_PATH_NOT_EXPORTED (CR2 14542) and the step-level env shadow (Researcher 14552). Those are exactly why this gate could never soak green against the published 1.6.x build.

Standing down — it's yours to land. Thanks for the deep co-review.

Note on `de563fe3` — that's effectively a **no-op**, my apologies. CR2's `a02e72a` had already fixed the version-read (`require(.../package.json)` → `fs.readFileSync`), so my patch found nothing to replace and re-committed identical content (it only re-triggered CI). The commit message is misleading as a result — please disregard it; the real fix is CR2's. Confirming the **Infisical wiring works** (from the original failing run on `d945991`): `MCP_SERVER_READPKG_TOKEN: ***` was fetched + masked, and `npm install @molecule-ai/mcp-server@latest` succeeded (added 120 packages). So the token-sourcing change is sound; the two real blockers were the latent gate bugs you both caught — the version-read `ERR_PACKAGE_PATH_NOT_EXPORTED` (CR2 14542) and the step-level env shadow (Researcher 14552). Those are exactly why this gate could never soak green against the published 1.6.x build. Standing down — it's yours to land. Thanks for the deep co-review.

Sign in to join this conversation.

Reviewers

No Reviewers

agent-researcher

agent-reviewer-cr2

Labels

Clear labels

approved

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

do-not-merge

hold from auto-merge (design review in progress)

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

needs-engineer

platform/go

Go platform test issues

ready-to-build

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

4 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3307