fix(personas): sweep stale GitHub references in agent-facing prompts (Closes molecule-ai/internal#210)

GitHub org `Molecule-AI` was suspended 2026-05-06; canonical SCM is now
Gitea at git.moleculesai.app/molecule-ai. Per-agent Gitea identities are
now the default (memory: feedback_per_agent_gitea_identity_default).
Agent prompts/configs hadn't been swept yet — agents reading the brief
literally still tried `gh ...` against api.github.com (401/403) and
mis-named the SCM in PR descriptions / issue bodies.

This sweeps the per-persona system-prompts, work-cycle pick-up scripts,
and supporting persona descriptions. Mechanical patterns:

  - "GitHub issue comment, PR description"        -> "Gitea issue comment, PR description"
  - "Every GitHub comment, PR description, ..."   -> "Every Gitea comment, PR description, ..."
  - "team shares one GitHub App identity"         -> "each agent has its own Gitea persona identity"
  - "Check GitHub issues assigned to you"         -> "Check Gitea issues assigned to you"
  - "FILE A GITHUB ISSUE" / "file a GitHub issue" -> "FILE A GITEA ISSUE" / "file a Gitea issue"
  - "Molecule-AI GitHub org"                      -> "molecule-ai Gitea org"
  - "GitHub Actions CI"                           -> "Gitea Actions CI"
  - "Molecule-AI/<repo>"                          -> "molecule-ai/<repo>" (Gitea path-shape)
  - "GitHub links"                                -> "Gitea links"

Out of scope (intentionally untouched):
  - SHARED_RULES.md — already documents the post-2026-05-06 migration
  - SECRETS_MATRIX.md — historical "GitHub Apps" backlog reference (#7)
  - README.md — repo-layout doc references `.github/workflows/` directory
    name on the standard CI lib (kept for accuracy until the .github ->
    .gitea rename lands org-wide; see internal/runbooks/gitea-actions-
    migration-checklist.md §A)
  - dev-lead/triage-operator/handoff-notes.md — historical incident notes
  - .molecule-ci/scripts/*.py — uses GITHUB_WORKSPACE env (gitea-actions
    runner exposes it via GITHUB_* compatibility shims)
  - Local filesystem paths under ~/.claude/projects/-Users-hongming-
    Documents-GitHub-* — actual on-disk session memory paths
  - "Stripe/GitHub webhook signatures" reference in cp-security — talks
    about external GitHub webhook verification, not our SCM

72 files changed, 151 insertions, 151 deletions.

Tier: low (docs/config-only, no code path).

SECRETS_MATRIX.md

@@ -10,7 +10,7 @@ The platform supports per-workspace `.env` files (loaded by `org_import.go` and
 
 | Role | Secrets it gets | Scope of action enabled |
 |---|---|---|
-| **All workspaces** (org-root `.env`) | **Current default (MiniMax-M2.7 — `model:` in every workspace.yaml):** `ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic` + `ANTHROPIC_AUTH_TOKEN=<MiniMax Token Plan key>`. Alternatives: `CLAUDE_CODE_OAUTH_TOKEN` / `ANTHROPIC_API_KEY` (Anthropic-direct), or `OPENAI_API_KEY`. | Run the LLM. Required for any agent to think. The MiniMax Token Plan key is in the operator SSOT as `MINIMAX_API_KEY` (+ `MINIMAX_BASE_URL`); see `internal#211`. |
+| **All workspaces** (org-root `.env`) | `CLAUDE_CODE_OAUTH_TOKEN` (or model-specific equivalent: `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`) | Run the LLM. Required for any agent to think. |
 | **PM** | `TELEGRAM_BOT_TOKEN`, `TELEGRAM_CHAT_ID` (CEO comms only) | Send Telegram messages to CEO. Max 2-3/day per SHARED_RULES rule 11. |
 | **Dev Lead, Core Lead, App Lead, CP Lead, Infra Lead, SDK Lead** | `GH_TOKEN` (write) | `tea pr merge`, `tea issue close`, `tea pr review --approve` on the team's repo. SHARED_RULES rule 9: Leads merge in their domain. |
 | **Triage Operator** | `GH_TOKEN` (write, org-wide) | Cross-org triage: close stale, label, escalate. May merge mechanical PRs only. |

dev-department.yaml

@@ -41,7 +41,6 @@ defaults:
     - molecule-session-context         # auto-load cron learnings + PR/issue counts on SessionStart
     - molecule-skill-cron-learnings    # per-tick learning JSONL (pairs with session-context)
     - molecule-skill-update-docs       # keep architecture / README / edit-history aligned
-    - molecule-skill-five-axis-review  # SOP Phase 4 — structured five-axis self-review before PR
 
   # Audit-summary routing — Auditors fan out findings to the listed roles.
   # Roles are by display name (Dev Lead, Backend Engineer, ...) not by

dev-lead/.env.example

@@ -7,22 +7,8 @@
 # from rule 10 (CI green + qa-agent + security-auditor-agent + uiux-agent
 # APPROVED or N/A waiver).
 
