core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
40671d23a7
molecule-core/platform/internal/handlers
History
Hongming Wang 8f4d0997c8 fix: code review findings — dead code, DRY, rate limit, docs 
1. Delete fly_provisioner.go — superseded by control plane architecture.
   Direct Fly provisioning from tenant was intentionally removed.

2. Extract loadWorkspaceSecrets() — shared by Docker + CP provisioner
   paths. Eliminates 30-line secret-loading duplication.

3. Token rate limit — max 50 active tokens per workspace. Returns 429
   if exceeded. Prevents unbounded token creation by compromised client.

4. CLAUDE.md — add GET/POST/DELETE /workspaces/:id/tokens to route table.

5. .env.example — document MOLECULE_ORG_ID and CP_PROVISION_URL.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 12:04:37 -07:00
..
a2a_proxy_test.go
a2a_proxy.go fix(provisioner): IsRunning conservative on daemon errors to stop restart cascade 2026-04-16 02:21:25 -07:00
activity_test.go
activity.go fix(security): #234 — sanitize source_id spoof log line via %q 2026-04-15 12:04:26 -07:00
admin_test_token_test.go
admin_test_token.go
agent_git_identity_test.go feat(provisioner): per-agent git identity via GIT_AUTHOR_* env vars 2026-04-16 00:45:26 -07:00
agent_git_identity.go feat(provisioner): per-agent git identity via GIT_AUTHOR_* env vars 2026-04-16 00:45:26 -07:00
agent_test.go
agent.go
approvals_test.go
approvals.go
bundle.go
channels_test.go feat(channels): per-channel message budget with 429 enforcement (#368) 2026-04-16 11:17:14 +00:00
channels.go feat(channels): per-channel message budget with 429 enforcement (#368) 2026-04-16 11:17:14 +00:00
config_test.go
config.go
container_files.go
delegation_test.go
delegation.go
discovery_test.go
discovery.go
events_test.go
events.go
handlers_additional_test.go fix(tests): add EXISTS probe mock to 4 WorkspaceUpdate tests 2026-04-15 09:35:08 -07:00
handlers_extended_test.go test(security): add #120 regression tests — PATCH auth + workspace existence guard 2026-04-15 08:40:06 +00:00
handlers_test.go fix(security): #234 — sanitize source_id spoof log line via %q 2026-04-15 12:04:26 -07:00
memories_test.go fix(memories): add hard cap of 50 on recall results (#377) 2026-04-16 11:12:35 +00:00
memories.go fix(memories): add hard cap of 50 on recall results (#377) 2026-04-16 11:12:35 +00:00
memory_test.go feat(memory): optimistic-locking via if_match_version on workspace_memory writes 2026-04-16 02:32:46 -07:00
memory.go feat(memory): optimistic-locking via if_match_version on workspace_memory writes 2026-04-16 02:32:46 -07:00
org_include_test.go feat(org-templates): Phase 4 — atomize each role to <role>/workspace.yaml 2026-04-16 03:09:56 -07:00
org_include.go feat(org-templates): Phase 4 — atomize each role to <role>/workspace.yaml 2026-04-16 03:09:56 -07:00
org_path_test.go fix(security): #103 — path-sanitize + admin-gate POST /org/import 2026-04-15 00:18:09 -07:00
org_prompt_ref_test.go feat(org-templates): Phase 1 — externalize prompt bodies to sibling files (#389) 2026-04-16 00:32:09 -07:00
org_test.go
org.go fix(platform): unblock org-template imports against modular workspace templates 2026-04-16 07:49:45 -07:00
plugins_install_pipeline_test.go test(handlers): add unit test suite for plugins_install_pipeline.go 2026-04-15 18:47:25 +00:00
plugins_install_pipeline.go
plugins_install.go
plugins_listing.go
plugins_sources.go
plugins_test.go
plugins.go
registry_test.go fix(security): registry DB errors must not leak raw driver messages (closes #435) 2026-04-16 10:34:35 +00:00
registry.go fix(security): registry DB errors must not leak raw driver messages (closes #435) 2026-04-16 10:34:35 +00:00
restart_context_test.go
restart_context.go
schedules_test.go fix(#249): add /schedules/health endpoint accessible to CanCommunicate peers (#400) 2026-04-16 00:45:30 -07:00
schedules.go fix(#249): add /schedules/health endpoint accessible to CanCommunicate peers (#400) 2026-04-16 00:45:30 -07:00
secrets_test.go
secrets.go
socket.go
team_test.go
team.go
template_import_test.go fix(security): #221 — quote name as YAML scalar instead of stripping newlines 2026-04-15 11:58:16 -07:00
template_import.go fix(security): YAML-quote skill/prompt names in generateDefaultConfig + opaque file-write errors 2026-04-16 05:40:45 -07:00
templates_test.go
templates.go
terminal.go
tokens_test.go feat(platform): token management API + MCP setup + external agent guide 2026-04-16 08:37:42 -07:00
tokens.go fix: code review findings — dead code, DRY, rate limit, docs 2026-04-16 12:04:37 -07:00
traces_test.go
traces.go
transcript_test.go fix(security): forward Authorization header in transcript proxy (#405) (#380) 2026-04-15 23:38:07 -07:00
transcript.go fix(security): forward Authorization header in transcript proxy (#405) (#380) 2026-04-15 23:38:07 -07:00
viewport_test.go
viewport.go
webhooks_test.go
webhooks_workflow_test.go feat(webhooks): #101 — workflow_run event → DevOps A2A 2026-04-15 00:25:49 -07:00
webhooks.go feat(webhooks): #101 — workflow_run event → DevOps A2A 2026-04-15 00:25:49 -07:00
workspace_provision_test.go fix(auth): inject fresh bearer token into config volume on every provision (closes #418) 2026-04-16 05:26:10 -07:00
workspace_provision.go fix: code review findings — dead code, DRY, rate limit, docs 2026-04-16 12:04:37 -07:00
workspace_restart_test.go
workspace_restart.go fix(provisioner): rebuild_config flag on restart recovers from destroyed config volume (closes #239) 2026-04-16 10:34:25 +00:00
workspace_test.go fix(auth): #138 — field-level authz on PATCH /workspaces/:id 2026-04-15 09:39:09 -07:00
workspace.go feat(platform): auto-detect SaaS tenant → control plane provisioner 2026-04-16 11:50:52 -07:00