core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
6d5fd8bb9a
molecule-core/workspace-template/watcher.py
Dev Lead Agent 7f3274391e fix(security): H1 — replace MD5 with SHA-256 in config/skill watchers 
Both watcher.py (ConfigWatcher) and skill_loader/watcher.py
(SkillsWatcher) used hashlib.md5() for file-integrity change detection.
MD5 is collision-prone: a crafted config file could produce the same
hash as a benign one, silently suppressing the hot-reload callback and
preventing agents from picking up legitimate config changes.

Replace hashlib.md5 → hashlib.sha256 in both _hash_file() methods.
Update docstrings, comments, and the type-annotation comment
(rel_path → md5 hex → sha256 hex).

Test update: test_skills_watcher.py — rename helper _md5 → _sha256,
update the hash-length assertion from 32 (MD5) to 64 (SHA-256), and
rename the test from test_hash_file_returns_md5_for_existing_file to
test_hash_file_returns_sha256_for_existing_file. All 25 watcher tests
pass.

Note: H2 (a2a_client.py timeout=None) was already fixed in Cycle 5
(timeout=httpx.Timeout(connect=30.0, read=300.0, ...)) — confirmed by
code review before opening this PR.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-14 07:52:07 +00:00

121 lines
3.9 KiB
Python
Raw Blame History

"""File watcher for hot-reloading skills and config changes.
Monitors the config directory for file changes and triggers
agent rebuild + Agent Card update broadcast.
"""
import asyncio
import hashlib
import logging
import os
from pathlib import Path
import httpx
logger = logging.getLogger(__name__)
DEBOUNCE_SECONDS = 2.0
POLL_INTERVAL = 3.0 # seconds between filesystem checks
class ConfigWatcher:
"""Watches the config directory for changes and triggers reload callbacks."""
def __init__(
self,
config_path: str,
platform_url: str,
workspace_id: str,
on_reload=None,
):
self.config_path = config_path
self.platform_url = platform_url
self.workspace_id = workspace_id
self.on_reload = on_reload
self._file_hashes: dict[str, str] = {}
self._running = False
def _hash_file(self, path: str) -> str:
try:
# H1: SHA-256 replaces MD5 for file-integrity change detection.
# MD5 is collision-prone; using SHA-256 prevents a crafted config
# file from producing the same hash as a benign one, which would
# silently suppress the hot-reload callback.
return hashlib.sha256(Path(path).read_bytes()).hexdigest()
except (OSError, IOError):
return ""
def _scan_hashes(self) -> dict[str, str]:
"""Scan all files in config directory and return hash map."""
hashes = {}
for root, _, files in os.walk(self.config_path):
for fname in files:
if fname.startswith("."):
continue
fpath = os.path.join(root, fname)
rel = os.path.relpath(fpath, self.config_path)
hashes[rel] = self._hash_file(fpath)
return hashes
def _detect_changes(self) -> list[str]:
"""Compare current state with cached hashes, return changed files."""
current = self._scan_hashes()
changed = []
for path, h in current.items():
if path not in self._file_hashes or self._file_hashes[path] != h:
changed.append(path)
for path in self._file_hashes:
if path not in current:
changed.append(path)
self._file_hashes = current
return changed
async def _notify_platform(self, agent_card: dict):
"""Push updated Agent Card to the platform."""
try:
async with httpx.AsyncClient(timeout=10.0) as client:
await client.post(
f"{self.platform_url}/registry/update-card",
json={
"workspace_id": self.workspace_id,
"agent_card": agent_card,
},
)
logger.info("Agent Card updated via platform")
except Exception as e:
logger.warning("Failed to update Agent Card: %s", e)
async def start(self):
"""Start watching for changes in a background loop."""
self._running = True
self._file_hashes = self._scan_hashes()
logger.info("Config watcher started for %s", self.config_path)
while self._running:
await asyncio.sleep(POLL_INTERVAL)
changed = self._detect_changes()
if not changed:
continue
logger.info("Config changes detected: %s", changed)
# Debounce — wait for writes to settle
await asyncio.sleep(DEBOUNCE_SECONDS)
# Re-scan after debounce (more changes may have occurred)
self._detect_changes()
# Trigger reload callback
if self.on_reload:
try:
await self.on_reload()
except Exception as e:
logger.error("Reload callback failed: %s", e)
def stop(self):
self._running = False
View Git Blame Copy Permalink