molecule-core/docs/edit-history/2026-04-11.md

# 2026-04-11 Session

## Summary

Restored 6 changes lost during PR squash merge, then ran comprehensive code review and fixed all findings. Added 100% test coverage for DeepAgents adapter and model fallback logic across Go and Python. Deleted stale `feat/cron-scheduler` branch.

## Changes

### Squash Merge Restoration (PR #50)
- `workspace-server/internal/handlers/org.go` — Added `OrgDefaults.Model` field + model fallback propagation so org templates correctly pass model to workspaces
- `workspace-server/internal/handlers/workspace_provision.go` — Model always at top level in generated `config.yaml` (config.py reads `raw["model"]` for all runtimes); deepagents excluded from `runtime_config` block
- `workspace/agent.py` — Added Cerebras provider support (`cerebras:model` format)
- `workspace/adapters/deepagents/adapter.py` — Full SDK utilization: FilesystemBackend, MemorySaver checkpointer, FilesystemPermission, memory files, InMemoryCache, native skills, plus cerebras/google_genai/ollama providers
- `workspace/adapters/deepagents/requirements.txt` — Added `langchain-google-genai` + `langchain-anthropic` deps
- `workspace/adapters/langgraph/requirements.txt` — Added `langchain-google-genai` dep for Gemini support

### Code Review Fixes
- `adapter.py` — Removed unused `Path` import
- `adapter.py` — Changed default provider from `"openai"` to `"anthropic"` (aligned with `agent.py`)
- `adapter.py` — Replaced silent OpenAI fallback with `ValueError` for unknown providers (fail fast)
- `adapter.py` — Added guard on `self.agent` in `create_executor()` (RuntimeError if setup not called)
- `org.go` — Added third-level model fallback: ws.Model → defaults.Model → runtime-specific default (matches runtime/tier pattern)

### Test Coverage (100% on changed files)
- `org_test.go` — 8 new tests: Model YAML parsing, empty model, workspace overrides default, fallback for claude-code/deepagents/langgraph, defaults.Model used when ws empty
- `workspace_provision_test.go` — 6 new tests: deepagents runtime, openclaw/crewai get runtime_config, empty runtime defaults to langgraph, empty name/role, model-always-top-level (3 sub-tests)
- `test_adapters.py` — 18 new/updated tests: cerebras/google_genai/ollama providers, unknown provider raises ValueError, default provider is anthropic, create_executor guard, multiple colons in model string, openrouter fallback chain, empty API keys, base URL presence/absence, MAX_TOKENS env var

### Async Delegation Merge (PR #41)
- Rebased `feat/async-delegation` onto main, resolved edit-history conflict
- `tools/delegation.py` — non-blocking `delegate_to_workspace` + `check_delegation_status` polling
- `adapters/base.py` — registered `check_delegation_status` as 6th core tool
- `coordinator.py` — `route_task_to_team` uses async delegation
- 13 delegation tests rewritten for async model

### Delegation Lint Fixes (PR #52)
- `test_delegation.py` — moved `import os` after module docstring
- `base.py` — fixed stale comment "5 core" → "6 core" tools
- `delegation.py` — log notify failures at debug level instead of silent `pass`

### Social Channel System (PR #54)
- `workspace-server/internal/channels/adapter.go` — `ChannelAdapter` interface + `InboundMessage` + `MessageHandler`
- `workspace-server/internal/channels/registry.go` — adapter registry (Telegram registered)
- `workspace-server/internal/channels/telegram.go` — Telegram adapter (webhook + long-polling)
- `workspace-server/internal/channels/manager.go` — orchestrator with hot reload, conversation history (Redis), allowlist, A2A proxy, typing indicator
- `workspace-server/internal/handlers/channels.go` — REST API (CRUD, send, test, webhook, discover)
- `workspace-server/migrations/016_workspace_channels.sql` — workspace_channels table
- `workspace-server/internal/handlers/a2a_proxy.go` — added `"channel:"` to system caller prefixes
- `canvas/src/components/tabs/ChannelsTab.tsx` — Canvas UI for connecting/managing social channels
- `mcp-server/src/index.ts` — 7 new MCP tools (list_channel_adapters, list_channels, add_channel, update_channel, remove_channel, send_channel_message, test_channel)
- 41 unit tests (channels package) + 13 handler tests (sqlmock) + 23 E2E API checks
- Go test count: 406 → 448, MCP tools: 54 → 61

