core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
951ea163fa
molecule-core/workspace-template
History
Molecule AI Backend Engineer 951ea163fa feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594) 
Implements EU AI Act Annex III compliance (Art. 12 record-keeping, Art. 13
transparency) via an append-only HMAC-SHA256-chained agent event log.

Python (workspace-template/molecule_audit/):
- ledger.py: SQLAlchemy 2.0 AuditEvent model + PBKDF2 key derivation +
  append_event() with prev_hmac chain linkage + verify_chain() CLI helper.
- hooks.py: LedgerHooks — on_task_start/on_llm_call/on_tool_call/on_task_end
  pipeline hooks; exception-safe (_safe_append); context manager support.
- verify.py: `python -m molecule_audit.verify --agent-id <id>` CLI;
  exits 0=valid, 1=broken, 2=missing SALT, 3=DB error.
- tests/test_audit_ledger.py: 46 tests covering HMAC determinism, field
  sensitivity, chain verification, LedgerHooks lifecycle, CLI.

Go (platform/):
- migrations/028_audit_events.up.sql: audit_events table with indexes.
- internal/handlers/audit.go: GET /workspaces/:id/audit — parameterized
  queries, inline chain verification (chain_valid: bool|null), PBKDF2
  key cached via sync.Once.
- internal/handlers/audit_test.go: 14 tests — HMAC, chain verify, handler
  query/filter/pagination/cap/error paths.
- internal/router/router.go: wire wsAuth.GET("/audit", audh.Query).
- .env.example: document AUDIT_LEDGER_SALT.
- requirements.txt: add sqlalchemy>=2.0.0.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 06:55:36 +00:00
..
adapters feat(adapters): add Google ADK runtime adapter (#542) 2026-04-17 00:08:17 +00:00
builtin_tools fix(security): hitl task-id ownership + wire fail_open_if_no_scanner in loader (closes #265, #268) 2026-04-15 21:18:52 -07:00
molecule_audit feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594) 2026-04-17 06:55:36 +00:00
plugins_registry fix(plugins_registry): deduplicate handlers in _deep_merge_hooks() 2026-04-17 05:22:00 +00:00
policies initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
scripts fix(github): refresh installation token when TTL < 10 min (#547) (#567) 2026-04-17 00:47:03 +00:00
skill_loader fix(security): hitl task-id ownership + wire fail_open_if_no_scanner in loader (closes #265, #268) 2026-04-15 21:18:52 -07:00
tests feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594) 2026-04-17 06:55:36 +00:00
a2a_cli.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
a2a_client.py fix(a2a): add missing Authorization header to delegation and message calls (#401) 2026-04-16 00:53:18 -07:00
a2a_executor.py fix: properly remove adapter subdirectories + move shared code to root 2026-04-16 04:59:13 -07:00
a2a_mcp_server.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
a2a_tools.py fix(a2a): add missing Authorization header to delegation and message calls (#401) 2026-04-16 00:53:18 -07:00
adapter_base.py fix: properly remove adapter subdirectories + move shared code to root 2026-04-16 04:59:13 -07:00
agent.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
build-all.sh chore: extract workspace runtime to PyPI + move adapter Dockerfiles to template repos 2026-04-16 04:33:10 -07:00
claude_sdk_executor.py fix(claude-sdk): #160 — probe CLI directly when SDK swallowed the real stderr 2026-04-15 11:50:55 -07:00
cli_executor.py feat(adapters): add gemini-cli runtime adapter (closes #332) (#379) 2026-04-15 23:30:00 -07:00
config.py fix(security): hitl task-id ownership + wire fail_open_if_no_scanner in loader (closes #265, #268) 2026-04-15 21:18:52 -07:00
consolidation.py fix(security): N1 — add auth headers to all platform calls in Python callers 2026-04-14 08:37:50 +00:00
coordinator.py fix: properly remove adapter subdirectories + move shared code to root 2026-04-16 04:59:13 -07:00
Dockerfile chore: extract workspace runtime to PyPI + move adapter Dockerfiles to template repos 2026-04-16 04:33:10 -07:00
entrypoint.sh fix(github): refresh installation token when TTL < 10 min (#547) (#567) 2026-04-17 00:47:03 +00:00
events.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
executor_helpers.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
heartbeat.py fix(security): N1 — add auth headers to all platform calls in Python callers 2026-04-14 08:37:50 +00:00
hermes_executor.py feat(hermes): expose reasoning mode for Hermes 4 via OpenAI-compat API (#496) 2026-04-16 20:38:45 +00:00
initial_prompt.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
main.py fix(security): /transcript endpoint fails closed when auth token missing (#328) 2026-04-15 21:17:37 -07:00
molecule_ai_status.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
platform_auth.py fix(security): H3 github_pat_ redaction + M4 atomic token write (audit cycle 10) 2026-04-14 09:34:27 +00:00
plugins.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
preflight.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
prompt.py fix: properly remove adapter subdirectories + move shared code to root 2026-04-16 04:59:13 -07:00
pytest.ini initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
requirements.txt feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594) 2026-04-17 06:55:36 +00:00
shared_runtime.py fix: properly remove adapter subdirectories + move shared code to root 2026-04-16 04:59:13 -07:00
transcript_auth.py fix(security): /transcript endpoint fails closed when auth token missing (#328) 2026-04-15 21:17:37 -07:00
watcher.py fix(security): H1 — replace MD5 with SHA-256 in config/skill watchers 2026-04-14 07:52:07 +00:00