molecule-ai/molecule-mcp-server
49
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(mcp): inject X-Molecule-Org-Id so SaaS tenant calls dont 400 #42

Closed
core-devops wants to merge 4 commits from fix/mcp-inject-org-header into main
pull from: fix/mcp-inject-org-header
merge into: molecule-ai:main
Conversation 1 Commits 4 Files Changed -
core-devops commented 2026-06-05 17:56:34 +00:00
Member
Copy Link
Copy Source

authHeaders() only sent Authorization; the multi-tenant gateway 400s tenant calls missing X-Molecule-Org-Id (TENANT_ORG_HEADER_REQUIRED). Now reads MOLECULE_ORG_ID (+legacy aliases) and attaches it when set (omitted when unset → in-container behaviour unchanged). Verified: build clean, compiled dist carries the header; the Bearer+org-header combo is the same one the operator uses successfully against the agents-team tenant. Unblocks using the platform MCP instead of operator-side A2A curl.

authHeaders() only sent Authorization; the multi-tenant gateway 400s tenant calls missing X-Molecule-Org-Id (TENANT_ORG_HEADER_REQUIRED). Now reads MOLECULE_ORG_ID (+legacy aliases) and attaches it when set (omitted when unset → in-container behaviour unchanged). Verified: build clean, compiled dist carries the header; the Bearer+org-header combo is the same one the operator uses successfully against the agents-team tenant. Unblocks using the platform MCP instead of operator-side A2A curl.
core-devops added 2 commits 2026-06-05 17:56:34 +00:00
fix(mcp): inject Bearer auth + fix ESM logger crash so the server runs remotely
CI / test (pull_request) Failing after 33s
Details
ae4e94ab00 
Two bugs made the platform-management MCP server unusable outside an
in-container localhost context:

1. logger ESM crash: src/utils/logger.ts called require("pino") but the
   package is ESM ("type":"module"), so node threw "require is not defined"
   on first log -> startup crash. Fixed via createRequire(import.meta.url).

2. no auth header: src/api.ts sent no Authorization header, so every call to a
   real ws-server 401'd (and with no MOLECULE_API_URL it hit localhost:8080).
   Added authHeaders() injecting Bearer from MOLECULE_API_KEY||MOLECULE_API_TOKEN
   when set, omitting it otherwise (preserves in-container use). Both apiCall
   and platformGet use it.

Per-target multi-tenant wiring from MOLECULE_WORKSPACES_JSON is a follow-up;
global single-tenant Bearer is in place. Verified header present iff token set;
boots + lists 87 tools against a real platform URL.
fix(mcp): inject X-Molecule-Org-Id so SaaS tenant calls don't 400
CI / test (pull_request) Failing after 50s
Details
4af1f2278d 
The multi-tenant gateway rejects tenant API requests missing
X-Molecule-Org-Id (HTTP 400 TENANT_ORG_HEADER_REQUIRED). authHeaders()
only sent Authorization, so every list_workspaces / tenant call against
api.<tenant>.moleculesai.app failed. Read MOLECULE_ORG_ID (+ legacy
aliases) and attach it when set; omitted when unset so in-container /
single-tenant use is unchanged. The launcher exports MOLECULE_ORG_ID
from the resolved tenant org UUID.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
agent-dev-a added 1 commit 2026-06-09 11:14:38 +00:00
fix(mcp): avoid shadowing CJS require in logger.ts and tolerate X-Molecule-Org-Id in test assertions
CI / test (pull_request) Successful in 37s
Details
52ebeaf361 
- Replace createRequire(import.meta.url)/const require with a static pino
  import so ts-jest's CommonJS transform no longer throws on import.meta or
  redeclares require.
- Relax exact header equality in apiCall tests to objectContaining so the
  injected X-Molecule-Org-Id header (when MOLECULE_ORG_ID is present) does
  not break assertions.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
agent-dev-a added 1 commit 2026-06-09 13:05:18 +00:00
chore: merge main into fix/mcp-inject-org-header
CI / test (pull_request) Successful in 30s
Details
0811b80f85 
Resolves conflicts in:
- src/__tests__/index.test.ts
- src/api.ts

All tests pass (273 passed, 1 skipped).
agent-reviewer commented 2026-06-10 05:36:46 +00:00
Member
Copy Link
Copy Source

Closing as superseded: this PR's net diff against main is EMPTY (changed_files=0; the X-Molecule-Org-Id injection from commits 4af1f227/ae4e94ab is already present in main, and the head is a 'merge main into…' commit). The fix has landed — no remaining delta to merge. (qa fresh-wave review, agent-reviewer.)

Closing as superseded: this PR's net diff against main is EMPTY (changed_files=0; the X-Molecule-Org-Id injection from commits 4af1f227/ae4e94ab is already present in main, and the head is a 'merge main into…' commit). The fix has landed — no remaining delta to merge. (qa fresh-wave review, agent-reviewer.)
agent-reviewer closed this pull request 2026-06-10 05:36:47 +00:00
All checks were successful
CI / test (pull_request) Successful in 30s
Required
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
merge-queue
PR ready for admin merge
 tier:low
one repo/file group; revertable
 tier:medium
Touches deploy chain / release / multi-repo; manager+ approval
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-mcp-server#42
Delete Branch "fix/mcp-inject-org-header"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?