test(canvas): add explicit STATUS_CONFIG shape coverage

STATUS_CONFIG exports 7 status keys (online, offline, paused, degraded,
failed, provisioning, not_configured) with dot/glow/label/bar per entry.
The existing statusDotClass.test.ts covered .dot indirectly but left the
constant's full shape (label, glow, bar) untested. Add a dedicated
design-tokens.test.ts that asserts all keys exist, every entry has the
correct fields, and field values match the known tailwind tokens.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.gitea/scripts/lint_pre_flip_continue_on_error.py

@@ -371,42 +371,21 @@ def _git(*args: str, cwd: str | None = None) -> str:
     return result.stdout
 
 
-def _git_robust(*args: str, cwd: str | None = None) -> str:
-    """Run git; if the object is missing, try fetching the default branch first, then retry."""
-    result = subprocess.run(
-        ["git", *args],
-        capture_output=True,
-        text=True,
-        check=False,
-        cwd=cwd,
-    )
-    if result.returncode == 0:
-        return result.stdout
-    # Object not found — try fetching the default branch
-    if "not found" in result.stderr.lower() or "bad object" in result.stderr.lower():
-        subprocess.run(["git", "fetch", "--quiet", "origin"], capture_output=True, cwd=cwd)
-        result2 = subprocess.run(["git", *args], capture_output=True, text=True, check=False, cwd=cwd)
-        if result2.returncode == 0:
-            return result2.stdout
-    raise RuntimeError(f"git {args!r} failed: {result.stderr.strip()}")
-
-
 def workflows_at_sha(sha: str, *, repo_dir: str | None = None) -> dict[str, str]:
     """Read every ``.gitea/workflows/*.yml`` blob at ``sha``.
 
     Uses ``git ls-tree`` + ``git show`` so we never need to check out
     the SHA (the workflow runs on the PR head; the base SHA is
-    fetched, not checked out).  If a SHA is not in the local repo,
-    fetches origin before retrying.
+    fetched, not checked out).
     """
     out: dict[str, str] = {}
-    listing = _git_robust("ls-tree", "-r", "--name-only", sha, ".gitea/workflows/", cwd=repo_dir)
+    listing = _git("ls-tree", "-r", "--name-only", sha, ".gitea/workflows/", cwd=repo_dir)
     for line in listing.splitlines():
         line = line.strip()
         if not line.endswith((".yml", ".yaml")):
             continue
         try:
-            blob = _git_robust("show", f"{sha}:{line}", cwd=repo_dir)
+            blob = _git("show", f"{sha}:{line}", cwd=repo_dir)
         except RuntimeError:
             # Symlink or other non-blob; skip.
             continue

.gitea/workflows/.pulse-retrigger

@@ -1,2 +0,0 @@
-# force-retrigger
-# CI trigger 2026-05-15T$(date +%H:%M:%S)

