forked from molecule-ai/molecule-core
8f0525d4ce
Follow-up to root-cause analysis in #17 (see 2026-04-14 02:14 UTC comment). The Security Auditor's hourly DAST was creating test workspaces, secrets, and plugins to probe auth/validation logic — but only secrets and plugins had teardown in the prompt. Workspace-create probes leaked rows into `workspaces` with sequential IDs aaaaaaaa- bbbbbbbb- cccccccc- dddddddd-, each trapped in a restart loop on missing config.yaml. Four hourly runs, four leaked workspaces. Adds explicit step 4a: DAST TEARDOWN. Maintains three lists (workspaces, secrets, plugins) populated as probes run, and iterates them at the end with DELETE calls. Uses `|| true` so partial teardown failures don't break the audit, but every created artifact gets a cleanup attempt. Doesn't remove the cleanup the cron was already doing for secrets/plugins — just formalises the pattern so workspace-create (and any future probe surface) is covered by the same contract. Related: - #17 — rogue workspace restart loop (root cause was this) - #26 — audit cron routing (this PR sits alongside that structure) |
||
|---|---|---|
| .. | ||
| backend-engineer | ||
| competitive-intelligence | ||
| dev-lead | ||
| devops-engineer | ||
| frontend-engineer | ||
| market-analyst | ||
| pm | ||
| qa-engineer | ||
| research-lead | ||
| security-auditor | ||
| technical-researcher | ||
| uiux-designer | ||
| .env.example | ||
| org.yaml | ||