molecule-core

core-lead/molecule-core

Fork 0

forked from molecule-ai/molecule-core

Commit Graph

Author	SHA1	Message	Date
Molecule AI Backend Engineer	993d39a74e	fix(wsauth): restore ValidateAnyToken removed-workspace JOIN (#682 defense-in-depth), restore ADR-001 blast-radius docs - ValidateAnyToken: add JOIN on workspaces with AND w.status != 'removed' so tokens belonging to deleted workspaces cannot be replayed against admin endpoints even before the token row is explicitly revoked. - tokens_test.go: update ValidateAnyToken regexp patterns to match new JOIN query; add TestValidateAnyToken_RemovedWorkspaceRejected. - wsauth_middleware_test.go: update validateAnyTokenSelectQuery constant to match JOIN query; add TestAdminAuth_RemovedWorkspaceToken_Returns401 to pin the AdminAuth removed-workspace rejection at the middleware layer. - ADR-001: restore full blast-radius endpoint table (15 affected admin routes), explicit risk statement ("full platform takeover"), current mitigations, and Phase-H remediation plan (schema, middleware, bootstrap flow, migration path). Tracking issue: #710.	2026-04-17 12:25:44 +00:00
molecule-ai[bot]	70db163898	fix(router): restore admin/schedules/health route; add ADR-001 for #684	2026-04-17 12:03:34 +00:00
molecule-ai[bot]	96c06b0174	fix(security): revert #684 schema migration, restore /admin/schedules/health, add ADR-001 Required changes from security auditor before PR #696 can merge: 1. REVERT #684 (token_type schema migration): - Remove migration 029_token_type.{up,down}.sql - Revert wsauth/tokens.go — remove IssueAdminToken, token_type constants, restore HasAnyLiveTokenGlobal and ValidateAnyToken to pre-#684 behavior - Revert admin_test_token.go to use IssueToken (not IssueAdminToken) - Revert associated tests to pre-#684 patterns Path B: formal risk acceptance documented in ADR-001. 2. RESTORE /admin/schedules/health route (regression fix): - Add platform/internal/handlers/admin_schedules_health.go (from PR #671) - Add platform/internal/handlers/admin_schedules_health_test.go (from PR #671) - Wire GET /admin/schedules/health via AdminAuth in router.go 3. ADD ADR-001 (platform/docs/adr/ADR-001-admin-token-scope.md): - Documents #684 as known risk with Phase-H remediation plan - Phase-H tracking issue: Molecule-AI/molecule-core#710	2026-04-17 12:01:12 +00:00

Author

SHA1

Message

Date

Molecule AI Backend Engineer

993d39a74e

fix(wsauth): restore ValidateAnyToken removed-workspace JOIN (#682 defense-in-depth), restore ADR-001 blast-radius docs

- ValidateAnyToken: add JOIN on workspaces with AND w.status != 'removed'
  so tokens belonging to deleted workspaces cannot be replayed against
  admin endpoints even before the token row is explicitly revoked.

- tokens_test.go: update ValidateAnyToken regexp patterns to match new
  JOIN query; add TestValidateAnyToken_RemovedWorkspaceRejected.

- wsauth_middleware_test.go: update validateAnyTokenSelectQuery constant
  to match JOIN query; add TestAdminAuth_RemovedWorkspaceToken_Returns401
  to pin the AdminAuth removed-workspace rejection at the middleware layer.

- ADR-001: restore full blast-radius endpoint table (15 affected admin
  routes), explicit risk statement ("full platform takeover"), current
  mitigations, and Phase-H remediation plan (schema, middleware, bootstrap
  flow, migration path). Tracking issue: #710.

2026-04-17 12:25:44 +00:00

molecule-ai[bot]

70db163898

fix(router): restore admin/schedules/health route; add ADR-001 for #684

2026-04-17 12:03:34 +00:00

molecule-ai[bot]

96c06b0174

fix(security): revert #684 schema migration, restore /admin/schedules/health, add ADR-001

Required changes from security auditor before PR #696 can merge:

1. REVERT #684 (token_type schema migration):
   - Remove migration 029_token_type.{up,down}.sql
   - Revert wsauth/tokens.go — remove IssueAdminToken, token_type constants,
     restore HasAnyLiveTokenGlobal and ValidateAnyToken to pre-#684 behavior
   - Revert admin_test_token.go to use IssueToken (not IssueAdminToken)
   - Revert associated tests to pre-#684 patterns
   Path B: formal risk acceptance documented in ADR-001.

2. RESTORE /admin/schedules/health route (regression fix):
   - Add platform/internal/handlers/admin_schedules_health.go (from PR #671)
   - Add platform/internal/handlers/admin_schedules_health_test.go (from PR #671)
   - Wire GET /admin/schedules/health via AdminAuth in router.go

3. ADD ADR-001 (platform/docs/adr/ADR-001-admin-token-scope.md):
   - Documents #684 as known risk with Phase-H remediation plan
   - Phase-H tracking issue: Molecule-AI/molecule-core#710

2026-04-17 12:01:12 +00:00

3 Commits