fix(workspace): restore _sanitize_for_external and stderr parameter (CWE-117, closes #471) #517
Closed
core-lead
wants to merge 2 commits from
fix/471-cwe117-stderr-scrubbing into main
pull from: fix/471-cwe117-stderr-scrubbing
merge into: molecule-ai:main
molecule-ai:main
molecule-ai:design/tier-legend-contrast-2026-05-14
molecule-ai:sre/platform-go-timeout-fix
molecule-ai:fix/delegation-list-test-db-leak
molecule-ai:fix/984-delegation-id-response-body
molecule-ai:sre/queue-bot-fix-ctx-check
molecule-ai:fix/983-remove-duplicate-test-declarations
molecule-ai:fix/980-schedules-handler-test-coverage
molecule-ai:ci/975-db-pollution-fix
molecule-ai:fix/channels-test-nildb
molecule-ai:fix/986-canvas-wcag-focus-rings
molecule-ai:fix/993-agent-handler-test-coverage
molecule-ai:design/wcag-focus-contrast-2026-05-14
molecule-ai:design/wcag-focus-rings-round5-2026-05-14
molecule-ai:fix/activity-logs-delegation-id-response-body
molecule-ai:fix/982-expand-posix-identifier-guard
molecule-ai:fix/test-offsec003-redundant-file
molecule-ai:feat/976-schedules-handler-test-coverage
molecule-ai:fix/org-helpers-test-panic
molecule-ai:staging
molecule-ai:promote/main-to-staging-v5
molecule-ai:staging-v6
molecule-ai:fix/965-test-panic-resolveInsideRoot
molecule-ai:promote/main-to-staging-v4
molecule-ai:feat/delegation-list-tests
molecule-ai:fix/test-a2a-sanitization-v3
molecule-ai:promote/main-to-staging-v3
molecule-ai:fix/duplicate-test-declarations
molecule-ai:feat/org-helpers-security-tests
molecule-ai:fix/main-push-operational-red
molecule-ai:promote/main-to-staging-v2
molecule-ai:fix-sop-concurrency-v2
molecule-ai:fix/sop-checklist-gate-name
molecule-ai:fix/docker-info-pipefail
molecule-ai:fix/publish-healthcheck-pipefail
molecule-ai:fix/sop-checklist-workflow-rename
molecule-ai:promote/main-to-staging
molecule-ai:sre/fix-sop-checklist-context-name-mc948
molecule-ai:design/wcag-contrast-round4-2026-05-14
molecule-ai:fix/org-helper-tests
molecule-ai:fix/test-a2a-sanitization-main
molecule-ai:fix/publish-image-on-every-main-push
molecule-ai:fix/remove-canvas-reminder-from-all-required
molecule-ai:fix/staging-integration-test-ctx
molecule-ai:fix/staging-canvas-reminder-deadlock
molecule-ai:design/wcag-a11y-round3-2026-05-14
molecule-ai:fix/917-zustand-selector-anti-patterns
molecule-ai:ci/remove-canvas-reminder-from-all-required
molecule-ai:fix/test-a2a-sanitization-assertions
molecule-ai:fix/staging-ci-drift-canvas-reminder
molecule-ai:fix/handlers-pg-integ-event-before
molecule-ai:ci/platform-build-flip-coe
molecule-ai:fix/staging-python-test-and-tier-check-lint
molecule-ai:fix/offsec-006-slug-injection
molecule-ai:runtime/fix-pr916-integration-test-ctx
molecule-ai:design/chat-tab-wcag-contrast-2026-05-14
molecule-ai:fix/offsec-006-slug-validation
molecule-ai:design/wcag-contrast-fixes-2026-05-14
molecule-ai:fix/904-handler-test-blockers
molecule-ai:fix/ci-drift-canvas-reminder
molecule-ai:fix/comment-trigger-storm
molecule-ai:infra/660-codify-promote-tenant-image
molecule-ai:fix/917-canvas-test-failures
molecule-ai:fix/917-runtime-prbuild-detect-changes-fix
molecule-ai:fix/filesTab-test-stale-reference
molecule-ai:fix/files-tab-test-missing-helper
molecule-ai:fix/runtime-prbuild-compat-detect-changes
molecule-ai:fix/staging-test-compilation-fixes
molecule-ai:fix/qa-review-token-fallback-v2
molecule-ai:test/hydrate-canvas-coverage
molecule-ai:fix/contextmenu-react-error-185
molecule-ai:test/external-runtimes-coverage
molecule-ai:fix/main-sqlmock-import-ineffassign-20260513
molecule-ai:fix/redeploy-tenants-on-main-lint-cleanup
molecule-ai:sre/docker-daemon-gate-fix
molecule-ai:fix/897-listdelegations-use-ledger-table
molecule-ai:fix/901-listdelegations-ledger-table
molecule-ai:fix/core-main-handlers-hotfix
molecule-ai:fix/e2e-api-platform-port
molecule-ai:fix/main-green-monitor-status
molecule-ai:fix/mobile-MobileChat-infinite-render
molecule-ai:fix/delegations-ledger-fallback-rows-err
molecule-ai:fix/874-extractmessagetext-clean
molecule-ai:feat/881-untested-helpers
molecule-ai:fix/874-extractmessagetext-bug
molecule-ai:fix/status-reaper-api-timeout-retry-20260513130514
molecule-ai:fix/831-admin-token-placeholder-bootstrap
molecule-ai:feat/canvas-test-coverage-738
molecule-ai:feat/files-tab-tree-coverage
molecule-ai:feat/canvas-untested-components-coverage
molecule-ai:feat/canvas-tab-test-coverage-2
molecule-ai:fix/main-bundle-test-sqlmock-import
molecule-ai:fix/stdio-fallback-all-environments
molecule-ai:staging-sync-v3
molecule-ai:ci/burn-in-remove-sop-tier-check-coe
molecule-ai:fix/issue-860-delivery-mode-tests
molecule-ai:design/approval-banner-emerald-fix
molecule-ai:fix/issue-854-termsgate-a11y
molecule-ai:fix/issue-859-wcag-contrast
molecule-ai:fix/delegations-rows-err-bbc40cb8
molecule-ai:design/approvalbanner-a11y
molecule-ai:design/pricingtable-a11y
molecule-ai:design/toolbar-help-toggle-fix
molecule-ai:staging-sync-v2
molecule-ai:fix/canvas-approvalbanner-a11y
molecule-ai:feat/canvas-external-connect-modal-coverage
molecule-ai:staging-sync-rm
molecule-ai:fix/test-sanitize-agent-error-stderr
molecule-ai:test/a2a-queue-extractExpiresInSeconds
molecule-ai:fix/pr-829-test-issues
molecule-ai:design/826-searchdialog-mount
molecule-ai:fix/chat-createMessage-attachments-key
molecule-ai:fix/762-recall-memory-canary
molecule-ai:fix/367-a2a-tools-coverage-v2
molecule-ai:feat/search-dialog-mount
molecule-ai:feat/org-layout-test-coverage
molecule-ai:fix/offsec-003-builtin-a2a-sanitize
molecule-ai:fix/canvas-playwright-install-timeout
molecule-ai:fix/805-audit-force-merge-main-required-checks
molecule-ai:fix/cf-sweep-api-error
molecule-ai:fix/e2e-diagnose-detail
molecule-ai:fix/a2a-mcp-server-http-transport
molecule-ai:fix/core-main-red-golangci-install
molecule-ai:fix/test-declarations
molecule-ai:fix/sop-checklist-body-hard-gate
molecule-ai:merge-792
molecule-ai:feat/mcp-tools-test-coverage
molecule-ai:feat/workspace-crud-test-coverage
molecule-ai:feat/socket-handler-test-coverage
molecule-ai:fix/686-delegation-integration-tests
molecule-ai:feat/a2a-proxy-helpers-test-coverage
molecule-ai:fix/publish-canvas-disable-gha-cache-20260512
molecule-ai:fix/publish-canvas-docker-probe-20260512
molecule-ai:fix/canvas-image-ecr-20260512
molecule-ai:fix/687-send-ssh-public-key-detail
molecule-ai:feat/tier-2g-required-context-exists-in-bp
molecule-ai:feat/tier-2f-bp-emit-match
molecule-ai:fix/mc-664-class-2-mcp-offsec-contract-test
molecule-ai:fix/main-ci-green-20260512
molecule-ai:infra/dockerfile-add-docker-cli-for-local-build
molecule-ai:test/workspace-crud-helpers-coverage
molecule-ai:fix/681-recallmemory-offsec-contract
molecule-ai:fix/org-layout-helpers-test-coverage
molecule-ai:fix/735-extractResponseText-tests
molecule-ai:test/713-workspace-crud-validators
molecule-ai:test/713-org-helpers-pure-coverage
molecule-ai:fix/713-eic-diagnose-detail
molecule-ai:fix/730-filterpeers-nil-guard
molecule-ai:infra/all-required-coe-false-v2
molecule-ai:fix/phase3-tracker-comments
molecule-ai:fix/mc-664-class-1-delegation-tests-postgres-integration
molecule-ai:fix/canvas-keyboard-shortcuts-dialog-guard
molecule-ai:infra/664-lint-coe-trackers
molecule-ai:ci/lint-tracker-regex-fix-v2
molecule-ai:fix/731-nil-guard-filter-peers-by-query
molecule-ai:fix/lint-TRACKER_RE-mid-sentence
molecule-ai:ci-retrigger-747
molecule-ai:feat/709-handler-pure-coverage
molecule-ai:fix/697-canvas-geticon-topology
molecule-ai:ci/lint-tracker-regex-fix
molecule-ai:test/2071-canvas-drop-target-badge-coverage
molecule-ai:feat/2071-canvas-orgdeploystate-coverage
molecule-ai:feat/mobile-canvas-comms-spawn-coverage
molecule-ai:ci/lint-coe-self-fix
molecule-ai:feat/mobile-tabbar-a11y
molecule-ai:fix/ssm-refresh-ecr-auth-json-escaping
molecule-ai:design/729-fix
molecule-ai:ci/gate-check-v3-permissions-fix
molecule-ai:fix/730-discovery-filter-nil-role
molecule-ai:infra/publish-docker-daemon-diagnostic
molecule-ai:fix/714-all-required-coe-false
