molecule-core

History

Molecule AI Fullstack (floater) 11f66b1837 fix(org-api-tokens): add org_id column, close requireCallerOwnsOrg regression Fixes F1094 / #1200 / #1204 — org-token callers always getting 403 on org-scoped routes because requireCallerOwnsOrg queried created_by (provenance label string) instead of a proper org anchor UUID. Changes: - Migration 036 adds nullable org_id UUID column to org_api_tokens, references workspaces(id). Pre-fix tokens remain usable for non-org-scoped routes. - requireCallerOwnsOrg now queries org_api_tokens.org_id directly. Tokens with org_id = NULL (pre-fix) are denied org-scoped access — correct security posture for Phase 32 multi-org isolation. - orgtoken.Issue accepts and stores org_id via NULLIF($5,'')::uuid. - OrgTokenHandler.Create passes org_id (from session context or request body) to Issue. Canvas UI should pass org_id in request body so new tokens carry their org anchor. - admin_memories.go: remove dead-code duplicate redactSecrets call (shadowing declaration, lines 125+135 → single call at line 125). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-21 01:34:05 +00:00
..
tokens_test.go	fix(org-tokens): rate-limit mint, bound list, correct audit provenance	2026-04-20 14:22:38 -07:00
tokens.go	fix(org-api-tokens): add org_id column, close requireCallerOwnsOrg regression	2026-04-21 01:34:05 +00:00

Molecule AI Fullstack (floater) 11f66b1837 fix(org-api-tokens): add org_id column, close requireCallerOwnsOrg regression

Fixes F1094 / #1200 / #1204 — org-token callers always getting 403 on
org-scoped routes because requireCallerOwnsOrg queried created_by
(provenance label string) instead of a proper org anchor UUID.

Changes:
- Migration 036 adds nullable org_id UUID column to org_api_tokens,
  references workspaces(id). Pre-fix tokens remain usable for
  non-org-scoped routes.
- requireCallerOwnsOrg now queries org_api_tokens.org_id directly.
  Tokens with org_id = NULL (pre-fix) are denied org-scoped access —
  correct security posture for Phase 32 multi-org isolation.
- orgtoken.Issue accepts and stores org_id via NULLIF($5,'')::uuid.
- OrgTokenHandler.Create passes org_id (from session context or
  request body) to Issue. Canvas UI should pass org_id in request
  body so new tokens carry their org anchor.
- admin_memories.go: remove dead-code duplicate redactSecrets call
  (shadowing declaration, lines 125+135 → single call at line 125).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-21 01:34:05 +00:00

tokens_test.go

fix(org-tokens): rate-limit mint, bound list, correct audit provenance

2026-04-20 14:22:38 -07:00

tokens.go

fix(org-api-tokens): add org_id column, close requireCallerOwnsOrg regression

2026-04-21 01:34:05 +00:00