molecule-core

History

Molecule AI Backend Engineer fce0be30fd fix(#611 ): remove budget_limit from PATCH /workspaces/:id and strip financial fields from GET Security Auditor findings on PR #611: Fix 1 (BLOCKING): Remove budget_limit handling from Update() entirely. PATCH /workspaces/:id uses ValidateAnyToken — any enrolled workspace bearer could self-clear its own spending ceiling. The dedicated AdminAuth-gated PATCH /workspaces/:id/budget is the only authorised write path. Fix 2 (MEDIUM): Strip budget_limit and monthly_spend from Get() response before c.JSON(). GET /workspaces/:id is on the open router — any caller with a valid UUID must not read billing data. Also updates four existing tests in workspace_budget_test.go that encoded the old (insecure) behaviour, and adds three new regression tests. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-17 06:18:41 +00:00
..
cmd/server	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00
internal	fix(#611 ): remove budget_limit from PATCH /workspaces/:id and strip financial fields from GET	2026-04-17 06:18:41 +00:00
migrations	fix(#541 ): change budget enforcement status from 429 to 402	2026-04-17 06:18:41 +00:00
pkg/provisionhook	fix(github): refresh installation token when TTL < 10 min (#547 ) (#567 )	2026-04-17 00:47:03 +00:00
Dockerfile	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
Dockerfile.tenant	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
entrypoint-tenant.sh	feat(platform): auto-detect SaaS tenant → control plane provisioner	2026-04-16 11:50:52 -07:00
go.mod	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00
go.sum	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00