# Pitfall Log

Project: silverstein/minutes

Summary: Found 34 structured pitfall item(s), including 4 high/blocking item(s). Top priority: Security or permission risk - Security or permission risk requires verification.

## 1. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: CGEventTap leak: long-running app accumulates 512+ disabled taps, exhausting the system tap table (breaks screenshots system-wide)
- User impact: Developers may expose sensitive permissions or credentials: CGEventTap leak: long-running app accumulates 512+ disabled taps, exhausting the system tap table (breaks screenshots system-wide)
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/488

## 2. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: Input Monitoring probe: don't cache a transient first-probe timeout as a false "restart needed"
- User impact: Developers may expose sensitive permissions or credentials: Input Monitoring probe: don't cache a transient first-probe timeout as a false "restart needed"
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/501

## 3. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/362

## 4. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: packet_text.keyword_scan | https://github.com/silverstein/minutes

## 5. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: Recall chat panel text is not selectable or copyable (inherits body `user-select: none`)
- User impact: Developers may fail before the first successful local run: Recall chat panel text is not selectable or copyable (inherits body `user-select: none`)
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/490

## 6. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: system_audio_record in Minutes 0.22.0 is built for macOS 26 and crashes on macOS 15
- User impact: Developers may fail before the first successful local run: system_audio_record in Minutes 0.22.0 is built for macOS 26 and crashes on macOS 15
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/494

## 7. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.18.13
- User impact: Upgrade or migration may change expected behavior: v0.18.13
- Evidence: failure_mode_cluster:github_release | https://github.com/silverstein/minutes/releases/tag/v0.18.13

## 8. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.18.14
- User impact: Upgrade or migration may change expected behavior: v0.18.14
- Evidence: failure_mode_cluster:github_release | https://github.com/silverstein/minutes/releases/tag/v0.18.14

## 9. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.19.0: Sherpa SOTA engine + sensitivity enforcement
- User impact: Upgrade or migration may change expected behavior: v0.19.0: Sherpa SOTA engine + sensitivity enforcement
- Evidence: failure_mode_cluster:github_release | https://github.com/silverstein/minutes/releases/tag/v0.19.0

## 10. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.20.0: Dictation at your cursor, in-app Documents, honest degradation
- User impact: Upgrade or migration may change expected behavior: v0.20.0: Dictation at your cursor, in-app Documents, honest degradation
- Evidence: failure_mode_cluster:github_release | https://github.com/silverstein/minutes/releases/tag/v0.20.0

## 11. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v0.21.0
- User impact: Upgrade or migration may change expected behavior: v0.21.0
- Evidence: failure_mode_cluster:github_release | https://github.com/silverstein/minutes/releases/tag/v0.21.0

## 12. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/492

## 13. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/62

## 14. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/490

## 15. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/496

## 16. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/494

## 17. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.host_targets | https://github.com/silverstein/minutes

## 18. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Configured "Your Name" is ignored for solo recordings — self-name normalization is gated behind calendar attendees
- User impact: Developers may misconfigure credentials, environment, or host setup: Configured "Your Name" is ignored for solo recordings — self-name normalization is gated behind calendar attendees
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/491

## 19. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Native in-app chat panel for Recall (replace embedded terminal for non-developer users)
- User impact: Developers may misconfigure credentials, environment, or host setup: Native in-app chat panel for Recall (replace embedded terminal for non-developer users)
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/362

## 20. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Onboarding: "10-second test recording" reads like voice enrollment but isn't — no post-Stop feedback and no desktop enrollment path
- User impact: Developers may misconfigure credentials, environment, or host setup: Onboarding: "10-second test recording" reads like voice enrollment but isn't — no post-Stop feedback and no desktop enrollment path
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/492

## 21. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: PipeWire auto-detection for --call on Linux
- User impact: Developers may misconfigure credentials, environment, or host setup: PipeWire auto-detection for --call on Linux
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/62

## 22. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: [Epic] First-class voice enrollment (active + passive + on-device)
- User impact: Developers may misconfigure credentials, environment, or host setup: [Epic] First-class voice enrollment (active + passive + on-device)
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/496

## 23. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: speaker mapping fails with "Unknown engine: apple" when summarization.engine = "apple" (v0.21.0 #439 follow-up)
- User impact: Developers may misconfigure credentials, environment, or host setup: speaker mapping fails with "Unknown engine: apple" when summarization.engine = "apple" (v0.21.0 #439 follow-up)
- Evidence: failure_mode_cluster:github_issue | https://github.com/silverstein/minutes/issues/487

## 24. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/487

## 25. Capability evidence risk - Capability evidence risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.assumptions | https://github.com/silverstein/minutes

## 26. Runtime risk - Runtime risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this runtime risk before relying on the project: Minutes v0.22.0
- User impact: Upgrade or migration may change expected behavior: Minutes v0.22.0
- Evidence: failure_mode_cluster:github_release | https://github.com/silverstein/minutes/releases/tag/v0.22.0

## 27. Maintenance risk - Maintenance risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/silverstein/minutes

## 28. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: downstream_validation.risk_items | https://github.com/silverstein/minutes

## 29. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: risks.scoring_risks | https://github.com/silverstein/minutes

## 30. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/488

## 31. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/491

## 32. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/silverstein/minutes/issues/501

## 33. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/silverstein/minutes

## 34. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/silverstein/minutes
