molecule-ai/molecule-core
39
0
Fork 2
Code Issues 24 Pull Requests 12 Actions 103 Packages Projects Releases Wiki Activity
f91d34c9e4
molecule-core/scripts
History
hongming-pc2 5373b5e7f6
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 18s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 13s
Details
CI / Detect changes (pull_request) Successful in 50s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 20s
Details
sop-tier-check / tier-check (pull_request) Successful in 19s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 55s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 50s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 59s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 41s
Details
Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 55s
Details
CI / Platform (Go) (pull_request) Successful in 9s
Details
CI / Canvas (Next.js) (pull_request) Successful in 10s
Details
CI / Python Lint & Test (pull_request) Successful in 9s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 23s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 13s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 11s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 12s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
audit-force-merge / audit (pull_request) Successful in 23s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Failing after 4m53s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Failing after 5m15s
Details
fix(ci): extend class-E rename to scripts/ops/sweep-*.sh (chained-defect from #430 review) 
core-devops lens review (review 1075) caught the chained defect: the 3
sweep workflows shell out to `bash scripts/ops/sweep-{aws-secrets,cf-orphans,cf-tunnels}.sh`,
and those scripts still consume the OLD env-var names — `need CP_PROD_ADMIN_TOKEN`,
`need CP_STAGING_ADMIN_TOKEN`, and `Bearer $CP_PROD_ADMIN_TOKEN` /
`Bearer $CP_STAGING_ADMIN_TOKEN` in the CP-admin curl calls. The workflow-
level presence-check loop (renamed in the first commit) would pass, then
the shell script would `exit 1` at the `need CP_PROD_ADMIN_TOKEN` line.
Classic `feedback_chained_defects_in_never_tested_workflows` — the YAML-
surface rename looked complete; the actual consumer is one layer deeper.

This commit completes the rename in the scripts:
- `CP_PROD_ADMIN_TOKEN`    -> `CP_ADMIN_API_TOKEN`
- `CP_STAGING_ADMIN_TOKEN` -> `CP_STAGING_ADMIN_API_TOKEN`
(6 occurrences total per script — comments, `need` checks, `Bearer $...`
curl headers — across all 3). The .gitea/workflows/sweep-*.yml files (first
commit) export `CP_ADMIN_API_TOKEN: ${{ secrets.CP_ADMIN_API_TOKEN }}` etc.,
so the scripts now read `$CP_ADMIN_API_TOKEN` — consistent end-to-end.

Per core-devops's other (non-blocking) note: `workflow_dispatch` each
sweep in dry-run after this lands + after the #425 class-A PUT, to confirm
the path beyond the presence-check actually works (the `MINIMAX_TOKEN`-grade
shape-match isn't enough — exercise the real CP-admin call).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-11 01:32:26 -07:00
..
demo-freeze-snapshots ops: demo-day freeze + rollback runbook 2026-05-01 12:04:30 -07:00
ops fix(ci): extend class-E rename to scripts/ops/sweep-*.sh (chained-defect from #430 review) 2026-05-11 01:32:26 -07:00
build_runtime_package.py fix(ci): add _sanitize_a2a to TOP_LEVEL_MODULES allowlist (third workflow defect) 2026-05-10 19:32:58 -07:00
build-images.sh
bundle-compile.sh
canary-smoke.sh fix(ci): migrate canary-verify from GHCR to ECR + add POST route smoke tests 2026-05-10 02:10:12 +00:00
check-cascade-list-vs-manifest.sh feat(ci): structural drift gate for cascade list vs manifest (RFC #388 PR-3) 2026-05-03 03:52:39 -07:00
check-stale-promote-pr.sh fix(ci): replace gh pr CLI with Gitea v1 REST in workflows + scripts (#75 class A) 2026-05-07 15:29:26 -07:00
cleanup-rogue-workspaces.sh
clone-manifest.sh [infra-lead-agent] fix(ci): clone-manifest.sh retry+backoff — CI-infra carve-out to main (parallel to PR #298) 2026-05-10 13:15:44 +00:00
demo-day-runbook.md ops: demo-day freeze + rollback runbook 2026-05-01 12:04:30 -07:00
demo-freeze.sh fix(scripts): migrate ghcr.io→ECR + raw.githubusercontent.com→Gitea (#46) 2026-05-07 00:56:23 -07:00
demo-thaw.sh ops: demo-day freeze + rollback runbook 2026-05-01 12:04:30 -07:00
dev-start.sh fix(dev-start): detect missing Go and fall back to docker-compose platform 2026-04-29 20:04:37 -07:00
edge-429-probe.sh chore(observability): edge-429 probe + ratelimit observability runbook 2026-05-07 15:48:34 -07:00
import-agent.sh
lockdown-tenant-sg.sh
measure-coordinator-task-bounds-runner.sh fix(harness-runner): switch from non-existent /heartbeat-history to /activity 2026-04-28 23:12:51 -07:00
measure-coordinator-task-bounds.sh docs: registry pattern + harness scripts READMEs 2026-04-28 22:19:40 -07:00
nuke-and-rebuild.sh tech-debt: rename molecule-monorepo-net -> molecule-core-net 2026-05-09 20:51:48 +00:00
post-rebuild-setup.sh
README.md docs(internal): bulk-sed molecule-core .md docs → Gitea (#37 final molecule-core sweep) 2026-05-07 01:27:50 -07:00
refresh-workspace-images.sh fix(scripts): migrate ghcr.io→ECR + raw.githubusercontent.com→Gitea (#46) 2026-05-07 00:56:23 -07:00
rollback-latest.sh fix(scripts): migrate ghcr.io→ECR + raw.githubusercontent.com→Gitea (#46) 2026-05-07 00:56:23 -07:00
test_build_runtime_package.py chore: rewriter unit tests + drop misleading noqa on import inbox 2026-04-30 20:45:32 -07:00
test-a2a-cross-runtime.sh
test-all-adapters.sh
test-all-runtimes-a2a-e2e.sh test(e2e): wire SaaS auth headers (TENANT_ADMIN_TOKEN + TENANT_ORG_ID) 2026-05-02 04:36:23 -07:00
test-all.sh
test-check-stale-promote-pr.sh feat(ops): hourly alarm for auto-promote PR stuck on REVIEW_REQUIRED (#2975) 2026-05-05 17:55:27 -07:00
test-cross-agent-chat.sh
test-hermes-plugin-e2e.sh test(e2e): unified A2A round-trip parity harness across all 4 runtimes 2026-05-02 04:36:23 -07:00
test-nuke-and-rebuild.sh
test-team-e2e.sh
wheel_smoke.py feat(mcp): notifications/claude/channel for push-feel inbox UX 2026-04-30 20:10:01 -07:00

