- **Cross-linking of tickets**: the library can read and write them but they cannot yet be crosslinked. Currently, depending on a context-dependent flag, it may error out if it tries to crosslink one or it may silently skip over it.

- **Double-check crosslinking of other types** and make sure that we are not missing newly-added features.

- **Stash** support. First requires merge support.

- **Unversioned files** should be trivial to do.

- Maybe pending-moderation support (tickets, ticket comments), depending on how centrally-managed such data need to be (i.e. whether it can be delegated to an app layer).

# Security-relevant

But not otherwise SCM-relevant...

- **Port over `db_unprotect()` and `db_protect_pop()`** APIs, which allow a db to effectively be made read-only except for limited windows where specific sections of it needs to be writable. Related: `db.c:db_top_autorizer()`.