molecule-ai/docs
41
0
Fork 0
Code Issues Pull Requests 17 Actions Packages Projects Releases Wiki Activity

docs(changelog): 2026-05-15 EOD entries + broadcast/talk_to_user API reference #49

Open
documentation-specialist wants to merge 12 commits from docs/workspace-abilities-broadcast-changelog-2026-05-15 into main
pull from: docs/workspace-abilities-broadcast-changelog-2026-05-15
merge into: molecule-ai:main
Conversation 20 Commits 12 Files Changed 4
+109

12 Commits

Author SHA1 Message Date
Molecule AI App & Docs Lead 8b61632e6e fix(changelog): remove duplicate expandWithEnv entry in 2026-05-14 Bug fixes
Secret scan / secret-scan (pull_request) Successful in 32s
Details
CI / build (pull_request) Successful in 5m12s
Details 
The CWE-78 OFFSEC-006 fix is already documented in the Security
section above. The Bug fixes section entry is redundant.
 2026-05-16 19:22:53 +00:00
Molecule AI App & Docs Lead 1446879fe7 fix(security-changelog): remove inaccurate set -f clause from OFFSEC-006 entry
Secret scan / secret-scan (pull_request) Successful in 28s
Details
CI / build (pull_request) Successful in 5m44s
Details 
The validate_slug() RFC-1123 regex is the sole remediation. The
set -f "two-layer defence" description was inaccurate — set -f is
not present in promote-tenant-image.sh on main. Corrects per
technical-writer review guidance on docs#51.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-16 13:28:14 +00:00
technical-writer 659a7fb6b7 docs(changelog): fix OFFSEC-006 entries — remove set -f inaccuracy, fix garbled text
Secret scan / secret-scan (pull_request) Successful in 1s
Details
CI / build (pull_request) Successful in 1m10s
Details 
- 2026-05-15 entry: fix garbled 'with RFC-1123 regex with RFC-1123 regex'
  to 'RFC-1123 regex validation'
- 2026-05-14 entry: remove 'set -f disables bash glob expansion' claim.
  The correct fix is validate_slug() with RFC-1123 regex (verified absent
  from promote-tenant-image.sh on molecule-core main).
 2026-05-15 12:05:19 +00:00
app-lead 596fd19049 fix(docs): remove inaccurate set -f claim from OFFSEC-006 changelog entry per hongming-pc2 review
Secret scan / secret-scan (pull_request) Successful in 1m39s
Details
CI / build (pull_request) Successful in 4m28s
Details
2026-05-15 10:43:35 +00:00
documentation-specialist 9a2b259be4 docs(changelog): add 2026-05-15 EOD entries + broadcast/talk_to_user API docs
Secret scan / secret-scan (pull_request) Successful in 1s
Details
CI / build (pull_request) Successful in 4m16s
Details 
## New feature docs
- content/docs/changelog.mdx: add molecule-core#1121 workspace ability flags
  (broadcast_enabled + talk_to_user_enabled), molecule-core#1143 OpenClaw
  heartbeat fix, openclaw#5 minimax/moonshot routing fix,
  molecule-core#1138 ProviderRegistry, openclaw#6 GitHub→Gitea port
- content/docs/mcp-server.mdx: add broadcast_message to Communication table;
  add Callout explaining send_message_to_user/talk_to_user_enabled behaviour
- content/docs/api-reference.mdx: add PATCH /workspaces/:id/abilities
  (AdminAuth) with full body/response documentation

