molecule-core

History

Molecule AI Backend Engineer 29cc845c5f feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800 ) Implements sub-issues #809 (MCPHandler), #810 (tool filtering), #811 (per-token rate limiting), #813 (opencode.json), #814 (docs). Routes (registered under wsAuth — bearer token binds to :id): GET /workspaces/:id/mcp/stream — SSE transport (backwards compat) POST /workspaces/:id/mcp — Streamable HTTP transport (primary) Security conditions from review (all mandatory): C1: WorkspaceAuth middleware rejects requests without valid bearer token C2: MCPRateLimiter (120 req/min/token, SHA-256 keyed) applied on both routes C3: commit_memory/recall_memory with scope=GLOBAL → permission error; send_message_to_user excluded unless MOLECULE_MCP_ALLOW_SEND_MESSAGE=true Tools: list_peers, get_workspace_info, delegate_task, delegate_task_async, check_task_status, send_message_to_user (opt-in), commit_memory, recall_memory. All mirror workspace-template/a2a_mcp_server.py TOOLS list. Also adds: org-templates/molecule-dev/opencode.json, docs/integrations/opencode.md, .env.example entries for MOLECULE_MCP_ALLOW_SEND_MESSAGE and MOLECULE_MCP_URL. Tests: 29 new tests (20 handler + 9 middleware). All passing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-17 19:25:22 +00:00
..
cmd/server	feat(registry): workspace hibernation — auto-pause idle workspaces (#711 )	2026-04-17 13:27:39 +00:00
docs/adr	fix(wsauth): restore ValidateAnyToken removed-workspace JOIN (#682 defense-in-depth), restore ADR-001 blast-radius docs	2026-04-17 12:25:44 +00:00
internal	feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800 )	2026-04-17 19:25:22 +00:00
migrations	fix(scheduler): detect phantom-producing crons — consecutive-empty tracking (closes #795 )	2026-04-17 19:06:35 +00:00
pkg/provisionhook	fix(github): refresh installation token when TTL < 10 min (#547 ) (#567 )	2026-04-17 00:47:03 +00:00
Dockerfile	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
Dockerfile.tenant	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
entrypoint-tenant.sh	feat(platform): auto-detect SaaS tenant → control plane provisioner	2026-04-16 11:50:52 -07:00
go.mod	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00
go.sum	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00