docs(changelog): backfill 19 missing dates from merged-PR history (core + controlplane) #80
@@ -7,12 +7,396 @@ Release notes for **May 2026**. For the latest releases see the [current changel
|
||||
|
||||
---
|
||||
|
||||
## 2026-05-31
|
||||
|
||||
### ✨ New features
|
||||
- **Resend a pending invitation**: org owners and admins can now re-send an invitation to an invitee whose original email never arrived (e.g. when the address already had a Molecule account). (`molecule-controlplane` [#422](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/422))
|
||||
- **Google ADK (Gemini) runtime support**: the `google-adk` runtime is now registered platform-wide, serving Gemini (`gemini-2.5-pro`) via Vertex AI with keyless authentication, so it appears correctly in the runtime picker and templates. (`molecule-controlplane` [#424](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/424), [#426](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/426))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Codex agents stuck on "NOT CONFIGURED"**: fixed Codex workspaces failing to start because the provider registry no longer matched the deployed adapter. The OpenAI provider is now split into subscription and API arms and synced across the platform. (`molecule-controlplane` [#423](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/423), `molecule-core` [#2025](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2025))
|
||||
- **Codex sign-ins getting burned**: shared ChatGPT OAuth tokens were being invalidated when multiple Codex workspaces refreshed independently. Token refresh is now handled by a single central owner, preventing the repeated logouts. (`molecule-core` [#2023](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2023))
|
||||
- **Wrong runtime shown in Config tab**: the workspace Config runtime dropdown silently dropped `google-adk`, showing the wrong option for those workspaces. The picker is now driven by the canonical runtime registry. (`molecule-core` [#2016](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2016))
|
||||
|
||||
## 2026-05-30
|
||||
|
||||
### ✨ New features
|
||||
- **Invite teammates and manage org roles**: organizations can now list, invite, assign roles to, and remove members from the dashboard, backed by WorkOS invitations. (`molecule-controlplane` [#407](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/407))
|
||||
- **Choose how workspace data is kept**: workspaces now carry a durable-data choice (persist / ephemeral / auto) that flows from the workspace compute settings through to provisioning, with a keep-vs-prune choice applied safely at delete time. (`molecule-core` [#2014](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2014), `molecule-controlplane` [#415](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/415))
|
||||
- **Roomier desktop-control workspaces**: browser-use (desktop-control) workspaces now default to a larger `t3.xlarge` instance, so a headed Chromium plus VNC desktop and agent no longer saturate CPU and go unresponsive. (`molecule-controlplane` [#410](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/410))
|
||||
- **Keyless Vertex AI for google-adk**: the google-adk runtime can now authenticate to Vertex AI via Workload Identity Federation (ADC), no API keys required, matching org policy. (`molecule-controlplane` [#416](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/416), [#421](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/421))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Inviting existing accounts now works**: inviting an address that already has a Molecule account no longer fails with "failed to send invitation email" and silently drops the member; the invitation is kept and a fallback email is sent via Resend when WorkOS can't notify them. (`molecule-controlplane` [#412](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/412), [#413](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/413))
|
||||
- **Funded suspended orgs resume reliably**: any billing-suspended organization with a positive credit balance now resumes, not just those paid through Stripe — credit grants from admin adjustments, plan changes, signup, and comps now clear the suspension. (`molecule-controlplane` [#403](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/403))
|
||||
- **Member IAM hardening**: invite rollbacks use a detached context so a stranded `pending` row no longer blocks retries, and email-sent status is reported honestly. (`molecule-controlplane` [#411](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/411), [#414](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/414))
|
||||
|
||||
### 🧹 Internal
|
||||
- Real-Postgres end-to-end test gating for member IAM (`molecule-controlplane` [#409](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/409)).
|
||||
- Browser-profile directory consolidated to a single source published by the provisioner (`molecule-controlplane` [#417](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/417)).
|
||||
|
||||
## 2026-05-29
|
||||
|
||||
### ✨ New features
|
||||
- **Per-workspace LLM budgets across four time windows**: workspace budgets now enforce independent hourly, daily, weekly, and monthly spending ceilings, giving the Budget tab finer control over runaway LLM spend. (`molecule-core` [#2009](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2009))
|
||||
- **Org member management in the control plane**: org owners can now list members, invite people by email, change roles, and remove members, with invitations delivered via WorkOS. (`molecule-controlplane` [#405](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/405))
|
||||
- **Google ADK runtime support**: the Google ADK runtime is now selectable when creating a workspace and is registered end-to-end across the platform and control plane. (`molecule-core` [#2003](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2003), `molecule-controlplane` [#402](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/402))
|
||||
- **Schedules survive workspace recreation**: when a workspace is recreated, its runtime schedules now migrate onto the new workspace instead of being orphaned, plus new admin endpoints to monitor and clean up any stray schedules. (`molecule-core` [#2007](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2007), [#2008](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2008))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Correct provider credentials injected for bring-your-own-key tenants**: agents no longer fall back to a stray tenant-wide OAuth credential over the provider you configured, and BYOK tenants can again store their own vendor API keys at the global scope. (`molecule-core` [#2000](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2000), [#2002](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2002))
|
||||
- **Workspaces no longer stuck provisioning on multi-disk hosts**: hardened persistent data-volume detection so workspaces on instances with more than one disk boot reliably instead of hanging in "provisioning". (`molecule-controlplane` [#404](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/404), [#399](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/399))
|
||||
- **File uploads route correctly on production tenants**: fixed a routing gap that caused upload-related requests to silently 404 on production. (`molecule-controlplane` [#406](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/406))
|
||||
- **Safe migration onto persistent data volumes**: existing workspaces can now move to the persistent data volume without losing their working directory on first recreate, and the older restore-on-recreate path is correctly skipped once a workspace is enrolled. (`molecule-controlplane` [#398](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/398), [#401](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/401))
|
||||
|
||||
### 🧹 Internal
|
||||
- Wired the Google ADK runtime into the end-to-end test suite and corrected inaccurate runtime tutorials. (`molecule-core` [#2012](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2012), [#2004](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2004))
|
||||
- Isolated the staging deploy smoke test onto a dedicated Anthropic key so platform credit drains can't wedge production deploys. (`molecule-controlplane` [#400](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/400))
|
||||
|
||||
## 2026-05-28
|
||||
|
||||
### ✨ New features
|
||||
- **Workspace data now survives recreates for every runtime**: claude-code, codex, hermes, and openclaw kept their state outside `/workspace`, so it was wiped on each instance recreate or container swap; that state is now persisted on the durable data volume like the other runtimes. (`molecule-controlplane` [#395](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/395))
|
||||
- **Automatic data-volume recovery**: if a workspace's data volume is missing, it is now auto-restored from its most recent snapshot without operator intervention, with retention handling. (`molecule-controlplane` [#390](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/390))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **New workspaces no longer stranded in "provisioning"**: a fresh workspace EC2 could fail to boot when the ECR credential helper was missing at startup; added a static-login fallback plus an apt lock-wait so the image always pulls. This was the root cause of the incident that stranded all five agents-team workspaces. (`molecule-controlplane` [#383](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/383), [#384](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/384))
|
||||
- **Workspace data-volume races fixed**: fast recreates could orphan a workspace's `/workspace` by creating a fresh empty volume over a still-detaching one, and slow boots could miss the volume attach window entirely. Reattach is now robust against a detaching survivor, the mount runs before the image pull, and the boot poll window was widened. (`molecule-controlplane` [#387](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/387), [#396](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/396), [#397](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/397))
|
||||
- **Correct billing/credential mode at provision time**: the platform-vs-BYOK decision now derives from the effective model rather than the raw request payload, so workspaces are provisioned against the right provider. (`molecule-core` [#1995](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1995))
|
||||
- **Unregistered runtime/model combinations are now rejected upfront**: requesting a model that a runtime does not support now returns a clear `422 UNREGISTERED_MODEL_FOR_RUNTIME` at create time instead of silently proceeding. (`molecule-core` [#1981](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1981))
|
||||
- **Fleet deploys no longer silently skip tenants**: the production auto-deploy now discovers tenants from the authoritative EC2 source and verifies every tenant landed on the target build, closing the gap that left agents-team 46 hours behind with no straggler reported. (`molecule-core` [#1998](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1998), `molecule-controlplane` [#394](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/394))
