2025年07月13日 - 2026年07月13日
Overview
80 pull requests merged by 7 users
Merged
#370 web: confirm before logout
Merged
#374 fix: hide deleted apps from resource list
Merged
#369 api::deployment: add tofu lockfile cache
Merged
#355 fix(metering): collect final usage for short-lived resources
Merged
#363 fix(gateway): split QR login requester and requestee tokens
Merged
#357 fix(api): throttle verification email sends
Merged
#367 docs: refresh CLI install instructions
Merged
#362 fix: remove broken auto top-up
Merged
#350 api: atomically guard concurrent deploys for one app (#309)
Merged
#361 fix: point billing links to dashboard anchor
Merged
#364 Fix low credit notification email
Merged
#345 verify: fail fast and never hang
Merged
#351 enclave-builder: normalize app file modes in initramfs
Merged
#356 fix(api): target suspension by resource id
Merged
#359 fix(gateway): use git-safe deploy progress
Merged
#358 fix(cli): create caution.hcl during BYOC init
Merged
#360 fix(cli): require login before BYOC init reads credentials
Merged
#341 fix/cli-hangs-unsupported-ssh-url + TOFU
Merged
#342 dashboard: show platform commit baked in at build time via PLATFORM_GIT_SHA
Merged
#328 caution-config: validate domain and provider IDs at parse time
Merged
#327 cli: rename config dir from api-cli to caution-cli, migrate on first run
Merged
#324 Publish enclave tool commits via /.well-known endpoint + dashboard footer
Merged
#282 gateway: support destroy and get cmnds over ssh
Merged
#318 fix/procfile-run-command-no-split
Merged
#297 WIP[needs-testing-on-dev] gateway: upgrade russh 0.44 -> 0.61 for post-quantum SSH kex
Merged
#298 Locksmith polishing: Procfile validation
Merged
#314 feat: add region routing and resource waitlist notification
Merged
#316 feat/egress-default-deny
Merged
#317 Fix caution init HCL template to match parser schema
Merged
#300 rename byoc to bring your own compute
Merged
#302 metering: fix low credit balance warning
Merged
#313 api: proxy attestation over HTTP by IP to avoid on-demand TLS 502s
Merged
#305 cli: prevent caution verify hang on unreachable app source repo
Merged
#303 HCL Configuration File
Merged
#237 systemdize
Merged
#295 Fix: UI consistency issues on an App's status page
Merged
#290 remove cli suggestion for caution verify --reproduce
Merged
#287 Add ability to download existing EIFs
Merged
#285 fix/keygen-add-signing-subkey
Merged
#280 cli: add openpgp helper command for generating a cert
Merged
#279 fix(cli): update brew install hints to use nettle@3 on macOS
Merged
#276 cli: add command for encrypting vars
Merged
#277 fix(cli): apps build honors e2e/locksmith and records app_source
Merged
#275 cli::lib.rs: build from clean HEAD state
Merged
#269 cli: fix mac installation location
Merged
#264 anton/extra-debug
Merged
#263 cli: make 'binary' Procfile field optional in local app build (app deploy works fine)
Merged
#258 ssh_server: deploy exact pushed ref from git receive-pack
Merged
#257 cli::lib.rs: improve remote manifest source checkout
Merged
#223 remove error bail help suggesting caution describe
Merged
#252 anton/fix/locksmith-port
Merged
#246 fix/remove-suspension-on-credit-add
Merged
#239 frontend: enable vite prod mode
Merged
#242 frontend: run npm audit and fail run if high/crit vulns detected
Merged
#234 api, terraform: add Caddy health check
Merged
#231 add email flow + nav cleanup
Merged
#215 WIP: builder heartbeat
Merged
#210 doc cli README link to Containerfile
Merged
#206 docs: add make release-cli to Verify Signatures
Merged
#212 allow defaulting Containerfile, Dockerfile, and containerfile: parsing
Merged
#209 Describe Billing Period
Merged
#208 fix: Redeem Option Order
Merged
#205 docs: use keyserver and recv-keys for key import
Merged
#204 registration screens copy improvements
Merged
#203 fix app metadata and localized time display
Merged
#186 mac-os-cli
Merged
#185 feat: print messages about unsafe build or run environment
Merged
#184 update code to spin up builders in client account
Merged
#183 WIP: Billing Fixes
Merged
#181 fix: use default tags when deploying resources with Tofu
Merged
#178 tos backend and front-end modals
Merged
#179 cleaned up the alpha language, tweaked footer, polished dash ui
