molecule-ai[bot] 35ccda1091 fix(security): replace err.Error() with generic messages in handler responses (#1193) ... Replace all c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) calls across 22 handler files with context-appropriate generic messages to prevent internal error strings (DB details, validation messages, file paths) leaking into API responses. Pattern established: - ShouldBindJSON failures → "invalid request body" (or "invalid delegation request") - Validation failures → "invalid workspace ID", "invalid path", etc. - Server-side errors still logged, only generic message returned to client References: Security finding from Audit #125 (Stripe key leak via err.Error()) Co-authored-by: Molecule AI Fullstack (floater) <fullstack-floater@agents.moleculesai.app> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-21 00:56:03 +00:00
..
cmd/server	fix: harden stuck-provisioning UX — details crash, preflight, sweeper	2026-04-20 14:51:39 -07:00
internal	fix(security): replace err.Error() with generic messages in handler responses (#1193)	2026-04-21 00:56:03 +00:00
migrations	feat(auth): organization-scoped API keys for admin access	2026-04-20 14:01:41 -07:00
pkg/provisionhook	fix(docker): fix plugin go.mod replace for TokenProvider interface (#960)	2026-04-20 13:42:53 -07:00
.gitignore	feat(ws-server): pull env from CP on startup	2026-04-19 02:41:15 -07:00
Dockerfile	fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155)	2026-04-20 23:51:33 +00:00
Dockerfile.tenant	fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155)	2026-04-20 23:51:33 +00:00
entrypoint-tenant.sh	fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155)	2026-04-20 23:51:33 +00:00
go.mod	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
go.sum	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00