-# --- LLM: MiniMax-M2.7 via MiniMax "Token Plan" key ---
+# --- LLM ---
-# This workspace's runtime is `claude-code` and workspace.yaml pins
+CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
-# `model: MiniMax-M2.7`. Claude Code reaches MiniMax through MiniMax's
-# Anthropic-compatible endpoint, so the auth env it needs is:
-ANTHROPIC_BASE_URL=https://api.minimax.io/anthropic
-ANTHROPIC_AUTH_TOKEN=sk-cp-...
-# Get the token from https://platform.minimax.io/user-center/payment/token-plan
-# ("Token Plan Key"). The operator's unified credentials file exposes the same
-# value as MINIMAX_API_KEY (+ MINIMAX_BASE_URL=https://api.minimax.io); see
-# internal#211. If the platform runtime maps `model:` -> endpoint itself, then
-# MINIMAX_API_KEY alone is enough and these two ANTHROPIC_* lines can be dropped.
-#
-# To run this team on Anthropic-direct instead, set
-#   CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
-# (or ANTHROPIC_API_KEY=sk-ant-...), drop the ANTHROPIC_BASE_URL line, and
-# change `model:` in the workspace.yaml files accordingly.
 
 # --- GitHub (full repo write — Dev Lead merges) ---
 # Generate a fine-grained PAT with scope:

dev-lead/app-lead/workspace.yaml

@@ -4,7 +4,7 @@ role: >-
   Leads App-FE, App-QA, Doc Specialist, Technical Writer.
 tier: 3
 runtime: claude-code
-model: opus
+model: MiniMax-M2.7
 parent: dev-lead
 files_dir: dev-lead/app-lead
 plugins: [molecule-skill-code-review, molecule-skill-llm-judge]

dev-lead/core-lead/workspace.yaml

@@ -4,7 +4,7 @@ role: >-
   Leads Core-BE, Core-FE, Core-QA, Core-Security, Core-UIUX, Core-DevOps, Core-OffSec.
 tier: 3
 runtime: claude-code
-model: opus
+model: MiniMax-M2.7
 parent: dev-lead
 files_dir: dev-lead/core-lead
 plugins: [molecule-skill-code-review, molecule-skill-llm-judge, molecule-compliance]

dev-lead/cp-lead/workspace.yaml

@@ -4,7 +4,7 @@ role: >-
   Triage+merge authority. Leads CP-BE, CP-QA, CP-Security.
 tier: 3
 runtime: claude-code
-model: opus
+model: MiniMax-M2.7
 parent: dev-lead
 files_dir: dev-lead/cp-lead
 plugins: [molecule-hitl, molecule-skill-code-review, molecule-security-scan, molecule-skill-llm-judge, molecule-compliance]

dev-lead/infra-lead/workspace.yaml

@@ -4,7 +4,7 @@ role: >-
   molecule-ci, molecule-ai/internal. Leads Infra-SRE, Infra-Runtime-BE.
 tier: 3
 runtime: claude-code
-model: opus
+model: MiniMax-M2.7
 parent: dev-lead
 files_dir: dev-lead/infra-lead
 plugins: [molecule-hitl, molecule-skill-code-review, molecule-freeze-scope]

dev-lead/sdk-lead/workspace.yaml

@@ -4,7 +4,7 @@ role: >-
   molecule-cli, all plugin repos. Leads SDK-Dev, Plugin-Dev.
 tier: 3
 runtime: claude-code
-model: opus
+model: MiniMax-M2.7
 parent: dev-lead
 files_dir: dev-lead/sdk-lead
 plugins: [molecule-skill-code-review, molecule-skill-llm-judge, molecule-compliance]

dev-lead/workspace.yaml

@@ -5,7 +5,7 @@ role: >-
   Manager, Integration Tester, and Fullstack (floater).
 tier: 3
 runtime: claude-code
-model: opus
+model: MiniMax-M2.7
 files_dir: dev-lead
 # Dev Lead enforces PR quality gates (see gate 2a in
         # .claude/skills/triage/SKILL.md) and reviews engineering output