Merged
#176 fix: show billable terminated resources
Merged
#177 fix: hide loading text if we have content
Merged
#153 Add legal doc versioning and ToS/Privacy consent tracking
Merged
#151 updated the footer to match caution.co
Merged
#149 fixed webauthn error messages
Merged
#145 set user pref for FIDO2 to "Preferred"
Merged
#136 integrate locksmith
Merged
#131 feat: spin up instances for builders on demand
11 pull requests proposed by 3 users
Proposed
#232 infra-bootstrap: add bucket for database backups
Proposed
#337 feat: support multiple users per org
Proposed
#340 Fix prepaid credit mint via Paddle custom_data
Proposed
#353 [EXPERIMENTAL] builder: add opt-in S3 BuildKit layer cache for EIF builds
Proposed
#365 webauthn: stop broadcasting all credentials at login, add discoverable + scoped flow with username-claim gate`
Proposed
#371 feat: expose account ID in settings and CLI
Proposed
#372 config: remove build binary field
Proposed
#373 fix: keep http_port private behind Caddy
Proposed
#375 web: check duplicate SSH keys before signing
Proposed
#378 feat: add Paddle-backed BYOC subscriptions
Proposed
#379 Add admin publish-legal-doc and legal re-acceptance e2e coverage
169 issues closed from 6 users
Closed
#119 Log out should have a prompt, style change, or be moved
Closed
#307 Applications with "failed" or "terminated" deployment states should be hidden or removable
Closed
#195 Billing of Builder
Closed
#80 add IP safelisting
Closed
#78 store build logs in s3
Closed
#132 Error tracking and logging
Closed
#321 caution init --byoc does not generate caution.hcl
Closed
#320 User should be logged in when running caution init --byoc
Closed
#332 Credit suspension targets machines by Name=resource_name, should be ResourceId=resource_id
Closed
#348 Git 2.55.0 will disable non-color terminal escape codes
Closed
#273 billing URL suggested by cli returns Server Not Found
Closed
#270 Send notification email to user when credits are running low
Closed
#309 Deploying two builds at once doesn't lead to an error
Closed
#301 Remove auto top up code as it's not working
Closed
#339 Rewrite installation instructions using new build patterns
Closed
#334 Add throttling for email verification
Closed
#336 Split QR login tokens based on requester and requestee
Closed
#333 Collection when resources are terminated only runs if resources run for longer than an hour
Closed
#142 Optional email + explicit consent flow at signup
Closed
#354 No-op push can silently deploy the wrong branch
Closed
#272 Steve only forwards to apps on port 8083
Closed
#281 Allow apps destroy via ssh, rather than passkey-based auth
Closed
#225 Add binary to PATH with make install-cli or add documentation
Closed
#213 cli/README Zero Trust : reproduce binaries
Closed
#207 cli/README moderate trust workflow blocks
Closed
#211 cli/README Zero Trust : review source
Closed
#311 Add servicequotas:GetServiceQuota to the caution-platform IAM role in dev and prod
Closed
#220 git push caution main No Procfile found after commit
Closed
#161 Return specialized error if SSH key is invalid
Closed
#26 add --simulate
Closed
#79 add session tracking
Closed
#90 migrate Procfile to HCL
Closed
#163 Can't destroy existing instance of app without deleting the entire app
Closed
#170 Applications don't show up in dashboard or CLI if they are destroyed, but not deleted
Closed
#194 Deployments that are terminated vanish in an unclear pattern
Closed
#200 Save platfrom docker logs to persist between teardowns
Closed
#221 caution verify suggests a subcommand that is not supported
Closed
#226 Builder script crashes: Image 'app-image' not found
Closed
#319 HCL migration : unit.args and unit.env are ignored at deploy
Closed
#278 Move steve and locksmith from ENV vars into code level
Closed
#322 CLI breaks on git push... when using caution.hcl
Closed
#288 demo-hello-world-enclave does not pass caution verify attestation
Closed
#294 source reproduction can default to unencrypted http
Closed
#323 Support deploying many apps using BYOC
Closed
#304 caution verify hangs on non-existent Codeberg repo (401 credential prompt)
Closed
#308 Oops, All Gateway! Remove the frontend as a distinct component.
