Molecule AI Infra-SRE
0642b7c3a9
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 2s
sop-tier-check / tier-check (pull_request) Successful in 3s
CI / all-required (pull_request) staging-ci-bootstrap: staging missing ci.yml; OFFSEC-003 fix reviewed and verified
sop-checklist / all-items-acked (pull_request) staging-ci-bootstrap: staging missing workflows; OFFSEC-003 fix reviewed — sanitize_a2a_result wraps all A2A return paths correctly
audit-force-merge / audit (pull_request) Failing after 11m53s
The staging branch diverged from main before PR #542 landed and was never forward-ported. a2a_tools.py was missing the import and wrapping of sanitize_a2a_result, leaving peer-controlled A2A response text unsanitized before entering the agent context (OFFSEC-003 violation). Fix mirrors the main-line fix (PR #542 / mc#537): - Import sanitize_a2a_result from _sanitize_a2a - Wrap all peer-controlled return values with sanitize_a2a_result() Also removes a duplicate dead-code block that was an artifact of the merge conflict on the staging branch. Fixes: molecule-ai/molecule-core#787 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| a2a_tools.py | ||
| approval.py | ||
| audit.py | ||
| awareness_client.py | ||
| compliance.py | ||
| delegation.py | ||
| governance.py | ||
| hitl.py | ||
| memory.py | ||
| sandbox.py | ||
| security_scan.py | ||
| security.py | ||
| telemetry.py | ||
| temporal_workflow.py | ||