You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(upgrade): close thirteenth-round compliance findings — stopping loop
H1: capture applyErr before RollbackError unwraps it; add apply_error
string field to upgrade.rollback_failed so forensic reconstruction
has the root cause alongside the rollback failure (SOC1 completeness)
M3: split github_token_present into github_token_present (env var set?)
and github_token_forwarded (actually sent in header?) in both
fetchReleaseFrom and download; log events for untrusted-host downloads
now correctly record that a token existed but was withheld, rather than
masking token availability (SOC2 CC6.6 boundary protection telemetry)
M4: add comment to TestDownload_TokenSentToTrustedHost explaining why
these two tests must not run in parallel (allowedTokenHosts mutation)
0 commit comments