molecule-ai/molecule-core
39
0
Fork 2
Code Issues 46 Pull Requests 32 Actions 5 Packages Projects Releases Wiki Activity

feat(ci)(hard-gate): lint-required-context-exists-in-bp (Tier 2g) #691

Open
core-devops wants to merge 4 commits from feat/tier-2g-required-context-exists-in-bp into main
pull from: feat/tier-2g-required-context-exists-in-bp
merge into: molecule-ai:main
Conversation 0 Commits 4 Files Changed 3 +1074

4 Commits

Author SHA1 Message Date
Molecule AI Core-DevOps
976900d6f2 ci: force-recheck lint-continue-on-error-tracking
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 6s
Details
CI / Detect changes (pull_request) Successful in 11s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 13s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 15s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 9s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 17s
Details
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
Details
CI / Platform (Go) (pull_request) Successful in 9s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 21s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s
Details
security-review / approved (pull_request) Failing after 15s
Details
qa-review / approved (pull_request) Failing after 15s
Details
CI / Canvas (Next.js) (pull_request) Successful in 10s
Details
sop-checklist-gate / gate (pull_request) Successful in 16s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
sop-tier-check / tier-check (pull_request) Successful in 15s
Details
CI / Python Lint & Test (pull_request) Successful in 8s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 8s
Details
gate-check-v3 / gate-check (pull_request) Failing after 20s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 4s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 5s
Details
CI / all-required (pull_request) Successful in 2s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 3s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m3s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m7s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m9s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m18s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m27s
Details 
Re-trigger lint to pick up mc#664 tracker fix on aa08d813.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-12 15:37:52 +00:00
Molecule AI Core-DevOps
13844e046d ci: force-recheck lint-continue-on-error-tracking
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 15s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 14s
Details
CI / Detect changes (pull_request) Successful in 38s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 42s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 43s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 43s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 43s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m23s
Details
qa-review / approved (pull_request) Failing after 15s
Details
security-review / approved (pull_request) Failing after 14s
Details
gate-check-v3 / gate-check (pull_request) Failing after 27s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m17s
Details
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
Details
sop-checklist-gate / gate (pull_request) Successful in 16s
Details
sop-tier-check / tier-check (pull_request) Successful in 15s
Details
CI / Platform (Go) (pull_request) Successful in 8s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m46s
Details
CI / Python Lint & Test (pull_request) Successful in 11s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 9s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 11s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 11s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m40s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 2m1s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / all-required (pull_request) Successful in 4s
Details 
Re-trigger lint run to pick up mc#664 inline fix on aa08d813.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-12 14:53:18 +00:00
Molecule AI Core-DevOps
aa08d8135f fix(ci): add mc#664 tracker to lint-required-context-exists-in-bp workflow
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 20s
Details
CI / Detect changes (pull_request) Successful in 38s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 37s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 39s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 38s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 10s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m24s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 33s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 14s
Details
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
Details
qa-review / approved (pull_request) Failing after 14s
Details
gate-check-v3 / gate-check (pull_request) Failing after 21s
Details
sop-checklist-gate / gate (pull_request) Successful in 13s
Details
security-review / approved (pull_request) Failing after 14s
Details
sop-tier-check / tier-check (pull_request) Successful in 14s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m21s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m30s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m47s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m29s
Details
CI / Platform (Go) (pull_request) Successful in 3s
Details
CI / Canvas (Next.js) (pull_request) Successful in 5s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s
Details
CI / Python Lint & Test (pull_request) Successful in 6s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 9s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / all-required (pull_request) Successful in 4s
Details 
lint-continue-on-error-tracking checks that every `continue-on-error: true`
has an mc#NNN tracker within ±2 lines. The Phase 3 comment block ended 3
lines above the directive — outside the lint window. Fix by adding mc#664
inline on the same line.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-12 14:43:14 +00:00
core-devops
eb9c6621bd feat(ci)(hard-gate): lint-required-context-exists-in-bp (Tier 2g)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 15s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 15s
Details
CI / Detect changes (pull_request) Successful in 50s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 51s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 58s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 54s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 14s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m15s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 38s
Details
gate-check-v3 / gate-check (pull_request) Failing after 20s
Details
qa-review / approved (pull_request) Failing after 13s
Details
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
Details
security-review / approved (pull_request) Failing after 17s
Details
sop-checklist-gate / gate (pull_request) Successful in 14s
Details
sop-tier-check / tier-check (pull_request) Successful in 15s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m25s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 2m1s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m34s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 2m4s
Details
CI / Platform (Go) (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 7s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 8s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 4s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / all-required (pull_request) Successful in 6s
Details 
PR-time diff-based lint: when a PR adds a NEW commit-status emission,
the workflow file must carry one of three directives adjacent to the
new job:
  - `# bp-required: yes`           AND the context is in BP
  - `# bp-required: pending #NNN`  acknowledged asymmetry + tracker
  - `# bp-exempt: <reason>`        informational job, not a gate

Default (no directive on a new emitter) = FAIL with 3-option hint.

The class this prevents
-----------------------
PR#656 added `CI / all-required (pull_request)` as a sentinel context
that workflows emit, but BP did NOT list it. When platform-build
failed, all-required failed, but BP let the PR merge anyway → mc#664.

Cousin to Tier 2f
-----------------
Tier 2g blocks at PR-time (diff-based); Tier 2f files a drift issue
at scheduled-time. They share enumeration helpers (workflow_contexts,
event-map) but the semantics differ — Tier 2g is PR-time block,
Tier 2f is scheduled audit + issue. Co-design documented in #350.

Why the directive lives in the YAML, not the PR body
----------------------------------------------------
PR-body claim evaporates on merge; the directive must persist with
the emitter so Tier 2f's daily audit reads the same contract.

Implementation
--------------
- `.gitea/scripts/lint_required_context_exists_in_bp.py` — git diff
  base..head, enumerate emitted contexts on each side via PyYAML AST
  (mirror Tier 2f), `new = head - base`. For each new context resolve
  back to (file, job-key), scan ±3 lines above the job-key line for a
  directive comment. Validate against BP context list when directive
  is `bp-required: yes`. Graceful-degrade 403/404 per Tier 2a.
- `.gitea/workflows/lint-required-context-exists-in-bp.yml` —
  pull_request with paths-filter on .gitea/workflows/**. Phase 3
  (continue-on-error: true).
- `tests/test_lint_required_context_exists_in_bp.py` — 11 unit tests:
  no new emissions skip, bp-required:yes+in-BP pass, bp-required:yes
  not-in-BP fail, bp-required:pending pass, bp-exempt pass, no-directive
  fail, new-job-in-existing-workflow flagged, job-rename flagged,
  comment-only edit no-flag, 403 graceful, PR-body directive
  insufficient.

Refs: #350
 2026-05-12 14:37:29 +00:00