MoltenHub Code is a small Go harness that runs Codex against one or more repositories, opens PRs, and waits for required checks. It supports single runs, parallel local runs, and a persistent MoltenHub listener with a local monitoring UI.
For each run:
- Verifies required tools (
git,gh,codex) and GitHub auth. - Creates an isolated workspace (
/dev/shm/temp/<guid>, fallback/tmp/temp/<guid>). - Seeds
AGENTS.mdfromlibrary/AGENTS.md. - Clones configured repos and checks out
base_branch. - Runs Codex in
target_subdir(or workspace root for multi-repo runs). - For changed repos:
- If
base_branchismain, creates amoltenhub-*branch. - Otherwise reuses the existing non-
mainbranch.
- If
- Creates or reuses PRs with
moltenhub-*titles. - Watches required CI checks and performs remediation retries when checks fail.
If a task fails, no PR is created for that run, and the workspace path is logged.
Build:
go build -o bin/harness ./cmd/harnessBuild a container image:
docker build -t moltenhub-code:latest .GitHub Actions publish flow:
deploy-vnextruns automatically on pushes tomain(including PR merges) and publishes:moltenai/moltenhub-code:vnextmoltenai/moltenhub-code:<yyyy.mm.dd.run_number>(example:2026.04.04.5)
deploy-prodis manual-only (workflow_dispatch) and promotes a selected source tag (defaultvnext) tomoltenai/moltenhub-code:latestwithout rebuilding- required repository secret:
DOCKERHUB_TOKEN
Run with PAT auth via GITHUB_TOKEN:
docker run --rm -it \
-e GITHUB_TOKEN=ghp_xxx \
-v "$PWD:/workspace" \
-w /workspace \
moltenhub-code:latest \
harness run --config templates/run.example.jsonContainer startup pre-registers auth before any Codex stage:
- maps
GITHUB_TOKENtoGH_TOKENforghcommands - runs
gh auth statusandgh auth setup-git - configures GitHub URL rewrites so
git@github.com:*andssh://git@github.com/*can use PAT-backed HTTPS
Single run:
./bin/harness run --config templates/run.example.jsonParallel local runs:
./bin/harness multiplex --config ./tasks --parallel 4Hub listener:
./bin/harness hub --init templates/init.example.jsonHub mode starts a local monitor UI by default at http://127.0.0.1:7777.
The local prompt panel defaults to a schema builder that stores requested repositories in browser local storage and reuses them as a repo picker. Raw JSON mode remains available for advanced or multi-repo payloads.
Automatic mode is available as a runtime flag and hides the browser-local prompt form entirely:
./bin/harness hub --init templates/init.example.json --ui-automaticOverride or disable:
./bin/harness hub --init templates/init.example.json --ui-listen :8088
./bin/harness hub --init templates/init.example.json --ui-listen ""Required:
- one of
promptorlibrary_task_name - one of
repo,repo_url, orrepos
Common optional fields:
base_branch(defaultmain)branch(alias forbase_branch, mainly for library-backed skill calls)target_subdir(default.)commit_messagepr_title(auto-prefixed withmoltenhub-)pr_bodylabelsgithub_handle(single GitHub reviewer alias; mapped to PR reviewer)reviewers
Example: templates/run.example.json
Library-backed runs can also use:
{
"repo": "git@github.com:acme/target-repo.git",
"branch": "main",
"library_task_name": "unit-test-coverage"
}Key fields:
base_url(defaulthttps://na.hub.molten.bot/v1)bind_tokenoragent_tokensession_key(defaultmain)profile.*skill.*dispatcher.*(adaptive worker parallelism)
Example: templates/init.example.json
Runtime logs are mirrored to .log:
- aggregate stream:
.log/terminal.log - per task/request stream:
.log/<identifier parts>/terminal.log
When a task fails (local or hub-dispatched), the harness queues a follow-up local task that:
- includes relevant failing log paths in prompt context
- uses run config shape:
{"repos":["git@github.com:jefking/moltenhub-code.git"],"base_branch":"main","target_subdir":".","prompt":"..."} - asks for root-cause fixes (not superficial bandaids)
0success2usage error10config error20preflight/tooling error21auth error30workspace error40clone error50Codex execution error60git workflow error70PR/checks error
go test ./...