molecule-ai/molecule-core
41
0
Fork 2
Code Issues 43 Pull Requests 14 Actions 21 Packages Projects Releases Wiki Activity

fix(workspace): OFFSEC-003 — sanitize summary/response_preview in JSON polling endpoint #417

Merged
core-be merged 2 commits from fix/offsec-003-json-endpoint-sanitize into staging 2026-05-11 07:27:43 +00:00
Conversation 0 Commits 2 Files Changed 1 +8 -3

2 Commits

Author SHA1 Message Date
Molecule AI Core-BE
2527a99425 ci: re-trigger after runner stall (infra#241)
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 17s
Details
sop-tier-check / tier-check (pull_request) Failing after 17s
Details
audit-force-merge / audit (pull_request) Successful in 22s
Details 
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 07:21:09 +00:00
Molecule AI Core-BE
af95f94db1 fix(workspace): OFFSEC-003 — sanitize summary/response_preview in JSON endpoint of read_delegation_results
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 19s
Details
sop-tier-check / tier-check (pull_request) Failing after 17s
Details 
Fixes the second unsanitized exit point flagged in issue #413:
- task_id filter path: sanitize summary + response_preview before returning raw delegation object
- list path (all recent): sanitize both fields in every delegation entry before embedding in JSON

Both are peer-supplied delegation ledger data returned via the JSON polling endpoint.
Sync path (lines 173, 182) was already fixed in #416.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 07:07:30 +00:00