pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Wave 5+6: plugin ABI hardening, build modernization, ABI/security docs
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details

Browse Source 
Wave 5 (9 parallel agents):
- W1.1 atomic diag callback + DLL handle release on shutdown (lin)
- W2.1 unify cross-DLL heap discipline (host->alloc/free/strdup) (chen)
- W2.2 secure_zero api_key on shutdown for deepseek/anthropic (cao)
- W3 CMake modernization: target-based cxx_std_20, dstalk_boost_config
  INTERFACE lib, root-level RUNTIME_OUTPUT_DIRECTORY (hu)
- W4 GitHub Actions CI with dynamic Linux/Windows matrix (ma)
- W5.1 SSE buffer_body to cut peak memory ~67% on 32K streams (zhou)
- W6.1 LSP JSON-RPC frame parser hardened against header reordering (sun)
- W7 smoke test: copy plugin DLLs post-build + Boost.JSON src.hpp fix
  for full 9-plugin load coverage (wang)
- W8.1 README slimmed 398->92, Diataxis docs/ skeleton (deng)

Wave 6 (6 parallel agents):
- W9.1 docs/explanation: architecture + plugin-lifecycle (deng)
- W9.3 log credential leak audit (0 vulns, audit trail in
  docs/explanation/security-logging.md) (cao)
- W9.4 docs/reference/plugin-abi.md - 7-point ABI contract (lin)
- W9.6 CLI /history command + status integration (zhao)
- W9.8 plugin_loader fault tolerance: per-plugin failure no longer
  aborts dstalk_init (huang)
- W9.10 host_api unit tests: tests/host_api_test.cpp, 8 cases (liu)

CEO oversight (preexisting bugs fixed during Wave 5 verification):
- lsp_plugin.cpp:449 forward decl mismatch (int vs void)
- tools_plugin.cpp:109 missing forward decl

Multi-agent collaboration framework:
- agents/WORKFLOW.md: 6-stage protocol, two-tier governance,
  prompt template, technical constraints registry

Build: cmake --build 0 error / 0 warning. Tests: 2/2 100% pass.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-05-27 05:39:10 +08:00
parent 4433218853
commit 5766938524
49 changed files with 1640 additions and 449 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
agents/security-cao/profile.md
View File

@@ -21,5 +21,21 @@ performance_log:
- date: 2026-05-27
event: "入职 dstalk 团队"
rating: ongoing
- date: 2026-05-27
event: "W2.2: api_key 在 on_shutdown 时安全清零 (deepseek + anthropic)"
rating: done
detail: |
在 deepseek_plugin.cpp 和 anthropic_plugin.cpp 的 anonymous namespace 内
新增 secure_zero(void*, size_t),通过 volatile 写零循环对 g_cfg.api_key
执行安全擦除后 clear。编译0 error 0 warning与改动相关的文件
- date: 2026-05-27
event: "W9.3: 错误日志凭证泄露审计8文件0真实漏洞"
rating: done
detail: |
审计了 8 个文件的所有 host->log / printf / fprintf(stderr) / std::cerr 调用。
0 真实可利用漏洞。deepseek/anthropic 的 configure 日志有意排除了 api_key
build_headers_json() 产生的凭证字符串仅通过内存传递给 Beast HTTP未经过日志管道。
低风险/假阳性 2 项lsp server_cmd 日志 + network e.what() 异常信息),无需代码修改。
审计报告写入 docs/explanation/security-logging.md。CVSS: N/A无可利用漏洞
current_groups: []
---