README.md

scripts/

Operational and one-off scripts for molecule-core. Most are self-documenting — see the header comments in each file.

RFC #2251 coordinator task-bound harnesses

There are three related scripts; pick the right one:

Script Purpose Targets
measure-coordinator-task-bounds.sh Canonical v1 harness for the RFC #2251 / Issue 4 reproduction. Provisions a PM coordinator + Researcher child via claude-code-default + langgraph templates, sends a synthesis-heavy A2A kickoff, observes elapsed time + activity trace. OSS-shape platform — localhost or any /workspaces-shaped endpoint. Has tenant/admin-token guards for non-localhost runs.
measure-coordinator-task-bounds-runner.sh Generalised runner for the same measurement contract but with arbitrary template + secret + model combinations (Hermes/MiniMax, etc.). Useful for cross-runtime variants without modifying the canonical harness. Same as above (local or SaaS via MODE=saas).
measure-coordinator-task-bounds.sh (in molecule-controlplane) Production-shape variant that bootstraps a real staging tenant via POST /cp/admin/orgs, then runs the same measurement against <slug>.staging.moleculesai.app. Staging controlplane only — refuses to run against production.

See reference_harness_pair_pattern (auto-memory) for when to use which and the cross-repo design rationale.

Common safety pattern across all three

  • Cleanup trap on EXIT/INT/TERM auto-deletes provisioned resources.
  • DRY_RUN=1 prints plan + auth fingerprint, exits before any state mutation. Run this before pointing at staging or any shared infrastructure.
  • Non-target guard refuses arbitrary endpoints (the controlplane variant is locked to staging-api.moleculesai.app; the OSS variant requires explicit auth + tenant scoping for non-localhost PLATFORM).
  • Cleanup failures emit cleanup_*_failed events with remediation hints; no silenced curl. ADMIN_TOKEN expiring mid-run surfaces as a structured event rather than a silent leak.

Activity trace caveat

If activity_trace.raw == "<endpoint_unavailable>", the per-workspace /activity endpoint isn't wired on the target build — the bound measurement is INCONCLUSIVE on the platform-ceiling question. Either wire the endpoint or replace with the equivalent Datadog query. Note that /activity accepts a since_secs query parameter; see the endpoint handler for the supported range.

Other scripts

  • cleanup-rogue-workspaces.sh — emergency teardown for leaked workspaces. Prompts for confirmation. Pair with the harnesses if a cleanup trap fails (see cleanup_*_failed events).
  • canary-smoke.sh — quick smoke test for canary releases.
  • dev-start.sh — local-dev platform bring-up.

The rest are self-documenting in their header comments.