molecule-ai/molecule-core
41
0
Fork 2
Code Issues 103 Pull Requests 146 Actions 111 Packages Projects Releases Wiki Activity
bbaf406ed1
molecule-core/platform/internal/router
History
molecule-ai[bot] 112c17510c fix(security): revert #684 schema migration, restore /admin/schedules/health, add ADR-001 
Required changes from security auditor before PR #696 can merge:

1. REVERT #684 (token_type schema migration):
   - Remove migration 029_token_type.{up,down}.sql
   - Revert wsauth/tokens.go — remove IssueAdminToken, token_type constants,
     restore HasAnyLiveTokenGlobal and ValidateAnyToken to pre-#684 behavior
   - Revert admin_test_token.go to use IssueToken (not IssueAdminToken)
   - Revert associated tests to pre-#684 patterns
   Path B: formal risk acceptance documented in ADR-001.

2. RESTORE /admin/schedules/health route (regression fix):
   - Add platform/internal/handlers/admin_schedules_health.go (from PR #671)
   - Add platform/internal/handlers/admin_schedules_health_test.go (from PR #671)
   - Wire GET /admin/schedules/health via AdminAuth in router.go

3. ADD ADR-001 (platform/docs/adr/ADR-001-admin-token-scope.md):
   - Documents #684 as known risk with Phase-H remediation plan
   - Phase-H tracking issue: Molecule-AI/molecule-core#710
2026-04-17 12:01:12 +00:00
..
admin_test_token_route_test.go fix(security): add AdminAuth to /admin/workspaces/:id/test-token route 2026-04-17 02:48:00 +00:00
canvas_proxy_test.go fix(test): wrap httptest.ResponseRecorder with CloseNotify for canvas proxy tests 2026-04-16 05:40:17 -07:00
canvas_proxy.go fix(security): strip Authorization + Cookie headers in canvas reverse proxy (closes #451) 2026-04-16 11:00:43 +00:00
router.go fix(security): revert #684 schema migration, restore /admin/schedules/health, add ADR-001 2026-04-17 12:01:12 +00:00