🤖 Generated with [Claude Code](https://claude.ai/claude-code)
 2026-05-15 08:02:27 +00:00
documentation-specialist 7579152414 docs(changelog): update docs#40 → docs#46 for self-hosted Docker guide entry
Secret scan / secret-scan (pull_request) Successful in 0s
Details
CI / build (pull_request) Successful in 3m21s
Details 
docs#40 is closed; the tutorial file is now on docs#46's branch.
Updated the entry to reference docs#46 and mention the Kubernetes
terminationGracePeriodSeconds fix.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 05:16:50 +00:00
documentation-specialist a491773cd7 docs(changelog): replace 2026-05-15 placeholder with full daily entry
CI / build (pull_request) Failing after 14m17s
Details
Secret scan / secret-scan (pull_request) Failing after 14m11s
Details 
Covers all docs PRs merged 2026-05-15:
- docs#44: MCP HTTP/SSE transport gap-fill
- docs#41: OFFSEC-006 SSRF advisory published
- docs#40: self-hosted Docker deployment guide
- docs#30: dev-channels flag requirement page
- docs#29: remote-workspaces graceful shutdown
- docs#32: PLATFORM_URL defaults fix
- docs#31: CWE-22 regression advisory added
- docs#27: SOP checklist gate
- docs#28/37/36/33: changelog structural fixes

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 04:53:17 +00:00
documentation-specialist 65942ab786 docs(changelog): add OFFSEC-006 tenant-slug SSRF advisory to 2026-05-14 + security changelog
CI / build (pull_request) Failing after 12m0s
Details
Secret scan / secret-scan (pull_request) Failing after 11m57s
Details 
Adds molecule-core#933 (OFFSEC-006, CWE-918 SSRF + token exfiltration)
to the 2026-05-14 Security section in changelog.mdx.

Also adds OFFSEC-006 to the Security Changelog (security/changelog.md)
with full vulnerability + fix details, cross-referencing docs#41
(offsec-006-slug-ssrf-advisory.mdx) which will add the full
advisory page when it merges.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 04:30:57 +00:00
documentation-specialist a8ae866ce1 docs(changelog): add 2026-05-15 placeholder section
Secret scan / secret-scan (pull_request) Successful in 1m36s
Details
CI / build (pull_request) Successful in 5m21s
Details 
Day 2026-05-15 begins with no merged PRs (cron fired at 02:15 UTC;
entry will be populated at 23:50 UTC when the day is finalised).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 02:22:16 +00:00
documentation-specialist e409a67539 docs(changelog): add openclaw#4 config fix to 2026-05-14 entry
Secret scan / secret-scan (pull_request) Successful in 0s
Details
CI / build (pull_request) Successful in 3m9s
Details 
Adds the openclaw workspace template models-in-runtime_config bug fix
to today's changelog alongside the existing CWE-78 + OFFSEC-003 entries.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-15 00:01:02 +00:00
documentation-specialist 6520454764 docs(changelog): add OFFSEC-003 workspace-side boundary escaping — molecule-core#1073
Secret scan / secret-scan (pull_request) Successful in 44s
Details
CI / build (pull_request) Successful in 3m0s
Details 
Adds the workspace-side OFFSEC-003 hardening entry to the 2026-05-14
changelog section already opened in docs#45.

Changes:
- changelog.mdx: OFFSEC-003 workspace boundary escaping + closer truncation
  added to the 2026-05-14 security section alongside CWE-78 entry

Note: core#1075 (OFFSEC-010 symlink in provisioner) is SaaS-only
provisioner detail — no public docs needed.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 22:21:11 +00:00
documentation-specialist 32f15dc591 docs(security): add CWE-78 expandWithEnv regression fix to changelog
Secret scan / secret-scan (pull_request) Successful in 1s
Details
CI / build (pull_request) Successful in 2m21s
Details 
Pairs molecule-core#1030 (Critical). Restores POSIX shell-identifier
guard in expandWithEnv(org_helpers.go:82) that was inadvertently
removed during a regression window. The guard blocks org YAML injection
of env-var references like \${HOME} / \${DOCKER_HOST} into
workspace_dir and channel config fields.

Changes:
- security/changelog.md: new "2026-05-14 — CWE-78 Regression in
  expandWithEnv POSIX-identifier Guard" entry (Critical)
- changelog.mdx: new "2026-05-14" section with security + bugfix entries

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-14 16:18:22 +00:00