Changelog
Customer-facing release notes for Molecule AI — updated daily.
All notable changes to the Molecule AI platform are documented here. Entries are published daily at 23:50 UTC.
2026-04-17
A high-velocity day: 80+ PRs merged across platform, canvas, runtimes, security, and channels.
✨ New features
opencode Integration — MCP bridge for AI coding agents
Connect opencode to any Molecule AI workspace over a
standard Authorization: Bearer remote MCP connection. opencode gains the full
A2A tool surface (delegate_task, list_peers, recall_memory, and more)
via two transports: Streamable HTTP (POST /workspaces/:id/mcp) and SSE
(backwards-compat GET /workspaces/:id/mcp/stream). Rate-limited to 120 req/min
per token. See the opencode Integration guide.
(#840, #842)
Slack — per-agent identity with Bot Token mode
The Slack channel adapter now supports dual-mode outbound: Bot Token (new,
recommended) and Incoming Webhook (legacy, unchanged). With a bot_token each
workspace posts under its own display name and icon via chat:write.customize.
Markdown is automatically converted to Slack mrkdwn format.
See Channels.
(#844, #851)
AG-UI compatible SSE endpoint
New GET /workspaces/:id/events endpoint streams agent events as AG-UI
compatible Server-Sent Events. Enables AG-UI frontend integrations to subscribe
to live workspace activity without polling.
(#601)
A2A topology overlay on the canvas
The canvas now renders a live A2A topology overlay — every workspace as a node, every in-flight delegation as an animated directed edge. Zoom to team, click any edge to inspect the task payload. (#751)
Audit trail visualisation panel
A new audit trail panel in the canvas surfaces the HMAC-SHA256 immutable event log per workspace — every task received, LLM call, and completion in chronological order with chain-of-custody verification. (#651, #759)
Workspace hibernation — auto-pause idle workspaces
Workspaces that receive no tasks for HIBERNATION_IDLE_MINUTES (default: 30)
are automatically hibernated (containers paused, resources freed). They
auto-wake on the next inbound task with full state restored. Manage via
POST /workspaces/:id/hibernate and POST /workspaces/:id/wake.
See API Reference.
(#724)
Temporal workflow checkpoints — step-level persistence
Workspace templates now persist intermediate workflow steps to the database. On container restart (crash, deploy, hibernate/wake) the workspace resumes from the last completed step rather than restarting the whole task. Step endpoints documented in the API Reference. (#797, #803)
Semantic memory search
Agent memory is now vector-indexed via pgvector. recall_memory accepts an
optional ?q= parameter for semantic (embedding) search in addition to exact
keyword match. Nearest-neighbour results are ranked by cosine similarity and
colour-coded in the canvas Memory Inspector.
(#784, #787)
Memory Inspector panel
A new canvas panel lets you browse, search, and inspect all LOCAL and TEAM
memory keys for any workspace — live, without leaving the canvas.
(#738)
Hermes — stacked system messages
The Hermes runtime now accepts a system_blocks list: each block (persona,
tools, reasoning policy) is merged in order rather than overwriting the previous
system prompt. Enables persona stacking for complex multi-role workflows.
See API Reference → Runtimes section.
(#655, #798)
Hermes — native tools parameter
Hermes passes tools to the model via the native tools=[] API parameter instead
of text-in-prompt injection. Structured tool definitions, better token efficiency,
and full compatibility with Nous/Hermes-3 tool call format.
(#644)
Hermes — structured output (response_format)
response_format=json_schema is now wired through to the model. Hermes
workspaces can request strict JSON output against a defined schema.
(#645)
AGENTS.md auto-generation
Platform workspaces now auto-generate an AGENTS.md file in the workspace
container at boot. The file lists all peer workspaces visible to this workspace,
their roles, and their capabilities — giving LLMs automatic context about the
org topology without manual prompt engineering.
(#763)
Discord channel adapter
A new Discord adapter joins Telegram, Slack, and Lark. Configure with a
bot_token and channel_id to send and receive messages on Discord.
(#656)
Per-workspace budget limits
Set a budget_limit (USD) on any workspace. The A2A executor enforces the limit
at task dispatch — tasks that would exceed the monthly cap are rejected with a
429 Budget Exceeded error. Configure via PATCH /workspaces/:id.
(#611, #606)
Per-workspace token metrics
GET /workspaces/:id/metrics returns token counts (input, output, cache read/write)
aggregated over rolling 1-hour and 30-day windows. Live usage is displayed in the
canvas WorkspaceUsage panel.
(#602, #627)
Claude Opus 4.7 — effort levels and task budget
Workspace config now exposes effort (low / medium / high / xhigh /
max) and task_budget (token ceiling) for Anthropic Claude workspaces.
xhigh and max activate extended thinking (Opus 4.7+ only). Configure in the
Canvas Config tab or via PATCH /workspaces/:id.