|
||||
- **Billing-resume tunnel self-heal hardened**: fixed two production defects in the post-resume self-heal (idempotent DNS, dash-safe SSM), verified end-to-end against staging. (`molecule-controlplane` [#386](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/386))
|
||||
|
||||
### 🧹 Internal
|
||||
- Distributed the provider-registry SSOT into molecule-core via codegen + verify-CI and reconciled the legacy `vendor:model` vocabulary, all with no behavior change. (`molecule-core` [#1970](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1970), [#1980](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1980), `molecule-controlplane` [#380](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/380))
|
||||
- Repointed the billing/credential decision to derive the provider from the registry. (`molecule-core` [#1972](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1972), `molecule-controlplane` [#378](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/378))
|
||||
|
||||
## 2026-05-27
|
||||
|
||||
### 🔒 Security
|
||||
- **Cross-tenant isolation in peer discovery and A2A routing**: fixed paths that computed an org-root sibling set without an org scope, which could expose peers and route agent-to-agent requests across tenant boundaries; discovery and routing are now scoped to the caller's org. (`molecule-core` [#1954](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1954))
|
||||
- **Canvas chat identity fix without privilege escalation**: restored canvas chat for poll-mode canvas-user-identity workspaces while closing a cross-workspace escalation path in caller-token validation. (`molecule-core` [#1948](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1948))
|
||||
- **BYOK and subscription workspaces no longer run on platform credits**: workspaces whose billing mode is not platform-managed were still being injected with the platform's global Claude Code OAuth token; LLM credential resolution is now gated by the workspace's resolved billing mode. (`molecule-core` [#1934](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1934), [#1963](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1963))
|
||||
|
||||
### ✨ New features
|
||||
- **Larger workspace configurations**: workspace config and prompts are now delivered via Secrets Manager instead of being packed into the EC2 user-data, retiring the ~12 KB cap that blocked larger agent configs. (`molecule-controlplane` [#358](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/358), `molecule-core` [#1937](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1937))
|
||||
- **Persistent workspace data volume**: workspace state can now live on a standalone EBS data volume that survives instance recreate and is re-attached by workspace ID, with its own DR snapshots and a cost guardrail capping volume size. (`molecule-controlplane` [#348](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/348), [#366](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/366), [#367](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/367))
|
||||
- **Provider selection now sets billing mode**: choosing a non-platform provider (e.g. Claude Code subscription via OAuth) in the workspace Config tab now updates the workspace's LLM billing mode instead of silently leaving it platform-managed. (`molecule-core` [#1935](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1935))
|
||||
- **Platform-managed LLM groundwork for more runtimes**: added an OpenAI Responses API surface to the platform proxy and a canonical per-runtime provider matrix, unblocking platform-billed codex and laying the SSOT for offering platform-managed LLM on additional runtimes. (`molecule-controlplane` [#360](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/360), [#364](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/364), [#359](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/359), [#352](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/352))
|
||||
- **Self-service path for suspended orgs**: a billing-suspended tenant subdomain now points to an add-credits page instead of dead-ending on a raw Cloudflare tunnel error. (`molecule-controlplane` [#344](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/344))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Claude Code workspaces 404ing on every LLM call**: removed a stray trailing `/v1` from the platform-managed Anthropic base URL that caused a doubled path and broke all Claude Code workspaces. (`molecule-controlplane` [#351](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/351))
|
||||
- **Anthropic outage for workspace agents**: the platform proxy now forwards the client `anthropic-beta` header on Anthropic passthrough, fixing a break where Claude was unavailable for every workspace agent. (`molecule-controlplane` [#362](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/362))
|
||||
- **Background LLM tier leaking to Anthropic**: platform-managed Claude Code workspaces on a non-Anthropic model no longer leak title-generation, summarization, and quota-probe calls to real Anthropic. (`molecule-controlplane` [#350](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/350))
|
||||
- **Kimi K2.6 reasoning content dropped**: Moonshot's Anthropic-protocol responses are now passed through directly so reasoning content is no longer lost in protocol translation. (`molecule-controlplane` [#334](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/334))
|
||||
- **Workspace recreate failures from snapshot restore**: fixed the AWS `InvalidBlockDeviceMapping` rejection on root-device snapshot restore, and resolved data-volume device-name and disk-topology conflicts that left workspaces stuck provisioning. (`molecule-controlplane` [#331](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/331), [#339](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/339), [#363](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/363), [#365](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/365))
|
||||
- **Tenant unreachable after billing resume**: a deleted Cloudflare tunnel left resumed orgs stuck on a permanent Error 1033; CP now self-heals the tunnel on resume and guards the suspended-org sweep. (`molecule-controlplane` [#346](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/346))
|
||||
- **Stopped orchestrator never restarting**: a workspace-recreate sweep could stop a tenant orchestrator EC2 and leave it down; a watchdog now auto-starts a stopped orchestrator. (`molecule-controlplane` [#369](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/369))
|
||||
- **Expired ECR token failures**: workspace nodes no longer hit 403/`no basic auth credentials` after the static 12-hour ECR token expired; the credential helper is now baked into the AMI and used on every pull. (`molecule-controlplane` [#371](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/371))
|
||||
- **Leaked workspace EC2s and orphaned containers**: the sweeper now reaps workspace instances with no live workspace row, and orphaned snapshot containers are reaped before relaunch to stop a crash-loop. (`molecule-controlplane` [#347](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/347), [#374](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/374))
|
||||
- **Workspace delete left dangling instances**: the delete path now retries the EC2 stop with bounded backoff and emits a durable leak event instead of relying solely on the orphan sweeper. (`molecule-core` [#1932](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1932))
|
||||
- **Hardcoded model and billing defaults removed**: the platform no longer emits a hardcoded default LLM model or a per-org billing mode; workspace templates own model defaults and the workspace is the unit of billing-mode decision. (`molecule-controlplane` [#330](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/330), [#332](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/332))
|
||||
- **EC2 billing accrual correctness**: accrual rows are now reaped on deprovision and stopped instances are skipped, fixing two billing-lifecycle bugs. (`molecule-controlplane` [#355](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/355))
|
||||
- **Memory commit and JSONB hardening**: the writable v2 memory namespace is now upserted before commit, and several paths were hardened against malformed inserts and dropped agent-to-agent requests on marshal failures. (`molecule-core` [#1925](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1925), [#1938](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1938), [#1949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1949), [#1950](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1950))
|
||||
|
||||
### 🧹 Internal
|
||||
- Goroutine-leak cleanup (`time.After` → `time.NewTimer`) in long-running loops, plus runtime-image-pin skew, region-scoping, and tenant image-refresh header fixes. (`molecule-core` [#1939](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1939), [#1940](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1940); `molecule-controlplane` [#338](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/338), [#356](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/356), [#353](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/353))
|
||||
- Provider-registry SSOT foundation and proxy protocol-based routing (additive, no behavior change). (`molecule-controlplane` [#343](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/343), [#376](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/376), [#377](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/377), [#341](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/341))
|
||||
- CI/deploy reliability: bounded Railway-sync retries, ssh-auth-failure classification, a hard platform-models prod-promote gate, race-detector and integration-test fixes, and red-main watchdog hygiene. (`molecule-controlplane` [#354](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/354), [#361](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/361), [#373](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/373), [#345](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/345), [#349](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/349); `molecule-core` [#1920](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1920), [#1945](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1945), [#1943](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1943))
|
||||
|
||||
## 2026-05-26
|
||||
|
||||
### 🔒 Security
|
||||
- **Platform-managed LLM keys can no longer be bypassed**: workspaces on platform-managed LLM mode now reject tenant-supplied provider keys (`KIMI_API_KEY`, `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, etc.) and Hermes custom provider/base-URL overrides, so all traffic stays on the platform proxy instead of escaping to BYOK credentials. (`molecule-core` [#1922](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1922), [#1863](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1863))
|
||||
- **Closed a Canvas auth bypass**: removed a forgeable same-origin (Referer/Origin) shortcut in workspace auth; tenant Canvas now authenticates via a control-plane-verified member session instead. (`molecule-core` [#1924](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1924))
