molecule-core

molecule-ai/molecule-core

Fork 2

Commit Graph

Author	SHA1	Message	Date
Molecule AI Backend Engineer	53284c4626	feat(platform): per-org plugin governance registry (#591 ) Add an org-scoped allowlist table so org admins can restrict which plugins workspace agents are allowed to install. An empty allowlist means allow-all (backward-compatible with existing deployments). • migrations/027_org_plugin_allowlist.{up,down}.sql — new table + unique index on (org_id, plugin_name) • handlers/org_plugin_allowlist.go — resolveOrgID, checkOrgPluginAllowlist (fail-open on DB errors), GetAllowlist, PutAllowlist (atomic tx replace) • handlers/org_plugin_allowlist_test.go — 23 unit tests covering all handler paths, resolveOrgID, and all checkOrgPluginAllowlist branches • handlers/plugins_install.go — allowlist gate between resolveAndStage and deliverToContainer; returns 403 if plugin is blocked • router/router.go — GET/PUT /orgs/:id/plugins/allowlist under AdminAuth All tests pass; go build ./... clean; gosec Issues: 0 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 05:40:23 +00:00
Hongming Wang	1129b67fed	refactor(platform): split 981-line plugins.go into per-domain modules Pure mechanical split — no behavior changes. Groups the PluginsHandler surface area by responsibility so each file stays focused and readable. Before: plugins.go — 981 lines, 32 funcs After: plugins.go — 194 (struct, constructor, shared helpers) plugins_sources.go — 14 (ListSources) plugins_listing.go — 174 (ListRegistry, ListInstalled, ListAvailableForWorkspace, CheckRuntimeCompatibility) plugins_install.go — 276 (Install, Uninstall, Download handlers) plugins_install_pipeline.go — 368 (resolveAndStage, deliverToContainer, copy/stream tar, CLAUDE.md marker stripping, dirSize, httpErr, installRequest/stageResult, install-layer consts + envx caps) plugins_test.go (1365 lines) untouched — tests pass unchanged. go build, go vet, and go test -race ./internal/handlers/... all clean. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 18:01:59 -07:00

Author

SHA1

Message

Date

Molecule AI Backend Engineer

53284c4626

feat(platform): per-org plugin governance registry (#591 )

Add an org-scoped allowlist table so org admins can restrict which plugins
workspace agents are allowed to install.  An empty allowlist means
allow-all (backward-compatible with existing deployments).

• migrations/027_org_plugin_allowlist.{up,down}.sql — new table + unique
  index on (org_id, plugin_name)
• handlers/org_plugin_allowlist.go — resolveOrgID, checkOrgPluginAllowlist
  (fail-open on DB errors), GetAllowlist, PutAllowlist (atomic tx replace)
• handlers/org_plugin_allowlist_test.go — 23 unit tests covering all
  handler paths, resolveOrgID, and all checkOrgPluginAllowlist branches
• handlers/plugins_install.go — allowlist gate between resolveAndStage and
  deliverToContainer; returns 403 if plugin is blocked
• router/router.go — GET/PUT /orgs/:id/plugins/allowlist under AdminAuth

All tests pass; go build ./... clean; gosec Issues: 0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-17 05:40:23 +00:00

Hongming Wang

1129b67fed

refactor(platform): split 981-line plugins.go into per-domain modules

Pure mechanical split — no behavior changes. Groups the PluginsHandler
surface area by responsibility so each file stays focused and readable.

Before: plugins.go — 981 lines, 32 funcs
After:
  plugins.go                   — 194  (struct, constructor, shared helpers)
  plugins_sources.go           —  14  (ListSources)
  plugins_listing.go           — 174  (ListRegistry, ListInstalled,
                                       ListAvailableForWorkspace,
                                       CheckRuntimeCompatibility)
  plugins_install.go           — 276  (Install, Uninstall, Download handlers)
  plugins_install_pipeline.go  — 368  (resolveAndStage, deliverToContainer,
                                       copy/stream tar, CLAUDE.md marker
                                       stripping, dirSize, httpErr,
                                       installRequest/stageResult,
                                       install-layer consts + envx caps)

plugins_test.go (1365 lines) untouched — tests pass unchanged.
go build, go vet, and go test -race ./internal/handlers/... all clean.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-13 18:01:59 -07:00

2 Commits