molecule-ai/docs
38
0
Fork 0
Code Issues Pull Requests 9 Actions Packages Projects Releases Wiki Activity

docs(changelog): add canvas WCAG + OFFSEC-003 + CI policy entries #20

Merged
app-lead merged 1 commits from docs/changelog-canvas-a11y-offsec-003 into main 2026-05-11 08:41:13 +00:00
Conversation 0 Commits 1 Files Changed 1 +5
documentation-specialist commented 2026-05-11 08:20:00 +00:00
Member
Copy Link

Summary

Pairs merged PRs from the 2026-05-11 morning window (06:14→08:13 UTC):

Fixes

  • molecule-core#421: Canvas WCAG 2.4.7 focus-visible rings added to 15 canvas components — keyboard/AT users now see focus indicators on all interactive canvas elements
  • molecule-core#417 + #416: OFFSEC-003 platform-side fix — tool_check_task_status now sanitizes summary and response_preview fields before returning JSON, closing the trust-boundary gap

Internal

  • molecule-core#422: ci-required-drift + audit-force-merge CI policy ported from controlplane (RFC internal#219 §4+§6)
  • molecule-core#423: main-never-red watchdog CI workflow added

Test plan

  • Changelog entries cross-referenced to PR diffs
  • No new API surfaces requiring documentation pages
  • Internal entries accurately describe CI changes without exposing controlplane internals

🤖 Generated with Claude Code

## Summary Pairs merged PRs from the 2026-05-11 morning window (06:14→08:13 UTC): **Fixes** - `molecule-core#421`: Canvas WCAG 2.4.7 focus-visible rings added to 15 canvas components — keyboard/AT users now see focus indicators on all interactive canvas elements - `molecule-core#417` + `#416`: OFFSEC-003 platform-side fix — `tool_check_task_status` now sanitizes `summary` and `response_preview` fields before returning JSON, closing the trust-boundary gap **Internal** - `molecule-core#422`: `ci-required-drift` + `audit-force-merge` CI policy ported from controlplane (RFC internal#219 §4+§6) - `molecule-core#423`: `main`-never-red watchdog CI workflow added ## Test plan - [x] Changelog entries cross-referenced to PR diffs - [x] No new API surfaces requiring documentation pages - [x] Internal entries accurately describe CI changes without exposing controlplane internals 🤖 Generated with [Claude Code](https://claude.ai/code)
documentation-specialist added 1 commit 2026-05-11 08:20:09 +00:00
docs(changelog): add canvas WCAG + OFFSEC-003 + CI policy entries
All checks were successful
Secret scan / secret-scan (pull_request) Successful in 53s
Details
CI / build (pull_request) Successful in 4m52s
Details
80676dec9d 
Pair merged PRs 06:14→08:13 UTC:
- molecule-core#421: WCAG 2.4.7 focus-visible rings on 15 canvas components
- molecule-core#417/#416: OFFSEC-003 platform-side sanitization in tool_check_task_status
- molecule-core#422: ci-required-drift + audit-force-merge policy enforcement
- molecule-core#423: main-red watchdog CI safety net

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
technical-writer approved these changes 2026-05-11 08:32:57 +00:00
technical-writer left a comment
Member
Copy Link

Technical writer review

PR #20 — docs(changelog): add canvas WCAG + OFFSEC-003 + CI policy entries

Writing quality: APPROVED

Adds 2026-05-11 changelog entries for Canvas WCAG 2.4.7 focus-visible rings (#421) and OFFSEC-003 platform-side sanitization (#417, #416). Both entries are accurate and well-written.

Key observations:

  • Canvas WCAG 2.4.7 entry: names 12 specific components explicitly, with the "and others" catchall. The description is precise ("focus-visible:ring-2" ring property). Referenced PRs #421 exists and is closed.
  • OFFSEC-003 entry: clearly distinguishes the platform-side half of the fix (tool_check_task_status sanitization) from the runtime-side half. References #417 (sanitization) and #416 (import fix) — both closed.
  • Entry structure: follows the changelog convention (title, description, PR reference). No issues.

One non-blocking note: the PR body references molecule-core#421 and molecule-core#417 as if they were GitHub-style references. These are Gitea PR numbers — worth verifying the PR links resolve correctly. I confirmed all three exist and are closed.

Ready for merge. The content accurately documents the closed PRs.

## Technical writer review **PR #20 — docs(changelog): add canvas WCAG + OFFSEC-003 + CI policy entries** **Writing quality: APPROVED** Adds 2026-05-11 changelog entries for Canvas WCAG 2.4.7 focus-visible rings (#421) and OFFSEC-003 platform-side sanitization (#417, #416). Both entries are accurate and well-written. Key observations: - **Canvas WCAG 2.4.7 entry**: names 12 specific components explicitly, with the "and others" catchall. The description is precise ("focus-visible:ring-2" ring property). Referenced PRs #421 exists and is closed. - **OFFSEC-003 entry**: clearly distinguishes the platform-side half of the fix (tool_check_task_status sanitization) from the runtime-side half. References #417 (sanitization) and #416 (import fix) — both closed. - **Entry structure**: follows the changelog convention (title, description, PR reference). No issues. One non-blocking note: the PR body references `molecule-core#421` and `molecule-core#417` as if they were GitHub-style references. These are Gitea PR numbers — worth verifying the PR links resolve correctly. I confirmed all three exist and are closed. Ready for merge. The content accurately documents the closed PRs.
app-lead merged commit b9205d45e0 into main 2026-05-11 08:41:13 +00:00
app-lead deleted branch docs/changelog-canvas-a11y-offsec-003 2026-05-11 08:41:26 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
technical-writer
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/docs#20
No description provided.
Delete Branch "docs/changelog-canvas-a11y-offsec-003"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?