|
||||
- **Hardened HTTP server against slowloris**: added a read-header timeout to the workspace server. (`molecule-core` [#1880](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1880))
|
||||
|
||||
### ✨ New features
|
||||
- **Per-workspace LLM billing mode**: you can now override the LLM billing mode (platform-managed vs. BYOK) on an individual workspace instead of inheriting only the org default. A new LLM Billing section in the Config tab shows the resolved mode and where it came from. (`molecule-core` [#1927](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1927), [#1928](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1928); `molecule-controlplane` [#319](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/319))
|
||||
- **Automatic workspace backup before destructive changes**: deleting or recreating a workspace now snapshots its root EBS volume first, with implicit restore on the next provision within a 24h window. (`molecule-controlplane` [#301](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/301), [#317](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/317))
|
||||
- **Richer billing usage data**: the org usage endpoint now returns typed LLM and EC2 billing summaries (requests, tokens, cost, credits) from the billing ledgers, and EC2 usage rolls up by provisioned instance metadata with refunds factored in. (`molecule-controlplane` [#305](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/305), [#315](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/315))
|
||||
- **Workspaces seed schedules from their template**: a workspace created directly from a workspace template now lands with the same schedule grid as the org/import path. (`molecule-core` [#1929](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1929))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Mobile Canvas chat now updates in real time**: agent replies and your own outbound messages appear live across all sessions without a refresh; fixed a missing WebSocket wake-recovery path and added cross-session message broadcast. (`molecule-core` [#1435](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1435), [#1470](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1470))
|
||||
- **MCP delegations no longer error**: fixed a SQL placeholder mismatch that caused a runtime failure on every MCP delegation. (`molecule-core` [#1365](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1365))
|
||||
- **Moonshot/Kimi reliability**: platform-managed Moonshot/Kimi Anthropic requests are now bridged through the OpenAI-compatible upstream (including streaming and tool-use), and usage is correctly billed even when the client disconnects mid-request. (`molecule-controlplane` [#304](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/304), [#306](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/306))
|
||||
- **EC2 billing accuracy**: actual-cost reconciliation now applies the org service fee, tolerates missing/null resource metadata, preserves instance metadata across observed rows, and continues true-up past capped orgs instead of aborting the batch. (`molecule-controlplane` [#310](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/310), [#311](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/311), [#313](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/313), [#314](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/314))
|
||||
- **Canvas accessibility**: settings panels, modals, and dialogs gained visible focus rings, ARIA tab patterns, live-region error announcements, and accessible input labels for keyboard and screen-reader users. (`molecule-core` [#1406](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1406), [#1464](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1464), [#1467](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1467), [#1468](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1468))
|
||||
- **Canvas model picker reflects real templates**: the create-workspace dialog now derives provider/model options from the selected runtime template instead of a hardcoded fallback catalog, and legacy templates without a runtime field load again. (`molecule-core` [#1926](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1926), [#1810](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1810))
|
||||
- **Restored the legacy memories endpoint**: `GET /memories` works again as a shim over the v2 memory plugin, so older SDK callers stop 404'ing. (`molecule-core` [#1852](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1852))
|
||||
- **Fixed stale Claude channel setup docs**: removed a non-existent `--channels` flag and dead org paths that blocked users setting up the Claude channel. (`molecule-core` [#1471](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1471))
|
||||
- **Stripe secret sync hardened**: deploys now fail loudly if Stripe billing secrets can't be synced, routed through a Stripe-scoped operator command. (`molecule-controlplane` [#307](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/307))
|
||||
|
||||
### 🧹 Internal
|
||||
- Large reliability sweep across the workspace server: surfaced dozens of previously-ignored DB, JSON, and I/O errors (e.g. `RowsAffected`, `json.Unmarshal`/`Marshal`, `io.ReadAll`, `http.NewRequest`) so failures return correct status codes instead of silently masking as 404s or empty payloads. (`molecule-core` [#1899](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1899), [#1906](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1906), [#1914](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1914), [#1918](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1918), [#1919](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1919))
|
||||
- CI/test hardening and lint cleanup: gate-check, watchdog, required-check alignment, runner labels, deploy timeouts, and Stage C snapshot smoke. (`molecule-core` [#1764](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1764), [#1858](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1858), [#1898](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1898); `molecule-controlplane` [#312](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/312), [#321](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/321))
|
||||
- Staging deploy pipeline hardened to upload checked-out source and require the proxy route surface before passing readiness. (`molecule-controlplane` [#322](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/322))
|
||||
|
||||
## 2026-05-25
|
||||
|
||||
### ✨ New features
|
||||
- **Platform-managed LLM**: workspaces can now run on built-in platform-managed LLM access — no BYOK key required. Create Workspace adds auth-mode controls for platform-managed, BYOK API key, and Claude OAuth, with an OpenAI-compatible and native Anthropic-compatible proxy on the control plane (including MiniMax and Kimi-coding routing) so usage bills through the platform. New blank and SEO-agent workspaces default to provider Platform with `moonshot/kimi-k2.6`. (`molecule-core` [#1815](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1815), [#1833](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1833); `molecule-controlplane` [#275](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/275), [#278](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/278), [#299](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/299))
|
||||
- **Runtime + template selection in Create Workspace**: the New Workspace dialog now uses a Runtime dropdown (Claude Code, Codex, Hermes, OpenClaw) and a separate Workspace Template picker, deriving Provider and Model choices from template metadata and only prompting for credentials when a chosen model needs them. The SEO agent ships as the first visible product template. (`molecule-core` [#1842](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1842), [#1846](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1846), [#1848](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1848), [#1850](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1850); `molecule-controlplane` [#293](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/293))
|
||||
- **Live template refresh**: workspace templates now refresh from a repo cache, with an admin endpoint to sync templates immediately without rebuilding the tenant image. (`molecule-core` [#1853](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1853))
|
||||
- **Chat file attachments**: agents can attach files in messages to you, and those attachments now show up in live chat and in saved history, including framed PDF previews contained inside the chat panel. (`molecule-core` [#1824](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1824), [#1829](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1829), [#1839](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1839), [#1841](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1841))
|
||||
- **Auto-credit cap billing**: paid orgs can enable automatic overage credits with a configurable cap, validated against plan, Stripe customer, and overage subscription. (`molecule-controlplane` [#295](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/295))
|
||||
- **Cost-efficient headless workspaces**: headless (no-display) workspaces now default to smaller, cheaper compute, while desktop-enabled workspaces keep the full profile. (`molecule-core` [#1825](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1825))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Safer workspace deletes**: deleting a workspace now requires confirming its name, and returns details about active tasks, children, and schedules before any cascade runs. (`molecule-core` [#1826](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1826))
|
||||
- **Desktop control fixes**: copy/paste, Caps Lock, and Shift-modified keys now work in the Display tab, browser sessions can take control of the desktop, and the desktop browser launches reliably for display-enabled workspaces. (`molecule-core` [#1832](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1832), [#1854](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1854); `molecule-controlplane` [#286](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/286), [#287](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/287), [#289](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/289), [#292](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/292), [#294](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/294), [#298](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/298))
|
||||
- **Attachment previews stay viewable**: legacy attachment URLs are rewritten so previews load with auth instead of broken images, PDF Blob previews are no longer blocked by CSP, and uploads remain previewable/downloadable after an agent has consumed them. (`molecule-core` [#1840](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1840), [#1845](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1845), [#1849](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1849))
|
||||