(#639, #654, #669)
Plugin supply-chain hardening
All plugin refs must now be pinned (no latest, no floating branches). Unpinned
refs are blocked at load time unless PLUGIN_ALLOW_UNPINNED=true. SHA-256
integrity checking available for plugin archives.
(#775)
Org-level plugin governance registry
A new per-org allowlist controls which plugins workspaces in that org are
permitted to load. Managed via POST/DELETE /admin/orgs/:orgId/plugins/allowlist.
(#610)
Schedule health endpoint
GET /admin/schedules/health returns cross-workspace cron health: last-fired,
next-scheduled, consecutive-empty count, and phantom detection status for every
schedule in the org.
(#671, #796)
Fly Machines provisioner
The platform now supports PROVISIONER=flyio — workspaces are provisioned as
Fly Machines instead of Docker containers or EC2 instances. See the
self-hosting guide.
(#578 — docs PR #7)
🔒 Security
- Auth hardening — PATCH
/workspaces/:idnow requires ownership validation; UUID fields are validated before DB queries; input lengths bounded across all handlers. (#692, #701) - Admin token isolation —
AdminAuthmiddleware correctly rejects workspace bearer tokens whenADMIN_TOKENis set, preventing privilege escalation from workspace token → admin. (#684, #729) - Metrics route auth —
GET /workspaces/:id/metricsnow requires workspace bearer token; previously it was unauthenticated. (#696) - X-Workspace-ID forgery — Requests spoofing the
system-caller/prefix inX-Workspace-IDheaders are rejected. (#766) - GLOBAL memory injection safeguards —
commit_memorywithscope: GLOBALnow validates content for prompt injection patterns before persisting. (#769) - Security headers —
X-Content-Type-Options: nosniffandX-Frame-Options: DENYadded to all API responses. (#629) - Token revocation hardening — Revoked tokens are purged from the in-memory cache within 60s; previously the cache could serve revoked tokens until TTL expiry. (#696)
- MCP server — npm version pinned;
-yflag removed from install commands. (SAFE-MCP NEW-003, #808 — docs PR #18) - Canvas test-token endpoint — gated behind
AdminAuthand removed from general router. (#612, #708)
🔧 Fixes
- Fixed
POST /workspacesnot persisting the secrets envelope on create. (#568) - Fixed self-delegation deadlock when a workspace delegates to itself. (#570)
- Fixed GitHub installation token expiry — tokens now refresh automatically before expiry rather than failing mid-operation. (#567)
- Fixed
TenantGuardsame-origin bypass for EC2 tenant Canvas. (#584) - Fixed pgvector migration to wrap in
DOblock, eliminating E2E CI failures from duplicate extension install. (#843, #670, #636) - Fixed scheduler dropping schedules with
NULL next_run_atpermanently. (#728) - Fixed
ValidateTokennot checkingremovedworkspace status, allowing tokens for deleted workspaces to authenticate. (#719) - Fixed canvas hydration error UI, radio keyboard nav, and zoom-to-team shortcut. (#565)
- Fixed canvas UX: error handling, accessibility, loading state. (#587)
- Fixed canvas deploy preflight to require env keys for Hermes and Gemini CLI runtimes. (#588)
- Fixed budget/spend counters capping before DB upsert to prevent NUMERIC overflow. (#630, #634)
- Fixed pgvector TEXT→UUID FK type mismatch in migrations 028 and 031 that blocked all E2E runs. (#646, #670, #843)
- Fixed duplicate hook firings (3–4×) in
dedup_settings_hooks. (#551, #597) - Accessibility fixes: keyboard access on
TeamMemberChip,role=alerton status banners, close button label,ProvisioningTimeoutmodal. (#841)
📚 Docs
- Google ADK runtime — added hands-on Quickstart section. (docs PR #8)
- Hermes — full runtime reference page. (docs PR #9)
- AGENTS.md — auto-generation documented in concepts. (docs PR #10)
- Semantic memory search —
?q=param documented in API reference. (docs PR #11) - Canvas A2A topology overlay + audit trail panel. (docs PR #12)
- molecule-medo plugin — opt-in platform plugin page. (docs PR #13)
- Workspace hibernation — status lifecycle, endpoints, auto-wake behaviour. (docs PR #14)
- molecule-audit-ledger — HMAC chain,
/auditendpoint,LedgerHooks, CLI. (docs PR #15) - Hermes stacked system messages —
system_blockskwarg. (docs PR #16) - Plugin supply chain security — pinned refs required, SHA-256 integrity. (docs PR #17)
- SAFE-MCP audit report 2026-04-17. (docs PR #18)
- Temporal workflow checkpoints — step endpoints, auto-resume behaviour. (docs PR #19)
Changelog entries are compiled by the Documentation Specialist from all merged pull requests for the day. Times are UTC.