forked from molecule-ai/molecule-core
f52b6c3f64
* fix(plugins): close F1086 err.Error() leaks in plugin install pipeline F1086 / #1206: Three err.Error() calls in the plugin install pipeline leaked internal file paths, resolver state, and query parameters in API responses. Replaced with context-appropriate generic messages: - ParseSource error → "invalid plugin source" - Resolve error → "plugin resolution failed" (available_schemes kept for self-service, raw error hidden) - validatePluginName error → "invalid plugin name" (path traversal/injection risk means no diagnostic should be returned) 🤖 Generated with [Claude Code](https://claude.ai) * fix(provision): close F1086 err.Error() leaks in workspace_provision.go F1086 / #1206: env mutator and provisioner start errors in workspace_provision.go leaked internal error strings (credential URIs, docker/volume paths, AMI/VPC details) via: - Broadcast payloads to canvas Events tab - last_sample_error field in the workspaces DB row Fixed all 6 occurrences across both the docker and CPProvisioner code paths: - env mutator failures → "environment configuration failed" - provisioner/docker start failures → "workspace start failed" The verbose %v-logged errors are preserved for operator diagnostics; only the broadcast and DB fields receive generic messages. 🤖 Generated with [Claude Code](https://claude.ai) --------- Co-authored-by: Molecule AI Core-BE <core-be@agents.moleculesai.app> |
||
|---|---|---|
| .. | ||
| artifacts | ||
| bundle | ||
| channels | ||
| crypto | ||
| db | ||
| envx | ||
| events | ||
| handlers | ||
| metrics | ||
| middleware | ||
| models | ||
| orgtoken | ||
| plugins | ||
| provisioner | ||
| registry | ||
| router | ||
| scheduler | ||
| supervised | ||
| ws | ||
| wsauth | ||