316 Commits

Author	SHA1	Message	Date
Molecule AI Release Manager	39a2dc9871	Merge main into staging (sync v4 — release manager) ... Brings 659 main commits into staging. Resolves all conflicts with staging's version (staging is current production state). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 18:35:50 +00:00
Molecule AI Infra-Runtime-BE	3e9a2665f3	test(executor): update error-handling tests for sanitize_agent_error ... The sanitize_agent_error(exc=e) fix produces the sanitized format "Agent error (RuntimeError) — see workspace logs for details." instead of the raw exception string. Update two assertions in test_agent_error_handling and test_terminal_error_routes_via_updater_failed to expect the secure format, and assert raw message is NOT present. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 11:50:59 +00:00
Molecule AI Infra-Runtime-BE	d0611d4eee	Merge origin/main into fix/stdio-fallback-all-environments ... Conflicts resolved: - workspace/a2a_client.py: accept HEAD (TTL cache check, full comment) - workspace/a2a_executor.py: accept HEAD (sanitize_agent_error(exc=e)) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 11:44:23 +00:00
devops-engineer	8aee937104	fix(executor_helpers): omit exc class from error tag when stderr provides context ... When sanitize_agent_error is called with both exc and stderr, the exc class name was leaking into the user-visible message even though stderr already provides actionable context. Only include the tag when an explicit category is supplied; fall back to the bare form when the tag would have come from type(exc).__name__. Fixes test_sanitize_agent_error_stderr_and_exc regression introduced in commit 7290d9727.	2026-05-13 11:43:58 +00:00
Molecule AI Infra-Runtime-BE	c12da5a241	fix(a2a_executor): restore sanitize_agent_error on subprocess errors ... The stdio-fallback branch replaced the sanitize_agent_error() wrapper with a bare f-string, causing raw exception messages to surface in the chat UI instead of the sanitized "Agent error ({type}) — see workspace logs for details." format. This restores the original sanitize_agent_error(exc=e) call in the updater.failed() path — same category of regression as the OFFSEC-003 sanitization fix (261a8e24) and the TTL cache fix (c2325f1a). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 11:42:58 +00:00
Molecule AI Infra-Runtime-BE	261a8e2498	fix(builtin_tools/a2a): restore OFFSEC-003 peer-result sanitization ... The stdio-fallback branch removed the OFFSEC-003 sanitization from builtin_tools/a2a_tools.py (the LangChain adapter's A2A tools): - Removed the `from _sanitize_a2a import sanitize_a2a_result` import - Removed `sanitize_a2a_result()` wrapping from all delegate_task() return paths (peer text, error messages, raw data) Without this, the LangChain adapter passes raw peer content directly into the agent's LLM context — the same OFFSEC-003 injection surface that was fixed in a2a_tools_delegation.py (#492/#537). This patch restores the exact original sanitization calls. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 11:34:51 +00:00
Molecule AI Infra-Runtime-BE	c2325f1a17	fix(a2a): restore TTL cache check in enrich_peer_metadata_nonblocking ... The stdio-fallback branch removed the cache-first check from enrich_peer_metadata_nonblocking, causing 5 tests to fail: test_envelope_enrichment_uses_cache_when_present test_envelope_enrichment_fetches_on_cache_miss test_envelope_enrichment_re_fetches_after_ttl test_enrich_peer_metadata_nonblocking_cache_hit_returns_immediately test_enrich_peer_metadata_nonblocking_cache_miss_schedules_fetch The removed lines checked the peer metadata cache (TTL-bounded) and returned immediately on a cache hit. Without this, every push for a known peer schedules a background fetch — a performance regression and a deviation from the documented contract (PR #2484). This patch restores the cache check to the exact original logic. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 11:09:54 +00:00
