molecule-ai/molecule-core
41
0
Fork 2
Code Issues 45 Pull Requests 11 Actions 60 Packages Projects Releases Wiki Activity

fix(e2e): surface terminal diagnose detail #809

Merged
devops-engineer merged 1 commits from fix/e2e-diagnose-detail into main 2026-05-13 06:46:51 +00:00
Conversation 7 Commits 1 Files Changed 1 +1 -1
hongming-codex-laptop commented 2026-05-13 06:43:51 +00:00
Member
Copy Link

Summary

  • surface terminal diagnose detail alongside error in the staging full-SaaS E2E failure message
  • preserves the existing failure behavior; only improves root-cause visibility in CI logs

Root Cause

The current main failure was an infra/IAM drift: staging tenant role MoleculeTenantEICRole-staging had ec2-instance-connect:OpenTunnel but lacked ec2:DescribeInstanceConnectEndpoints, which AWS CLI needs before binding the local EIC tunnel port.

Verification

  • Updated the staging role inline policy StagingEICOpenTunnelGrant to include ec2:DescribeInstanceConnectEndpoints in us-east-2.
  • Locally verified the new JSON extraction includes both error and detail.
  • git diff --check

SOP Checklist

  • Comprehensive testing performed: local parser check and diff check; push CI will rerun full staging SaaS E2E because this PR changes tests/e2e/test_staging_full_saas.sh.
  • Local-postgres E2E run: N/A, shell E2E log formatting and AWS IAM hotfix only.
  • Staging-smoke verified or pending: pending PR and post-merge push checks.
  • Root-cause not symptom: IAM role missing ec2:DescribeInstanceConnectEndpoints hid under a generic wait-for-port error because the script discarded diagnose detail.
  • Five-Axis review walked: correctness/readability/architecture/security/performance reviewed; no credential output, no auth broadening in repo code.
  • No backwards-compat shim / dead code added: no shim; one-line diagnostic improvement.
  • Memory/saved-feedback consulted: CI org-health and runner contract memories consulted.
## Summary - surface terminal diagnose `detail` alongside `error` in the staging full-SaaS E2E failure message - preserves the existing failure behavior; only improves root-cause visibility in CI logs ## Root Cause The current main failure was an infra/IAM drift: staging tenant role `MoleculeTenantEICRole-staging` had `ec2-instance-connect:OpenTunnel` but lacked `ec2:DescribeInstanceConnectEndpoints`, which AWS CLI needs before binding the local EIC tunnel port. ## Verification - Updated the staging role inline policy `StagingEICOpenTunnelGrant` to include `ec2:DescribeInstanceConnectEndpoints` in `us-east-2`. - Locally verified the new JSON extraction includes both `error` and `detail`. - `git diff --check` ## SOP Checklist - Comprehensive testing performed: local parser check and diff check; push CI will rerun full staging SaaS E2E because this PR changes `tests/e2e/test_staging_full_saas.sh`. - Local-postgres E2E run: N/A, shell E2E log formatting and AWS IAM hotfix only. - Staging-smoke verified or pending: pending PR and post-merge push checks. - Root-cause not symptom: IAM role missing `ec2:DescribeInstanceConnectEndpoints` hid under a generic wait-for-port error because the script discarded diagnose detail. - Five-Axis review walked: correctness/readability/architecture/security/performance reviewed; no credential output, no auth broadening in repo code. - No backwards-compat shim / dead code added: no shim; one-line diagnostic improvement. - Memory/saved-feedback consulted: CI org-health and runner contract memories consulted.
hongming-codex-laptop added 1 commit 2026-05-13 06:43:52 +00:00
fix(e2e): surface terminal diagnose detail
Some checks failed
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 13s
Details
qa-review / approved (pull_request) Failing after 12s
Details
gate-check-v3 / gate-check (pull_request) Successful in 23s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 28s
Details
CI / Detect changes (pull_request) Successful in 28s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 30s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 31s
Details
security-review / approved (pull_request) Failing after 14s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 30s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 36s
Details
CI / Platform (Go) (pull_request) Successful in 7s
Details
sop-checklist-gate / gate (pull_request) Successful in 15s
Details
sop-tier-check / tier-check (pull_request) Successful in 13s
Details
CI / Python Lint & Test (pull_request) Successful in 6s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 14s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 15s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 21s
Details
CI / Canvas (Next.js) (pull_request) Successful in 30s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 30s
Details
CI / all-required (pull_request) Successful in 3s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m10s
Details
sop-checklist / all-items-acked (pull_request) acked: 7/7
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m13s
Details
audit-force-merge / audit (pull_request) Successful in 14s
Details
6656e60e5e
core-qa approved these changes 2026-05-13 06:44:26 +00:00
core-qa left a comment
Member
Copy Link

