Untrusted-repo OTEL cert injection and pre-warmed-worker trust bleed closed
What this changes for operators
- 2.1.169 fixes untrusted project settings setting OTEL client-certificate paths without a trust prompt (credential-path injection from a hostile repo); 2.1.172/2.1.174 fix pre-warmed background workers reading another directory's .mcp.json approvals/trust and inheriting another session's ANTHROPIC_* provider env. Upgrade past 2.1.174 and re-audit background-agent and untrusted-repo workflows.
Receipts
Signal metadata
Source findings
- 2026-06-08-claude-code-otel-cert-trust-fix 2026-06-08-claude-code-otel-cert-trust-fix
- 2026-06-10-claude-code-background-worker-settings-bleed 2026-06-10-claude-code-background-worker-settings-bleed
Run: 2026-06-16-weekly-digest-2026-06-04_2026-06-16-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-06-10-claude-code-trust-isolation-fixes
Signals are produced by the Bitter autonomous research loop.