# Pitfall Log Project: OpenHands/OpenHands Summary: Found 33 structured pitfall item(s), including 6 high/blocking item(s). Top priority: Installation risk - Installation risk requires verification. ## 1. Installation risk - Installation risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/13827 ## 2. Installation risk - Installation risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/13647 ## 3. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Developers should check this security_permissions risk before relying on the project: [Bug] Conversation polling fails with ValidationError when secrets contain null values - User impact: Developers may expose sensitive permissions or credentials: [Bug] Conversation polling fails with ValidationError when secrets contain null values - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/12714 ## 4. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Developers should check this security_permissions risk before relying on the project: [Feature]: Docker / Docker Compose Instructions - User impact: Developers may expose sensitive permissions or credentials: [Feature]: Docker / Docker Compose Instructions - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/14882 ## 5. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/14912 ## 6. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/14882 ## 7. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: runtime_trace - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Repro command: `docker run -it --rm -p 8000:8000 -v "$HOME/.openhands:/home/openhands/.openhands" -v "${PROJECTS_PATH}:/projects" ghcr.io/openhands/agent-canvas:1.0.0-rc.11` - Evidence: identity.distribution | https://github.com/OpenHands/OpenHands ## 8. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: 1.5.0 - 2026-03-11 - User impact: Upgrade or migration may change expected behavior: 1.5.0 - 2026-03-11 - Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.5.0 ## 9. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: 1.6.0 - 2026-03-30 - User impact: Upgrade or migration may change expected behavior: 1.6.0 - 2026-03-30 - Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.6.0 ## 10. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: 1.7.0 - 2026-05-01 - User impact: Upgrade or migration may change expected behavior: 1.7.0 - 2026-05-01 - Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.7.0 ## 11. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: Improve timeout handling and feedback for slow local LLMs - User impact: Developers may fail before the first successful local run: Improve timeout handling and feedback for slow local LLMs - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/8768 ## 12. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: Self-hosting OpenHands - User impact: Developers may fail before the first successful local run: Self-hosting OpenHands - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/13827 ## 13. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: [Bug]: Pending Messages Not Sent After Conversation Is Ready - User impact: Developers may fail before the first successful local run: [Bug]: Pending Messages Not Sent After Conversation Is Ready - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/13716 ## 14. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: [Bug]: Self-hosted UI remains stuck on “Starting” / “Loading...” even though app-conversation start task is READY and backend conversation is IDLE - User impact: Developers may fail before the first successful local run: [Bug]: Self-hosted UI remains stuck on “Starting” / “Loading...” even though app-conversation start task is READY and backend conversation is IDLE - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/13647 ## 15. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/8768 ## 16. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/13716 ## 17. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: capability.host_targets | https://github.com/OpenHands/OpenHands ## 18. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: 1.2.0 - 2026-01-15 - User impact: Upgrade or migration may change expected behavior: 1.2.0 - 2026-01-15 - Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.2.0 ## 19. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: 1.3.0 - 2026-02-02 - User impact: Upgrade or migration may change expected behavior: 1.3.0 - 2026-02-02 - Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.3.0 ## 20. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: Port Jira Data Center Integration to Plugin Architecture - User impact: Developers may misconfigure credentials, environment, or host setup: Port Jira Data Center Integration to Plugin Architecture - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/12976 ## 21. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: [Enterprise] Admin setting for auto-delete of inactive user data after X days - User impact: Developers may misconfigure credentials, environment, or host setup: [Enterprise] Admin setting for auto-delete of inactive user data after X days - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/12656 ## 22. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: [Feature]: option to send message when pressing enter, not create a new line - User impact: Developers may misconfigure credentials, environment, or host setup: [Feature]: option to send message when pressing enter, not create a new line - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/14861 ## 23. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/14148 ## 24. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/12976 ## 25. Capability evidence risk - Capability evidence risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: README/documentation is current enough for a first validation pass. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: capability.assumptions | https://github.com/OpenHands/OpenHands ## 26. Maintenance risk - Maintenance risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this migration risk before relying on the project: 1.8.0 - 2026-06-10 - User impact: Upgrade or migration may change expected behavior: 1.8.0 - 2026-06-10 - Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.8.0 ## 27. Maintenance risk - Maintenance risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this migration risk before relying on the project: [Feature]: Introduce support for displaying queued messages in the conversation UI - User impact: Developers may hit a documented source-backed failure mode: [Feature]: Introduce support for displaying queued messages in the conversation UI - Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/14181 ## 28. Maintenance risk - Maintenance risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: evidence.maintainer_signals | https://github.com/OpenHands/OpenHands ## 29. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: no_demo - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: downstream_validation.risk_items | https://github.com/OpenHands/OpenHands ## 30. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: no_demo - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: risks.scoring_risks | https://github.com/OpenHands/OpenHands ## 31. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/12714 ## 32. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: issue_or_pr_quality=unknown。 - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: evidence.maintainer_signals | https://github.com/OpenHands/OpenHands ## 33. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: release_recency=unknown。 - User impact: May increase setup, validation, or first-run risk for the user. - Evidence: evidence.maintainer_signals | https://github.com/OpenHands/OpenHands