molecule-ai/molecule-core
36
0
Fork 2
Code Issues 22 Pull Requests 5 Actions 14 Packages Projects Releases Wiki Activity
6e439bab16
molecule-core/tests
History
claude-ceo-assistant a8b2cf948d
Some checks failed
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m36s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 19s
Details
CI / Detect changes (pull_request) Successful in 1m46s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m46s
Details
sop-tier-check / tier-check (pull_request) Failing after 19s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m40s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m12s
Details
audit-force-merge / audit (pull_request) Successful in 14s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 15s
Details
CI / Platform (Go) (pull_request) Successful in 14s
Details
CI / Canvas (Next.js) (pull_request) Successful in 26s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 19s
Details
CI / Python Lint & Test (pull_request) Successful in 11s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 12s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 14s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 13s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 22s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 17s
Details
feat(internal#219 §4+§6): port ci-required-drift + audit-force-merge sidecar from CP 
Phase 2b+c port of molecule-controlplane PR#112 (SHA 0adf2098) to
molecule-core, per RFC internal#219 §4 (jobs ↔ protection drift) + §6
(audit env ↔ protection drift).

## What this adds

1. .gitea/workflows/ci-required-drift.yml — hourly cron (':17') +
   workflow_dispatch. AST-walks ci.yml, branch_protections, and
   audit-force-merge.yml's REQUIRED_CHECKS env. Files/updates a
   [ci-drift] issue idempotent by title when any pair diverges.

2. .gitea/scripts/ci-required-drift.py — verbatim from CP. PyYAML-based
   AST detector (NOT grep-by-name), per feedback_behavior_based_ast_gates.
   Five drift classes: F1, F1b, F2, F3a, F3b.

3. .gitea/workflows/audit-force-merge.yml — reconcile with CP's
   structure. Moves permissions: to workflow level, adds base.sha-
   pinning rationale, links to drift-detect, and updates REQUIRED_CHECKS
   to current branch_protections/main verbatim (2 contexts).

4. tests/test_ci_required_drift.py — 17 pytest cases, verbatim from CP.
   Stdlib + PyYAML only. Covers F1/F1b/F2/F3a/F3b, happy path, the
   idempotent-PATCH path, the MUST-FIX find_open_issue() raise-on-
   transient regression, the --dry-run flag, and api() error contracts.

## Adaptations from CP#112

- secrets.GITEA_TOKEN → secrets.SOP_TIER_CHECK_TOKEN (molecule-core's
  established read-only token name, used by sop-tier-check and
  audit-force-merge already).
- DRIFT_LABEL tier:high resolves to label id 9 on core (verified
  2026-05-11) vs id 10 on CP.
- REQUIRED_CHECKS env initialized to molecule-core's actual main
  protection set (2 contexts: Secret scan + sop-tier-check), not CP's
  (3 contexts incl. packer-ascii-gate + all-required).
- Comment block flags that the 'all-required' sentinel does NOT yet
  exist in molecule-core's ci.yml (RFC §4 Phase 4 adds it). Until
  then, the detector exits 3 with ::error:: 'sentinel job not found'.
  Verified locally: the workflow will be red on the cron until Phase 4
  lands — that's intentional + louder than a silent issue.

## Verification

- 17/17 pytest cases green locally (Python 3.13, PyYAML 6.0.3).
- Hostile self-review: removing the script makes all 17 tests ERROR
  with FileNotFoundError, confirming they exercise the actual
  implementation (not happy-path shape-matching).
- python3 -m py_compile + bash -n + yaml.safe_load all pass.
- Initial dry-run against real molecule-core ci.yml: exits 3 with
  ::error::sentinel job 'all-required' not found — expected, Phase 4
  will add it.

## What does NOT change

- audit-force-merge.sh is byte-identical to CP's — no change needed.
- No branch protection mutation (that's Phase 4, separate PR).
- No CI workflow restructuring (PR#372 already did that).

RFC: molecule-ai/internal#219
Source: molecule-controlplane@0adf2098 (PR #112)
2026-05-11 00:35:25 -07:00
..
e2e fix(post-suspension): migrate github.com/Molecule-AI refs to git.moleculesai.app (Class G #168) 2026-05-07 13:08:15 -07:00
harness ci(docker): pin base image digests in all Dockerfiles 2026-05-09 23:56:39 +00:00
ops ops: add Railway SHA-pin drift audit script + regression test (#2001) 2026-04-27 05:01:23 -07:00
README.md chore: final open-source cleanup — binary, stale paths, private refs 2026-04-18 00:38:55 -07:00
test_ci_required_drift.py feat(internal#219 §4+§6): port ci-required-drift + audit-force-merge sidecar from CP 2026-05-11 00:35:25 -07:00

README.md

Tests

This repo uses the standard monorepo testing convention: unit tests live with their package, cross-component E2E tests live here.

Where to find tests

Scope Location
Go unit + integration (platform, CLI, handlers) workspace-server/**/*_test.go — run with cd workspace-server && go test -race ./...
TypeScript unit (canvas components, hooks, store) canvas/src/**/__tests__/ — run with cd canvas && npm test -- --run
TypeScript unit (MCP server handlers) mcp-server/src/__tests__/ — run with cd mcp-server && npx jest
Python unit (workspace runtime, adapters) workspace/tests/ — run with cd workspace && python3 -m pytest
Python unit (SDK: plugin + remote agent) sdk/python/tests/ — run with cd sdk/python && python3 -m pytest
Cross-component E2E (spans platform + runtime + HTTP) tests/e2e/you are here

Why split this way

  • Go requires co-located _test.go files to access unexported symbols.
  • Per-package test commands keep the inner loop fast — changing canvas doesn't re-run Go tests.
  • tests/e2e/ covers scenarios that no single package owns: a full workspace lifecycle, A2A across two provisioned agents, delegation chains, bundle round-trips.

Running E2E

Every E2E script here assumes the platform is running at localhost:8080 and (where noted) provisioned agents are online. See the header comment of each .sh for specifics.

Cleaning up rogue test workspaces

If an E2E run aborts before its teardown runs (Ctrl-C, crash, CI timeout), the platform can be left with workspaces whose config volume is stale or empty — Docker's unless-stopped restart policy then spins those containers in a FileNotFoundError loop. The platform's pre-flight check (#17) marks such workspaces failed on the next restart, but a manual cleanup is useful:

bash scripts/cleanup-rogue-workspaces.sh               # deletes ws with id/name starting aaaaaaaa-, bbbbbbbb-, cccccccc-, test-ws-
MOLECULE_URL=http://host:8080 bash scripts/cleanup-rogue-workspaces.sh

The script DELETEs each matching workspace via the API and force-removes the ws-<id[:12]> container as a belt-and-suspenders fallback.