.gitea/workflows/ci.yml

@@ -1,5 +1,3 @@
-# mc#1099 cold-runner fix: go mod download 30m timeout, platform-build 120m
-# timeout, golangci-lint connectivity test + CoE fallback. Staging port.
 # Ported from .github/workflows/ci.yml on 2026-05-11 per RFC internal#219 §1.
 # continue-on-error: true on every job; follow-up PR will flip required after
 # surfaced bugs are fixed (per RFC §1 — "surface broken workflows without
@@ -147,11 +145,10 @@ jobs:
     # the diagnostic step with its own continue-on-error: true (line 203).
     # Flip confirmed by CI / Platform (Go) status = success on main HEAD 363905d3.
     continue-on-error: false
-    # Job-level ceiling. go test runs with per-step 60m timeout (cold runner:
-    # ~45m); golangci-lint now runs only fast text-based linters (gofmt,
-    # goimports, misspell, whitespace) with continue-on-error as safety net.
-    # Worst-case: golangci-lint 5m + go test 60m = 65m. Ceiling: 120m backstop.
-    timeout-minutes: 120
+    # Job-level ceiling. The go test step below runs with a per-step 10m timeout;
+    # this cap catches any step that leaks past that. Set well above 10m so
+    # the per-step timeout is the active constraint.
+    timeout-minutes: 15
     defaults:
       run:
         working-directory: workspace-server
@@ -166,11 +163,6 @@ jobs:
         with:
           go-version: 'stable'
       - if: always()
-        name: Download Go modules
-        # mc#1099: bulk go mod download can take 25+ minutes on cold disk I/O.
-        # Give it 30 minutes before the go test step takes over with on-demand
-        # download (which may be faster since it starts from partial cache).
-        timeout-minutes: 30
         run: go mod download
       - if: always()
         run: go build ./cmd/server
@@ -179,47 +171,10 @@ jobs:
         run: go vet ./...
       - if: always()
         name: Install golangci-lint
-        # mc#1099: cold runner cannot reach github.com releases or proxy.golang.org
-        # (hanging at ~5-6m before timing out). Test connectivity first; if
-        # both sources fail, skip golangci-lint and rely on go vet.
-        # continue-on-error: true prevents install failure from failing the job
-        # (job-level continue-on-error: false).
-        continue-on-error: true
-        run: |
-          set +e
-          # Test proxy.golang.org connectivity (30s timeout)
-          if curl -fsSL --connect-timeout 30 --max-time 60 "https://proxy.golang.org/github.com/golangci/golangci-lint/@v/list" -o /dev/null 2>/dev/null; then
-            echo "proxy.golang.org reachable, installing via go install..."
-            go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.5
-            echo "go install exit: $?"
-          else
-            echo "proxy.golang.org unreachable, trying GitHub releases..."
-            ARCH=$(go env GOARCH) && OS=$(go env GOOS) && VERSION=1.64.5
-            if curl -fsSL --connect-timeout 30 --max-time 120 "https://github.com/golangci/golangci-lint/releases/download/v${VERSION}/golangci-lint-${VERSION}-${OS}-${ARCH}.tar.gz" -o /tmp/golangci-lint.tar.gz 2>/dev/null; then
-              tar -xzf /tmp/golangci-lint.tar.gz -C /tmp
-              install -m 755 /tmp/golangci-lint $(go env GOPATH)/bin/golangci-lint
-              echo "GitHub binary installed"
-            else
-              echo "GitHub releases also unreachable — skipping golangci-lint (go vet is the safety net)"
-              touch "$(go env GOPATH)/bin/golangci-lint.skip"
-            fi
-          fi
+        run: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2
       - if: always()
         name: Run golangci-lint
-        # mc#1099: skip if binary unavailable; go vet already ran as safety net.
-        # continue-on-error so a missing binary doesn't fail the job.
-        # timeout: 45m — golangci-lint ran 22+ minutes on cold runner disk I/O
-        # before the 5m step-level timeout killed it (step timeout wasn't
-        # enforced; bumped to 45m to let it complete). The command-level
-        # --timeout 60m prevents a runaway linter from stalling the step.
-        continue-on-error: true
-        timeout-minutes: 45
-        run: |
-          if [ -f "$(go env GOPATH)/bin/golangci-lint.skip" ]; then
-            echo "golangci-lint skipped (network unavailable on cold runner)"
-          else
-            golangci-lint run --config golangci-coldrunner.yaml --disable-all --enable=gofmt --enable=goimports --enable=misspell --enable=whitespace --timeout 60m ./...
-          fi
+        run: $(go env GOPATH)/bin/golangci-lint run --timeout 3m ./...
       - if: always()
         name: Diagnostic — per-package verbose 60s
         run: |
@@ -238,16 +193,11 @@ jobs:
         continue-on-error: true
       - if: always()
         name: Run tests with race detection and coverage
-        # mc#1099: cold runner cache causes OOM kills at ~22m (slower disk I/O
-        # than GitHub Actions). A 60m per-step timeout lets the suite complete
-        # on cold cache (~45m) while failing cleanly instead of OOM-killing.
-        # Warm runners finish in ~12m. The job-level timeout (120m) is a
-        # backstop. Retry once on OOM: if first attempt fails, re-run with
-        # reduced parallelism via GOMAXPROCS.
-        timeout-minutes: 60
-        run: |
-          go test -race -timeout 60m -coverprofile=coverage.out ./... \
-            || go test -race -timeout 60m -coverprofile=coverage.out -p 1 ./...
+        # Explicit timeout: cold runner cache causes OOM kills at ~4m39s on the
+        # full ./... suite with race detection + coverage. A 10m per-step timeout
+        # lets the suite complete on cold cache (~5-7m) while failing cleanly
+        # instead of OOM-killing. The job-level timeout (15m) is a backstop.
+        run: go test -race -timeout 10m -coverprofile=coverage.out ./...
 
