Molecule AI Dev Engineer A (Kimi)
2a04e9bec1
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Has been skipped
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 46s
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Successful in 1m24s
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Successful in 5m12s
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Successful in 8m4s
qa-review / approved (pull_request) Refired via /qa-recheck by unknown
security-review / approved (pull_request) Refired via /security-recheck; security-review failed
gate-check-v3 / gate-check (pull_request) Successful in 15s
sop-checklist / review-refire (pull_request) Has been skipped
sop-tier-check / tier-check (pull_request) Successful in 8s
sop-tier-check / tier-check (pull_request_review) Successful in 6s
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
CI / Python Lint & Test (pull_request) Successful in 2s
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 5s
CI / Detect changes (pull_request) Successful in 5s
E2E API Smoke Test / detect-changes (pull_request) Successful in 9s
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 11s
E2E Chat / detect-changes (pull_request) Successful in 14s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 14s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 9s
Harness Replays / detect-changes (pull_request) Successful in 5s
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 5s
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 4s
qa-review / approved (pull_request_target) Successful in 3s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s
sop-checklist / review-refire (pull_request_target) Has been skipped
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4
sop-checklist / na-declarations (pull_request) N/A: (none)
sop-checklist / all-items-acked (pull_request_target) Successful in 3s
security-review / approved (pull_request_target) Successful in 3s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 1s
CI / Platform (Go) (pull_request) Successful in 6s
Harness Replays / Harness Replays (pull_request) Successful in 1s
gate-check-v3 / gate-check (pull_request_target) Successful in 15s
sop-tier-check / tier-check (pull_request_target) Successful in 9s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 10s
E2E Chat / E2E Chat (pull_request) Successful in 11s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 56s
CI / Canvas (Next.js) (pull_request) Successful in 6m18s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / all-required (pull_request) Successful in 7m23s
audit-force-merge / audit (pull_request_target) Successful in 4s
Replace remaining user-facing references to the old repo name molecule-monorepo with molecule-core in clone instructions, documentation links, path examples, and source links. Affected files: - README.md (clone commands in Quick Start) - docs/quickstart.md (clone commands in one-command and manual paths) - docs/architecture/molecule-technical-doc.md (repo links) - docs/development/local-development.md (path example) - docs/infra/workspace-terminal.md (factually incorrect rename claim) - docs/integrations/opencode.md (task example) - docs/internal-content-policy.md (repo name and path references) - canvas/src/app/pricing/page.tsx (source code link) - .env.example (repo name in comment) - tools/check-template-parity.sh (path example in comment) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
4.0 KiB
4.0 KiB
Molecule AI + opencode Integration
opencode is an AI coding agent (opencode.ai) that supports remote MCP servers via
opencode.json. This guide shows how to wire it to your Molecule AI workspace.
Prerequisites
- A running Molecule platform (
MOLECULE_MCP_URL— e.g.https://api.molecule.ai) - A workspace-scoped bearer token (
MOLECULE_MCP_TOKEN) issued via the platform API
1. Declare Molecule as a remote MCP server
Create (or extend) opencode.json in your project root:
{
"mcpServers": {
"molecule": {
"type": "remote",
"url": "${MOLECULE_MCP_URL}/workspaces/${WORKSPACE_ID}/mcp",
"headers": { "Authorization": "Bearer ${MOLECULE_MCP_TOKEN}" },
"description": "Molecule AI A2A orchestration — delegate_task, list_peers, check_task_status"
}
}
}
⚠️ Never embed the token in the URL (e.g.
?token=...). Always use theAuthorization: Bearerheader. URL-embedded tokens appear in server logs, browser history, and Git history if the file is committed.
A pre-configured template is available at org-templates/molecule-dev/opencode.json.
2. Obtain a workspace-scoped token
curl -X POST https://$MOLECULE_MCP_URL/workspaces/$WORKSPACE_ID/tokens \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "opencode-agent", "scopes": ["mcp:read", "mcp:delegate"]}'
Store the returned token as MOLECULE_MCP_TOKEN in your .env (see .env.example).
3. Available tools
When opencode connects to the Molecule MCP endpoint, the agent gains access to:
| Tool | Description |
|---|---|
list_peers |
Discover available workspaces in your org |
delegate_task |
Send a task to a peer workspace and wait for the result |
delegate_task_async |
Fire-and-forget task delegation; returns a task_id |
check_task_status |
Poll an async delegation by task_id |
commit_memory |
Persist information to LOCAL or TEAM memory scope |
recall_memory |
Search previously committed memories |
Restricted tools
send_message_to_user— disabled for remote MCP callers by default; requires explicit opt-in viaMOLECULE_MCP_ALLOW_SEND_MESSAGE=true- GLOBAL memory scope —
commit_memorywithscope: GLOBALis blocked for external agents; LOCAL and TEAM scopes are available
4. Example: delegate a research task
{
"tool": "delegate_task",
"arguments": {
"target": "research-lead",
"task": "Summarise the last 7 days of commits in Molecule-AI/molecule-core"
}
}
opencode sends this tool call to the Molecule MCP endpoint. The platform routes it to your research-lead workspace and streams the response back.
5. Security notes
SAFE-T1401 — org topology exposure
list_peers returns the full set of workspace names and roles visible to your workspace. This is intentional: provisioned agents need to know their peers to delegate effectively. Be aware that any opencode agent with a valid MOLECULE_MCP_TOKEN can enumerate your org topology.
SAFE-T1201 — tool surface audit pending
The full @molecule-ai/mcp-server npm package exposes additional tools beyond those listed above. These are pending a SAFE-T1201 security audit (tracked in #747 follow-on) and must not be exposed to external agents in production until that audit completes.
Token scoping
Issue tokens with the minimum required scopes (mcp:read, mcp:delegate). Rotate tokens regularly. Revoke via DELETE /workspaces/:id/tokens/:token_id.
6. Environment variables
Add to your .env:
MOLECULE_MCP_URL=https://api.molecule.ai # or http://localhost:8080 for local dev
MOLECULE_MCP_TOKEN= # workspace-scoped bearer token from step 2
WORKSPACE_ID= # UUID of the agent workspace opencode acts as
# find it in Canvas sidebar or GET /workspaces
See .env.example for the canonical reference.