core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
d8cbe51c82
molecule-core/workspace-server/internal/provisioner
History
Hongming Wang d8cbe51c82 fix(security): tenant CPProvisioner attaches CP bearer on all calls 
Completes the C1 integration (PR #50 on molecule-controlplane). The CP
now requires Authorization: Bearer <PROVISION_SHARED_SECRET> on all
three /cp/workspaces/* endpoints; without this change the tenant-side
Start/Stop/IsRunning calls would all 401 (or 404 when the CP's routes
refused to mount) and every workspace provision from a SaaS tenant
would silently fail.

Reads MOLECULE_CP_SHARED_SECRET, falling back to PROVISION_SHARED_SECRET
so operators can use one env-var name on both sides of the wire. Empty
value is a no-op: self-hosted deployments with no CP or a CP that
doesn't gate /cp/workspaces/* keep working as before.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 01:53:12 -07:00
..
cp_provisioner.go fix(security): tenant CPProvisioner attaches CP bearer on all calls 2026-04-19 01:53:12 -07:00
isrunning_test.go chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
provisioner_test.go chore: final open-source cleanup — binary, stale paths, private refs 2026-04-18 00:38:55 -07:00
provisioner.go chore: final open-source cleanup — binary, stale paths, private refs 2026-04-18 00:38:55 -07:00