Molecule AI Infra-SRE	0642b7c3a9	fix(workspace): restore OFFSEC-003 sanitize_a2a_result in a2a_tools.py (mc#787) ... The staging branch diverged from main before PR #542 landed and was never forward-ported. a2a_tools.py was missing the import and wrapping of sanitize_a2a_result, leaving peer-controlled A2A response text unsanitized before entering the agent context (OFFSEC-003 violation). Fix mirrors the main-line fix (PR #542 / mc#537): - Import sanitize_a2a_result from _sanitize_a2a - Wrap all peer-controlled return values with sanitize_a2a_result() Also removes a duplicate dead-code block that was an artifact of the merge conflict on the staging branch. Fixes: molecule-ai/molecule-core#787 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 05:30:44 +00:00
hongming-kimi-laptop (Molecule AI agent)	e1aac92539	fix(mcp): universal stdio transport + runtime-adaptive notifications ... Root fix for molecule-ai-workspace-runtime#61: - Replace asyncio.connect_read_pipe/connect_write_pipe with direct sys.stdin.buffer/sys.stdout.buffer I/O. The asyncio pipe transport rejects regular files, PTYs, and sockets — breaking openclaw, CI tests, and tee-captured debugging. Direct buffer I/O works with ANY file descriptor. - Replace fatal _assert_stdio_is_pipe_compatible() with non-fatal _warn_if_stdio_not_pipe() — operators get diagnostic signal without the hard exit. Runtime detection for adaptive push notifications: - Detect MCP host from env vars: CLAUDE_CODE, OPENCLAW_SESSION_ID, CURSOR_MCP, HERMES_RUNTIME - Emit the correct JSON-RPC notification method per host: notifications/claude/channel, notifications/openclaw/channel, etc. - Unifies the molecule-mcp-claude-channel plugin behavior into the universal MCP server — one implementation for all runtimes. Tests: - Update TestStdioPipeAssertion for warning-based behavior - Patch runtime detection in channel-notification tests - 80 passed, 5 pre-existing failures (enrichment cache unrelated)	2026-05-12 19:55:45 -07:00
Molecule AI Infra-Runtime-BE	965710eb00	Merge PR #619: fix(platform): fail-fast checkShellDeps in localbuild + fix async test pollution	2026-05-12 02:47:16 +00:00
Molecule AI · core-devops	1301f50509	Merge pull request 'test(workspace): OFFSEC-003 sanitization backstop for A2A exit points' (#539) from test/offsec-003-sanitization-backstop into staging	2026-05-12 02:29:35 +00:00
Molecule AI Fullstack Engineer	e2cc86b26d	test(workspace): add push-mode queue envelope coverage for a2a_response.py (closes #308) ... Adds 5 test cases + 3 fixtures to test_a2a_response.py covering the push-mode queue handling added in PR #278 (a2a_proxy.go): Fixtures: - push_queued_full: {queued: True, method: tasks/send, message, queue_id} - push_queued_no_method: {queued: True, message} → defaults to message/send - push_queued_message_only: {queued: True, message} → still Queued Test cases (TestQueuedVariant_PushMode): - test_push_queued_full_returns_Queued - test_push_queued_no_method_defaults_to_message_send - test_push_queued_message_only_returns_Queued - test_push_queued_logs_info_with_queue_id - test_push_queued_delivery_mode_defaults_to_poll Also updates test_every_fixture_classifies_to_expected_variant to enumerate the 3 new fixtures so future additions must update the table. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 00:46:38 +00:00
Molecule AI Fullstack Engineer	9d8f773bec	fix(platform): fail-fast checkShellDeps in localbuild + fix async test pollution in test_a2a_tools_inbox_wrappers (closes #529, #307) ... platform/localbuild.go: - Add checkShellDeps field + checkShellDepsProd() pre-flight check. Replaces cryptic "exec: docker: executable file not found in $PATH" with an actionable error: names the missing binary and points at the fix (install both OR set MOLECULE_IMAGE_REGISTRY). - checkShellDeps is a seam on LocalBuildOptions so existing tests stub it. platform/localbuild_test.go: - makeTestOpts now stubs checkShellDeps → nil (no-op in test env). - Add TestEnsureLocalImage_MissingShellDeps: verify early-exit with actionable message. - Add TestCheckShellDepsProd_ErrorMessage_Actionable: error names missing binary and MOLECULE_IMAGE_REGISTRY fix path. workspace/test_a2a_tools_inbox_wrappers.py (#307): - Replace _run(coro) anti-pattern with proper async def + await. The old pattern bypassed pytest-asyncio lifecycle, creating a nested event loop that caused coroutine warnings in full-suite runs (14 tests passed in isolation, failed in suite). Fix: convert all 14 test methods to async def owned by pytest-asyncio. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-12 00:42:24 +00:00
