molecule-ai/molecule-core
52
0
Fork 2
Code Issues 185 Pull Requests 55 Actions 2 Packages Projects Releases Wiki Activity
Files
fix/remove-dead-code-QueueDepth
molecule-core/workspace-server/internal/approvals
T
History
core-devops 0b771d5770
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Details
CI / Python Lint & Test (pull_request) Successful in 3s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 9s
Details
CI / Detect changes (pull_request) Successful in 10s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 7s
Details
E2E Chat / detect-changes (pull_request) Successful in 6s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 4s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 4s
Details
Harness Replays / detect-changes (pull_request) Successful in 7s
Details
Check migration collisions / Migration version collision check (pull_request) Successful in 18s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s
Details
qa-review / approved (pull_request_target) Failing after 4s
Details
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 13s
Details
gate-check-v3 / gate-check (pull_request_target) Successful in 6s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
E2E Chat / E2E Chat (pull_request) Successful in 2s
Details
security-review / approved (pull_request_target) Failing after 9s
Details
CI / Canvas Deploy Status (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s
Details
Harness Replays / Harness Replays (pull_request) Successful in 3s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 55s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 58s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2m26s
Details
CI / Platform (Go) (pull_request) Successful in 4m9s
Details
CI / all-required (pull_request) Successful in 5s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 6s
Details
sop-tier-check / tier-check (pull_request_target) Failing after 7s
Details
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Has been cancelled
Details
qa-review / approved (pull_request_review) Has been skipped
Details
security-review / approved (pull_request_review) Has been skipped
Details
sop-tier-check / tier-check (pull_request_review) Failing after 11s
Details
audit-force-merge / audit (pull_request_target) Successful in 21s
Details
feat(workspace-server): approval-gate infrastructure for destructive ops (Phase 4) 
Server-side gate so destructive org operations the user-driven platform agent can
trigger require a human approval (RFC docs/design/rfc-platform-agent.md). The
platform MCP is a CLIENT of these handlers, so enforcement lives here (the trust
boundary), not in the MCP.

- migration 20260606020000_approvals_consumed: approval_requests.consumed_at
  (single-use) + request_hash (dedup) + a partial index for the gate lookup.
- internal/approvals/policy.go: the one auditable map of gated actions
  (delete_workspace / deprovision / secret_write / org_token_mint) + IsGated.
- requireApproval(): consumes a matching approved+unconsumed request (race-safe
  via conditional UPDATE ... RETURNING / FOR UPDATE SKIP LOCKED) and proceeds,
  else creates/reuses a pending request (dedup by request_hash), broadcasts it to
  the canvas and escalates to the parent if any. gateDestructive() wraps it and
  writes HTTP 202 pending for gin handlers.

Matching is (workspace_id, action, request_hash) where request_hash is a stable
digest of the op + context, so an approval for 'delete ws A' can't be replayed to
'delete ws B', and retries reuse one pending row instead of flooding.

Tests: policy + hash-stability/context-sensitivity unit tests; gateDestructive
non-gated passthrough; and a real-Postgres integration test proving the full
cycle — pending -> dedup -> approve -> consume -> single-use (no replay) ->
context isolation (sqlmock cannot prove consume-once row state).

Infrastructure only — NOT yet wired into live handlers. Wiring requires a
platform-agent caller marker so the gate fires only for concierge-initiated calls
(not operator/CP flows); that lands with Phase 3's runtime/MCP marker so existing
delete/secret flows are unchanged until then.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 10:43:25 -07:00
..
policy.go
feat(workspace-server): approval-gate infrastructure for destructive ops (Phase 4)
2026-06-06 10:43:25 -07:00