feat(defaults): add molecule-skill-five-axis-review plugin (#6 )

feat(defaults): add molecule-skill-five-axis-review plugin (#6) Wires SOP Phase 4 self-review skill into dev-department.yaml defaults so every dev workspace picks it up automatically. Plugin v1.0.0 verified at git.moleculesai.app/molecule-ai/molecule-ai-plugin-molecule-skill-five-axis-review (tag commit 4835359d). Audit: - author: claude-ceo-assistant (orchestrator persona) - authorization: Hongming chat-go 2026-05-10T11:15Z - force-merge reason: repo has no CI; orchestrator-authored PRs require force_merge - conflict check: no overlap with #10 (touched dev-lead/**/workspace.yaml model fields, this PR touches only root dev-department.yaml defaults.plugins) - five-axis self-review: clean (per PR body)
Merge pull request 'fix(leads): put dev-team leads on Claude Opus, not MiniMax' (#10 ) from fix/leads-on-opus into main
2026-05-10 11:28:34 +00:00 · 2026-05-10 10:18:18 +00:00 · 2026-05-10 02:27:48 -07:00 · 2026-05-10 06:36:54 +00:00 · 2026-05-10 05:37:36 +00:00 · 2026-05-09 22:37:03 -07:00
9 changed files with 24 additions and 9 deletions
--- a/SECRETS_MATRIX.md
+++ b/SECRETS_MATRIX.md
@ -10,7 +10,7 @@ The platform supports per-workspace `.env` files (loaded by `org_import.go` and

 | Role | Secrets it gets | Scope of action enabled |
 |---|---|---|
-| **All workspaces** (org-root `.env`) | `CLAUDE_CODE_OAUTH_TOKEN` (or model-specific equivalent: `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`) | Run the LLM. Required for any agent to think. |
+| **All workspaces** (org-root `.env`) | **Current default (MiniMax-M2.7 — `model:` in every workspace.yaml):** `ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic` + `ANTHROPIC_AUTH_TOKEN=<MiniMax Token Plan key>`. Alternatives: `CLAUDE_CODE_OAUTH_TOKEN` / `ANTHROPIC_API_KEY` (Anthropic-direct), or `OPENAI_API_KEY`. | Run the LLM. Required for any agent to think. The MiniMax Token Plan key is in the operator SSOT as `MINIMAX_API_KEY` (+ `MINIMAX_BASE_URL`); see `internal#211`. |
 | **PM** | `TELEGRAM_BOT_TOKEN`, `TELEGRAM_CHAT_ID` (CEO comms only) | Send Telegram messages to CEO. Max 2-3/day per SHARED_RULES rule 11. |
 | **Dev Lead, Core Lead, App Lead, CP Lead, Infra Lead, SDK Lead** | `GH_TOKEN` (write) | `tea pr merge`, `tea issue close`, `tea pr review --approve` on the team's repo. SHARED_RULES rule 9: Leads merge in their domain. |
 | **Triage Operator** | `GH_TOKEN` (write, org-wide) | Cross-org triage: close stale, label, escalate. May merge mechanical PRs only. |
--- a/dev-department.yaml
+++ b/dev-department.yaml
@ -41,6 +41,7 @@ defaults:
    - molecule-session-context         # auto-load cron learnings + PR/issue counts on SessionStart
    - molecule-skill-cron-learnings    # per-tick learning JSONL (pairs with session-context)
    - molecule-skill-update-docs       # keep architecture / README / edit-history aligned
+    - molecule-skill-five-axis-review  # SOP Phase 4 — structured five-axis self-review before PR

  # Audit-summary routing — Auditors fan out findings to the listed roles.
  # Roles are by display name (Dev Lead, Backend Engineer, ...) not by
--- a/dev-lead/.env.example
+++ b/dev-lead/.env.example
@ -7,8 +7,22 @@
 # from rule 10 (CI green + qa-agent + security-auditor-agent + uiux-agent
 # APPROVED or N/A waiver).

-# --- LLM ---
-CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
+# --- LLM: MiniMax-M2.7 via MiniMax "Token Plan" key ---
+# This workspace's runtime is `claude-code` and workspace.yaml pins
+# `model: MiniMax-M2.7`. Claude Code reaches MiniMax through MiniMax's
+# Anthropic-compatible endpoint, so the auth env it needs is:
+ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic
+ANTHROPIC_AUTH_TOKEN=sk-cp-...
+# Get the token from https://platform.minimax.io/user-center/payment/token-plan
+# ("Token Plan Key"). The operator's unified credentials file exposes the same
+# value as MINIMAX_API_KEY (+ MINIMAX_BASE_URL=https://api.minimax.io); see
+# internal#211. If the platform runtime maps `model:` -> endpoint itself, then
+# MINIMAX_API_KEY alone is enough and these two ANTHROPIC_* lines can be dropped.
+#
+# To run this team on Anthropic-direct instead, set
+#   CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
+# (or ANTHROPIC_API_KEY=sk-ant-...), drop the ANTHROPIC_BASE_URL line, and
+# change `model:` in the workspace.yaml files accordingly.

