-
Notifications
You must be signed in to change notification settings - Fork 0
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
Security: Zeroize JWT bytes after identity derivation (spec 030 NFR-001)
bugSomething isn't workingSomething isn't workingno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#597 In traverse-framework/traverse;Security: Classify governed artifacts via registry/approved-specs, not path heuristics (spec 030 FR-008)
bugSomething isn't workingSomething isn't workingno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#596 In traverse-framework/traverse;Security: Fix SECURITY.md reporting path and publish formal threat model
enhancementNew feature or requestNew feature or requestno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specqualityQuality gates, CI, coverage, and engineering standardsQuality gates, CI, coverage, and engineering standardssecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#595 In traverse-framework/traverse;Quality: Enforce coverage gate for traverse-cli and traverse-mcp (constitution 100% core logic)
enhancementNew feature or requestNew feature or requestno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specqualityQuality gates, CI, coverage, and engineering standardsQuality gates, CI, coverage, and engineering standardsStatus: Open.#594 In traverse-framework/traverse;Permanence: Durable event journal beyond in-memory retention window (spec 036)
blockedWork is blocked and the issue body must say whyWork is blocked and the issue body must say whyenhancementNew feature or requestNew feature or requestfutureFuture work that is tracked but not the current active sliceFuture work that is tracked but not the current active sliceneeds-specBlocked until a governing spec slice is written or tightenedBlocked until a governing spec slice is written or tightenedruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace workStatus: Open.#593 In traverse-framework/traverse;Security: Add MCP stdio authentication boundary and redact execution traces (spec 042)
enhancementNew feature or requestNew feature or requestno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#592 In traverse-framework/traverse;Security: Propagate subject_id/actor_id into TraverseEvent envelopes and subscription filters (spec 030 FR-006/016)
enhancementNew feature or requestNew feature or requestno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#591 In traverse-framework/traverse;Security: Enforce SHA-256 checksum in verify_artifact before execution (spec 031 FR-007)
bugSomething isn't workingSomething isn't workingno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#590 In traverse-framework/traverse;Security: Replace Sigstore verified:// stub with real Rekor/Fulcio verification (spec 030/031)
bugSomething isn't workingSomething isn't workingno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#589 In traverse-framework/traverse;Security: RuntimeSecurityConfig defaults to Development — production mode must be default (spec 030 FR-013)
bugSomething isn't workingSomething isn't workingno-spec-neededWork can proceed under existing approved specs or does not require a new governing specWork can proceed under existing approved specs or does not require a new governing specruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#588 In traverse-framework/traverse;Security/Perf: Ollama inference client timeout applies only to connect, not read; response read is unbounded (thread hang + OOM)
bugSomething isn't workingSomething isn't workingruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace worksecuritySecurity, trust, provenance, and validation concernsSecurity, trust, provenance, and validation concernsStatus: Open.#587 In traverse-framework/traverse;Portability: runtime hard-depends on native Wasmtime — core can't build for wasm32 (browser/edge), contradicting "run everywhere"
enhancementNew feature or requestNew feature or requestneeds-specBlocked until a governing spec slice is written or tightenedBlocked until a governing spec slice is written or tightenedruntimeRuntime, execution, state, and trace workRuntime, execution, state, and trace workStatus: Open.#586 In traverse-framework/traverse;