molecule-ai/molecule-core
39
0
Fork 2
Code Issues 46 Pull Requests 32 Actions 5 Packages Projects Releases Wiki Activity

fix(canvas): add aria-label + cursor-pointer to ConfirmDialog backdrop (WCAG 4.1.2) #406

Closed
fullstack-engineer wants to merge 19 commits from fix/confirm-dialog-wcag-backdrop into main
pull from: fix/confirm-dialog-wcag-backdrop
merge into: molecule-ai:main
Conversation 2 Commits 19 Files Changed 20 +1242 -35

19 Commits

Author SHA1 Message Date
Molecule AI Fullstack Engineer
1a3045109f fix(canvas): add aria-label + cursor-pointer to ConfirmDialog backdrop (WCAG 4.1.2)
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 9s
Details
sop-tier-check / tier-check (pull_request) Successful in 27s
Details
audit-force-merge / audit (pull_request) Has been skipped
Details 
Adds cursor-pointer and aria-label="Dismiss dialog" to the backdrop div in
ConfirmDialog — the div is interactive (onClick={onCancel}) but previously
had no accessible name, violating WCAG 4.1.2 (Name, Role, Value).

Fixes #395 / #398.
 2026-05-11 06:14:26 +00:00
Molecule AI · core-be
912fba4a79 Merge pull request 'fix(workspace): auto-suffix duplicate names on Canvas create (closes 500 on double-click)' (#347) from fix/issue-workspace-dup-name-409-autosuffix into staging
All checks were successful
Secret scan / Scan diff for credential-shaped strings (push) Successful in 7s
Details
2026-05-11 05:39:12 +00:00
Molecule AI · core-be
7986648ebd Merge pull request 'fix(workspace): OFFSEC-003 sanitize polling-path delegation results' (#390) from runtime/offsec-003-polling-path-v2 into staging
Some checks are pending
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
2026-05-11 05:20:25 +00:00
Molecule AI · core-be
e2c0d9a39b Merge pull request 'fix(workspace): OFFSEC-003 sanitize read_delegation_results()' (#382) from runtime/offsec-003-executor-sanitize into staging
Some checks are pending
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
2026-05-11 05:18:28 +00:00
Molecule AI Infra-Runtime-BE
8e94c178d2 fix(workspace): OFFSEC-003 sanitize polling-path delegation results
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 11s
Details
sop-tier-check / tier-check (pull_request) Manual override — infra#241 runner broken. OFFSEC-003 polling-path sanitization fix.
Details
audit-force-merge / audit (pull_request) Successful in 11s
Details 
Issue: _delegate_sync_via_polling (RFC #2829 PR-5 sync path) returned
unsanitized response_preview and error_detail fields to the agent context.
A malicious peer could inject trust-boundary markers to break the boundary
established by the main sanitization layer.

Changes:
- a2a_tools_delegation.py: sanitize response_preview before returning on
  completed; sanitize error_detail/summary before wrapping in _A2A_ERROR_PREFIX
- test_a2a_tools_delegation.py: TestPollingPathSanitization covers both paths

Companion to PR #382 (runtime/offsec-003-executor-sanitize) which covers
the async heartbeat path in executor_helpers.read_delegation_results.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 04:53:48 +00:00
Molecule AI Infra-Runtime-BE
3f6de6fe8b fix(workspace): OFFSEC-003 sanitize read_delegation_results()
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 12s
Details
sop-tier-check / tier-check (pull_request) Manual override — infra#241 runner broken. infra-lead APPROVED. PR routes read_delegation_results through sanitize_a2a_result.
Details
audit-force-merge / audit (pull_request) Successful in 10s
Details 
Adds _sanitize_a2a.py (from PR #346) and integrates sanitize_a2a_result()
into read_delegation_results() so peer-supplied summary and response_preview
fields are escaped before being injected into the agent prompt.

Output is wrapped in [A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER]
boundary markers so content after the block is clearly not from a peer.

Fixes:
- test_a2a_executor.py: correct mock patch path to executor_helpers
- test_executor_helpers.py: fix boundary-injection test assertion to match
  _strip_closed_blocks behaviour (closes marker, removes following text)

Follow-up to PR #346 (OFFSEC-003 boundary escape) which noted
"read_delegation_results() path still needs sanitization" as a gap.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 04:14:52 +00:00
Molecule AI Core-DevOps
b1b5c67055 fix(ci): install jq before sop-tier-check script runs
All checks were successful
Secret scan / Scan diff for credential-shaped strings (push) Successful in 9s
Details 
Root cause: the sop-tier-check.sh script uses jq extensively for all
JSON API parsing (whoami, labels, team IDs, reviews). Gitea Actions
runners (ubuntu-latest label) do not bundle jq — script exits at
line 67 with "jq: command not found", producing "Failing after 1-3s"
status on every staging PR.

