1011 Commits

Author	SHA1	Message	Date
core-devops	862a90a316	fix(runtime): complete crewai/deepagents/gemini-cli removal + fail-closed on unresolvable runtime ... Addresses core-security REQUEST-CHANGES (review 4269) on PR #1385 (RFC internal#483). The original removal was incomplete and silently changed behavior: 1. manifest.json workspace_templates still listed crewai/deepagents/ gemini-cli. handlers.knownRuntimes (the workspace-create admission allowlist) is built at boot from manifest.json via runtime_registry.go — NOT from provisioner.knownRuntimes — so a create request for a "removed" runtime was still admitted. Removed the 3 entries; the manifest now resolves to the 6 kept template-backed runtimes (claude-code, hermes, openclaw, codex, langgraph, autogen) + injected meta-runtimes. langgraph/autogen retained intentionally — not in the internal#483 removal set and still in provisioner.knownRuntimes. 2. selectImage silently fell back to DefaultImage (langgraph) for any named-but-unresolvable runtime: a user asking for crewai got a langgraph container with no signal. selectImage now returns (string, error) and rejects a NAMED-but-unresolvable runtime with ErrUnresolvableRuntime (naming the offending runtime). Start propagates it; the existing markProvisionFailed path already broadcasts WorkspaceProvisionFailed + records the message. Implements the CTO hardgate directive (feedback_platform_must_hardgate_base_contract — fail-closed, no silent degrade). The genuinely-unspecified (empty) runtime remains a distinct legitimate path → DefaultImage. go build ./... and go test ./internal/provisioner/ ./internal/handlers/ ./internal/imagewatch/ ./internal/registry/ ./internal/models/ all pass. selectImage tests updated to assert the new fail-closed contract (new expected values verified against the security finding, not made-green). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 15:36:16 -07:00
core-devops	e809a2e319	chore(runtime): remove crewai/deepagents/gemini-cli from the runtime catalog ... CTO-approved scope-narrowing to the four maintained runtimes (claude-code, openclaw, hermes, codex) plus autogen/langgraph legacy. RFC molecule-ai/internal#483. - provisioner/registry.go: drop the 3 from knownRuntimes (kept alphabetical ordering; count pin updated 9 -> 6 in registry_test.go). - handlers/admin_workspace_images.go: drop the 3 from AllRuntimes so imagewatch stops pulling now-removed template images. - models/runtime_defaults.go: doc-comment list updated; drop the 3 explicit drift-detection rows from runtime_defaults_test.go. - localbuild_test.go RepoNotFound fixture switched crewai -> hermes (post-removal crewai is no longer a known runtime, so the test would hit the "unknown runtime" branch instead of the intended 404 path). - provisioner_test.go error-classification fixture string crewai -> hermes (no removed-runtime names in fixtures). Live-workspace safety gate cleared first: zero workspaces on the 3 runtimes across the production fleet (per-tenant DB query on hongming/go-to-market/chloe-dong + CP tenant_resources provisioning ledger covering reno-stars). Registry/pin row removal handled by a separate controlplane migration PR, landed after this merges. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 15:17:26 -07:00
Molecule AI Core-BE	1d29e9ea24	fix(handlers): prevent poll-mode sync-persist test from hanging CI ... sqlmock.ExpectationsWereMet() hangs indefinitely when the expected INSERT mock never fires. If the production code ever regresses to goAsync (pre-fix shape), the handler returns before the INSERT fires, the mock never fires, and ExpectationsWereMet() blocks for the full test/-suite timeout — wedging the CI run with no diagnostic. Fix: check expectations in a goroutine with a 2s hard timeout. When the mock has fired (synchronous production code), ExpectationsWereMet() returns <1ms and the select fires the `case err := <-expectDone` arm. When the mock has NOT fired (async regression), the 2s timeout fires and the test fails with a clear message instead of hanging. Also reduce insertDelay from 150ms → 50ms. 50ms is ~50× the normal INSERT latency and sufficient to prove synchronous blocking; the larger value was adding unnecessary suite-level wall-clock under -race detection, where mock delays are amplified by the instrumenter's goroutine overhead. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-16 14:47:07 +00:00
