core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
29cc845c5f
molecule-core/platform/internal
History
Molecule AI Backend Engineer 29cc845c5f feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800) 
Implements sub-issues #809 (MCPHandler), #810 (tool filtering), #811
(per-token rate limiting), #813 (opencode.json), #814 (docs).

Routes (registered under wsAuth — bearer token binds to :id):
  GET  /workspaces/:id/mcp/stream  — SSE transport (backwards compat)
  POST /workspaces/:id/mcp         — Streamable HTTP transport (primary)

Security conditions from review (all mandatory):
  C1: WorkspaceAuth middleware rejects requests without valid bearer token
  C2: MCPRateLimiter (120 req/min/token, SHA-256 keyed) applied on both routes
  C3: commit_memory/recall_memory with scope=GLOBAL → permission error;
      send_message_to_user excluded unless MOLECULE_MCP_ALLOW_SEND_MESSAGE=true

Tools: list_peers, get_workspace_info, delegate_task, delegate_task_async,
check_task_status, send_message_to_user (opt-in), commit_memory, recall_memory.
All mirror workspace-template/a2a_mcp_server.py TOOLS list.

Also adds: org-templates/molecule-dev/opencode.json, docs/integrations/opencode.md,
.env.example entries for MOLECULE_MCP_ALLOW_SEND_MESSAGE and MOLECULE_MCP_URL.

Tests: 29 new tests (20 handler + 9 middleware). All passing.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 19:25:22 +00:00
..
artifacts fix(platform): address security review findings on CF Artifacts (#641) 2026-04-17 06:39:47 +00:00
bundle initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
channels fix(security): cap discord error response body read at 4096 bytes 2026-04-17 10:46:09 +00:00
crypto initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
db fix(liveness): raise workspace TTL 60s → 180s to survive Opus synthesis (#386) 2026-04-16 00:05:45 -07:00
envx initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events feat(platform): AG-UI compatible SSE endpoint for streaming agent events (#590) 2026-04-17 05:16:51 +00:00
handlers feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800) 2026-04-17 19:25:22 +00:00
metrics initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
middleware feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800) 2026-04-17 19:25:22 +00:00
models fix(gate-1): resolve merge conflicts with main 2026-04-17 06:27:14 +00:00
plugins test(supply-chain): TDD spec for plugin supply-chain hardening (#768) 2026-04-17 16:41:32 +00:00
provisioner fix: restore cp_provisioner.go updated for EC2 backend 2026-04-16 14:25:43 -07:00
registry feat(registry): workspace hibernation — auto-pause idle workspaces (#711) 2026-04-17 13:27:39 +00:00
router feat(platform): opencode MCP bridge — remote A2A tools over HTTP (#800) 2026-04-17 19:25:22 +00:00
scheduler fix(scheduler): detect phantom-producing crons via consecutive-empty tracking (#795) 2026-04-17 11:11:05 -07:00
supervised fix(platform): panic-recovering supervisor for every background goroutine (#92) 2026-04-14 20:34:18 -07:00
ws initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
wsauth Merge pull request #719 from Molecule-AI/fix/issue-697-validate-token-removed-workspace 2026-04-17 12:50:52 +00:00