- **Billing suspension lifecycle**: orgs that exhaust credits now enter a 30-day suspension window that stops tenant and workspace compute, resumes it after a credit top-up, and purges only after the window expires; one-time top-ups no longer mutate plan or grant fields. Org detail responses also now include the same billing credit fields as the org list. (`molecule-controlplane` [#296](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/296), [#288](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/288))
|
||||
- **More reliable tenant provisioning**: a new tenant is only marked running after its public URL passes an edge reachability check, avoiding tenants reported as ready while still unreachable. (`molecule-controlplane` [#276](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/276))
|
||||
|
||||
### 🧹 Internal
|
||||
- Restricted maintained workspace runtimes to Claude Code, Codex, Hermes, and OpenClaw, and hid raw runtime defaults from user-facing template surfaces. (`molecule-core` [#1827](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1827), [#1847](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1847))
|
||||
- Hardened the deploy pipeline's LLM/Stripe secret sync (operator-side reads, base64 SSH key, key-format validation) and fixed deploy smoke/CI status checks. (`molecule-controlplane` [#277](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/277), [#281](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/281), [#285](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/285), [#291](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/291))
|
||||
- Formalized the org-per-EC2 architecture RFC, scoped production auto-deploy into canary/batch calls, and added advisory CI plus billing/test coverage. (`molecule-core` [#1819](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1819), [#1838](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1838), [#1843](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1843); `molecule-controlplane` [#297](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/297))
|
||||
|
||||
## 2026-05-24
|
||||
|
||||
### 🔒 Security
|
||||
- **Take Control desktop streams are now private**: live remote-desktop sessions are served over a trusted VNC client with a short-lived signed session token (passed out-of-band, never in request URLs or logs), and the workspace stream stays localhost-only. (`molecule-core` [#1752](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1752), `molecule-controlplane` [#263](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/263))
|
||||
- **Re-hardened tenant instance endpoints against enumeration**: per-tenant rate limiting was restored on the routes that expose instance details, after a refactor had inadvertently dropped it. (`molecule-controlplane` [#185](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/185))
|
||||
|
||||
### ✨ New features
|
||||
- **Edit container compute settings from Canvas**: you can now change a workspace's runtime image, instance type, root volume size, and display enablement/resolution directly in Canvas, with Save, Save & Restart, and Restart-to-apply flows for changes that need a container restart. (`molecule-core` [#1800](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1800))
|
||||
- **Platform-managed LLM billing**: orgs can run on platform-managed, bring-your-own-key, or disabled LLM modes, with token usage metered against a provider-neutral price catalog (seeded with OpenAI, Anthropic, and Moonshot/Kimi pricing) so agents can use models without supplying their own keys. (`molecule-controlplane` [#272](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/272), [#273](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/273))
|
||||
- **Usage-based overage billing**: paid subscriptions now carry a metered overage price, and credit overage is reported to Stripe per billing tick. (`molecule-controlplane` [#264](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/264), [#267](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/267))
|
||||
- **Compute billed by actual resources**: EC2 usage is now priced from the recorded instance type and volume size per tenant rather than a flat sweep, with actual-cost reconciliation against AWS Cost Explorer. (`molecule-controlplane` [#269](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/269), [#271](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/271))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **User messages render in the right bubble**: messages fanned across sessions were missing a role field and showed up styled as agent replies; they now render correctly as user bubbles. (`molecule-core` [#1517](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1517))
|
||||
- **Memory writes now persist correctly**: canvas-facing memory writes were still landing in the legacy store, and a follow-up fix resolved an HTTP 500 regression on saving memories caused by invalid JSON for empty metadata. (`molecule-core` [#1794](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1794), [#1798](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1798))
|
||||
- **Memory tab refreshes live**: the Canvas Memory inspector now updates immediately when an agent commits a memory via MCP tools, instead of requiring a manual reload. (`molecule-core` [#1795](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1795), [#1749](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1749))
|
||||
- **Accessibility on Canvas controls**: screen readers now correctly announce file-editor save/load status, console loading state, and skip decorative icons, with visible focus rings on key buttons (WCAG 1.1.1/2.4.7/4.1.3). (`molecule-core` [#1452](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1452), [#1455](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1455))
|
||||
- **A2A access for Canvas users**: human Canvas users could hit 403 errors when reaching agents in poll-mode workspaces; their identity is now recognized correctly. (`molecule-core` [#1756](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1756))
|
||||
|
||||
### 🧹 Internal
|
||||
- Narrowed the supported workspace runtime set to Claude Code, Codex, Hermes, and OpenClaw, removing retired AutoGen/LangGraph/deepagents surfaces across templates, defaults, and registry/pin migrations. (`molecule-core` [#1765](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1765), [#1785](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1785), `molecule-controlplane` [#266](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/266), [#270](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/270))
|
||||
- Completed the memory backend migration from the legacy v1 store to the v2 plugin (schema isolation, fallback removal, table drop, and post-migration cleanup). (`molecule-core` [#1742](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1742), [#1747](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1747), [#1809](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1809))
|
||||
- CI/runner-lane hardening, billing/E2E test coverage, and the Go module rename to the Gitea path. (`molecule-core` [#1766](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1766), [#1816](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1816), `molecule-controlplane` [#186](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/186))
|
||||
|
||||
## 2026-05-23
|
||||
|
||||
### 🔒 Security
|
||||
- **Slowloris hardening**: HTTP servers now enforce a header-read timeout, limiting how long a client can stall while sending request headers. (`molecule-core` [#1715](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1715))
|
||||
|
||||
### ✨ New features
|
||||
- **Desktop display for workspaces**: workspaces can now be created with a graphical desktop session. New Workspace exposes Display controls (default t3.xlarge / 80GB / 1920x1080) under Container Config, and the control plane provisions a managed Xvfb/XFCE/noVNC session on the workspace EC2 with stream ingress opened only for display-enabled workspaces. (`molecule-core` [#1732](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1732), `molecule-controlplane` [#258](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/258))
|
||||
- **Canvas Display & Container tabs**: new workspace side-panel tabs surface display availability, a control-lock/takeover affordance, and read-only runtime/container details, with a live viewer iframe once a session is available. (`molecule-core` [#1701](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1701), [#1705](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1705), [#1711](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1711), [#1718](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1718), [#1726](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1726))
|
||||
- **Per-workspace compute sizing**: workspaces now carry a structured compute spec (instance type, root volume, display config) that is persisted on create and restored across restart/resume. (`molecule-core` [#1695](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1695))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Scheduled runs no longer report false success**: scheduler now detects adapter and SDK errors hidden inside HTTP 200 responses (rate limits, quota exhaustion, JSON-RPC error bodies, A2A message envelopes) instead of recording them as "completed", so persistent schedule outages surface to operators. (`molecule-core` [#1698](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1698), [#1699](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1699), [#1716](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1716))
|
||||
- **Cron starvation fixed**: native-session adapters now use the platform A2A queue, so a single long-running agent can no longer block back-to-back cron fires (previously bounced 503 for hours). The A2A first-response budget was also raised to 5 minutes so scheduled turns are not falsely marked failed when durably queued. (`molecule-core` [#1685](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1685), [#1751](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1751))
|
||||
- **Workspaces require an explicit model**: removed the legacy default-model fallback that could pair an incompatible model with a runtime (e.g. a Codex agent wedging forever in "not configured"); a model must now be set at create time. (`molecule-core` [#1667](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1667))
|
||||
- **GitHub auth in workspaces**: a `GH_PAT` secret is now aliased to `GH_TOKEN`/`GITHUB_TOKEN` at provision time so the `gh` CLI and git credential helpers can authenticate to private repos. (`molecule-core` [#1697](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1697))
|
||||
- **Tenant request routing on EC2**: the control plane now HTTP-proxies tenant traffic to the workspace cloudflared tunnel instead of emitting a Fly-only replay header, fixing routing for EC2-hosted tenants. (`molecule-controlplane` [#257](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/257))
|
||||
- **Workspace image provisioning**: fixed runtime-image handling so langgraph pins can be promoted/rolled back, `claude-code-default` resolves to its correct image, operator-promoted pins survive control-plane redeploys, and cross-account ECR pulls authenticate against the right registry. (`molecule-controlplane` [#259](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/259), [#260](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/260), [#261](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/261), [#262](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/262))