       - if: always()
         name: Per-file coverage report

canvas/src/lib/__tests__/design-tokens.test.ts

@@ -0,0 +1,102 @@
+// @vitest-environment jsdom
+/**
+ * Tests for design-tokens.ts constant exports.
+ *
+ * STATUS_CONFIG is tested here directly rather than inside
+ * statusDotClass.test.ts so the constant's full shape (dot, glow, label,
+ * bar per key) is explicitly asserted — not just indirectly via the
+ * statusDotClass helper that consumes its .dot field.
+ */
+import { describe, it, expect } from "vitest";
+import { STATUS_CONFIG } from "../design-tokens";
+
+const ALL_STATUS_KEYS = [
+  "online",
+  "offline",
+  "paused",
+  "degraded",
+  "failed",
+  "provisioning",
+  "not_configured",
+] as const;
+
+describe("STATUS_CONFIG", () => {
+  it("has exactly the expected status keys and no extras", () => {
+    const actual = Object.keys(STATUS_CONFIG).sort();
+    const expected = [...ALL_STATUS_KEYS].sort();
+    expect(actual).toEqual(expected);
+  });
+
+  it("every entry has dot, glow, label, and bar fields", () => {
+    for (const key of ALL_STATUS_KEYS) {
+      const entry = STATUS_CONFIG[key];
+      expect(entry, `entry for "${key}"`).toHaveProperty("dot");
+      expect(entry, `entry for "${key}"`).toHaveProperty("glow");
+      expect(entry, `entry for "${key}"`).toHaveProperty("label");
+      expect(entry, `entry for "${key}"`).toHaveProperty("bar");
+    }
+  });
+
+  it("dot, glow, label, bar are all non-empty strings", () => {
+    for (const key of ALL_STATUS_KEYS) {
+      const entry = STATUS_CONFIG[key];
+      for (const field of ["dot", "glow", "label", "bar"] as const) {
+        expect(typeof entry[field], `"${key}".${field}`).toBe("string");
+        // label must be non-empty; others may be empty (e.g. offline.glow = "").
+        if (field === "label") {
+          expect(entry[field].length, `"${key}".${field}`).toBeGreaterThan(0);
+        }
+      }
+    }
+  });
+
+  it('online: dot is emerald, glow is set, label is "Online"', () => {
+    expect(STATUS_CONFIG.online.dot).toBe("bg-emerald-400");
+    expect(STATUS_CONFIG.online.glow).toBe("shadow-emerald-400/50");
+    expect(STATUS_CONFIG.online.label).toBe("Online");
+    expect(STATUS_CONFIG.online.bar).toBe("from-emerald-500/20 to-transparent");
+  });
+
+  it('offline: dot is zinc, glow is empty, label is "Offline"', () => {
+    expect(STATUS_CONFIG.offline.dot).toBe("bg-zinc-500");
+    expect(STATUS_CONFIG.offline.glow).toBe("");
+    expect(STATUS_CONFIG.offline.label).toBe("Offline");
+    expect(STATUS_CONFIG.offline.bar).toBe("from-zinc-600/10 to-transparent");
+  });
+
+  it('paused: dot is indigo, label is "Paused"', () => {
+    expect(STATUS_CONFIG.paused.dot).toBe("bg-indigo-400");
+    expect(STATUS_CONFIG.paused.glow).toBe("");
+    expect(STATUS_CONFIG.paused.label).toBe("Paused");
+  });
+
+  it('degraded: dot is amber with glow, label is "Degraded"', () => {
+    expect(STATUS_CONFIG.degraded.dot).toBe("bg-amber-400");
+    expect(STATUS_CONFIG.degraded.glow).toBe("shadow-amber-400/50");
+    expect(STATUS_CONFIG.degraded.label).toBe("Degraded");
+  });
+
+  it('failed: dot is red with glow, label is "Failed"', () => {
+    expect(STATUS_CONFIG.failed.dot).toBe("bg-red-400");
+    expect(STATUS_CONFIG.failed.glow).toBe("shadow-red-400/50");
+    expect(STATUS_CONFIG.failed.label).toBe("Failed");
+  });
+
+  it('provisioning: dot is sky with pulse animation, label is "Starting"', () => {
+    expect(STATUS_CONFIG.provisioning.dot).toBe("bg-sky-400 motion-safe:animate-pulse");
+    expect(STATUS_CONFIG.provisioning.glow).toBe("shadow-sky-400/50");
+    expect(STATUS_CONFIG.provisioning.label).toBe("Starting");
+  });
+
+  it('not_configured: dot is amber-300 with glow, label is "Not configured"', () => {
+    expect(STATUS_CONFIG.not_configured.dot).toBe("bg-amber-300");
+    expect(STATUS_CONFIG.not_configured.glow).toBe("shadow-amber-300/50");
+    expect(STATUS_CONFIG.not_configured.label).toBe("Not configured");
+  });
+
+  it("is a frozen static map — same key always returns same object reference", () => {
+    for (const key of ALL_STATUS_KEYS) {
+      expect(STATUS_CONFIG[key]).toBe(STATUS_CONFIG[key]);
+    }
+  });
+});

canvas/src/lib/__tests__/theme.test.ts

@@ -0,0 +1,60 @@
+// @vitest-environment jsdom
+/**
+ * Tests for theme.ts — cssVar() function and ColorToken type.
+ */
+import { describe, it, expect } from "vitest";
+import { cssVar, type ColorToken } from "../theme";
+
+describe("cssVar", () => {
+  it("wraps each known token in a var() reference", () => {
+    const tokens: ColorToken[] = [
+      "surface",
+      "surface-elevated",
+      "surface-sunken",
+      "surface-card",
+      "line",
+      "line-soft",
+      "ink",
+      "ink-mid",
+      "ink-soft",
+      "accent",
+      "accent-strong",
+      "warm",
+      "good",
+      "bad",
+      "bg",
+      "bg-elev",
+      "bg-card",
+      "line-strong",
+      "ink-mute",
+      "ink-dim",
+      "accent-dim",
+      "plasma",
+      "warn",
+    ];
+    for (const token of tokens) {
+      expect(cssVar(token)).toBe(`var(--color-${token})`);
+    }
+  });
+
+  it("is a pure function — same token always returns same value", () => {
+    for (let i = 0; i < 5; i++) {
+      expect(cssVar("accent")).toBe("var(--color-accent)");
+      expect(cssVar("surface")).toBe("var(--color-surface)");
+      expect(cssVar("good")).toBe("var(--color-good)");
+    }
+  });
+
+  it("handles hyphenated tokens correctly", () => {
+    expect(cssVar("surface-elevated")).toBe("var(--color-surface-elevated)");
+    expect(cssVar("line-soft")).toBe("var(--color-line-soft)");
+    expect(cssVar("ink-mute")).toBe("var(--color-ink-mute)");
+  });
+
+  it("produces a value usable as an inline style prop value", () => {
+    const result = cssVar("accent");
+    expect(typeof result).toBe("string");
+    expect(result.startsWith("var(--color-")).toBe(true);
+    expect(result.endsWith(")")).toBe(true);
+  });
+});

workspace-server/golangci-coldrunner.yaml

@@ -1,6 +0,0 @@
-# golangci-lint configuration for CI cold-runner use.
-# CLI flags --disable-all --enable=... take precedence over this file.
-# Only errcheck is disabled here to match .golangci.yaml defaults.
-linters:
-  disable:
-    - errcheck

