# Pitfall Log / 踩坑日志 项目:JuliusBrussee/cavemem 摘要:发现 35 个潜在踩坑项,其中 8 个为 high/blocking;最高优先级:安装坑 - 来源证据:Codex installer is out of date。 ## 1. 安装坑 · 来源证据:Codex installer is out of date - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:Codex installer is out of date - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/17 | 来源讨论提到 npm 相关条件,需在安装/试用前复核。 ## 2. 安装坑 · 来源证据:cavemem start fails with spawn EFTYPE on Windows - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:cavemem start fails with spawn EFTYPE on Windows - 对用户的影响:可能阻塞安装或首次运行。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/11 | 来源讨论提到 node 相关条件,需在安装/试用前复核。 ## 3. 配置坑 · 来源证据:session-start: prior-session context not scoped to cwd, leaks across unrelated projects - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个配置相关的待验证问题:session-start: prior-session context not scoped to cwd, leaks across unrelated projects - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/39 | 来源讨论提到 node 相关条件,需在安装/试用前复核。 ## 4. 安全/权限坑 · 失败模式:security_permissions: No per-tool capture allowlist/matcher: sensitive MCP tool I/O captured by default - 严重度:high - 证据强度:source_linked - 发现:Developers should check this security_permissions risk before relying on the project: No per-tool capture allowlist/matcher: sensitive MCP tool I/O captured by default - 对用户的影响:Developers may expose sensitive permissions or credentials: No per-tool capture allowlist/matcher: sensitive MCP tool I/O captured by default - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/50 | No per-tool capture allowlist/matcher: sensitive MCP tool I/O captured by default ## 5. 安全/权限坑 · 失败模式:security_permissions: Windows: hook commands written with backslashes break under bash -c (path collapse to `C:User... - 严重度:high - 证据强度:source_linked - 发现:Developers should check this security_permissions risk before relying on the project: Windows: hook commands written with backslashes break under bash -c (path collapse to `C:Usershp...`) - 对用户的影响:Developers may expose sensitive permissions or credentials: Windows: hook commands written with backslashes break under bash -c (path collapse to `C:Usershp...`) - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/43 | Windows: hook commands written with backslashes break under bash -c (path collapse to `C:Usershp...`) ## 6. 安全/权限坑 · 失败模式:security_permissions: Worker HTTP viewer on 127.0.0.1:37777 is unauthenticated and serves decompressed memory - 严重度:high - 证据强度:source_linked - 发现:Developers should check this security_permissions risk before relying on the project: Worker HTTP viewer on 127.0.0.1:37777 is unauthenticated and serves decompressed memory - 对用户的影响:Developers may expose sensitive permissions or credentials: Worker HTTP viewer on 127.0.0.1:37777 is unauthenticated and serves decompressed memory - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/51 | Worker HTTP viewer on 127.0.0.1:37777 is unauthenticated and serves decompressed memory ## 7. 安全/权限坑 · 失败模式:security_permissions: privacy.excludePatterns is documented as enforced but is never read (matching paths still cap... - 严重度:high - 证据强度:source_linked - 发现:Developers should check this security_permissions risk before relying on the project: privacy.excludePatterns is documented as enforced but is never read (matching paths still captured) - 对用户的影响:Developers may expose sensitive permissions or credentials: privacy.excludePatterns is documented as enforced but is never read (matching paths still captured) - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/48 | privacy.excludePatterns is documented as enforced but is never read (matching paths still captured) ## 8. 安全/权限坑 · 失败模式:security_permissions: redactSecrets is a no-op: secrets in tool output are stored verbatim (no output-side scrubber) - 严重度:high - 证据强度:source_linked - 发现:Developers should check this security_permissions risk before relying on the project: redactSecrets is a no-op: secrets in tool output are stored verbatim (no output-side scrubber) - 对用户的影响:Developers may expose sensitive permissions or credentials: redactSecrets is a no-op: secrets in tool output are stored verbatim (no output-side scrubber) - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/49 | redactSecrets is a no-op: secrets in tool output are stored verbatim (no output-side scrubber) ## 9. 安装坑 · 失败模式:installation: Add Antigravity IDE support - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: Add Antigravity IDE support - 对用户的影响:Developers may fail before the first successful local run: Add Antigravity IDE support - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/38 | Add Antigravity IDE support ## 10. 