molecule-ai:fix/717-mobile-agentMessages-selector
molecule-ai:infra/fix-all-required-status-reporting
molecule-ai:fix/687-e2e-surface-diagnose-detail
molecule-ai:infra/docker-runner-label
molecule-ai:test/701-canvas-hydrate-coverage
molecule-ai:test/mobile-primitives-coverage
molecule-ai:infra/664-interim-platform-build-exempt
molecule-ai:fix/693-offsec-recallmemory-scrub-staging
molecule-ai:sync/main-to-staging-514-v2
molecule-ai:fix/693-offsec-recallmemory-global-scrub
molecule-ai:fix/693-offsec-recallmemory-scrub
molecule-ai:fix/634-handler-test-fixes-to-main
molecule-ai:test/699-socket-handler-coverage
molecule-ai:sre/workflow-run-replacement
molecule-ai:infra/676-ssm-auth-json-hardening
molecule-ai:fix/offsec-001-method-scrub-hotfix
molecule-ai:fix/offsec-001-method-scrub-main
molecule-ai:feat/workspace-crud-validation-tests
molecule-ai:test/canvas-hydrate-coverage
molecule-ai:infra/lint-pre-flip-continue-on-error
molecule-ai:fix/workflow_run-to-push-gitea-1.22.6
molecule-ai:feat/tier-2e-tracking-issue
molecule-ai:fix/684-offsec-scrub-method-default
molecule-ai:feat/sop-checklist-gate-mvp
molecule-ai:feat/tier-2d-lint-mask-pr-atomicity
molecule-ai:infra/lint-workflow-yaml-hostile-shapes
molecule-ai:infra/lint-required-no-paths-filter
molecule-ai:cleanup/pr-641-clean
molecule-ai:feat/mobile-tabbar-wcag-a11y
molecule-ai:fix/canvas-mobile-chat-loop
molecule-ai:fix/651-canvas-chat-mobile-crash
molecule-ai:fix/664-interim-remask-platform-build
molecule-ai:fix/mobile-chat-max-update-depth
molecule-ai:infra/622-force-merge-protection-fix
molecule-ai:test/attachment-lightbox-clean-v2
molecule-ai:ci/652-gitea-1-22-status-key
molecule-ai:test/memorytab-2
molecule-ai:infra/status-reaper-rev4-status-key-fix
molecule-ai:infra/weekly-platform-go-vet-hard
molecule-ai:fix/audit-force-merge-pipefail
molecule-ai:infra/status-reaper-rev3-widen-window
molecule-ai:test/canvas-externalconnectmodal-coverage
molecule-ai:fix/sop-tier-check-token-graceful
molecule-ai:infra/ci-required-drift-token-scope
molecule-ai:test/console-modal-coverage
molecule-ai:ci/review-check-tests-wire
molecule-ai:test/canvas-workspacenode-coverage
molecule-ai:test/memorytab
molecule-ai:infra/interim-disable-reaper-watchdog-crons
molecule-ai:test/attachment-lightbox-coverage
molecule-ai:fix/issue-639-workspacenode-test-coverage
molecule-ai:test/channels-tab
molecule-ai:fix/canvas-searchdialog-test-fixtures
molecule-ai:fix/598-attachmentLightbox-tests
molecule-ai:fix/529-307-localbuild-async-test-fix
molecule-ai:fix/582-attachmentviews-tests
molecule-ai:fix/308-a2a-response-push-mode-tests
molecule-ai:fix/529-preflight-localbuild
molecule-ai:fix/sop-tier-check-token-graceful-staging
molecule-ai:fix/545-approvalbanner-isolation
molecule-ai:fix/519-memorytab-tests
molecule-ai:infra/status-reaper-rev2-sweep-recent-commits
molecule-ai:fix/handlers-test-fixtures
molecule-ai:test/skill-helpers-coverage
molecule-ai:test/ui-primitive-coverage
molecule-ai:docs/gitea-quirks-10-11
molecule-ai:test/platform-bundle-exporter-coverage
molecule-ai:infra/status-reaper-rev1-drop-concurrency
molecule-ai:fix/608-filesTab-focusTest
molecule-ai:test/budget-section-coverage
molecule-ai:infra/revert-docker-runner-label
molecule-ai:fix/weekly-platform-go-latent-error-surface
molecule-ai:infra/revert-publish-runs-on-pin
molecule-ai:sre/gate-check-timeout
molecule-ai:test/a2a-error-hint-coverage
molecule-ai:test/chat-attachment-views-coverage
molecule-ai:test/attachment-video-coverage
molecule-ai:infra/option-b-status-reaper
molecule-ai:infra/gate-check-v3-timeout
molecule-ai:infra/576-docker-runner-label
molecule-ai:fix/593-filetab-tests
molecule-ai:test/files-tab-notavailablepanel-coverage
molecule-ai:fix/591-forminputs-tests
molecule-ai:infra/diagnostic-publish-workspace-server-image
molecule-ai:fix/582-bundle-import-tests
molecule-ai:test/form-inputs-coverage
molecule-ai:fix/publish-workspace-server-image-json5-comments
molecule-ai:sre/fix-all-required-null-result
