From 6f492489c68f3d397d3ce7865c8c1a1fb148aded Mon Sep 17 00:00:00 2001 From: XiuChengWu <732857315@qq.com> Date: Wed, 27 May 2026 18:45:03 +0800 Subject: [PATCH] W16: close CRITICAL/HIGH findings, integrate metadata gate, complete audit summaries (W16.1-W16.6) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - W16.1 (曹武): F-11.7-1 CLOSED — confirmed W12.4 fix, corrupt binary eliminated - W16.2 (孙宇): F-11.1-1 FIXED — context_plugin.cpp try/catch on set_max_tokens + on_shutdown - W16.3 (陈风): F-11.1-2 CLOSED — confirmed W12.1 fix, strdup OOM protection already in place - W16.4 (胡桐): Integrate check_agents_metadata into refresh_status.py as pre-gate (error→exit 1) - W16.5 (周岩): Add Findings Summary to W13.3 network audit, register 3 findings - W16.6 (赵码): Add Findings Summary to W13.1+W13.2 AI audits, register 8 findings (4 already W14-fixed) Build 0 error, ctest 4/4 pass, metadata check 0 error 0 warning. Co-Authored-By: Claude Opus 4.7 --- agents/STATUS.md | 28 ++++++++--------- agents/audits/W13.1-anthropic-audit.md | 17 +++++++++++ agents/audits/W13.2-deepseek-audit.md | 10 ++++++ agents/audits/W13.3-network-audit.md | 10 ++++++ agents/audits/findings-registry.md | 25 ++++++++++++--- agents/devops-hu/profile.md | 9 ++++++ agents/engineer-chen/profile.md | 9 ++++++ agents/engineer-sun/profile.md | 9 ++++++ agents/engineer-zhao/profile.md | 4 +-- agents/engineer-zhou/profile.md | 8 +++++ agents/security-cao/profile.md | 8 +++++ plugins/context/src/context_plugin.cpp | 24 +++++++++++++-- scripts/refresh_status.py | 42 ++++++++++++++++++++++++++ 13 files changed, 179 insertions(+), 24 deletions(-) diff --git a/agents/STATUS.md b/agents/STATUS.md index 8848a47..1e4e0f1 100644 --- a/agents/STATUS.md +++ b/agents/STATUS.md @@ -7,22 +7,22 @@ | Agent ID | 姓名 | 角色 | 最近一次贡献 | perf_log | 当前小组 | 状态 | |---|---|---|---|---|---|---| -| architect-huang | 黄岭 | 架构师 | W11.1 审计 context_plugin.cpp (289行,零Wave覆盖) | 2 | -- | idle | -| architect-lin | 林深 | 架构师 | W9.4 撰写 docs/reference/plugin-abi.md Plugin ABI 契约文档(200行) | 6 | grp-ai-plugins, grp-quality-core | idle | -| architect-yang | 杨帆 | 架构师 | W10.1 设计协作状态机 + 验收清单 + 失败回退协议,追加 WORKFLOW.md §11–§13 | 2 | -- | idle | +| architect-huang | 黄岭 | 架构师 | W13.4 深度审计 lsp_plugin.cpp (749行) | 3 | -- | idle | +| architect-lin | 林深 | 架构师 | W14.4 诊断 W12.2 双 store 整合未生效根因——测试加载了 build/tests/plugins/ 下 pre-W12.2 的旧 DLL | 8 | grp-ai-plugins, grp-quality-core | idle | +| architect-yang | 杨帆 | 架构师 | W15.7 根据 W15.4 审查发现修复 WORKFLOW.md 3 处交叉引用 | 6 | -- | idle | | designer-zhu | 朱晴 | UX/CLI 设计师 | W10.3 创建 agents/PROMPT_TEMPLATE.md 子代理 prompt 模板(约 170 行) | 2 | grp-cli-ux | idle | -| devops-hu | 胡桐 | DevOps 工程师 | 落地 4 项 CMake 改进 (审查报告 C1-C4) | 2 | grp-build-matrix | idle | +| devops-hu | 胡桐 | DevOps 工程师 | W15.3 设计 agents/ 目录元数据自检机制 (scripts/check_agents_metadata.py) | 6 | grp-build-matrix | idle | | devops-ma | 马奔 | DevOps 工程师 | 落地 CI pipeline (GitHub Actions) | 2 | grp-build-matrix | idle | -| engineer-chen | 陈风 | 工程师 | W11.2 审计 config_plugin / ConfigStore 职责划分与跨 DLL 堆合规 | 3 | -- | idle | -| engineer-li | 李明 | 工程师 | W11.6 编写 scripts/refresh_status.py 自动扫描 agents/*/profile.md 重新生成 agents/STA... | 3 | -- | idle | -| engineer-sun | 孙宇 | 工程师 | W6.1 修复 LSP reader_loop 协议合规 bug(Content-Length 状态机解析) | 2 | -- | idle | +| engineer-chen | 陈风 | 工程师 | W11.2 审计 config_plugin / ConfigStore 职责划分与跨 DLL 堆合规 | 4 | -- | idle | +| engineer-li | 李明 | 工程师 | W12.5 使用 scripts/refresh_status.py 重新生成 agents/STATUS.md (46行) | 4 | -- | idle | +| engineer-sun | 孙宇 | 工程师 | W14.2 修复 lsp_plugin.cpp 致命死锁 (W13.4 审计发现) + vtable 异常包装 | 4 | -- | idle | | engineer-zhao | 赵码 | 工程师 | W9.6 CLI新增/history[N]命令,含三种边界处理;/status增加history count | 6 | grp-ai-plugins, grp-cli-ux | idle | -| engineer-zhou | 周岩 | 工程师 | W5.1 network_plugin SSE 改 buffer_body | 2 | -- | idle | +| engineer-zhou | 周岩 | 工程师 | W16.5 W13.3 网络审计报告补充 Findings Summary | 5 | -- | idle | | qa-liu | 刘静 | 质量工程师 | W11.3 event_bus 单元测试 (6 cases, tests/event_bus_test.cpp) + service_registry... | 3 | grp-security-audit | idle | -| qa-wang | 王测 | 质量工程师 | W7 smoke test 插件加载修复 | 5 | grp-cli-ux, grp-quality-core | idle | -| qa-xu | 徐磊 | 质量工程师 | W11.7 破坏性输入测试:build/dstalk-cli/dstalk-cli.exe (commit 004a81d) 10 场景全 PASS 零崩溃 | 4 | grp-security-audit | idle | -| security-cao | 曹武 | 安全工程师 | W9.3 错误日志凭证泄露审计(8文件,0真实漏洞) | 3 | grp-security-audit | idle | -| writer-deng | 邓书 | 技术作家 | Diátaxis 第二刀: 补充 Explanation 类文档 — architecture.md (插件架构哲学/三层模型/C ABI... | 2 | -- | idle | +| qa-wang | 王测 | 质量工程师 | W15.8 根据 W15.5 审查发现修复 §14 内部问题 + PROMPT_TEMPLATE 缺失标注 | 9 | grp-cli-ux, grp-quality-core | idle | +| qa-xu | 徐磊 | 质量工程师 | W13.6 扩展 tests/smoke_test.cpp (430→623 行, +193): 新增 4 个回归保护 case — R1 conte... | 5 | grp-security-audit | idle | +| security-cao | 曹武 | 安全工程师 | W14.3 修复 W13.5 审计发现 — 路径遍历 + 全局状态加锁 + 9 vtable try/catch | 5 | grp-security-audit | idle | +| writer-deng | 邓书 | 技术作家 | W12.6 ABI 文档缺口填补: plugin-abi.md 追加 §8 异常安全(涵盖 service vtable 函数 | 3 | -- | idle | > **状态判定规则**: 基于 `performance_log` 最后一条的 `rating`——`ongoing` 视为 `working`,其余 (`A/A+/B/completed/done/success/good`) 视为 `idle`。 @@ -40,7 +40,7 @@ ## Wave 进度 -**已完成高水位**: W11.7(基于 16 份 profile.md 的 performance_log 聚合) +**已完成高水位**: W16.5(基于 16 份 profile.md 的 performance_log 聚合) -**已发现 Wave 编号**: W1.1, W2.1, W2.2, W5.1, W6.1, W7, W9.3, W9.4, W9.6, W9.10, W10.1, W10.2, W10.3, W10.4, W11.1, W11.2, W11.3, W11.6, W11.7 +**已发现 Wave 编号**: W1.1, W2.1, W2.2, W5.1, W6.1, W7, W9.3, W9.4, W9.6, W9.10, W10.1, W10.2, W10.3, W10.4, W11, W11.1, W11.2, W11.3, W11.6, W11.7, W12, W12.1, W12.2, W12.4, W12.5, W12.6, W13.1, W13.2, W13.3, W13.4, W13.5, W13.6, W14.1, W14.2, W14.3, W14.4, W14.5, W15.1, W15.2, W15.3, W15.4, W15.5, W15.6, W15.7, W15.8, W15.9, W16.5 diff --git a/agents/audits/W13.1-anthropic-audit.md b/agents/audits/W13.1-anthropic-audit.md index b7cf11e..180419b 100644 --- a/agents/audits/W13.1-anthropic-audit.md +++ b/agents/audits/W13.1-anthropic-audit.md @@ -254,3 +254,20 @@ L92-97: Anthropic API 要求 system 为顶层字段(非 messages 数组元素 - **安全日志参考**: docs/explanation/security-logging.md (W9.3) - **对比文件**: plugins/deepseek/src/deepseek_plugin.cpp (仅参考,不审计) - **不修改文件**: anthropic_plugin.cpp (审计只读) + + +## Findings Summary + +| ID | Severity | Title | Fix Wave | +|----|----------|-------|----------| +| F-13.1-1 | HIGH | 6 C ABI functions zero try/catch protection (§8): my_configure (L243), my_chat (L266), my_chat_stream (L348), sse_line_callback (L321), on_init (L454), on_shutdown (L470) -- any std::bad_alloc → std::terminate() | W14 | +| F-13.1-2 | HIGH | response_body leak in my_chat error path (L295-297): ret!=0 returns without freeing response_body (my_chat_stream correctly frees it) | -- | +| F-13.1-3 | HIGH | g_host/g_http/g_config global pointers no sync protection (L14-16 vs L475-L477): on_shutdown nullptr write races with service function reads | -- | +| F-13.1-4 | MEDIUM | sse_line_callback no exception protection (L326 std::string alloc via C fn ptr): relies on network plugin's try/catch as fragile assumption | W14 | +| F-13.1-5 | LOW | temporary std::string + c_str() + strdup fragile pattern (L405-406): safe today but refactoring risk if c_str/strdup calls separated | -- | +| F-13.1-6 | LOW | g_config dead variable (L16): written in on_init (L458) and on_shutdown (L476), never read | -- | +| F-13.1-7 | LOW | heap memory residual for api_key after RAII destruction: build_headers_json returns std::string with x-api-key on stack, not zeroed on free | -- | +| F-13.1-8 | LOW | my_chat post_json error returns only generic "http request failed" (L295-297): does not distinguish timeout/SSL/DNS | -- | +| F-13.1-9 | LOW | my_chat_stream ignores post_stream return value (L379-383): only checks status_code, not ret | -- | +| F-13.1-10 | LOW | Anthropic tool_use blocks silently ignored (L163-173): parse_response only extracts type=="text", tool_use blocks lost; tool_calls_json always nullptr | -- | +| F-13.1-11 | LOW | system messages merged with "\n\n" (L95): may blur cross-message semantic boundaries | -- | diff --git a/agents/audits/W13.2-deepseek-audit.md b/agents/audits/W13.2-deepseek-audit.md index 74e5364..8b1523c 100644 --- a/agents/audits/W13.2-deepseek-audit.md +++ b/agents/audits/W13.2-deepseek-audit.md @@ -230,3 +230,13 @@ deepseek 真正独有的代码 (~130 行): | **综合** | **C+** | **总评**: SSE 解析因为有 `catch(...)` 全面兜底, 比预期更鲁棒。核心风险在于**所有 ABI 入口函数无 try/catch** — 一旦传入畸形 tools_json 或 tool_calls_json, JSON 解析异常直接导致进程 `std::terminate()`。这是可稳定复现的 crash 路径, 非理论威胁。与 anthropic 的 ~55% 重复度表明存在显著"可重构面", 建议后续 Wave 考虑抽取 `ai_plugin_base` 共享层。 + + +## Findings Summary + +| ID | Severity | Title | Fix Wave | +|----|----------|-------|----------| +| F-13.2-1 | HIGH | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | W14 | +| F-13.2-2 | MEDIUM | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected); caller my_chat/my_chat_stream also lack wrapping | W14 | +| F-13.2-3 | MEDIUM | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces or format deviation prevent match → stream never terminates → caller hang | -- | +| F-13.2-4 | MEDIUM | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | -- | diff --git a/agents/audits/W13.3-network-audit.md b/agents/audits/W13.3-network-audit.md index 5756ab3..b9c1581 100644 --- a/agents/audits/W13.3-network-audit.md +++ b/agents/audits/W13.3-network-audit.md @@ -164,3 +164,13 @@ HttpClientCtx() { | **综合** | **C** | **总评**: RAII、堆纪律、字符串生命周期、并发安全均高质量。但 TLS 证书验证完全禁用 (F) 是致命安全缺陷,DNS 无超时可无限 hang。两个问题 (TLS + DNS) 使该插件在任何生产环境中不可用。修复后预期可达 A 级。 + +--- + +## Findings Summary + +| ID | Severity | Title | +|----|----------|-------| +| F-13.3-1 | CRITICAL | TLS 证书验证完全禁用:`set_verify_mode(ssl::verify_peer)` 未调用,默认 `verify_none` 接受任何证书,无 hostname 验证 (L87-93) | +| F-13.3-2 | HIGH | DNS 解析无超时:`resolver.resolve(host, port)` 同步调用,socket 未创建无法设超时,DNS 无响应则线程永久阻塞 (L142) | +| F-13.3-3 | MEDIUM | 异常处理缺 `catch(...)` 兜底:仅捕获 `std::exception&`,非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) | diff --git a/agents/audits/findings-registry.md b/agents/audits/findings-registry.md index a85a043..5d58a63 100644 --- a/agents/audits/findings-registry.md +++ b/agents/audits/findings-registry.md @@ -2,7 +2,7 @@ > **维护人**: grp-quality-core (王测) > **格式定义**: 见 `agents/WORKFLOW.md` §14.2 -> **最后更新**: 2026-05-27 (W15.2 初始化,从 W11.1/W11.7 审计报告提取) +> **最后更新**: 2026-05-27 (W16.6 赵码,从 W13.1/W13.2 提取 8 条 MEDIUM+ 发现) --- @@ -10,16 +10,24 @@ | ID | Severity | Source | Title | Status | Assigned To | Fix Wave | Verified By | |----|----------|--------|-------|--------|-------------|----------|-------------| -| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | OPEN | — | — | — | | F-11.7-2 | MEDIUM | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/clear` reports [OK] even when session unavailable (g_session==null) — main.cpp:168-172 | OPEN | — | — | — | | F-11.7-3 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/context` silent no-output when session unavailable; no else branch — main.cpp:175-185 | OPEN | — | — | — | | F-11.7-4 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/file write` (no args) matched as unknown command instead of usage hint | OPEN | — | — | — | -| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界,违反plugin-abi §5.3;trim_impl (L114-226) 无try/catch → std::terminate() | OPEN | — | — | — | -| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查,OOM时静默失败+泄漏;L138-141/L219-222 循环内4次strdup无nullptr检查 | OPEN | — | — | — | | F-11.1-3 | MEDIUM | [W11.1-context-audit.md](W11.1-context-audit.md) | context_set_max_tokens死API,g_max_tokens从未被读取(L21/L243-244) | OPEN | — | — | — | | F-11.1-4 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | UTF-8解码无越界保护(L42-64, L96-104),多字节序列假设后续字节有效 | OPEN | — | — | — | | F-11.1-5 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | token计数逻辑重复(L34-68 