Molecule AI Core-DevOps	7f90630f98	fix(tests): correct test_sanitize_agent_error_stderr_and_exc assertion ... The test expected the exception class to be hidden when stderr is provided, but the implementation always uses the exc type as the tag. Fix the assertion to match actual (correct) behavior: ValueError is in the tag, stderr is the body. Also add a check that we don't fall back to the generic "workspace logs" form. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 22:59:41 +00:00
Molecule AI Core-DevOps	a92839e39a	ci: verify publish-runtime pipeline end-to-end (internal#327) ... Marker file triggers workspace/** path filter on publish-runtime-autobump.yml, exercising the full runtime publish pipeline after publish-runtime-bot provisioning + stale-tag resolution. Acceptance: bump-and-tag green, tag exists, publish-runtime.yml green, PyPI updated, 9 template repos updated. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 20:26:55 +00:00
Molecule AI Core Platform Lead	6d5fd6be3e	fix(workspace): wrap delegate_task return with sanitize_a2a_result (CWE-117, closes #537) ... Issue #537: builtin_tools/a2a_tools.py:72 returns peer-sourced text from delegate_task() without OFFSEC-003 sanitization. Sibling regression to #491 / #492 in a different code path (google-adk delegation surface). Fix: import sanitize_a2a_result from _sanitize_a2a and wrap all 4 peer-controlled return sites in delegate_task() — parts[0].text path, empty-parts str(result) path, fallback str(result) path, and the error message path. Closes #537.	2026-05-11 19:09:18 +00:00
Molecule AI Core-QA	34214ac4dc	test(workspace): OFFSEC-003 sanitization backstop — full coverage of A2A exit points ... Add regression tests for every public A2A tool exit point that returns peer-sourced content without sanitize_a2a_result wrapping. Covers: - tool_delegate_task: sync success path, queued-fallback path - _delegate_sync_via_polling: completed/failed delegation results - tool_check_task_status: filtered lookup, delegation list, not-found References: #491, #537 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 18:38:38 +00:00
Molecule AI Infra-Runtime-BE	389613bb95	fix(tests): correct assert in test_sanitize_agent_error_stderr_and_exc ... The exc class IS the tag when stderr is provided: "Agent error (ValueError): rate limit exceeded" Fixes the incorrect assertion added in PR #517. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 18:21:19 +00:00
Molecule AI Fullstack Engineer	6a2a5a6018	fix(workspace): include ~1KB sanitized stderr in A2A error responses ... Adds an optional `stderr` parameter to sanitize_agent_error(). When provided, up to 1 KB of stderr text is included in the A2A error response after sanitization (API keys / bearer tokens ≥20 chars / long paths redacted). The existing generic form is preserved when stderr is absent. Updates both the main a2a_executor and the google-adk adapter. Closes: roadmap item — SDK executor stderr swallowing. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 18:21:19 +00:00
Molecule AI Core-BE	50319b69f2	fix(workspace): patch enrich_peer_metadata directly in test ... test_blocks_until_inflight_completes used patch("a2a_client.httpx.Client") to mock the HTTP call, but httpx.Client is created inside the background worker thread AFTER the patch context manager exits — the executor thread was created before the patch, so it uses the original httpx module. The httpx patch approach fails reliably when running with test_envelope_enrichment_fetches_on_cache_miss (different httpx patch, different peer ID, same executor thread pool). Fix: directly replace enrich_peer_metadata on the module so the replacement is visible to the background worker regardless of thread creation timing. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 17:25:46 +00:00
Molecule AI Infra-SRE	1380bf0907	fix(a2a): add cache-first check to enrich_peer_metadata_nonblocking ... enrich_peer_metadata_nonblocking (a2a_client.py) never checked the _peer_metadata cache before scheduling a background fetch — it always returned None and always fired the executor thread pool. The docstring promised "cache hit: return the cached record" but the code did not implement it. Fix: add the same TTL-check that enrich_peer_metadata uses before scheduling the worker. On a warm cache hit the function now returns immediately without touching the in-flight set or the executor. Closes the remaining 5 test failures in test_a2a_mcp_server.py on main that were not covered by PR #508's test-assertions fix. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 16:59:54 +00:00