core-be	a92beb5d49	fix(workspace-server): persist poll-mode canvas user message synchronously before queued 200 ... Sibling of #1347/internal#470 — the POLL-mode arm of the canvas user-message data-loss bug Hongming reported ("i sometimes lose my own message when i exit chat", 2026-05-16). Hongming's tenant is entirely poll-mode (4 external workspaces, no URL — verified empirically: every workspace returns the {delivery_mode:poll, status:queued} short-circuit envelope), so #1347 (push-mode only, persists AFTER the poll short-circuit) structurally cannot cover his reported case. #1347's "poll-mode was never affected" framing is overstated: logA2AReceiveQueued's durable activity_logs INSERT ran inside h.goAsync(...) — a detached goroutine with no happens-before barrier against the synthetic {status:queued} 200. The canvas sees the send acknowledged while the row may still be racing; a workspace-server restart / deploy / OOM / EC2 hibernation between the 200 and the goroutine's commit loses the message permanently (chat-history reads activity_logs; missing row = message gone on reopen). No fallback either, unlike push-mode's legacy-INSERT path. Fix: make the poll-mode ingest persist SYNCHRONOUS — committed before the queued 200 — on a context.WithoutCancel context (parity with persistUserMessageAtIngest). Best-effort preserved (LogActivity logs+swallows INSERT errors, never blocks the send). Post-commit broadcast still fires inside LogActivity (a missed WS event is not data loss; the durable row is the truth chat-history re-reads on reopen). TDD: a2a_poll_ingest_persist_test.go — deterministic RED (queued 200 returned in ~0.5ms, before the 150ms INSERT → DATA LOSS) → GREEN after fix. Full internal/handlers + internal/messagestore suites green; vet clean. Refs: molecule-ai/internal#471 (tracking), molecule-ai/internal#470 (push-mode sibling, PR #1347) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 06:04:14 -07:00
devops-engineer	8179ff77e9	Merge branch 'main' into fix/workspace-token-injection-agent-owned	2026-05-16 12:05:32 +00:00
Molecule AI Infra-Runtime-BE	6188c6ddf3	fix(org_helpers): correct duplicate phrase in loadWorkspaceEnv comment ... The comment had the phrase "the workspace-specific .env" duplicated. Removed the redundant repetition. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-16 10:27:13 +00:00
core-be	f986444dbd	fix(workspace-server): inject /configs token files agent-owned, not root ... The fleet-wide list_peers 401 (Hermes et al): two workspace-server token-injection paths wrote /configs/.auth_token (and /configs/.platform_inbound_secret) as root:root 0600 AFTER the template entrypoint's `chown -R agent:agent /configs` ran. The a2a_mcp_server runs as the agent uid (1000, via `gosu agent`), so platform_auth.get_token() hit `[Errno 13] Permission denied` → empty bearer → platform 401 on /registry/{id}/peers (the literal tool_list_peers path). PR#23 fixed only the entrypoint dir chown (first boot); it cannot reach the post-entrypoint root re-injection. This covers both injection paths: 1. WriteAuthTokenToVolume (#1877, pre-start): the throwaway alpine container ran chmod 0600 but never chowned — alpine runs as root, so the file stayed root:root. Now `chown 1000:1000 /vol/.auth_token` (0600 preserved). 2. WriteFilesToContainer (#418, post-start re-injection): the tar headers left Uid/Gid unset → CopyToContainer extracted root:root. Now every tar entry is stamped Uid/Gid = agent. This path (re)writes BOTH .auth_token and .platform_inbound_secret, so both are fixed. uid 1000:1000 verified from the templates (claude-code-default + hermes Dockerfile `useradd -u 1000 ... agent`, entrypoint `gosu agent`), exposed as AgentUID/AgentGID constants. Tar-build and alpine-cmd extracted into pure helpers (mirrors buildTemplateTar) so the ownership contract is unit-tested without a live Docker daemon; the test fails on pre-fix root:root and passes post-fix (real tar / real command, not a mock). PR#23's entrypoint chown is unchanged (still correct for the dir + first boot). No feature flag, no backwards-compat shim. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 02:19:11 -07:00