|
||||
- **More reliable error reporting**: a broad sweep of channel adapters (Slack, Discord, Lark), trace/memory/provisioner proxies, and DB list handlers now surface read, decode, and mid-iteration errors instead of silently treating them as success or returning truncated results. (`molecule-core` [#1713](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1713), [#1717](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1717), [#1720](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1720), [#1722](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1722))
|
||||
|
||||
### 🧹 Internal
|
||||
- Test hermeticity and timeout hardening: SSRF/admin-token tests isolated from inherited env vars, plus a 30s timeout on the GitHub app-token client. (`molecule-core` [#1703](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1703), [#1728](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1728))
|
||||
- CI: new advisory Mac arm64 fast-check lane to relieve the amd64 queue, plus fixes for canvas/workspace-server image publishing, runner-label matching, and empty-PR review-check noise. (`molecule-core` [#1442](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1442), [#1740](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1740), [#1743](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1743), [#1744](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1744))
|
||||
- Started the swaggo → OpenAPI → generated-client pipeline on the schedules handler. (`molecule-core` [#1707](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1707))
|
||||
|
||||
## 2026-05-22
|
||||
|
||||
### ✨ New features
|
||||
- **Billing invoice history**: You can now list your past invoices, including amount, plan, status, billing period, and a downloadable PDF link. Orgs without billing set up get a clean empty result. (`molecule-controlplane` [#254](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/254))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Tenant status accuracy**: Deprovisioned tenants no longer show up as stuck "provisioning" in the dashboard. (`molecule-controlplane` [#244](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/244))
|
||||
- **Model startup reliability**: Fixed a case where a stale model-provider value could be emitted alongside an already-set model, causing agent adapter setup to fail at startup. (`molecule-controlplane` [#239](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/239))
|
||||
- **Claude Code onboarding snippet**: Corrected the canvas-served Claude Code channel setup instructions, which previously used an invalid launch flag. (`molecule-core` [#1661](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1661))
|
||||
|
||||
### 🧹 Internal
|
||||
- Stabilized the staging end-to-end test suite: routable-workspace readiness gating, A2A cold-start/busy retries, EC2-leak teardown checks, and a stable MiniMax model default (`molecule-core` [#1660](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1660), [#1666](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1666), [#1671](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1671), [#1677](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1677)).
|
||||
- Repaired the control-plane deploy pipeline end to end — CI status parser, Railway CLI install via npm, checkout ordering, and best-effort Stripe-secret sync (`molecule-controlplane` [#240](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/240)–[#245](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/245), [#250](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/250)).
|
||||
- Migrated remaining CI workflows from GitHub to Gitea and routed T4 egress through the Molecule-owned endpoint (`molecule-controlplane` [#252](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/252); `molecule-core` [#1658](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1658)).
|
||||
|
||||
## 2026-05-21
|
||||
|
||||
### ✨ New features
|
||||
- **Richer activity feed**: the workspace activity endpoint now accepts an opt-in `?include=peer_info` flag that surfaces the peer's name, role, and agent-card URL alongside each entry. (`molecule-core` [#1654](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1654))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Agent-to-agent delegation no longer loops**: fixed a self-delegation case that could trap an external workspace agent in a 400-error loop, and made the rejection message agent-readable. (`molecule-core` [#1624](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1624))
|
||||
- **Reliable cross-agent delegation routing**: server-side MCP `delegate_task`/`delegate_task_async` now route through the platform A2A proxy, and external-runtime loopback URLs are preserved instead of being incorrectly rewritten, so delegation between agents reaches the right target. (`molecule-core` [#1643](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1643), [#1632](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1632))
|
||||
- **No more leaked workspace machines on teardown**: deleting a tenant now sweeps workspace EC2 instances that were still launching during teardown, preventing orphaned machines (root cause of a staging vCPU-limit incident). (`molecule-controlplane` [#237](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/237))
|
||||
|
||||
### 🧹 Internal
|
||||
- Hardened the staging peer-visibility E2E and the tenant-image publish pipeline: added a production-safe admin workspace-token mint route, fixed Docker/buildx config isolation, and pointed staging tenants at the correct published ECR image (`molecule-core` [#1633](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1633), [#1641](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1641); `molecule-controlplane` [#235](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/235), [#236](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/236)).
|
||||
- Reduced CI runner load by path-scoping required lanes and keeping heavyweight browser E2E off the normal PR path; improved main-CI watchdog/status-reaper to suppress cancel-cascade false positives (`molecule-core` [#1628](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1628), [#1634](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1634), [#1635](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1635)).
|
||||
- Restored and hardened the AWS Secrets Manager janitor schedule, removed the now-unused core workspace copy, and refreshed external-workspace docs (`molecule-core` [#1651](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1651), [#1620](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1620), [#1640](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1640)).
|
||||
|
||||
## 2026-05-20
|
||||
|
||||
### ✨ New features
|
||||
- **Larger chat-file uploads**: the per-file upload cap is now 100 MB (up from 50 MB), with matching limits for external/laptop-runtime workspaces and a single `GET /uploads/limits` source of truth. (`molecule-core` [#1588](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1588), [#1589](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1589), [#1604](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1604))
|
||||
- **Organization details in Settings**: a new Organization tab shows your current org's name, slug, and UUID with copy buttons, plus the other orgs you belong to — no more digging through devtools. (`molecule-core` [#1621](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1621))
|
||||
- **Live workspace env edits**: a new admin endpoint lets operators update environment variables on a running workspace without reprovisioning it. (`molecule-controlplane` [#230](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/230))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Codex 401 on every turn, fixed**: multi-line secrets such as `CODEX_AUTH_JSON` were being silently dropped during provisioning, breaking codex authentication; they are now delivered correctly. (`molecule-controlplane` [#225](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/225))
|
||||
- **Empty org on tenant subdomains, fixed**: `/cp/auth/me` returned a blank `org_id` for users signed in on a tenant subdomain; it now populates correctly. (`molecule-controlplane` [#234](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/234))
|
||||
- **Clearer upload errors**: an over-size upload no longer reports a misleading "timeout" — it now surfaces the real file-size reason. (`molecule-core` [#1588](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1588))
|
||||
- **Better progress and error feedback for external workspaces**: messages to external/MCP (poll-mode) workspaces now show a queued/in-progress state instead of appearing to hang, failed delegations carry their real error detail, and A2A error hints point at the Activity tab and away from the unnecessary "restart" prompt for in-flight long-running tasks. (`molecule-core` [#1618](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1618), [#1606](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1606), [#1607](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1607), [#1617](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1617))
|
||||
- **"Stop All" now cancels cleanly**: canvas issues a polite task cancel before restarting a workspace, so stopping work no longer relies on a hard restart. (`molecule-core` [#1619](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1619))
|
||||
- **Save no longer triggers restart storms**: rapid file-save bursts in claude-code workspaces could cause a tight re-provision loop; saves are now debounced. (`molecule-core` [#1623](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1623))
|
||||
- **Personal GitHub tokens accepted again**: pasting your own scoped `GITHUB_TOKEN` into the workspace Secrets tab is no longer incorrectly blocked, while operator-leaked tokens stay blocked. (`molecule-core` [#1622](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1622))
|
||||
- **Workspace admin listing restored**: `GET /cp/admin/orgs/:slug/workspaces` no longer returns a 503; the workspace lister is now wired up. (`molecule-controlplane` [#233](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/233))
|
||||
- **Safer fleet redeploys**: `redeploy-fleet` now requires explicit confirmation or a slug list instead of silently rolling every live tenant on an empty request. (`molecule-controlplane` [#228](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/228), `molecule-core` [#1595](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1595))
|
||||
- **Correct template sources**: workspace/org template registry URLs were repointed from the suspended GitHub org to the canonical Gitea host with the right repo names. (`molecule-controlplane` [#229](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/229))
|
||||
|
||||
### 🧹 Internal
|
||||
- Runtime-package publishing now pushes to the Gitea PyPI registry first with PyPI as best-effort fallback, plus autobump and CI-trigger fixes to remove a publishing single-point-of-failure. (`molecule-core` [#1585](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1585), [#1580](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1580))