安装坑 · 失败模式:installation: Add Trae SOLO IDE support - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: Add Trae SOLO IDE support - 对用户的影响:Developers may fail before the first successful local run: Add Trae SOLO IDE support - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/40 | Add Trae SOLO IDE support ## 11. 安装坑 · 失败模式:installation: Codex installer is out of date - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: Codex installer is out of date - 对用户的影响:Developers may fail before the first successful local run: Codex installer is out of date - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/17 | Codex installer is out of date ## 12. 安装坑 · 失败模式:installation: cavemem start fails with spawn EFTYPE on Windows - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: cavemem start fails with spawn EFTYPE on Windows - 对用户的影响:Developers may fail before the first successful local run: cavemem start fails with spawn EFTYPE on Windows - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/11 | cavemem start fails with spawn EFTYPE on Windows ## 13. 安装坑 · 失败模式:installation: cavemem v0.1.0 - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: cavemem v0.1.0 - 对用户的影响:Upgrade or migration may change expected behavior: cavemem v0.1.0 - 证据:failure_mode_cluster:github_release | https://github.com/JuliusBrussee/cavemem/releases/tag/v0.1.0 | cavemem v0.1.0 ## 14. 安装坑 · 失败模式:installation: cavemem v0.1.1 - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: cavemem v0.1.1 - 对用户的影响:Upgrade or migration may change expected behavior: cavemem v0.1.1 - 证据:failure_mode_cluster:github_release | https://github.com/JuliusBrussee/cavemem/releases/tag/v0.1.1 | cavemem v0.1.1 ## 15. 安装坑 · 失败模式:installation: v0.1.3 - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: v0.1.3 - 对用户的影响:Upgrade or migration may change expected behavior: v0.1.3 - 证据:failure_mode_cluster:github_release | https://github.com/JuliusBrussee/cavemem/releases/tag/v0.1.3 | v0.1.3 ## 16. 安装坑 · 失败模式:installation: v0.2.1 - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: v0.2.1 - 对用户的影响:Upgrade or migration may change expected behavior: v0.2.1 - 证据:failure_mode_cluster:github_release | https://github.com/JuliusBrussee/cavemem/releases/tag/v0.2.1 | v0.2.1 ## 17. 安装坑 · 来源证据:Add Antigravity IDE support - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:Add Antigravity IDE support - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/38 | 来源类型 github_issue 暴露的待验证使用条件。 ## 18. 安装坑 · 来源证据:Add Trae SOLO IDE support - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:Add Trae SOLO IDE support - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/40 | 来源类型 github_issue 暴露的待验证使用条件。 ## 19. 安装坑 · 来源证据:No per-tool capture allowlist/matcher: sensitive MCP tool I/O captured by default - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:No per-tool capture allowlist/matcher: sensitive MCP tool I/O captured by default - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/50 | 来源类型 github_issue 暴露的待验证使用条件。 ## 20. 安装坑 · 来源证据:Windows: hook commands written with backslashes break under bash -c (path collapse to `C:Usershp...`) - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:Windows: hook commands written with backslashes break under bash -c (path collapse to `C:Usershp...`) - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/43 | 来源讨论提到 node 相关条件,需在安装/试用前复核。 ## 21. 安装坑 · 来源证据:bug: better-sqlite3 native bindings fail on Node.js 26.0.0 (v147) - use bun:sqlite as fallback? - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:bug: better-sqlite3 native bindings fail on Node.js 26.0.0 (v147) - use bun:sqlite as fallback? - 对用户的影响:可能影响升级、迁移或版本选择。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/37 | 来源讨论提到 node 相关条件,需在安装/试用前复核。 ## 22. 安装坑 · 来源证据:privacy.excludePatterns is documented as enforced but is never read (matching paths still captured) - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:privacy.excludePatterns is documented as enforced but is never read (matching paths still captured) - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/48 | 来源类型 github_issue 暴露的待验证使用条件。 ## 23. 配置坑 · 可能修改宿主 AI 配置 - 严重度:medium - 证据强度:source_linked - 发现:项目面向 Claude/Cursor/Codex/Gemini/OpenCode 等宿主,或安装命令涉及用户配置目录。 - 对用户的影响:安装可能改变本机 AI 工具行为,用户需要知道写入位置和回滚方法。 - 证据:capability.host_targets | github_repo:1213956965 | https://github.com/JuliusBrussee/cavemem | host_targets=claude_code, claude, mcp_host, cursor, gemini_cli ## 24. 配置坑 · 来源证据:Cavemen with Opecode Desktop App on windows not working - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个配置相关的待验证问题:Cavemen with Opecode Desktop App on windows not working - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/45 | 来源讨论提到 windows 相关条件,需在安装/试用前复核。 ## 25. 能力坑 · 能力判断依赖假设 - 严重度:medium - 证据强度:source_linked - 发现:README/documentation is current enough for a first validation pass. - 对用户的影响:假设不成立时,用户拿不到承诺的能力。 - 证据:capability.assumptions | github_repo:1213956965 | https://github.com/JuliusBrussee/cavemem | README/documentation is current enough for a first validation pass. ## 26. 维护坑 · 失败模式:migration: bug: better-sqlite3 native bindings fail on Node.js 26.0.0 (v147) - use bun:sqlite as fallback? - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this migration risk before relying on the project: bug: better-sqlite3 native bindings fail on Node.js 26.0.0 (v147) - use bun:sqlite as fallback? - 对用户的影响:Developers may hit a documented source-backed failure mode: bug: better-sqlite3 native bindings fail on Node.js 26.0.0 (v147) - use bun:sqlite as fallback? - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/37 | bug: better-sqlite3 native bindings fail on Node.js 26.0.0 (v147) - use bun:sqlite as fallback? ## 27. 维护坑 · 维护活跃度未知 - 严重度:medium - 证据强度:source_linked - 发现:未记录 last_activity_observed。 - 对用户的影响:新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。 - 证据:evidence.maintainer_signals | github_repo:1213956965 | https://github.com/JuliusBrussee/cavemem | last_activity_observed missing - 严重度:medium - 证据强度:source_linked - 发现:no_demo - 证据:downstream_validation.risk_items | github_repo:1213956965 | https://github.com/JuliusBrussee/cavemem | no_demo; severity=medium ## 29. 安全/权限坑 · 存在评分风险 - 严重度:medium - 证据强度:source_linked - 发现:no_demo - 对用户的影响:风险会影响是否适合普通用户安装。 - 证据:risks.scoring_risks | github_repo:1213956965 | https://github.com/JuliusBrussee/cavemem | no_demo; severity=medium ## 30. 安全/权限坑 · 来源证据:Worker HTTP viewer on 127.0.0.1:37777 is unauthenticated and serves decompressed memory - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:Worker HTTP viewer on 127.0.0.1:37777 is unauthenticated and serves decompressed memory - 对用户的影响:可能影响授权、密钥配置或安全边界。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/51 | 来源类型 github_issue 暴露的待验证使用条件。 ## 31. 安全/权限坑 · 来源证据:redactSecrets is a no-op: secrets in tool output are stored verbatim (no output-side scrubber) - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:redactSecrets is a no-op: secrets in tool output are stored verbatim (no output-side scrubber) - 对用户的影响:可能影响授权、密钥配置或安全边界。 - 证据:community_evidence:github | https://github.com/JuliusBrussee/cavemem/issues/49 | 来源类型 github_issue 暴露的待验证使用条件。 ## 32. 能力坑 · 失败模式:capability: session-start: prior-session context not scoped to cwd, leaks across unrelated projects - 严重度:low - 证据强度:source_linked - 发现:Developers should check this capability risk before relying on the project: session-start: prior-session context not scoped to cwd, leaks across unrelated projects - 对用户的影响:Developers may hit a documented source-backed failure mode: session-start: prior-session context not scoped to cwd, leaks across unrelated projects - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/39 | session-start: prior-session context not scoped to cwd, leaks across unrelated projects ## 33. 运行坑 · 失败模式:performance: Cavemen with Opecode Desktop App on windows not working - 严重度:low - 证据强度:source_linked - 发现:Developers should check this performance risk before relying on the project: Cavemen with Opecode Desktop App on windows not working - 对用户的影响:Developers may hit a documented source-backed failure mode: Cavemen with Opecode Desktop App on windows not working - 证据:failure_mode_cluster:github_issue | https://github.com/JuliusBrussee/cavemem/issues/45 | Cavemen with Opecode Desktop App on windows not working ## 34. 维护坑 · issue/PR 响应质量未知 - 严重度:low - 证据强度:source_linked - 发现:issue_or_pr_quality=unknown。 - 对用户的影响:用户无法判断遇到问题后是否有人维护。 - 证据:evidence.maintainer_signals | github_repo:1213956965 | https://github.com/JuliusBrussee/cavemem | issue_or_pr_quality=unknown ## 35. 维护坑 · 发布节奏不明确 - 严重度:low - 证据强度:source_linked - 发现:release_recency=unknown。 - 对用户的影响:安装命令和文档可能落后于代码,用户踩坑概率升高。 - 证据:evidence.maintainer_signals | github_repo:1213956965 | https://github.com/JuliusBrussee/cavemem | release_recency=unknown