# Pitfall Log Project: firebase/firebase-tools Summary: Found 26 structured pitfall item(s), including 6 high/blocking item(s). Top priority: Installation risk - Installation risk requires verification. ## 1. Installation risk - Installation risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_4f2a1ec2bb424d1686851f68154c4080 | https://github.com/firebase/firebase-tools/issues/10591 ## 2. Installation risk - Installation risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_84267a150a9947d2be48a0fed4c04fba | https://github.com/firebase/firebase-tools/issues/10585 ## 3. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Developers should check this security_permissions risk before relying on the project: Support loose binding / aliasing for existing GCP Secrets in `defineSecret` - User impact: Developers may expose sensitive permissions or credentials: Support loose binding / aliasing for existing GCP Secrets in `defineSecret` - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Support loose binding / aliasing for existing GCP Secrets in `defineSecret`. Context: Observed when using docker - Guardrail: Do not recommend enabling privileged or credential-bearing paths until the source-backed risk is reviewed: https://github.com/firebase/firebase-tools/issues/10597 - Evidence: failure_mode_cluster:github_issue | fmev_99c9e511eabefddccfad471be174c50f | https://github.com/firebase/firebase-tools/issues/10597 ## 4. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Developers should check this security_permissions risk before relying on the project: functions emulator: "Failed to load function" intermittent failure with no diagnostic information - User impact: Developers may expose sensitive permissions or credentials: functions emulator: "Failed to load function" intermittent failure with no diagnostic information - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: functions emulator: "Failed to load function" intermittent failure with no diagnostic information. Context: Observed when using windows, macos, linux - Guardrail: Do not recommend enabling privileged or credential-bearing paths until the source-backed risk is reviewed: https://github.com/firebase/firebase-tools/issues/10585 - Evidence: failure_mode_cluster:github_issue | fmev_441197228e621e13cb5b731e277d1106 | https://github.com/firebase/firebase-tools/issues/10585 ## 5. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_c546fc217e664baa87450621587fee31 | https://github.com/firebase/firebase-tools/issues/10590 ## 6. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_6d785c6692184850a18951f28749620f | https://github.com/firebase/firebase-tools/issues/10597 ## 7. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: [cloud functions for dart] Allow functions in a folder different than "bin" to workaround build hook issues - User impact: Developers may fail before the first successful local run: [cloud functions for dart] Allow functions in a folder different than "bin" to workaround build hook issues - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [cloud functions for dart] Allow functions in a folder different than "bin" to workaround build hook issues. Context: Observed when using linux - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_caf934975aa33855b8941b352a3e56ef | https://github.com/firebase/firebase-tools/issues/10591 ## 8. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: v15.11.0 - User impact: Upgrade or migration may change expected behavior: v15.11.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.11.0. Context: Observed when using macos - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_f32bcea39b7c3fc39503955cd4dcec71 | https://github.com/firebase/firebase-tools/releases/tag/v15.11.0 ## 9. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: v15.12.0 - User impact: Upgrade or migration may change expected behavior: v15.12.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.12.0. Context: Observed during installation or first-run setup. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_b1e3fdd4c3a2c14194df3ccdd059cdff | https://github.com/firebase/firebase-tools/releases/tag/v15.12.0 ## 10. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: v15.18.0 - User impact: Upgrade or migration may change expected behavior: v15.18.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.18.0. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_37e78bf4fc82806298e92f88c2607e5f | https://github.com/firebase/firebase-tools/releases/tag/v15.18.0 ## 11. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: Cloud Functions v1 LIST API regression — "Precondition check failed" 400 blocks ALL deploys for gen2-only projects (24h+ active) - User impact: Developers may misconfigure credentials, environment, or host setup: Cloud Functions v1 LIST API regression — "Precondition check failed" 400 blocks ALL deploys for gen2-only projects (24h+ active) - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Cloud Functions v1 LIST API regression — "Precondition check failed" 400 blocks ALL deploys for gen2-only projects (24h+ active). Context: Observed when using python - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_db6c88f426952b1deb5160d624950d65 | https://github.com/firebase/firebase-tools/issues/10590 ## 12. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: Project restored but still showing PROJECT_SOFT_DELETED - Firestore deleted, Auth broken - User impact: Developers may misconfigure credentials, environment, or host setup: Project restored but still showing PROJECT_SOFT_DELETED - Firestore deleted, Auth broken - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Project restored but still showing PROJECT_SOFT_DELETED - Firestore deleted, Auth broken. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_f7d5bb1217b384d360f1543ca266b21c | https://github.com/firebase/firebase-tools/issues/10603 ## 13. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: v15.14.0 - User impact: Upgrade or migration may change expected behavior: v15.14.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.14.0. Context: Observed during version upgrade or migration. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_60236fd3dad5a5040b9cbf6452d0cdcb | https://github.com/firebase/firebase-tools/releases/tag/v15.14.0 ## 14. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: v15.17.0 - User impact: Upgrade or migration may change expected behavior: v15.17.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.17.0. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_e60ef8279de95a9fad16eb03d7dd7455 | https://github.com/firebase/firebase-tools/releases/tag/v15.17.0 ## 15. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: v15.19.0 - User impact: Upgrade or migration may change expected behavior: v15.19.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.19.0. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_4a54c5d21d0ccd1ce16d05e582be6ce2 | https://github.com/firebase/firebase-tools/releases/tag/v15.19.0 ## 16. Capability evidence risk - Capability evidence risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: README/documentation is current enough for a first validation pass. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: capability.assumptions | npm_package:firebase-tools | https://www.npmjs.com/package/firebase-tools ## 17. Runtime risk - Runtime risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this runtime risk before relying on the project: v15.16.0 - User impact: Upgrade or migration may change expected behavior: v15.16.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.16.0. Context: Observed when using node, python - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_a949aa963c0429ecb066ee6f630c1995 | https://github.com/firebase/firebase-tools/releases/tag/v15.16.0 ## 18. Maintenance risk - Maintenance risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: evidence.maintainer_signals | npm_package:firebase-tools | https://www.npmjs.com/package/firebase-tools ## 19. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: no_demo - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: downstream_validation.risk_items | npm_package:firebase-tools | https://www.npmjs.com/package/firebase-tools ## 20. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: no_demo - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: risks.scoring_risks | npm_package:firebase-tools | https://www.npmjs.com/package/firebase-tools ## 21. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_26f71b583fb244da9b6f3616e3908266 | https://github.com/firebase/firebase-tools/issues/10603 ## 22. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: issue_or_pr_quality=unknown。 - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: evidence.maintainer_signals | npm_package:firebase-tools | https://www.npmjs.com/package/firebase-tools ## 23. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: release_recency=unknown。 - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: evidence.maintainer_signals | npm_package:firebase-tools | https://www.npmjs.com/package/firebase-tools ## 24. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: Developers should check this maintenance risk before relying on the project: v15.13.0 - User impact: Upgrade or migration may change expected behavior: v15.13.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.13.0. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_818089584768470c31eb75ebd10e629b | https://github.com/firebase/firebase-tools/releases/tag/v15.13.0 ## 25. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: Developers should check this maintenance risk before relying on the project: v15.15.0 - User impact: Upgrade or migration may change expected behavior: v15.15.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.15.0. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_91f6177d89e9dba6ecd4adc734b5469a | https://github.com/firebase/firebase-tools/releases/tag/v15.15.0 ## 26. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: Developers should check this maintenance risk before relying on the project: v15.19.1 - User impact: Upgrade or migration may change expected behavior: v15.19.1 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v15.19.1. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_e9a996709ca8368e88873cb90407e793 | https://github.com/firebase/firebase-tools/releases/tag/v15.19.1