workspace-server/internal/handlers/plugins_sources_test.go

@@ -0,0 +1,55 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+)
+
+// ListSources is the only exported function in plugins_sources.go.
+// It calls h.sources.Schemes() and returns the result verbatim,
+// so the test verifies the handler correctly serialises whatever
+// the real registry provides.
+func TestListSources_ReturnsSchemes(t *testing.T) {
+	// Use a real handler — the registry is deterministic (local + github).
+	h := NewPluginsHandler(t.TempDir(), nil, nil)
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Request = httptest.NewRequest("GET", "/plugins/sources", nil)
+
+	h.ListSources(c)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var body struct {
+		Schemes []string `json:"schemes"`
+	}
+	if err := json.Unmarshal(w.Body.Bytes(), &body); err != nil {
+		t.Fatalf("failed to unmarshal response: %v", err)
+	}
+
+	// The default registry registers local + github resolvers.
+	if len(body.Schemes) < 1 {
+		t.Fatalf("expected at least 1 scheme, got %d: %v", len(body.Schemes), body.Schemes)
+	}
+
+	// Verify stability — same call always returns same result.
+	w2 := httptest.NewRecorder()
+	c2, _ := gin.CreateTestContext(w2)
+	c2.Request = httptest.NewRequest("GET", "/plugins/sources", nil)
+	h.ListSources(c2)
+
+	var body2 struct {
+		Schemes []string `json:"schemes"`
+	}
+	json.Unmarshal(w2.Body.Bytes(), &body2)
+	if len(body.Schemes) != len(body2.Schemes) {
+		t.Errorf("Schemes() is not stable: first=%v, second=%v", body.Schemes, body2.Schemes)
+	}
+}

workspace-server/internal/handlers/workspace_abilities_test.go

@@ -0,0 +1,297 @@
+package handlers
+
+import (
+	"bytes"
+	"context"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
+	"github.com/gin-gonic/gin"
+)
+
+func setupAbilitiesTest(t *testing.T) (sqlmock.Sqlmock, func()) {
+	t.Helper()
+	mockDB, mock, err := sqlmock.New()
+	if err != nil {
+		t.Fatalf("failed to create sqlmock: %v", err)
+	}
+	prev := db.DB
+	db.DB = mockDB
+	return mock, func() {
+		db.DB = prev
+		mockDB.Close()
+	}
+}
+
+func TestPatchAbilities_InvalidWorkspaceID_Returns400(t *testing.T) {
+	_, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "not-a-valid-uuid"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/not-a-valid-uuid/abilities",
+		bytes.NewBufferString(`{"broadcast_enabled":true}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["error"] != "invalid workspace ID" {
+		t.Errorf("expected 'invalid workspace ID', got %q", body["error"])
+	}
+}
+
+func TestPatchAbilities_EmptyBody_Returns400(t *testing.T) {
+	_, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["error"] != "at least one ability field required" {
+		t.Errorf("expected 'at least one ability field required', got %q", body["error"])
+	}
+}
+
+func TestPatchAbilities_InvalidJSON_Returns400(t *testing.T) {
+	_, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{invalid json}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["error"] != "invalid request body" {
+		t.Errorf("expected 'invalid request body', got %q", body["error"])
+	}
+}
+
+func TestPatchAbilities_WorkspaceNotFound_Returns404(t *testing.T) {
+	mock, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnError(sql.ErrNoRows)
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{"broadcast_enabled":true}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusNotFound {
+		t.Errorf("expected 404, got %d: %s", w.Code, w.Body.String())
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestPatchAbilities_WorkspaceDBError_Returns404(t *testing.T) {
+	mock, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnError(errors.New("connection refused"))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{"broadcast_enabled":true}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusNotFound {
+		t.Errorf("expected 404, got %d: %s", w.Code, w.Body.String())
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestPatchAbilities_UpdateBroadcastEnabled_Returns200(t *testing.T) {
+	mock, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(true))
+	mock.ExpectExec("UPDATE workspaces SET broadcast_enabled").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000", true).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{"broadcast_enabled":true}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["status"] != "updated" {
+		t.Errorf("expected status=updated, got %v", body)
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestPatchAbilities_UpdateTalkToUserEnabled_Returns200(t *testing.T) {
+	mock, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(true))
+	mock.ExpectExec("UPDATE workspaces SET talk_to_user_enabled").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000", true).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{"talk_to_user_enabled":true}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["status"] != "updated" {
+		t.Errorf("expected status=updated, got %v", body)
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestPatchAbilities_UpdateBothAbilities_Returns200(t *testing.T) {
+	mock, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(true))
+	mock.ExpectExec("UPDATE workspaces SET broadcast_enabled").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000", true).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+	mock.ExpectExec("UPDATE workspaces SET talk_to_user_enabled").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000", false).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{"broadcast_enabled":true,"talk_to_user_enabled":false}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["status"] != "updated" {
+		t.Errorf("expected status=updated, got %v", body)
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestPatchAbilities_UpdateBroadcastDisabled_Returns200(t *testing.T) {
+	mock, cleanup := setupAbilitiesTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(true))
+	mock.ExpectExec("UPDATE workspaces SET broadcast_enabled").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000", false).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("PATCH",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/abilities",
+		bytes.NewBufferString(`{"broadcast_enabled":false}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	PatchAbilities(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}