QA APPROVED — diagnostic formatting only; parser sample and diff check verified.

QA APPROVED — diagnostic formatting only; parser sample and diff check verified.
core-security approved these changes 2026-05-13 06:44:36 +00:00
core-security left a comment
Member
Copy Link

Security APPROVED — no credential output; diagnose detail is already returned by authenticated tenant endpoint and stays in CI logs.

Security APPROVED — no credential output; diagnose detail is already returned by authenticated tenant endpoint and stays in CI logs.
core-qa commented 2026-05-13 06:44:47 +00:00
Member
Copy Link

/sop-ack comprehensive-testing Parser sample and git diff --check verified; full staging E2E will run on post-merge push.

/sop-ack comprehensive-testing Parser sample and git diff --check verified; full staging E2E will run on post-merge push.
infra-sre commented 2026-05-13 06:45:15 +00:00
Member
Copy Link

/sop-ack local-postgres-e2e N/A for E2E shell diagnostic formatting.

/sop-ack local-postgres-e2e N/A for E2E shell diagnostic formatting.
infra-sre commented 2026-05-13 06:45:17 +00:00
Member
Copy Link

/sop-ack staging-smoke Staging IAM hotfix applied; post-merge full SaaS E2E will validate.

/sop-ack staging-smoke Staging IAM hotfix applied; post-merge full SaaS E2E will validate.
core-lead commented 2026-05-13 06:45:22 +00:00
Member
Copy Link

/sop-ack root-cause Root cause was missing ec2:DescribeInstanceConnectEndpoints on MoleculeTenantEICRole-staging plus CI hiding diagnose detail.

/sop-ack root-cause Root cause was missing ec2:DescribeInstanceConnectEndpoints on MoleculeTenantEICRole-staging plus CI hiding diagnose detail.
infra-sre commented 2026-05-13 06:45:27 +00:00
Member
Copy Link

/sop-ack five-axis-review Reviewed correctness/readability/architecture/security/performance; no behavioral success-path change.

/sop-ack five-axis-review Reviewed correctness/readability/architecture/security/performance; no behavioral success-path change.
core-lead commented 2026-05-13 06:45:34 +00:00
Member
Copy Link

/sop-ack no-backwards-compat No shim or dead code; one-line diagnostic improvement.

/sop-ack no-backwards-compat No shim or dead code; one-line diagnostic improvement.
infra-sre commented 2026-05-13 06:45:41 +00:00
Member
Copy Link

/sop-ack memory-consulted CI org-health and runner contract memories consulted.

/sop-ack memory-consulted CI org-health and runner contract memories consulted.
devops-engineer merged commit 3df44d9fb1 into main 2026-05-13 06:46:51 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
core-qa
core-security
Labels
Clear labels   
merge-queue

Ready for serialized Gitea merge queue

  
merge-queue-hold

Temporarily hold PR in merge queue

  
release-blocker

Blocks the staging→main promotion / a release

  
release-test

   
security

   
test-label-sre

   
tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  
tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  
tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

  
triage-test

test

No Label
merge-queue
merge-queue-hold
release-blocker
release-test
security
test-label-sre
tier:high
tier:low
tier:medium
triage-test
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#809
No description provided.
Delete Branch "fix/e2e-diagnose-detail"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?