molecule-ai[bot] c5a1318de8 fix(mcp): add TODO(#838) in toolCommitMemory + document X-Workspace-ID trust in toolDelegateTask ... Security Auditor pre-merge conditions for PR#840: C5: toolCommitMemory passes content directly to DB insert without secret redaction. Gap is tracked to #838 (platform-wide _redactSecrets pass). Adds inline TODO(#838) comment at the insert site so the gap is visible in-code, not only in the issue tracker. C6: toolDelegateTask sets X-Workspace-ID but no bearer token on the outbound A2A call. The /workspaces/:id/a2a route is intentionally outside WorkspaceAuth (by design in router.go). CanCommunicate is enforced before the request is constructed, and callerID was authenticated by WorkspaceAuth on the MCP bridge entry point. Documents this trust assumption at the call site.		2026-04-17 22:13:55 +00:00
..
cmd/server	feat(registry): workspace hibernation — auto-pause idle workspaces (#711)	2026-04-17 13:27:39 +00:00
docs/adr	fix(wsauth): restore ValidateAnyToken removed-workspace JOIN (#682 defense-in-depth), restore ADR-001 blast-radius docs	2026-04-17 12:25:44 +00:00
internal	fix(mcp): add TODO(#838) in toolCommitMemory + document X-Workspace-ID trust in toolDelegateTask	2026-04-17 22:13:55 +00:00
migrations	fix(scheduler): detect phantom-producing crons — consecutive-empty tracking (closes #795)	2026-04-17 19:06:35 +00:00
pkg/provisionhook	fix(github): refresh installation token when TTL < 10 min (#547) (#567)	2026-04-17 00:47:03 +00:00
Dockerfile	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
Dockerfile.tenant	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
entrypoint-tenant.sh	feat(platform): auto-detect SaaS tenant → control plane provisioner	2026-04-16 11:50:52 -07:00
go.mod	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00
go.sum	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00