# Pitfall Log

Project: joshuaswarren/remnic

Summary: Found 29 structured pitfall item(s), including 2 high/blocking item(s). Top priority: Security or permission risk - Security or permission risk requires verification.

## 1. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: FallbackLlmClient rejects OAuth-only providers (openai) before runtime auth resolution
- User impact: Developers may expose sensitive permissions or credentials: FallbackLlmClient rejects OAuth-only providers (openai) before runtime auth resolution
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1478

## 2. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: [Windows] QMD probe fails: launchProcess() uses bare spawn() without shell:true — all qmd launch forms (sh/.cmd/JS) error
- User impact: Developers may expose sensitive permissions or credentials: [Windows] QMD probe fails: launchProcess() uses bare spawn() without shell:true — all qmd launch forms (sh/.cmd/JS) error
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1476

## 3. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: plugin-pi: stale ctx error after session replacement/reload (post-await ctx access in event + command handlers)
- User impact: Developers may fail before the first successful local run: plugin-pi: stale ctx error after session replacement/reload (post-await ctx access in event + command handlers)
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1481

## 4. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/joshuaswarren/remnic/issues/1474

## 5. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/joshuaswarren/remnic/issues/1476

## 6. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/joshuaswarren/remnic/issues/1481

## 7. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.host_targets | https://github.com/joshuaswarren/remnic

## 8. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Day Summary cron job does not reconcile model config on plugin startup
- User impact: Developers may misconfigure credentials, environment, or host setup: Day Summary cron job does not reconcile model config on plugin startup
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1474

## 9. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Day Summary cron timezone is not configurable (uses server timezone)
- User impact: Developers may misconfigure credentials, environment, or host setup: Day Summary cron timezone is not configurable (uses server timezone)
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1475

## 10. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Flush plan: models hallucinate 'memory-candidates/' paths and flush-plan.md grows indefinitely
- User impact: Developers may misconfigure credentials, environment, or host setup: Flush plan: models hallucinate 'memory-candidates/' paths and flush-plan.md grows indefinitely
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1483

## 11. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: LCM summarizer bypasses taskModelChain, falls back to gateway default model chain
- User impact: Developers may misconfigure credentials, environment, or host setup: LCM summarizer bypasses taskModelChain, falls back to gateway default model chain
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1473

## 12. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v9.3.639
- User impact: Upgrade or migration may change expected behavior: v9.3.639
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.639

## 13. Capability evidence risk - Capability evidence risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.assumptions | https://github.com/joshuaswarren/remnic

## 14. Maintenance risk - Maintenance risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/joshuaswarren/remnic

## 15. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: downstream_validation.risk_items | https://github.com/joshuaswarren/remnic

## 16. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: risks.scoring_risks | https://github.com/joshuaswarren/remnic

## 17. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/joshuaswarren/remnic/issues/1478

## 18. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/joshuaswarren/remnic/issues/1483

## 19. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/joshuaswarren/remnic/issues/1473

## 20. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: Make context recall append instead of prepend
- User impact: Developers may hit a documented source-backed failure mode: Make context recall append instead of prepend
- Evidence: failure_mode_cluster:github_issue | https://github.com/joshuaswarren/remnic/issues/1479

## 21. Runtime risk - Runtime risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this performance risk before relying on the project: v9.3.643
- User impact: Upgrade or migration may change expected behavior: v9.3.643
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.643

## 22. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/joshuaswarren/remnic

## 23. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/joshuaswarren/remnic

## 24. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v9.3.636
- User impact: Upgrade or migration may change expected behavior: v9.3.636
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.636

## 25. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v9.3.637
- User impact: Upgrade or migration may change expected behavior: v9.3.637
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.637

## 26. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v9.3.638
- User impact: Upgrade or migration may change expected behavior: v9.3.638
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.638

## 27. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v9.3.640
- User impact: Upgrade or migration may change expected behavior: v9.3.640
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.640

## 28. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v9.3.641
- User impact: Upgrade or migration may change expected behavior: v9.3.641
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.641

## 29. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v9.3.642
- User impact: Upgrade or migration may change expected behavior: v9.3.642
- Evidence: failure_mode_cluster:github_release | https://github.com/joshuaswarren/remnic/releases/tag/v9.3.642