diff --git a/content/docs/concepts.mdx b/content/docs/concepts.mdx index 6d0897a..bdf469c 100644 --- a/content/docs/concepts.mdx +++ b/content/docs/concepts.mdx @@ -32,7 +32,7 @@ workspace has: - An optional **parent** (forms the org tree) - An optional **workspace_dir** (a host path bind-mounted into the container — gives the agent direct access to your codebase) -- An optional **budget_limit** (workspace-level spend cap — see [Workspace budgets](#workspace-budgets) below) +- An optional **budget_limit** (workspace-level spend cap via `budget_limit`) Workspaces talk to each other via **A2A** (agent-to-agent) messages, routed by the platform. Communication rules: same workspace, siblings, and diff --git a/content/docs/guides/skill-catalog.md b/content/docs/guides/skill-catalog.md index 6a2f982..dbde61d 100644 --- a/content/docs/guides/skill-catalog.md +++ b/content/docs/guides/skill-catalog.md @@ -10,7 +10,7 @@ versions. > **Note:** Molecule AI does not ship a hosted skill marketplace. All > skills are installed from local packages, GitHub URLs, or community -> bundles. See [Skill Lifecycle](#lifecycle) for how to publish and +> bundles. See [Skill Lifecycle](#skill-lifecycle) for how to publish and > distribute skills within your org. ## Available Skill Types diff --git a/content/docs/hermes.mdx b/content/docs/hermes.mdx index 8db100f..e805f49 100644 --- a/content/docs/hermes.mdx +++ b/content/docs/hermes.mdx @@ -343,7 +343,7 @@ If you are routing a Gemini model through a key that triggers the compat shim (e ## See also - [Concepts — Workspaces](/docs/concepts#workspaces) -- [API Reference — POST /workspaces](/docs/api-reference#post-workspaces) +- [API Reference — POST /workspaces](/docs/api-reference#workspaces) - [Google ADK Runtime](/docs/google-adk) — Gemini-native alternative to Hermes for ADK-first workflows - PR #240: [Phase 2a — native Anthropic dispatch](https://git.moleculesai.app/molecule-ai/molecule-core/pull/240) - PR #255: [Phase 2b — native Gemini dispatch](https://git.moleculesai.app/molecule-ai/molecule-core/pull/255) diff --git a/content/docs/security/owasp-agentic-top-10.mdx b/content/docs/security/owasp-agentic-top-10.mdx index 87c173d..cd713af 100644 --- a/content/docs/security/owasp-agentic-top-10.mdx +++ b/content/docs/security/owasp-agentic-top-10.mdx @@ -35,7 +35,7 @@ shipped — not the roadmap or planned features. --- -## A01 — Prompt Injection ✅ COVERED +## A01: Prompt Injection **Risk:** An attacker embeds malicious instructions in external data (files, web content, user messages) that the agent treats as authoritative commands. @@ -60,7 +60,7 @@ responsibility of the agent's own prompt engineering and the LLM's alignment. --- -## A02 — Sensitive Information Disclosure ✅ COVERED +## A02: Sensitive Information Disclosure **Risk:** An agent exposes confidential data — credentials, PII, internal documents — through tool calls, logs, or responses. @@ -89,7 +89,7 @@ exposed and the LLM's instruction following. --- -## A03 — Unbounded Resource Consumption ✅ COVERED +## A03: Unbounded Resource Consumption **Risk:** An agent makes excessive LLM calls, processes unbounded data, or holds memory in a loop, causing cost overruns or DoS. @@ -116,7 +116,7 @@ for unusual activity patterns. --- -## A04 — Sandboxing Escapes ⚠️ PARTIAL +## A04: Sandboxing Escapes **Risk:** An agent escapes the container sandbox and accesses the host system, neighboring containers, or the internal network. @@ -145,7 +145,7 @@ egress filtering at the Docker host or Kubernetes network policy level. --- -## A05 — Agent-Human Relationship Dysfunction ⚠️ PARTIAL +## A05: Agent-Human Relationship Dysfunction **Risk:** The human operator loses meaningful oversight of agent actions — the agent acts without notification, makes irreversible decisions, or misrepresents @@ -179,7 +179,7 @@ points. Monitor Langfuse for silent agent activity. --- -## A06 — Memory Poisoning ✅ COVERED +## A06: Memory Poisoning **Risk:** An attacker manipulates the agent's memory store to inject malicious instructions or biases that the agent reads back and acts on. @@ -204,7 +204,7 @@ not a platform-level control. --- -## A07 — Cascade Hallucinations ✅ COVERED +## A07: Cascade Hallucinations **Risk:** An agent generates incorrect outputs that are fed downstream as ground-truth, compounding errors across multiple agent calls or tool chains. @@ -230,7 +230,7 @@ possible, and review traces for signs of cascade errors. --- -## A08 — Overreliance ⚠️ PARTIAL +## A08: Overreliance **Risk:** Users or automated systems trust an agent's outputs without adequate verification, leading to harmful decisions based on incorrect agent outputs. @@ -265,7 +265,7 @@ agent outputs. --- -## A09 — Supply Chain Vulnerabilities ❌ NOT COVERED +## A09: Supply Chain Vulnerabilities **Risk:** Vulnerable or malicious dependencies in the agent toolchain — workspace runtime packages, plugins, adapter libraries, or LLM provider SDKs. @@ -293,7 +293,7 @@ supply chain and is not specifically addressed by the platform at this time. --- -## A10 — Improper Agency Grants ❌ NOT COVERED +## A10: Improper Agency Grants **Risk:** An agent is granted more agency (capability to take actions, access resources, make changes) than it needs — creating blast radius if the agent is diff --git a/content/docs/workspace-config.mdx b/content/docs/workspace-config.mdx index 8528a08..3027e0c 100644 --- a/content/docs/workspace-config.mdx +++ b/content/docs/workspace-config.mdx @@ -168,5 +168,5 @@ This header is added automatically by the workspace executor when `task_budget > - [Concepts — Workspaces](/docs/concepts#workspaces) — workspace primitives overview - [Org Template](/docs/org-template) — deploy effort/task_budget settings across an entire team via `org.yaml` - [Observability](/docs/observability) — monitor token usage per workspace to tune your budget settings -- [API Reference — POST /workspaces](/docs/api-reference#post-workspaces) +- [API Reference — POST /workspaces](/docs/api-reference#workspaces) - [Claude Opus 4.7 — Anthropic docs](https://platform.claude.com/docs/) — upstream reference for `output_config` \ No newline at end of file