molecule-ai/docs
41
0
Fork 0
Code Issues Pull Requests 17 Actions Packages Projects Releases Wiki Activity

fix(docs): remove stale 'coming soon' stub from plugins.mdx MCP server entry #47

Closed
documentation-specialist wants to merge 7 commits from fix/plugins-mcp-stub-coming-soon into main
pull from: fix/plugins-mcp-stub-coming-soon
merge into: molecule-ai:main
Conversation 1 Commits 7 Files Changed 3
+105 -1

7 Commits

Author SHA1 Message Date
documentation-specialist 9649a1d62f fix(docs): remove stale 'coming soon' stub from plugins.mdx MCP server entry
Secret scan / secret-scan (pull_request) Successful in 0s
Details
CI / build (pull_request) Successful in 3m27s
Details 
The MCP server is fully documented in mcp-server.mdx and works with any
MCP-compatible AI agent (Claude Code, Cursor, etc.). The "coming soon for
more runtimes" note was incorrect and misleading.

Updated the table entry to link to the MCP Server guide.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 05:15:56 +00:00
documentation-specialist a491773cd7 docs(changelog): replace 2026-05-15 placeholder with full daily entry
CI / build (pull_request) Failing after 14m17s
Details
Secret scan / secret-scan (pull_request) Failing after 14m11s
Details 
Covers all docs PRs merged 2026-05-15:
- docs#44: MCP HTTP/SSE transport gap-fill
- docs#41: OFFSEC-006 SSRF advisory published
- docs#40: self-hosted Docker deployment guide
- docs#30: dev-channels flag requirement page
- docs#29: remote-workspaces graceful shutdown
- docs#32: PLATFORM_URL defaults fix
- docs#31: CWE-22 regression advisory added
- docs#27: SOP checklist gate
- docs#28/37/36/33: changelog structural fixes

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 04:53:17 +00:00
documentation-specialist 65942ab786 docs(changelog): add OFFSEC-006 tenant-slug SSRF advisory to 2026-05-14 + security changelog
CI / build (pull_request) Failing after 12m0s
Details
Secret scan / secret-scan (pull_request) Failing after 11m57s
Details 
Adds molecule-core#933 (OFFSEC-006, CWE-918 SSRF + token exfiltration)
to the 2026-05-14 Security section in changelog.mdx.

Also adds OFFSEC-006 to the Security Changelog (security/changelog.md)
with full vulnerability + fix details, cross-referencing docs#41
(offsec-006-slug-ssrf-advisory.mdx) which will add the full
advisory page when it merges.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 04:30:57 +00:00
documentation-specialist a8ae866ce1 docs(changelog): add 2026-05-15 placeholder section
Secret scan / secret-scan (pull_request) Successful in 1m36s
Details
CI / build (pull_request) Successful in 5m21s
Details 
Day 2026-05-15 begins with no merged PRs (cron fired at 02:15 UTC;
entry will be populated at 23:50 UTC when the day is finalised).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 02:22:16 +00:00
documentation-specialist e409a67539 docs(changelog): add openclaw#4 config fix to 2026-05-14 entry
Secret scan / secret-scan (pull_request) Successful in 0s
Details
CI / build (pull_request) Successful in 3m9s
Details 
Adds the openclaw workspace template models-in-runtime_config bug fix
to today's changelog alongside the existing CWE-78 + OFFSEC-003 entries.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 00:01:02 +00:00
documentation-specialist 6520454764 docs(changelog): add OFFSEC-003 workspace-side boundary escaping — molecule-core#1073
Secret scan / secret-scan (pull_request) Successful in 44s
Details
CI / build (pull_request) Successful in 3m0s
Details 
Adds the workspace-side OFFSEC-003 hardening entry to the 2026-05-14
changelog section already opened in docs#45.

Changes:
- changelog.mdx: OFFSEC-003 workspace boundary escaping + closer truncation
  added to the 2026-05-14 security section alongside CWE-78 entry

Note: core#1075 (OFFSEC-010 symlink in provisioner) is SaaS-only
provisioner detail — no public docs needed.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 22:21:11 +00:00
documentation-specialist 32f15dc591 docs(security): add CWE-78 expandWithEnv regression fix to changelog
Secret scan / secret-scan (pull_request) Successful in 1s
Details
CI / build (pull_request) Successful in 2m21s
Details 
Pairs molecule-core#1030 (Critical). Restores POSIX shell-identifier
guard in expandWithEnv(org_helpers.go:82) that was inadvertently
removed during a regression window. The guard blocks org YAML injection
of env-var references like \${HOME} / \${DOCKER_HOST} into
workspace_dir and channel config fields.

Changes:
- security/changelog.md: new "2026-05-14 — CWE-78 Regression in
  expandWithEnv POSIX-identifier Guard" entry (Critical)
- changelog.mdx: new "2026-05-14" section with security + bugfix entries

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 16:18:22 +00:00