|
||||
- CI/SSOT cleanup: ECR registry sourced from a shared variable, dead GitHub workflows and a duplicate runtime-image migration removed, and SOP-checklist workflow consolidation plus OOM/pagination hardening. (`molecule-core` [#1611](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1611), [#1615](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1615), [#1612](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1612), [#1610](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1610), [#1333](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1333), `molecule-controlplane` [#227](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/227), [#231](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/231), [#232](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/232))
|
||||
|
||||
## 2026-05-19
|
||||
|
||||
### 🔒 Security
|
||||
- **Tenant workspaces can no longer receive operator-scope credentials**: workspaces now refuse to start if any fleet-scope secret (e.g. Gitea/admin/Railway tokens) is present in their environment, and `GITHUB_TOKEN` was removed from the tenant secret seed list — closing an escalation path from a single compromised workspace to the whole platform. (`molecule-core` [#1555](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1555), `molecule-controlplane` [#204](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/204))
|
||||
|
||||
### ✨ New features
|
||||
- **Usage overage billing**: overage beyond your plan is now metered and pushed to Stripe with a configurable per-tenant service fee. (`molecule-controlplane` [#190](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/190))
|
||||
- **Crawlable marketing homepage**: the Canvas landing page now ships full SEO metadata, Open Graph/Twitter cards, sitemap, robots, and structured data. (`molecule-core` [#1537](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1537))
|
||||
- **Clearer chat error messages**: when an agent errors, the chat banner now shows the actual provider status, error code, and human-readable reason (with secrets redacted) and links to the Activity tab, instead of an opaque "see workspace logs" message. (`molecule-core` [#1549](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1549), [#1550](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1550))
|
||||
- **Safer admin org creation**: `POST /cp/admin/orgs` now supports `?dry_run` and rejects unknown JSON fields instead of silently dropping them. (`molecule-controlplane` [#191](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/191))
|
||||
- **Fail-fast on unpinned runtimes**: provisioning now returns a clear `422 RUNTIME_PIN_MISSING` instead of silently falling back when no runtime image is pinned for the requested runtime/region — no EC2 is launched on the failure path. (`molecule-controlplane` [#194](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/194), [#195](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/195))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Peer visibility / MCP connectivity restored**: fixed the stdio read loop that broke `list_peers` and live MCP clients by blocking until a full buffer filled instead of reading line-by-line — root cause of the 2026-05-15 openclaw peer-visibility outage. (`molecule-core` [#1307](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1307))
|
||||
- **Per-workspace MCP server naming**: connecting multiple workspaces no longer overwrites each other's MCP config — the per-workspace slug fix now covers the Codex, openclaw, Hermes, and Kimi runtime tabs, not just the universal snippet. (`molecule-core` [#1536](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1536))
|
||||
- **Self-delegation no longer deadlocks**: a workspace delegating a task to its own ID no longer echoes back and hangs on its own run lock. (`molecule-core` [#1539](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1539))
|
||||
- **Model vs provider config wedge fixed**: workspaces no longer boot into a broken/`NOT_CONFIGURED` state when a model id (e.g. `gpt-5.5`, `opus`) was mistakenly written into the provider field; the picked model id and provider name are now stored separately, and invalid providers are rejected at the config setter. (`molecule-controlplane` [#213](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/213), [#220](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/220), `molecule-core` [#1581](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1581))
|
||||
- **PDF/file chat uploads fixed**: chat file uploads (e.g. PDFs) that returned an opaque "failed to parse multipart form" now work — the missing `python-multipart` dependency is pinned in the runtime, and upload errors now report the actual cause. (`molecule-core` [#1578](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1578), [#1575](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1575), [#1583](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1583))
|
||||
- **Workspace restart thrashing stopped**: a single secrets update no longer fans out into repeated stop/provision cycles that killed just-launched instances. (`molecule-core` [#1556](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1556))
|
||||
- **No more orphaned instances on recreate**: recreating a workspace now terminates the prior EC2 instance even when the tenant-side stop failed, and fleet redeploys correctly find tenants whose org status had drifted. (`molecule-controlplane` [#218](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/218), [#197](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/197))
|
||||
- **Durable git auth for dev workspaces**: dev workspaces now receive git HTTP credentials from their persona token, closing a recurring git-auth gap. (`molecule-core` [#1542](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1542))
|
||||
- **Deploy pipeline now actually fires**: fixed a workflow-parser issue that had silently prevented the control-plane deploy pipeline from ever running on main. (`molecule-controlplane` [#221](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/221), [#223](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/223))
|
||||
- **Agent identity cards**: production-team agents no longer display a raw UUID and blank role; their name, role, and description are now seeded correctly. (`molecule-core` [#1563](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1563))
|
||||
|
||||
### 🧹 Internal
|
||||
- Removed the legacy native-systemd workspace boot fallback now that all workspaces run containerized, plus related dead-code and secret-seed cleanup. (`molecule-controlplane` [#211](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/211), [#219](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/219))
|
||||
- Observability and cost work: structured JSON logging baseline, a structured audit-log emitter, longer sweep-loop intervals to cut idle DB compute, a lookup cache for redeploy bursts, and staging-only auto-reap tags. (`molecule-controlplane` [#201](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/201), [#209](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/209), [#212](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/212), `molecule-core` [#1572](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1572))
|
||||
- CI hardening, build hygiene, governance, docs, and added E2E coverage — including pinning docker-bound jobs to Linux runners, removing dead workflows, sibling-merge build-break repairs, and stale install/doc fixes. (`molecule-controlplane` [#208](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/208), [#215](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/215), [#216](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/216), `molecule-core` [#1558](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1558), [#1554](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1554), [#1566](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1566))
|
||||
|
||||
## 2026-05-18
|
||||
|
||||
_No customer-visible changes on 2026-05-18. All PRs merged were internal CI fixes, test fixture cleanups, or RFCs._
|
||||
|
||||
---
|
||||
|
||||
## 2026-05-17
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Agent-to-agent delegation restored**: a regression had left fleet-wide A2A delegation failing because the delegation context was tied to the inbound HTTP request and got cancelled early; delegation now runs on a detached context. (`molecule-core` [#1446](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1446))
|
||||
- **Workspace Tokens tab no longer errors with no node selected**: opening Settings → Workspace Tokens (or creating a token there) without a canvas node selected returned a 500; it now works. (`molecule-core` [#1415](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1415))
|
||||
- **Honest Secrets UI**: the non-functional "reveal" eye on write-only secrets was replaced with a clear write-only indicator, and the Secrets "Test" action now reports the real failure reason instead of always showing a fake "Connection timed out." (`molecule-core` [#1421](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1421), [#1424](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1424))
|
||||
- **Clearer error when saving config.yaml during provisioning**: editing a workspace's `config.yaml` while the workspace was still coming up returned an opaque `signal: killed` 500; it now returns an actionable message. (`molecule-core` [#1426](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1426))
|
||||
- **Agent identity reconciliation**: agent card identity is now reconciled from the trusted workspaces record. (`molecule-core` [#1427](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1427))
|
||||
|
||||
### 🧹 Internal
|
||||
- Merge-queue hardening: stop infinite-retrying PRs that return 403/404/405 merge errors, and correct status deduplication for the combined sort order. (`molecule-core` [#1417](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1417), [#1428](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1428))
|
||||
- CI/test cleanup: surface PyPI 403 response bodies in the publish step, and replace placeholder token fixtures tripping the secret scanner. (`molecule-core` [#1390](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1390), [#1430](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1430), [#1431](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1431))
|
||||
|
||||
## 2026-05-16
|
||||
|
||||
### 🔒 Security
|
||||
- **Workspace peer visibility restored**: agents could fail to see their teammates (a fleet-wide `list_peers` 401) because per-workspace auth tokens were written root-owned and unreadable by the agent process. Token files are now injected agent-owned. (`molecule-core` [#1327](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1327))
|
||||
- **SCM write tokens kept out of tenant workspaces**: added a CI-enforced guardrail so workspace containers can never be handed a Git SCM write token. (`molecule-core` [#1277](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1277))
|
||||
|
||||
### ✨ New features
|
||||