fullstack-engineer	0e13a80121	chore: promote staging→main (chat E2E + accumulated fixes) ... Promotes the following staging-only changes to main: - feat(e2e): stabilize Playwright chat tests for desktop + mobile (PR #1142) - feat(workspace): broadcast and talk-to-user platform abilities - feat(adapter-base): ProviderRegistry type + resolve_provider_routing - fix(staging): OFFSEC-010 CP config wiring + CWE-78 rows.Err fixes - fix(staging): restore goAsync tracking in dispatch calls - fix(ci): needs-based all-required sentinel - fix(canvas): load chat history in MobileChat (closes #1062) Merge-conflict resolutions: - ThemeToggle.tsx: take staging (INDEX_SIZE_ERR test fix) - MobileChat.tsx + test: take staging (shared hooks refactor) - workspace_broadcast.go: take main (OFFSEC-015 org isolation) - org_helpers.go + tests: combine both (CWE-78 guard + rows.Err) - secrets.go: take staging (descriptive rows.Err log messages) - workspace.go: combine (goAsync tracking + SaaS tier hard-gate) - cp_provisioner.go: combine (OFFSEC-010 comments + main formatting) - ci.yml: combine (mc#774 trackers + all-required needs cleanup) - test_a2a_offsec003_sanitization.py: delete (redundant per mc#62d38667)	2026-05-15 15:20:52 -07:00
hongming-codex-laptop	5a05302cd6	fix(broadcast): OFFSEC-015 — scope recipients to sender's org ... Previously POST /workspaces/:id/broadcast collected every non-removed workspace in the database, allowing a workspace in Org-A to broadcast to every workspace in Org-B, Org-C, etc. Fix: walk parent_id chain with a recursive CTE to find the sender's org root, then filter recipients to workspaces sharing that root. Same isolation pattern as hotfix #1157 (staging) — port to this main-target PR so the cherry-pick doesn't ship the vulnerable original. Adds workspace_broadcast_test.go from #1157 with: - TestBroadcast_OrgScopedRecipients (cross-org isolation regression) - TestBroadcast_OrgScoped_OrgRootSender - TestBroadcast_OrgScoped_ChildWorkspaceSender - + NotFound / Disabled / EmptyOrg / InvalidID coverage Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 12:30:03 -07:00
hongming-codex-laptop	29b4bffb13	feat(workspace): add broadcast and talk-to-user platform abilities ... Two new workspace-level ability flags (broadcast_enabled, talk_to_user_enabled) with full backend enforcement, MCP tool, and canvas UI: - Migration: adds broadcast_enabled (default false) and talk_to_user_enabled (default true) columns to workspaces table - PATCH /workspaces/:id/abilities (AdminAuth) toggles either flag independently - POST /workspaces/:id/broadcast (WorkspaceAuth) fans out a broadcast_receive activity_log entry + WS BROADCAST_MESSAGE event to all non-removed peers; requires broadcast_enabled=true on the sender - AgentMessageWriter checks talk_to_user_enabled; returns ErrTalkToUserDisabled which surfaces as HTTP 403 on /notify and the send_message_to_user MCP tool - broadcast_message MCP tool added to registry + a2a_tools_messaging.py - Canvas ChatTab shows "Agent is not enabled to chat with you" banner with Enable button when talkToUserEnabled=false on the workspace node Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 12:03:08 -07:00
Molecule AI App-FE	5dc1e462de	fix(external-workspace): pin molecule-ai-workspace-runtime>=0.1.999 in OpenClaw snippet (#1143) ... fix(external-workspace): pin molecule-ai-workspace-runtime>=0.1.999 in OpenClaw snippet Ensures the molecule-mcp console script (heartbeat + register-on-startup) is present on install. Older versions only ship a2a_mcp_server which does not heartbeat, causing workspaces to go OFFLINE within 60s. Closes openclaw keepalive regression. Co-authored-by: Molecule AI App-FE <app-fe@agents.moleculesai.app> Co-committed-by: Molecule AI App-FE <app-fe@agents.moleculesai.app>	2026-05-15 07:35:57 +00:00
