forked from molecule-ai/molecule-core
112c17510c
Required changes from security auditor before PR #696 can merge: 1. REVERT #684 (token_type schema migration): - Remove migration 029_token_type.{up,down}.sql - Revert wsauth/tokens.go — remove IssueAdminToken, token_type constants, restore HasAnyLiveTokenGlobal and ValidateAnyToken to pre-#684 behavior - Revert admin_test_token.go to use IssueToken (not IssueAdminToken) - Revert associated tests to pre-#684 patterns Path B: formal risk acceptance documented in ADR-001. 2. RESTORE /admin/schedules/health route (regression fix): - Add platform/internal/handlers/admin_schedules_health.go (from PR #671) - Add platform/internal/handlers/admin_schedules_health_test.go (from PR #671) - Wire GET /admin/schedules/health via AdminAuth in router.go 3. ADD ADR-001 (platform/docs/adr/ADR-001-admin-token-scope.md): - Documents #684 as known risk with Phase-H remediation plan - Phase-H tracking issue: Molecule-AI/molecule-core#710 |
||
|---|---|---|
| .. | ||
| ratelimit_test.go | ||
| ratelimit.go | ||
| securityheaders_test.go | ||
| securityheaders.go | ||
| tenant_guard_test.go | ||
| tenant_guard.go | ||
| wsauth_middleware_test.go | ||
| wsauth_middleware.go | ||