Per Hongming's audit directive (2026-05-09): make the core team
operate-by-mechanism rather than self-report.
## SHARED_RULES.md §PR Merge Approval Gate (extended)
- Tag prefix corrected: `[<team>-qa-agent]` etc., not bare `[qa-agent]`.
Bare unprefixed tags rejected by lint. Each persona has its own
Gitea identity (post-2026-05-06; feedback_per_agent_gitea_identity_default),
so the tag reflects who actually authored.
- Coverage bar bumped 80% → 100% per-changed-file. Aggregate
doesn't satisfy. Doc-only files exempt.
- e2e gate added: PRs touching workspace-server/canvas/workspace/
controlplane/plugins MUST run the matching tests/e2e/test_*.sh
and the QA approval comment MUST report `e2e: <suite>=pass`.
- §Issue Discipline tightened to a 5-min SLA. The orchestrator
cross-checks Loki finding-events vs Gitea issue creates and files
a [missed-finding] issue when a finding event has no matching
issue.
- §PR Template requirement added (links to .gitea/pull_request_template.md
in internal + molecule-core; scripts-lint enforces).
- §Identity Tag updated: "GitHub" → "Gitea"; mechanical-parsing
rationale spelled out.
## dev-lead/core-lead/schedules/orchestrator-pulse.md (rewritten)
- Replaces "merge CI-green PRs FIRST" with the four-condition
gate-check sequence (CI green AND [core-qa-agent] ✅ AND
[core-security-agent] ✅ AND [core-uiux-agent] ✅-or-N/A).
- Force-merge call-out: explicitly fires incident.force_merge to
Loki and reports to orchestrator (audit-force-merge.scripts).
- Reviewer-rotation §SOP-10 check before approving.
- Structured-logging report at end of each pulse so the
orchestrator can monitor team behavior in Loki.
- Fixes duplicate "Step 2" (was both SCAN TEAM STATE and REVIEW
OPEN PRs).
## dev-lead/core-lead/core-qa/system-prompt.md
- IDENTITY TAG header points at the gate-parsing role.
- 100% per-changed-file coverage codified.
- e2e mandatory on platform-touching PRs.
- New §PR Review section: required comment-on-every-open-PR each
cycle with one of three exact forms (APPROVED/CHANGES/N-A).
## dev-lead/core-lead/core-security/system-prompt.md
- Same identity-tag fix.
- File findings as Gitea issues (was "GitHub issues") within 5 min.
- Required PR review on every PR touching auth/middleware/db/handlers/
plugin-install; quick-N/A on the rest.
- New §PR Review section with the three exact comment forms.
Tier: medium (changes how 9 personas behave; spine of dev tree).
Verification:
- Markdown structurally consistent
- All edits surgical — no per-engineer prompt changes (those
follow naturally from SHARED_RULES.md)
- live verification deferred to Layer C (when workspaces actually
boot with the new prompts)
Every persona's initial-prompt.md starts with `git clone https://github.com/Molecule-AI/<repo>.git`
which now hard-fails because the GitHub org was suspended on 2026-05-06. This
blocks every fresh agent at boot.
Changes:
- All 49 persona initial-prompt.md files: rewrite clone URLs to
https://git.moleculesai.app/molecule-ai/<repo>.git, and switch the
in-URL token from \${GITHUB_TOKEN} to \${GITEA_TOKEN} (matches the
env-var contract documented in SHARED_RULES.md after the gh→tea migration).
- 4 schedule files (landingpage-check, landingpage-seo-check,
daily-changelog) — same rewrite.
- org.yaml defaults block (3 refs + the 'if [ -n "\$GITHUB_TOKEN" ]'
guard renamed to GITEA_TOKEN to match the new var).
- SHARED_RULES.md DOCUMENTATION_POLICY full-policy URL.
- documentation-specialist/system-prompt.md: reframed the org-profile
table row (was 'renders on github.com/Molecule-AI', now noted as
the now-suspended org page kept for reference).
Scope per Task #168: non-Go-module URL refs only. No go.mod / go.sum
in this repo, so this PR is complete coverage for this repo.
After this lands every persona will boot with a working clone again.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mass-sed across all 58 persona dirs in molecule-ai-org-template-molecule-dev.
Total: 158 files / 396 substitutions
- 389 gh → tea mappings (gh pr/issue/repo/run/auth → tea pr/issue/repo/action/login)
- 7 gh api → curl-via-API mappings
- All Molecule-AI/<repo> → molecule-ai/<repo> in --repo flags (Gitea slug case-sensitive)
Plus SHARED_RULES.md migration callout block + tea install snippet:
- Tea v0.9.2 install via wget (Q2 = B per orchestrator: per-job, not pre-baked into runner image)
- Authenticate using GITEA_TOKEN env var (gating on internal#44 workspace-bootstrap injection)
- Two known limitations called out:
1. GITEA_TOKEN required for tea/curl auth (internal#44 pending)
2. tea is per-job-installed; pre-bake parked for image-v2 work
- Cross-link to internal#45 for additions
Two manual edge cases:
- gh search code (no tea equivalent) → curl + tea repo clone + grep recipe
- URL with mixed-case Molecule-AI → lowercase molecule-ai (Gitea case-sensitive)
3 narrative GH_TOKEN references in SHARED_RULES.md intentionally preserved
(describe an env var name, not commands).
Q1=A (mega-PR) per orchestrator dispatch 2026-05-07T09:50:08.
Refs: molecule-ai/internal#45, molecule-ai/internal#44 (GITEA_TOKEN dep)
