core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
c4c2bcba83
molecule-core/platform/internal
History
Molecule AI Backend Engineer c4c2bcba83 fix(security): SAFE-T1201 — redact secrets in commit_memory before persistence 
Adds `redactSecrets()` to the MemoriesHandler, scrubbing known credential
patterns before every INSERT into agent_memories, regardless of scope.

Closes #838. Satisfies SAFE-T1201 gate.

Patterns redacted (with `[REDACTED:<CLASS>]` replacement):
- Env-var assignments: `*_API_KEY=`, `*_TOKEN=`, `*_SECRET=`
- HTTP Bearer tokens
- sk-... prefixed keys (OpenAI / Anthropic format)
- ctx7_... tokens (context7)
- Base64 blobs ≥ 33 chars

The audit log SHA-256 hash now reflects the sanitised content (not the
raw input) so the forensic trail remains consistent with what was stored.

Tests added:
- TestRedactSecrets_CleanContent_PassesThrough
- TestRedactSecrets_APIKeyPattern_IsRedacted (API_KEY / TOKEN / SECRET)
- TestRedactSecrets_BearerToken_IsRedacted
- TestRedactSecrets_SKToken_IsRedacted
- TestRedactSecrets_Ctx7Token_IsRedacted
- TestRedactSecrets_Base64Blob_IsRedacted
- TestCommitMemory_SecretInContent_IsRedactedBeforeInsert

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 23:38:57 +00:00
..
artifacts fix(platform): address security review findings on CF Artifacts (#641) 2026-04-17 06:39:47 +00:00
bundle initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
channels fix(security): cap discord error response body read at 4096 bytes 2026-04-17 10:46:09 +00:00
crypto initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
db fix(liveness): raise workspace TTL 60s → 180s to survive Opus synthesis (#386) 2026-04-16 00:05:45 -07:00
envx initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events feat(platform): AG-UI compatible SSE endpoint for streaming agent events (#590) 2026-04-17 05:16:51 +00:00
handlers fix(security): SAFE-T1201 — redact secrets in commit_memory before persistence 2026-04-17 23:38:57 +00:00
metrics initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
middleware test(security): route-specific #684 regression — three vulnerable admin routes 2026-04-17 15:25:41 +00:00
models fix(gate-1): resolve merge conflicts with main 2026-04-17 06:27:14 +00:00
plugins test(supply-chain): TDD spec for plugin supply-chain hardening (#768) 2026-04-17 16:41:32 +00:00
provisioner fix: restore cp_provisioner.go updated for EC2 backend 2026-04-16 14:25:43 -07:00
registry feat(registry): workspace hibernation — auto-pause idle workspaces (#711) 2026-04-17 13:27:39 +00:00
router feat(platform): Temporal checkpoint DB persistence layer (closes #788) 2026-04-17 19:05:48 +00:00
scheduler fix(scheduler): detect phantom-producing crons via consecutive-empty tracking (#795) 2026-04-17 11:11:05 -07:00
supervised fix(platform): panic-recovering supervisor for every background goroutine (#92) 2026-04-14 20:34:18 -07:00
ws initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
wsauth Merge pull request #719 from Molecule-AI/fix/issue-697-validate-token-removed-workspace 2026-04-17 12:50:52 +00:00