molecule-ai/molecule-core
41
0
Fork 2
Code Issues 103 Pull Requests 142 Actions 109 Packages Projects Releases Wiki Activity
6,311 Commits 935 Branches 43 Tags 71 MiB
8b11368656
Commit Graph

3 Commits

Author SHA1 Message Date
Molecule AI Core-QA
25866ec200 fix(workspace/OFFSEC-003): correct boundary wrapping + add closer truncation
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 19s
Details
CI / Detect changes (pull_request) Successful in 1m17s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m20s
Details
publish-runtime-autobump / bump-and-tag (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m18s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m2s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s
Details
qa-review / approved (pull_request) Failing after 19s
Details
sop-checklist / na-declarations (pull_request) awaiting /sop-n/a declaration for: qa-review, security-review
Details
security-review / approved (pull_request) Failing after 20s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 37s
Details
publish-runtime-autobump / pr-validate (pull_request) Successful in 55s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m31s
Details
sop-checklist / all-items-acked (pull_request) Successful in 27s
Details
sop-tier-check / tier-check (pull_request) Successful in 29s
Details
CI / Platform (Go) (pull_request) Successful in 9s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 10s
Details
CI / all-required (pull_request) Blocked by required conditions
Details
CI / Canvas (Next.js) (pull_request) Successful in 15s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 18s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 19s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 9s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 3m7s
Details
audit-force-merge / audit (pull_request) Successful in 18s
Details
gate-check-v3 / gate-check (pull_request) Failing after 13m24s
Details
CI / Python Lint & Test (pull_request) Successful in 7m31s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details 
Two bugs fixed in tool_delegate_task wrapping logic:

1. Wrapping used raw _A2A_BOUNDARY_START/_END markers, which
   appeared in the output alongside the escaped form of the peer
   content (e.g. "[A2A_RESULT_FROM_PEER]\n[/ A2A_RESULT...]").
   Fixed: wrap with _A2A_BOUNDARY_START_ESCAPED/_END_ESCAPED so the
   output contains no raw closer that could confuse downstream parsers.

2. A malicious peer could inject a fake closer ([/A2A_RESULT_FROM_PEER])
   to make legitimate content appear truncated. Fixed: truncate at the
   raw closer BEFORE sanitization (truncation loses the raw form, so
   escaping afterward cannot retroactively remove it).

Also fixes 10 regressions in test_a2a_offsec003_sanitization.py:
tests were written expecting ZWSP (U+200B) escaping but implementation
uses "[/ " prefix. Updated test invariants to match actual behavior.
Also fixed 5 tests using [A2A_ERROR] in summary fields (not a boundary
marker — no escaping applied) and updated test assertions in
test_a2a_tools_impl.py and test_delegation_sync_via_polling.py to
expect escaped wrapper forms.

Cherry-picked fix/test-stdio-function-name (e478b5b2) from main:
renamed _warn_if_stdio_not_pipe → _assert_stdio_is_pipe_compatible
and added deprecated alias, fixing dangling monkeypatch targets that
caused 5 test failures (issue #957).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 21:01:34 +00:00
Molecule AI Infra-Runtime-BE
635a42745a fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task (#477)
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 5s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 7s
Details
CI / Detect changes (push) Successful in 14s
Details
E2E API Smoke Test / detect-changes (push) Successful in 15s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 15s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 16s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 17s
Details
CI / Platform (Go) (push) Successful in 4s
Details
CI / Canvas (Next.js) (push) Successful in 4s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 4s
Details
CI / Canvas Deploy Reminder (push) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 6s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 6s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 4s
Details
publish-runtime-autobump / autobump-and-tag (push) Failing after 37s
Details
CI / Python Lint & Test (push) Failing after 1m15s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 1m35s
Details
Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 2s
Details
Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Failing after 5s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Failing after 5m17s
Details
ci-required-drift / drift (push) Failing after 51s
Details 
Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app>
Co-committed-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app>
 2026-05-11 15:10:25 +00:00
Molecule AI Infra-SRE
a205099652 fix(security): OFFSEC-003 — boundary-marker escape + shared sanitizer 
Root cause (from infra-lead PR#7 review id=724):
Sanitization in PR#7 wrapped peer text in [A2A_RESULT_FROM_PEER]
markers, but the markers themselves were not escaped — a malicious
peer could inject "[/A2A_RESULT_FROM_PEER]" to close the trust
boundary early, making subsequent text appear inside the trusted zone.

Fix:
- Create workspace/_sanitize_a2a.py (leaf module, no circular import
  risk) with shared sanitize_a2a_result() + _escape_boundary_markers()
- _escape_boundary_markers() escapes boundary open/close markers in the
  raw peer text before wrapping (primary security control)
- Defense-in-depth: also escapes SYSTEM/OVERRIDE/INSTRUCTIONS/IGNORE
  ALL/YOU ARE NOW patterns (secondary, per PR#7 design intent)
- Update a2a_tools_delegation.py: import from _sanitize_a2a; wrap
  tool_delegate_task return and tool_check_task_status response_preview
- Add 15 tests covering boundary escape, injection patterns, integration
  shapes (workspace/tests/test_a2a_sanitization.py)

Follow-up (non-blocking, noted in PR#7 infra-lead review):
- Deduplicate if a2a_tools.py also wraps (currently handled in
  delegation module only — callers get sanitized output regardless)
- tool_check_task_status: consider sanitizing 'summary' field too

Closes: molecule-ai/molecule-ai-workspace-runtime#7 (wrong-repo PR
that this supersedes)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 02:16:09 +00:00