# Pitfall Log

Project: n0mad-ai/bastra-recall

Summary: Found 32 structured pitfall item(s), including 1 high/blocking item(s). Top priority: Security or permission risk - Security or permission risk requires verification.

## 1. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/140

## 2. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: brew install fails on untrusted tap — docs and Install.command miss the new 'brew trust' step
- User impact: Developers may fail before the first successful local run: brew install fails on untrusted tap — docs and Install.command miss the new 'brew trust' step
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/182

## 3. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: homebrew formula build fails — builds only the daemon workspace, core/statusline dist missing from the tarball
- User impact: Developers may fail before the first successful local run: homebrew formula build fails — builds only the daemon workspace, core/statusline dist missing from the tarball
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/184

## 4. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: install via npx registers the forwarder path inside the ephemeral npx cache
- User impact: Developers may fail before the first successful local run: install via npx registers the forwarder path inside the ephemeral npx cache
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/180

## 5. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: install: first-run wall — 'vault path required' error instead of a guided vault choice
- User impact: Developers may fail before the first successful local run: install: first-run wall — 'vault path required' error instead of a guided vault choice
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/178

## 6. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: test: verify the Ollama fresh-install (brew) path on a clean macOS env
- User impact: Developers may fail before the first successful local run: test: verify the Ollama fresh-install (brew) path on a clean macOS env
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/90

## 7. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: uninstall all: skill kept as 'shared with Claude Desktop' although Desktop was uninstalled in the same run
- User impact: Developers may fail before the first successful local run: uninstall all: skill kept as 'shared with Claude Desktop' although Desktop was uninstalled in the same run
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/181

## 8. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.6.0-beta.1
- User impact: Upgrade or migration may change expected behavior: v0.6.0-beta.1
- Evidence: failure_mode_cluster:github_release | https://github.com/n0mad-ai/bastra-recall/releases/tag/v0.6.0-beta.1

## 9. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.6.5-beta.1
- User impact: Upgrade or migration may change expected behavior: v0.6.5-beta.1
- Evidence: failure_mode_cluster:github_release | https://github.com/n0mad-ai/bastra-recall/releases/tag/v0.6.5-beta.1

## 10. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.6.6-beta.1
- User impact: Upgrade or migration may change expected behavior: v0.6.6-beta.1
- Evidence: failure_mode_cluster:github_release | https://github.com/n0mad-ai/bastra-recall/releases/tag/v0.6.6-beta.1

## 11. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.7.0-beta.3
- User impact: Upgrade or migration may change expected behavior: v0.7.0-beta.3
- Evidence: failure_mode_cluster:github_release | https://github.com/n0mad-ai/bastra-recall/releases/tag/v0.7.0-beta.3

## 12. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.7.0-beta.5 — guided install + lifecycle wave C
- User impact: Upgrade or migration may change expected behavior: v0.7.0-beta.5 — guided install + lifecycle wave C
- Evidence: failure_mode_cluster:github_release | https://github.com/n0mad-ai/bastra-recall/releases/tag/v0.7.0-beta.5

## 13. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/182

## 14. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/184

## 15. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/180

## 16. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/178

## 17. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/90

## 18. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/181

## 19. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.host_targets | https://github.com/n0mad-ai/bastra-recall

## 20. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Vault self-audit surfaced as Markdown in the vault (Obsidian as the viewer) — conflicts, demand-gaps, dangling
- User impact: Developers may misconfigure credentials, environment, or host setup: Vault self-audit surfaced as Markdown in the vault (Obsidian as the viewer) — conflicts, demand-gaps, dangling
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/140

## 21. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: curator phase A: deterministic usage-driven staleness pass (score-only, idle-gated)
- User impact: Developers may misconfigure credentials, environment, or host setup: curator phase A: deterministic usage-driven staleness pass (score-only, idle-gated)
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/155

## 22. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: telemetry: per-memory usage sidecar — append-only aggregate of surfaced/loaded/acted_on
- User impact: Developers may misconfigure credentials, environment, or host setup: telemetry: per-memory usage sidecar — append-only aggregate of surfaced/loaded/acted_on
- Evidence: failure_mode_cluster:github_issue | https://github.com/n0mad-ai/bastra-recall/issues/154

## 23. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v0.7.0-beta.1 — Recall that proves itself
- User impact: Upgrade or migration may change expected behavior: v0.7.0-beta.1 — Recall that proves itself
- Evidence: failure_mode_cluster:github_release | https://github.com/n0mad-ai/bastra-recall/releases/tag/v0.7.0-beta.1

## 24. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v0.7.0-beta.4
- User impact: Upgrade or migration may change expected behavior: v0.7.0-beta.4
- Evidence: failure_mode_cluster:github_release | https://github.com/n0mad-ai/bastra-recall/releases/tag/v0.7.0-beta.4

## 25. Capability evidence risk - Capability evidence risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.assumptions | https://github.com/n0mad-ai/bastra-recall

## 26. Maintenance risk - Maintenance risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/n0mad-ai/bastra-recall

## 27. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: downstream_validation.risk_items | https://github.com/n0mad-ai/bastra-recall

## 28. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: risks.scoring_risks | https://github.com/n0mad-ai/bastra-recall

## 29. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/155

## 30. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/n0mad-ai/bastra-recall/issues/154

## 31. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/n0mad-ai/bastra-recall

## 32. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/n0mad-ai/bastra-recall
