molecule-ai/molecule-core
36
0
Fork 2
Code Issues 14 Pull Requests 27 Actions 3.3k Packages Projects Releases Wiki Activity
6f22b40ee0
molecule-core/workspace-server/internal
History
molecule-ai[bot] 4b1851a038 fix(security): redactSecrets on admin memories export/import (#1131, #1132) (#1153) 
Security fixes for the memory backup/restore endpoints merged in PR #1051.

## F1084 / #1131: Memory export exposes all workspaces

GET /admin/memories/export now applies redactSecrets() to each content
field before including it in the JSON response. Pre-SAFE-T1201 memories
(stored before redactSecrets was mandatory on writes) no longer leak
credential patterns in the admin export.

## F1085 / #1132: Memory import does not call redactSecrets

POST /admin/memories/import now calls redactSecrets() on content before
BOTH the deduplication check and the INSERT. This ensures:

- Imported memories with embedded credentials cannot land unredacted in
  agent_memories (SAFE-T1201 / #838 parity with the commit_memory path).
- Dedup is performed against the redacted value so two backups with
  the same original secret both get [REDACTED:*] as their content and
  are correctly treated as duplicates.

## New tests

admin_memories_test.go: 6 tests covering redactSecrets parity on
both Export and Import endpoints.

Closes #1131.
Closes #1132.

Co-authored-by: Molecule AI Core-DevOps <core-devops@agents.moleculesai.app>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app>
2026-04-21 00:32:00 +00:00
..
artifacts chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
bundle fix: golangci-lint errors in bundle pkg + admin_memories test coverage (#1169) 2026-04-21 00:12:30 +00:00
channels fix(security): cap webhook + config PATCH bodies (H3/H4) 2026-04-19 01:23:03 -07:00
crypto chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
db test: schema_migrations tracking — 4 cases (first boot, re-boot, mixed, down.sql filter) 2026-04-18 11:52:27 -07:00
envx chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
events chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
handlers fix(security): redactSecrets on admin memories export/import (#1131, #1132) (#1153) 2026-04-21 00:32:00 +00:00
metrics chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
middleware fix(org-tokens): rate-limit mint, bound list, correct audit provenance 2026-04-20 14:22:38 -07:00
models feat: seed initial memories from org template and create payload (#1050) 2026-04-20 00:35:49 -07:00
orgtoken fix(org-tokens): rate-limit mint, bound list, correct audit provenance 2026-04-20 14:22:38 -07:00
plugins chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
provisioner feat(platform): bootstrap-failed + console endpoints for CP watcher 2026-04-20 17:11:34 -07:00
registry fix: harden stuck-provisioning UX — details crash, preflight, sweeper 2026-04-20 14:51:39 -07:00
router Merge remote-tracking branch 'origin/staging' into feat/bootstrap-failed-and-console-proxy 2026-04-20 17:31:16 -07:00
scheduler Merge pull request #1007 from Molecule-AI/fix/scheduler-defer-busy-969 2026-04-19 20:21:16 -07:00
supervised chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
ws chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
wsauth chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00