Planning and analysis docs produced by a full read-only sweep of the
Pluto workspace (a Rust port of Charon) — one
finder agent per (crate × dimension) cell across 21 crates × 5 dimensions
(parity, security, performance, tests, idiom), then clustered into prioritised
areas of responsibility with a remediation plan and per-task specs.
No source code was changed. These are planning documents only, following Pluto's golden rule: never implement without an approved plan.
⚠️ Contains references to unfixed security issues (a remotely-triggerable panic, DoS vectors, secret-leakage paths). Keep this repository private until the corresponding fixes have shipped.
00-overview.md— entry point: all 14 areas, 92 task specs, priorities, and a suggested implementation order.01-…/…14-…/— one directory per area, each with aPLAN.md(problem → approach → task table → risks) and onetask-*.mdspec per task.CONSOLIDATED-REPORT.md— all 491 raw findings, grouped by crate then severity, with locations and evidence.raw-findings.json— the raw findings as structured data.
491 findings → 14 areas (3 × P0, 10 × P1, 1 × P2), 92 task specs.
| Priority | Areas |
|---|---|
| P0 | Remote-input DoS hardening · Cluster hashing/validation parity · Key-material zeroization & Debug leakage |
| P1 | Crypto/FROST parity · Beacon version/ENR/network parity · CLI flag/env parity · QBFT consensus/core parity · Hot-path allocation reduction · P2P/relay parity · Test coverage (×5) |
| P2 | Error-handling idioms, dead code, naming |
Generated 2026-06-29.