forked from molecule-ai/molecule-core
1440bd732e
H3 (compliance.py): GitHub fine-grained PATs use the github_pat_ prefix
with an 82-character alphanumeric+underscore suffix — different from
classic tokens (36 chars). Add the missing pattern to _PII_PATTERNS so
fine-grained PATs are redacted in compliance logs alongside classic tokens.
M4 (platform_auth.py): Replace write_text()+chmod() in save_token() with
os.open(O_WRONLY|O_CREAT|O_TRUNC, 0o600) + os.write(). The old approach
had a TOCTOU window where a concurrent reader could access the token file
before chmod restricted permissions. os.open with explicit mode creates the
file with 0600 permissions atomically in a single syscall.
H2 (a2a_client.py): Already fixed in commit
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| a2a_tools.py | ||
| approval.py | ||
| audit.py | ||
| awareness_client.py | ||
| compliance.py | ||
| delegation.py | ||
| governance.py | ||
| hitl.py | ||
| medo.py | ||
| memory.py | ||
| sandbox.py | ||
| security_scan.py | ||
| telemetry.py | ||
| temporal_workflow.py | ||