molecule-ai:fix/publish-workspace-server-image-optional-token
molecule-ai:pr-251
molecule-ai:test/ui-statusbadge-coverage
molecule-ai:fix/all-required-null-result-assertion
molecule-ai:fix/568-palette-context-tests
molecule-ai:pr-527
molecule-ai:infra/merge-563-autobump-fix
molecule-ai:test/mobile-palette-context-coverage
molecule-ai:sre/fix-gate-check-v3-combined-state-loop
molecule-ai:ci/540-review-check-bats-tests
molecule-ai:fix/publish-runtime-autobump-push-condition
molecule-ai:ci/558-verify-publish-runtime-marker
molecule-ai:test/canvas-empty-state-coverage
molecule-ai:infra/publish-runtime-verify-2026-05-11
molecule-ai:ci/554-oci-labels-publish-workflow
molecule-ai:infra/drift-bot-token
molecule-ai:infra/rfc-219-phase-4-all-required-sentinel
molecule-ai:ci/551-gate-checkout-trusted-ref
molecule-ai:fix/gate-check-v3-pr-HEAD-security
molecule-ai:fix/541-token-argv-security
molecule-ai:sre/fix-gate-check-v3-bugs
molecule-ai:fix/537-cwe117-a2a-tools-sanitize
molecule-ai:fix/gate-check-v3-http-error-crash
molecule-ai:sre/fix-localbuild-preflight
molecule-ai:infra/rfc-324-workflow-add
molecule-ai:test/offsec-003-sanitization-backstop
molecule-ai:fix/test-sanitize-agent-error-stderr-exc
molecule-ai:fix/approval-banner-test-isolation
molecule-ai:infra/scope-workflows-fix
molecule-ai:sre/fix-pr530-deadlock
molecule-ai:sre/reopen-516-gate-check-fix
molecule-ai:fix/ci-scope-operational-workflows-504-419
molecule-ai:sre/scope-operational-workflows-to-schedule
molecule-ai:ci/harness-replays-detect-changes-quoting-fix
molecule-ai:fix/test-blocks-until-inflight-completes
molecule-ai:fix/test-enrich-peer-metadata-nonblocking
molecule-ai:sre/fix-enrich-nonblocking-cache-check
molecule-ai:merge-pr490
molecule-ai:runtime/fix-offsec-003-tool-delegate-task
molecule-ai:fix/508-update-boundary-assertions
molecule-ai:sre/fix-test-delegation-sync-polling-assertions
molecule-ai:fix/366-shared-runtime-coverage
molecule-ai:fix/506-unused-imports
molecule-ai:ci/lint-fixes
molecule-ai:fix/367-a2a-tools-coverage
molecule-ai:test/a2a-client-enrich-peer-rebase
molecule-ai:fix/354-delegation-auto-resume-rebase
molecule-ai:ci/fix-detect-changes-commits-array
molecule-ai:fix/307-async-rebase
molecule-ai:runtime/fix-harness-replays-push-event
molecule-ai:sre/fix-test-polling-sanitization
molecule-ai:fix/harness-replays-detect-changes-gitea-api
molecule-ai:ci/fix-test-polling-sanitization
molecule-ai:test/eventstab
molecule-ai:test/externalconnectmodal
molecule-ai:runtime/335-rebase-platfrom-url
molecule-ai:hotfix/491-offsec-003-staging-v2
molecule-ai:fix/pr477-test-fixes
molecule-ai:runtime/335-rebase-platform-url
molecule-ai:test/orgcancelbutton
molecule-ai:fix/354-auto-resume-delegations
molecule-ai:fix/368-audit-hooks-coverage
molecule-ai:runtime/temporal-platform-url-fix
molecule-ai:infra/secret-reconciliation-v2
molecule-ai:fix/purchase-success-modal-test-isolation
molecule-ai:pr-476
molecule-ai:sre/fix-gitea-runbook-network-quirks
molecule-ai:tools/gate-check-v3
molecule-ai:fix/376-activity-delegation-polling
molecule-ai:runtime/platform-url-fix-merge
molecule-ai:fix/canvas-purchase-success-modal-test-timing
molecule-ai:fix/secret-naming-reconciliation
molecule-ai:docs/gitea-operational-quirks-runbook
molecule-ai:test/canvas-toolbar-coverage
molecule-ai:fix/canvas-tier-config-v2
molecule-ai:fix/455-offsec003-sanitize-alignment
molecule-ai:fix/sweep-stale-e2e-orgs-secret-name
molecule-ai:fix/approvalbanner-mockreset-452
molecule-ai:fix/canvas-approvalbanner-mockreset
molecule-ai:fix/publish-runtime-autobump-fetch-depth
molecule-ai:fix/321-cwe22-loadWorkspaceEnv-path-traversal
molecule-ai:fix/canonicalize-staging-admin-token-rebase-462
molecule-ai:canvas-followup
molecule-ai:fix/canonicalize-staging-admin-token-rest
molecule-ai:refactor/drop-canary-prefix
molecule-ai:fix/canvas-test-and-design-fixes
molecule-ai:runtime/432-followup-helper-extraction
molecule-ai:fix/harness-replays-detect-changes-fetch-depth
molecule-ai:fix/stderr-include-a2a-error-response
