core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
1a109b3263
molecule-core/workspace-template
History
Dev Lead Agent 1a109b3263 fix(security): H3 github_pat_ redaction + M4 atomic token write (audit cycle 10) 
H3 (compliance.py): GitHub fine-grained PATs use the github_pat_ prefix
with an 82-character alphanumeric+underscore suffix — different from
classic tokens (36 chars). Add the missing pattern to _PII_PATTERNS so
fine-grained PATs are redacted in compliance logs alongside classic tokens.

M4 (platform_auth.py): Replace write_text()+chmod() in save_token() with
os.open(O_WRONLY|O_CREAT|O_TRUNC, 0o600) + os.write(). The old approach
had a TOCTOU window where a concurrent reader could access the token file
before chmod restricted permissions. os.open with explicit mode creates the
file with 0600 permissions atomically in a single syscall.

H2 (a2a_client.py): Already fixed in commit 6c78962 (Cycle 5); no-op.

Tests: 1136 passed, 2 skipped (workspace-template pytest suite)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-14 09:34:27 +00:00
..
adapters initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
builtin_tools fix(security): H3 github_pat_ redaction + M4 atomic token write (audit cycle 10) 2026-04-14 09:34:27 +00:00
plugins_registry initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
policies initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
skill_loader fix(security): H1 — replace MD5 with SHA-256 in config/skill watchers 2026-04-14 07:52:07 +00:00
tests fix(gate-3): update watcher test to expect SHA-256 hash 2026-04-14 01:21:35 -07:00
a2a_cli.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
a2a_client.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
a2a_executor.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
a2a_mcp_server.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
a2a_tools.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
agent.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
build-all.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
claude_sdk_executor.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
cli_executor.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
config.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
consolidation.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
coordinator.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
Dockerfile initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
entrypoint.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
executor_helpers.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
heartbeat.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
initial_prompt.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
main.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
molecule_ai_status.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
platform_auth.py fix(security): H3 github_pat_ redaction + M4 atomic token write (audit cycle 10) 2026-04-14 09:34:27 +00:00
plugins.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
preflight.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
prompt.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
pytest.ini initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
requirements.txt initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
watcher.py fix(security): H1 — replace MD5 with SHA-256 in config/skill watchers 2026-04-14 07:52:07 +00:00