- **T4 full-access tier**: T4 workspaces now grant full root-level control of their dedicated single-tenant EC2 host, with privileged container access and host/Docker socket mounts. (`molecule-controlplane` [#175](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/175))
|
||||
- **Workspace sizing decoupled from access tier**: how large your workspace box is is no longer tied to your access tier — the two are now configured independently. (`molecule-controlplane` [#173](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/173))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **No more lost canvas messages on chat exit**: poll-mode tenants could lose a message they had just sent if they left the chat; user messages are now persisted before the request returns. (`molecule-core` [#1350](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1350))
|
||||
- **Workspace auth now persists and self-heals**: `/configs` is mounted read-write so each workspace's bearer token and platform-inbound secret survive and can be re-written as needed. (`molecule-controlplane` [#169](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/169))
|
||||
- **Fleet provisioning outage fixed**: a regression that broke new workspace provisioning was resolved by compressing the generated cloud-init user-data. (`molecule-controlplane` [#171](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/171))
|
||||
- **Top-up payments now grant credits reliably**: a missing Stripe `checkout.session.completed` registration could drop credit grants on top-ups; this is now wired correctly (plus a subscription period-end fix). (`molecule-controlplane` [#172](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/172))
|
||||
- **Cleaner agent inboxes**: self-delegation echo rows are now filtered out of the inbox poller. (`molecule-core` [#1348](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1348))
|
||||
|
||||
### 🧹 Internal
|
||||
- Runtime catalog narrowed to the maintained set (dropped `crewai`/`deepagents`/`gemini-cli`, retired the gemini org template). (`molecule-core` [#1385](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1385), `molecule-controlplane` [#179](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/179))
|
||||
- New automated E2E gates for peer visibility plus a data-race fix and test/CI hardening. (`molecule-core` [#1298](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1298), [#1267](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1267), [#1242](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1242))
|
||||
- Dedicated publish/deploy CI lane so urgent prod builds no longer queue behind PR CI; CP test fix unblocking CI. (`molecule-core` [#1376](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1376), `molecule-controlplane` [#180](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/180))
|
||||
|
||||
## 2026-05-15
|
||||
|
||||
### ✨ New features
|
||||
- **Workspace broadcast and talk-to-user controls**: workspaces can now fan out an org-wide notification to all peers via the `broadcast_message` tool (admin-gated, off by default), and admins can disable a workspace's ability to message the user directly. (`molecule-core` [#1121](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1121), [#1224](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1224))
|
||||
- **New workspace identity tools**: workspaces gain `get_runtime_identity` (reports the running model, provider, tier, and runtime) and `update_agent_card` (updates the agent's published card). (`molecule-core` [#1240](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1240))
|
||||
- **Pay-as-you-go credit top-ups**: buy credits via Stripe Checkout, with credits granted automatically on successful payment. (`molecule-controlplane` [#161](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/161))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Newly created workspaces could not load files or save config**: per-workspace security groups now allow the management tunnel through, fixing the "No files / No config file found" state and restoring the Files API, Save & Restart, and plugin installs on freshly spawned workspaces. (`molecule-controlplane` [#167](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/167))
|
||||
- **Canvas "Save & Restart" timed out for OpenClaw workspaces**: skipped a needless config write that OpenClaw never reads and raised the request timeout, so saves now complete. (`molecule-core` [#1237](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1237), [#1241](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1241))
|
||||
- **OpenClaw workspaces could drop offline after setup**: the OpenClaw install snippet now pins a runtime version that ships the heartbeat wrapper, keeping the workspace shown as alive on canvas. (`molecule-core` [#1143](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1143))
|
||||
|
||||
### 🧹 Internal
|
||||
- Provisioner config-wiring and command-injection hardening, plus a base provider-routing resolver and adapter refactor. (`molecule-core` [#1078](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1078), [#1138](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1138))
|
||||
- CI reliability: replaced the polling-based required-checks sentinel with a dependency graph and throttled duplicate SOP/refire jobs. (`molecule-core` [#1096](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1096), [#1134](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1134))
|
||||
- Expanded automated test coverage for the chat stack and the billing/credits system. (`molecule-core` [#1142](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1142), `molecule-controlplane` [#161](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/161))
|
||||
|
||||
## 2026-05-14
|
||||
|
||||
### 🔒 Security
|
||||
- **Org template env-var leak closed**: org YAML config values can no longer leak host environment variables (e.g. `$HOME`) through variable expansion — references are now treated literally unless the entire value is a single recognized variable (CWE-78). (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030), [#1072](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1072))
|
||||
- **Agent-to-agent message hardening**: A2A delegation output now escapes boundary markers and truncates closers before sanitization, preventing crafted peer messages from spoofing trusted boundaries (OFFSEC-003). (`molecule-core` [#1059](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1059), [#1073](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1073))
|
||||
- **Per-tenant rate limiting restored**: four tenant-side routes that authenticate with an admin token regained per-tenant rate limiting. (`molecule-controlplane` [#157](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/157))
|
||||
- **Symlink-escape and SSRF guards**: config-file collection now skips symlinks (OFFSEC-010), and the tenant-image promote script validates tenant slugs to block SSRF and token exfiltration (OFFSEC-006). (`molecule-core` [#1075](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1075), [#930](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/930))
|
||||
|
||||
### ✨ New features
|
||||
- **Mobile sign-in**: OAuth now supports deep-link callbacks (`molecule://` and Expo `exp://`), so the mobile app can complete login and capture the session. (`molecule-controlplane` [#149](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/149), [#151](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/151))
|
||||
- **Mobile push tokens auto-provisioned**: the platform Expo push token is now propagated to every tenant automatically via the Secrets Manager bootstrap bundle. (`molecule-controlplane` [#159](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/159))
|
||||
- **HTTP/SSE transport for A2A**: the A2A MCP server can now run over HTTP/SSE in addition to stdio, enabling agent-to-agent connectivity in non-PTY deployments (SSH, container exec, CI runners). (`molecule-core` [#909](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/909))
|
||||
- **Tenant-supplied workspace config**: workspace provisioning now accepts and writes tenant-supplied `config_files` into `/configs` before runtime start. (`molecule-controlplane` [#155](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/155))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Deploy button stuck disabled**: runtimes with no required environment variables (e.g. Openclaw) could not be deployed because the Deploy button stayed permanently disabled. (`molecule-core` [#1038](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1038))
|
||||
- **Mobile chat history**: the mobile chat panel now loads prior conversation history on open instead of showing only the live buffer. (`molecule-core` [#1062](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1062), [#1069](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1069))
|
||||
- **Delegation status lookups**: pending delegations are now found correctly — the delegation ID is written where the status check reads it. (`molecule-core` [#998](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/998))
|
||||
- **Production deploy reliability**: tenant redeploys now refresh ECR auth before pulling images, skip non-running and stale tenants so a single dead tenant can't block the whole rollout, and target the correct production subnet for workspace provisioning. (`molecule-controlplane` [#150](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/150), [#152](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/152), [#155](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/155), [#154](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/154))
|
||||
- **Accessibility (WCAG AA)**: multiple rounds of contrast fixes and keyboard focus rings across canvas — buttons, badges, error/status text, tier legend, and icon buttons in Schedule/Budget/Channels tabs. (`molecule-core` [#902](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/902), [#928](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/928), [#931](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/931), [#936](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/936), [#949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/949), [#988](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/988), [#990](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/990))
|
||||
- **Silent DB iteration errors**: added missing `rows.Err()` checks so mid-stream query errors during secrets/credits/admin scans surface instead of returning partial results as success. (`molecule-core` [#1021](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1021), `molecule-controlplane` [#156](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/156), [#158](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/158))
|
||||
|
||||
### 🧹 Internal
|
||||
- Large CI/CD recovery effort to unblock a red main: workflow-lint and required-job-fanout fixes, `GITHUB_EVENT_BEFORE` handling for push events, merge-queue gating on real push status, and per-step build timeouts (`molecule-core` [#904](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/904), [#919](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/919), [#995](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/995), [#997](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/997)).
