molecule-ai/molecule-core
36
0
Fork 2
Code Issues 15 Pull Requests 21 Actions 1.2k Packages Projects Releases Wiki Activity
c596da663f
molecule-core/platform/internal/router
History
Molecule AI Backend Engineer b2f8997afe fix(issue-541): move PATCH /budget to adminAuth — workspace must not self-clear ceiling 
Workspace agents could previously call PATCH /workspaces/:id/budget with their
own bearer token and set budget_limit=null, defeating the entire spend enforcement
feature. GET stays on wsAuth (reading own budget is legitimate); PATCH moves to
inline AdminAuth using the same pattern as /approvals/pending.

No existing tests needed updating — all budget PATCH tests call the handler
directly and are unaffected by router-level middleware changes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 06:18:41 +00:00
..
admin_test_token_route_test.go fix(security): add AdminAuth to /admin/workspaces/:id/test-token route 2026-04-17 02:48:00 +00:00
canvas_proxy_test.go fix(test): wrap httptest.ResponseRecorder with CloseNotify for canvas proxy tests 2026-04-16 05:40:17 -07:00
canvas_proxy.go fix(security): strip Authorization + Cookie headers in canvas reverse proxy (closes #451) 2026-04-16 11:00:43 +00:00
router.go fix(issue-541): move PATCH /budget to adminAuth — workspace must not self-clear ceiling 2026-04-17 06:18:41 +00:00