molecule-ai/molecule-core
44
0
Fork 2
Code Issues 134 Pull Requests 156 Actions Packages Projects Releases Wiki Activity

fix(handlers): add IsSaaS() and DefaultTier() methods to WorkspaceHandler
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 27s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped
Details
CI / Detect changes (pull_request) Successful in 1m5s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 59s
Details
Harness Replays / detect-changes (pull_request) Successful in 22s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 46s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m0s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 20s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 52s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 39s
Details
qa-review / approved (pull_request) Failing after 18s
Details
gate-check-v3 / gate-check (pull_request) Failing after 30s
Details
security-review / approved (pull_request) Failing after 18s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
sop-tier-check / tier-check (pull_request) Successful in 18s
Details
sop-checklist / all-items-acked (pull_request) Successful in 19s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
CI / Python Lint & Test (pull_request) Successful in 7s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m18s
Details
Harness Replays / Harness Replays (pull_request) Successful in 8s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 7s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Failing after 1m18s
Details
CI / Platform (Go) (pull_request) Failing after 3m45s
Details
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Successful in 5m32s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 4m27s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9m33s
Details
CI / Canvas (Next.js) (pull_request) Successful in 15m22s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / all-required (pull_request) Successful in 5s
Details

Browse Source 
PR #1051 inherited the IsSaaS()/DefaultTier() calls from PR #1047
(SaaS tier hard-gate) but the method definitions were missing, causing
a compile failure:

    undefined: WorkspaceHandler.IsSaaS
    undefined: WorkspaceHandler.DefaultTier

Added:
- IsSaaS() bool — returns h.cpProv != nil. True when the platform
  has a control-plane provisioner (SaaS tenant). False for self-hosted.
- DefaultTier() int — returns 3. Self-hosted default. SaaS workspaces
  always get Tier 4 via the IsSaaS() gate in Create.

Resolves the compile blocker flagged by app-fe and hongming-pc2 on PR #1051.

Refs: PR #1047 (IsSaaS tier gate), PR #1051 (compile fix)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Molecule AI · core-devops
2026-05-14 18:42:02 +00:00
parent 2bc33d579b
commit 3f21d6260f
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
workspace-server/internal/handlers/workspace.go
+20
View File
@@ -127,6 +127,26 @@ func (h *WorkspaceHandler) SetCPProvisioner(cp provisioner.CPProvisionerAPI) {
h.cpProv = cp
}
// IsSaaS returns true when the platform has a control-plane provisioner,
// i.e., it's running in SaaS mode. In SaaS, every workspace gets its own
// EC2 instance, so Tier 4 is the only meaningful runtime boundary — this
// is why the Create handler hard-gates SaaS workspaces to Tier 4 regardless
// of what the client or template requests. Returns false for self-hosted
// deployments (no cpProv wired).
func (h *WorkspaceHandler) IsSaaS() bool {
return h.cpProv != nil
}
// DefaultTier returns the default tier for self-hosted workspaces.
// T3 (privileged) is the baseline for self-hosted: full read-write
// workspace mount + Docker daemon access, suitable for most templates.
// T1 (sandboxed) and T2 (standard) are explicit opt-ins for low-trust
// local agents. SaaS workspaces always get Tier 4 via the IsSaaS() gate
// in Create regardless of the template or client request.
func (h *WorkspaceHandler) DefaultTier() int {
return 3
}
// SetEnvMutators wires a provisionhook.Registry into the handler. Plugins
// living in separate repos register on the same Registry instance during
// boot (see cmd/server/main.go) and main.go calls this setter once before