issues Search Results · language:Dune language:JavaScript language:Python language:Java language:JavaScript language:Java
Filter by
55.1M results
Summary
Revocation is an explicit documented non-goal, so the library cannot reject a revoked capability — there is no store,
hook, or check. ZCAP-LD/digitalbazaar guidance is that a verifier MUST be ...
compliance
P1
revocation
security
moisesja
✅ IMS Token is working
Automated daily check against adobe-llm-proxy.paolo-moz.workers.dev.
Date: 2026-06-16T17:40:31.315Z Model: claude-sonnet-4-6
Proxy Response
{ model : claude-sonnet-4-6 , id : ...
github-actions[bot]
✅ IMS Token is working
Automated daily check against adobe-llm-proxy.paolo-moz.workers.dev.
Date: 2026-06-16T17:40:30.794Z Model: claude-sonnet-4-6
Proxy Response
{ model : claude-sonnet-4-6 , id : ...
Summary
There is no replay defense: the invocation id/proof nonce is never used for uniqueness, proof.created freshness is not
checked, and no domain/challenge binding is verified. A captured valid invocation ...
invocation
P1
security
Summary
The library models and honors a legacy invoker field that the current spec removed in favor of controller-only. When
present it overrides controller in the invoker-identity check, diverging from ...
breaking
compliance
interop
invocation
P1
Summary
No limit on delegation chain length: an attacker-supplied or buggy chain of arbitrary length is processed in full, each
link triggering a cryptographic verification (and, with a loader, a dereference) ...
compliance
dos
P1
security
Summary
Two related issues: (1) the caller-supplied document_loader is invoked during verification with no constraint preventing
arbitrary network fetches of attacker-controlled chain references (SSRF/DoS/substitution); ...
capabilityChain
docs
P1
security
Summary
The security-critical checks (absolute expiry vs clock, fail-closed caveats, ancestor caveats) live only in the
ZcapVerifier facade. The lower-level public invocation.verify_invocation and module-level ...
caveats
compliance
invocation
P1
security
Summary
Attenuation is enforced only between adjacent (parent,child) pairs, and an omitted child field is treated as
unrestricted at this link rather than inherit parent . This allows mid-chain re-broadening: ...
attenuation
compliance
P1
security
Summary
The authoritative design doc (prd-design.md, declared source of truth in CLAUDE.md), README, CONTRIBUTING, and CHANGELOG
all specify JCS as the proof default and pyld as deferred/optional, directly ...
compliance
docs
P1
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.