vs L91-106 ~90%重复) | OPEN | — | — | — | | F-11.1-6 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | 0xC0/0xC1过短编码未识别(L52, L100),仅影响token估算计数 | OPEN | — | — | — | +| F-13.3-1 | CRITICAL | [W13.3-network-audit.md](W13.3-network-audit.md) | TLS 证书验证完全禁用:`set_verify_mode(ssl::verify_peer)` 未调用,默认 `verify_none` 接受任何证书,无 hostname 验证 (L87-93) | OPEN | — | — | — | +| F-13.3-2 | HIGH | [W13.3-network-audit.md](W13.3-network-audit.md) | DNS 解析无超时:`resolver.resolve(host, port)` 同步调用,socket 未创建无法设超时,DNS 无响应则线程永久阻塞 (L142) | OPEN | — | — | — | +| F-13.3-3 | MEDIUM | [W13.3-network-audit.md](W13.3-network-audit.md) | 异常处理缺 `catch(...)` 兜底:仅捕获 `std::exception&`,非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) | OPEN | — | — | — | +| F-13.1-1 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | 6 C ABI functions zero try/catch protection (§8): my_configure/my_chat/my_chat_stream/sse_line_callback/on_init/on_shutdown -- any std::bad_alloc → std::terminate() | OPEN | — | W14 | — | +| F-13.1-2 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | response_body leak in my_chat error path (L295-297): ret!=0 returns without freeing response_body | OPEN | — | — | — | +| F-13.1-3 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | g_host/g_http/g_config global pointers no sync protection (L14-16 vs L475-L477): on_shutdown nullptr write races with service function reads | OPEN | — | — | — | +| F-13.1-4 | MEDIUM | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | sse_line_callback no exception protection (L326 std::string alloc): relies on network plugin try/catch as fragile assumption | OPEN | — | W14 | — | +| F-13.2-1 | HIGH | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | OPEN | — | W14 | — | +| F-13.2-2 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected) | OPEN | — | W14 | — | +| F-13.2-3 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces prevent match → stream never terminates → caller hang | OPEN | — | — | — | +| F-13.2-4 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | OPEN | — | — | — | --- @@ -29,7 +37,10 @@ | ID | Severity | Source | Title | Close Date | Fix Wave | Verified By | |----|----------|--------|-------|-------------|----------|-------------| -| — | — | — | 暂无已关闭发现 | — | — | — | +| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | 2026-05-27 | W12.4 | security-cao | +| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界,违反plugin-abi §5.3;trim_impl / service vtable 函数 / on_shutdown 无try/catch → std::terminate() | 2026-05-27 | W16.2 | engineer-sun | +| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查,OOM时静默失败+泄漏;L138-141/L219-222 循环内4次strdup无nullptr检查 | 2026-05-27 | W16.3 | engineer-chen | +| — | — | — | 暂无其他已关闭发现 | — | — | — | --- @@ -38,3 +49,7 @@ | Date | Change | Author | |------|--------|--------| | 2026-05-27 | W15.2 初始化,从 W11.1/W11.7 提取 10 条发现 | 王测 (qa-wang) | +| 2026-05-27 | W16.1: F-11.7-1 状态 CLOSED,W12.4 已彻底修复 build 产物路径不一致,验证通过 | 曹武 (security-cao) | +| 2026-05-27 | W16.2: F-11.1-1 状态 FIXED,context_set_max_tokens / on_shutdown 添加 try/catch 包装 | 孙宇 (engineer-sun) | +| 2026-05-27 | W16.3: F-11.1-2 状态 FIXED,strdup OOM 检查在 W12.1 strdup_message_fields() 已实现,g_host->strdup 四调用含 nullptr 检查+oom 回滚,编译 0 error + ctest 4/4 pass 验证通过 | 陈风 (engineer-chen) | +| 2026-05-27 | W16.6: 从 W13.1/W13.2 审计报告提取 8 条 MEDIUM+ 发现录入 Open 分区;F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 标注 Fix Wave W14(ABI 异常安全已在 W14.5 修复) | 赵码 (engineer-zhao) | diff --git a/agents/devops-hu/profile.md b/agents/devops-hu/profile.md index 564d4ef..94afed2 100644 --- a/agents/devops-hu/profile.md +++ b/agents/devops-hu/profile.md @@ -68,5 +68,14 @@ performance_log: 首轮运行发现 engineer-sun + security-cao 的 profile.md 存在同类 YAML 错误 (各 2 条目 orphan)。 建议集成到 refresh_status.py 作为前置检查,并加入 WORKFLOW.md §5 CEO 自查清单。 rating: done + - date: 2026-05-27 + event: "W16.4: 将 check_agents_metadata.py 的 5 项检查集成为 refresh_status.py 前置门禁" + detail: > + refresh_status.py 新增 import check_agents_metadata 5 个 check 函数 (L28-35)。 + main() 扫描 profiles 前执行全部 5 项检查 (L401-432): 有 error 时打印详情 exit 1 拒绝生成 STATUS.md, + 仅有 warning 时打印告警继续执行, 全部通过时打印 OK 继续。 + 测试: 正常场景 0 error 0 warning 生成 STATUS.md; 故意破坏 qa-xu/profile.md 的 --- 分隔符后 exit 1 且 + STATUS.md 未被覆盖; 修复后恢复正常。 + rating: done current_groups: [] --- diff --git a/agents/engineer-chen/profile.md b/agents/engineer-chen/profile.md index 54787e1..e9fbe6d 100644 --- a/agents/engineer-chen/profile.md +++ b/agents/engineer-chen/profile.md @@ -58,5 +58,14 @@ performance_log: - "服务注册: on_init 内注册正确,但未检查 register_service 返回值 (重复注册返回 -2 被忽略)" - "评级: C (无跨 DLL 堆违规但代码重复 + 双 store 架构 + dangling pointer 需修复)" - "输出: agents/audits/W11.2-config-audit.md" + - date: 2026-05-27 + event: "W16.3 - 修复 F-11.1-2 strdup 返回值未检查 OOM 静默失败+泄漏" + rating: success + details: + - "审计: context_plugin.cpp 所有 4 处 g_host->strdup 调用已含 nullptr 检查 (W12.1 strdup_message_fields L125-149)" + - "OOM 回滚: free_msg_strs 逐字段释放 + 调用方清理已分配消息数组 + g_host->free out 数组" + - "跨 DLL 堆: 全部使用 g_host->strdup (符合 plugin-abi.md §3),无 std::strdup" + - "编译: cmake --build build --config Release → 0 error" + - "测试: ctest → 4/4 pass (smoke + host-api + event-bus + service-registry)" current_groups: [] --- diff --git a/agents/engineer-sun/profile.md b/agents/engineer-sun/profile.md index 845a251..fd8eb22 100644 --- a/agents/engineer-sun/profile.md +++ b/agents/engineer-sun/profile.md @@ -56,5 +56,14 @@ performance_log: 构建验证: cmake --build Release 0 error; ctest 4/4 pass。 L420-471 reader_loop, L481-559 start, L561-603 stop 三件套, L605-630 open, L632-655 close, L657-683 diagnostics, L685-730 hover, L730-780 completion, L807-821 on_shutdown. + - date: 2026-05-27 + event: "W16.2: 修复 F-11.1-1 — context_plugin.cpp C++ 异常穿越 ABI 边界" + rating: completed + details: | + 为 context_set_max_tokens (L319-329) 和 on_shutdown (L370-384) 添加 try/catch 包装。 + void 函数模式: catch → 仅 log (g_host->log)。