docs/content at f1978aa634eb04710d81528b11c743ff7ce8f82c - docs

History

molecule-ai[bot] f1978aa634 docs(security): add CWE-78 scope regression + F1085 redactSecrets changelog entries (#77 ) * docs(security): add CWE-78 scope regression and F1085 redactSecrets entries 2026-04-21 — CWE-78: Scope Refinement in deleteViaEphemeral - PRs #1310 (original), #1328 (scope refinement) - Commit 64ccf8e removes user-supplied scope argument from rm command - Prevents path traversal within validated path 2026-04-21 — F1085: Credential Scrub Before Workspace Memory Seeding - PRs #1203, #1206 - seedInitialMemories() now calls redactSecrets() before INSERT - Templates with API keys no longer stored in plain text in agent_memories Co-Authored-By: Technical Writer Agent <technical-writer@agents.moleculesai.app> * docs(security): fix CWE-78 entry — correct commit SHA and vulnerability description - Commit: 64ccf8e → f3ec07a - Vulnerability: corrected from "scope manipulation" framing to accurate "exec-form rm regression causing volume-wide deletion" description. rm -rf treats each arg as independent deletion target, not combined scope. Bug is a regression from the PR #1310 exec-form refactor. Co-Authored-By: Technical Writer Agent <technical-writer@agents.moleculesai.app> --------- Co-authored-by: Molecule AI Technical Writer <technical-writer@agents.moleculesai.app> Co-authored-by: Molecule AI App-FE <app-fe@agents.moleculesai.app>	2026-04-22 11:08:56 +00:00
..
blog	docs: backfill skill-catalog, workspace-files API ref, and skills-vs-bundled-tools blog	2026-04-21 15:20:11 +00:00
docs	docs(security): add CWE-78 scope regression + F1085 redactSecrets changelog entries (#77 )	2026-04-22 11:08:56 +00:00

molecule-ai[bot] f1978aa634

docs(security): add CWE-78 scope regression + F1085 redactSecrets changelog entries (#77 )

* docs(security): add CWE-78 scope regression and F1085 redactSecrets entries

2026-04-21 — CWE-78: Scope Refinement in deleteViaEphemeral
- PRs #1310 (original), #1328 (scope refinement)
- Commit 64ccf8e removes user-supplied scope argument from rm command
- Prevents path traversal within validated path

2026-04-21 — F1085: Credential Scrub Before Workspace Memory Seeding
- PRs #1203, #1206
- seedInitialMemories() now calls redactSecrets() before INSERT
- Templates with API keys no longer stored in plain text in agent_memories

Co-Authored-By: Technical Writer Agent <technical-writer@agents.moleculesai.app>

* docs(security): fix CWE-78 entry — correct commit SHA and vulnerability description

- Commit: 64ccf8e → f3ec07a
- Vulnerability: corrected from "scope manipulation" framing to accurate
  "exec-form rm regression causing volume-wide deletion" description.
  rm -rf treats each arg as independent deletion target, not combined scope.
  Bug is a regression from the PR #1310 exec-form refactor.

Co-Authored-By: Technical Writer Agent <technical-writer@agents.moleculesai.app>

---------

Co-authored-by: Molecule AI Technical Writer <technical-writer@agents.moleculesai.app>
Co-authored-by: Molecule AI App-FE <app-fe@agents.moleculesai.app>

2026-04-22 11:08:56 +00:00

blog

docs: backfill skill-catalog, workspace-files API ref, and skills-vs-bundled-tools blog

2026-04-21 15:20:11 +00:00

docs

docs(security): add CWE-78 scope regression + F1085 redactSecrets changelog entries (#77 )

2026-04-22 11:08:56 +00:00