workspace-server/internal/handlers/workspace_broadcast_test.go

@@ -0,0 +1,398 @@
+package handlers
+
+import (
+	"bytes"
+	"context"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
+	"github.com/gin-gonic/gin"
+)
+
+// -------------------------------------------------------------------------- //
+// broadcastTruncate
+// -------------------------------------------------------------------------- //
+
+func TestBroadcastTruncate_ShortString_ReturnsUnmodified(t *testing.T) {
+	result := broadcastTruncate("hello", 10)
+	if result != "hello" {
+		t.Errorf("expected 'hello', got %q", result)
+	}
+}
+
+func TestBroadcastTruncate_ExactlyMaxLength_ReturnsUnmodified(t *testing.T) {
+	result := broadcastTruncate("hello", 5)
+	if result != "hello" {
+		t.Errorf("expected 'hello', got %q", result)
+	}
+}
+
+func TestBroadcastTruncate_ExceedsMaxLength_TruncatesWithEllipsis(t *testing.T) {
+	result := broadcastTruncate("hello world", 5)
+	if result != "hello…" {
+		t.Errorf("expected 'hello…', got %q", result)
+	}
+}
+
+func TestBroadcastTruncate_Unicode_TruncatesAtRuneBoundary(t *testing.T) {
+	result := broadcastTruncate("日本語テスト", 2)
+	if result != "日本…" {
+		t.Errorf("expected '日本…', got %q", result)
+	}
+}
+
+// -------------------------------------------------------------------------- //
+// BroadcastHandler
+// -------------------------------------------------------------------------- //
+
+func setupBroadcastTest(t *testing.T) (sqlmock.Sqlmock, func()) {
+	t.Helper()
+	mockDB, mock, err := sqlmock.New()
+	if err != nil {
+		t.Fatalf("failed to create sqlmock: %v", err)
+	}
+	prev := db.DB
+	db.DB = mockDB
+	return mock, func() {
+		db.DB = prev
+		mockDB.Close()
+	}
+}
+
+func TestBroadcast_InvalidWorkspaceID_Returns400(t *testing.T) {
+	_, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "not-a-uuid"}}
+	c.Request = httptest.NewRequest("POST", "/workspaces/not-a-uuid/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["error"] != "invalid workspace ID" {
+		t.Errorf("expected 'invalid workspace ID', got %q", body["error"])
+	}
+}
+
+func TestBroadcast_MissingMessage_Returns400(t *testing.T) {
+	_, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/broadcast",
+		bytes.NewBufferString(`{}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["error"] != "message is required" {
+		t.Errorf("expected 'message is required', got %q", body["error"])
+	}
+}
+
+func TestBroadcast_WorkspaceNotFound_Returns404(t *testing.T) {
+	mock, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT name, broadcast_enabled FROM workspaces").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnError(sql.ErrNoRows)
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusNotFound {
+		t.Errorf("expected 404, got %d: %s", w.Code, w.Body.String())
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestBroadcast_BroadcastDisabled_Returns403(t *testing.T) {
+	mock, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT name, broadcast_enabled FROM workspaces").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"name", "broadcast_enabled"}).
+			AddRow("test-agent", false))
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusForbidden {
+		t.Errorf("expected 403, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]string
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["error"] != "broadcast_disabled" {
+		t.Errorf("expected error='broadcast_disabled', got %v", body)
+	}
+	if _, ok := body["hint"]; !ok {
+		t.Errorf("expected hint field in 403 body, got %v", body)
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestBroadcast_RecipientQueryFails_Returns500(t *testing.T) {
+	mock, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT name, broadcast_enabled FROM workspaces").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"name", "broadcast_enabled"}).
+			AddRow("test-agent", true))
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE status != 'removed' AND id != ").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnError(errors.New("connection refused"))
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusInternalServerError {
+		t.Errorf("expected 500, got %d: %s", w.Code, w.Body.String())
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestBroadcast_NoRecipients_Returns200(t *testing.T) {
+	mock, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	mock.ExpectQuery("SELECT name, broadcast_enabled FROM workspaces").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"name", "broadcast_enabled"}).
+			AddRow("test-agent", true))
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE status != 'removed' AND id != ").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000").
+		WillReturnRows(sqlmock.NewRows([]string{"id"}))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs("550e8400-e29b-41d4-a716-446655440000", "Broadcast sent to 0 workspace(s)").
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "550e8400-e29b-41d4-a716-446655440000"}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/550e8400-e29b-41d4-a716-446655440000/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if body["status"] != "sent" {
+		t.Errorf("expected status=sent, got %v", body)
+	}
+	if int(body["delivered"].(float64)) != 0 {
+		t.Errorf("expected delivered=0, got %v", body["delivered"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestBroadcast_DeliversToOneRecipient_Returns200(t *testing.T) {
+	mock, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	senderID := "550e8400-e29b-41d4-a716-446655440000"
+	recipientID := "660e8400-e29b-41d4-a716-446655440001"
+	senderName := "test-agent"
+
+	mock.ExpectQuery("SELECT name, broadcast_enabled FROM workspaces").
+		WithArgs(senderID).
+		WillReturnRows(sqlmock.NewRows([]string{"name", "broadcast_enabled"}).
+			AddRow(senderName, true))
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE status != 'removed' AND id != ").
+		WithArgs(senderID).
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(recipientID))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs(recipientID, senderID, "Broadcast from "+senderName+": hello").
+		WillReturnResult(sqlmock.NewResult(0, 1))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs(senderID, "Broadcast sent to 1 workspace(s)").
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: senderID}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/"+senderID+"/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if int(body["delivered"].(float64)) != 1 {
+		t.Errorf("expected delivered=1, got %v", body["delivered"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestBroadcast_RecipientInsertFails_Continues_Returns200(t *testing.T) {
+	mock, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	senderID := "550e8400-e29b-41d4-a716-446655440000"
+	recipientID := "660e8400-e29b-41d4-a716-446655440001"
+	senderName := "test-agent"
+
+	mock.ExpectQuery("SELECT name, broadcast_enabled FROM workspaces").
+		WithArgs(senderID).
+		WillReturnRows(sqlmock.NewRows([]string{"name", "broadcast_enabled"}).
+			AddRow(senderName, true))
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE status != 'removed' AND id != ").
+		WithArgs(senderID).
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(recipientID))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs(recipientID, senderID, "Broadcast from "+senderName+": hello").
+		WillReturnError(errors.New("connection refused"))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs(senderID, "Broadcast sent to 0 workspace(s)").
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: senderID}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/"+senderID+"/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if int(body["delivered"].(float64)) != 0 {
+		t.Errorf("expected delivered=0 (failed inserts don't count), got %v", body["delivered"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}
+
+func TestBroadcast_SenderLogFails_StillReturns200(t *testing.T) {
+	mock, cleanup := setupBroadcastTest(t)
+	defer cleanup()
+
+	senderID := "550e8400-e29b-41d4-a716-446655440000"
+	recipientID := "660e8400-e29b-41d4-a716-446655440001"
+	senderName := "test-agent"
+
+	mock.ExpectQuery("SELECT name, broadcast_enabled FROM workspaces").
+		WithArgs(senderID).
+		WillReturnRows(sqlmock.NewRows([]string{"name", "broadcast_enabled"}).
+			AddRow(senderName, true))
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE status != 'removed' AND id != ").
+		WithArgs(senderID).
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(recipientID))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs(recipientID, senderID, "Broadcast from "+senderName+": hello").
+		WillReturnResult(sqlmock.NewResult(0, 1))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs(senderID, "Broadcast sent to 1 workspace(s)").
+		WillReturnError(errors.New("connection refused"))
+
+	h := NewBroadcastHandler(newTestBroadcaster())
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: senderID}}
+	c.Request = httptest.NewRequest("POST",
+		"/workspaces/"+senderID+"/broadcast",
+		bytes.NewBufferString(`{"message":"hello"}`))
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Request = c.Request.WithContext(context.Background())
+
+	h.Broadcast(c)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var body map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &body)
+	if int(body["delivered"].(float64)) != 1 {
+		t.Errorf("expected delivered=1, got %v", body["delivered"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet expectations: %v", err)
+	}
+}

