Hongming Wang
479a027e4b
chore: open-source restructure — rename dirs, remove internal files, scrub secrets
...
Renames:
- platform/ → workspace-server/ (Go module path stays as "platform" for
external dep compat — will update after plugin module republish)
- workspace-template/ → workspace/
Removed (moved to separate repos or deleted):
- PLAN.md — internal roadmap (move to private project board)
- HANDOFF.md, AGENTS.md — one-time internal session docs
- .claude/ — gitignored entirely (local agent config)
- infra/cloudflare-worker/ → Molecule-AI/molecule-tenant-proxy
- org-templates/molecule-dev/ → standalone template repo
- .mcp-eval/ → molecule-mcp-server repo
- test-results/ — ephemeral, gitignored
Security scrubbing:
- Cloudflare account/zone/KV IDs → placeholders
- Real EC2 IPs → <EC2_IP> in all docs
- CF token prefix, Neon project ID, Fly app names → redacted
- Langfuse dev credentials → parameterized
- Personal runner username/machine name → generic
Community files:
- CONTRIBUTING.md — build, test, branch conventions
- CODE_OF_CONDUCT.md — Contributor Covenant 2.1
All Dockerfiles, CI workflows, docker-compose, railway.toml, render.yaml,
README, CLAUDE.md updated for new directory names.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 00:24:44 -07:00
86c81c4056
docs(security): SAFE-MCP internal advisory 2026-04-17 (distilled from PR #808 audit)
...
Adds a concise action advisory for engineering leads summarising the 9 open
findings from the full SAFE-MCP audit, with immediate remediation steps for
NEW-003 (unpinned npm packages in .mcp.json — HIGH), a Phase 35 scoping
recommendation for plugin supply-chain hardening (VULN-003, VULN-004), and
medium-term GLOBAL memory scope controls (VULN-002, VULN-005).
Pairs with: monorepo PR #808 , docs PR #18
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 23:39:00 +00:00
Molecule AI Security Auditor
3ca778f160
docs(security): SAFE-MCP audit report 2026-04-17 (issue #747 )
...
Adds docs/security/safe-mcp-audit-2026-04-17.md — full SAFE-MCP ATT&CK
audit of @molecule-ai/mcp-server against 4 high-priority techniques:
SAFE-T1102 (Supply chain):
- NEW-003 HIGH: Unpinned npm MCP packages in .mcp.json (npx -y)
- VULN-003 HIGH: No manifest signing on GitHub plugin install
- VULN-004 HIGH: Floating plugin refs, no version pinning enforced
SAFE-T1201 (Prompt injection):
- VULN-002 HIGH: GLOBAL memory poisoning — delimiter spoofing gap
(partial mitigation via #767 globalMemoryDelimiter confirmed)
- VULN-006 MEDIUM: No tool output sanitization in MCP server
SAFE-T1301 (Excessive permissions):
- NEW-002 MEDIUM: Default subprocess sandbox allows language=shell/bash
SAFE-T1401 (Secret exfiltration):
- NEW-001 MEDIUM: builtin_tools missing auth_headers() on A2A calls
- VULN-005 MEDIUM: GLOBAL memories readable by all workspaces
Confirmed fix: VULN-001 (X-Workspace-ID system-caller forge, #761 ) CLOSED.
Closes #747 .
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 18:54:08 +00:00
