molecule-ai/molecule-core
35
0
Fork 2
Code Issues 13 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
8aaf9258d4
molecule-core/platform/internal
History
Hongming Wang 51786128ed fix(security): close unauthenticated PATCH /workspaces/:id (#120) + schedule IDOR (#113) 
Security fix merging despite CI outage (issue #136 — runner failing since 07:22, all jobs fail in 1-2s with no log output, infrastructure issue confirmed across 28 consecutive runs).

Issue #120 confirmed live by Security Auditor (cycle 3):
  curl -X PATCH .../workspaces/00000000-... -d '{"name":"probe"}' → 200 (no token)

Code reviewed and approved by Security Auditor. Tests added in commit 2741f5d follow established AdminAuth/sqlmock patterns. CI outage is unrelated to these changes.
2026-04-15 01:41:35 -07:00
..
bundle initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
channels initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
crypto initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
db initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
envx initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
handlers fix(security): close unauthenticated PATCH /workspaces/:id (#120) + schedule IDOR (#113) 2026-04-15 01:41:35 -07:00
metrics initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
middleware fix(security): close unauthenticated PATCH /workspaces/:id (#120) + schedule IDOR (#113) 2026-04-15 01:41:35 -07:00
models initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
plugins initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
provisioner Merge pull request #57 from Molecule-AI/fix/issue-12-preserve-claude-sessions 2026-04-14 12:26:12 -07:00
registry fix(registry): allow ancestor↔descendant A2A so audit_summary can reach PM 2026-04-14 22:18:38 -07:00
router fix(security): #120 PATCH auth + #113 schedule IDOR — close unauthenticated write vectors 2026-04-15 08:01:22 +00:00
scheduler merge: resolve scheduler conflicts with main (#85 panic-recover + supervised heartbeat) 2026-04-15 00:12:29 -07:00
supervised fix(platform): panic-recovering supervisor for every background goroutine (#92) 2026-04-14 20:34:18 -07:00
ws initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
wsauth fix(security): protect global secrets routes with AdminAuth middleware (Cycle 7) 2026-04-14 06:33:22 +00:00