molecule-ai/molecule-core
38
0
Fork 2
Code Issues 25 Pull Requests 8 Actions 10 Packages Projects Releases Wiki Activity
a4c314bea5
molecule-core/workspace
History
Molecule AI Core-DevOps 1492b40b38
Some checks failed
sop-tier-check / tier-check (pull_request) Failing after 28s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 37s
Details
ci(docker): pin base image digests in all Dockerfiles 
Pins all FROM image tags to exact SHA256 digests for reproducible
builds. Without digest pinning, a registry push of a new image to the
same tag can silently change the layer content between builds — a
supply-chain risk especially for prod-deployed images.

Pinned images (7 Dockerfiles):
- golang:1.25-alpine → sha256:c4ea15b... (workspace-server/Dockerfile,
  Dockerfile.dev, Dockerfile.tenant, tests/harness/cp-stub/Dockerfile)
- alpine:3.20 → sha256:c64c687c... (workspace-server/Dockerfile,
  tests/harness/cp-stub/Dockerfile)
- node:20-alpine → sha256:afdf982... (workspace-server/Dockerfile.tenant)
- node:22-alpine → sha256:cb15fca... (canvas/Dockerfile)
- python:3.11-slim → sha256:e78299e... (workspace/Dockerfile)
- nginx:1.27-alpine → sha256:62223d6... (tests/harness/cf-proxy/Dockerfile)

Note: docker-compose.yml service images (postgres, redis, clickhouse,
litellm, ollama) are intentionally left on major-version tags — those
are runtime-pulled and updated regularly for local-dev ergonomics.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-09 23:56:39 +00:00
..
adapters
builtin_tools
lib
molecule_audit
platform_tools feat(mcp): multi-workspace routing for memory + chat_history + workspace_info 2026-05-04 14:17:58 -07:00
plugins_registry
policies
scripts
skill_loader
tests [core-be-agent] 2026-05-09 22:16:11 +00:00
.coveragerc
a2a_cli.py
a2a_client.py fix(a2a): SSOT response parser — handle poll-mode queued envelope (#2967) 2026-05-05 17:21:28 -07:00
a2a_executor.py fix(a2a): route terminal Message via TaskUpdater.complete/failed in task mode 2026-05-03 04:06:45 -07:00
a2a_mcp_server.py fix(onboarding): address Claude Code MCP onboarding friction (#2934) 2026-05-05 14:19:09 -07:00
a2a_response.py fix(a2a): SSOT response parser — handle poll-mode queued envelope (#2967) 2026-05-05 17:21:28 -07:00
a2a_tools_delegation.py fix(a2a): SSOT response parser — handle poll-mode queued envelope (#2967) 2026-05-05 17:21:28 -07:00
a2a_tools_inbox.py refactor(workspace): extract inbox tools from a2a_tools.py (RFC #2873 iter 4e) 2026-05-05 14:28:58 -07:00
a2a_tools_memory.py refactor(workspace): extract memory tools from a2a_tools.py to a2a_tools_memory.py (RFC #2873 iter 4c) 2026-05-05 09:50:39 -07:00
a2a_tools_messaging.py refactor(workspace): extract messaging tools from a2a_tools.py to a2a_tools_messaging.py (RFC #2873 iter 4d) 2026-05-05 09:50:47 -07:00
a2a_tools_rbac.py refactor(workspace): extract RBAC helpers from a2a_tools.py to a2a_tools_rbac.py (RFC #2873 iter 4a) 2026-05-05 04:43:16 -07:00
a2a_tools.py refactor(workspace): extract inbox tools from a2a_tools.py (RFC #2873 iter 4e) 2026-05-05 14:28:58 -07:00
adapter_base.py feat: drop shared_context — use memory v2 team namespace instead 2026-05-04 16:30:26 -07:00
agent.py
agents_md.py
boot_routes.py test(runtime): pin PR #2756's card-vs-setup decoupling with build_routes helper 2026-05-04 14:59:56 -07:00
build-all.sh docs(workspace-runtime): migrate github.com refs at source so mirror inherits Gitea links (internal#41) 2026-05-07 00:48:04 -07:00
card_helpers.py fix(runtime): isolate card-skill enrichment + transcript handler from adapter shape mismatch 2026-05-04 14:15:27 -07:00
config.py feat: drop shared_context — use memory v2 team namespace instead 2026-05-04 16:30:26 -07:00
configs_dir.py
consolidation.py
coordinator.py feat: drop shared_context — use memory v2 team namespace instead 2026-05-04 16:30:26 -07:00
Dockerfile ci(docker): pin base image digests in all Dockerfiles 2026-05-09 23:56:39 +00:00
entrypoint.sh fix(workspace): set git user.name/email from $GITEA_USER at boot 2026-05-09 12:52:17 -07:00
event_log.py
events.py
executor_helpers.py
heartbeat.py
inbox_uploads.py fix(inbox-uploads): cancel BatchFetcher futures on wait_all timeout 2026-05-05 12:34:41 -07:00
inbox.py fix(inbox): drop unused batch_fetcher = None after end-of-batch drain 2026-05-05 11:56:54 -07:00
initial_prompt.py
internal_chat_uploads.py
internal_file_read.py
main.py tech-debt: rename molecule-monorepo-net -> molecule-core-net 2026-05-09 20:51:48 +00:00
mcp_cli.py feat(mcp): add molecule-mcp doctor onboarding diagnostic 2026-05-05 15:44:36 -07:00
mcp_doctor.py fix(mcp-doctor): heartbeat (idempotent) instead of register (UPSERT) 2026-05-05 16:11:08 -07:00
mcp_heartbeat.py refactor(workspace): split mcp_cli.py (626 LOC) into focused modules (RFC #2873 iter 3) 2026-05-05 04:33:06 -07:00
mcp_inbox_pollers.py refactor(workspace): split mcp_cli.py (626 LOC) into focused modules (RFC #2873 iter 3) 2026-05-05 04:33:06 -07:00
mcp_workspace_resolver.py mcp: surface specific TOKEN_FILE errors + link follow-ups (#2934) 2026-05-05 15:07:15 -07:00
molecule_ai_status.py
not_configured_handler.py fix(runtime): redact secret-shaped tokens from JSON-RPC error.data 2026-05-04 15:07:53 -07:00
platform_auth.py feat(mcp): cross-workspace delegation routing (multi-ws PR-2) 2026-05-04 08:32:24 -07:00
platform_inbound_auth.py
plugins.py
preflight.py fix(preflight): downgrade required_env + auth_token failures to warnings 2026-05-04 12:20:34 -07:00
prompt.py feat: drop shared_context — use memory v2 team namespace instead 2026-05-04 16:30:26 -07:00
pytest.ini
rebuild-runtime-images.sh
requirements.txt
runtime_wedge.py
secret_redactor.py fix(runtime): redact secret-shaped tokens from JSON-RPC error.data 2026-05-04 15:07:53 -07:00
shared_runtime.py
smoke_mode.py
transcript_auth.py
watcher.py