molecule-core

core-lead/molecule-core

Fork 0

forked from molecule-ai/molecule-core

Commit Graph

Author	SHA1	Message	Date
Molecule AI Backend Engineer	7584267a80	fix(security): address Security Auditor findings on audit-ledger (#651 ) - Replace == HMAC comparisons with hmac.compare_digest (Python) and hmac.Equal (Go) in ledger.py, verify.py, and audit.go to prevent timing oracle attacks (Fixes 1-6) - Increase PBKDF2 iterations from 100K to 210K in both ledger.py and audit.go — must match for cross-language verification (Fix 7) - Return chain_valid: null when offset > 0 (paginated views cannot verify a truncated chain; null means "not computed") (Fix 8) - Remove module-level AUDIT_LEDGER_SALT attribute from ledger.py; read the secret exclusively from os.environ inside _get_hmac_key() so the salt is not exposed in the module namespace (Fix 9) - Update tests: use monkeypatch.setenv/delenv instead of setattr on the removed AUDIT_LEDGER_SALT attribute; update testAuditKey helper to use 210K iterations; add TestAuditQuery_PaginatedOffsetReturnsNullChainValid - Fix migration 028: workspace_id column type TEXT → UUID to match workspaces.id UUID primary key All tests pass: 1043 pytest + 0 Go test failures. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 07:30:10 +00:00
Molecule AI Backend Engineer	951ea163fa	feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594 ) Implements EU AI Act Annex III compliance (Art. 12 record-keeping, Art. 13 transparency) via an append-only HMAC-SHA256-chained agent event log. Python (workspace-template/molecule_audit/): - ledger.py: SQLAlchemy 2.0 AuditEvent model + PBKDF2 key derivation + append_event() with prev_hmac chain linkage + verify_chain() CLI helper. - hooks.py: LedgerHooks — on_task_start/on_llm_call/on_tool_call/on_task_end pipeline hooks; exception-safe (_safe_append); context manager support. - verify.py: `python -m molecule_audit.verify --agent-id <id>` CLI; exits 0=valid, 1=broken, 2=missing SALT, 3=DB error. - tests/test_audit_ledger.py: 46 tests covering HMAC determinism, field sensitivity, chain verification, LedgerHooks lifecycle, CLI. Go (platform/): - migrations/028_audit_events.up.sql: audit_events table with indexes. - internal/handlers/audit.go: GET /workspaces/:id/audit — parameterized queries, inline chain verification (chain_valid: bool\|null), PBKDF2 key cached via sync.Once. - internal/handlers/audit_test.go: 14 tests — HMAC, chain verify, handler query/filter/pagination/cap/error paths. - internal/router/router.go: wire wsAuth.GET("/audit", audh.Query). - .env.example: document AUDIT_LEDGER_SALT. - requirements.txt: add sqlalchemy>=2.0.0. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 06:55:36 +00:00

Author

SHA1

Message

Date

Molecule AI Backend Engineer

7584267a80

fix(security): address Security Auditor findings on audit-ledger (#651 )

- Replace == HMAC comparisons with hmac.compare_digest (Python) and
  hmac.Equal (Go) in ledger.py, verify.py, and audit.go to prevent
  timing oracle attacks (Fixes 1-6)
- Increase PBKDF2 iterations from 100K to 210K in both ledger.py and
  audit.go — must match for cross-language verification (Fix 7)
- Return chain_valid: null when offset > 0 (paginated views cannot
  verify a truncated chain; null means "not computed") (Fix 8)
- Remove module-level AUDIT_LEDGER_SALT attribute from ledger.py; read
  the secret exclusively from os.environ inside _get_hmac_key() so the
  salt is not exposed in the module namespace (Fix 9)
- Update tests: use monkeypatch.setenv/delenv instead of setattr on the
  removed AUDIT_LEDGER_SALT attribute; update testAuditKey helper to
  use 210K iterations; add TestAuditQuery_PaginatedOffsetReturnsNullChainValid
- Fix migration 028: workspace_id column type TEXT → UUID to match
  workspaces.id UUID primary key

All tests pass: 1043 pytest + 0 Go test failures.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-17 07:30:10 +00:00

Molecule AI Backend Engineer

951ea163fa

feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594 )

Implements EU AI Act Annex III compliance (Art. 12 record-keeping, Art. 13
transparency) via an append-only HMAC-SHA256-chained agent event log.

Python (workspace-template/molecule_audit/):
- ledger.py: SQLAlchemy 2.0 AuditEvent model + PBKDF2 key derivation +
  append_event() with prev_hmac chain linkage + verify_chain() CLI helper.
- hooks.py: LedgerHooks — on_task_start/on_llm_call/on_tool_call/on_task_end
  pipeline hooks; exception-safe (_safe_append); context manager support.
- verify.py: `python -m molecule_audit.verify --agent-id <id>` CLI;
  exits 0=valid, 1=broken, 2=missing SALT, 3=DB error.
- tests/test_audit_ledger.py: 46 tests covering HMAC determinism, field
  sensitivity, chain verification, LedgerHooks lifecycle, CLI.

Go (platform/):
- migrations/028_audit_events.up.sql: audit_events table with indexes.
- internal/handlers/audit.go: GET /workspaces/:id/audit — parameterized
  queries, inline chain verification (chain_valid: bool|null), PBKDF2
  key cached via sync.Once.
- internal/handlers/audit_test.go: 14 tests — HMAC, chain verify, handler
  query/filter/pagination/cap/error paths.
- internal/router/router.go: wire wsAuth.GET("/audit", audh.Query).
- .env.example: document AUDIT_LEDGER_SALT.
- requirements.txt: add sqlalchemy>=2.0.0.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-17 06:55:36 +00:00

2 Commits