issues Search Results · language:Dune language:JavaScript language:Java language:Python language:Java language:PHP
Filter by
60.7M results
Summary
proofPurpose is validated only at parse time as a string literal; the verification layer never re-checks it, and there
is no verification-relationship authorization step. For did:key the single ...
compliance
P1
proof
security
moisesja
Summary
The test suite, fixtures, and examples bake JCS in as a supported/default behavior — including a test that explicitly
asserts ZcapVerifier() defaults to JCS. After JCS removal these will fail ...
cleanup
compliance
examples
P1
tests
Summary
Three inconsistencies in invocationTarget handling: (1) target attenuation is gated behind
allow_target_attenuation=False by default, so spec/reference-valid narrowed chains are rejected out of ...
attenuation
compliance
interop
P1
Summary
Revocation is an explicit documented non-goal, so the library cannot reject a revoked capability — there is no store,
hook, or check. ZCAP-LD/digitalbazaar guidance is that a verifier MUST be ...
compliance
P1
revocation
security
✅ IMS Token is working
Automated daily check against adobe-llm-proxy.paolo-moz.workers.dev.
Date: 2026-06-16T17:40:30.794Z Model: claude-sonnet-4-6
Proxy Response
{ model : claude-sonnet-4-6 , id : ...
github-actions[bot]
✅ IMS Token is working
Automated daily check against adobe-llm-proxy.paolo-moz.workers.dev.
Date: 2026-06-16T17:40:31.315Z Model: claude-sonnet-4-6
Proxy Response
{ model : claude-sonnet-4-6 , id : ...
Summary
There is no replay defense: the invocation id/proof nonce is never used for uniqueness, proof.created freshness is not
checked, and no domain/challenge binding is verified. A captured valid invocation ...
invocation
P1
security
Summary
The library models and honors a legacy invoker field that the current spec removed in favor of controller-only. When
present it overrides controller in the invoker-identity check, diverging from ...
breaking
compliance
interop
invocation
P1
Summary
No limit on delegation chain length: an attacker-supplied or buggy chain of arbitrary length is processed in full, each
link triggering a cryptographic verification (and, with a loader, a dereference) ...
compliance
dos
P1
security
Summary
Two related issues: (1) the caller-supplied document_loader is invoked during verification with no constraint preventing
arbitrary network fetches of attacker-controlled chain references (SSRF/DoS/substitution); ...
capabilityChain
docs
P1
security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.