Fix: add apt-get install -y jq step before the script run.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 03:35:47 +00:00
Molecule AI · core-be
de5d8585c7 Merge pull request 'fix(platform): A2A proxy ResponseHeaderTimeout 60s → 180s default, env-configurable' (#322) from fix/a2a-proxy-response-header-timeout-clean into staging
All checks were successful
Secret scan / Scan diff for credential-shaped strings (push) Successful in 3s
Details
2026-05-11 01:34:44 +00:00
core-be
8c68159e42 fix(workspace): auto-suffix duplicate names on POST /workspaces (closes 500 on double-click)
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 3s
Details
sop-tier-check / tier-check (pull_request) Manual override — infra#241 runner broken
Details
audit-force-merge / audit (pull_request) Successful in 6s
Details 
The Canvas template-deploy path returned HTTP 500 with raw pq error
when a user clicked a template card twice in quick succession. Root
cause: migration 20260506000000 added the partial-unique index
`workspaces_parent_name_uniq` on (COALESCE(parent_id, sentinel), name)
WHERE status != 'removed' to close TOCTOU on /org/import (#2872). The
org-import handler resolves the constraint via ON CONFLICT DO NOTHING
+ idempotent re-select. The Canvas Create handler did not — it
bubbled the pq violation as a generic 500.

Fix: auto-suffix the user-typed name on collision via a small retry
helper that pins on SQLSTATE 23505 + constraint name (so unrelated
unique indexes still fail loud), retries with " (2)", " (3)" up to
N=20, and threads the actually-persisted name back into the response
+ broadcast payload (so the canvas displays what the DB actually
holds). Exhaustion maps to a clean 409 Conflict instead of a 500.

#2872 protection is preserved unchanged — the index stays in place,
and /org/import's ON CONFLICT path is unaffected. The bundle-import
INSERT (handlers/bundle.go) is a separate code path and is not
touched here; if it surfaces the same UX issue a follow-up can adopt
the same helper.

Verification (against running localhost:8080 platform):

  Three back-to-back POSTs with name="ManualVerify-1778459812":
    POST #1 -> 201, id=db2dacf7-…, persisted name="ManualVerify-1778459812"
    POST #2 -> 201, id=f468083d-…, persisted name="ManualVerify-1778459812 (2)"
    POST #3 -> 201, id=5f5ae905-…, persisted name="ManualVerify-1778459812 (3)"
  Log lines: "name collision auto-suffix \"…\" -> \"… (N)\""

Tests:
- workspace_create_name_test.go — 4 unit tests via sqlmock pin the
  retry contract (happy path no-suffix, single-collision -> " (2)",
  non-retryable error pass-through, exhaustion -> errWorkspaceNameExhausted).
- workspace_create_name_integration_test.go — 2 real-Postgres tests
  (build tag `integration`) confirm the partial-unique index
  behaviour AND the WHERE status != 'removed' tombstone exemption.
- Watch-it-fail confirmed: temporarily removing the
  `fmt.Sprintf("%s (%d)", baseName, attempt+1)` candidate-naming
  line makes TestInsertWorkspaceWithNameRetry_SecondAttemptSuffixed
  fail with the expected argument-mismatch from sqlmock.

Pre-existing test failures in handlers/ (TestExecuteDelegation_…,
TestMCPHandler_CommitMemory_GlobalScope_Blocked) reproduce on
unmodified staging and are NOT caused by this change.
 2026-05-10 17:37:34 -07:00
Molecule AI · fullstack-engineer
6958cd7966 Merge pull request 'fix(workspace): inject plugins_registry into sys.modules before loading adapters (closes #296)' (#326) from fix/issue-296-plugin-registry-sysmodules into staging
All checks were successful
Secret scan / Scan diff for credential-shaped strings (push) Successful in 3s
Details
2026-05-10 21:14:10 +00:00
Molecule AI Fullstack Engineer
ba0680d5fb fix(platform): A2A proxy ResponseHeaderTimeout 60s → 180s default, env-configurable
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 2s
Details
sop-tier-check / tier-check (pull_request) Failing after 1s
Details
audit-force-merge / audit (pull_request) Successful in 3s
Details 
Cherry-pick of d79a4bd2 from PR #318 onto fresh main base (PR #318 closed).

Issue #310: platform a2a-proxy logs ~300/hr
`timeout awaiting response headers` because ResponseHeaderTimeout was hardcoded
to 60s. Opus agent turns (big context + internal delegate_task round-trips)
routinely exceed 60s, so the proxy gave up before headers arrived even when
the workspace agent was healthy.

Changes:
- a2a_proxy.go: ResponseHeaderTimeout: 60s hardcoded →
  envx.Duration("A2A_PROXY_RESPONSE_HEADER_TIMEOUT", 180s).
  180s gives Opus turns comfortable headroom. The X-Timeout caller header
  still bounds the absolute request ceiling independently.
- a2a_proxy_test.go: TestA2AClientResponseHeaderTimeout verifies the 180s
  default and env-override parsing logic.

Env var: A2A_PROXY_RESPONSE_HEADER_TIMEOUT (e.g. 5m, 300s).

