Merge pull request 'docs(cache): set Vercel edge Cache-Control for HTML pages (RFC#562 step 1)' (#56) from docs/rfc562-cache-headers into main

docs(cache): set Vercel edge Cache-Control for HTML pages (RFC#562 step 1)

Merged via 2-eye review (core-devops + core-security APPROVED).

content/docs/changelog.mdx

@@ -8,24 +8,6 @@ Entries are published daily at 23:50 UTC.
 
 ---
 
-## 2026-05-16
-
-### ✨ New features
-
-- **Claude Code workspace template T4 tier gains host-root escalation**: the Claude Code workspace template (T4 privileged containers) now includes an additive uid-0 escalation leg, providing a wired path to host root inside the privileged container sandbox while preserving the uid-1000 agent identity and the agent-owned `/configs/.auth_token` contract. The escalation is implemented via `sudo` and `nsenter` baked into the Dockerfile. (`molecule-ai-workspace-template-claude-code` [#25](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-claude-code/pulls/25))
-- **Poll-mode canvas user messages now persist correctly before returning 200**: canvas chat messages sent via workspaces running in poll mode (`runtime=external`) were occasionally lost when the user exited the chat before the agent processed the message. The root cause was that `logA2AReceiveQueued` only wrote to the in-memory queue, not to durable storage. The persist call is now correctly placed before the poll-mode short-circuit, ensuring messages are durable before the canvas receives a `200`. (`molecule-core` [#1350](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1350))
-- **Inbox poller self-echo loop fixed**: when a workspace delegates a task to a target that never picks it up, the platform's `report_activity("a2a_receive")` records the activity with the sender's workspace UUID as `source_id` (per spoof-defense design). The sender's inbox poller was incorrectly processing this as an incoming message from itself — causing an infinite self-echo loop that flooded the inbox. A new `_is_self_echo_row()` predicate now skips `a2a_receive` rows where `source_id == workspace_id`, breaking the loop. (`molecule-core` [#1348](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1348))
-- **OpenClaw template adapter routing: fresh provisions now serve correctly**: OpenClaw workspace provisions were failing immediately after launch — the adapter had no routing path for the default model, causing every new workspace to be non-functional on first boot. The adapter now coerces an unroutable model to a known-good default, ensuring new OpenClaw workspaces are immediately usable without manual configuration. (`molecule-ai-workspace-template-openclaw` [#18](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/18))
-- **OpenClaw template MiniMax and Kimi-For-Coding API keys routed to correct endpoints**: the OpenClaw adapter was routing all Minimax (`sk-cp-*` keys) and Kimi-For-Coding (`sk-kimi-*` keys) API calls to the wrong endpoints, causing HTTP 401 errors on every chat turn. Minimax calls now route to the Anthropic-compatible gateway; Kimi-For-Coding calls route via Moonshot's Anthropic-compat endpoint. (`molecule-ai-workspace-template-openclaw` [#14](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/14), [#17](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/17))
-- **OpenClaw template now shows molecule platform peers**: OpenClaw workspaces were not returning molecule platform peers in `list_peers` responses — the model was answering via its own native `sessions_list` instead of querying the molecule A2A registry. The adapter now correctly registers the molecule A2A MCP server, so `list_peers` returns platform peers as expected. (`molecule-ai-workspace-template-openclaw` [#16](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/16))
-
-### 🧹 Internal
-
-- **CI/CD publish lane routing** (`molecule-core`): 7 post-merge ship jobs across 5 workflows now route to a dedicated `publish` runner lane instead of competing in the shared CI queue. Urgent production-deploy builds (e.g. P0 security fixes) no longer sit behind ordinary PR-required CI. (`molecule-core` [#1376](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1376))
-- **Runtime catalog cleanup** (`molecule-core`): `crewai`, `deepagents`, and `gemini-cli` removed from the workspace runtime catalog (internal#483). (`molecule-core` [#1385](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1385))
-
----
-
 ## 2026-05-12
 
 ### 🔒 Security

next.config.mjs

@@ -2,9 +2,33 @@ import { createMDX } from 'fumadocs-mdx/next';
 
 const withMDX = createMDX();
 
+// HTML pages: short edge cache + long stale-while-revalidate. Lets Vercel Edge
+// serve repeat navigations from cache (~5 min fresh, 24 h stale-while-revalidate
+// in the background) while keeping the browser revalidating on every nav. The
+// negative lookahead leaves Next.js's own _next/static (immutable, hash-named)
+// and _next/image cache headers untouched.
+const HTML_CACHE_CONTROL =
+  'public, max-age=0, s-maxage=300, stale-while-revalidate=86400';
+
 /** @type {import('next').NextConfig} */
 const config = {
   reactStrictMode: true,
+  async headers() {
+    return [
+      {
+        // Match every path except Next.js internals and API routes — those
+        // already have correct cache headers (immutable for hashed assets,
+        // app-controlled for /api).
+        source: '/((?!_next/static|_next/image|api/).*)',
+        headers: [
+          {
+            key: 'Cache-Control',
+            value: HTML_CACHE_CONTROL,
+          },
+        ],
+      },
+    ];
+  },
 };
 
 export default withMDX(config);