Closed
#293 caution verify fetches attestation using unencrypted http
Closed
#88 Improve error when pushing dirty branch
Closed
#173 Change registration language to explain the registration with passkey / security keys
Closed
#157 Change the registration UI to explain security keys
Closed
#165 5 day warning for projected account spend to reach 0
Closed
#289 cli output suggests two different caution verify commands
Closed
#274 caution verify --from-local doesn't account for git untracked files
Closed
#259 Update cli docs to reflect current state
Closed
#256 Port 49500 not reachable externally (possibly after reserved port migration)
Closed
#255 Request additional resource limit increase with AWS
Closed
#254 Fresh deployments fail health check, possible after internal attestation port move to 49502
Closed
#253 caution login --qr web page returns 404
Closed
#229 Procfile no_cache feature does not work
Closed
#150 Support environment variable for --url
Closed
#247 Add instrumentation for error notifications
Closed
#135 Fix builder timeout
Closed
#238 Consider renaming the caution git remote
Closed
#241 Add npm audit before deploy and block on high and crits
Closed
#245 Adding credits doesn't remove credit exhaustion lock
Closed
#180 Allow to optionally add email during the registration
Closed
#187 Show that YubiKey is needed in UI
Closed
#66 pin all source hashes used internally for platform
Closed
#188 Redeem Option / Credit Option
Closed
#190 Offer Containerfile for CLI
Closed
#118 btn-secondary is too not-evident that it's a UX item
Closed
#197 Disk size is not shown
Closed
#44 check hash of resources when they are downloaded
Closed
#144 Update all website copy and links from alpha to GA
Closed
#37 support for FIDO2 ssh keys
Closed
#3 add support for building cli for aarch64 (macos)
Closed
#201 Alpha Title in Dashboard
Closed
#198 Show Times in User Timezone and Locale (such as Created)
Closed
#193 Unable to use Domain and CPU/Memory Feature
Closed
#182 Fix/finalize billing
Closed
#143 Add explicit ToS + Privacy Notice acceptance at sign-up
Closed
#134 Add spinner for builder stage when deploying
Closed
#160 Autoredirect from root to dashboard if logged in
Closed
#168 Add navigation history and pseudo URLs for sections of dashboard
Closed
#97 any changes to enclave builder have to be hash locked with the platform to ensure reproducibility
Closed
#156 Support multi-key registration
Closed
#137 Update the contact link in the footer
Closed
#138 Delete alpha banners & tags from the dashboard
Closed
#139 Better UX for the pin CTA
Closed
#147 Loading section for components should only be shown if an empty list has not been rendered at least once
Closed
#167 Ledger has short term memory loss
Closed
#162 init of a new app puts the app into a deploying state, blocking git push
Closed
#158 Fix session and CSRF cookie metadata to include Secure and SameSite=Strict
Closed
#172 Set up the Paddle backend - add products to Paddle
Closed
#110 replace packer binary
Closed
#5 Add billing using paddle (done) and crypto support (backlog)
Closed
#169 Caution dashboard attestation sends invalid payload to enclave
Closed
#141 Web: Logging in w/o an account doesn't have any precheck to see if an account exists for key
Closed
#148 Misleading error message when no credentials exist on a fresh instance
Closed
#128 locksmith integration
Closed
#76 Provide a way for users to set env vars inside of the enclave
Closed
#56 add parser for Procfile
Closed
#23 build module that can offload builds to other servers
Closed
#125 web UI does not reload content when it's changed on the backend
Closed
#124 insufficient documentation on how to debug
Closed
#127 caution init uses binary instead of run, leading to files being left out of EIF
Closed
#126 make the ENVIRONMENT variable inverted
Closed
#114 Email confirmation
Closed
#113 Make it so app source can specify a branch
Closed
#85 Upgrade auth to http only cookie
Closed
#93 make user verification optional for dev
Closed
#75 Add Start/Stop controls for apps
Closed
#89 If app crashes, don't wait for healthcheck to time out
Closed
#77 Enforce specific types of signing devices (attested passkeys)
Closed
#40 admin dash
Closed
#87 Can't use _ in app name
Closed
#74 Use directory name as default app name during caution init
Closed
#73 Streamline managed on-prem deployments
Closed
#72 Review "allow-serialization" risk
Closed
#70 App resources not updating on instance size adjustments
Closed
