b1c623210c
Merge pull request 'feat(prod-deploy): tolerate a quarantined straggler minority in the fleet rollout' (#2484) from fix/deploy-straggler-tolerance into main
675ab9df83
Merge pull request 'fix(canvas): envelope flies dot→dot with a grow-then-shrink arc' (#2472) from fix/envelope-anchor-dot-and-scale into main
Independent review — APPROVE
APPROVED on bde3248d2d02ec03fa868d41968cd71a82c994e5 — rebased onto clean main (earlier red was a clobbered base from a cross-branch cp; now purely additive, full handlers suite green locally).
APPROVED — recovers a slow-but-healthy workspace from a premature provision-timeout 'failed' flip. Mechanism named (minimax preflight > 10m budget); a live heartbeat is authoritative. Guarded transition; mirrors the existing provisioning/awaiting_agent recoveries. Tested.
APPROVED — round-trips compute.provider + data_persistence in GET (were forwarded but dropped from serialization). Makes the core#2404 provider badge functional. Omit-when-empty preserves byte-identical output for existing rows (exact-JSON test unchanged). 2 new regression tests green.
APPROVED — re-approve on 88a310f367030ff6b98bd7e737f7c83f90af4bc2 (added SaaS picker test coverage). Build + vitest green.
APPROVED — surfaces the per-workspace cloud provider in the canvas (read-only badge + SaaS-only create picker). Backend already supports compute.provider end-to-end; this is the UI layer. Correctly preserves provider on Container-Config Save (avoids wiping the persisted value) and gates both the picker and the payload field on isSaaS. Build + full vitest green.
Pin runtime 0.3.10 (cross-cloud fix #96). One-line .runtime-version bump.
Version bump 0.3.9→0.3.10 to publish #96 (cross-cloud fix). Trivial.
Small, safe, unit-tested: resolve_workspace_url prefers a platform-injected MOLECULE_WORKSPACE_URL (verbatim) else the existing HOSTNAME/ip fallback — same-cloud workspaces unchanged. Fixes the cross-cloud register-400 (runtime#95). CI green.
Workflow-only fix: provenance/sbom off so buildx pushes a plain manifest ECR surfaces (vs the OCI index that left the fresh repo empty). Correct + minimal. Approving.
Confirmed root cause: double-strip dropped the molecule-ai/ namespace so describe/create != push target; build+smoke already proven to pass in the failed run. One-line fix (strip host only) + repo pre-created. Approving.
Independent review confirmed: re-homes 3b into this repos existing publish pipeline (reuses ECR creds + runners, no new secret); Dockerfile FROM the just-pushed base, Node 20 pinned, molecule-mcp from the anonymous org npm registry on PATH; publish decoupled from activation (no auto-promote); only 2 new/append files, no config/providers change. Substantive CI green; providers-projection drift is pre-existing on main (non-required). Approving.
Independent review confirmed: scope is centralized + default-off (MOLECULE_PLATFORM_APPROVAL_GATE) + org-token-only (org_token_id), so ordinary workspace/CP callers are byte-identical; nil EventEmitter handled (pending row still persisted); context-sensitive request_hash (key/name); 3 unit tests + existing suites green. Approving.
Independent review confirmed: install op idempotently makes the platform agent the org root, re-parents the existing root, and migrates the 2 org-anchor tables (org_api_tokens + org_plugin_allowlist) in one tx; real-PG integration test proves re-parent + anchor migration + orgRootID/sameOrg resolution + idempotency; allowlisted in the bulk-INSERT guard. Required checks green. Approving.
Independent review confirmed: race-safe consume via FOR UPDATE SKIP LOCKED, dedup via conditional INSERT, context-isolated request_hash, best-effort broadcast, infra-only (no live wiring). Real-PG integration proves the full single-use cycle. Approving.
Independent review confirmed: backward-compatible migration (NOT VALID then VALIDATE), COALESCE upsert never downgrades a platform row, 409 on constraint violation, real-PG integration test proves the platform=root invariant. Build+tests green. Approving.