Molecule AI Core-BE 018a9acf1c fix(security#321): path traversal guard in loadWorkspaceEnv (CWE-22) ... CWE-22: Path traversal in loadWorkspaceEnv (org_helpers.go). A malicious org YAML setting filesDir to "../../../etc" caused filepath.Join to escape the org root and read an arbitrary .env file. Guard: resolveInsideRoot(orgBaseDir, filesDir) — already used at org_import.go:327 for the same ws.FilesDir input. On traversal rejection, log and return only the org-root env vars (silent — callers expect empty map on read failure). No caller changes needed. Tests: 6 new cases in org_path_test.go covering: - Normal load (org root + workspace override) - Traversal attempt rejected (../escape-target) - Deep traversal rejected (10× "../") - Empty filesDir loads org root only - Non-existent filesDir is silent no-op - Empty orgBaseDir returns empty map Fixes: #321 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>		2026-05-10 13:51:12 +00:00
..
artifacts	chore: sync staging to main — 1188 commits, 5 conflicts resolved (#1743)	2026-04-23 18:30:18 +00:00
buildinfo	feat(deploy): verify each tenant /buildinfo matches published SHA after redeploy	2026-04-30 10:55:08 -07:00
bundle	refactor(events): migrate 18 files to typed EventType constants (RFC #2945 PR-B-1)	2026-05-05 19:05:03 -07:00
channels	refactor(events): migrate 18 files to typed EventType constants (RFC #2945 PR-B-1)	2026-05-05 19:05:03 -07:00
crypto	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
db	fix(bundle): markFailed sets last_sample_error + AST gate	2026-05-04 21:08:08 -07:00
envx	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
events	feat(events): typed EventType registry — single source of truth for WS event names (RFC #2945 PR-B)	2026-05-05 16:25:38 -07:00
handlers	fix(security#321): path traversal guard in loadWorkspaceEnv (CWE-22)	2026-05-10 13:51:12 +00:00
imagewatch	fix(workspace-server): respect MOLECULE_IMAGE_REGISTRY in imagewatch + admin_workspace_images (RFC #229 P2-4)	2026-05-10 04:21:27 -07:00
memory	fix(textutil): SSOT for rune-safe string truncation, fix 3 audit-gap bugs	2026-05-05 23:01:21 -07:00
messagestore	feat(canvas/chat-server): canvas consumes /chat-history + server-side row-aware reverse (RFC #2945 PR-C-2)	2026-05-06 16:55:00 -07:00
metrics	feat(rfc): poll-mode chat upload — phase 3 GC sweep + observability	2026-05-05 05:00:13 -07:00
middleware	docs(ratelimit): tighten dev-mode comment after keyFor refactor	2026-05-07 14:57:21 -07:00
models	refactor(models): consolidate per-runtime model defaults to SSOT (RFC #2873 iter 1)	2026-05-05 04:12:37 -07:00
orgtoken	fix: F1085 rm scope concat + GH#756 ValidateToken terminal guard + CI test fixes	2026-04-24 07:16:54 +00:00
pendinguploads	fix(test): poll error counter to 0 before asserting in RecordsMetricsOnSuccess	2026-05-09 23:27:19 +00:00
plugins	[core-lead-agent] fix(core#228): cascade fixes for PluginResolver — make main compile	2026-05-10 09:46:35 +00:00
provisioner	fix(workspace-server): respect MOLECULE_IMAGE_REGISTRY in imagewatch + admin_workspace_images (RFC #229 P2-4)	2026-05-10 04:21:27 -07:00
provlog	feat(workspace-server): structured logging at provisioning boundaries	2026-05-05 12:30:11 -07:00
registry	chore: reconcile main → staging post-suspension divergence	2026-05-07 14:24:37 -07:00
router	[core-lead-agent] fix(core#228): cascade fixes for PluginResolver — make main compile	2026-05-10 09:46:35 +00:00
scheduler	fix(textutil): SSOT for rune-safe string truncation, fix 3 audit-gap bugs	2026-05-05 23:01:21 -07:00
supervised	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
textutil	fix(textutil): SSOT for rune-safe string truncation, fix 3 audit-gap bugs	2026-05-05 23:01:21 -07:00
ws	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
wsauth	perf(wsauth): in-process cache for platform_inbound_secret reads	2026-05-03 00:04:38 -07:00