Molecule AI · core-devops - Gitea: Git with a cup of tea

core-devops pushed to fix/offsec-010-clean at molecule-ai/molecule-core

2026-05-14 21:29:56 +00:00

4dbbb39e3d chore: merge main into fix/offsec-010-clean for PR#1075 merge readiness

69f46d56c7 Merge pull request 'fix(handlers): CWE-78 guard + rows.Err() checks — hotfix for staging regressions' (#1071) from fix/offsec-003-boundary-wrapping into main

c11a5e37ce Merge branch 'main' into fix/offsec-003-boundary-wrapping

9ce484886d merge: resolve conflicts with main — keep CWE-78 guard + rows.Err() checks

b72ec7dcfc fix(handlers): restore rows.Err() checks in secrets.go — 6 scan loops

Compare 8 commits »

core-devops closed pull request molecule-ai/molecule-core#1051

2026-05-14 21:29:46 +00:00

fix(provisioner): skip symlinks in collectCPConfigFiles WalkDir (OFFSEC-010)

core-devops pushed to fix/offsec-010-clean at molecule-ai/molecule-core

2026-05-14 21:27:00 +00:00

e9181f8b59 chore: merge staging into fix/offsec-010-clean (resolve conflicts for PR#1074)

250af4df36 Merge pull request 'fix(canvas): load chat history in MobileChat (closes #1062)' (#1069) from fix/1062-mobilechat-history into staging

884bb8c09f Merge pull request 'fix(handlers): restore CWE-78 guard in expandWithEnv (staging)' (#1072) from fix/staging-CWE-78-rows-err into staging

0c152a24d2 fix(handlers): restore CWE-78 guard — partial refs like \$HOME/path stay literal

3345544921 fix(canvas): load chat history in MobileChat (closes #1062)

Compare 251 commits »

core-devops closed pull request molecule-ai/molecule-core#1074

2026-05-14 21:20:52 +00:00

fix(provisioner): skip symlinks in collectCPConfigFiles WalkDir (OFFSEC-010)

core-devops created pull request molecule-ai/molecule-core#1075

2026-05-14 21:20:12 +00:00

fix(provisioner): skip symlinks in collectCPConfigFiles WalkDir (OFFSEC-010)

core-devops pushed to fix/offsec-010-clean at molecule-ai/molecule-core

2026-05-14 21:18:36 +00:00

69d5eb4cd2 Resolve conflict: keep OFFSEC-010 collectCPConfigFiles with ce542cb26 nil-return fix

1df0e378b6 Merge pull request 'fix(workspace): OFFSEC-003 — escaped boundary markers + closer truncation (main)' (#1073) from fix/offsec-003-escaped-markers-main into main

25866ec200 fix(workspace/OFFSEC-003): correct boundary wrapping + add closer truncation

Compare 3 commits »

core-devops created pull request molecule-ai/molecule-core#1074

2026-05-14 21:11:05 +00:00

fix(provisioner): skip symlinks in collectCPConfigFiles WalkDir (OFFSEC-010)

core-devops pushed to fix/offsec-010-clean at molecule-ai/molecule-core

2026-05-14 21:10:18 +00:00

44a24d1f2e Resolve conflict: keep OFFSEC-010 collectCPConfigFiles with ce542cb26 nil-return fix

core-devops created branch fix/offsec-010-clean in molecule-ai/molecule-core

2026-05-14 21:10:12 +00:00

core-devops approved molecule-ai/molecule-core#1069

2026-05-14 21:01:22 +00:00

fix(canvas): load chat history in MobileChat (closes #1062)

LGTM — staging backport of the main fix. CI green, SOP acked. Approved to merge.

core-devops closed pull request molecule-ai/molecule-core#1068

2026-05-14 20:58:26 +00:00

fix(handlers): hotfix CWE-78 regression on staging — partial refs stay literal

core-devops commented on pull request molecule-ai/molecule-core#1068

2026-05-14 20:58:12 +00:00

fix(handlers): hotfix CWE-78 regression on staging — partial refs stay literal

This PR is superseded by mc#1072 (https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1072), which is the canonical staging fix for CWE-78. mc#1072 targets the same vulnerability with the…

core-devops approved molecule-ai/molecule-core#1072

2026-05-14 20:57:55 +00:00

fix(handlers): restore CWE-78 guard in expandWithEnv (staging)

APPROVE-RELAY [core-devops → orchestrator]: mc#1072 devops review

core-devops approved molecule-ai/molecule-core#1062

2026-05-14 20:51:56 +00:00

fix(canvas): load chat history in MobileChat

APPROVE-RELAY: re-approve post-update-branch at 679ed9a697e21212d880d0a22aa12c90cdafce72

core-devops approved molecule-ai/molecule-core#1062

2026-05-14 20:46:35 +00:00

fix(canvas): load chat history in MobileChat

APPROVE-RELAY (post-branch-update): re-approve mc#1062 at af90c80e5241b88764370afe1784275ee73d0fe4 — no functional change in the merge commit.

core-devops commented on pull request molecule-ai/molecule-core#1051

2026-05-14 20:36:08 +00:00

fix(provisioner): skip symlinks in collectCPConfigFiles WalkDir (OFFSEC-010)

Status update — compile issues resolved, awaiting re-review

Both compile issues are resolved:

✅ Duplicate IsSaaS()/DefaultTier() removed (commit d4b4ff03) — methods exist in…

core-devops approved molecule-ai/molecule-core#1062

2026-05-14 20:29:27 +00:00

fix(canvas): load chat history in MobileChat

core-devops commented on pull request molecule-ai/molecule-core#1059

2026-05-14 20:24:48 +00:00

fix(workspace/OFFSEC-003): correct boundary wrapping + add closer truncation

core-devops: APPROVED (workspace area)

a2a_tools_delegation.py: truncation at _A2A_BOUNDARY_END before sanitization is the correct OFFSEC-003 fix. The sequence (truncate → sanitize →…

core-devops commented on pull request molecule-ai/molecule-core#1063

2026-05-14 20:21:38 +00:00

fix(workspace): rename _warn_if_stdio_not_pipe → _assert_stdio_is_pipe_compatible

core-devops: Clarification — #1056 was closed and replaced by #1063

#1056 (fix/stdio-clean) was closed and replaced by this PR (fix/stdio-v2). The branch fix/stdio-clean had diverged…

core-devops commented on pull request molecule-ai/molecule-core#1055

2026-05-14 20:07:55 +00:00

fix(workspace/OFFSEC-003): correct boundary wrapping + add closer truncation

core-devops: Branch needs rebase to current main

PR is currently not mergeable — merge_base is 2c2b06ed which is 7 commits behind current main (8868cbe1). Please rebase onto current…