molecule-ai/molecule-core
39
0
Fork 2
Code Issues 38 Pull Requests 21 Actions 8 Packages Projects Releases Wiki Activity
0239b5ff72
molecule-core/workspace
History
Molecule AI Infra-Runtime-BE 0239b5ff72
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 9s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 15s
Details
sop-tier-check / tier-check (pull_request) Successful in 17s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 28s
Details
CI / Detect changes (pull_request) Successful in 30s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 30s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 30s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 30s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 7s
Details
CI / Platform (Go) (pull_request) Successful in 5s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 8s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2m5s
Details
CI / Python Lint & Test (pull_request) Failing after 6m50s
Details
fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task 
PRs #431 and #469 remove `sanitize_a2a_result(result)` from
`tool_delegate_task` without adding explicit boundary wrapping.
Both the direct send_a2a_message path and the _delegate_sync_via_polling
fallback would return completely unsanitized peer text — a security regression.

Fix:
- `_sanitize_a2a.sanitize_a2a_result()`: remove internal wrapping.
  Separation of concerns makes the escaping contract visible at call sites.
- `a2a_tools_delegation.tool_delegate_task()`: add explicit boundary
  wrapping around the sanitized result.
- `test_a2a_sanitization.py`: rewrite tests for the new contract.
  Wrapping is now tested at the caller level (tool_delegate_task pattern).

The broader OFFSEC-003 improvements in PR #469 (space-substitution,
broadened INSTRUCTIONS pattern, plugin registry sys.modules fix) are
good — this PR ensures the security guarantees hold when those land.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-11 14:12:05 +00:00
..
adapters
builtin_tools fix(a2a_tools): add comment + test coverage for string-form error handling in delegate_task 2026-05-11 05:51:48 +00:00
lib
molecule_audit
platform_tools feat(mcp): multi-workspace routing for memory + chat_history + workspace_info 2026-05-04 14:17:58 -07:00
plugins_registry
policies feat(platform): single-source-of-truth tool registry — adapters consume, no drift 2026-04-28 17:11:36 -07:00
scripts feat(workspace): add static .github-token fallback to git credential helper 2026-05-10 02:17:22 +00:00
skill_loader
tests fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task 2026-05-11 14:12:05 +00:00
_sanitize_a2a.py fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task 2026-05-11 14:12:05 +00:00
.coveragerc
a2a_cli.py
a2a_client.py fix(a2a): SSOT response parser — handle poll-mode queued envelope (#2967) 2026-05-05 17:21:28 -07:00
a2a_executor.py [core-be-agent] fix(#354): wire delegation-results consumer into a2a executor 2026-05-11 02:49:32 +00:00
a2a_mcp_server.py fix(onboarding): address Claude Code MCP onboarding friction (#2934) 2026-05-05 14:19:09 -07:00
a2a_response.py fix(workspace): push-mode Queued returns delivery_mode="push" (not silent default "poll") 2026-05-11 02:47:21 +00:00
a2a_tools_delegation.py fix(workspace): OFFSEC-003 — separate sanitize vs. wrap, fix tool_delegate_task 2026-05-11 14:12:05 +00:00
a2a_tools_inbox.py refactor(workspace): extract inbox tools from a2a_tools.py (RFC #2873 iter 4e) 2026-05-05 14:28:58 -07:00
a2a_tools_memory.py refactor(workspace): extract memory tools from a2a_tools.py to a2a_tools_memory.py (RFC #2873 iter 4c) 2026-05-05 09:50:39 -07:00
a2a_tools_messaging.py refactor(workspace): extract messaging tools from a2a_tools.py to a2a_tools_messaging.py (RFC #2873 iter 4d) 2026-05-05 09:50:47 -07:00
a2a_tools_rbac.py refactor(workspace): extract RBAC helpers from a2a_tools.py to a2a_tools_rbac.py (RFC #2873 iter 4a) 2026-05-05 04:43:16 -07:00