hongming-codex-laptop	026d1c5fae	feat(workspace): add broadcast and talk-to-user platform abilities ... Two new workspace-level ability flags (broadcast_enabled, talk_to_user_enabled) with full backend enforcement, MCP tool, and canvas UI: - Migration: adds broadcast_enabled (default false) and talk_to_user_enabled (default true) columns to workspaces table - PATCH /workspaces/:id/abilities (AdminAuth) toggles either flag independently - POST /workspaces/:id/broadcast (WorkspaceAuth) fans out a broadcast_receive activity_log entry + WS BROADCAST_MESSAGE event to all non-removed peers; requires broadcast_enabled=true on the sender - AgentMessageWriter checks talk_to_user_enabled; returns ErrTalkToUserDisabled which surfaces as HTTP 403 on /notify and the send_message_to_user MCP tool - broadcast_message MCP tool added to registry + a2a_tools_messaging.py - Canvas ChatTab shows "Agent is not enabled to chat with you" banner with Enable button when talkToUserEnabled=false on the workspace node Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-15 00:19:44 -07:00
core-devops	ec3e27a4ec	fix(ci): needs-based all-required sentinel + remove needs:changes from build jobs (fixes #1083) ... - platform-build: drop `needs: changes`; change per-step `if:` conditions from `needs.changes.outputs.platform == 'true'` to `if: always()` and the skip step from `!= 'true'` to `if: false`. Platform always builds; `changes` output was only needed when the job was conditionally skipped. - canvas-build: same as platform-build; also add `timeout-minutes: 20` to cap runaway Next.js builds. - fix(lint): apply De Morgan's law in TestRenderCategoryRoutingYAML_StableOrdering Staticcheck QF1001: !(ai < mi && mi < zi) → ai >= mi || mi >= zi. Rebased on staging 4cc0e32a. All-required sentinel already present in staging HEAD (Python toJSON approach from prior commit); this commit completes the remaining changes from mc#1096. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 20:10:51 -07:00
hongming-codex-laptop	106baadf2b	ci: fix platform staticcheck lint	2026-05-14 18:12:21 -07:00
hongming-codex-laptop	6b80dca1f4	fix: preserve Claude Code provider registry in generated configs	2026-05-14 17:33:22 -07:00
hongming-codex-laptop	420ac2f00d	ci: update instructions handler test expectations	2026-05-14 16:25:55 -07:00
Molecule AI Core-BE	e9693e12ff	fix(handlers): add rows.Err() checks across approvals, tokens, instructions ... Standard CWE-78 pattern (same class as CWE-78-rows-err hotfix #1071): iterating over sql.Rows without checking rows.Err() after the loop silently ignores connection errors. Add the deferred Err() check to: - approvals.go: ListPendingApprovals (GET /approvals) - approvals.go: List (GET /workspaces/:id/approvals) - tokens.go: List (GET /workspaces/:id/tokens) - instructions.go: Resolve handler (GET /workspaces/:id/instructions/resolve) - instructions.go: scanInstructions helper (used by List handler) 🤖 Generated with [Claude Code](https://claude.com/claude-code)	2026-05-14 23:22:18 +00:00
Molecule AI Core-BE	bcca139caa	fix(handlers): add rows.Err() checks to loadWorkspaceSecrets ... loadWorkspaceSecrets() iterates over global_secrets and workspace_secrets rows without checking rows.Err() after the loop. If the connection is interrupted mid-iteration, the error is silently ignored. Add the standard deferred Err() check (pattern from secrets.go, org_helpers.go) to both loops. 🤖 Generated with [Claude Code](https://claude.com/claude-code)	2026-05-14 23:18:12 +00:00
Molecule AI Core-BE	6cf6e608d8	fix(staging): add isCPTemplateConfigFile filter to collectCPConfigFiles ... Cherry-picks the filter from main commit 8fced202: only transport config.yaml and files under prompts/ from the template directory to the control plane. Arbitrary template files (adapter.py, Dockerfile, etc.) are now excluded regardless of size, reducing the transport surface. Also adds a test case verifying adapter.py is excluded even when within the size limit. 🤖 Generated with [Claude Code](https://claude.com/claude-code)	2026-05-14 23:18:12 +00:00
