core-devops
4f4604eabe
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 2s
CI / Template validation (static) (pull_request) Successful in 28s
CI / Template validation (static) (push) Successful in 1m10s
CI / Adapter unit tests (push) Successful in 1m17s
CI / T4 tier-4 conformance (live) (push) Failing after 4s
CI / Adapter unit tests (pull_request) Successful in 1m11s
CI / Template validation (runtime) (pull_request) Successful in 3m41s
CI / Template validation (runtime) (push) Successful in 3m33s
CI / T4 tier-4 conformance (live) (pull_request) Successful in 3m44s
CI / validate (push) Failing after 1s
CI / validate (pull_request) Successful in 1s
Image-side companion to molecule-core PR #1525 (merge_sha 73a09443a086, workspace-server applyAgentGitIdentity). PR #1525 sets GIT_ASKPASS= /usr/local/bin/molecule-askpass on every workspace container so git can authenticate to private HTTPS remotes from the persona env vars already arriving via workspace_secrets — but until this binary ships in the runtime image, git invocations error with 'exec: /usr/local/bin/ molecule-askpass: not found' (forward-only pin gap). This is the same class as Hermes list_peers / codex #219: ws-server changed contract, runtime image hadn't yet caught up. Closing the image-side gap unblocks Dev-A/Dev-B (claude-code runtime) durable HTTPS git auth on any private host. Generic by design — no hardcoded hostnames, no vendor literals. Script body is identical to workspace/scripts/molecule-askpass in molecule-core and the parallel external workspace template repos, so any deployer can fork this template and use it against their own git host without editing.