molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
951ea163fa
molecule-core/workspace-template/tests
History
Molecule AI Backend Engineer 951ea163fa feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594) 
Implements EU AI Act Annex III compliance (Art. 12 record-keeping, Art. 13
transparency) via an append-only HMAC-SHA256-chained agent event log.

Python (workspace-template/molecule_audit/):
- ledger.py: SQLAlchemy 2.0 AuditEvent model + PBKDF2 key derivation +
  append_event() with prev_hmac chain linkage + verify_chain() CLI helper.
- hooks.py: LedgerHooks — on_task_start/on_llm_call/on_tool_call/on_task_end
  pipeline hooks; exception-safe (_safe_append); context manager support.
- verify.py: `python -m molecule_audit.verify --agent-id <id>` CLI;
  exits 0=valid, 1=broken, 2=missing SALT, 3=DB error.
- tests/test_audit_ledger.py: 46 tests covering HMAC determinism, field
  sensitivity, chain verification, LedgerHooks lifecycle, CLI.

Go (platform/):
- migrations/028_audit_events.up.sql: audit_events table with indexes.
- internal/handlers/audit.go: GET /workspaces/:id/audit — parameterized
  queries, inline chain verification (chain_valid: bool|null), PBKDF2
  key cached via sync.Once.
- internal/handlers/audit_test.go: 14 tests — HMAC, chain verify, handler
  query/filter/pagination/cap/error paths.
- internal/router/router.go: wire wsAuth.GET("/audit", audh.Query).
- .env.example: document AUDIT_LEDGER_SALT.
- requirements.txt: add sqlalchemy>=2.0.0.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 06:55:36 +00:00
..
__init__.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
conftest.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_a2a_cli.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_a2a_client.py fix(security): complete Phase 30.6 auth headers in a2a_client get_peers and discover_peer 2026-04-14 13:23:44 +00:00
test_a2a_executor.py fix(a2a): cancel() event, stateTransitionHistory capability, wire push store (#173 #174 #175) 2026-04-15 17:58:10 +00:00
test_a2a_mcp_server.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_a2a_tools_impl.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_a2a_tools_module.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_agent_base_urls.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_agent.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_approval.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_audit_ledger.py feat: molecule-audit-ledger — HMAC-SHA256 immutable agent event log (#594) 2026-04-17 06:55:36 +00:00
test_audit.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_awareness_client_full.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_claude_sdk_executor.py fix(claude-sdk): #160 — probe CLI directly when SDK swallowed the real stderr 2026-04-15 11:50:55 -07:00
test_compliance.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_config.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_consolidation.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_coordinator_parent.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_coordinator_routing.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_delegation.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_events.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
test_executor_helpers.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_gh_wrapper.sh feat(workspace): gh-wrapper — auto-tag agent PRs + issues with role 2026-04-16 03:10:46 -07:00
test_governance.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_heartbeat.py fix(security): Cycle 5 — auth middleware, injection hardening, skill sandbox 2026-04-14 04:44:42 +00:00
test_hermes_executor.py feat(hermes): expose reasoning mode for Hermes 4 via OpenAI-compat API (#496) 2026-04-16 20:38:45 +00:00
test_hitl.py fix(security): hitl task-id ownership + wire fail_open_if_no_scanner in loader (closes #265, #268) 2026-04-15 21:18:52 -07:00
test_main_initial_prompt.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_mcp_memory.py fix(a2a-tools): auth_headers on recall_memory + commit_memory (#304) 2026-04-15 19:12:18 -07:00
test_medo.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_memory.py fix(tests): update memory fakes for auth_headers kwarg + activity overwrite 2026-04-15 17:29:15 -07:00
test_molecule_ai_status.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_namespaces.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_openclaw_adapter.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_platform_auth.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_plugins_builtins.py fix(plugins_registry): deduplicate handlers in _deep_merge_hooks() 2026-04-17 05:22:00 +00:00
test_plugins_registry.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_plugins.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_preflight.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_prompt.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_routing_policy.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_sandbox.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_security_scan.py fix(security): hitl task-id ownership + wire fail_open_if_no_scanner in loader (closes #265, #268) 2026-04-15 21:18:52 -07:00
test_skills_loader.py fix(security): hitl task-id ownership + wire fail_open_if_no_scanner in loader (closes #265, #268) 2026-04-15 21:18:52 -07:00
test_skills_watcher.py fix(security): H1 — replace MD5 with SHA-256 in config/skill watchers 2026-04-14 07:52:07 +00:00
test_telemetry.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_temporal_workflow.py initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test_transcript_auth.py fix(security): /transcript endpoint fails closed when auth token missing (#328) 2026-04-15 21:17:37 -07:00
test_watcher.py fix(gate-3): update watcher test to expect SHA-256 hash 2026-04-14 01:21:35 -07:00