a2a_tools.py refactor(workspace): extract inbox tools from a2a_tools.py (RFC #2873 iter 4e) 2026-05-05 14:28:58 -07:00
adapter_base.py feat: drop shared_context — use memory v2 team namespace instead 2026-05-04 16:30:26 -07:00
agent.py
agents_md.py
boot_routes.py test(runtime): pin PR #2756's card-vs-setup decoupling with build_routes helper 2026-05-04 14:59:56 -07:00
build-all.sh docs(workspace-runtime): migrate github.com refs at source so mirror inherits Gitea links (internal#41) 2026-05-07 00:48:04 -07:00
card_helpers.py fix(runtime): isolate card-skill enrichment + transcript handler from adapter shape mismatch 2026-05-04 14:15:27 -07:00
config.py fix(runtime): MODEL_PROVIDER env is misnamed — accept MODEL/MOLECULE_MODEL, deprecate the legacy name 2026-05-10 02:38:14 -07:00
configs_dir.py fix(runtime): auto-fallback CONFIGS_DIR for non-container hosts (closes #2458) 2026-05-01 13:07:55 -07:00
consolidation.py
coordinator.py feat: drop shared_context — use memory v2 team namespace instead 2026-05-04 16:30:26 -07:00
Dockerfile ci(docker): pin base image digests in all Dockerfiles 2026-05-09 23:56:39 +00:00
entrypoint.sh fix(workspace): set git user.name/email from $GITEA_USER at boot 2026-05-09 12:52:17 -07:00
event_log.py feat(workspace): event_log module + EventLogConfig (#119 PR-2) 2026-05-03 00:17:12 -07:00
events.py
executor_helpers.py docs(a2a): correct misleading v1-tolerance comments 2026-05-02 02:33:00 -07:00
heartbeat.py feat(workspace): wire observability config into heartbeat + uvicorn (#119 PR-3a) 2026-05-03 01:01:57 -07:00
inbox_uploads.py fix(inbox-uploads): cancel BatchFetcher futures on wait_all timeout 2026-05-05 12:34:41 -07:00
inbox.py fix(inbox): drop unused batch_fetcher = None after end-of-batch drain 2026-05-05 11:56:54 -07:00
initial_prompt.py
internal_chat_uploads.py fix(workspace): surface errno + path on chat-upload mkdir failure 2026-05-01 11:47:53 -07:00
internal_file_read.py feat(chat_files): rewrite Download as HTTP-forward (RFC #2312, PR-D) 2026-04-29 15:19:02 -07:00
main.py refactor(workspace): extract idle-loop pending-check guard for direct unit-testing 2026-05-11 10:49:40 +00:00
mcp_cli.py feat(mcp): add molecule-mcp doctor onboarding diagnostic 2026-05-05 15:44:36 -07:00
mcp_doctor.py fix(mcp-doctor): heartbeat (idempotent) instead of register (UPSERT) 2026-05-05 16:11:08 -07:00
mcp_heartbeat.py refactor(workspace): split mcp_cli.py (626 LOC) into focused modules (RFC #2873 iter 3) 2026-05-05 04:33:06 -07:00
mcp_inbox_pollers.py refactor(workspace): split mcp_cli.py (626 LOC) into focused modules (RFC #2873 iter 3) 2026-05-05 04:33:06 -07:00
mcp_workspace_resolver.py mcp: surface specific TOKEN_FILE errors + link follow-ups (#2934) 2026-05-05 15:07:15 -07:00
molecule_ai_status.py
not_configured_handler.py fix(runtime): redact secret-shaped tokens from JSON-RPC error.data 2026-05-04 15:07:53 -07:00
platform_auth.py feat(mcp): cross-workspace delegation routing (multi-ws PR-2) 2026-05-04 08:32:24 -07:00
platform_inbound_auth.py fix(runtime): auto-fallback CONFIGS_DIR for non-container hosts (closes #2458) 2026-05-01 13:07:55 -07:00
plugins.py
preflight.py fix(preflight): downgrade required_env + auth_token failures to warnings 2026-05-04 12:20:34 -07:00
prompt.py feat: drop shared_context — use memory v2 team namespace instead 2026-05-04 16:30:26 -07:00
pytest.ini
rebuild-runtime-images.sh
requirements.txt chore(deps)(deps): update starlette requirement in /workspace 2026-05-03 01:36:45 +00:00
runtime_wedge.py
secret_redactor.py fix(runtime): redact secret-shaped tokens from JSON-RPC error.data 2026-05-04 15:07:53 -07:00
shared_runtime.py feat(platform): single-source-of-truth tool registry — adapters consume, no drift 2026-04-28 17:11:36 -07:00
smoke_mode.py chore(smoke): runtime_wedge follow-ups from PR #2473 review 2026-05-01 18:01:51 -07:00
transcript_auth.py
watcher.py