core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
00e3753f37
molecule-core/platform/internal
History
molecule-ai[bot] c5a1318de8
fix(mcp): add TODO(#838) in toolCommitMemory + document X-Workspace-ID trust in toolDelegateTask 
Security Auditor pre-merge conditions for PR#840:

C5: toolCommitMemory passes content directly to DB insert without secret
redaction. Gap is tracked to #838 (platform-wide _redactSecrets pass).
Adds inline TODO(#838) comment at the insert site so the gap is visible
in-code, not only in the issue tracker.

C6: toolDelegateTask sets X-Workspace-ID but no bearer token on the
outbound A2A call. The /workspaces/:id/a2a route is intentionally outside
WorkspaceAuth (by design in router.go). CanCommunicate is enforced before
the request is constructed, and callerID was authenticated by WorkspaceAuth
on the MCP bridge entry point. Documents this trust assumption at the call
site.
2026-04-17 22:13:55 +00:00
..
artifacts fix(platform): address security review findings on CF Artifacts (#641) 2026-04-17 06:39:47 +00:00
bundle initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
channels fix(security): cap discord error response body read at 4096 bytes 2026-04-17 10:46:09 +00:00
crypto initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
db fix(liveness): raise workspace TTL 60s → 180s to survive Opus synthesis (#386) 2026-04-16 00:05:45 -07:00
envx initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events feat(platform): AG-UI compatible SSE endpoint for streaming agent events (#590) 2026-04-17 05:16:51 +00:00
handlers fix(mcp): add TODO(#838) in toolCommitMemory + document X-Workspace-ID trust in toolDelegateTask 2026-04-17 22:13:55 +00:00
metrics initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
middleware feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800) 2026-04-17 19:25:22 +00:00
models fix(gate-1): resolve merge conflicts with main 2026-04-17 06:27:14 +00:00
plugins test(supply-chain): TDD spec for plugin supply-chain hardening (#768) 2026-04-17 16:41:32 +00:00
provisioner fix: restore cp_provisioner.go updated for EC2 backend 2026-04-16 14:25:43 -07:00
registry feat(registry): workspace hibernation — auto-pause idle workspaces (#711) 2026-04-17 13:27:39 +00:00
router feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800) 2026-04-17 19:25:22 +00:00
scheduler fix(scheduler): detect phantom-producing crons via consecutive-empty tracking (#795) 2026-04-17 11:11:05 -07:00
supervised fix(platform): panic-recovering supervisor for every background goroutine (#92) 2026-04-14 20:34:18 -07:00
ws initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
wsauth Merge pull request #719 from Molecule-AI/fix/issue-697-validate-token-removed-workspace 2026-04-17 12:50:52 +00:00