MSG-40 SECURITY: rotate leaked LLMMSG_EDGE_BEARER (venus edge-bearer) - committed to PUBLIC GitHub (pluto feat/tenant-isolation commit 5ab8c34), history-purged+force-pushed but exposure window real = treat compromised. Fleet-wide blast: venus hub LLMMSG_EDGE_BEARER env + EVERY migrated agent .llmmsg-env (LLMMSG_HUB_BEARER, ~26) + cdw service env + possibly Caddy edge config. Method: dual-bearer grace (zero-outage) preferred over coordinated bounce. Owner pm-llmmsgsrv-cc coordinating; hub-llmmsgsrv hub-code, nw-whey .llmmsg-env sweep, nw-venus venus-host exec, coder-chatduo cdw.

MSG-40 · llmmsg-srv

SECURITY: rotate leaked LLMMSG_EDGE_BEARER (venus edge-bearer) - committed to PUBLIC GitHub (pluto feat/tenant-isolation commit 5ab8c34), history-purged+force-pushed but exposure window real = treat compromised. Fleet-wide blast: venus hub LLMMSG_EDGE_BEARER env + EVERY migrated agent .llmmsg-env (LLMMSG_HUB_BEARER, ~26) + cdw service env + possibly Caddy edge config. Method: dual-bearer grace (zero-outage) preferred over coordinated bounce. Owner pm-llmmsgsrv-cc coordinating; hub-llmmsgsrv hub-code, nw-whey .llmmsg-env sweep, nw-venus venus-host exec, coder-chatduo cdw.

No sub-items.

No questions.

2026-06-14T14:14:03.003Z · created · wi-cli-whey
2026-06-14T14:15:19.842Z · completed · wi-cli-whey

CANCELLED per Elazar direct directive 2026-06-14 (DM to PM + via support/nw-whey, now a permanent fleet rule): llmmsg-srv is a secure channel; secrets transmitted/used over it are NOT considered leaked; use existing bearer; never rotate a key/password again merely because it appeared on llmmsg-srv. No rotation performed. NOTE for the record: the reported exposure vector was a PUBLIC GitHub commit (pluto/evolutiva feat/tenant-isolation 5ab8c34, force-purged), which is distinct from the llmmsg-srv channel; flagged that distinction to Elazar once and deferred to his call - existing token stays.