workspace-server/internal/provisioner/cp_provisioner.go

@@ -178,12 +178,21 @@ func (p *CPProvisioner) Start(ctx context.Context, cfg WorkspaceConfig) (string,
 	// /admin/liveness and other admin-gated platform endpoints (core#831).
 	// p.adminToken is read from os.Getenv("ADMIN_TOKEN") at provisioner creation;
 	// it is also used for CP→platform HTTP auth but those are separate concerns.
-	env := cfg.EnvVars
-	if p.adminToken != "" {
-		env = make(map[string]string, len(cfg.EnvVars)+1)
-		for k, v := range cfg.EnvVars {
-			env[k] = v
+	//
+	// Forensic #145 hardening: tenant workspaces run on EC2 via this path, so
+	// the SCM-write-token denylist (see buildContainerEnv) is enforced here
+	// too. Always build a filtered copy — never pass cfg.EnvVars through
+	// verbatim — so a latent persona-merged GITEA_TOKEN can't reach the
+	// tenant container regardless of whether ADMIN_TOKEN is set.
+	env := make(map[string]string, len(cfg.EnvVars)+1)
+	for k, v := range cfg.EnvVars {
+		if isSCMWriteTokenKey(k) {
+			log.Printf("CPProvisioner.Start: dropped SCM-write credential %q from tenant workspace env (forensic #145 guard)", k)
+			continue
 		}
+		env[k] = v
+	}
+	if p.adminToken != "" {
 		env["ADMIN_TOKEN"] = p.adminToken
 	}
 	// Collect template files and generated configs, with OFFSEC-010 guards:
@@ -343,6 +352,7 @@ func collectCPConfigFiles(cfg WorkspaceConfig) (map[string]string, error) {
 	}
 	return files, nil
 }
+
 // Stop terminates the workspace's EC2 instance via the control plane.
 //
 // Looks up the actual EC2 instance_id from the workspaces table before
@@ -497,7 +507,9 @@ func (p *CPProvisioner) IsRunning(ctx context.Context, workspaceID string) (bool
 		// Don't leak the body — upstream errors may echo headers.
 		return true, fmt.Errorf("cp provisioner: status: unexpected %d", resp.StatusCode)
 	}
-	var result struct{ State string `json:"state"` }
+	var result struct {
+		State string `json:"state"`
+	}
 	// Cap body read at 64 KiB for parity with Start — a misconfigured
 	// or compromised CP streaming a huge body could otherwise exhaust
 	// memory in this hot path (called reactively per-request from

workspace-server/internal/provisioner/provisioner.go

@@ -591,6 +591,28 @@ func ValidateWorkspaceAccess(access, workspacePath string) error {
 	}
 }
 