Molecule AI Core-BE	6947774e1b	fix(staging): wire collectCPConfigFiles into CPProvisioner.Start ... collectCPConfigFiles was added in PR #1075 (OFFSEC-010) but never called — the symlink guards were dead code. This patch wires the function into CPProvisioner.Start so the guards actually protect the CP request path. Changes: 1. cpProvisionRequest gains ConfigFiles map[string]string field (base64-encoded, same shape as Docker provisioner's WriteFilesToContainer) 2. Start calls collectCPConfigFiles(cfg) before building the request; errors propagate as hard failures (a workspace without its config files is not usable) 3. Two new tests: - TestStart_CollectsConfigFiles: verifies TemplatePath files AND ConfigFiles map appear in the CP request body, base64-encoded - TestStart_SymlinkTemplatePathError: verifies a symlink TemplatePath causes Start to fail, exercising the OFFSEC-010 root-symlink guard Without this wiring, a malicious operator could bypass the WalkDir symlink guards by passing TemplatePath as a symlink to the CP. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 23:18:12 +00:00
Molecule AI Core-DevOps	9afecfdfc7	Resolve conflict: keep OFFSEC-010 collectCPConfigFiles with ce542cb26 nil-return fix	2026-05-14 23:18:12 +00:00
Molecule AI Core-BE	2751861b04	fix(staging): add goAsync method + asyncWG field to WorkspaceHandler ... Cherry-picks the goAsync definition from main commit 1c3b4ff3 so that PR #1076's 5 goAsync(...) call sites compile on staging. core-devops correctly identified that h.goAsync was called at 5 sites but never defined on the staging branch. Without this, the build fails. fixes #1076 review feedback Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 22:37:56 +00:00
Molecule merge queue	8fced20267	fix: limit CP template config transport	2026-05-14 15:37:44 -07:00
Molecule merge queue	7b3e3fc189	ci: fix handlers instruction test compile	2026-05-14 15:25:09 -07:00
Molecule merge queue	51a0fd2688	Merge pull request #1047 from molecule-ai/fix/saas-t4-cp-config-seed ... # Conflicts: # .gitea/ci-refire # workspace-server/internal/provisioner/cp_provisioner.go	2026-05-14 15:00:11 -07:00
Molecule AI Core-DevOps	5888238147	Resolve conflict: keep OFFSEC-010 collectCPConfigFiles with ce542cb26 nil-return fix	2026-05-14 21:34:00 +00:00
Molecule AI Core-BE	da416caeca	fix(staging): restore goAsync tracking in 5 dispatch calls + move config seeding pre-Start ... Investigation of issue #1058 confirmed 3 regressions on staging (introduced by the OFFSEC-003 promotion PR #1059): 1. workspace_dispatchers.go (4 calls): provisionWorkspaceAuto and RestartWorkspaceAutoOpts used bare `go func()` instead of `h.goAsync(func() { ... })`, losing goroutine WaitGroup tracking. Restored h.goAsync on all 4 dispatch sites. 2. a2a_proxy.go (1 call): resolveAgentURL used bare `go h.RestartByID()` when waking a hibernated workspace. Restored h.goAsync wrapper. 3. provisioner.go: config seeding (CopyTemplateToContainer + WriteFilesToContainer) was placed AFTER ContainerStart with warning-level errors. Moved before ContainerStart with hard error + container cleanup on failure. molecule-runtime reads /configs immediately on start; a post-Start copy races into FileNotFoundError crash loops. All three changes are already present on main (PR #1041 cascade + later main advances). This PR brings staging to parity. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 21:27:52 +00:00
Molecule AI · core-security	9ce484886d	merge: resolve conflicts with main — keep CWE-78 guard + rows.Err() checks ... Conflict resolution for PR mc#1071 targeting main: - org_helpers.go: deduplicate expandEnvRef/isEnvIdentStart/isEnvIdentPart (added inline by main, also present in branch with doc comment; kept documented version) - org_helpers_pure_test.go: merge whitespace-only formatting conflicts (take main alignment) - org_helpers_security_test.go: merge style conflicts + keep main POSIX guard tests - instructions_test.go: keep both branches of add/add conflict - delegation_list_test.go: keep main version (branch deleted it) Security fix (CWE-78) and rows.Err() checks are identical in both branches and remain intact. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 21:09:07 +00:00
