core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
76cb7c3760
molecule-core/platform/internal
History
Dev Lead Agent 76cb7c3760 test(security): add #120 regression tests — PATCH auth + workspace existence guard 
Two gaps identified by Security Auditor in PR #125 review cycle:

1. handlers_extended_test.go:
   - Fix TestExtended_WorkspaceUpdate: add SELECT EXISTS mock expectation
     so the test correctly reflects the #120 existence guard now running first.
   - Add TestExtended_WorkspaceUpdate_NotFound: verifies PATCH returns 404
     (not 200) for a nonexistent workspace ID — the core #120 behaviour fix.

2. wsauth_middleware_test.go:
   - Add TestAdminAuth_Issue120_PatchWorkspace_NoBearer_Returns401: documents
     the confirmed attack vector (PATCH without token must return 401) and
     asserts AdminAuth is applied to PATCH /workspaces/:id per the router.go change.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 08:40:06 +00:00
..
bundle initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
channels initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
crypto initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
db initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
envx initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
handlers test(security): add #120 regression tests — PATCH auth + workspace existence guard 2026-04-15 08:40:06 +00:00
metrics initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
middleware test(security): add #120 regression tests — PATCH auth + workspace existence guard 2026-04-15 08:40:06 +00:00
models initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
plugins initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
provisioner Merge pull request #57 from Molecule-AI/fix/issue-12-preserve-claude-sessions 2026-04-14 12:26:12 -07:00
registry fix(registry): allow ancestor↔descendant A2A so audit_summary can reach PM 2026-04-14 22:18:38 -07:00
router fix(security): #120 PATCH auth + #113 schedule IDOR — close unauthenticated write vectors 2026-04-15 08:01:22 +00:00
scheduler merge: resolve scheduler conflicts with main (#85 panic-recover + supervised heartbeat) 2026-04-15 00:12:29 -07:00
supervised fix(platform): panic-recovering supervisor for every background goroutine (#92) 2026-04-14 20:34:18 -07:00
ws initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
wsauth fix(security): protect global secrets routes with AdminAuth middleware (Cycle 7) 2026-04-14 06:33:22 +00:00