molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
02ae2fd6fb
molecule-core/workspace/tests
History
Hongming Wang 02ae2fd6fb feat(security): trust-boundary gate non-peer_id meta fields in _build_channel_notification (#2488) 
Defense-in-depth follow-up to #2481 (peer_id trust-boundary gate).
Same XML-attribute injection vector applies to the four other meta
fields rendered as agent-context attrs in the <channel> tag:

  <channel kind="..." method="..." activity_id="..." ts="..." source="molecule">

Each field is now passed through a closed-set / shape-validate gate:

- kind     → frozenset {canvas_user, peer_agent} via _safe_meta_field
- method   → frozenset {message/send, tasks/send, tasks/get, notify, ""}
- activity_id → UUID-shape regex via _safe_activity_id
- ts       → ISO-8601 RFC3339 regex via _safe_ts

Any value outside the allowed shape is replaced with empty string.
Today the values come from a platform-DB column so they're trusted,
but "trust the source" was the same assumption that got peer_id into
trouble (#2481). Closed-enum allowlists make this row-content-blind.

5 new tests mirroring test_envelope_enrichment_strips_path_traversal_peer_id:
- test_envelope_strips_unknown_kind         — kind injection stripped
- test_envelope_strips_unknown_method       — method injection stripped
- test_envelope_strips_malformed_activity_id — non-UUID stripped
- test_envelope_strips_malformed_ts         — non-ISO8601 stripped
- test_envelope_keeps_valid_meta_fields_unchanged — happy-path negative case

Mutation-tested: temporarily making _safe_meta_field permissive kills
both kind/method strip tests with the injection payload reflecting
into the meta dict, confirming the gate is what blocks them.

