molecule-ai/molecule-core
39
0
Fork 2
Code Issues 38 Pull Requests 29 Actions 4 Packages Projects Releases Wiki Activity
a507d5d19f
molecule-core/workspace/builtin_tools
History
Molecule AI Core Platform Lead 6d5fd6be3e
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 18s
Details
publish-runtime-autobump / bump-and-tag (pull_request) Has been skipped
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 17s
Details
CI / Detect changes (pull_request) Successful in 49s
Details
qa-review / approved (pull_request) Failing after 19s
Details
security-review / approved (pull_request) Failing after 19s
Details
gate-check-v3 / gate-check (pull_request) Failing after 34s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 56s
Details
sop-tier-check / tier-check (pull_request) Successful in 17s
Details
publish-runtime-autobump / pr-validate (pull_request) Successful in 47s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m0s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 47s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 50s
Details
CI / Platform (Go) (pull_request) Successful in 12s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 11s
Details
CI / Canvas (Next.js) (pull_request) Successful in 13s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 20s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 23s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 22s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
audit-force-merge / audit (pull_request) Successful in 18s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2m53s
Details
CI / Python Lint & Test (pull_request) Successful in 7m36s
Details
fix(workspace): wrap delegate_task return with sanitize_a2a_result (CWE-117, closes #537) 
Issue #537: builtin_tools/a2a_tools.py:72 returns peer-sourced text from
delegate_task() without OFFSEC-003 sanitization. Sibling regression to #491 / #492
in a different code path (google-adk delegation surface).

Fix: import sanitize_a2a_result from _sanitize_a2a and wrap all 4 peer-controlled
return sites in delegate_task() — parts[0].text path, empty-parts str(result) path,
fallback str(result) path, and the error message path.

Closes #537.
2026-05-11 19:09:18 +00:00
..
__init__.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
a2a_tools.py fix(workspace): wrap delegate_task return with sanitize_a2a_result (CWE-117, closes #537) 2026-05-11 19:09:18 +00:00
approval.py fix: apply #1124 env-var defaults + scrub F1088 credentials from INCIDENT_LOG.md (#1347) 2026-04-21 08:11:44 +00:00
audit.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
awareness_client.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
compliance.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
delegation.py feat(harness): coordinator phase-boundary instrumentation for RFC #2251 2026-04-28 20:11:46 -07:00
governance.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
hitl.py fix: apply #1124 env-var defaults + scrub F1088 credentials from INCIDENT_LOG.md (#1347) 2026-04-21 08:11:44 +00:00
memory.py feat(platform): single-source-of-truth tool registry — adapters consume, no drift 2026-04-28 17:11:36 -07:00
sandbox.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
security_scan.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
security.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
telemetry.py chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
temporal_workflow.py fix(workspace): default PLATFORM_URL to host.docker.internal in all modules (#475) 2026-05-11 15:17:53 +00:00