#### UX iterations (during PR #54)
- **Multi-chat IDs per channel** — `chat_id` field accepts comma-separated list. One Telegram bot can serve multiple groups from a single channel entry.
- **Auto-detect chats** — `POST /channels/discover` calls Telegram getUpdates, returns groups/DMs the bot has seen. Canvas "Detect Chats" button auto-populates the chat_id field.
- **`/start` welcome reply** — bot replies immediately with chat ID so users get instant feedback that it works.
- **`PausePollersForToken`** — discovery pauses any active poller for the same bot token to avoid Telegram's 409 "only one getUpdates" conflict.
- **Hidden manual input** — after Detect Chats, the redundant text input is hidden behind an "edit manually" toggle.

#### Telegram Bot API audit fixes (PR #54 follow-up)
**Critical bugs:**
- SQL `LIKE '%id%'` substring match → exact match in code (chat_id "123" was matching "1234").
- Webhook secret_token verification (X-Telegram-Bot-Api-Secret-Token).
- 4096-char message splitting at paragraph/line/word boundaries.
- Group privacy mode warning surfaced in Discover (`can_read_all_group_messages` field).

**Reliability:**
- Bot instance cache (sync.RWMutex) — eliminates `getMe` API call on every send.
- Typed Telegram error handling: 401→invalidate token, 403→forbidden, 429→honor RetryAfter and retry once.
- DisableWebPagePreview by default.

**UX:**
- `sendChatAction("typing")` goroutine during agent calls — re-sends every 4s.
- Bot commands registered via `setMyCommands` → `/start`, `/help`, `/reset`, `/cancel` autocomplete.
- `/help`, `/reset` (clears Redis history), `/cancel` handled inline.
- `my_chat_member` event handling: bot auto-greets when added to a group.
- `channel_post` support (Telegram channels in addition to groups/DMs).
- Token format regex validation rejects malformed tokens before API call.

### auth_token_file → required_env (PR #55)
- `workspace/config.py` — added `required_env: list[str]` to `RuntimeConfig`. Deprecated `auth_token_file` / `auth_token_env` (backward compat retained).
- `workspace/preflight.py` — checks `required_env` vars exist; legacy `auth_token_file` still works.
- `workspace/cli_executor.py` — `_resolve_auth_token()` checks `required_env` first.
- `workspace/adapters/claude_code/adapter.py` — schema declares `required_env: ["CLAUDE_CODE_OAUTH_TOKEN"]`.
- `workspace-server/internal/handlers/workspace_provision.go` — generates `required_env` per runtime, removed `.auth-token` file copying.
- `claude-code-default/config.yaml`, `molecule-dev/org.yaml`, `reno-stars/org.yaml` — `required_env` replaces `auth_token_file`.
- `canvas/src/components/tabs/ConfigTab.tsx` — `TagList` for `required_env` replaces `TextInput` for `auth_token_file`.
- New `reno-stars` org template added (15-agent team with full system prompts, knowledge bases, skills).
- 17 Python preflight tests, 10 Go provisioner tests updated.

### E2E Flaky Test Fixes
- `tests/e2e/test_comprehensive_e2e.sh` — Runtime image checks now poll up to 30s for container readiness instead of fixed 10s sleep. Eliminates intermittent FAILs on cold-start container provisioning.

### Restart Pending UX + Poller Lifetime Fix (PR #56)

**Critical bug fix:**
- Channel pollers were dying ~50ms after channel creation because `Reload()` used `c.Request.Context()` from the HTTP handler — when the handler returned, the request ctx was cancelled, killing the polling goroutine.
- **Fix:** Manager now stores a long-lived `bgCtx` set by `Start()` via `sync.Once`. All pollers spawn from `bgCtx`, not request ctx.
- 2 regression tests: `TestManager_PollerSurvivesRequestContext`, `TestManager_BgCtxFallback`.

**UX improvements:**
- `canvas/src/components/Toolbar.tsx` — "Restart Pending (N)" button replaces always-visible "Restart All". Only shows workspaces flagged `needsRestart`; auto-clears flag and disappears after successful restart. Toast feedback for partial failures.
- Global secret CRUD (both legacy `secrets-section.tsx` + new `secrets-store.ts`) marks all workspaces as `needsRestart`. Workspace-scoped secrets only mark the affected workspace.
- `ConfirmDialog.tsx` — uses React Portal (escapes parent transform/filter containing blocks); added `"warning"` amber variant; callbacks via refs to avoid keydown handler churn on parent re-renders.
- New shared helper `canvas/src/lib/canvas-actions.ts` — `markAllWorkspacesNeedRestart` / `markWorkspaceNeedsRestart` (was duplicated across 2 files).

**Org template channels: field**
- New `channels:` section in org.yaml auto-creates social channel rows on import. Config values support `${VAR}` expansion from `.env` files (workspace `.env` > org root `.env` > platform process env).
- New `OrgChannel` struct, `expandWithEnv()` helper using `os.Expand`, regex-based `hasUnresolvedVarRef()` (literal `$5` no longer false-flagged).
- Adapter validation upfront via `channels.GetAdapter()` + `ValidateConfig()` — fails fast for unknown types or invalid config.
- Idempotent insert: `ON CONFLICT (workspace_id, channel_type) DO UPDATE` — re-importing the same org doesn't fail.
- `channelMgr.Reload()` called once at end of Import (not per-workspace).
- Skipped channels surfaced in import response (`channels_skipped` field with reason).
- Extracted `loadWorkspaceEnv()` helper used by both secret injection and channel config expansion.
- `org-templates/molecule-dev/pm/.env.example` documents required vars (real `.env` gitignored).
- `org-templates/molecule-dev/org.yaml` PM block references vars in `channels: telegram` — talk to PM directly from Telegram immediately after deploy.
- 10 new tests: OrgChannel YAML parsing, expandWithEnv (4 paths), hasUnresolvedVarRef (5 cases).

**Verified live:** Org import created PM workspace, telegram channel auto-linked, poller started polling `@molecule_team_bot` for the configured chat — no manual setup needed.

### Gemini Org + Chat UX Fixes (post-merge)
- `org-templates/molecule-worker-gemini/org.yaml` — `gemini-2.0-flash` → `gemini-2.5-flash` (the older model was decommissioned).
- `workspace/a2a_executor.py` — added `recursion_limit` to LangGraph run_config (default 100, configurable via `LANGGRAPH_RECURSION_LIMIT`). Library default of 25 wasn't enough for DeepAgents planning + delegation cycles.
- `canvas/src/components/tabs/ChatTab.tsx` — three fixes:
  1. **Hardcoded "Processing with Claude..."** → uses `runtimeDisplayName(data.runtime)` so DeepAgents/LangGraph/CrewAI workspaces show their actual runtime.
  2. **Stuck "Processing..." indicator after agent finishes** → HTTP `.then()` handler now extracts the reply from the synchronous response and clears the spinner, in addition to the existing WebSocket path.
  3. **Race condition** between WS event and HTTP response → both paths now check `sendingFromAPIRef` and the first-to-fire wins (no duplicate agent messages).
- `canvas/src/lib/runtime-names.ts` — extracted shared `runtimeDisplayName()` for reuse.
- `A2AResponse` type alias + `extractReplyText()` helper extracted in ChatTab (mirrors Go-side `extractReplyText` in `manager.go`).
- `.env.example` — documented `LANGGRAPH_RECURSION_LIMIT`.

### Documentation
- Created `docs/edit-history/2026-04-11.md` (this file)
- Updated `CLAUDE.md` — test counts, API routes, MCP tool count, migration count
- Updated `PLAN.md` — Phase 25 (Social Channels), test coverage table
- Updated `.env.example` — added GROQ_API_KEY, CEREBRAS_API_KEY, GOOGLE_API_KEY, MAX_TOKENS, TELEGRAM_BOT_TOKEN