From 7e4191205faf648571f07eefb2922b181f23537b Mon Sep 17 00:00:00 2001
From: jove <jove@spucchi.com>
Date: Mon, 16 Mar 2026 17:44:22 -0600
Subject: [PATCH] docs: add repo todo backlog

---
 TODO.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 TODO.md

diff --git a/TODO.md b/TODO.md
new file mode 100644
index 0000000..4f5f93f
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,21 @@
+# TODO
+
+Last updated: 2026-03-16
+
+## Priority
+
+- Merge or close the remaining dependency PRs after rerunning current branch protection:
+  - `#39` `wat`
+  - `#52` `getrandom`
+- Investigate and fix the failing dependency PRs before merging:
+  - `#49` `actions/upload-artifact`
+  - `#51` `wasmtime`
+  - `#53` `rust-cache`
+  - `#54` `cosign-installer`
+  - `#55` `sbom-action`
+- Keep the atomic file-write hardening and executable-bit preservation tests in place as future refactors touch install paths.
+
+## Notes
+
+- Audit fixes already landed for temp-file creation and Unix mode preservation.
+- Several dependabot branches are clean but need branch-protection reruns after base-branch movement.