molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
2fa79ea462
molecule-core/docs/infra/workspace-terminal.md
Hongming Wang b54968878a docs(internal): refresh runtime-package mirror policy + parity matrix + dead-link fix 
- workspace-runtime-package.md: add explicit "Where to make changes"
  section documenting the mirror-only policy on
  Molecule-AI/molecule-ai-workspace-runtime — direct PRs are auto-rejected
  by mirror-guard CI; staging push regenerates both the mirror and the
  PyPI wheel via .github/workflows/publish-runtime.yml.
- infra/workspace-terminal.md: replace dead molecule-core#1528 reference
  (repo renamed to molecule-monorepo, no longer accepting issues at the
  old name) with a forward-pointer to monorepo + molecule-controlplane
  issue trackers.
- architecture/backends.md: bump audit date to 2026-05-02 and add rows
  for channel envelope enrichment (#2471), chat_history MCP tool
  (#2474), /activity before_ts paging (#2476), /activity peer_id filter
  (#2472), runtime_wedge smoke gate (#2473 + #2475), and the canvas-E2E
  state-file requirement (#2327).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 20:06:06 -07:00

1.9 KiB
Raw Blame History

Workspace Terminal

Full runbook moved to the internal repo on 2026-04-22.

The implementation-level content (EIC bootstrap script output, per-tenant SG backfill commands, tenant-specific identifiers) now lives at Molecule-AI/internal/runbooks/workspace-terminal.md (private — Molecule AI org members only).

What this feature is (public summary)

The canvas Terminal tab opens an interactive shell on a workspace's compute — locally this is a docker exec into the container; in the SaaS tenant path it's an SSH session into the tenant EC2 (or the workspace container running on it) over an EC2 Instance Connect Endpoint. End users see a terminal; no direct public SSH ingress is required.

Tracking: originally molecule-core#1528 (resolved 2026-04-22). The molecule-core repo has since been renamed to molecule-monorepo and no longer accepts new issues under the old name; future terminal work is tracked in molecule-monorepo issues (workspace-server scope) and in molecule-controlplane issues for the EIC / per-tenant SG path.

Where things are

  • Go handler: workspace-server/internal/handlers/terminal.go
  • CP provisioner (EIC endpoint, per-tenant SG): Molecule-AI/molecule-controlplane/internal/provisioner/ec2.goEICEndpointSGID field
  • Bootstrap script: Molecule-AI/molecule-controlplane/scripts/bootstrap-eic-terminal.sh
  • Detailed ops runbook (internal): Molecule-AI/internal/runbooks/workspace-terminal.md

Why the split: the bootstrap-script output + per-tenant SG ingress backfill commands include AWS resource IDs and tenant slugs that don't belong in a public repo, but the high-level design is useful for external readers + self-hosters.