Skip to content

[blocker]: External security, legal, provider-terms, and clean Linux sandbox evidence #7

Open
Open
[blocker]: External security, legal, provider-terms, and clean Linux sandbox evidence#7
Labels
blockerExternal or release blocker with dated next actionlegalLegal, trademark, IP, telemetry policy, or terms reviewlinuxLinux AppImage, deb, rpm, repository metadata, or package signingreleaseRelease packaging, signing, registries, or launch readinesssecuritySecurity-sensitive change, review, or finding
@gchahal1982

Description

@gchahal1982
gchahal1982
opened on May 19, 2026

Source PRD rows: docs/prds/agent-studio-open-prd.md:963 through docs/prds/agent-studio-open-prd.md:975, docs/prds/agent-studio-open-prd.md:1196.

Current verified state as of 2026-05-19:

  • Local static analysis, OTLP abuse/malformed payload tests, macOS sandbox execution, mounted-DMG smoke, and docs/readme link checks pass.
  • Legal approval for bundled dependencies/provider terms/trademark/privacy/installer terms is absent.
  • Threat-model signoff, external user-secret/MCP trust-boundary security review, formal OTLP receiver pen-test signoff, clean Linux bwrap execution, and clean Windows/Linux install QA evidence remain incomplete.

Completion criteria:

  • Legal/provider/trademark/privacy/installer terms approvals are attached.
  • Threat model and external security review signoffs are attached.
  • OTLP receiver pen-test signoff is attached.
  • Clean Linux sandbox execution and clean Windows/Linux install evidence are attached.

Verification commands:

  • pnpm --dir opensource/open-studio-platform run security:all
  • pnpm --dir opensource/open-studio-platform run verify:release-blockers -- --probe-uptime

Metadata

Metadata

Assignees

No one assigned

    Labels

    blockerExternal or release blocker with dated next actionlegalLegal, trademark, IP, telemetry policy, or terms reviewlinuxLinux AppImage, deb, rpm, repository metadata, or package signingreleaseRelease packaging, signing, registries, or launch readinesssecuritySecurity-sensitive change, review, or finding

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions