2026年06月13日 - 2026年07月13日
Overview
37 pull requests merged by 6 users
Merged
#370 web: confirm before logout
Merged
#374 fix: hide deleted apps from resource list
Merged
#369 api::deployment: add tofu lockfile cache
Merged
#355 fix(metering): collect final usage for short-lived resources
Merged
#363 fix(gateway): split QR login requester and requestee tokens
Merged
#357 fix(api): throttle verification email sends
Merged
#367 docs: refresh CLI install instructions
Merged
#362 fix: remove broken auto top-up
Merged
#350 api: atomically guard concurrent deploys for one app (#309)
Merged
#361 fix: point billing links to dashboard anchor
Merged
#364 Fix low credit notification email
Merged
#345 verify: fail fast and never hang
Merged
#351 enclave-builder: normalize app file modes in initramfs
Merged
#356 fix(api): target suspension by resource id
Merged
#359 fix(gateway): use git-safe deploy progress
Merged
#358 fix(cli): create caution.hcl during BYOC init
Merged
#360 fix(cli): require login before BYOC init reads credentials
Merged
#341 fix/cli-hangs-unsupported-ssh-url + TOFU
Merged
#342 dashboard: show platform commit baked in at build time via PLATFORM_GIT_SHA
Merged
#328 caution-config: validate domain and provider IDs at parse time
Merged
#327 cli: rename config dir from api-cli to caution-cli, migrate on first run
Merged
#324 Publish enclave tool commits via /.well-known endpoint + dashboard footer
Merged
#282 gateway: support destroy and get cmnds over ssh
Merged
#318 fix/procfile-run-command-no-split
Merged
#297 WIP[needs-testing-on-dev] gateway: upgrade russh 0.44 -> 0.61 for post-quantum SSH kex
Merged
#298 Locksmith polishing: Procfile validation
Merged
#314 feat: add region routing and resource waitlist notification
Merged
#316 feat/egress-default-deny
Merged
#317 Fix caution init HCL template to match parser schema
Merged
#300 rename byoc to bring your own compute
Merged
#302 metering: fix low credit balance warning
Merged
#313 api: proxy attestation over HTTP by IP to avoid on-demand TLS 502s
Merged
#305 cli: prevent caution verify hang on unreachable app source repo
Merged
#303 HCL Configuration File
Merged
#237 systemdize
Merged
#295 Fix: UI consistency issues on an App's status page
Merged
#290 remove cli suggestion for caution verify --reproduce
10 pull requests proposed by 3 users
Proposed
#337 feat: support multiple users per org
Proposed
#340 Fix prepaid credit mint via Paddle custom_data
Proposed
#353 [EXPERIMENTAL] builder: add opt-in S3 BuildKit layer cache for EIF builds
Proposed
#365 webauthn: stop broadcasting all credentials at login, add discoverable + scoped flow with username-claim gate`
Proposed
#371 feat: expose account ID in settings and CLI
Proposed
#372 config: remove build binary field
Proposed
#373 fix: keep http_port private behind Caddy
Proposed
#375 web: check duplicate SSH keys before signing
Proposed
#378 feat: add Paddle-backed BYOC subscriptions
Proposed
#379 Add admin publish-legal-doc and legal re-acceptance e2e coverage
53 issues closed from 6 users
Closed
#119 Log out should have a prompt, style change, or be moved
Closed
#307 Applications with "failed" or "terminated" deployment states should be hidden or removable
Closed
#195 Billing of Builder
Closed
#80 add IP safelisting
Closed
#78 store build logs in s3
Closed
#132 Error tracking and logging
Closed
#321 caution init --byoc does not generate caution.hcl
Closed
#320 User should be logged in when running caution init --byoc
Closed
#332 Credit suspension targets machines by Name=resource_name, should be ResourceId=resource_id
Closed
#348 Git 2.55.0 will disable non-color terminal escape codes
Closed
#273 billing URL suggested by cli returns Server Not Found
Closed
#270 Send notification email to user when credits are running low
Closed
#309 Deploying two builds at once doesn't lead to an error
Closed
#301 Remove auto top up code as it's not working
Closed
#339 Rewrite installation instructions using new build patterns
Closed
#334 Add throttling for email verification
Closed
#336 Split QR login tokens based on requester and requestee
Closed
#333 Collection when resources are terminated only runs if resources run for longer than an hour
Closed
#142 Optional email + explicit consent flow at signup
Closed
#354 No-op push can silently deploy the wrong branch
Closed
#272 Steve only forwards to apps on port 8083
Closed
#281 Allow apps destroy via ssh, rather than passkey-based auth
Closed
#225 Add binary to PATH with make install-cli or add documentation
Closed
#213 cli/README Zero Trust : reproduce binaries
Closed
#207 cli/README moderate trust workflow blocks
Closed
#211 cli/README Zero Trust : review source
Closed
#311 Add servicequotas:GetServiceQuota to the caution-platform IAM role in dev and prod
Closed
#220 git push caution main No Procfile found after commit
Closed
#161 Return specialized error if SSH key is invalid
Closed
#26 add --simulate
Closed
#79 add session tracking
Closed
#90 migrate Procfile to HCL
Closed
#163 Can't destroy existing instance of app without deleting the entire app
Closed
#170 Applications don't show up in dashboard or CLI if they are destroyed, but not deleted
Closed
#194 Deployments that are terminated vanish in an unclear pattern
Closed
#200 Save platfrom docker logs to persist between teardowns
Closed
#221 caution verify suggests a subcommand that is not supported
Closed
#226 Builder script crashes: Image 'app-image' not found
Closed
#319 HCL migration : unit.args and unit.env are ignored at deploy
Closed
#278 Move steve and locksmith from ENV vars into code level
Closed
#322 CLI breaks on git push... when using caution.hcl
Closed
#288 demo-hello-world-enclave does not pass caution verify attestation
Closed
#294 source reproduction can default to unencrypted http
Closed
#323 Support deploying many apps using BYOC
Closed
#304 caution verify hangs on non-existent Codeberg repo (401 credential prompt)
Closed
#308 Oops, All Gateway! Remove the frontend as a distinct component.
Closed
#293 caution verify fetches attestation using unencrypted http
Closed
#88 Improve error when pushing dirty branch
Closed
#173 Change registration language to explain the registration with passkey / security keys
Closed
#157 Change the registration UI to explain security keys
Closed
#165 5 day warning for projected account spend to reach 0
Closed
#289 cli output suggests two different caution verify commands
Closed
#274 caution verify --from-local doesn't account for git untracked files
45 issues created by 6 users
Opened
#288 demo-hello-world-enclave does not pass caution verify attestation
Opened
#289 cli output suggests two different caution verify commands
Opened
#291 Users sometimes end up with negative balances
Opened
#292 Resources don't get torn down when user runs out of credits
Opened
#293 caution verify fetches attestation using unencrypted http
Opened
#294 source reproduction can default to unencrypted http
Opened
#296 Improve billing page UI
Opened
#299 caution apps build fails for locksmith-enabled apps (keyforkd missing tokio/sync)
Opened
#301 Remove auto top up code as it's not working
Opened
#304 caution verify hangs on non-existent Codeberg repo (401 credential prompt)
Opened
#306 Dashboard details must display when debug mode is active
Opened
#307 Applications with "failed" or "terminated" deployment states should be hidden or removable
Opened
#308 Oops, All Gateway! Remove the frontend as a distinct component.
Opened
#309 Deploying two builds at once doesn't lead to an error
Opened
#310 Add automated path support for local installs for CLI
Opened
#311 Add servicequotas:GetServiceQuota to the caution-platform IAM role in dev and prod
Opened
#312 Infrastructure Management Checklist
Opened
#315 Pricing: Update margins for fully-managed, pricing for BYOC
Opened
#319 HCL migration : unit.args and unit.env are ignored at deploy
Opened
#320 User should be logged in when running caution init --byoc
Opened
#321 caution init --byoc does not generate caution.hcl
Opened
#322 CLI breaks on git push... when using caution.hcl
Opened
#323 Support deploying many apps using BYOC
Opened
#325 Error when trying to deploy to fully managed
Opened
#326 No proper error handling for failed commit pulls from upstream
Opened
#329 Provide input values to Tofu using an hcl-rs-generated tfvars
Opened
#330 Remove build.binary. It can be a two liner Dockerfile if absolutely necessary
Opened
#331 Store PCRs after building enclave, use stored PCRs when checking attestation on dashboard
Opened
#332 Credit suspension targets machines by Name=resource_name, should be ResourceId=resource_id
Opened
#333 Collection when resources are terminated only runs if resources run for longer than an hour
Opened
#334 Add throttling for email verification
Opened
#335 AWS Cost Explorer? More Like AWS Cost Exploder. Remove it.
Opened
#336 Split QR login tokens based on requester and requestee
Opened
#339 Rewrite installation instructions using new build patterns
Opened
#343 caution verify hangs silently at "Reproducing enclave image" when codeberg.org is not in known_hosts
Opened
#344 Git remote URL generated with duplicate port (2222:2222) in both dashboard and caution init output
Opened
#346 Fail early when caution verify is too old for the remote attestation
Opened
#347 Investigate to ensure fully managed reservations are being released properly
Opened
#348 Git 2.55.0 will disable non-color terminal escape codes
Opened
#349 Implement a Keymaker Proxy, and actually make use of Ingress cidr_ipv4
Opened
#354 No-op push can silently deploy the wrong branch
Opened
#366 QR login is not phishing-resistant: victim session delivered to attacker-initiator (approver↔initiator binding)
Opened
#368 Re-acceptance flow when Terms of Service or Privacy Notice are updated
Opened
#376 run_with_timeout is sync, should be async
Opened
#377 Add opt-in Sentry error reporting for platform services and dashboard
58 unresolved conversations
Open
#192
Cost is not clear(!)
Open
#233
Observability Into Builders
Open
#116
Adding an SSH key should check for the existence of matching SSH keys before signing a POST
Open
#140
Concurrent sessions allowed across devices with no notification or revocation
Open
#117
Dismissable banner on the top of the page should be "above" the page
Open
#86
Automatically figure out default run command based on containerfile
Open
#265
http_port app port exposed publicly via vsock proxy — bypasses Caddy TLS
Open
#164
Display account ID in settings, and have CLI option to retrieve
Open
#175
Implement a full ToS/Privacy acceptance flow via CLI
Open
#250
Prebuild EnclaveOS components
Open
#216
Enclave boot speed needs to be much faster
Open
#249
Optimize tofu init
Open
#191
Attestation URL is Misleading
Open
#123
repository <repo> not found
Open
#261
caution secret new[-keyring]: allow specifying key fingerprint and WKD
Open
#268
Ensure manifest is signed by enclave key
Open
#228
Builder termination outside of SSH
Open
#99
we should have signed requests implemented as an Axum extractor instead of implemented as an auth middleware
Open
#43
templating engine
Open
#130
LLM "skill" for caution platform
Open
#155
When registering, informative modal about WebAuthn registration doesn't pop up
Open
#227
Improve quickstart full-managed docs
Open
#260
Script for rotating db encryption key
Open
#243
Test locksmith cli on MacOS
Open
#266
Native unixsock/tcp tunnel between client and platform
Open
#248
Host a Cargo cache alongside the application so we're not hammering crates.io
Open
#251
CPU count is tied to RAM - simplify caution.hcl?
Open
#103
Redeploy enclave on force-push
Open
#57
allow user to build their own image
Open
#154
Show data about storage
Open
#166
Wishlist: Admin Dashboard
Open
#230
Codebase Refactors
Open
#115
External device storage
Open
#92
add delete account option
Open
#96
write helpers for bumping stagex deps in Containerfiles
Open
#111
Create Terraform modules for Caution apps
Open
#121
caution init doesn't require staging and committing the Procfile
Open
#122
No caution subcommand to (re)create the Procfile
Open
#9
Recovery codes --> backup strategy
Open
#64
Prevent dangling domains by reserving elastic IPs
Open
#62
improve url handling for enclave_source url and app_source url
Open
#54
use proper key management service for encryption key for credentials
Open
#189
Indicate time needed for Deployment
Open
#196
EU-Zone Privacy
Open
#199
Add CPU limit per user
Open
#171
Add setup to backup database and schedule weekly checks to ensure backups are valid
Open
#159
caution register: handle errors gracefully on server
Open
#174
Add Apple pay domain association file
Open
#146
Allow PIN toggle via for FIDO2 via CLI
Open
#133
Use spot instances for builders
Open
#129
Remove busybox from everything
Open
#224
provide caution keyserver fingerprint out of band
Open
#240
Move prod server to using instance profile rather than creds
Open
#217
WebAuthn option not documented in cli --help
Open
#244
Ensure byoc enclaves are shutd down on cancel
Open
#219
Rename or split cli --qr option
Open
#202
IPv6 EC2
Open
#284
Add ability to add new users