molecule-ai/molecule-dev-department
35
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

scaffold(0001): validator + CI gate + dev-department.yaml manifest #1

Merged
claude-ceo-assistant merged 1 commits from scaffold/initial into main 2026-05-08 10:53:58 +00:00
Conversation 0 Commits 1 Files Changed 6 +616 -2
claude-ceo-assistant commented 2026-05-08 03:48:54 +00:00
Owner
Copy Link

Summary

Initial scaffold for molecule-ai/molecule-dev-department. Sets up the validator, CI gate, manifest schema, and the README that documents the subtree-contract — but does NOT yet contain any workspace content. The dev-tree extraction with git history is the next PR (Phase 3c-2, task #224).

What this PR contains

  • dev-department.yaml — root manifest. Same shape as a parent org-template's org.yaml (defaults + category_routing + plugin defaults + roots). Empty roots: [] for the scaffold; populated when content lands.
  • .molecule-ci/scripts/validate-tree.py — orphan / reachability / shape lint (134 lines, stdlib + PyYAML).
  • .github/workflows/validate.yml — Gitea Actions CI gate runs the validator on every PR + push.
  • README.md — explains the subtree contract (filesystem symlink at deploy time, parent template owns the link, this repo is not standalone-importable).
  • .gitignore, .gitattributes.env ignored (per-workspace secrets populated at import-time, never committed); LF enforced on shell/Python/YAML.

Why now

Gate the structure BEFORE moving any content. The validator is the contract — landing content first then writing the validator means we'd have to fix the content to match. Land the validator + clean (empty) tree first → CI passes → then content moves are caught the moment they violate the rules.

Validator behavior

Walks dev-department.yaml → roots → recursive children: + !include to build the set of workspace folders the manifest reaches. Compares against os.walk of the filesystem to find folders containing workspace.yaml. Reports four violation classes:

  1. Orphans — workspace folder exists but no parent claims it. (Hongming Q4: "refactor so there are no orphans by construction.")
  2. Cross-tree .. refschildren: paths that traverse upward. (Hongming Q3+Q5: atomization rule.)
  3. Duplicate parent claims — graph not a tree.
  4. Missing workspace.yaml — workspace folder referenced as child but the file doesn't exist.

Local verification

# empty tree (this PR)
$ .molecule-ci/scripts/validate-tree.py
filesystem workspace folders : 0
reachable from manifest      : 0
OK — tree is clean         (exit 0)

# cross-tree '..' fixture
CROSS-TREE '..' REFS:
  - parent=bad-parent  path=../orphan-workspace/workspace.yaml
FAIL — see above            (exit 1)

# orphan fixture
ORPHANS (workspace folder exists but no parent claims it):
  - orphan
FAIL — see above            (exit 1)

These fixture results pin: empty tree passes, both violation classes are caught with exit 1.

Hostile self-review (SOP Phase 4)

  • Weakest spot 1: Validator uses os.walk(followlinks=False) — symlinked dirs INSIDE the dev-department repo are not descended. This is intentional (the dev-department is self-contained). Cross-repo symlink composition is the parent template's concern, validated separately by the parent's own CI.
  • Weakest spot 2: The __include__ sentinel approach to !include walking re-implements yaml.SafeLoader behavior; if PyYAML changes how it reports !include tags, the validator could miss includes. Mitigation: an integration smoke test against the actual platform resolveYAMLIncludes Go code is the proper bound — that's molecule-core PR #102's job.
  • Weakest spot 3: The validator doesn't yet validate that role names referenced in category_routing: exist as workspace name: fields anywhere. That's a follow-up — filed as a parked task to add post-extraction.

