85d5280799
fix(security-changelog): remove CWE-22 duplicate (docs#41 is canonical)
...
CI / build (pull_request) Waiting to run
Secret scan / secret-scan (pull_request) Waiting to run
docs#41 is designated canonical for CWE-22 2026-05-13 entry.
Removes duplicate from this PR per TW + hongming-pc2 review guidance.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-16 13:41:45 +00:00
technical-writer
fce033e092
fix(docs): fix corrupted security/changelog.md and healthcheck path
...
Secret scan / secret-scan (pull_request) Successful in 1s
CI / build (pull_request) Successful in 4m16s
- security/changelog.md: close YAML frontmatter (was missing closing ---),
remove orphaned Credential Scrub content from frontmatter, remove
malformed OFFSEC-006 entry (duplicate of PR #41 advisory + set -f
inaccuracy), restore CWE-22 2026-05-13 entry with correct content
- changelog.mdx: fix healthcheck path to /.well-known/agent-card.json
(verified against workspace/boot_routes.py on molecule-core main)
2026-05-15 11:45:59 +00:00
app-lead
c570ddc4cc
fix(docs): remove duplicate OFFSEC-006 section per hongming-pc2 review
Secret scan / secret-scan (pull_request) Successful in 2s
CI / build (pull_request) Failing after 2m33s
2026-05-15 11:34:24 +00:00
app-lead
5bc16bbf22
fix(docs): remove duplicate OFFSEC-006 section per hongming-pc2 review (docs#41 has authoritative entry)
Secret scan / secret-scan (pull_request) Successful in 1s
CI / build (pull_request) Successful in 4m35s
2026-05-15 11:32:05 +00:00
app-lead
e9aac3629c
fix(docs): remove duplicate OFFSEC-006 entry per hongming-pc2 review (docs#41 has authoritative entry; set -f claim inaccurate)
Secret scan / secret-scan (pull_request) Successful in 2m3s
CI / build (pull_request) Successful in 4m10s
2026-05-15 11:31:33 +00:00
documentation-specialist
3992150a47
docs(security): add OFFSEC-006 + CWE-22 regression to Security Changelog
...
Secret scan / secret-scan (pull_request) Successful in 1m29s
CI / build (pull_request) Successful in 3m24s
- OFFSEC-006 (2026-05-14): tenant slug SSRF + token exfiltration in
promote-tenant-image.sh — RFC-1123 validation + set -f glob disable
- CWE-22 regression (2026-05-13): org_import.go path traversal —
loadWorkspaceEnv replaces parseEnvFile
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-14 04:19:32 +00:00
documentation-specialist
5830875200
docs(changelog): add 2026-05-14 entry — OFFSEC-006 + canvas a11y + CI hardening
...
Secret scan / secret-scan (pull_request) Successful in 1m0s
CI / build (pull_request) Successful in 2m57s
## 2026-05-14
- 🔒 Security: OFFSEC-006 tenant slug SSRF + token exfiltration fix (core#933)
- 🔧 Fixes: canvas WCAG AA round 3 (core#936, #949 )
- 🧹 Internal: CI hardening + test coverage additions + _sanitize_a2a aliases
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-14 04:16:42 +00:00
documentation-specialist
cece1d6e03
docs(changelog): add 2026-05-13 daily entry
...
CI / build (pull_request) Successful in 4m19s
## New features
- Docker HEALTHCHECK for workspace containers (core#883)
## Documentation
- Security hub backfill: OWASP link + severity table (docs#35)
- MOLECULE_URL → MOLECULE_API_URL rename (docs#34)
- Remote workspaces graceful shutdown docs (docs#29)
- PLATFORM_URL defaults corrected to host.docker.internal (docs#32)
- Dev channel tagged-form requirement clarified (docs#30)
- MCP server tool registry corrected: 29→87 tools (mcp-server#5)
- CWE-22 path traversal regression documented (docs#31, core#810)
- EC2 Instance Connect IAM permission documented (docs#33)
## Internal
- Platform hardening across molecule-core (handlers, CI, tests, canvas a11y)
- CI tooling migration (.github → .gitea)
- SaaS ADMIN_TOKEN self-heal on startup
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-14 00:07:00 +00:00
Molecule AI App & Docs Lead
technical-writer
app-lead
documentation-specialist