molecule-ai:feat/internal-292-sop-tier-refire
molecule-ai:docs/update-remote-agent-tutorial-sdk-api
molecule-ai:fix/canvas-confirm-dialog-backdrop-a11y-v3
molecule-ai:fix/canvas-confirm-dialog-backdrop-a11y-v2
molecule-ai:fix/388-github-token-501-gitea-staging
molecule-ai:fix/dialog-backdrop-a11y
molecule-ai:runtime/414-idle-loop-skip-pending-results-v3
molecule-ai:fix/test-extract-tool-trace
molecule-ai:fix/test-plugins-atomic-tar-coverage
molecule-ai:fix/harness-replays-fetch-depth
molecule-ai:fix/test-instructions-handler-coverage
molecule-ai:sre/fix-workflow-secret-naming
molecule-ai:fix/canvas-tiers-config-string-keys
molecule-ai:fix/offsec-003-promote-to-main
molecule-ai:fix/class-e-secret-name-reconciliation
molecule-ai:fix/sop-tier-check-apt-get-first
molecule-ai:fix/307-async-test-pollution
molecule-ai:fix/sop-tier-check-jq-install-order
molecule-ai:fix/canvas-test-failures-2026-05-10
molecule-ai:runtime/fix-a2a-tools-duplicate-error-block-v2
molecule-ai:infra/sop-tier-check-jq-install-fix
molecule-ai:runtime/fix-a2a-push-delivery-mode
molecule-ai:feat/main-never-red-watchdog-internal-420
molecule-ai:feat/internal-219-phase-2bc-port-to-molecule-core
molecule-ai:fix/a11y-canvas-clean
molecule-ai:sweep/internal-219-cat-C1-port-gates-lints
molecule-ai:sweep/internal-219-cat-B-delete-github-only
molecule-ai:sweep/internal-219-cat-A-delete-mirrored
molecule-ai:fix/offsec-003-json-endpoint-sanitize
molecule-ai:sweep/internal-219-cat-C3-port-deploy-janitors
molecule-ai:sweep/internal-219-cat-C2-port-e2e
molecule-ai:fix/publish-runtime-cascade-sha-capture
molecule-ai:feat/internal-219-phase-3-port-ci-yml
molecule-ai:fix/413-a2a-delegation-offsec-003
molecule-ai:runtime/381-idle-loop-pending-messages
molecule-ai:fix/delegations-rows-err-check
molecule-ai:fix/a11y-canvas-buttons-staging
molecule-ai:runtime/fix-399-a2a-delegation-missing-import-v2
molecule-ai:fix/380-cwe59-symlink-traversal
molecule-ai:fix/388-github-token-501-staging
molecule-ai:fix/confirm-dialog-wcag-backdrop
molecule-ai:infra/sop-tier-check-jq-script-fallback
molecule-ai:fix/revert-391-broken-jq-install
molecule-ai:fix/a2a-tools-duplicate-dead-code
molecule-ai:fix/confirm-dialog-backdrop
molecule-ai:fix/canvas-confirm-dialog-backdrop-a11y
molecule-ai:infra/jq-install-main
molecule-ai:fix/sop-tier-check-jq-main
molecule-ai:fix/canvas-dialog-backdrop-a11y
molecule-ai:fix/388-github-token-501
molecule-ai:runtime/offsec-003-polling-path-v2
molecule-ai:fix/361-sanitize-delegation-results
molecule-ai:runtime/offsec-003-executor-sanitize
molecule-ai:fix/cwe22-loadWorkspaceEnv-main
molecule-ai:fix/qa-audit-307-308-clean
molecule-ai:ci/fix-293-sqlalchemy-pip-install
molecule-ai:fix/354-delegation-auto-resume
molecule-ai:runtime/platform-url-host-docker-internal
molecule-ai:fix/canvas-repair-tests-344
molecule-ai:fix/canvas-statusdot-ts-errors
molecule-ai:test/molecule-audit-hooks-coverage
molecule-ai:test/a2a-tools-and-send-message-coverage
molecule-ai:fix/sop-tier-check-jq-install
molecule-ai:test/shared-runtime-helpers-coverage
molecule-ai:fix/canvas-topology-sort-orphan
molecule-ai:fix/executor-helpers-offsec-003-sanitize
molecule-ai:runtime/offsec-003-polling-path
molecule-ai:fix/354-a2a-delegation-auto-resume
molecule-ai:runtime/fix-a2a-push-delivery-mode-v2
molecule-ai:fix/publish-runtime-add-_sanitize_a2a-to-allowlist
molecule-ai:fix/publish-runtime-missing-working-directory
molecule-ai:ci/add-sqlalchemy-to-pip-install
molecule-ai:ci-resolve-github-gitea-triplicate
molecule-ai:sre/offsec-003-boundary-escape
molecule-ai:fix/sec-321-path-traversal-clean
molecule-ai:fix/a2a-proxy-response-header-timeout-v2
molecule-ai:fix/publish-runtime-workflow-dispatch-inputs
molecule-ai:fix/a2a-push-mode-queue-envelope
molecule-ai:fix/351-split-publish-runtime-triggers
molecule-ai:feat/348-publish-runtime-restore-path-trigger
molecule-ai:fix/issue-workspace-dup-name-409-autosuffix
molecule-ai:fix/security-OFFSEC003-boundary-escape-334
