molecule-ai/molecule-core
36
0
Fork 2
Code Issues 17 Pull Requests 21 Actions 1.2k Packages Projects Releases Wiki Activity
408e308ce5
molecule-core/docs/infra/workspace-terminal.md
Hongming Wang b54968878a docs(internal): refresh runtime-package mirror policy + parity matrix + dead-link fix 
- workspace-runtime-package.md: add explicit "Where to make changes"
  section documenting the mirror-only policy on
  Molecule-AI/molecule-ai-workspace-runtime — direct PRs are auto-rejected
  by mirror-guard CI; staging push regenerates both the mirror and the
  PyPI wheel via .github/workflows/publish-runtime.yml.
- infra/workspace-terminal.md: replace dead molecule-core#1528 reference
  (repo renamed to molecule-monorepo, no longer accepting issues at the
  old name) with a forward-pointer to monorepo + molecule-controlplane
  issue trackers.
- architecture/backends.md: bump audit date to 2026-05-02 and add rows
  for channel envelope enrichment (#2471), chat_history MCP tool
  (#2474), /activity before_ts paging (#2476), /activity peer_id filter
  (#2472), runtime_wedge smoke gate (#2473 + #2475), and the canvas-E2E
  state-file requirement (#2327).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 20:06:06 -07:00

36 lines
1.9 KiB
Markdown
Raw Blame History

# Workspace Terminal
> **Full runbook moved to the internal repo on 2026-04-22.**
>
> The implementation-level content (EIC bootstrap script output,
> per-tenant SG backfill commands, tenant-specific identifiers) now
> lives at **`Molecule-AI/internal/runbooks/workspace-terminal.md`**
> (private — Molecule AI org members only).
## What this feature is (public summary)
The canvas Terminal tab opens an interactive shell on a workspace's
compute — locally this is a `docker exec` into the container; in the
SaaS tenant path it's an SSH session into the tenant EC2 (or the
workspace container running on it) over an [EC2 Instance Connect
Endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-setup-ec2-instance-connect-endpoint.html).
End users see a terminal; no direct public SSH ingress is required.
Tracking: originally `molecule-core#1528` (resolved 2026-04-22). The
`molecule-core` repo has since been renamed to `molecule-monorepo` and no
longer accepts new issues under the old name; future terminal work is
tracked in `molecule-monorepo` issues (workspace-server scope) and in
`molecule-controlplane` issues for the EIC / per-tenant SG path.
## Where things are
- **Go handler:** [`workspace-server/internal/handlers/terminal.go`](../../workspace-server/internal/handlers/terminal.go)
- **CP provisioner (EIC endpoint, per-tenant SG):** `Molecule-AI/molecule-controlplane/internal/provisioner/ec2.go``EICEndpointSGID` field
- **Bootstrap script:** `Molecule-AI/molecule-controlplane/scripts/bootstrap-eic-terminal.sh`
- **Detailed ops runbook (internal):** `Molecule-AI/internal/runbooks/workspace-terminal.md`
Why the split: the bootstrap-script output + per-tenant SG ingress
backfill commands include AWS resource IDs and tenant slugs that
don't belong in a public repo, but the high-level design is useful
for external readers + self-hosters.
Reference in New Issue View Git Blame Copy Permalink