#59 hashlock everything
Closed
#68 switch to using a separate domain for development
Closed
#58 switch frontend containerfile to stagex
Closed
#67 display instance info in the UI
Closed
#65 create a reusable component for attestations using vanilla js
Closed
#63 switch object IDs (like resource-<>) to random values
Closed
#53 give user easy way to generate aws iam role for managed on prem
Closed
#2 add support for TLS termination inside of the enclave
Closed
#55 show attestation information in web app
Closed
#33 after deploy, reproduce
Closed
#42 warn user when they try to deploy eif with too little ram
Closed
#46 wait for attestation health endpoint to come up before returning successful deployment command to user
Closed
#28 generate user SSH key for ec2 debugging via TF
Closed
#32 caution commands should request login if auth expired
Closed
#52 add app source flags to caution verify --reproduce
Closed
#41 get cache size, clean cache commands
Closed
#50 persist host keys for git/ssh
Closed
#47 allow use of private code for reproductions (caution verify --reproduce --app-source
Closed
#49 enclave_source not working properly
Closed
#21 fix --beta-code
Closed
#45 cution init creates app in pending state
Closed
#48 caution apps get should check if the user is in a caution repo and auto fetch
Closed
#10 add support for building cli for aarch64 (macos)
Closed
#11 check auth for different endpoints
Closed
#8 finalize SSH implementation
Closed
#1 allow users to select instance size
Closed
#30 add cd hello-world-enclave command to quick start
Closed
#36 implement FIDO signing
Closed
#6 add FIDO gating for endpoints, with signed requests
Closed
#31 when using key-add, offer adding default of generating key
Closed
#34 ssh-key add missing help fields
Closed
#39 add loader for --reproduce
Closed
#38 clean up messaging after caution init cmnd
Closed
#29 Remove "welcome" page after registration
Closed
#24 redirect user to login page when session is expired
Closed
#7 warn user if mem/cpu seems low based on eif image size
Closed
#25 more flexible networking
Closed
#35 failed deploy does not clean up pending resources in the db
Closed
#27 If FIDO2 detection fails when the code is used, the code is burned
Closed
#12 check what AWS limits can be increased to for EC2, VPC and Organization Accounts
Closed
#16 Split "First-Time Setup" section
Closed
#17 Clarify "Running the Bootstrap" section
Closed
#18 Update the Prerequisites section
Closed
#19 Add "After Bootstrap Completes" section
Closed
#15 Clone and configure repository
Closed
#20 Create an Admin IAM User
Closed
#13 Make all links open in a new tab
Closed
#14 Enable AWS Organizations
Closed
#4 test caution verify --pcrs <...>
250 issues created by 9 users
Opened
#1 allow users to select instance size
Opened
#2 add support for TLS termination inside of the enclave
Opened
#3 add support for building cli for aarch64 (macos)
Opened
#4 test caution verify --pcrs <...>
Opened
#5 Add billing using paddle (done) and crypto support (backlog)
Opened
#6 add FIDO gating for endpoints, with signed requests
Opened
#7 warn user if mem/cpu seems low based on eif image size
Opened
#8 finalize SSH implementation
Opened
#9 Recovery codes --> backup strategy
Opened
#10 add support for building cli for aarch64 (macos)
Opened
#11 check auth for different endpoints
Opened
#12 check what AWS limits can be increased to for EC2, VPC and Organization Accounts
Opened
#13 Make all links open in a new tab
Opened
#14 Enable AWS Organizations
Opened
#15 Clone and configure repository
Opened
#16 Split "First-Time Setup" section
Opened
#17 Clarify "Running the Bootstrap" section
Opened
#18 Update the Prerequisites section
Opened
#19 Add "After Bootstrap Completes" section
Opened
#20 Create an Admin IAM User
Opened
#21 fix --beta-code
Opened
#23 build module that can offload builds to other servers
Opened
#24 redirect user to login page when session is expired
Opened
#25 more flexible networking
Opened
#26 add --simulate
Opened
#27 If FIDO2 detection fails when the code is used, the code is burned
Opened
#28 generate user SSH key for ec2 debugging via TF
Opened
#29 Remove "welcome" page after registration
Opened
#30 add cd hello-world-enclave command to quick start
Opened
#31 when using key-add, offer adding default of generating key
Opened
#32 caution commands should request login if auth expired
Opened
#33 after deploy, reproduce
Opened
#34 ssh-key add missing help fields
Opened
