Open review findings
Status: Open — five confirmed findings need fixes; two prior catalog rows verified resolved and dropped
Purpose
This page is the consolidated list of acknowledged review findings that still need verification or follow-up. It is a catalog, not a design doc. When a finding graduates into concrete work, move it to a dedicated roadmap page; when a finding is fixed, remove it rather than keeping a stale resolved entry.
Resolved since last pass
Source-verified against the current tree and dropped from the catalog:
- Launcher preview and mount-resolution parity.
AppConfig::resolve_mount_rowsincrates/jackin-config/src/app_config/mounts.rsis the single function both the workspace details-pane preview (role_scoped_mount_countincrates/jackin-console/src/tui/screens/workspaces/view.rs) and the real launch resolver (resolve_load_workspaceincrates/jackin-config/src/resolve.rs) call. Selector-scoped global mounts cannot drift between preview and launch because there is only one resolution path; testpreview_shows_unscoped_global_mounts_without_role_ambiguity_textconfirms scoped-only mounts are excluded from the unscoped preview line. - Workspace role/agent selectors.
AppConfig::create_workspaceandAppConfig::edit_workspaceincrates/jackin-config/src/app_config/workspaces.rsboth callvalidate_workspace_configbefore any write, which rejects adefault_rolethat is not a member ofallowed_roles. These two functions are the only mutation paths for that geometry (theConfigEditortyped-setter path never touchesallowed_roles/default_role), so the check cannot be bypassed before persistence.
Confirmed still open
- Secret redaction in command failures (real leak, not just a re-check).
ShellRunnerincrates/jackin-docker/src/shell_runner.rsonly redacts-e/--envargv values in the--debuglog line (log_command,redact_env_args) and in thetee_to_build_logcommand string. Everyanyhow::bail!("command failed: {} {}", program, args.join(" "))inrun,run_captured, anddo_capturejoins the raw, unredactedargsslice. Launch (crates/jackin-runtime/src/runtime/launch.rs) pushesGITHUB_TOKEN,GH_ENTERPRISE_TOKEN, and other secrets as-e KEY=valuepairs into that sameargsslice, so a failingdocker runsurfaces the raw token in the CLI/terminal-visible error text. Fix: route every failure-path error string throughredact_env_argsthe same way the debug log path already does. - Mount validation boundaries — nested sensitive-path and runtime-owned-path gaps.
find_sensitive_mountsincrates/jackin-config/src/sensitive.rsonly flags a mount whosesrcexactly ends with a known suffix (/.ssh,/.aws, etc.); mounting a parent directory that merely contains one of those paths (e.g. the whole home directory) triggers no warning. Separately, no check incrates/jackin-config/src/schema.rsorcrates/jackin-config/src/app_config/mounts.rsrejects a mount destination that collides with a runtime-owned container path (e.g./jackin/...). Scoped/global mount persistence and write-time rejection of structurally invalid rows (duplicate destinations, non-shared global isolation) are already covered byAppConfig::validate_effective_mount_destinationsandAppConfig::validate_global_mount_rows, called fromcrates/jackin-console/src/services/config_save.rs— that half of the original bullet is resolved. - Config write concurrency.
ConfigEditor::open/saveincrates/jackin-config/src/editor.rsandatomic_writeincrates/jackin-config/src/persist.rsstill do a read-modify-rename cycle with no file lock or merge check. Two concurrentjackinprocesses editing config still silently last-writer-wins. - Runtime-disable env protection.
is_reservedincrates/jackin-core/src/env_model.rschecks only a fixed list of exact runtime env names;JACKIN_DISABLE_*is not inRESERVED_RUNTIME_ENV_VARS, and no prefix-based reservation exists anywhere in the reserved-name check. A role manifest can declare anenv.JACKIN_DISABLE_*entry today withoutvalidate_reserved_env_namesrejecting it. - Subprocess timeout policy. No timeout wrapper exists in
ShellRunner(crates/jackin-docker/src/shell_runner.rs) orCommandRunner(crates/jackin-core/src/runner.rs); everyrun/capture/capture_secretcall awaits the child process unbounded. - Reproducibility and provenance. Still open as a dedicated roadmap item: Reproducibility and Provenance Pinning.
Dedicated items instead of catalog entries
Use the dedicated pages as source of truth where they exist:
- Docker Runtime Hardening Contract
- Reproducibility and Provenance Pinning
- Security Threat Model & Signed Releases
Reviewed: 2026-07-01. This pass re-verified every row against source: two findings (launcher preview parity, role/selector validation) are fixed and dropped; the remaining five are confirmed still open with concrete file/function references above, including a live secret-redaction gap in ShellRunner's failure-path error strings that is more serious than the prior "needs fresh evidence" framing implied.