 # --- GitHub (full repo write — Dev Lead merges) ---
 # Generate a fine-grained PAT with scope:
--- a/dev-lead/app-lead/workspace.yaml
+++ b/dev-lead/app-lead/workspace.yaml
@ -4,7 +4,7 @@ role: >-
  Leads App-FE, App-QA, Doc Specialist, Technical Writer.
 tier: 3
 runtime: claude-code
-model: MiniMax-M2.7
+model: opus
 parent: dev-lead
 files_dir: dev-lead/app-lead
 plugins: [molecule-skill-code-review, molecule-skill-llm-judge]
--- a/dev-lead/core-lead/workspace.yaml
+++ b/dev-lead/core-lead/workspace.yaml
@ -4,7 +4,7 @@ role: >-
  Leads Core-BE, Core-FE, Core-QA, Core-Security, Core-UIUX, Core-DevOps, Core-OffSec.
 tier: 3
 runtime: claude-code
-model: MiniMax-M2.7
+model: opus
 parent: dev-lead
 files_dir: dev-lead/core-lead
 plugins: [molecule-skill-code-review, molecule-skill-llm-judge, molecule-compliance]
--- a/dev-lead/cp-lead/workspace.yaml
+++ b/dev-lead/cp-lead/workspace.yaml
@ -4,7 +4,7 @@ role: >-
  Triage+merge authority. Leads CP-BE, CP-QA, CP-Security.
 tier: 3
 runtime: claude-code
-model: MiniMax-M2.7
+model: opus
 parent: dev-lead
 files_dir: dev-lead/cp-lead
 plugins: [molecule-hitl, molecule-skill-code-review, molecule-security-scan, molecule-skill-llm-judge, molecule-compliance]
--- a/dev-lead/infra-lead/workspace.yaml
+++ b/dev-lead/infra-lead/workspace.yaml
@ -4,7 +4,7 @@ role: >-
  molecule-ci, molecule-ai/internal. Leads Infra-SRE, Infra-Runtime-BE.
 tier: 3
 runtime: claude-code
-model: MiniMax-M2.7
+model: opus
 parent: dev-lead
 files_dir: dev-lead/infra-lead
 plugins: [molecule-hitl, molecule-skill-code-review, molecule-freeze-scope]
--- a/dev-lead/sdk-lead/workspace.yaml
+++ b/dev-lead/sdk-lead/workspace.yaml
@ -4,7 +4,7 @@ role: >-
  molecule-cli, all plugin repos. Leads SDK-Dev, Plugin-Dev.
 tier: 3
 runtime: claude-code
-model: MiniMax-M2.7
+model: opus
 parent: dev-lead
 files_dir: dev-lead/sdk-lead
 plugins: [molecule-skill-code-review, molecule-skill-llm-judge, molecule-compliance]
--- a/dev-lead/workspace.yaml
+++ b/dev-lead/workspace.yaml
@ -5,7 +5,7 @@ role: >-
  Manager, Integration Tester, and Fullstack (floater).
 tier: 3
 runtime: claude-code
-model: MiniMax-M2.7
+model: opus
 files_dir: dev-lead
 # Dev Lead enforces PR quality gates (see gate 2a in
        # .claude/skills/triage/SKILL.md) and reviews engineering output
Author	SHA1	Message	Date
claude-ceo-assistant	577c918d7b	feat(defaults): add molecule-skill-five-axis-review plugin (#6 ) feat(defaults): add molecule-skill-five-axis-review plugin (#6) Wires SOP Phase 4 self-review skill into dev-department.yaml defaults so every dev workspace picks it up automatically. Plugin v1.0.0 verified at git.moleculesai.app/molecule-ai/molecule-ai-plugin-molecule-skill-five-axis-review (tag commit 4835359d). Audit: - author: claude-ceo-assistant (orchestrator persona) - authorization: Hongming chat-go 2026-05-10T11:15Z - force-merge reason: repo has no CI; orchestrator-authored PRs require force_merge - conflict check: no overlap with #10 (touched dev-lead/**/workspace.yaml model fields, this PR touches only root dev-department.yaml defaults.plugins) - five-axis self-review: clean (per PR body)	2026-05-10 11:28:34 +00:00
claude-ceo-assistant	3992268132	Merge pull request 'fix(leads): put dev-team leads on Claude Opus, not MiniMax' (#10 ) from fix/leads-on-opus into main	2026-05-10 10:18:18 +00:00
hongming-pc2	aa50287f8b	fix(leads): put dev-team leads on Claude Opus, not MiniMax PR #9 wired the entire dev-department to MiniMax-M2.7, including the six sub-team leads. Per the model-tiering directive (leads → Claude Opus subscription, ICs → MiniMax-M2.7), the leads must run `model: opus` (the anthropic-oauth entry in config.yaml's runtime_config.models — auth via CLAUDE_CODE_OAUTH_TOKEN, no base_url). Changed: dev-lead, app-lead, core-lead, cp-lead, infra-lead, sdk-lead. Unchanged: integration-tester, release-manager (ICs, stay on MiniMax); fullstack-engineer + triage-operator already `model: opus`. NB: molecule_runtime reads the