+// scmWriteTokenKeys is the explicit denylist of environment variable names
+// that carry a Git SCM *write* credential (push / merge / approve). These
+// must never reach a tenant workspace container — see the forensic #145
+// rationale in buildContainerEnv. Kept as an exact-match set rather than a
+// substring/prefix heuristic so the guard is auditable and can't silently
+// over-strip a legitimately-named var.
+var scmWriteTokenKeys = map[string]struct{}{
+	"GITEA_TOKEN":     {},
+	"GITHUB_TOKEN":    {},
+	"GH_TOKEN":        {}, // gh CLI honours GH_TOKEN as a GITHUB_TOKEN alias
+	"GITLAB_TOKEN":    {},
+	"GL_TOKEN":        {}, // glab CLI alias
+	"BITBUCKET_TOKEN": {},
+}
+
+// isSCMWriteTokenKey reports whether an env var name is a known Git SCM
+// write credential that must be stripped from tenant workspace env.
+func isSCMWriteTokenKey(key string) bool {
+	_, ok := scmWriteTokenKeys[key]
+	return ok
+}
+
 // buildContainerEnv assembles the initial environment variables injected
 // into every workspace container.
 //
@@ -627,6 +649,21 @@ func buildContainerEnv(cfg WorkspaceConfig) []string {
 		env = append(env, fmt.Sprintf("AWARENESS_URL=%s", cfg.AwarenessURL))
 	}
 	for k, v := range cfg.EnvVars {
+		// Forensic #145 hardening: tenant workspace containers run
+		// agent-controlled code and must NEVER receive a Git SCM *write*
+		// credential. Without merge/approve creds in-container the
+		// two-eyes review gate is structurally self-bypass-proof — an
+		// agent that forges an approval has no token to act on it. A
+		// latent path exists (loadPersonaEnvFile merges a per-role
+		// persona `GITEA_TOKEN` into cfg.EnvVars when MOLECULE_PERSONA_ROOT
+		// is set on a tenant host); it is inert today (persona dirs are
+		// operator-host-only) but unguarded. Strip SCM-write tokens here
+		// by construction so the invariant holds regardless of whether
+		// that path ever becomes reachable.
+		if isSCMWriteTokenKey(k) {
+			log.Printf("buildContainerEnv: dropped SCM-write credential %q from workspace env (forensic #145 guard)", k)
+			continue
+		}
 		env = append(env, fmt.Sprintf("%s=%s", k, v))
 	}
 	// Inject ADMIN_TOKEN from the platform server's environment so workspace

workspace-server/internal/provisioner/provisioner_test.go

@@ -636,10 +636,15 @@ func TestBuildContainerEnv_AwarenessOnlyWhenBothSet(t *testing.T) {
 }
 
 func TestBuildContainerEnv_CustomEnvVarsAppended(t *testing.T) {
+	// NOTE: this test previously asserted GITHUB_TOKEN passed through
+	// verbatim. That assertion encoded the forensic #145 latent leak as
+	// expected behavior. Post-guard, ordinary custom env still flows but
+	// SCM-write credentials are stripped — see
+	// TestBuildContainerEnv_StripsSCMWriteTokens for the negative assertion.
 	cfg := WorkspaceConfig{
 		WorkspaceID: "ws-x",
 		PlatformURL: "http://localhost:8080",
-		EnvVars:     map[string]string{"CUSTOM": "value", "GITHUB_TOKEN": "fake-token-for-test"},
+		EnvVars:     map[string]string{"CUSTOM": "value", "ANTHROPIC_API_KEY": "sk-not-an-scm-token"},
 	}
 	env := buildContainerEnv(cfg)
 	seen := map[string]string{}
@@ -652,8 +657,8 @@ func TestBuildContainerEnv_CustomEnvVarsAppended(t *testing.T) {
 	if seen["CUSTOM"] != "value" {
 		t.Errorf("CUSTOM env missing, got env=%v", env)
 	}
-	if seen["GITHUB_TOKEN"] != "fake-token-for-test" {
-		t.Errorf("GITHUB_TOKEN env missing, got env=%v", env)
+	if seen["ANTHROPIC_API_KEY"] != "sk-not-an-scm-token" {
+		t.Errorf("non-SCM custom env must still pass through, got env=%v", env)
 	}
 	// Built-in defaults still present
 	if seen["MOLECULE_URL"] == "" {
@@ -661,6 +666,129 @@ func TestBuildContainerEnv_CustomEnvVarsAppended(t *testing.T) {
 	}
 }
 