Molecule AI Core-BE	0c152a24d2	fix(handlers): restore CWE-78 guard — partial refs like \$HOME/path stay literal ... Replaces the os.Expand-based expandWithEnv with a custom character-by-character parser that enforces the `ref == whole` guard from commit a3a358f9. os.Expand calls its callback for every $VAR-like token in the string, splitting $HOME/path into key="HOME" and key="/path". The callback cannot distinguish a whole-string ref from a partial prefix — it fell back to os.Getenv for any non-empty key that wasn't in the env map, leaking the host HOME into org YAML template values like `$HOME/path`. Fix: walk the string ourselves. Only call os.Getenv when the matched reference IS the entire input string (ref == whole). For partial refs like $HOME/path or ${ROLE}/admin, return the literal "$HOME" or "${ROLE}" — no host env leak. Tests: - Add 14 regression tests in org_helpers_security_test.go covering $HOME/path, ${ROLE}/admin, prefix$ROLE/suffix, mixed partial+whole, etc. - Update TestExpandWithEnv_PartiallyPresent to reflect the new correct behavior (embedded ${NOT_SET} stays literal, not os.Getenv fallback). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 20:49:33 +00:00
Molecule AI Core-BE	b72ec7dcfc	fix(handlers): restore rows.Err() checks in secrets.go — 6 scan loops ... Re-add the `rows.Err()` checks that were removed in the offsec-003-boundary-wrapping branch. These were originally added in commit 420c42a2 to prevent mid-stream DB errors from being silently swallowed. Affected functions: - List() workspace-level scan loop — catches DB errors during workspace secret iteration - List() global scan loop — catches DB errors during global secret iteration - Values() global scan loop — catches DB errors during global secret decryption scan - Values() workspace scan loop — catches DB errors during workspace secret decryption scan - ListGlobal() scan loop — catches DB errors during global-only listing - restartAllAffectedByGlobalKey() scan loop — catches DB errors when listing workspaces affected by a global secret change (issue #15 propagation path) Fixes issue #1061. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 20:21:17 +00:00
hongming-codex-laptop	f3e979b78c	test(handlers): cover ListFiles symlink skip	2026-05-14 13:17:16 -07:00
Molecule AI Infra-SRE	4ed6e36ef1	fix(handlers): skip symlinks in ListFiles WalkDir callback (OFFSEC-010)	2026-05-14 20:12:33 +00:00
Molecule AI Core-BE	b75fe86470	fix(handlers): restore CWE-78 guard — partial refs like \$HOME/path stay literal ... Replaces the os.Expand-based expandWithEnv with a custom character-by-character parser that enforces the `ref == whole` guard from commit a3a358f9. os.Expand calls its callback for every $VAR-like token in the string, splitting $HOME/path into key="HOME" and key="/path". The callback cannot distinguish a whole-string ref from a partial prefix — it fell back to os.Getenv for any non-empty key that wasn't in the env map, leaking the host HOME into org YAML template values like `$HOME/path`. Fix: walk the string ourselves. Only call os.Getenv when the matched reference IS the entire input string (ref == whole). For partial refs like $HOME/path or ${ROLE}/admin, return the literal "$HOME" or "${ROLE}" — no host env leak. Tests: - Add 14 regression tests in org_helpers_security_test.go covering $HOME/path, ${ROLE}/admin, prefix$ROLE/suffix, mixed partial+whole, etc. - Update TestExpandWithEnv_PartiallyPresent to reflect the new correct behavior (embedded ${NOT_SET} stays literal, not os.Getenv fallback). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 20:08:46 +00:00
hongming-codex-laptop	7b84d09de2	test: cover template symlink skip	2026-05-14 11:57:56 -07:00
Molecule AI Infra Lead	eb67db9d7f	[infra-lead-agent] fix(provisioner): skip symlinks in template WalkDir (OFFSEC-010) ... filepath.WalkDir follows symlinks, which could bypass the path traversal guard in addFile() if a symlink inside the template directory points outside it (e.g. a symlink to ../../../etc/passwd). Fix: add an explicit symlink check after the walkErr guard that returns nil (skip) when d.Type()&os.ModeSymlink != 0. The existing IsRegular() check catches non-regular non-symlink files (devices, sockets) but symlinks are regular files (they point to something), so they need explicit skipping. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 18:51:25 +00:00