MODEL_PROVIDER env var as the picked model id (misnomer), at higher precedence than this `model:` field. The deployed fix on the PC2 platform also sets per-workspace workspace_secrets MODEL_PROVIDER=opus + CLAUDE_CODE_OAUTH_TOKEN and blanks ANTHROPIC_AUTH_TOKEN/ANTHROPIC_BASE_URL (so the MiniMax-flavored global_secrets don't leak in). The operator-host lead persona env files (/etc/molecule-bootstrap/personas/<lead>/env) still carry the stale MODEL_PROVIDER=claude-code (which made the claude CLI 404 on `--model claude-code`) and need the same correction out of band — they aren't tracked in any repo. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-10 02:27:48 -07:00
claude-ceo-assistant	e963f1e71a	fix(personas): sweep stale GitHub references in agent-facing prompts (#8 , closes molecule-ai/internal#210 ) core-lead approved; Hongming chat-go.	2026-05-10 06:36:54 +00:00
claude-ceo-assistant	b0226ba1c6	Merge pull request 'fix(secrets): wire dev-department LLM env to MiniMax-M2.7 (Token Plan key)' (#9 ) from fix/dev-department-minimax-llm-env into main	2026-05-10 05:37:36 +00:00
orchestrator	39bf4241e4	fix(secrets): wire dev-department LLM env to MiniMax-M2.7 (Token Plan key) Every workspace.yaml pins runtime: claude-code + model: MiniMax-M2.7, but dev-lead/.env.example provisioned CLAUDE_CODE_OAUTH_TOKEN (Anthropic-direct) — so a freshly-imported dev-department workspace had a Claude OAuth token and a MiniMax model reference that don't match, and would fail to call the model. - dev-lead/.env.example: replace the LLM block with the Claude-Code->MiniMax Anthropic-compat wiring (ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic + ANTHROPIC_AUTH_TOKEN=<Token Plan key>), with a note that the same value is in the operator SSOT as MINIMAX_API_KEY and how to switch back to Anthropic-direct. - SECRETS_MATRIX.md: 'All workspaces' row now states MiniMax-M2.7 (Token Plan key) as the current default LLM, with the SSOT pointer. Endpoint verified live: POST https://api.minimax.io/anthropic/v1/messages with the Token Plan key -> 200, MiniMax-M2.7 response. Key provisioned in SSOT per internal#211. Note: no post-rebuild-setup.sh found in this repo; if one exists elsewhere (parent template / CP tooling) and hardcodes the LLM env, it needs the same update.	2026-05-09 22:37:03 -07:00
claude-ceo-assistant	e23cbf6bf0	feat(defaults): add molecule-skill-five-axis-review plugin Wire the new SOP Phase 4 self-review skill into dev-department defaults so every dev workspace (Dev Lead, Core Platform, Controlplane, App-Docs, Infra, SDK + floaters + Triage Operator) picks it up automatically. The plugin (v1.0.0, git.moleculesai.app/molecule-ai/molecule-ai-plugin-molecule-skill-five-axis-review) implements the structured Five-Axis self-review that replaces the unstructured 'list 3 weakest spots' Phase 4 (canonical SOP doc: internal/runbooks/dev-sop.md, opened in internal#84). Per the org-template plugin resolution contract (PR #71, issue #68), this UNIONs with per-workspace plugins lists. Workspaces can opt out on a case-by-case basis with the standard '!molecule-skill-five-axis-review' or '-molecule-skill-five-axis-review' prefix in their own plugins: list. WHY Five-Axis self-review on the !external resolver work (internal#77, PRs #105+#106 of molecule-core) caught three Required-severity issues that the same author's unstructured 3-weakest pass on the same code missed: cache validity gap, token persistence in .git/config, misleading function name post-refactor. The structured pass on PR #107 caught all three on first read. Setting the skill as a default rather than per-workspace because every agent doing substantive change benefits from the structured pass — it's the default mode of operation, not an opt-in. REFS internal#84 — canonical SOP doc with new Phase 4 wording molecule-core PR #107 — hardening pass driven by the five-axis review Plugin tag v1.0.0 sha 4835359 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 06:08:31 -07:00