molecule-ai:fix/security-CWE22-loadWorkspaceEnv-330
molecule-ai:fix/canvas-test-fixes-20260510
molecule-ai:fix/canvas-extractMessageText
molecule-ai:fix/qa-307-async-pollution-direct
molecule-ai:test/a2a-client-enrich-peer-metadata
molecule-ai:fix/docs-309-remote-faq-staging-env
molecule-ai:fix/qa-308-push-mode-queue-tests
molecule-ai:fix/qa-307-async-pollution
molecule-ai:runtime/fix-plugin-registry-import-path
molecule-ai:fix/a2a-proxy-response-header-timeout-clean
molecule-ai:fix/publish-workspace-server-ci-clone-manifest-retry-main
molecule-ai:infra/remove-pr303-tracking
molecule-ai:fix/issue-296-plugin-registry-sysmodules
molecule-ai:infra/pin-compose-image-digests
molecule-ai:chore/sync-main-to-staging
molecule-ai:fix/sec-321-path-traversal
molecule-ai:fix/a2a-proxy-response-header-timeout
molecule-ai:docs/a11y-billing-wcag-patterns
molecule-ai:fix/qa-307-test-a2a-inbox-wrappers-asyncio-refactor
molecule-ai:runtime/fix-test-config-model-isolation
molecule-ai:ci/docker-daemon-health-guard
molecule-ai:docs/fix-remote-workspaces-faq
molecule-ai:fix/publish-workspace-server-ci-clone-manifest-retry
molecule-ai:fix/test-config-env-isolation
molecule-ai:ci/staging-sha-pinning
molecule-ai:fix/external-connection-user-facing-urls
molecule-ai:fix/workspace-server-registry-config-helper
molecule-ai:fix/issue-272-sqlalchemy-ci-install
molecule-ai:fix/canvas-yaml-utils-nested-arrays-clean
molecule-ai:fix/self-delegation-guard
molecule-ai:promote/staging-to-main-100546
molecule-ai:fix/a2a-tools-v2
molecule-ai:fix/a2a-tools-and-workflow-cleanup
molecule-ai:fix/canvas-test-isolation-fixes-v2
molecule-ai:fix/molecule-model-env-go
molecule-ai:runtime/fix-delegate-empty-parts-regression
molecule-ai:infra/runtime-doc-playwright-limitation
molecule-ai:fix/offsec-001-error-message-scrubbing
molecule-ai:fix/offsec-001
molecule-ai:fix/a2a-tools-string-error-handling-clean
molecule-ai:fix/core-248-pluginresolver-and-plgh
molecule-ai:infra/fix-source-resolver-dup
molecule-ai:fix/model-provider-misnomer
molecule-ai:fix/a2a-tools-string-error-handling-v2
molecule-ai:fix/canvas-yaml-utils-test-failure
molecule-ai:fix/a2a-tools-string-error-handling
molecule-ai:fix/internal-214-gosum-vanity-import
molecule-ai:fix/canvas-test-isolation-fixes
molecule-ai:chore/canvas-statusbadge-test-fix-cherry-pick
molecule-ai:fix/canvas-statusbadge-test-role-ambiguity
molecule-ai:runtime/fix-mcp-client-localhost-default
molecule-ai:fix/core-257-delegation-test-stray-brace
molecule-ai:revert/core-d0126662-restart-signals-undefined-h
molecule-ai:revert/core-123-plugin-drift-detector
molecule-ai:ci/pin-action-and-base-images
molecule-ai:fix/org-232-per-workspace-required-env-preflight
molecule-ai:fix/ssrf-guard-before-begintx
molecule-ai:test/issue-232-per-workspace-required-env-preflight
molecule-ai:fix/issue232-org-import-required-env-aggregation
molecule-ai:fix/canvas-ts-test-errors
molecule-ai:fix/delegations-list-ledger-fallback
molecule-ai:wip-snapshot-2026-05-10/mac/molecule-core-tmp53-git-token-helper-wip
molecule-ai:wip-snapshot-2026-05-10/mac/molecules-org-molecule-core-registry-prefix
molecule-ai:fix/pluginresolver-conflict
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-pluginresolver-conflict
molecule-ai:wip-snapshot-2026-05-10/core-qa/stash-package-lock-diff
molecule-ai:feat/keyboard-shortcuts-dialog
molecule-ai:wip-snapshot-2026-05-10/core-uiux/feat-keyboard-shortcuts-dialog
molecule-ai:wip-snapshot-2026-05-10/core-fe/test-canvas-design-tokens-config
molecule-ai:test/canvas-cssvar-tests
molecule-ai:fix/internal-229-sop-tier-check-tier-low-relaxation
molecule-ai:test/canvas-utility-pure-tests
molecule-ai:test/canvas-preflight-utils-tests
molecule-ai:test/canvas-runtimeprofiles-tests
molecule-ai:test/canvas-yaml-utils-tests
molecule-ai:test/canvas-pure-function-tests
molecule-ai:fix/ci-port-publish-workspace-server-image-228
molecule-ai:fix/ssrf-validate-agent-url-212
molecule-ai:ci/sop-tier-check-approver-teams-fix
