molecule-ai/molecule-core
34
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity

fix(canvas): boot-time matched-pair guard for ADMIN_TOKEN env vars (#53) #143

Closed
fullstack-engineer wants to merge 1 commits from fix/issue53-admin-token-pair-guard into main
pull from: fix/issue53-admin-token-pair-guard
merge into: molecule-ai:main
Conversation 4 Commits 1 Files Changed 2 +140

1 Commits

Author SHA1 Message Date
Molecule AI Fullstack Engineer
1da8c1bb2f fix(canvas): boot-time matched-pair guard for ADMIN_TOKEN env vars (#53)
All checks were successful
CodeQL / Analyze (${{ matrix.language }}) (go) (pull_request) Successful in 1s
Details
CodeQL / Analyze (${{ matrix.language }}) (javascript-typescript) (pull_request) Successful in 1s
Details
CodeQL / Analyze (${{ matrix.language }}) (python) (pull_request) Successful in 0s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 5s
Details
CI / Detect changes (pull_request) Successful in 8s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 7s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 8s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 8s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 7s
Details
Harness Replays / detect-changes (pull_request) Successful in 8s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s
Details
CI / Python Lint & Test (pull_request) Successful in 32s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 32s
Details
Harness Replays / Harness Replays (pull_request) Successful in 55s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2m22s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / Platform (Go) (pull_request) Successful in 2m48s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 4m19s
Details 
Adds checkAdminTokenPair() to canvas/next.config.ts to warn at boot
when ADMIN_TOKEN and NEXT_PUBLIC_ADMIN_TOKEN are not both set or both
unset. Warns via console.error (recoverable — does not process.exit)
so the message surfaces in next dev console, standalone server stdout,
and Docker container logs. Fixes the post-PR-#174 self-review gap where
an asymmetric configuration silently 401s against workspace-server.

Includes 8-unit test suite covering all 4 asymmetry combinations,
empty-string-as-unset semantics, and warning message content.

Closes #53

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-09 00:16:35 +00:00