-
Notifications
You must be signed in to change notification settings - Fork 1
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
Harden workflow-scripts-dir.sh resolver: ownership/permission checks before exec
audit/securitySecurity scanner findingSecurity scanner findingcomponent/toolingRepo-wide developer tooling (justfile, lefthook, build scripts)Repo-wide developer tooling (justfile, lefthook, build scripts)effort/smallSmall effortSmall effortseverity/lowLow severityLow severitytype/refactorCode refactoringCode refactoringStatus: Open.#667 In joshjhall/containers;ci: pin GitHub Actions to commit SHAs (supply-chain hardening)
component/ciCI/CD workflows and pipelinesCI/CD workflows and pipelineseffort/smallSmall effortSmall effortseverity/lowLow severityLow severitytype/featureNew feature or enhancementNew feature or enhancementStatus: Open.#650 In joshjhall/containers;harden base-image signing path + polish evidence-dispatch helper (deferred from #640)
component/base-imagesBase images for evidence runs and v5 container buildsBase images for evidence runs and v5 container buildscomponent/ciCI/CD workflows and pipelinesCI/CD workflows and pipelinesseverity/mediumMedium severityMedium severitytype/choreDependency updates, CI, maintenanceDependency updates, CI, maintenanceStatus: Open.#648 In joshjhall/containers;- Status: Open.#638 In joshjhall/containers;
- Status: Open.#637 In joshjhall/containers;
- Status: Open.#636 In joshjhall/containers;
golem launch denied by auto-mode classifier — bake tmux launch permission into default settings.json
Status: Open.#635 In joshjhall/containers;sync-host: bare-host refresh omits skill templates + installed ~/.claude/skills, so merged skill changes don't take effect
component/toolingRepo-wide developer tooling (justfile, lefthook, build scripts)Repo-wide developer tooling (justfile, lefthook, build scripts)effort/smallSmall effortSmall effortseverity/mediumMedium severityMedium severitystatus/on-holdDeferred — not actively worked, skipped by next-issueDeferred — not actively worked, skipped by next-issuetype/bugBug fixBug fixStatus: Open.#627 In joshjhall/containers;CI flake: "Set up Docker Buildx" step fails transiently, reds out Build jobs unrelated to the change
component/ciCI/CD workflows and pipelinesCI/CD workflows and pipelineseffort/smallSmall effortSmall effortseverity/mediumMedium severityMedium severitytype/bugBug fixBug fixStatus: Open.#626 In joshjhall/containers;ci(security): route github.event_name/base_ref through env in lint-ai-templates job
component/ciCI/CD workflows and pipelinesCI/CD workflows and pipelinesseverity/lowLow severityLow severitytype/choreDependency updates, CI, maintenanceDependency updates, CI, maintenanceStatus: Open.#592 In joshjhall/containers;security(observability): encode newlines/percent in build-failure ::error annotation
component/ciCI/CD workflows and pipelinesCI/CD workflows and pipelinescomponent/observabilityLogging, metrics, tracing, diagnosticsLogging, metrics, tracing, diagnosticsseverity/lowLow severityLow severitytype/featureNew feature or enhancementNew feature or enhancementStatus: Open.#591 In joshjhall/containers;test(luggage): cover ETXTBSY retry-exhaustion + stderr-under-parallel paths
component/luggageLuggage build engine — manifest-driven feature installationLuggage build engine — manifest-driven feature installationeffort/smallSmall effortSmall effortseverity/lowLow severityLow severitytype/testTestsTestsStatus: Open.#589 In joshjhall/containers;