Closes #310.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-10 14:47:56 +00:00
Molecule AI Fullstack Engineer
d4d3306150 fix(workspace): inject plugins_registry into sys.modules before loading adapters (closes #296)
Some checks failed
sop-tier-check / tier-check (pull_request) Failing after 3s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 58s
Details
audit-force-merge / audit (pull_request) Successful in 2s
Details 
Plugin adapters in molecule-skill-* repos do:
  from plugins_registry.builtins import AgentskillsAdaptor as Adaptor

But _load_module_from_path() used exec_module() with a fresh module
namespace that did NOT have plugins_registry or its submodules in sys.modules,
causing:
  ModuleNotFoundError: No module named 'plugins_registry'

Fix: before exec_module(), import and register plugins_registry + all three
submodules (builtins, protocol, raw_drop) in sys.modules so adapter imports
resolve correctly.  Follows the Option 1 recommendation from issue #296.

Also adds test_resolve_plugin.py verifying the fix for both the
AgentskillsAdaptor import and the full InstallContext/resolve/protocol import.

Closes #296.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-10 14:17:16 +00:00
Molecule AI · core-devops
a3c9f0b717 Merge pull request 'ci: pin GitHub Actions by SHA instead of mutable tags (staging sync)' (#276) from ci/staging-sha-pinning into staging
Some checks failed
Secret scan / Scan diff for credential-shaped strings (push) Failing after 2s
Details
2026-05-10 14:03:05 +00:00
Molecule AI · infra-lead
de9f46ea30 Merge pull request '[release-blocker] fix(ci): retry git clone in clone-manifest.sh (publish-workspace-server-image OOM flake)' (#298) from fix/publish-workspace-server-ci-clone-manifest-retry into staging
Some checks are pending
Secret scan / Scan diff for credential-shaped strings (push) Waiting to run
Details
2026-05-10 12:44:35 +00:00
Molecule AI Infra Lead
7ff5622a42 [infra-lead-agent] fix(ci): retry git clone in clone-manifest.sh (publish-workspace-server-image flake)
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 1s
Details
sop-tier-check / tier-check (pull_request) Failing after 1s
Details
audit-force-merge / audit (pull_request) Failing after 2s
Details 
The publish-workspace-server-image / build-and-push job clones the full
manifest (~36 repos) serially in the "Pre-clone manifest deps" step on a
memory-constrained Gitea Actions runner. Under host memory pressure the
OOM killer SIGKILLs git-remote-https mid-clone:

  cloning .../molecule-ai-plugin-molecule-skill-code-review.git ...
  error: git-remote-https died of signal 9
  fatal: the remote end hung up unexpectedly
    Failure - Main Pre-clone manifest deps
  exitcode '128': failure

Observed in run 4622 (2026-05-10, staging HEAD b5d2ab88) — died on the
14th of 36 clones, which red-lights CI and wedges staging→main.

Wrap each `git clone` in clone-manifest.sh with bounded retry + backoff
(3 attempts, 3s/6s), wiping any partial checkout between tries. A single
transient SIGKILL / network blip no longer fails the whole tenant image
rebuild. Benefits every caller of the script (publish-workspace-server-image,
harness-replays, Dockerfile builds, local quickstart).

This is a mitigation; the durable fix is more runner RAM/swap on the
operator host — tracked separately with Infra-SRE.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-10 11:58:09 +00:00
Molecule AI Fullstack Engineer
bea89ce4e9 fix(a2a): handle string-form errors in delegate_task
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Failing after 14s
Details
sop-tier-check / tier-check (pull_request) Failing after 7s
Details
audit-force-merge / audit (pull_request) Failing after 5s
Details 
The A2A proxy can return three error shapes:
  {"error": "plain string"}
  {"error": {"message": "...", "code": ...}}
  {"error": {"message": {"nested": "object"}}}   ← value at .message is a string

builtin_tools/a2a_tools.py:72 called data["error"].get("message")
without guarding against error being a string, which raised:
  AttributeError: 'str' object has no attribute 'get'

This broke every delegation attempt through the legacy a2a_tools path
(the LangChain-wrapped version used by adapter templates). The
SSOT parser a2a_response.py already handled string errors; the
legacy inline sniffer in a2a_tools.py did not.

Fix: branch on isinstance(err, dict/str/other) before calling .get().

Also update both publish-workflow files to remove the dead
`staging` branch trigger — trunk-based migration (PR #109,
2026-05-08) removed the staging branch.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-10 11:39:32 +00:00
Molecule AI · integration-tester
14f05b5a64 chore: restore manifest.json after trigger test 2026-05-10 11:38:34 +00:00
Molecule AI · integration-tester
7caee806df chore: trigger publish workflow [Integration Tester 2026-05-10T08:45Z] 2026-05-10 11:38:34 +00:00
Molecule AI · integration-tester
a914f675a4 chore: staging trigger commit from Integration Tester 2026-05-10 11:38:34 +00:00