Molecule AI Fullstack Engineer	1a4d012383	fix(provisioner): skip symlinks in CopyTemplateToContainer Walk (OFFSEC-010) ... filepath.Walk follows symlinks by default. A malicious org template containing a symlink (e.g. template/.ssh → /root/.ssh) could escape the intended directory and include arbitrary host files in the tar archive copied into workspace containers. Fix: skip symlinks in the Walk callback. Broken template symlinks are a silent no-op rather than an error, matching the security- first posture (no escalation on unexpected input). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 18:26:47 +00:00
hongming-codex-laptop	7a614f2e3b	fix: harden saas workspace provisioning config	2026-05-14 10:26:27 -07:00
hongming-codex-laptop	033c1b9bd4	test: satisfy staticcheck on PR regression tests	2026-05-14 09:43:04 -07:00
Molecule AI Fullstack Engineer	ca7665f573	fix(handlers): workspace_crud_test.go compile errors + routing fixes ... PR #942 added 12 test functions that referenced `r` and `mock` without capturing them from setupWorkspaceCrudTest, plus called r.ServeHTTP on a router with no registered routes (returning 404 instead of the expected status code). Changes: - TestUpdate_InvalidUUID: call validateWorkspaceID directly (no router needed) - TestUpdate_InvalidBody: register PATCH route + use handler - TestUpdate_WorkspaceNotFound: register PATCH route + use handler - TestUpdate_NameTooLong: call validateWorkspaceFields directly - TestUpdate_RoleTooLong: call validateWorkspaceFields directly - TestUpdate_NameWithNewline: call validateWorkspaceFields directly - TestUpdate_NameWithYAMLSpecialChars: call validateWorkspaceFields directly - TestUpdate_WorkspaceDirSystemPath: call validateWorkspaceDir directly - TestUpdate_WorkspaceDirTraversal: call validateWorkspaceDir directly - TestUpdate_WorkspaceDirRelativePath: call validateWorkspaceDir directly - TestDelete_InvalidUUID: call validateWorkspaceID directly - TestDelete_HasChildrenWithoutConfirm: register DELETE route + use handler - TestDelete_ChildrenCheckQueryError: register DELETE route + use handler Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 16:42:59 +00:00
hongming-codex-laptop	19fce4d400	fix(handlers): keep embedded missing env refs literal	2026-05-14 09:37:52 -07:00
hongming-codex-laptop	096faa2562	fix(provisioner): seed configs before container start	2026-05-14 09:37:52 -07:00
hongming-codex-laptop	1c3b4ff321	fix(handlers): synchronize async DB users in race tests	2026-05-14 09:37:52 -07:00
Molecule AI Fullstack Engineer	11d4b398b7	fix(handlers): resolveInsideRoot dot-clean + nil-db defensive guards ... 1. org_helpers.go: filepath.Clean after filepath.Join to strip "." path components (./subdir/./file.txt → subdir/file.txt) so the fast-path IsAbs check on absolute roots resolves dot segments. 2. org_helpers_security_test.go: fix hardcoded suffix length (14→16 chars) using strings.HasSuffix instead of slice arithmetic. 3. Add nil-db.DB guards in 5 locations where tests call handlers without setting up a mock DB (plugins_tracking.go, org_plugin_allowlist.go, terminal.go ×2, workspace_provision.go). No-op in production (db.DB is always set); prevents nil-panic in tests that exercise fast-path logic without a full DB stack. All 47 schedule tests pass. Full handlers test suite passes (45s). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 16:35:32 +00:00
Molecule AI Fullstack Engineer	48f65bc456	fix(handlers): resolve all sqlmock v1.5.2 API errors in schedules_handler_test.go ... Fix 6 compile errors and 2 runtime mismatches: 1. Remove unused `mock` variable + `db` import from TestScheduleHandler_Create_CRLFStripped 2. Replace non-existent `sqlmock.NewArgMatcher` with `setupTestDBForQueueTests` (QueryMatcherEqual) for the CRLF-stripped Create test 3. Replace `regexp.MustCompile(...)` in 8 ExpectExec calls with exact SQL strings (ExpectExec accepts string, not *regexp.Regexp) 4. Fix `\$1`-escaped SELECT queries → unescaped `$1` for QueryMatcherEqual 5. Correct UPDATE args: NotFound/DBError tests pass {"name":...} → name=$2 is non-nil 6. Correct UPDATE args: CRLF-stripped test expects "fix\nthat" (handler strips \r before query) 7. Fix UPDATE Exec string: use actual multi-line COALESCE format from handler All 47 schedule tests now pass. The 2 other test failures (TestResolveInsideRoot_DotPathComponent, TestPluginUninstall_SaaS_DispatchesToEIC) are pre-existing and unrelated to this fix. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 16:35:32 +00:00
