issues Search Results · language:Dune language:JavaScript language:Java language:JavaScript language:Python
Filter by
55.6M results
Severity: high | Category: security | Phase: P0.10
Problem
Verified: _execute_run_command runs subprocess.run(command, shell=True, env=os.environ.copy()), inheriting every secret
(ANTHROPIC/OPENAI/GITHUB/E2B ...
P0-blocker-beta
priority:high
security
Severity: medium | Category: security | Phase: P0.9
Problem
_register_workspace stores owner_user_id=None; list_workspaces returns registry.list_all() with full repo_path for every
entry and deregister_workspace ...
P0-blocker-beta
priority:medium
security
Severity: medium | Category: security | Phase: P0.8
Problem
Verified: check_workspace_exists resolves a raw client path and stats it with no enforce_workspace_allowlist call
(unlike init_workspace at ...
P0-blocker-beta
priority:medium
security
Severity: high | Category: security | Phase: P0.7
Problem
With no WORKSPACE_ROOT (the self-hosted default) enforce_workspace_allowlist skips its containment check, so any
authenticated user can pass ...
P0-blocker-beta
priority:high
security
Severity: high | Category: security | Phase: P0.6
Problem
Verified: require_scope appears only in its own definition + docstring example — used on zero routes. Every v2 router
mounts a blanket Depends(require_auth) ...
P0-blocker-beta
priority:high
security
Severity: high | Category: correctness | Phase: P0.5
Problem
Runtime passes the worktree path to wrapper.run(...), but the wrapper verifies with run_gates(self._workspace, ...) and
quick-fixes self._workspace.repo_path ...
P0-blocker-beta
priority:high
type:bug
Severity: high | Category: data-integrity | Phase: P0.4
Problem
BuiltinReactAdapter.run(...workspace_path...) never uses workspace_path; it builds ReactAgent(workspace=self._workspace)
(the original ...
P0-blocker-beta
priority:high
type:bug
Severity: critical | Category: data-integrity | Phase: P0.3
Problem
Verified: grep merge_back shows only the definition + docstring — zero call sites. External engines write to cf/ task_id
in the worktree, ...
P0-blocker-beta
priority:high
type:bug
Severity: medium | Category: data-integrity | Phase: P0.2
Problem
_persist_token_usage does Database(self.workspace.db_path); db.initialize(), which runs SchemaManager.create_schema() —
creating control-plane ...
P0-blocker-beta
priority:medium
type:bug
Motivation
We currently have no automated formatting enforcement. This surfaced in #29, where a contributor s ruff format run
reflowed many lines unrelated to the actual change, inflating the diff and ...

Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.