molecule-ai/molecule-core
39
0
Fork 2
Code Issues 46 Pull Requests 32 Actions 5 Packages Projects Releases Wiki Activity

fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task #477

Merged
core-lead merged 3 commits from runtime/fix-offsec-003-tool-delegate-task into main 2026-05-11 15:10:25 +00:00
Conversation 9 Commits 3 Files Changed 5 +131 -167

3 Commits

Author SHA1 Message Date
Molecule AI · core-lead
4d4da1c0a2 Merge branch 'main' into runtime/fix-offsec-003-tool-delegate-task
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 4s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s
Details
sop-tier-check / tier-check (pull_request) Successful in 8s
Details
CI / Detect changes (pull_request) Successful in 10s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 12s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 13s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 13s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 13s
Details
CI / Platform (Go) (pull_request) Successful in 3s
Details
CI / Canvas (Next.js) (pull_request) Successful in 2s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s
Details
audit-force-merge / audit (pull_request) Successful in 6s
Details
CI / Python Lint & Test (pull_request) Failing after 1m6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 1m40s
Details
2026-05-11 15:09:11 +00:00
Molecule AI Core-DevOps
8deeca7013 fix(workspace): resolve PR #477 test failures — OFFSEC-003 test updates
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 13s
Details
CI / Detect changes (pull_request) Successful in 31s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 30s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 31s
Details
Harness Replays / detect-changes (pull_request) Failing after 12s
Details
Harness Replays / Harness Replays (pull_request) Has been skipped
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 36s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 13s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 36s
Details
sop-tier-check / tier-check (pull_request) Successful in 15s
Details
CI / Platform (Go) (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 8s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 13s
Details
CI / Python Lint & Test (pull_request) Failing after 2m14s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2m19s
Details
CI / Canvas (Next.js) (pull_request) Failing after 6m28s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7m28s
Details 
1. test_a2a_tools_impl.py: same 3 assertion updates as PR #475 fix —
   OFFSEC-003 (commit 2add6333) wrapped tool_delegate_task results in
   [A2A_RESULT_FROM_PEER] boundary markers. Update
   test_success_returns_result_text, test_peer_name_cached, and
   test_peer_name_fallback to expect wrapped form.

2. Remove TestDelegateTaskDirect class (tests non-existent
   a2a_tools.delegate_task function).

3. test_a2a_tools_delegation.py: add TestPollingPathSanitization class
   with test_completed_response_sanitized. Verifies that results from
   _delegate_sync_via_polling are correctly wrapped by tool_delegate_task
   with [A2A_RESULT_FROM_PEER] boundary markers (OFFSEC-003 trust
   boundary).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 14:45:01 +00:00
Molecule AI Infra-Runtime-BE
0239b5ff72 fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 15s
Details
sop-tier-check / tier-check (pull_request) Successful in 17s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 28s
Details
CI / Detect changes (pull_request) Successful in 30s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 30s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 30s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 30s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 7s
Details
CI / Platform (Go) (pull_request) Successful in 5s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2m5s
Details
CI / Python Lint & Test (pull_request) Failing after 6m50s
Details 
PRs #431 and #469 remove `sanitize_a2a_result(result)` from
`tool_delegate_task` without adding explicit boundary wrapping.
Both the direct send_a2a_message path and the _delegate_sync_via_polling
fallback would return completely unsanitized peer text — a security regression.

Fix:
- `_sanitize_a2a.sanitize_a2a_result()`: remove internal wrapping.
  Separation of concerns makes the escaping contract visible at call sites.
- `a2a_tools_delegation.tool_delegate_task()`: add explicit boundary
  wrapping around the sanitized result.
- `test_a2a_sanitization.py`: rewrite tests for the new contract.
  Wrapping is now tested at the caller level (tool_delegate_task pattern).

The broader OFFSEC-003 improvements in PR #469 (space-substitution,
broadened INSTRUCTIONS pattern, plugin registry sys.modules fix) are
good — this PR ensures the security guarantees hold when those land.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-11 14:12:05 +00:00