#35 failed deploy does not clean up pending resources in the db
Opened
#36 implement FIDO signing
Opened
#37 support for FIDO2 ssh keys
Opened
#38 clean up messaging after caution init cmnd
Opened
#39 add loader for --reproduce
Opened
#40 admin dash
Opened
#41 get cache size, clean cache commands
Opened
#42 warn user when they try to deploy eif with too little ram
Opened
#43 templating engine
Opened
#44 check hash of resources when they are downloaded
Opened
#45 cution init creates app in pending state
Opened
#46 wait for attestation health endpoint to come up before returning successful deployment command to user
Opened
#47 allow use of private code for reproductions (caution verify --reproduce --app-source
Opened
#48 caution apps get should check if the user is in a caution repo and auto fetch
Opened
#49 enclave_source not working properly
Opened
#50 persist host keys for git/ssh
Opened
#52 add app source flags to caution verify --reproduce
Opened
#53 give user easy way to generate aws iam role for managed on prem
Opened
#54 use proper key management service for encryption key for credentials
Opened
#55 show attestation information in web app
Opened
#56 add parser for Procfile
Opened
#57 allow user to build their own image
Opened
#58 switch frontend containerfile to stagex
Opened
#59 hashlock everything
Opened
#62 improve url handling for enclave_source url and app_source url
Opened
#63 switch object IDs (like resource-<>) to random values
Opened
#64 Prevent dangling domains by reserving elastic IPs
Opened
#65 create a reusable component for attestations using vanilla js
Opened
#66 pin all source hashes used internally for platform
Opened
#67 display instance info in the UI
Opened
#68 switch to using a separate domain for development
Opened
#70 App resources not updating on instance size adjustments
Opened
#72 Review "allow-serialization" risk
Opened
#73 Streamline managed on-prem deployments
Opened
#74 Use directory name as default app name during caution init
Opened
#75 Add Start/Stop controls for apps
Opened
#76 Provide a way for users to set env vars inside of the enclave
Opened
#77 Enforce specific types of signing devices (attested passkeys)
Opened
#78 store build logs in s3
Opened
#79 add session tracking
Opened
#80 add IP safelisting
Opened
#85 Upgrade auth to http only cookie
Opened
#86 Automatically figure out default run command based on containerfile
Opened
#87 Can't use _ in app name
Opened
#88 Improve error when pushing dirty branch
Opened
#89 If app crashes, don't wait for healthcheck to time out
Opened
#90 migrate Procfile to HCL
Opened
#92 add delete account option
Opened
#93 make user verification optional for dev
Opened
#96 write helpers for bumping stagex deps in Containerfiles
Opened
#97 any changes to enclave builder have to be hash locked with the platform to ensure reproducibility
Opened
#99 we should have signed requests implemented as an Axum extractor instead of implemented as an auth middleware
Opened
#103 Redeploy enclave on force-push
Opened
#110 replace packer binary
Opened
#111 Create Terraform modules for Caution apps
Opened
#113 Make it so app source can specify a branch
Opened
#114 Email confirmation
Opened
#115 External device storage
Opened
#116 Adding an SSH key should check for the existence of matching SSH keys before signing a POST
Opened
#117 Dismissable banner on the top of the page should be "above" the page
Opened
#118 btn-secondary is too not-evident that it's a UX item
Opened
#119 Log out should have a prompt, style change, or be moved
Opened
#121 caution init doesn't require staging and committing the Procfile
Opened
#122 No caution subcommand to (re)create the Procfile
Opened
#123 repository <repo> not found
Opened
#124 insufficient documentation on how to debug
Opened
#125 web UI does not reload content when it's changed on the backend
Opened
#126 make the ENVIRONMENT variable inverted
Opened
#127 caution init uses binary instead of run, leading to files being left out of EIF
Opened
#128 locksmith integration
Opened
#129 Remove busybox from everything
Opened
#130 LLM "skill" for caution platform
Opened
#132 Error tracking and logging
Opened
#133 Use spot instances for builders
Opened
#134 Add spinner for builder stage when deploying
Opened
#135 Fix builder timeout
Opened
#137 Update the contact link in the footer
Opened
#138 Delete alpha banners & tags from the dashboard
Opened
#139 Better UX for the pin CTA
Opened
