molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
54bb543ff7
molecule-core/platform/internal
History
Hongming Wang 54bb543ff7 fix: code review findings — token UI, auth hardening, WS dedup 
1. Settings panel: wire TokensTab into "API Tokens" tab (was imported
   but not rendered). Rename "API Keys" → "Secrets", add "API Tokens"
   tab. Fix docs link → doc.moleculesai.app/docs/tokens.

2. Referer match hardening: require exact host match or trailing slash
   to prevent evil.com subdomain bypass. Cache CANVAS_PROXY_URL at
   init time instead of per-request os.Getenv.

3. Extract shared deriveWsBaseUrl() to lib/ws-url.ts — eliminates
   duplicate 12-line derivation in socket.ts and TerminalTab.tsx.

4. Token list pagination: add ?limit= and ?offset= params (default
   50, max 200) to GET /workspaces/:id/tokens.

507/507 canvas tests pass, Go build + vet clean.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 10:42:26 -07:00
..
bundle initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
channels feat(channels): Lark / Feishu adapter (outbound webhook + Events API inbound) 2026-04-16 07:10:58 -07:00
crypto initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
db fix(liveness): raise workspace TTL 60s → 180s to survive Opus synthesis (#386) 2026-04-16 00:05:45 -07:00
envx initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
handlers fix: code review findings — token UI, auth hardening, WS dedup 2026-04-16 10:42:26 -07:00
metrics initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
middleware fix: code review findings — token UI, auth hardening, WS dedup 2026-04-16 10:42:26 -07:00
models initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
plugins initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
provisioner fix(platform): unblock org-template imports against modular workspace templates 2026-04-16 07:49:45 -07:00
registry fix(registry): allow ancestor↔descendant A2A so audit_summary can reach PM 2026-04-14 22:18:38 -07:00
router feat(platform): token management API + MCP setup + external agent guide 2026-04-16 08:37:42 -07:00
scheduler fix(code-review): CanvasOrBearer fall-through, scheduler short(), activity spoof log + 6 new tests 2026-04-15 11:48:25 -07:00
supervised fix(platform): panic-recovering supervisor for every background goroutine (#92) 2026-04-14 20:34:18 -07:00
ws initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
wsauth fix(security): close WorkspaceAuth fail-open on non-existent workspace IDs (#318) 2026-04-15 21:02:29 -07:00