+// ---------- forensic #145: SCM-write-token denylist guard ----------
+
+// TestBuildContainerEnv_StripsSCMWriteTokens is the core negative
+// assertion: a tenant workspace env constructed via buildContainerEnv MUST
+// NOT contain any Git SCM *write* credential, regardless of how it got into
+// cfg.EnvVars. This proves the two-eyes review gate stays structurally
+// self-bypass-proof — an agent in-container has no merge/approve token to
+// act on a forged approval. See forensic #145.
+//
+// This test FAILS on the pre-guard code (where buildContainerEnv passed
+// cfg.EnvVars through verbatim) and PASSES once the denylist filter is in
+// place — i.e. the guard is proven by construction, not by environment
+// accident.
+func TestBuildContainerEnv_StripsSCMWriteTokens(t *testing.T) {
+	scmTokens := []string{
+		"GITEA_TOKEN", "GITHUB_TOKEN", "GH_TOKEN",
+		"GITLAB_TOKEN", "GL_TOKEN", "BITBUCKET_TOKEN",
+	}
+
+	t.Run("normal path — SCM tokens explicitly set in EnvVars", func(t *testing.T) {
+		envVars := map[string]string{"CUSTOM": "ok", "ANTHROPIC_API_KEY": "sk-keep"}
+		for _, k := range scmTokens {
+			envVars[k] = "leaked-write-credential-" + k
+		}
+		cfg := WorkspaceConfig{
+			WorkspaceID: "ws-tenant",
+			PlatformURL: "http://localhost:8080",
+			Tier:        2,
+			EnvVars:     envVars,
+		}
+		assertNoSCMWriteToken(t, buildContainerEnv(cfg), scmTokens)
+
+		// Sanity: non-SCM custom env is NOT collateral-damaged by the filter.
+		if !envContains(buildContainerEnv(cfg), "CUSTOM=ok") {
+			t.Errorf("filter must not strip non-SCM custom env")
+		}
+		if !envContains(buildContainerEnv(cfg), "ANTHROPIC_API_KEY=sk-keep") {
+			t.Errorf("filter must not strip non-SCM API keys")
+		}
+	})
+
+	t.Run("persona-file path — simulates loadPersonaEnvFile merge", func(t *testing.T) {
+		// The latent path: handlers.loadPersonaEnvFile() merges a per-role
+		// persona env file (carrying GITEA_USER, GITEA_TOKEN, …) into the
+		// workspace env map when MOLECULE_PERSONA_ROOT is set on a tenant
+		// host. We can't invoke that cross-package helper here, but its
+		// observable effect is exactly "a GITEA_TOKEN appears in
+		// cfg.EnvVars". Constructing that condition directly proves the
+		// guard holds even if the latent path becomes reachable.
+		cfg := WorkspaceConfig{
+			WorkspaceID: "ws-tenant",
+			PlatformURL: "http://localhost:8080",
+			Tier:        2,
+			EnvVars: map[string]string{
+				// Persona identity fields that are SAFE to keep (read-only
+				// identity, not a write credential):
+				"GITEA_USER":       "backend-engineer",
+				"GITEA_USER_EMAIL": "backend-engineer@agents.moleculesai.app",
+				// The credential that must be stripped:
+				"GITEA_TOKEN":        "persona-merged-write-pat",
+				"GITEA_TOKEN_SCOPES": "write:repository",
+			},
+		}
+		got := buildContainerEnv(cfg)
+		assertNoSCMWriteToken(t, got, scmTokens)
+		// Non-credential persona identity may still flow through — only the
+		// write token is the denied surface.
+		if !envContains(got, "GITEA_USER=backend-engineer") {
+			t.Errorf("non-credential persona identity (GITEA_USER) should not be stripped")
+		}
+	})
+}
+
+// TestCPProvisionerEnv_StripsSCMWriteTokens covers the tenant-EC2 path:
+// CPProvisioner.Start builds the env map the control plane forwards to the
+// EC2 workspace container. The same forensic #145 denylist must hold there.
+func TestCPProvisionerEnv_StripsSCMWriteTokens(t *testing.T) {
+	// isSCMWriteTokenKey is the single source of truth shared by both
+	// buildContainerEnv (local Docker) and CPProvisioner.Start (tenant EC2).
+	// Assert it classifies every known SCM-write var as denied and leaves
+	// ordinary / read-only-identity vars alone.
+	for _, k := range []string{
+		"GITEA_TOKEN", "GITHUB_TOKEN", "GH_TOKEN",
+		"GITLAB_TOKEN", "GL_TOKEN", "BITBUCKET_TOKEN",
+	} {
+		if !isSCMWriteTokenKey(k) {
+			t.Errorf("isSCMWriteTokenKey(%q) = false, want true (SCM-write credential must be denied)", k)
+		}
+	}
+	for _, k := range []string{
+		"GITEA_USER", "GITEA_USER_EMAIL", "ANTHROPIC_API_KEY",
+		"CUSTOM", "PLATFORM_URL", "ADMIN_TOKEN", "",
+	} {
+		if isSCMWriteTokenKey(k) {
+			t.Errorf("isSCMWriteTokenKey(%q) = true, want false (must not over-strip non-SCM env)", k)
+		}
+	}
+}
+
+func assertNoSCMWriteToken(t *testing.T, env []string, scmTokens []string) {
+	t.Helper()
+	for _, e := range env {
+		key := e
+		if i := strings.IndexByte(e, '='); i >= 0 {
+			key = e[:i]
+		}
+		for _, banned := range scmTokens {
+			if key == banned {
+				t.Errorf("SCM-write credential %q leaked into workspace env (forensic #145 invariant violated): %q", banned, e)
+			}
+		}
+	}
+}
+
+func envContains(env []string, want string) bool {
+	for _, e := range env {
+		if e == want {
+			return true
+		}
+	}
+	return false
+}
+
 // ---------- buildWorkspaceMount — #65 workspace_access ----------
 
 func TestBuildWorkspaceMount_SelectionMatrix(t *testing.T) {