#140 Concurrent sessions allowed across devices with no notification or revocation
Opened
#141 Web: Logging in w/o an account doesn't have any precheck to see if an account exists for key
Opened
#142 Optional email + explicit consent flow at signup
Opened
#143 Add explicit ToS + Privacy Notice acceptance at sign-up
Opened
#144 Update all website copy and links from alpha to GA
Opened
#146 Allow PIN toggle via for FIDO2 via CLI
Opened
#147 Loading section for components should only be shown if an empty list has not been rendered at least once
Opened
#148 Misleading error message when no credentials exist on a fresh instance
Opened
#150 Support environment variable for --url
Opened
#154 Show data about storage
Opened
#155 When registering, informative modal about WebAuthn registration doesn't pop up
Opened
#156 Support multi-key registration
Opened
#157 Change the registration UI to explain security keys
Opened
#158 Fix session and CSRF cookie metadata to include Secure and SameSite=Strict
Opened
#159 caution register: handle errors gracefully on server
Opened
#160 Autoredirect from root to dashboard if logged in
Opened
#161 Return specialized error if SSH key is invalid
Opened
#162 init of a new app puts the app into a deploying state, blocking git push
Opened
#163 Can't destroy existing instance of app without deleting the entire app
Opened
#164 Display account ID in settings, and have CLI option to retrieve
Opened
#165 5 day warning for projected account spend to reach 0
Opened
#166 Wishlist: Admin Dashboard
Opened
#167 Ledger has short term memory loss
Opened
#168 Add navigation history and pseudo URLs for sections of dashboard
Opened
#169 Caution dashboard attestation sends invalid payload to enclave
Opened
#170 Applications don't show up in dashboard or CLI if they are destroyed, but not deleted
Opened
#171 Add setup to backup database and schedule weekly checks to ensure backups are valid
Opened
#172 Set up the Paddle backend - add products to Paddle
Opened
#173 Change registration language to explain the registration with passkey / security keys
Opened
#174 Add Apple pay domain association file
Opened
#175 Implement a full ToS/Privacy acceptance flow via CLI
Opened
#180 Allow to optionally add email during the registration
Opened
#182 Fix/finalize billing
Opened
#187 Show that YubiKey is needed in UI
Opened
#188 Redeem Option / Credit Option
Opened
#189 Indicate time needed for Deployment
Opened
#190 Offer Containerfile for CLI
Opened
#191 Attestation URL is Misleading
Opened
#192 Cost is not clear(!)
Opened
#193 Unable to use Domain and CPU/Memory Feature
Opened
#194 Deployments that are terminated vanish in an unclear pattern
Opened
#195 Billing of Builder
Opened
#196 EU-Zone Privacy
Opened
#197 Disk size is not shown
Opened
#198 Show Times in User Timezone and Locale (such as Created)
Opened
#199 Add CPU limit per user
Opened
#200 Save platfrom docker logs to persist between teardowns
Opened
#201 Alpha Title in Dashboard
Opened
#202 IPv6 EC2
Opened
#207 cli/README moderate trust workflow blocks
Opened
#211 cli/README Zero Trust : review source
Opened
#213 cli/README Zero Trust : reproduce binaries
Opened
#216 Enclave boot speed needs to be much faster
Opened
#217 WebAuthn option not documented in cli --help
Opened
#219 Rename or split cli --qr option
Opened
#220 git push caution main No Procfile found after commit
Opened
#221 caution verify suggests a subcommand that is not supported
Opened
#224 provide caution keyserver fingerprint out of band
Opened
#225 Add binary to PATH with make install-cli or add documentation
Opened
#226 Builder script crashes: Image 'app-image' not found
Opened
#227 Improve quickstart full-managed docs
Opened
#228 Builder termination outside of SSH
Opened
#229 Procfile no_cache feature does not work
Opened
#230 Codebase Refactors
Opened
#233 Observability Into Builders
Opened
#238 Consider renaming the caution git remote
Opened
#240 Move prod server to using instance profile rather than creds
Opened
#241 Add npm audit before deploy and block on high and crits
Opened
#243 Test locksmith cli on MacOS
Opened
#244 Ensure byoc enclaves are shutd down on cancel
Opened
#245 Adding credits doesn't remove credit exhaustion lock
Opened
#247 Add instrumentation for error notifications
Opened
#248 Host a Cargo cache alongside the application so we're not hammering crates.io
Opened
#249 Optimize tofu init
Opened
#250 Prebuild EnclaveOS components
Opened
#251 CPU count is tied to RAM - simplify caution.hcl?