Two existing tests updated to use UUID-shaped activity_ids ("act-7",
"act-bridge-test" → real UUIDs) since the gate strips synthetic ids.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 10:58:52 -07:00
..
adapters chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
snapshots feat(a2a-mcp): add chat_history tool for prior turns with a peer 2026-05-01 17:54:23 -07:00
__init__.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
_signature_snapshot.py test(runtime_wedge): module-functions signature snapshot drift gate 2026-04-30 07:01:10 -07:00
conftest.py fix(a2a): route terminal Message via TaskUpdater.complete/failed in task mode 2026-05-03 04:06:45 -07:00
test_a2a_cli.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_a2a_client.py feat(a2a-client): surface 410 Gone as 'removed' error so callers can re-onboard (#2429) 2026-04-30 22:08:08 -07:00
test_a2a_executor.py fix(a2a): route terminal Message via TaskUpdater.complete/failed in task mode 2026-05-03 04:06:45 -07:00
test_a2a_mcp_server.py feat(security): trust-boundary gate non-peer_id meta fields in _build_channel_notification (#2488) 2026-05-03 10:58:52 -07:00
test_a2a_tools_impl.py fix(chat-history): correct docstring inversion + pin empty-history JSON shape (#2485) 2026-05-03 10:09:15 -07:00
test_a2a_tools_module.py fix(workspace): tag self-originated A2A POSTs with X-Workspace-ID 2026-04-24 19:54:43 -07:00
test_adapter_base_event_log.py feat(workspace): wire EventLog into adapter base (#119 PR-3b) 2026-05-03 01:18:19 -07:00
test_adapter_base_signature.py test: extract shared signature-snapshot helpers + skill_loader gate 2026-04-30 06:27:20 -07:00
test_agent_card_well_known_path.py fix(workspace): use SDK constant for agent-card readiness probe 2026-04-27 16:43:32 -07:00
test_agent.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_agents_md.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_approval.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_audit_ledger.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_audit.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_awareness_client_full.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_compliance.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_config.py feat(workspace): event_log module + EventLogConfig (#119 PR-2) 2026-05-03 00:17:12 -07:00
test_configs_dir.py fix(runtime): auto-fallback CONFIGS_DIR for non-container hosts (closes #2458) 2026-05-01 13:07:55 -07:00
test_consolidation.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_coordinator_parent.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_coordinator_routing.py feat(platform): single-source-of-truth tool registry — adapters consume, no drift 2026-04-28 17:11:36 -07:00
test_delegation.py feat(platform): single-source-of-truth tool registry — adapters consume, no drift 2026-04-28 17:11:36 -07:00
test_event_log.py feat(workspace): event_log module + EventLogConfig (#119 PR-2) 2026-05-03 00:17:12 -07:00
test_events.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_executor_helpers.py fix(a2a): send v1 file Part shape; tolerate v1 server-side 2026-05-02 00:58:05 -07:00
test_gh_wrapper.sh chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_governance.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_heartbeat_runtime_metadata.py fix(test): drop unused MagicMock import in test_heartbeat_runtime_metadata 2026-04-26 22:58:21 -07:00
test_heartbeat.py feat(workspace): wire observability config into heartbeat + uvicorn (#119 PR-3a) 2026-05-03 01:01:57 -07:00
test_hitl.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_inbox.py fix(inbox): skip self-notify rows in poller to break echo loop 2026-05-01 17:35:49 -07:00
test_internal_chat_uploads.py fix(workspace): surface errno + path on chat-upload mkdir failure 2026-05-01 11:47:53 -07:00
test_internal_file_read.py feat(chat_files): rewrite Download as HTTP-forward (RFC #2312, PR-D) 2026-04-29 15:19:02 -07:00
test_jsonrpc_wire_role_format.py fix(runtime): use lowercase wire role for v0.3 JSON-RPC compat layer 2026-04-27 12:40:11 -07:00
test_load_skills_call_sites.py chore(workspace): remove dead defensive block in load_skills AST gate 2026-05-03 01:30:05 -07:00
test_main_initial_prompt.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_mcp_cli.py feat(mcp_cli): agent_card from env vars (capability discovery) 2026-04-30 18:57:39 -07:00
test_mcp_memory.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_memory.py feat(platform): single-source-of-truth tool registry — adapters consume, no drift 2026-04-28 17:11:36 -07:00
test_molecule_ai_status.py test(runtime): update molecule_ai_status test for renamed error prefix 2026-04-27 11:48:05 -07:00
test_namespaces.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_openclaw_adapter.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_platform_auth_signature.py test(platform_auth): module-functions signature snapshot drift gate 2026-04-30 08:41:42 -07:00
test_platform_auth.py fix(runtime): auto-fallback CONFIGS_DIR for non-container hosts (closes #2458) 2026-05-01 13:07:55 -07:00
test_platform_inbound_auth.py fix(runtime): auto-fallback CONFIGS_DIR for non-container hosts (closes #2458) 2026-05-01 13:07:55 -07:00
test_platform_tools.py chore(registry): snapshot tests + CLI-block alignment for #2240 2026-04-28 20:42:15 -07:00
test_plugins_builtins.py feat(plugin): implement MCPServerAdaptor (issue #847) 2026-04-24 01:42:13 +00:00
test_plugins_registry.py chore: final open-source cleanup — binary, stale paths, private refs 2026-04-18 00:38:55 -07:00
test_plugins.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_pre_stop.py feat(workspace): pre-stop serialization for pause/resume (closes #1386) 2026-04-21 12:40:44 +00:00
test_preflight.py fix(preflight): skip required_env check in MOLECULE_SMOKE_MODE 2026-05-03 03:44:05 -07:00
test_prompt.py feat(prompt): Platform Capabilities preamble at top of system prompt 2026-04-29 21:31:13 -07:00
test_routing_policy.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_runtime_capabilities.py feat(runtime): adapter-declared idle_timeout_override end-to-end 2026-04-26 22:38:01 -07:00
test_runtime_wedge_signature.py test(runtime_wedge): module-functions signature snapshot drift gate 2026-04-30 07:01:10 -07:00
test_runtime_wedge.py chore(tests): drop redundant local _reset fixture from test_runtime_wedge 2026-05-01 18:31:21 -07:00
test_safe_env.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_sandbox.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_secret_redact.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_security_scan.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_shared_runtime_peer_summary.py fix(workspace): keep peers visible in coordinator prompt when agent_card is null 2026-04-28 14:10:29 -07:00
test_skill_loader_signature.py test: extract shared signature-snapshot helpers + skill_loader gate 2026-04-30 06:27:20 -07:00
test_skills_loader.py feat(skills): per-skill runtime compatibility (#119, hermes pattern) 2026-04-27 01:57:43 -07:00
test_skills_watcher.py test(skills): make watcher test fakes accept current_runtime kwarg 2026-04-27 02:04:26 -07:00
test_smoke_mode.py chore(smoke): runtime_wedge follow-ups from PR #2473 review 2026-05-01 18:01:51 -07:00
test_snapshot_scrub.py feat(workspace): snapshot secret scrubber (closes #823) 2026-04-19 00:32:42 -07:00
test_telemetry.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_temporal_workflow.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_transcript_auth.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
test_watcher.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00