molecule-ai:fix/sop-tier-check-legacy-flip-229
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-ki001-telegram-disable-channel
molecule-ai:wip-snapshot-2026-05-10/core-be/feat-a2a-pre-restart-drain-125
molecule-ai:wip-snapshot-2026-05-10/core-be/feat-plugin-drift-queue-123
molecule-ai:fix/sweeper-race-error-counter
molecule-ai:infra/fix-issue-75-gh-cli-gitea-sweep
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-gh-api-gitea-sweep-75
molecule-ai:feat/keyboard-shortcuts-dialog-test
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-sweeper-test-isolation-86
molecule-ai:ci/fix-issue-87-root-skip
molecule-ai:fix/test-local-resolver-root-skip
molecule-ai:fix/workspace-tests-clear-auth-cache
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-a2a-delegation-success-rendered-as-error
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-files-restart-volume-sync
molecule-ai:wip-snapshot-2026-05-10/core-lead/tech-debt-rename-net
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-168-mine
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-167-uiux
molecule-ai:wip-snapshot-2026-05-10/core-fe/stash-canvas-agent-comms-show-task-text
molecule-ai:fix/canvas-agent-comms-show-task-text
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-vitest-pool
molecule-ai:fix/info-disclosure-errors
molecule-ai:infra/add-temporal-to-main-compose
molecule-ai:design/verify-canvas-design-system
molecule-ai:fix/workspace-persona-git-identity
molecule-ai:fix/175-env-matched-pair-guard
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-149
molecule-ai:refactor/sop-tier-check-extract-script
molecule-ai:fix/sop-tier-check-pr-target-security
molecule-ai:ci/sop-tier-check-deploy
molecule-ai:fix/issue53-admin-token-pair-guard
molecule-ai:fix/org-import-started-event-name
molecule-ai:refactor/delete-uses-cascade-helper
molecule-ai:fix/org-import-reconcile-and-audit
molecule-ai:fix/preserve-model-secret-on-restart
molecule-ai:feat/persona-bind-mount-local-dev
molecule-ai:feat/canary-tier-filter
molecule-ai:feat/plugin-version-subscription
molecule-ai:feat/plugin-hot-reload-classifier
molecule-ai:feat/plugin-atomic-install
molecule-ai:feat/air-hot-reload-dev
molecule-ai:feat/persona-env-injection
molecule-ai:fix/external-resolver-hardening
molecule-ai:fix/issue75-class-D-gh-api-to-gitea-rest
molecule-ai:fix/cherry-3-files-vitest-postgres-e2eapi
molecule-ai:fix/promote-vitest-postgres-fixes
molecule-ai:fix/saas-plugin-install-eic
molecule-ai:fix/issue-94-e2e-api-parallel-safe-class-b
molecule-ai:migrate/issue-71-vanity-imports
molecule-ai:fix/handlers-postgres-port-collision-class-b
molecule-ai:fix/issue-96-canvas-vitest-cold-start-timeout
molecule-ai:fix/hermes-agent-doc-gitea-migration
molecule-ai:fix/196-retarget-main-to-staging-gitea-rest
molecule-ai:fix/gitea-ci-flakes-issue-88
molecule-ai:fix/pin-upload-artifact-v3-gitea
molecule-ai:fix/issue-72-auto-sync-token-canary-v2
molecule-ai:fix/issue75-class-F-gh-run-list-to-statuses
molecule-ai:fix/issue75-class-A-gh-pr-to-gitea-rest
molecule-ai:feat/issue-63-local-build-from-gitea-v2
molecule-ai:fix/195-auto-promote-staging-gitea-rest
molecule-ai:fix/144-branch-protection-check-name-parity-audit
molecule-ai:fix/harness-replays-pre-clone-manifest
molecule-ai:chore/trigger-auto-sync-verification
molecule-ai:fix/codeql-stub-on-gitea-156
molecule-ai:chore/issue173-retrigger-after-ecr-repo-create
molecule-ai:fix/issue173-inline-aws-ecr-login
molecule-ai:fix/issue173-shell-docker-push
molecule-ai:chore/retrigger-harness-replays-post-class-g
molecule-ai:fix/issue173-buildx-driver-and-cache
molecule-ai:fix/post-suspension-clone-manifest
molecule-ai:fix/issue173-followup-platform-dockerfile
molecule-ai:fix/post-suspension-github-urls
molecule-ai:fix/170-goroutine-bleed-test-isolation
molecule-ai:fix/issue173-publish-workspace-server-image
molecule-ai:fix/issue36-a2a-proxy-preflight
molecule-ai:fix/codeql-continue-on-error-156
molecule-ai:feat/demo-mock-3-bigorg-mock-runtime