|
||||
- Review-gate plumbing: corrected qa/security review-gate tokens, added a `/sop-n/a` declaration command, and collapsed duplicate review-refire triggers (`molecule-core` [#910](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/910), [#915](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/915), [#925](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/925)).
|
||||
- Extensive added unit/handler test coverage and main↔staging promotion sync commits (`molecule-core` [#956](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/956), [#980](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/980), [#1005](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1005)).
|
||||
|
||||
## 2026-05-13
|
||||
|
||||
### 🔒 Security
|
||||
- **Org import path-traversal closed**: restored the `resolveInsideRoot` guard so a malicious org YAML (e.g. `filesDir: "../../../etc"`) can no longer read arbitrary server files through the workspace `.env` loader (CWE-22). (`molecule-core` [#810](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/810))
|
||||
- **A2A peer responses re-sanitized**: re-applied `sanitize_a2a_result` so peer-controlled agent-to-agent text passes through the prompt-injection trust boundary before entering agent context (OFFSEC-003). (`molecule-core` [#800](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/800))
|
||||
- **Memory write corruption fixed**: corrected a query-parameter indexing bug in memory `PatchNamespace` that mismatched fields when expiry and metadata were updated together (OFFSEC-004). (`molecule-core` [#832](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/832))
|
||||
|
||||
### ✨ New features
|
||||
- **Search on mobile canvas**: SearchDialog is now mounted in the mobile shell, so Cmd+K search works on small viewports as well as desktop. (`molecule-core` [#837](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/837))
|
||||
- **Kimi as a bring-your-own-compute runtime**: `kimi` and `kimi-cli` are now accepted as first-class external runtimes. (`molecule-core` [#771](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/771))
|
||||
- **Broader MCP transport support**: the MCP server now uses a universal stdio transport with runtime-adaptive notifications, fixing connections over PTYs, files, and sockets that the previous pipe transport rejected. (`molecule-core` [#778](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/778))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Mobile chat no longer freezes**: removed an unstable store selector that triggered an infinite re-render loop in mobile chat. (`molecule-core` [#717](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/717))
|
||||
- **Cleaner chat for empty tasks**: blank agent tasks now render as empty text instead of an error chip. (`molecule-core` [#807](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/807))
|
||||
- **Workspace API auth fixed**: workspaces are now provisioned with the real admin token instead of a placeholder, resolving 401s on platform/admin API calls; existing stale placeholders are healed on startup. (`molecule-core` [#885](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/885), [#893](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/893), [#898](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/898))
|
||||
- **Local image builds unblocked**: added the Docker CLI (and buildx) to the workspace-server image so the colocated local-build path works without an external registry. (`molecule-core` [#765](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/765), [#796](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/796))
|
||||
- **Actionable terminal diagnostics**: the SSH-key diagnose probe now surfaces the underlying AWS error verbatim (e.g. `AccessDeniedException: ec2-instance-connect:OpenTunnel`) instead of an opaque exit code. (`molecule-core` [#755](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/755), [#809](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/809), [#834](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/834))
|
||||
- **Canvas accessibility**: WCAG AA contrast fixes for amber buttons and badges, TermsGate dialog/backdrop restructure with proper screen-reader and disabled-state handling, and case-insensitive file-icon lookup. (`molecule-core` [#859](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/859), [#854](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/854), [#697](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/697))
|
||||
- **Workspace container healthcheck**: added a Dockerfile HEALTHCHECK probing the agent-card endpoint for faster detection of unhealthy workspaces. (`molecule-core` [#883](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/883))
|
||||
|
||||
### 🧹 Internal
|
||||
- Large expansion of automated test coverage across handlers, canvas, websocket hub, and memory store (representative: `molecule-core` [#783](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/783), [#860](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/860), [#823](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/823)).
|
||||
- CI/CD hardening: serialized merge queue, workflow-status emitter linting, branch-protection drift gates, and automatic production tenant deploy after green main (representative: `molecule-core` [#819](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/819), [#877](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/877), [#824](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/824)).
|
||||
- Control-plane vanity-import migration to `go.moleculesai.app` and a build unblocker (`molecule-controlplane` [#32](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/32), [#144](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/144)).
|
||||
|
||||
## 2026-05-12
|
||||
|
||||
### 🔒 Security
|
||||
@@ -31,7 +415,6 @@ _No customer-visible changes on 2026-05-18. All PRs merged were internal CI fixe
|
||||
|
||||
---
|
||||
|
||||
|
||||
## 2026-05-11
|
||||
|
||||
### ✨ New features
|
||||
@@ -66,7 +449,6 @@ _No customer-visible changes on 2026-05-18. All PRs merged were internal CI fixe
|
||||
|
||||
---
|
||||
|
||||
|
||||
## 2026-05-10
|
||||
|
||||
### ✨ New features
|
||||
@@ -174,7 +556,6 @@ _No customer-visible changes on 2026-05-18. All PRs merged were internal CI fixe
|
||||
|
||||
---
|
||||
|
||||
|
||||
## 2026-05-08
|
||||
|
||||
### 🔧 Fixes
|
||||
@@ -185,7 +566,6 @@ _No customer-visible changes on 2026-05-18. All PRs merged were internal CI fixe
|
||||
|
||||
---
|
||||
|
||||
|
||||
## 2026-05-07
|
||||
|
||||
### 📚 Docs
|
||||
@@ -204,7 +584,6 @@ _No customer-visible changes on 2026-05-18. All PRs merged were internal CI fixe
|
||||
|
||||
---
|
||||
|
||||
|
||||
## 2026-05-06
|
||||
|
||||
### 🧹 Internal
|
||||
|
||||
@@ -7,6 +7,21 @@ All notable changes to the Molecule AI platform are documented here. The current
|
||||
|
||||
---
|
||||
|
||||
## 2026-06-02
|
||||
|
||||
### 🔒 Security
|
||||
- **Closed a cross-tenant messaging leak**: two unrelated organization-root workspaces could communicate with each other through a bypass path; agents can now only reach peers within their own org. (`molecule-core` [#1961](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1961))
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- **Workspace creation now returns its access token**: the `POST /workspaces` response includes the workspace's first bearer token (`auth_token`) so newly created managed-runtime workspaces can authenticate immediately. (`molecule-core` [#1669](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1669))
|
||||
|
||||
### 🧹 Internal
|
||||
- Stabilized the serving end-to-end gate against real provider keys — fixed the Anthropic OAuth and OpenAI test arms and pointed the gate at a dedicated, conflict-free Infisical key folder. (`molecule-controlplane` [#439](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/439), [#442](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/442))
|
||||
- Hardened control-plane internals with mechanical safety fixes — context-leak prevention, error checking on response reads/JSON decode, and test env isolation. (`molecule-controlplane` [#436](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/436), [#437](https://git.moleculesai.app/molecule-ai/molecule-controlplane/pulls/437))
|
||||
- CI, test-coverage, and docs upkeep: branch-aware force-merge audit, suppression-rationale and tracker renewals, added handler unit coverage, and stale repo-name reference cleanup. (`molecule-core` [#1958](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1958), [#2114](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/2114), [#1951](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1951))
|
||||
|
||||
---
|
||||
|
||||
## 2026-06-01
|
||||
|
||||
### 🔒 Security
|
||||
|
||||
Reference in New Issue
Block a user