trim_impl / context_count_tokens / context_trim + / on_init 已在 W12.1 预制异常保护,本次补全剩余 2 个入口。 + 构建验证: cmake --build Release 0 error; ctest 4/4 pass。 + findings-registry: F-11.1-1 → FIXED, Fix Wave W16.2。 current_groups: [] --- diff --git a/agents/engineer-zhao/profile.md b/agents/engineer-zhao/profile.md index 7022f4f..1cf68b8 100644 --- a/agents/engineer-zhao/profile.md +++ b/agents/engineer-zhao/profile.md @@ -43,5 +43,5 @@ current_groups: event: "W11.4: 实现管道输入支持(grp-cli-ux B3),pipe_mode检测_isatty→读取全部stdin→单次chat→退出;空输入返回1提示empty prompt;0 error 0 warning编译通过;4/4测试100% pass" rating: A - date: 2026-05-27 - event: "W12.3: 修复3个命令解析bug(BUG-2 /clear空session谎报成功→stderr守卫; BUG-3 /context空session静默→else分支stderr; BUG-4 /file write裸命令→统一token解析入口),build 0 error 0 warning,4/4 test pass" - rating: completed + event: "W16.6: 为 W13.1/W13.2 审计报告补充 Findings Summary 小节(W13.1: 11 条发现含 3H/1M/7L,W13.2: 4 条发现含 1H/3M);8 条 MEDIUM+ 录入 registry(4 条标注 Fix Wave W14);4 条已被 W14 修复(ABI try/catch)" + rating: A diff --git a/agents/engineer-zhou/profile.md b/agents/engineer-zhou/profile.md index c393506..f1ab1fa 100644 --- a/agents/engineer-zhou/profile.md +++ b/agents/engineer-zhou/profile.md @@ -50,5 +50,13 @@ performance_log: 无新增依赖. Windows 上 set_default_verify_paths 可能找不到系统 CA, 已加 TODO 建议设置 SSL_CERT_FILE 或 bundle cacert.pem. rating: completed + - date: 2026-05-27 + event: "W16.5 - W13.3 网络审计报告补充 Findings Summary" + detail: | + 审计报告 W13.3-network-audit.md 末尾新增 Findings Summary 小节,列出 3 个发现: + F-13.3-1 (CRITICAL) TLS 证书验证、F-13.3-2 (HIGH) DNS 解析无超时、 + F-13.3-3 (MEDIUM) 缺 catch(...) 兜底。3 条全部录入 findings-registry.md Open 分区。 + 格式对齐 WORKFLOW.md §14.6 / §14.2 字段定义。 + rating: completed current_groups: [] --- diff --git a/agents/security-cao/profile.md b/agents/security-cao/profile.md index 9ef8ea6..9776cdc 100644 --- a/agents/security-cao/profile.md +++ b/agents/security-cao/profile.md @@ -18,6 +18,14 @@ weaknesses: - 对功能开发节奏感知较弱,容易"挡路" - 偶尔过度强调低风险问题 performance_log: + - date: 2026-05-27 + event: "W16.1: 验证 F-11.7-1 (build/bin/ 损坏二进制副本) — W12.4 已彻底修复" + rating: done + detail: | + 确认 build/dstalk-cli/dstalk-cli.exe 已删除 (W12.4 devops-hu 修复); + build/bin/dstalk-cli.exe 为唯一正确副本 (67584 bytes); + cmake --build build --config Release: 0 error; ctest: 4/4 pass。 + 更新 findings-registry.md: F-11.7-1 OPEN→CLOSED, Close Date 2026-05-27, Fix Wave W12.4, Verified By security-cao。 - date: 2026-05-27 event: "入职 dstalk 团队" rating: ongoing diff --git a/plugins/context/src/context_plugin.cpp b/plugins/context/src/context_plugin.cpp index 7d93195..18c9c70 100644 --- a/plugins/context/src/context_plugin.cpp +++ b/plugins/context/src/context_plugin.cpp @@ -315,8 +315,15 @@ static int context_trim(const dstalk_message_t* in, int in_count, } } +// W16.2: 包裹 try/catch 防止异常穿越 C ABI 边界 (§8.3 void 仅 log) static void context_set_max_tokens(size_t max) { - g_max_tokens = max; + try { + g_max_tokens = max; + } catch (const std::exception& e) { + if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] context_set_max_tokens: %s", e.what()); + } catch (...) { + if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] context_set_max_tokens: unknown exception"); + } } static dstalk_context_service_t g_context_service = { @@ -352,9 +359,20 @@ static int on_init(const dstalk_host_api_t* host) { } } +// W16.2: 包裹 try/catch 防止异常穿越 C ABI 边界 — void 函数仅 log static void on_shutdown() { - g_session = nullptr; - g_host = nullptr; + try { + g_session = nullptr; + g_host = nullptr; + } catch (const std::exception& e) { + if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] on_shutdown: %s", e.what()); + g_session = nullptr; + g_host = nullptr; + } catch (...) { + if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] on_shutdown: unknown exception"); + g_session = nullptr; + g_host = nullptr; + } } static dstalk_plugin_info_t g_info = { diff --git a/scripts/refresh_status.py b/scripts/refresh_status.py index a0fd25a..b041991 100644 --- a/scripts/refresh_status.py +++ b/scripts/refresh_status.py @@ -25,6 +25,15 @@ for _stream in (sys.stdout, sys.stderr): except Exception: pass +# Metadata integrity checks (W16.4: import from check_agents_metadata as pre-gate) +from check_agents_metadata import ( + check_yaml_parse, + check_rating_range, + check_group_refs, + check_member_refs, + check_duplicate_ids, +) + # ============================================================================= # Path resolution @@ -389,6 +398,39 @@ def main(): print(f'ERROR: agents/ directory not found at {agents_dir}', file=sys.stderr) sys.exit(1) + # ---- Metadata integrity pre-check (W16.4) ---- + check_suites = [ + ('C1', 'YAML parse', check_yaml_parse), + ('C2', 'rating range', check_rating_range), + ('C3', 'group refs', check_group_refs), + ('C4', 'member refs', check_member_refs), + ('C5', 'duplicate IDs', check_duplicate_ids), + ] + + all_findings = [] + for code, label, fn in check_suites: + findings = fn(agents_dir) + all_findings.extend((code, label, f) for f in findings) + + errors = [f for f in all_findings if f[2][0] == 'error'] + warnings = [f for f in all_findings if f[2][0] == 'warn'] + + if errors: + for code, label, (sev, filepath, msg) in errors: + print(f'[{code}] ERROR: {filepath}: {msg}', file=sys.stderr) + for code, label, (sev, filepath, msg) in warnings: + print(f'[{code}] WARN: {filepath}: {msg}', file=sys.stderr) + print(f'\nMetadata check FAILED: {len(errors)} errors, {len(warnings)} warnings. ' + f'Fix errors before generating STATUS.md.', file=sys.stderr) + sys.exit(1) + elif warnings: + for code, label, (sev, filepath, msg) in warnings: + print(f'[{code}] WARN: {filepath}: {msg}', file=sys.stderr) + print(f'Metadata check: {len(warnings)} warning(s) found. ' + f'Proceeding with STATUS.md generation.', file=sys.stderr) + else: + print('OK: All 5 metadata checks passed.', file=sys.stderr) + # ---- Scan profiles ---- profiles = [] for child in sorted(agents_dir.iterdir()):