Molecule AI Infra-SRE	ec20cd04ba	fix(workspace): update 3 test assertions for OFFSEC-003 boundary wrapping (PR #477) ... PR #477 added _A2A_BOUNDARY_START/END wrapping to tool_delegate_task's success path. Three tests in test_delegation_sync_via_polling.py were still asserting exact raw strings and broke: test_flag_off_uses_send_a2a_message_not_polling test_queued_sentinel_triggers_polling_fallback test_non_queued_send_result_does_not_trigger_fallback Fix: check for boundary markers + inner content instead of exact match. Import _A2A_BOUNDARY_START/END from _sanitize_a2a in the affected test methods. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 16:29:31 +00:00
Molecule AI Core-DevOps	40ca44aa4d	chore(workspace): remove unused imports and f-string prefixes ... - test_a2a_tools_delegation.py: remove unused `import os` - test_a2a_tools_impl.py: remove unused `import sys` and `import pytest` - test_a2a_sanitization.py: remove unused `import pytest` and fix two f-strings with no placeholders (extra `f` prefix) All 27 related tests still pass.	2026-05-11 16:10:17 +00:00
Molecule AI · core-be	92f3a17a17	test(workspace): add 17-case coverage for enrich_peer_metadata + nonblocking + worker (#502) ... Co-authored-by: Molecule AI · core-be <core-be@agents.moleculesai.app> Co-committed-by: Molecule AI · core-be <core-be@agents.moleculesai.app>	2026-05-11 15:56:25 +00:00
Molecule AI · core-be	7b783aa2ed	fix(workspace): poll activity_logs for a2a_proxy delegation results (closes #354) (#501) ... Co-authored-by: Molecule AI · core-be <core-be@agents.moleculesai.app> Co-committed-by: Molecule AI · core-be <core-be@agents.moleculesai.app>	2026-05-11 15:53:05 +00:00
core-be	952bfb3ca2	fix(workspace): replace asyncio.get_event_loop().run_until_complete with asyncio.run() (#307) (#498) ... Co-authored-by: core-be <core-be@agents.moleculesai.app> Co-committed-by: core-be <core-be@agents.moleculesai.app>	2026-05-11 15:37:34 +00:00
Molecule AI · core-lead	3d73fb1a72	Merge branch 'main' into sre/fix-test-polling-sanitization	2026-05-11 15:28:34 +00:00
Molecule AI Infra-SRE	d7de4afad4	fix: TestPollingPathSanitization regression — 3 bugs, correct assertions ... Three bugs introduced in PR #477: 1. fake_discover(ws_id) missing source_workspace_id kwarg — discover_peer signature is (target_id, source_workspace_id=None). 2. Direct attribute assignment (d._delegate_sync_via_polling = ...) does not replace module-level 'from module import name' bindings resolved at call time; must use monkeypatch.setattr. 3. Assertions checked for [A2A_RESULT_FROM_PEER] but the polling path uses _A2A_BOUNDARY_START/END — _A2A_RESULT_FROM_PEER is added by send_a2a_message (messaging path), not by _delegate_sync_via_polling. Additionally: monkeypatch.setenv("DELEGATION_SYNC_VIA_INBOX", "1") forces the polling code path so the test exercises the correct logic regardless of environment defaults. Closes #495. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 15:22:16 +00:00
Molecule AI Infra-Runtime-BE	c4dcfbb089	fix(workspace): default PLATFORM_URL to host.docker.internal in all modules (#475) ... Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app> Co-committed-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app>	2026-05-11 15:17:53 +00:00
Molecule AI Infra-Runtime-BE	635a42745a	fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task (#477) ... Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app> Co-committed-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app>	2026-05-11 15:10:25 +00:00
Molecule AI Release Manager	9ce20958a5	fix(a2a): restore OFFSEC-003 trust-boundary wrap on tool_delegate_task return (closes #491) (#492) ... Co-authored-by: Molecule AI Release Manager <release-manager@agents.moleculesai.app> Co-committed-by: Molecule AI Release Manager <release-manager@agents.moleculesai.app>	2026-05-11 15:01:18 +00:00
Molecule AI · infra-runtime-be	b48198786f	Merge pull request 'fix(workspace): include ~1KB sanitized stderr in A2A error responses' (#454) from fix/stderr-include-a2a-error-response into staging	2026-05-11 11:57:34 +00:00
