Molecule AI Fullstack Engineer b1d6c4476a fix(handlers): OFFSEC-001 — scrub req.Method from dispatchRPC default error ... Line 443 of mcp.go concatenated user-controlled req.Method into the JSON-RPC -32601 error message, allowing an agent or canvas client to inject arbitrary strings into the response via the method field. Fix: replace "method not found: " + req.Method with the constant "method not found" — matching the OFFSEC-001 scrub contract applied to the InvalidParams (line 428) and UnknownTool (line 433) paths. Test: extend TestMCPHandler_UnknownMethod_Returns32601 with two new assertions: 1. resp.Error.Message == "method not found" 2. defence-in-depth check that the sent method name never appears in the response (strings.Contains guard) Issue: #684 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>		2026-05-12 06:30:25 +00:00
..
artifacts
buildinfo
bundle	Merge PR #617: resolve conflict in importer_test.go — keep all tests from both branches	2026-05-12 02:44:16 +00:00
channels
crypto
db
envx
events
handlers	fix(handlers): OFFSEC-001 — scrub req.Method from dispatchRPC default error	2026-05-12 06:30:25 +00:00
imagewatch	fix(workspace-server): respect MOLECULE_IMAGE_REGISTRY in imagewatch + admin_workspace_images (RFC #229 P2-4)	2026-05-10 04:21:27 -07:00
memory
messagestore
metrics
middleware
models
orgtoken
pendinguploads
plugins	[core-lead-agent] fix(core#228): cascade fixes for PluginResolver — make main compile	2026-05-10 09:46:35 +00:00
provisioner	Merge PR #619: fix(platform): fail-fast checkShellDeps in localbuild + fix async test pollution	2026-05-12 02:47:16 +00:00
provlog
registry
router	[core-lead-agent] fix(core#228): cascade fixes for PluginResolver — make main compile	2026-05-10 09:46:35 +00:00
scheduler
supervised
textutil
ws
wsauth