molecule-ai:feat/demo-mock-1-purchase-success-modal
molecule-ai:fix/publish-path-filter-add-scripts
molecule-ai:fix/clone-manifest-gitea
molecule-ai:chore/touch-publish-workflow-to-trigger
molecule-ai:chore/retrigger-publish-post-aws-secrets
molecule-ai:chore/cherry-pick-pr23-into-main
molecule-ai:chore/backsync-main-into-staging-task-166
molecule-ai:fix/auto-sync-use-devops-token
molecule-ai:chore/retrigger-staging-on-fixed-runner-image
molecule-ai:chore/drop-github-app-auth-and-ecr-swap
molecule-ai:docs/readme-comprehensive-refresh-2026-05-06
molecule-ai:feat/rfc-2945-pr-c-2-canvas-chat-history
molecule-ai:fix/issue10-runtime-aware-plugin-install
molecule-ai:fix/s8-bind-loopback-dev
molecule-ai:fix/14-cascade-gitea-dispatch
molecule-ai:docs/molecule-core-bulk-sed
molecule-ai:chore/pin-artifact-actions-v3
molecule-ai:fix/lowercase-org-slug
molecule-ai:fix/script-ghcr-and-lint-paths
molecule-ai:docs/workspace-runtime-readme-source-edit
molecule-ai:feat/eic-tunnel-pool-core-11
molecule-ai:chore/rfc-2945-pr-c-3-delete-historyhydration
molecule-ai:fix/2872-sqlmock-regex-tightening
molecule-ai:fix/cp-orphan-sweeper-2989
molecule-ai:feat/registry-prefix-env-driven-issue-6
molecule-ai:docs/readme-refresh-2026-05-06
2 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 8a740933c5 |
fix(tests): correct test_sanitize_agent_error_stderr_and_exc assertion
Some checks failed
audit-force-merge / audit (pull_request) Has been skipped
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 19s
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped
Harness Replays / detect-changes (pull_request) Successful in 20s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 16s
publish-runtime-autobump / bump-and-tag (pull_request) Has been skipped
CI / Detect changes (pull_request) Successful in 1m1s
E2E API Smoke Test / detect-changes (pull_request) Successful in 56s
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 1m0s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m3s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m1s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 26s
publish-runtime-autobump / pr-validate (pull_request) Successful in 59s
qa-review / approved (pull_request) Failing after 27s
security-review / approved (pull_request) Failing after 25s
gate-check-v3 / gate-check (pull_request) Successful in 38s
sop-tier-check / tier-check (pull_request) Successful in 25s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m14s
Harness Replays / Harness Replays (pull_request) Successful in 10s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 10s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 25s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 3m24s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Failing after 6m14s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7m19s
CI / Python Lint & Test (pull_request) Successful in 8m10s
CI / Platform (Go) (pull_request) Failing after 13m48s
CI / Canvas (Next.js) (pull_request) Failing after 13m47s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
The test expected the exception class to be hidden when stderr is provided, but the implementation always uses the exc type as the tag. Fix the assertion to match actual (correct) behavior: ValueError is in the tag, stderr is the body. Also add a check that we don't fall back to the generic "workspace logs" form. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
|||
| 712d71aced |
fix(workspace): include ~1KB sanitized stderr in A2A error responses
Adds an optional `stderr` parameter to sanitize_agent_error(). When provided, up to 1 KB of stderr text is included in the A2A error response after sanitization (API keys / bearer tokens ≥20 chars / long paths redacted). The existing generic form is preserved when stderr is absent. Updates both the main a2a_executor and the google-adk adapter. Closes: roadmap item — SDK executor stderr swallowing. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