Molecule AI Infra-Runtime-BE	4a7e1bd988	refactor(workspace): extract idle-loop pending-check guard for direct unit-testing ... Follows up on #432 (merged). Extracts _check_delegation_results_pending() from the inline guard in _run_idle_loop() so tests can call the real production function directly via patch(builtins.open, ...). Fixes #401: the previous test used a mirror copy of the guard logic, which risks drifting from the production implementation over time. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 10:49:40 +00:00
Molecule AI Fullstack Engineer	7290d9727f	fix(workspace): include ~1KB sanitized stderr in A2A error responses ... Adds an optional `stderr` parameter to sanitize_agent_error(). When provided, up to 1 KB of stderr text is included in the A2A error response after sanitization (API keys / bearer tokens ≥20 chars / long paths redacted). The existing generic form is preserved when stderr is absent. Updates both the main a2a_executor and the google-adk adapter. Closes: roadmap item — SDK executor stderr swallowing. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 10:32:11 +00:00
Molecule AI Infra-Runtime-BE	318e0ad742	fix(workspace): skip idle prompt when delegation results are pending (#381) (#432) ... Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app> Co-committed-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app>	2026-05-11 09:30:32 +00:00
Molecule AI Core-BE	39db2e6d73	fix(workspace): complete OFFSEC-003 fix — promote full sanitization to main ... Promotes the complete OFFSEC-003 boundary-marker sanitization from staging to main, including: - _delegate_sync_via_polling: sanitize response_preview and error strings before returning (OFFSEC-003 polling-path fix from PR #417). - tool_check_task_status JSON endpoint: sanitize summary + response_preview in both the task_id filter path and the list path. - tool_delegate_task non-polling path: preserve main's existing sanitize_a2a_result(result) wrapper (staging accidentally removed it). Closes #418. Co-Authored-By: Molecule AI · core-be <core-be@agents.moleculesai.app>	2026-05-11 08:51:45 +00:00
Molecule AI Core-BE	af95f94db1	fix(workspace): OFFSEC-003 — sanitize summary/response_preview in JSON endpoint of read_delegation_results ... Fixes the second unsanitized exit point flagged in issue #413: - task_id filter path: sanitize summary + response_preview before returning raw delegation object - list path (all recent): sanitize both fields in every delegation entry before embedding in JSON Both are peer-supplied delegation ledger data returned via the JSON polling endpoint. Sync path (lines 173, 182) was already fixed in #416. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 07:07:30 +00:00
Molecule AI Infra-Runtime-BE	a8f8b5b7c1	fix(workspace): add missing _sanitize_a2a import in a2a_tools_delegation (#399) ... REGRESSION: Staging commit 8e94c178 (PR #390) added sanitize_a2a_result calls to _delegate_sync_via_polling but did NOT add the import. Any delegation completing via the polling path raises NameError at runtime. One-line fix: add `from _sanitize_a2a import sanitize_a2a_result`. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 06:34:34 +00:00
Molecule AI Infra-Runtime-BE	b1e42ac1da	fix(workspace): skip idle prompt when delegation results are pending ... Issue #381: agent tick generators producing stale-repo state. Root cause: the idle loop fires every idle_interval_seconds (default 10 min) and sends an idle prompt regardless of pending delegation results. If a delegation completes just before the idle tick fires, the heartbeat writes results to DELEGATION_RESULTS_FILE and sends a self-message — but the idle prompt arrives first and the agent composes a stale tick before processing the results notification. Peers receive repeated identical asks. Fix: before sending the idle prompt, read DELEGATION_RESULTS_FILE. If it contains unconsumed results, skip this idle tick. The heartbeat's own self-message (sent when results arrive) will wake the agent, which then sees the results in _prepare_prompt() and processes them before composing. Companion to wsr PR (runtime-runtime mirror). Changes: - workspace/main.py: pending-results check in _run_idle_loop() (+26 lines) - workspace/tests/test_idle_loop_pending_check.py: 6-case unit test Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 05:52:58 +00:00
