molecule-core

History

molecule-ai[bot] f1accaf918 fix(auth): F1094 — requireCallerOwnsOrg reads org_id not created_by (#1200 ) (#1220 ) Root cause: requireCallerOwnsOrg (org_plugin_allowlist.go:116) was reading org_api_tokens.created_by to determine caller's org workspace ID. But created_by is a provenance label ("session", "admin-token", "org-token:<prefix>") — never a UUID. The equality check callerOrg != targetOrgID always failed → every org-token caller got 403 on /orgs/:id/plugins/allowlist routes. Fix: - Migration 036: adds org_id UUID column (nullable) to org_api_tokens with partial index for fast lookups. Existing pre-migration tokens get org_id=NULL → deny by default (safer than cross-org access). - orgtoken.Issue: takes new orgID param; stores in org_id column. - orgtoken.OrgIDByTokenID: new helper reads org_id for a token ID. Returns ("", nil) for NULL/unanchored tokens. - requireCallerOwnsOrg: now calls OrgIDByTokenID instead of reading created_by. Pre-migration tokens with org_id=NULL get callerOrg="" → denied (safer). - orgTokenActor (org_tokens.go): returns (createdBy, orgID) pair. Token minted via another org token gets its org_id set at mint time. Session/ADMIN_TOKEN callers get orgID="". - orgtoken.Token struct: adds OrgID field for list display. - orgtoken.List: selects org_id alongside other columns. - Updated existing tests for new Issue signature. - Added regression tests: happy path, unanchored denial, DB error denial. Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app> Co-authored-by: Molecule AI Dev Lead <dev-lead@agents.moleculesai.app>		2026-04-21 02:11:27 +00:00
..
artifacts	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
bundle	fix: golangci-lint errors in bundle pkg + admin_memories test coverage (#1169 )	2026-04-21 00:12:30 +00:00
channels	fix(security): cap webhook + config PATCH bodies (H3/H4)	2026-04-19 01:23:03 -07:00
crypto	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
db	test: schema_migrations tracking — 4 cases (first boot, re-boot, mixed, down.sql filter)	2026-04-18 11:52:27 -07:00
envx	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
events	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
handlers	fix(auth): F1094 — requireCallerOwnsOrg reads org_id not created_by (#1200 ) (#1220 )	2026-04-21 02:11:27 +00:00
metrics	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
middleware	fix(org-tokens): rate-limit mint, bound list, correct audit provenance	2026-04-20 14:22:38 -07:00
models	feat: seed initial memories from org template and create payload (#1050 )	2026-04-20 00:35:49 -07:00
orgtoken	fix(auth): F1094 — requireCallerOwnsOrg reads org_id not created_by (#1200 ) (#1220 )	2026-04-21 02:11:27 +00:00
plugins	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
provisioner	feat(platform): bootstrap-failed + console endpoints for CP watcher	2026-04-20 17:11:34 -07:00
registry	fix(test): align ssrf_test.go localhost test cases with isSafeURL behaviour (#1192 )	2026-04-21 02:08:45 +00:00
router	Merge remote-tracking branch 'origin/staging' into feat/bootstrap-failed-and-console-proxy	2026-04-20 17:31:16 -07:00
scheduler	fix(scheduler): use context.Background() in panic-recovery defer UPDATE (F1089) (#1211 )	2026-04-21 02:08:00 +00:00
supervised	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
ws	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
wsauth	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00