Refs

  • internal#77 — extraction RFC (Phase 1+2)
  • molecule-core#102 — symlink-resolution test
  • Hongming GO 2026-05-08 ("you own this feature and repos, start")
  • SOP Phase 3b — task #223
## Summary Initial scaffold for `molecule-ai/molecule-dev-department`. Sets up the validator, CI gate, manifest schema, and the README that documents the subtree-contract — but does NOT yet contain any workspace content. The dev-tree extraction with git history is the next PR (Phase 3c-2, task #224). ## What this PR contains - `dev-department.yaml` — root manifest. Same shape as a parent org-template's `org.yaml` (defaults + category_routing + plugin defaults + roots). Empty `roots: []` for the scaffold; populated when content lands. - `.molecule-ci/scripts/validate-tree.py` — orphan / reachability / shape lint (134 lines, stdlib + PyYAML). - `.github/workflows/validate.yml` — Gitea Actions CI gate runs the validator on every PR + push. - `README.md` — explains the subtree contract (filesystem symlink at deploy time, parent template owns the link, this repo is not standalone-importable). - `.gitignore`, `.gitattributes` — `.env` ignored (per-workspace secrets populated at import-time, never committed); LF enforced on shell/Python/YAML. ## Why now Gate the structure BEFORE moving any content. The validator is the contract — landing content first then writing the validator means we'd have to fix the content to match. Land the validator + clean (empty) tree first → CI passes → then content moves are caught the moment they violate the rules. ## Validator behavior Walks `dev-department.yaml → roots → recursive children: + !include` to build the set of workspace folders the manifest reaches. Compares against `os.walk` of the filesystem to find folders containing `workspace.yaml`. Reports four violation classes: 1. **Orphans** — workspace folder exists but no parent claims it. (Hongming Q4: "refactor so there are no orphans by construction.") 2. **Cross-tree `..` refs** — `children:` paths that traverse upward. (Hongming Q3+Q5: atomization rule.) 3. **Duplicate parent claims** — graph not a tree. 4. **Missing workspace.yaml** — workspace folder referenced as child but the file doesn't exist. ## Local verification ``` # empty tree (this PR) $ .molecule-ci/scripts/validate-tree.py filesystem workspace folders : 0 reachable from manifest : 0 OK — tree is clean (exit 0) # cross-tree '..' fixture CROSS-TREE '..' REFS: - parent=bad-parent path=../orphan-workspace/workspace.yaml FAIL — see above (exit 1) # orphan fixture ORPHANS (workspace folder exists but no parent claims it): - orphan FAIL — see above (exit 1) ``` These fixture results pin: empty tree passes, both violation classes are caught with exit 1. ## Hostile self-review (SOP Phase 4) - **Weakest spot 1**: Validator uses `os.walk(followlinks=False)` — symlinked dirs INSIDE the dev-department repo are not descended. This is intentional (the dev-department is self-contained). Cross-repo symlink composition is the parent template's concern, validated separately by the parent's own CI. - **Weakest spot 2**: The `__include__` sentinel approach to `!include` walking re-implements yaml.SafeLoader behavior; if PyYAML changes how it reports `!include` tags, the validator could miss includes. Mitigation: an integration smoke test against the actual platform `resolveYAMLIncludes` Go code is the proper bound — that's molecule-core PR #102's job. - **Weakest spot 3**: The validator doesn't yet validate that role names referenced in `category_routing:` exist as workspace `name:` fields anywhere. That's a follow-up — filed as a parked task to add post-extraction. ## Refs - [internal#77](https://git.moleculesai.app/molecule-ai/internal/issues/77) — extraction RFC (Phase 1+2) - [molecule-core#102](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/102) — symlink-resolution test - Hongming GO 2026-05-08 ("you own this feature and repos, start") - SOP Phase 3b — task #223
claude-ceo-assistant added 1 commit 2026-05-08 03:48:54 +00:00
scaffold(0001): validator + CI gate + dev-department.yaml manifest
All checks were successful
Validate dev-department tree / Validate tree (pull_request) Successful in 49s
Details
a21212d73d 
Initial scaffold for the dev-department subtree repo. No workspace
content yet — that lands in Phase 3c-2 (extract dev tree with git
history from molecule-ai-org-template-molecule-dev).

Files:

- dev-department.yaml      manifest with defaults + category_routing,
                           empty roots: [] (gets populated by extract).
- .molecule-ci/scripts/validate-tree.py
                           orphan / reachability lint. Walks manifest
                           → roots → recursive children + !include,
                           compares against filesystem, reports
                           orphans + cross-tree '..' refs + duplicate
                           parents + missing workspace.yaml. Exits
                           non-zero on any violation. Stdlib only +
                           PyYAML.
- .github/workflows/validate.yml
                           CI gate runs the validator on every PR +
                           push to main/staging. Pinned action SHAs
                           per saved memory feedback_pin_third_party_actions.
- README.md                explains subtree contract: parent template
                           must symlink the dev-department under a
                           short name (e.g. `dev`), workspace
                           files_dir paths inside this repo use the
                           symlink prefix, this repo is NOT directly
                           importable as a standalone org template.
- .gitignore               ignore .env (per-workspace secrets are
                           populated by platform import, never
                           committed).
- .gitattributes           force LF on shell/Python/YAML.

Verified locally:
  - empty tree → "OK — tree is clean", exit 0.
  - cross-tree `..` fixture → exit 1, FAIL with reported violation.
  - orphan fixture → exit 1, FAIL with reported orphan folder.

Refs:
  - internal#77 (extraction RFC, Phase 1+2 done as comment 1886)
  - molecule-core#102 (symlink-resolution contract pinned by tests)
  - Hongming GO 2026-05-08 ("you own this feature and repos, start")
  - SOP Phase 3b — task #223
claude-ceo-assistant merged commit 476b0b9992 into main 2026-05-08 10:53:58 +00:00
claude-ceo-assistant deleted branch scaffold/initial 2026-05-08 10:53:58 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-dev-department#1
No description provided.
Delete Branch "scaffold/initial"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?