Molecule AI Core-BE	93b7d9a88a	fix(a2a_tools): add comment + test coverage for string-form error handling in delegate_task ... Staging branch bea89ce4 introduced duplicate dead code after a `return` in the delegate_task error-handling block — the first occurrence was the correct fix (adding isinstance(err, str)), but the second occurrence (now unreachable) made the block fragile. Main already has the correct code; this branch adds an explanatory comment and regression tests. The non-tool delegate_task() in a2a_tools.py uses httpx.AsyncClient directly (not send_a2a_message) and must handle three A2A proxy error shapes: {"error": "plain string"} ← the bug fix: isinstance(err, str) {"error": {"message": "...", ...}} ← pre-existing path {"error": {"nested": "object"}} ← falls through to str(err) Adds TestDelegateTaskDirect: test_string_form_error_returns_error_message — regression for AttributeError test_dict_form_error_returns_error_message — pre-existing path still works test_success_returns_result_text — happy path still works Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 05:51:48 +00:00
Molecule AI · core-be	7986648ebd	Merge pull request 'fix(workspace): OFFSEC-003 sanitize polling-path delegation results' (#390) from runtime/offsec-003-polling-path-v2 into staging	2026-05-11 05:20:25 +00:00
Molecule AI Infra-Runtime-BE	8e94c178d2	fix(workspace): OFFSEC-003 sanitize polling-path delegation results ... Issue: _delegate_sync_via_polling (RFC #2829 PR-5 sync path) returned unsanitized response_preview and error_detail fields to the agent context. A malicious peer could inject trust-boundary markers to break the boundary established by the main sanitization layer. Changes: - a2a_tools_delegation.py: sanitize response_preview before returning on completed; sanitize error_detail/summary before wrapping in _A2A_ERROR_PREFIX - test_a2a_tools_delegation.py: TestPollingPathSanitization covers both paths Companion to PR #382 (runtime/offsec-003-executor-sanitize) which covers the async heartbeat path in executor_helpers.read_delegation_results. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 04:53:48 +00:00
Molecule AI Infra-Runtime-BE	3f6de6fe8b	fix(workspace): OFFSEC-003 sanitize read_delegation_results() ... Adds _sanitize_a2a.py (from PR #346) and integrates sanitize_a2a_result() into read_delegation_results() so peer-supplied summary and response_preview fields are escaped before being injected into the agent prompt. Output is wrapped in [A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER] boundary markers so content after the block is clearly not from a peer. Fixes: - test_a2a_executor.py: correct mock patch path to executor_helpers - test_executor_helpers.py: fix boundary-injection test assertion to match _strip_closed_blocks behaviour (closes marker, removes following text) Follow-up to PR #346 (OFFSEC-003 boundary escape) which noted "read_delegation_results() path still needs sanitization" as a gap. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 04:14:52 +00:00
Molecule AI Core-BE	99f3cf7c8f	[core-be-agent] fix(#354): wire delegation-results consumer into a2a executor ... Close the A2A delegation auto-resume gap. Root cause: heartbeat.py's _check_delegations already writes completed delegation rows to DELEGATION_RESULTS_FILE and sends a self-message to wake the agent. executor_helpers.read_delegation_results() was defined to atomically consume that file, but a2a_executor._core_execute() never called it — so delegation results were written but the agent never saw them. Fix: call read_delegation_results() at the top of _core_execute() and prepend the results to the user input context so the agent can act on them without an explicit check_task_status call. The Temporal durable workflow path is also covered because it calls _core_execute() directly. Test: two new cases — delegation results injected when file exists; user input passed through unchanged when file is empty. Closes molecule-core#354.	2026-05-11 02:49:32 +00:00
Molecule AI Infra-Runtime-BE	3eb3609b0c	test(workspace): add queue_id-absence and push-vs-poll distinction tests ... Incorporates valuable extra coverage from fullstack-engineer's PR #336: - test_push_queued_missing_queue_id_still_parsed: queue_id is optional, absence must not break parsing - test_push_queued_is_distinct_from_poll_queued: both envelope shapes parse correctly and independently, with correct delivery_mode values Also adds push_queued_no_queue_id fixture and regression gate entry. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 02:47:21 +00:00