devops-engineer	408dd452df	Merge pull request 'fix(canvas+handlers): Zustand selector anti-patterns + Go handler test blockers' (#942) from fix/917-zustand-selector-anti-patterns into staging	2026-05-14 16:28:57 +00:00
Molecule AI Core-BE	420c42a202	fix(handlers): add rows.Err() checks after all secrets scan loops ... Regression from audit #109: rows.Err() checks were removed from List, ListGlobal, restartAllAffectedByGlobalKey, and Values between commits 3a30b073 and b25b4fb6. Without these checks, a mid-stream query error (e.g. connection loss during iteration) is silently ignored and partial results are returned as if the query succeeded. Fix: add if err := rows.Err(); err != nil { log.Printf(...) } after every for rows.Next() loop in secrets.go. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 09:17:31 -07:00
Molecule AI Core-DevOps	a3a358f968	fix(handlers): restore POSIX-identifier guard in expandWithEnv (CWE-78) ... Restore the POSIX shell-identifier guard in expandWithEnv (org_helpers.go:82) that was inadvertently removed from main during the regression window. Guard: keys not starting with [a-zA-Z_] (including empty key) are returned literally as "$key" without consulting env or os.Getenv. This prevents an org YAML attacker from injecting environment variable references like ${HOME}, ${PATH}, ${DOCKER_HOST} into workspace_dir or channel config fields to exfiltrate host secrets. Also restore org_helpers_pure_test.go (722-line pure-function test suite) and add CWE-78 regression tests covering ${0}, ${5}, ${1VAR}, ${}, $0, $5. Fixes MC#982 regression. Co-Audit: core-offsec, core-security. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 09:07:04 -07:00
Molecule AI Fullstack Engineer	301d84f616	fix(canvas): resolve Zustand selector anti-patterns causing React #185 re-render loops ... - WorkspaceNode: useHasChildren and useDescendantCount now select nodes stably first, then derive with useMemo to avoid new boolean/number on every store push (React error #185 / Zustand + React 19 Object.is). - DropTargetBadge: targetName and childCount select nodes once, derive inside IIFEs to avoid new return value on every platform push. - useCanvasViewport: provisioningCount selects nodes stably, uses useMemo for the filter().length derivation. - MobileDetail / MobileChat: node selector split into stable nodes select + useMemo derivation of the .find() result. - ConfigTab: preserved existing s.nodes?.find?.() pattern (test mocks omit nodes; the defensive optional chaining is the correct approach there). Fixes: React error #185 (Zustand + React 19 Object.is strictness). --- fix(handlers): resolve Go handler test blockers - org_helpers.go: custom envVarRefPattern regexp for ${VAR}/$VAR expansion so $100 is left as-is (not expanded to empty) while $FOO is expanded. - org.go: add missing collectPerWorkspaceUnsatisfied and perWorkspaceUnsatisfied (required by the EnvRequirements checking path in org import). - workspace_crud_test.go: escape \$1 in sqlmock COUNT patterns (Go regex interprets bare $1 as end-anchor+literal-1, not a literal placeholder). - workspace_crud.go: move workspace_dir validation before the existence check so invalid paths return 400 instead of 404 — consistent with name/role field validation ordering. - a2a_queue.go: use float64 for expires_in_seconds JSON field; float values are truncated (90.7 → 90) per the documented contract. - a2a_queue_test.go: update float-value test expectation from 0 to 30 to match the truncation contract. - org_helpers_pure_test.go: fix TestAppendYAMLBlock_BothEmpty (assert.Nil not assert.Equal("", nil)). - plugins_atomic_test.go: remove duplicate TestTarWalk_NestedDirs. - org_layout_test.go: delete (tests non-existent childSlot function). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 15:29:04 +00:00
hongming-codex-laptop	3359580502	fix(handlers): repair instructions test compile	2026-05-14 08:20:32 -07:00
hongming-codex-laptop	0b47f9516d	fix(ci): repair delegation list and merge queue tests	2026-05-14 14:19:42 +00:00