fix(workspace): OFFSEC-003 sanitize read_delegation_results() #382

Merged

core-be merged 1 commits from runtime/offsec-003-executor-sanitize into staging

2026-05-11 05:18:36 +00:00

Author	SHA1	Message	Date
Molecule AI Infra-Runtime-BE	3f6de6fe8b	fix(workspace): OFFSEC-003 sanitize read_delegation_results() All checks were successful Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 12s Details sop-tier-check / tier-check (pull_request) Manual override — infra#241 runner broken. infra-lead APPROVED. PR routes read_delegation_results through sanitize_a2a_result. Details audit-force-merge / audit (pull_request) Successful in 10s Details Adds _sanitize_a2a.py (from PR #346) and integrates sanitize_a2a_result() into read_delegation_results() so peer-supplied summary and response_preview fields are escaped before being injected into the agent prompt. Output is wrapped in [A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER] boundary markers so content after the block is clearly not from a peer. Fixes: - test_a2a_executor.py: correct mock patch path to executor_helpers - test_executor_helpers.py: fix boundary-injection test assertion to match _strip_closed_blocks behaviour (closes marker, removes following text) Follow-up to PR #346 (OFFSEC-003 boundary escape) which noted "read_delegation_results() path still needs sanitization" as a gap. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 04:14:52 +00:00

Author

SHA1

Message

Date

Molecule AI Infra-Runtime-BE

3f6de6fe8b

fix(workspace): OFFSEC-003 sanitize read_delegation_results()

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 12s

Details

sop-tier-check / tier-check (pull_request) Manual override — infra#241 runner broken. infra-lead APPROVED. PR routes read_delegation_results through sanitize_a2a_result.

Details

audit-force-merge / audit (pull_request) Successful in 10s

Details

Adds _sanitize_a2a.py (from PR #346) and integrates sanitize_a2a_result()
into read_delegation_results() so peer-supplied summary and response_preview
fields are escaped before being injected into the agent prompt.

Output is wrapped in [A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER]
boundary markers so content after the block is clearly not from a peer.

Fixes:
- test_a2a_executor.py: correct mock patch path to executor_helpers
- test_executor_helpers.py: fix boundary-injection test assertion to match
  _strip_closed_blocks behaviour (closes marker, removes following text)

Follow-up to PR #346 (OFFSEC-003 boundary escape) which noted
"read_delegation_results() path still needs sanitization" as a gap.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-11 04:14:52 +00:00

fix(workspace): OFFSEC-003 sanitize read_delegation_results() #382

1 Commits