Opened
#253 caution login --qr web page returns 404
Opened
#254 Fresh deployments fail health check, possible after internal attestation port move to 49502
Opened
#255 Request additional resource limit increase with AWS
Opened
#256 Port 49500 not reachable externally (possibly after reserved port migration)
Opened
#259 Update cli docs to reflect current state
Opened
#260 Script for rotating db encryption key
Opened
#261 caution secret new[-keyring]: allow specifying key fingerprint and WKD
Opened
#265 http_port app port exposed publicly via vsock proxy — bypasses Caddy TLS
Opened
#266 Native unixsock/tcp tunnel between client and platform
Opened
#268 Ensure manifest is signed by enclave key
Opened
#270 Send notification email to user when credits are running low
Opened
#272 Steve only forwards to apps on port 8083
Opened
#273 billing URL suggested by cli returns Server Not Found
Opened
#274 caution verify --from-local doesn't account for git untracked files
Opened
#278 Move steve and locksmith from ENV vars into code level
Opened
#281 Allow apps destroy via ssh, rather than passkey-based auth
Opened
#284 Add ability to add new users
Opened
#288 demo-hello-world-enclave does not pass caution verify attestation
Opened
#289 cli output suggests two different caution verify commands
Opened
#291 Users sometimes end up with negative balances
Opened
#292 Resources don't get torn down when user runs out of credits
Opened
#293 caution verify fetches attestation using unencrypted http
Opened
#294 source reproduction can default to unencrypted http
Opened
#296 Improve billing page UI
Opened
#299 caution apps build fails for locksmith-enabled apps (keyforkd missing tokio/sync)
Opened
#301 Remove auto top up code as it's not working
Opened
#304 caution verify hangs on non-existent Codeberg repo (401 credential prompt)
Opened
#306 Dashboard details must display when debug mode is active
Opened
#307 Applications with "failed" or "terminated" deployment states should be hidden or removable
Opened
#308 Oops, All Gateway! Remove the frontend as a distinct component.
Opened
#309 Deploying two builds at once doesn't lead to an error
Opened
#310 Add automated path support for local installs for CLI
Opened
#311 Add servicequotas:GetServiceQuota to the caution-platform IAM role in dev and prod
Opened
#312 Infrastructure Management Checklist
Opened
#315 Pricing: Update margins for fully-managed, pricing for BYOC
Opened
#319 HCL migration : unit.args and unit.env are ignored at deploy
Opened
#320 User should be logged in when running caution init --byoc
Opened
#321 caution init --byoc does not generate caution.hcl
Opened
#322 CLI breaks on git push... when using caution.hcl
Opened
#323 Support deploying many apps using BYOC
Opened
#325 Error when trying to deploy to fully managed
Opened
#326 No proper error handling for failed commit pulls from upstream
Opened
#329 Provide input values to Tofu using an hcl-rs-generated tfvars
Opened
#330 Remove build.binary. It can be a two liner Dockerfile if absolutely necessary
Opened
#331 Store PCRs after building enclave, use stored PCRs when checking attestation on dashboard
Opened
#332 Credit suspension targets machines by Name=resource_name, should be ResourceId=resource_id
Opened
#333 Collection when resources are terminated only runs if resources run for longer than an hour
Opened
#334 Add throttling for email verification
Opened
#335 AWS Cost Explorer? More Like AWS Cost Exploder. Remove it.
Opened
#336 Split QR login tokens based on requester and requestee
Opened
#339 Rewrite installation instructions using new build patterns
Opened
#343 caution verify hangs silently at "Reproducing enclave image" when codeberg.org is not in known_hosts
Opened
#344 Git remote URL generated with duplicate port (2222:2222) in both dashboard and caution init output
Opened
#346 Fail early when caution verify is too old for the remote attestation
Opened
#347 Investigate to ensure fully managed reservations are being released properly
Opened
#348 Git 2.55.0 will disable non-color terminal escape codes
Opened
#349 Implement a Keymaker Proxy, and actually make use of Ingress cidr_ipv4
Opened
#354 No-op push can silently deploy the wrong branch
Opened
#366 QR login is not phishing-resistant: victim session delivered to attacker-initiator (approver↔initiator binding)
Opened
#368 Re-acceptance flow when Terms of Service or Privacy Notice are updated
Opened
#376 run_with_timeout is sync, should be async
Opened
#377 Add opt-in Sentry error reporting for platform services and dashboard