diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 467add7..ffe6e04 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -93,6 +93,7 @@ Entries are published daily at 23:50 UTC. - **RemoteAgentClient `org_id` and `origin` kwargs**: `RemoteAgentClient` now accepts `org_id` (injected as `X-Molecule-Org-Id` header) and `origin` (injected as `Origin` header for request tracing) as constructor kwargs. Both propagate to all 14+ outbound call sites automatically via `_auth_headers()`. (`molecule-sdk-python` [#7](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/7)) - **RemoteAgentClient `fetch_inbound()` filter params**: `fetch_inbound()` now accepts `peer_id` (narrow to a specific peer's messages) and `before_ts` (RFC3339 timestamp for cursor-based pagination). Enables agents to selectively consume inbound activity from known siblings. (`molecule-sdk-python` [#6](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/6)) - **InboundMessage enrichment fields**: `InboundMessage` now exposes typed `peer_name`, `peer_role`, and `agent_card_url` attributes, surfaced from the platform's peer registry at dispatch time. Previously these were only accessible via the raw channel envelope. (`molecule-sdk-python` [#5](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/5)) +- **`strip_a2a_boundary()` — OFFSEC-003 trust-boundary SDK helper**: `molecule-sdk-python` now exports `strip_a2a_boundary(text)` to strip `[A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER]` wrappers from peer-generated content. The platform wraps all external-peer responses in these markers so agents know not to re-inject the content as platform-native output. Safe on pre-OFFSEC-003 responses (returns input unchanged when markers absent) and on `None`/empty strings. (`molecule-sdk-python` [#8](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/8)) ### 🔧 Fixes diff --git a/content/docs/guides/remote-workspaces.md b/content/docs/guides/remote-workspaces.md index 612e637..bbcda4d 100644 --- a/content/docs/guides/remote-workspaces.md +++ b/content/docs/guides/remote-workspaces.md @@ -192,6 +192,22 @@ Each inbound message carries these fields in addition to the standard A2A fields > **Note:** `peer_name`, `peer_role`, and `agent_card_url` are enriched from the platform's peer registry at dispatch time. They are `None` if the sending peer has not registered an agent card. +### Security: OFFSEC-003 — trust-boundary markers on peer responses + +When a remote workspace receives a `delegate_task` response from an external peer, the platform wraps the peer-generated content in `[A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER]` trust-boundary markers. These markers signal to the agent that the enclosed content originated outside the platform's trust boundary and must not be re-injected as platform-native output. + +Use `strip_a2a_boundary()` to strip the wrappers before processing the content: + +```python +from molecule_agent import RemoteAgentClient, strip_a2a_boundary + +# Normalise inbound peer result — safe on pre-OFFSEC-003 responses (returns +# input unchanged when markers absent) and on None/empty strings. +result = strip_a2a_boundary(msg.params.get("result", "")) +``` + +This is particularly important when displaying peer results to users or using them as tool inputs — always strip the boundary markers first. See `molecule-core` [#334](https://git.moleculesai.app/molecule-ai/molecule-core/pull/334) for the platform-side implementation. + --- ## What Phase 30 Covers