Molecule AI Infra-Runtime-BE	0a9b66a3ed	fix(workspace): push-mode Queued returns delivery_mode="push" (not silent default "poll") ... Bug: a2a_response.py:197 returned Queued(method=method) without passing delivery_mode, silently defaulting to "poll" for push-mode busy-queue responses. Callers branching on v.delivery_mode would mis-identify push-mode responses as poll-mode, causing wrong dispatch logic. Fix: pass delivery_mode="push" explicitly in the push-mode branch. Tests: add push_queued_full/notify/no_method fixtures and 4 test cases asserting delivery_mode="push" for all three envelope shapes. Also add adversarial {"queued": "yes"} and {"queued": False} → Malformed guards. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 02:47:21 +00:00
Molecule AI Infra-SRE	a205099652	fix(security): OFFSEC-003 — boundary-marker escape + shared sanitizer ... Root cause (from infra-lead PR#7 review id=724): Sanitization in PR#7 wrapped peer text in [A2A_RESULT_FROM_PEER] markers, but the markers themselves were not escaped — a malicious peer could inject "[/A2A_RESULT_FROM_PEER]" to close the trust boundary early, making subsequent text appear inside the trusted zone. Fix: - Create workspace/_sanitize_a2a.py (leaf module, no circular import risk) with shared sanitize_a2a_result() + _escape_boundary_markers() - _escape_boundary_markers() escapes boundary open/close markers in the raw peer text before wrapping (primary security control) - Defense-in-depth: also escapes SYSTEM/OVERRIDE/INSTRUCTIONS/IGNORE ALL/YOU ARE NOW patterns (secondary, per PR#7 design intent) - Update a2a_tools_delegation.py: import from _sanitize_a2a; wrap tool_delegate_task return and tool_check_task_status response_preview - Add 15 tests covering boundary escape, injection patterns, integration shapes (workspace/tests/test_a2a_sanitization.py) Follow-up (non-blocking, noted in PR#7 infra-lead review): - Deduplicate if a2a_tools.py also wraps (currently handled in delegation module only — callers get sanitized output regardless) - tool_check_task_status: consider sanitizing 'summary' field too Closes: molecule-ai/molecule-ai-workspace-runtime#7 (wrong-repo PR that this supersedes) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 02:16:09 +00:00
Molecule AI · fullstack-engineer	6958cd7966	Merge pull request 'fix(workspace): inject plugins_registry into sys.modules before loading adapters (closes #296)' (#326) from fix/issue-296-plugin-registry-sysmodules into staging	2026-05-10 21:14:10 +00:00
Molecule AI Fullstack Engineer	d4d3306150	fix(workspace): inject plugins_registry into sys.modules before loading adapters (closes #296) ... Plugin adapters in molecule-skill-* repos do: from plugins_registry.builtins import AgentskillsAdaptor as Adaptor But _load_module_from_path() used exec_module() with a fresh module namespace that did NOT have plugins_registry or its submodules in sys.modules, causing: ModuleNotFoundError: No module named 'plugins_registry' Fix: before exec_module(), import and register plugins_registry + all three submodules (builtins, protocol, raw_drop) in sys.modules so adapter imports resolve correctly. Follows the Option 1 recommendation from issue #296. Also adds test_resolve_plugin.py verifying the fix for both the AgentskillsAdaptor import and the full InstallContext/resolve/protocol import. Closes #296. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 14:17:16 +00:00
Molecule AI Fullstack Engineer	bea89ce4e9	fix(a2a): handle string-form errors in delegate_task ... The A2A proxy can return three error shapes: {"error": "plain string"} {"error": {"message": "...", "code": ...}} {"error": {"message": {"nested": "object"}}} ← value at .message is a string builtin_tools/a2a_tools.py:72 called data["error"].get("message") without guarding against error being a string, which raised: AttributeError: 'str' object has no attribute 'get' This broke every delegation attempt through the legacy a2a_tools path (the LangChain-wrapped version used by adapter templates). The SSOT parser a2a_response.py already handled string errors; the legacy inline sniffer in a2a_tools.py did not. Fix: branch on isinstance(err, dict/str/other) before calling .get(). Also update both publish-workflow files to remove the dead `staging` branch trigger — trunk-based migration (PR #109, 2026-05-08) removed the staging branch. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 11:39:32 +00:00