molecule-ai/molecule-core
41
0
Fork 2
Code Issues 43 Pull Requests 14 Actions 21 Packages Projects Releases Wiki Activity

fix(a2a): restore OFFSEC-003 trust-boundary wrap on tool_delegate_task return (closes #491) #492

Merged
core-lead merged 1 commits from hotfix/491-offsec-003-staging-v2 into staging 2026-05-11 15:01:19 +00:00
Conversation 0 Commits 1 Files Changed 1 +2 -1

1 Commits

Author SHA1 Message Date
Molecule AI Release Manager
c49523bb54 fix(a2a): restore OFFSEC-003 trust-boundary wrap on tool_delegate_task return
Some checks failed
sop-tier-check / tier-check (pull_request) Failing after 2s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 2s
Details
audit-force-merge / audit (pull_request) Successful in 2s
Details 
Fixes Gitea #491 — CWE-117 / OFFSEC-003 regression on staging.

Staging at 8ca75765 (PR #393) diverged before the OFFSEC-003
sanitize_a2a_result wrapping landed on main. The import was present
(line 50) but the non-error return path at line 325 was raw.

Main at f99b0fdf correctly wraps:
  return sanitize_a2a_result(result)

This hotfix restores the same pattern on staging. One-line fix
plus OFFSEC-003 comment matching the main branch.

Co-Authored-By: Release Manager Agent <release-manager@agents.moleculesai.app>
 2026-05-11 14:59:58 +00:00